@azure/msal-browser 5.4.0 → 5.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (291) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  4. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  7. package/dist/cache/AccountManager.mjs +1 -1
  8. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  9. package/dist/cache/BrowserCacheManager.mjs +1 -1
  10. package/dist/cache/CacheHelpers.mjs +1 -1
  11. package/dist/cache/CacheKeys.mjs +1 -1
  12. package/dist/cache/CookieStorage.mjs +1 -1
  13. package/dist/cache/DatabaseStorage.mjs +1 -1
  14. package/dist/cache/EncryptedData.mjs +1 -1
  15. package/dist/cache/LocalStorage.mjs +1 -1
  16. package/dist/cache/MemoryStorage.mjs +1 -1
  17. package/dist/cache/SessionStorage.mjs +1 -1
  18. package/dist/cache/TokenCache.d.ts.map +1 -1
  19. package/dist/cache/TokenCache.mjs +9 -9
  20. package/dist/cache/TokenCache.mjs.map +1 -1
  21. package/dist/config/Configuration.mjs +1 -1
  22. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  23. package/dist/controllers/StandardController.mjs +1 -1
  24. package/dist/crypto/BrowserCrypto.mjs +1 -1
  25. package/dist/crypto/CryptoOps.mjs +1 -1
  26. package/dist/crypto/PkceGenerator.mjs +1 -1
  27. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  28. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  29. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  30. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  31. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  32. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  33. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  34. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  35. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
  36. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  37. package/dist/custom-auth-path/cache/CacheKeys.mjs +1 -1
  38. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  39. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  40. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  41. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  42. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  43. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  44. package/dist/custom-auth-path/cache/TokenCache.d.ts.map +1 -1
  45. package/dist/custom-auth-path/config/Configuration.mjs +1 -1
  46. package/dist/custom-auth-path/controllers/StandardController.mjs +1 -1
  47. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  48. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  49. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  50. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  51. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  52. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  53. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  54. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  55. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  56. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  57. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  58. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  59. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  60. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  61. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  62. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  63. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  64. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  65. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  66. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  67. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  68. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  69. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  70. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  71. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  72. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  74. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  157. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  158. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  159. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  160. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  161. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  162. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  163. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  164. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  165. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  166. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  167. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  168. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  169. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  170. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  171. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +8 -8
  172. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  173. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +1 -1
  174. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
  175. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  176. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  177. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +1 -1
  178. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  179. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
  180. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  181. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
  182. package/dist/custom-auth-path/log-strings-mapping.json +2 -2
  183. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  184. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  185. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  186. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  187. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  188. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  189. package/dist/custom-auth-path/protocol/Authorize.mjs +1 -1
  190. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  191. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  192. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +1 -1
  193. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  194. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  195. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  196. package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
  197. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  198. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
  199. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  200. package/dist/encode/Base64Decode.mjs +1 -1
  201. package/dist/encode/Base64Encode.mjs +1 -1
  202. package/dist/error/BrowserAuthError.mjs +1 -1
  203. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  204. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  205. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  206. package/dist/error/NativeAuthError.mjs +1 -1
  207. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  208. package/dist/error/NestedAppAuthError.mjs +1 -1
  209. package/dist/event/EventHandler.mjs +1 -1
  210. package/dist/event/EventMessage.mjs +1 -1
  211. package/dist/event/EventType.mjs +1 -1
  212. package/dist/index.mjs +1 -1
  213. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  214. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  215. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  216. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  217. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +8 -8
  218. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  219. package/dist/interaction_client/PopupClient.mjs +1 -1
  220. package/dist/interaction_client/RedirectClient.mjs +1 -1
  221. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  222. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  223. package/dist/interaction_client/SilentIframeClient.mjs +1 -1
  224. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  225. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  226. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  227. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  228. package/dist/log-strings-mapping.json +10 -10
  229. package/dist/naa/BridgeError.mjs +1 -1
  230. package/dist/naa/BridgeProxy.mjs +1 -1
  231. package/dist/naa/BridgeStatusCode.mjs +1 -1
  232. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  233. package/dist/navigation/NavigationClient.mjs +1 -1
  234. package/dist/network/FetchClient.mjs +1 -1
  235. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  236. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  237. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  238. package/dist/packageMetadata.d.ts +1 -1
  239. package/dist/packageMetadata.mjs +2 -2
  240. package/dist/protocol/Authorize.mjs +1 -1
  241. package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
  242. package/dist/redirect-bridge/cache/TokenCache.d.ts.map +1 -1
  243. package/dist/redirect-bridge/config/Configuration.mjs +1 -1
  244. package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
  245. package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
  246. package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
  247. package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
  248. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  249. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  250. package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
  251. package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
  252. package/dist/redirect-bridge/redirect_bridge/index.mjs +1 -1
  253. package/dist/redirect-bridge/utils/BrowserConstants.mjs +1 -1
  254. package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
  255. package/dist/request/RequestHelpers.mjs +1 -1
  256. package/dist/response/ResponseHandler.mjs +1 -1
  257. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  258. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  259. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  260. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  261. package/dist/utils/BrowserConstants.mjs +1 -1
  262. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  263. package/dist/utils/BrowserUtils.mjs +1 -1
  264. package/dist/utils/Helpers.mjs +1 -1
  265. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  266. package/lib/custom-auth-path/log-strings-mapping.json +2 -2
  267. package/lib/custom-auth-path/msal-custom-auth.cjs +523 -516
  268. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  269. package/lib/custom-auth-path/types/cache/TokenCache.d.ts.map +1 -1
  270. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  271. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  272. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  273. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  274. package/lib/log-strings-mapping.json +10 -10
  275. package/lib/msal-browser.cjs +542 -534
  276. package/lib/msal-browser.cjs.map +1 -1
  277. package/lib/msal-browser.js +542 -534
  278. package/lib/msal-browser.js.map +1 -1
  279. package/lib/msal-browser.min.js +2 -2
  280. package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
  281. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  282. package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
  283. package/lib/types/cache/TokenCache.d.ts.map +1 -1
  284. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  285. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  286. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  287. package/lib/types/packageMetadata.d.ts +1 -1
  288. package/package.json +2 -2
  289. package/src/cache/TokenCache.ts +27 -24
  290. package/src/interaction_client/PlatformAuthInteractionClient.ts +55 -53
  291. package/src/packageMetadata.ts +1 -1
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v5.4.0 2026-03-02 */
1
+ /*! @azure/msal-browser v5.4.1 2026-04-01 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -229,7 +229,7 @@ const JsonWebTokenTypes = {
229
229
  // Token renewal offset default in seconds
230
230
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
231
231
 
232
- /*! @azure/msal-common v16.2.0 2026-03-02 */
232
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
233
233
  /*
234
234
  * Copyright (c) Microsoft Corporation. All rights reserved.
235
235
  * Licensed under the MIT License.
@@ -279,7 +279,7 @@ const INSTANCE_AWARE = "instance_aware";
279
279
  const EAR_JWK = "ear_jwk";
280
280
  const EAR_JWE_CRYPTO = "ear_jwe_crypto";
281
281
 
282
- /*! @azure/msal-common v16.2.0 2026-03-02 */
282
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
283
283
  /*
284
284
  * Copyright (c) Microsoft Corporation. All rights reserved.
285
285
  * Licensed under the MIT License.
@@ -310,7 +310,7 @@ function createAuthError(code, additionalMessage) {
310
310
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
311
311
  }
312
312
 
313
- /*! @azure/msal-common v16.2.0 2026-03-02 */
313
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
314
314
 
315
315
  /*
316
316
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -330,7 +330,7 @@ function createClientConfigurationError(errorCode) {
330
330
  return new ClientConfigurationError(errorCode);
331
331
  }
332
332
 
333
- /*! @azure/msal-common v16.2.0 2026-03-02 */
333
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
334
334
  /*
335
335
  * Copyright (c) Microsoft Corporation. All rights reserved.
336
336
  * Licensed under the MIT License.
@@ -410,7 +410,7 @@ class StringUtils {
410
410
  }
411
411
  }
412
412
 
413
- /*! @azure/msal-common v16.2.0 2026-03-02 */
413
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
414
414
 
415
415
  /*
416
416
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -433,7 +433,7 @@ function createClientAuthError(errorCode, additionalMessage) {
433
433
  return new ClientAuthError(errorCode, additionalMessage);
434
434
  }
435
435
 
436
- /*! @azure/msal-common v16.2.0 2026-03-02 */
436
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
437
437
  /*
438
438
  * Copyright (c) Microsoft Corporation. All rights reserved.
439
439
  * Licensed under the MIT License.
@@ -457,7 +457,7 @@ const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
457
457
  const authorityMismatch = "authority_mismatch";
458
458
  const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
459
459
 
460
- /*! @azure/msal-common v16.2.0 2026-03-02 */
460
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
461
461
  /*
462
462
  * Copyright (c) Microsoft Corporation. All rights reserved.
463
463
  * Licensed under the MIT License.
@@ -494,7 +494,7 @@ const endSessionEndpointNotSupported = "end_session_endpoint_not_supported";
494
494
  const keyIdMissing = "key_id_missing";
495
495
  const methodNotImplemented = "method_not_implemented";
496
496
 
497
- /*! @azure/msal-common v16.2.0 2026-03-02 */
497
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
498
498
 
499
499
  /*
500
500
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -689,7 +689,7 @@ class ScopeSet {
689
689
  }
690
690
  }
691
691
 
692
- /*! @azure/msal-common v16.2.0 2026-03-02 */
692
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
693
693
 
694
694
  /*
695
695
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1056,7 +1056,7 @@ function addEARParameters(parameters, jwk) {
1056
1056
  parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
1057
1057
  }
1058
1058
 
1059
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1059
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1060
1060
 
1061
1061
  /*
1062
1062
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1165,7 +1165,7 @@ function normalizeUrlForComparison(url) {
1165
1165
  }
1166
1166
  }
1167
1167
 
1168
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1168
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1169
1169
 
1170
1170
  /*
1171
1171
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1204,7 +1204,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
1204
1204
  },
1205
1205
  };
1206
1206
 
1207
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1207
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1208
1208
  /*
1209
1209
  * Copyright (c) Microsoft Corporation. All rights reserved.
1210
1210
  * Licensed under the MIT License.
@@ -1465,12 +1465,12 @@ class Logger {
1465
1465
  }
1466
1466
  }
1467
1467
 
1468
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1468
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1469
1469
  /* eslint-disable header/header */
1470
1470
  const name$1 = "@azure/msal-common";
1471
- const version$1 = "16.2.0";
1471
+ const version$1 = "16.2.1";
1472
1472
 
1473
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1473
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1474
1474
  /*
1475
1475
  * Copyright (c) Microsoft Corporation. All rights reserved.
1476
1476
  * Licensed under the MIT License.
@@ -1479,7 +1479,7 @@ const AzureCloudInstance = {
1479
1479
  // AzureCloudInstance is not specified.
1480
1480
  None: "none"};
1481
1481
 
1482
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1482
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1483
1483
  /*
1484
1484
  * Copyright (c) Microsoft Corporation. All rights reserved.
1485
1485
  * Licensed under the MIT License.
@@ -1561,7 +1561,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1561
1561
  return updatedAccountInfo;
1562
1562
  }
1563
1563
 
1564
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1564
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1565
1565
 
1566
1566
  /*
1567
1567
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1641,7 +1641,7 @@ function checkMaxAge(authTime, maxAge) {
1641
1641
  }
1642
1642
  }
1643
1643
 
1644
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1644
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1645
1645
 
1646
1646
  /*
1647
1647
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1798,7 +1798,7 @@ class UrlString {
1798
1798
  }
1799
1799
  }
1800
1800
 
1801
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1801
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1802
1802
 
1803
1803
  /*
1804
1804
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1955,7 +1955,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1955
1955
  return null;
1956
1956
  }
1957
1957
 
1958
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1958
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1959
1959
  /*
1960
1960
  * Copyright (c) Microsoft Corporation. All rights reserved.
1961
1961
  * Licensed under the MIT License.
@@ -1963,7 +1963,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1963
1963
  const cacheQuotaExceeded = "cache_quota_exceeded";
1964
1964
  const cacheErrorUnknown = "cache_error_unknown";
1965
1965
 
1966
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1966
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1967
1967
 
1968
1968
  /*
1969
1969
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2001,7 +2001,7 @@ function createCacheError(e) {
2001
2001
  }
2002
2002
  }
2003
2003
 
2004
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2004
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2005
2005
 
2006
2006
  /*
2007
2007
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2039,7 +2039,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
2039
2039
  };
2040
2040
  }
2041
2041
 
2042
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2042
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2043
2043
  /*
2044
2044
  * Copyright (c) Microsoft Corporation. All rights reserved.
2045
2045
  * Licensed under the MIT License.
@@ -2054,7 +2054,7 @@ const AuthorityType = {
2054
2054
  Ciam: 3,
2055
2055
  };
2056
2056
 
2057
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2057
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2058
2058
  /*
2059
2059
  * Copyright (c) Microsoft Corporation. All rights reserved.
2060
2060
  * Licensed under the MIT License.
@@ -2076,7 +2076,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
2076
2076
  return null;
2077
2077
  }
2078
2078
 
2079
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2079
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2080
2080
  /*
2081
2081
  * Copyright (c) Microsoft Corporation. All rights reserved.
2082
2082
  * Licensed under the MIT License.
@@ -2100,7 +2100,7 @@ const ProtocolMode = {
2100
2100
  EAR: "EAR",
2101
2101
  };
2102
2102
 
2103
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2103
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2104
2104
  /**
2105
2105
  * Returns the AccountInfo interface for this account.
2106
2106
  */
@@ -2275,7 +2275,7 @@ function isAccountEntity(entity) {
2275
2275
  entity.hasOwnProperty("authorityType"));
2276
2276
  }
2277
2277
 
2278
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2278
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2279
2279
 
2280
2280
  /*
2281
2281
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3371,7 +3371,7 @@ class DefaultStorageClass extends CacheManager {
3371
3371
  }
3372
3372
  }
3373
3373
 
3374
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3374
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3375
3375
  /*
3376
3376
  * Copyright (c) Microsoft Corporation. All rights reserved.
3377
3377
  * Licensed under the MIT License.
@@ -3385,7 +3385,7 @@ class DefaultStorageClass extends CacheManager {
3385
3385
  const PerformanceEventStatus = {
3386
3386
  InProgress: 1};
3387
3387
 
3388
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3388
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3389
3389
 
3390
3390
  /*
3391
3391
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3440,7 +3440,7 @@ class StubPerformanceClient {
3440
3440
  }
3441
3441
  }
3442
3442
 
3443
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3443
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3444
3444
 
3445
3445
  /*
3446
3446
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3534,278 +3534,358 @@ function isOidcProtocolMode(config) {
3534
3534
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3535
3535
  }
3536
3536
 
3537
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3538
-
3537
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3539
3538
  /*
3540
3539
  * Copyright (c) Microsoft Corporation. All rights reserved.
3541
3540
  * Licensed under the MIT License.
3542
3541
  */
3543
3542
  /**
3544
- * Error thrown when there is an error with the server code, for example, unavailability.
3545
- */
3546
- class ServerError extends AuthError {
3547
- constructor(errorCode, errorMessage, subError, errorNo, status) {
3548
- super(errorCode, errorMessage, subError);
3549
- this.name = "ServerError";
3550
- this.errorNo = errorNo;
3551
- this.status = status;
3552
- Object.setPrototypeOf(this, ServerError.prototype);
3543
+ * This class instance helps track the memory changes facilitating
3544
+ * decisions to read from and write to the persistent cache
3545
+ */ class TokenCacheContext {
3546
+ constructor(tokenCache, hasChanged) {
3547
+ this.cache = tokenCache;
3548
+ this.hasChanged = hasChanged;
3549
+ }
3550
+ /**
3551
+ * boolean which indicates the changes in cache
3552
+ */
3553
+ get cacheHasChanged() {
3554
+ return this.hasChanged;
3555
+ }
3556
+ /**
3557
+ * function to retrieve the token cache
3558
+ */
3559
+ get tokenCache() {
3560
+ return this.cache;
3553
3561
  }
3554
3562
  }
3555
3563
 
3556
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3564
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3557
3565
  /*
3558
3566
  * Copyright (c) Microsoft Corporation. All rights reserved.
3559
3567
  * Licensed under the MIT License.
3560
3568
  */
3561
3569
  /**
3562
- * MSAL-defined interaction required error code indicating no tokens are found in cache.
3563
- * @public
3564
- */
3565
- const noTokensFound = "no_tokens_found";
3566
- /**
3567
- * MSAL-defined error code indicating a native account is unavailable on the platform.
3568
- * @public
3570
+ * Utility functions for managing date and time operations.
3569
3571
  */
3570
- const nativeAccountUnavailable = "native_account_unavailable";
3571
3572
  /**
3572
- * MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
3573
- * @public
3574
- */
3575
- const refreshTokenExpired = "refresh_token_expired";
3576
- /**
3577
- * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
3578
- * @public
3573
+ * return the current time in Unix time (seconds).
3579
3574
  */
3580
- const uxNotAllowed = "ux_not_allowed";
3575
+ function nowSeconds() {
3576
+ // Date.getTime() returns in milliseconds.
3577
+ return Math.round(new Date().getTime() / 1000.0);
3578
+ }
3581
3579
  /**
3582
- * Server-originated error code indicating interaction is required to complete the request.
3583
- * @public
3580
+ * Converts JS Date object to seconds
3581
+ * @param date Date
3584
3582
  */
3585
- const interactionRequired = "interaction_required";
3583
+ function toSecondsFromDate(date) {
3584
+ // Convert date to seconds
3585
+ return date.getTime() / 1000;
3586
+ }
3586
3587
  /**
3587
- * Server-originated error code indicating user consent is required.
3588
- * @public
3588
+ * Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
3589
+ * @param seconds
3589
3590
  */
3590
- const consentRequired = "consent_required";
3591
+ function toDateFromSeconds(seconds) {
3592
+ if (seconds) {
3593
+ return new Date(Number(seconds) * 1000);
3594
+ }
3595
+ return new Date();
3596
+ }
3591
3597
  /**
3592
- * Server-originated error code indicating user login is required.
3593
- * @public
3598
+ * check if a token is expired based on given UTC time in seconds.
3599
+ * @param expiresOn
3594
3600
  */
3595
- const loginRequired = "login_required";
3601
+ function isTokenExpired(expiresOn, offset) {
3602
+ // check for access token expiry
3603
+ const expirationSec = Number(expiresOn) || 0;
3604
+ const offsetCurrentTimeSec = nowSeconds() + offset;
3605
+ // If current time + offset is greater than token expiration time, then token is expired.
3606
+ return offsetCurrentTimeSec > expirationSec;
3607
+ }
3596
3608
  /**
3597
- * Server-originated error code indicating the token is invalid or corrupted.
3598
- * @public
3609
+ * Checks if a cache entry is expired based on the last updated time and cache retention days.
3610
+ * @param lastUpdatedAt
3611
+ * @param cacheRetentionDays
3612
+ * @returns
3599
3613
  */
3600
- const badToken = "bad_token";
3614
+ function isCacheExpired(lastUpdatedAt, cacheRetentionDays) {
3615
+ const cacheExpirationTimestamp = Number(lastUpdatedAt) + cacheRetentionDays * 24 * 60 * 60 * 1000;
3616
+ return Date.now() > cacheExpirationTimestamp;
3617
+ }
3601
3618
  /**
3602
- * Server-originated error code indicating the user is in an interrupted state and interaction is required.
3603
- * @public
3619
+ * If the current time is earlier than the time that a token was cached at, we must discard the token
3620
+ * i.e. The system clock was turned back after acquiring the cached token
3621
+ * @param cachedAt
3622
+ * @param offset
3604
3623
  */
3605
- const interruptedUser = "interrupted_user";
3624
+ function wasClockTurnedBack(cachedAt) {
3625
+ const cachedAtSec = Number(cachedAt);
3626
+ return cachedAtSec > nowSeconds();
3627
+ }
3606
3628
 
3607
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3629
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3608
3630
 
3609
3631
  /*
3610
3632
  * Copyright (c) Microsoft Corporation. All rights reserved.
3611
3633
  * Licensed under the MIT License.
3612
3634
  */
3613
3635
  /**
3614
- * InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required
3636
+ * Create IdTokenEntity
3637
+ * @param homeAccountId
3638
+ * @param authenticationResult
3639
+ * @param clientId
3640
+ * @param authority
3615
3641
  */
3616
- const InteractionRequiredServerErrorMessage = [
3617
- interactionRequired,
3618
- consentRequired,
3619
- loginRequired,
3620
- badToken,
3621
- uxNotAllowed,
3622
- interruptedUser,
3623
- ];
3624
- const InteractionRequiredAuthSubErrorMessage = [
3625
- "message_only",
3626
- "additional_action",
3627
- "basic_action",
3628
- "user_password_expired",
3629
- "consent_required",
3630
- "bad_token",
3631
- "ux_not_allowed",
3632
- "interrupted_user",
3633
- ];
3642
+ function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
3643
+ const idTokenEntity = {
3644
+ credentialType: CredentialType.ID_TOKEN,
3645
+ homeAccountId: homeAccountId,
3646
+ environment: environment,
3647
+ clientId: clientId,
3648
+ secret: idToken,
3649
+ realm: tenantId,
3650
+ lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
3651
+ };
3652
+ return idTokenEntity;
3653
+ }
3634
3654
  /**
3635
- * Error thrown when user interaction is required.
3655
+ * Create AccessTokenEntity
3656
+ * @param homeAccountId
3657
+ * @param environment
3658
+ * @param accessToken
3659
+ * @param clientId
3660
+ * @param tenantId
3661
+ * @param scopes
3662
+ * @param expiresOn
3663
+ * @param extExpiresOn
3636
3664
  */
3637
- class InteractionRequiredAuthError extends AuthError {
3638
- constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
3639
- super(errorCode, errorMessage, subError);
3640
- Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
3641
- this.timestamp = timestamp || "";
3642
- this.traceId = traceId || "";
3643
- this.correlationId = correlationId || "";
3644
- this.claims = claims || "";
3645
- this.name = "InteractionRequiredAuthError";
3646
- this.errorNo = errorNo;
3665
+ function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId) {
3666
+ const atEntity = {
3667
+ homeAccountId: homeAccountId,
3668
+ credentialType: CredentialType.ACCESS_TOKEN,
3669
+ secret: accessToken,
3670
+ cachedAt: nowSeconds().toString(),
3671
+ expiresOn: expiresOn.toString(),
3672
+ extendedExpiresOn: extExpiresOn.toString(),
3673
+ environment: environment,
3674
+ clientId: clientId,
3675
+ realm: tenantId,
3676
+ target: scopes,
3677
+ tokenType: tokenType || AuthenticationScheme.BEARER,
3678
+ lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
3679
+ };
3680
+ if (userAssertionHash) {
3681
+ atEntity.userAssertionHash = userAssertionHash;
3682
+ }
3683
+ if (refreshOn) {
3684
+ atEntity.refreshOn = refreshOn.toString();
3685
+ }
3686
+ /*
3687
+ * Create Access Token With Auth Scheme instead of regular access token
3688
+ * Cast to lower to handle "bearer" from ADFS
3689
+ */
3690
+ if (atEntity.tokenType?.toLowerCase() !==
3691
+ AuthenticationScheme.BEARER.toLowerCase()) {
3692
+ atEntity.credentialType =
3693
+ CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
3694
+ switch (atEntity.tokenType) {
3695
+ case AuthenticationScheme.POP:
3696
+ // Make sure keyId is present and add it to credential
3697
+ const tokenClaims = extractTokenClaims(accessToken, base64Decode);
3698
+ if (!tokenClaims?.cnf?.kid) {
3699
+ throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
3700
+ }
3701
+ atEntity.keyId = tokenClaims.cnf.kid;
3702
+ break;
3703
+ case AuthenticationScheme.SSH:
3704
+ atEntity.keyId = keyId;
3705
+ }
3647
3706
  }
3707
+ return atEntity;
3648
3708
  }
3649
3709
  /**
3650
- * Helper function used to determine if an error thrown by the server requires interaction to resolve
3651
- * @param errorCode
3652
- * @param errorString
3653
- * @param subError
3710
+ * Create RefreshTokenEntity
3711
+ * @param homeAccountId
3712
+ * @param authenticationResult
3713
+ * @param clientId
3714
+ * @param authority
3654
3715
  */
3655
- function isInteractionRequiredError(errorCode, errorString, subError) {
3656
- const isInteractionRequiredErrorCode = !!errorCode &&
3657
- InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;
3658
- const isInteractionRequiredSubError = !!subError &&
3659
- InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
3660
- const isInteractionRequiredErrorDesc = !!errorString &&
3661
- InteractionRequiredServerErrorMessage.some((irErrorCode) => {
3662
- return errorString.indexOf(irErrorCode) > -1;
3663
- });
3664
- return (isInteractionRequiredErrorCode ||
3665
- isInteractionRequiredErrorDesc ||
3666
- isInteractionRequiredSubError);
3716
+ function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
3717
+ const rtEntity = {
3718
+ credentialType: CredentialType.REFRESH_TOKEN,
3719
+ homeAccountId: homeAccountId,
3720
+ environment: environment,
3721
+ clientId: clientId,
3722
+ secret: refreshToken,
3723
+ lastUpdatedAt: Date.now().toString(),
3724
+ };
3725
+ if (userAssertionHash) {
3726
+ rtEntity.userAssertionHash = userAssertionHash;
3727
+ }
3728
+ if (familyId) {
3729
+ rtEntity.familyId = familyId;
3730
+ }
3731
+ if (expiresOn) {
3732
+ rtEntity.expiresOn = expiresOn.toString();
3733
+ }
3734
+ return rtEntity;
3735
+ }
3736
+ function isCredentialEntity(entity) {
3737
+ return (entity.hasOwnProperty("homeAccountId") &&
3738
+ entity.hasOwnProperty("environment") &&
3739
+ entity.hasOwnProperty("credentialType") &&
3740
+ entity.hasOwnProperty("clientId") &&
3741
+ entity.hasOwnProperty("secret"));
3667
3742
  }
3668
3743
  /**
3669
- * Creates an InteractionRequiredAuthError
3670
- */
3671
- function createInteractionRequiredAuthError(errorCode, errorMessage) {
3672
- return new InteractionRequiredAuthError(errorCode, errorMessage);
3673
- }
3674
-
3675
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3676
-
3677
- /*
3678
- * Copyright (c) Microsoft Corporation. All rights reserved.
3679
- * Licensed under the MIT License.
3680
- */
3681
- /**
3682
- * Appends user state with random guid, or returns random guid.
3683
- * @param cryptoObj
3684
- * @param userState
3685
- * @param meta
3744
+ * Validates an entity: checks for all expected params
3745
+ * @param entity
3686
3746
  */
3687
- function setRequestState(cryptoObj, userState, meta) {
3688
- const libraryState = generateLibraryState(cryptoObj, meta);
3689
- return userState
3690
- ? `${libraryState}${RESOURCE_DELIM}${userState}`
3691
- : libraryState;
3747
+ function isAccessTokenEntity(entity) {
3748
+ if (!entity) {
3749
+ return false;
3750
+ }
3751
+ return (isCredentialEntity(entity) &&
3752
+ entity.hasOwnProperty("realm") &&
3753
+ entity.hasOwnProperty("target") &&
3754
+ (entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
3755
+ entity["credentialType"] ===
3756
+ CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
3692
3757
  }
3693
3758
  /**
3694
- * Generates the state value used by the common library.
3695
- * @param cryptoObj
3696
- * @param meta
3759
+ * Validates an entity: checks for all expected params
3760
+ * @param entity
3697
3761
  */
3698
- function generateLibraryState(cryptoObj, meta) {
3699
- if (!cryptoObj) {
3700
- throw createClientAuthError(noCryptoObject);
3701
- }
3702
- // Create a state object containing a unique id and the timestamp of the request creation
3703
- const stateObj = {
3704
- id: cryptoObj.createNewGuid(),
3705
- };
3706
- if (meta) {
3707
- stateObj.meta = meta;
3762
+ function isIdTokenEntity(entity) {
3763
+ if (!entity) {
3764
+ return false;
3708
3765
  }
3709
- const stateString = JSON.stringify(stateObj);
3710
- return cryptoObj.base64Encode(stateString);
3766
+ return (isCredentialEntity(entity) &&
3767
+ entity.hasOwnProperty("realm") &&
3768
+ entity["credentialType"] === CredentialType.ID_TOKEN);
3711
3769
  }
3712
3770
  /**
3713
- * Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.
3714
- * @param base64Decode
3715
- * @param state
3771
+ * Validates an entity: checks for all expected params
3772
+ * @param entity
3716
3773
  */
3717
- function parseRequestState(base64Decode, state) {
3718
- if (!base64Decode) {
3719
- throw createClientAuthError(noCryptoObject);
3720
- }
3721
- if (!state) {
3722
- throw createClientAuthError(invalidState);
3723
- }
3724
- try {
3725
- // Split the state between library state and user passed state and decode them separately
3726
- const splitState = state.split(RESOURCE_DELIM);
3727
- const libraryState = splitState[0];
3728
- const userState = splitState.length > 1
3729
- ? splitState.slice(1).join(RESOURCE_DELIM)
3730
- : "";
3731
- const libraryStateString = base64Decode(libraryState);
3732
- const libraryStateObj = JSON.parse(libraryStateString);
3733
- return {
3734
- userRequestState: userState || "",
3735
- libraryState: libraryStateObj,
3736
- };
3737
- }
3738
- catch (e) {
3739
- throw createClientAuthError(invalidState);
3774
+ function isRefreshTokenEntity(entity) {
3775
+ if (!entity) {
3776
+ return false;
3740
3777
  }
3741
- }
3742
-
3743
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3744
- /*
3745
- * Copyright (c) Microsoft Corporation. All rights reserved.
3746
- * Licensed under the MIT License.
3747
- */
3778
+ return (isCredentialEntity(entity) &&
3779
+ entity["credentialType"] === CredentialType.REFRESH_TOKEN);
3780
+ }
3748
3781
  /**
3749
- * Utility functions for managing date and time operations.
3782
+ * validates if a given cache entry is "Telemetry", parses <key,value>
3783
+ * @param key
3784
+ * @param entity
3750
3785
  */
3786
+ function isServerTelemetryEntity(key, entity) {
3787
+ const validateKey = key.indexOf(SERVER_TELEM_CACHE_KEY) === 0;
3788
+ let validateEntity = true;
3789
+ if (entity) {
3790
+ validateEntity =
3791
+ entity.hasOwnProperty("failedRequests") &&
3792
+ entity.hasOwnProperty("errors") &&
3793
+ entity.hasOwnProperty("cacheHits");
3794
+ }
3795
+ return validateKey && validateEntity;
3796
+ }
3751
3797
  /**
3752
- * return the current time in Unix time (seconds).
3798
+ * validates if a given cache entry is "Throttling", parses <key,value>
3799
+ * @param key
3800
+ * @param entity
3753
3801
  */
3754
- function nowSeconds() {
3755
- // Date.getTime() returns in milliseconds.
3756
- return Math.round(new Date().getTime() / 1000.0);
3802
+ function isThrottlingEntity(key, entity) {
3803
+ let validateKey = false;
3804
+ if (key) {
3805
+ validateKey = key.indexOf(THROTTLING_PREFIX) === 0;
3806
+ }
3807
+ let validateEntity = true;
3808
+ if (entity) {
3809
+ validateEntity = entity.hasOwnProperty("throttleTime");
3810
+ }
3811
+ return validateKey && validateEntity;
3757
3812
  }
3758
3813
  /**
3759
- * Converts JS Date object to seconds
3760
- * @param date Date
3814
+ * Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
3761
3815
  */
3762
- function toSecondsFromDate(date) {
3763
- // Convert date to seconds
3764
- return date.getTime() / 1000;
3816
+ function generateAppMetadataKey({ environment, clientId, }) {
3817
+ const appMetaDataKeyArray = [
3818
+ APP_METADATA,
3819
+ environment,
3820
+ clientId,
3821
+ ];
3822
+ return appMetaDataKeyArray
3823
+ .join(CACHE_KEY_SEPARATOR$1)
3824
+ .toLowerCase();
3765
3825
  }
3766
- /**
3767
- * Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
3768
- * @param seconds
3826
+ /*
3827
+ * Validates an entity: checks for all expected params
3828
+ * @param entity
3769
3829
  */
3770
- function toDateFromSeconds(seconds) {
3771
- if (seconds) {
3772
- return new Date(Number(seconds) * 1000);
3830
+ function isAppMetadataEntity(key, entity) {
3831
+ if (!entity) {
3832
+ return false;
3773
3833
  }
3774
- return new Date();
3834
+ return (key.indexOf(APP_METADATA) === 0 &&
3835
+ entity.hasOwnProperty("clientId") &&
3836
+ entity.hasOwnProperty("environment"));
3775
3837
  }
3776
3838
  /**
3777
- * check if a token is expired based on given UTC time in seconds.
3778
- * @param expiresOn
3839
+ * Validates an entity: checks for all expected params
3840
+ * @param entity
3779
3841
  */
3780
- function isTokenExpired(expiresOn, offset) {
3781
- // check for access token expiry
3782
- const expirationSec = Number(expiresOn) || 0;
3783
- const offsetCurrentTimeSec = nowSeconds() + offset;
3784
- // If current time + offset is greater than token expiration time, then token is expired.
3785
- return offsetCurrentTimeSec > expirationSec;
3842
+ function isAuthorityMetadataEntity(key, entity) {
3843
+ if (!entity) {
3844
+ return false;
3845
+ }
3846
+ return (key.indexOf(AUTHORITY_METADATA_CACHE_KEY) === 0 &&
3847
+ entity.hasOwnProperty("aliases") &&
3848
+ entity.hasOwnProperty("preferred_cache") &&
3849
+ entity.hasOwnProperty("preferred_network") &&
3850
+ entity.hasOwnProperty("canonical_authority") &&
3851
+ entity.hasOwnProperty("authorization_endpoint") &&
3852
+ entity.hasOwnProperty("token_endpoint") &&
3853
+ entity.hasOwnProperty("issuer") &&
3854
+ entity.hasOwnProperty("aliasesFromNetwork") &&
3855
+ entity.hasOwnProperty("endpointsFromNetwork") &&
3856
+ entity.hasOwnProperty("expiresAt") &&
3857
+ entity.hasOwnProperty("jwks_uri"));
3786
3858
  }
3787
3859
  /**
3788
- * Checks if a cache entry is expired based on the last updated time and cache retention days.
3789
- * @param lastUpdatedAt
3790
- * @param cacheRetentionDays
3791
- * @returns
3860
+ * Reset the exiresAt value
3792
3861
  */
3793
- function isCacheExpired(lastUpdatedAt, cacheRetentionDays) {
3794
- const cacheExpirationTimestamp = Number(lastUpdatedAt) + cacheRetentionDays * 24 * 60 * 60 * 1000;
3795
- return Date.now() > cacheExpirationTimestamp;
3862
+ function generateAuthorityMetadataExpiresAt() {
3863
+ return (nowSeconds() +
3864
+ AUTHORITY_METADATA_REFRESH_TIME_SECONDS);
3865
+ }
3866
+ function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
3867
+ authorityMetadata.authorization_endpoint =
3868
+ updatedValues.authorization_endpoint;
3869
+ authorityMetadata.token_endpoint = updatedValues.token_endpoint;
3870
+ authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
3871
+ authorityMetadata.issuer = updatedValues.issuer;
3872
+ authorityMetadata.endpointsFromNetwork = fromNetwork;
3873
+ authorityMetadata.jwks_uri = updatedValues.jwks_uri;
3874
+ }
3875
+ function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
3876
+ authorityMetadata.aliases = updatedValues.aliases;
3877
+ authorityMetadata.preferred_cache = updatedValues.preferred_cache;
3878
+ authorityMetadata.preferred_network = updatedValues.preferred_network;
3879
+ authorityMetadata.aliasesFromNetwork = fromNetwork;
3796
3880
  }
3797
3881
  /**
3798
- * If the current time is earlier than the time that a token was cached at, we must discard the token
3799
- * i.e. The system clock was turned back after acquiring the cached token
3800
- * @param cachedAt
3801
- * @param offset
3882
+ * Returns whether or not the data needs to be refreshed
3802
3883
  */
3803
- function wasClockTurnedBack(cachedAt) {
3804
- const cachedAtSec = Number(cachedAt);
3805
- return cachedAtSec > nowSeconds();
3884
+ function isAuthorityMetadataExpired(metadata) {
3885
+ return metadata.expiresAt <= nowSeconds();
3806
3886
  }
3807
3887
 
3808
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3888
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3809
3889
  /*
3810
3890
  * Copyright (c) Microsoft Corporation. All rights reserved.
3811
3891
  * Licensed under the MIT License.
@@ -3876,7 +3956,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
3876
3956
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
3877
3957
  const SetUserData = "setUserData";
3878
3958
 
3879
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3959
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3880
3960
  /*
3881
3961
  * Copyright (c) Microsoft Corporation. All rights reserved.
3882
3962
  * Licensed under the MIT License.
@@ -3969,7 +4049,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
3969
4049
  };
3970
4050
  };
3971
4051
 
3972
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4052
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3973
4053
 
3974
4054
  /*
3975
4055
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4049,293 +4129,213 @@ class PopTokenGenerator {
4049
4129
  }
4050
4130
  }
4051
4131
 
4052
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4132
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4053
4133
  /*
4054
4134
  * Copyright (c) Microsoft Corporation. All rights reserved.
4055
4135
  * Licensed under the MIT License.
4056
4136
  */
4057
4137
  /**
4058
- * This class instance helps track the memory changes facilitating
4059
- * decisions to read from and write to the persistent cache
4060
- */ class TokenCacheContext {
4061
- constructor(tokenCache, hasChanged) {
4062
- this.cache = tokenCache;
4063
- this.hasChanged = hasChanged;
4064
- }
4065
- /**
4066
- * boolean which indicates the changes in cache
4067
- */
4068
- get cacheHasChanged() {
4069
- return this.hasChanged;
4070
- }
4071
- /**
4072
- * function to retrieve the token cache
4073
- */
4074
- get tokenCache() {
4075
- return this.cache;
4076
- }
4077
- }
4078
-
4079
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4080
-
4081
- /*
4082
- * Copyright (c) Microsoft Corporation. All rights reserved.
4083
- * Licensed under the MIT License.
4138
+ * MSAL-defined interaction required error code indicating no tokens are found in cache.
4139
+ * @public
4084
4140
  */
4141
+ const noTokensFound = "no_tokens_found";
4085
4142
  /**
4086
- * Create IdTokenEntity
4087
- * @param homeAccountId
4088
- * @param authenticationResult
4089
- * @param clientId
4090
- * @param authority
4143
+ * MSAL-defined error code indicating a native account is unavailable on the platform.
4144
+ * @public
4091
4145
  */
4092
- function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
4093
- const idTokenEntity = {
4094
- credentialType: CredentialType.ID_TOKEN,
4095
- homeAccountId: homeAccountId,
4096
- environment: environment,
4097
- clientId: clientId,
4098
- secret: idToken,
4099
- realm: tenantId,
4100
- lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
4101
- };
4102
- return idTokenEntity;
4103
- }
4146
+ const nativeAccountUnavailable = "native_account_unavailable";
4104
4147
  /**
4105
- * Create AccessTokenEntity
4106
- * @param homeAccountId
4107
- * @param environment
4108
- * @param accessToken
4109
- * @param clientId
4110
- * @param tenantId
4111
- * @param scopes
4112
- * @param expiresOn
4113
- * @param extExpiresOn
4148
+ * MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
4149
+ * @public
4114
4150
  */
4115
- function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId) {
4116
- const atEntity = {
4117
- homeAccountId: homeAccountId,
4118
- credentialType: CredentialType.ACCESS_TOKEN,
4119
- secret: accessToken,
4120
- cachedAt: nowSeconds().toString(),
4121
- expiresOn: expiresOn.toString(),
4122
- extendedExpiresOn: extExpiresOn.toString(),
4123
- environment: environment,
4124
- clientId: clientId,
4125
- realm: tenantId,
4126
- target: scopes,
4127
- tokenType: tokenType || AuthenticationScheme.BEARER,
4128
- lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
4129
- };
4130
- if (userAssertionHash) {
4131
- atEntity.userAssertionHash = userAssertionHash;
4132
- }
4133
- if (refreshOn) {
4134
- atEntity.refreshOn = refreshOn.toString();
4135
- }
4136
- /*
4137
- * Create Access Token With Auth Scheme instead of regular access token
4138
- * Cast to lower to handle "bearer" from ADFS
4139
- */
4140
- if (atEntity.tokenType?.toLowerCase() !==
4141
- AuthenticationScheme.BEARER.toLowerCase()) {
4142
- atEntity.credentialType =
4143
- CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
4144
- switch (atEntity.tokenType) {
4145
- case AuthenticationScheme.POP:
4146
- // Make sure keyId is present and add it to credential
4147
- const tokenClaims = extractTokenClaims(accessToken, base64Decode);
4148
- if (!tokenClaims?.cnf?.kid) {
4149
- throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
4150
- }
4151
- atEntity.keyId = tokenClaims.cnf.kid;
4152
- break;
4153
- case AuthenticationScheme.SSH:
4154
- atEntity.keyId = keyId;
4155
- }
4156
- }
4157
- return atEntity;
4158
- }
4151
+ const refreshTokenExpired = "refresh_token_expired";
4159
4152
  /**
4160
- * Create RefreshTokenEntity
4161
- * @param homeAccountId
4162
- * @param authenticationResult
4163
- * @param clientId
4164
- * @param authority
4153
+ * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
4154
+ * @public
4165
4155
  */
4166
- function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
4167
- const rtEntity = {
4168
- credentialType: CredentialType.REFRESH_TOKEN,
4169
- homeAccountId: homeAccountId,
4170
- environment: environment,
4171
- clientId: clientId,
4172
- secret: refreshToken,
4173
- lastUpdatedAt: Date.now().toString(),
4174
- };
4175
- if (userAssertionHash) {
4176
- rtEntity.userAssertionHash = userAssertionHash;
4177
- }
4178
- if (familyId) {
4179
- rtEntity.familyId = familyId;
4180
- }
4181
- if (expiresOn) {
4182
- rtEntity.expiresOn = expiresOn.toString();
4183
- }
4184
- return rtEntity;
4185
- }
4186
- function isCredentialEntity(entity) {
4187
- return (entity.hasOwnProperty("homeAccountId") &&
4188
- entity.hasOwnProperty("environment") &&
4189
- entity.hasOwnProperty("credentialType") &&
4190
- entity.hasOwnProperty("clientId") &&
4191
- entity.hasOwnProperty("secret"));
4192
- }
4156
+ const uxNotAllowed = "ux_not_allowed";
4157
+ /**
4158
+ * Server-originated error code indicating interaction is required to complete the request.
4159
+ * @public
4160
+ */
4161
+ const interactionRequired = "interaction_required";
4162
+ /**
4163
+ * Server-originated error code indicating user consent is required.
4164
+ * @public
4165
+ */
4166
+ const consentRequired = "consent_required";
4167
+ /**
4168
+ * Server-originated error code indicating user login is required.
4169
+ * @public
4170
+ */
4171
+ const loginRequired = "login_required";
4193
4172
  /**
4194
- * Validates an entity: checks for all expected params
4195
- * @param entity
4173
+ * Server-originated error code indicating the token is invalid or corrupted.
4174
+ * @public
4196
4175
  */
4197
- function isAccessTokenEntity(entity) {
4198
- if (!entity) {
4199
- return false;
4200
- }
4201
- return (isCredentialEntity(entity) &&
4202
- entity.hasOwnProperty("realm") &&
4203
- entity.hasOwnProperty("target") &&
4204
- (entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
4205
- entity["credentialType"] ===
4206
- CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
4207
- }
4176
+ const badToken = "bad_token";
4208
4177
  /**
4209
- * Validates an entity: checks for all expected params
4210
- * @param entity
4178
+ * Server-originated error code indicating the user is in an interrupted state and interaction is required.
4179
+ * @public
4180
+ */
4181
+ const interruptedUser = "interrupted_user";
4182
+
4183
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4184
+
4185
+ /*
4186
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4187
+ * Licensed under the MIT License.
4211
4188
  */
4212
- function isIdTokenEntity(entity) {
4213
- if (!entity) {
4214
- return false;
4215
- }
4216
- return (isCredentialEntity(entity) &&
4217
- entity.hasOwnProperty("realm") &&
4218
- entity["credentialType"] === CredentialType.ID_TOKEN);
4219
- }
4220
4189
  /**
4221
- * Validates an entity: checks for all expected params
4222
- * @param entity
4190
+ * InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required
4223
4191
  */
4224
- function isRefreshTokenEntity(entity) {
4225
- if (!entity) {
4226
- return false;
4227
- }
4228
- return (isCredentialEntity(entity) &&
4229
- entity["credentialType"] === CredentialType.REFRESH_TOKEN);
4230
- }
4192
+ const InteractionRequiredServerErrorMessage = [
4193
+ interactionRequired,
4194
+ consentRequired,
4195
+ loginRequired,
4196
+ badToken,
4197
+ uxNotAllowed,
4198
+ interruptedUser,
4199
+ ];
4200
+ const InteractionRequiredAuthSubErrorMessage = [
4201
+ "message_only",
4202
+ "additional_action",
4203
+ "basic_action",
4204
+ "user_password_expired",
4205
+ "consent_required",
4206
+ "bad_token",
4207
+ "ux_not_allowed",
4208
+ "interrupted_user",
4209
+ ];
4231
4210
  /**
4232
- * validates if a given cache entry is "Telemetry", parses <key,value>
4233
- * @param key
4234
- * @param entity
4211
+ * Error thrown when user interaction is required.
4235
4212
  */
4236
- function isServerTelemetryEntity(key, entity) {
4237
- const validateKey = key.indexOf(SERVER_TELEM_CACHE_KEY) === 0;
4238
- let validateEntity = true;
4239
- if (entity) {
4240
- validateEntity =
4241
- entity.hasOwnProperty("failedRequests") &&
4242
- entity.hasOwnProperty("errors") &&
4243
- entity.hasOwnProperty("cacheHits");
4213
+ class InteractionRequiredAuthError extends AuthError {
4214
+ constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
4215
+ super(errorCode, errorMessage, subError);
4216
+ Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
4217
+ this.timestamp = timestamp || "";
4218
+ this.traceId = traceId || "";
4219
+ this.correlationId = correlationId || "";
4220
+ this.claims = claims || "";
4221
+ this.name = "InteractionRequiredAuthError";
4222
+ this.errorNo = errorNo;
4244
4223
  }
4245
- return validateKey && validateEntity;
4246
4224
  }
4247
4225
  /**
4248
- * validates if a given cache entry is "Throttling", parses <key,value>
4249
- * @param key
4250
- * @param entity
4226
+ * Helper function used to determine if an error thrown by the server requires interaction to resolve
4227
+ * @param errorCode
4228
+ * @param errorString
4229
+ * @param subError
4251
4230
  */
4252
- function isThrottlingEntity(key, entity) {
4253
- let validateKey = false;
4254
- if (key) {
4255
- validateKey = key.indexOf(THROTTLING_PREFIX) === 0;
4256
- }
4257
- let validateEntity = true;
4258
- if (entity) {
4259
- validateEntity = entity.hasOwnProperty("throttleTime");
4260
- }
4261
- return validateKey && validateEntity;
4231
+ function isInteractionRequiredError(errorCode, errorString, subError) {
4232
+ const isInteractionRequiredErrorCode = !!errorCode &&
4233
+ InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;
4234
+ const isInteractionRequiredSubError = !!subError &&
4235
+ InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
4236
+ const isInteractionRequiredErrorDesc = !!errorString &&
4237
+ InteractionRequiredServerErrorMessage.some((irErrorCode) => {
4238
+ return errorString.indexOf(irErrorCode) > -1;
4239
+ });
4240
+ return (isInteractionRequiredErrorCode ||
4241
+ isInteractionRequiredErrorDesc ||
4242
+ isInteractionRequiredSubError);
4262
4243
  }
4263
4244
  /**
4264
- * Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
4245
+ * Creates an InteractionRequiredAuthError
4265
4246
  */
4266
- function generateAppMetadataKey({ environment, clientId, }) {
4267
- const appMetaDataKeyArray = [
4268
- APP_METADATA,
4269
- environment,
4270
- clientId,
4271
- ];
4272
- return appMetaDataKeyArray
4273
- .join(CACHE_KEY_SEPARATOR$1)
4274
- .toLowerCase();
4275
- }
4247
+ function createInteractionRequiredAuthError(errorCode, errorMessage) {
4248
+ return new InteractionRequiredAuthError(errorCode, errorMessage);
4249
+ }
4250
+
4251
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4252
+
4276
4253
  /*
4277
- * Validates an entity: checks for all expected params
4278
- * @param entity
4254
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4255
+ * Licensed under the MIT License.
4279
4256
  */
4280
- function isAppMetadataEntity(key, entity) {
4281
- if (!entity) {
4282
- return false;
4283
- }
4284
- return (key.indexOf(APP_METADATA) === 0 &&
4285
- entity.hasOwnProperty("clientId") &&
4286
- entity.hasOwnProperty("environment"));
4287
- }
4288
4257
  /**
4289
- * Validates an entity: checks for all expected params
4290
- * @param entity
4258
+ * Error thrown when there is an error with the server code, for example, unavailability.
4291
4259
  */
4292
- function isAuthorityMetadataEntity(key, entity) {
4293
- if (!entity) {
4294
- return false;
4260
+ class ServerError extends AuthError {
4261
+ constructor(errorCode, errorMessage, subError, errorNo, status) {
4262
+ super(errorCode, errorMessage, subError);
4263
+ this.name = "ServerError";
4264
+ this.errorNo = errorNo;
4265
+ this.status = status;
4266
+ Object.setPrototypeOf(this, ServerError.prototype);
4295
4267
  }
4296
- return (key.indexOf(AUTHORITY_METADATA_CACHE_KEY) === 0 &&
4297
- entity.hasOwnProperty("aliases") &&
4298
- entity.hasOwnProperty("preferred_cache") &&
4299
- entity.hasOwnProperty("preferred_network") &&
4300
- entity.hasOwnProperty("canonical_authority") &&
4301
- entity.hasOwnProperty("authorization_endpoint") &&
4302
- entity.hasOwnProperty("token_endpoint") &&
4303
- entity.hasOwnProperty("issuer") &&
4304
- entity.hasOwnProperty("aliasesFromNetwork") &&
4305
- entity.hasOwnProperty("endpointsFromNetwork") &&
4306
- entity.hasOwnProperty("expiresAt") &&
4307
- entity.hasOwnProperty("jwks_uri"));
4308
- }
4268
+ }
4269
+
4270
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4271
+
4272
+ /*
4273
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4274
+ * Licensed under the MIT License.
4275
+ */
4309
4276
  /**
4310
- * Reset the exiresAt value
4277
+ * Appends user state with random guid, or returns random guid.
4278
+ * @param cryptoObj
4279
+ * @param userState
4280
+ * @param meta
4311
4281
  */
4312
- function generateAuthorityMetadataExpiresAt() {
4313
- return (nowSeconds() +
4314
- AUTHORITY_METADATA_REFRESH_TIME_SECONDS);
4315
- }
4316
- function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
4317
- authorityMetadata.authorization_endpoint =
4318
- updatedValues.authorization_endpoint;
4319
- authorityMetadata.token_endpoint = updatedValues.token_endpoint;
4320
- authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
4321
- authorityMetadata.issuer = updatedValues.issuer;
4322
- authorityMetadata.endpointsFromNetwork = fromNetwork;
4323
- authorityMetadata.jwks_uri = updatedValues.jwks_uri;
4282
+ function setRequestState(cryptoObj, userState, meta) {
4283
+ const libraryState = generateLibraryState(cryptoObj, meta);
4284
+ return userState
4285
+ ? `${libraryState}${RESOURCE_DELIM}${userState}`
4286
+ : libraryState;
4324
4287
  }
4325
- function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
4326
- authorityMetadata.aliases = updatedValues.aliases;
4327
- authorityMetadata.preferred_cache = updatedValues.preferred_cache;
4328
- authorityMetadata.preferred_network = updatedValues.preferred_network;
4329
- authorityMetadata.aliasesFromNetwork = fromNetwork;
4288
+ /**
4289
+ * Generates the state value used by the common library.
4290
+ * @param cryptoObj
4291
+ * @param meta
4292
+ */
4293
+ function generateLibraryState(cryptoObj, meta) {
4294
+ if (!cryptoObj) {
4295
+ throw createClientAuthError(noCryptoObject);
4296
+ }
4297
+ // Create a state object containing a unique id and the timestamp of the request creation
4298
+ const stateObj = {
4299
+ id: cryptoObj.createNewGuid(),
4300
+ };
4301
+ if (meta) {
4302
+ stateObj.meta = meta;
4303
+ }
4304
+ const stateString = JSON.stringify(stateObj);
4305
+ return cryptoObj.base64Encode(stateString);
4330
4306
  }
4331
4307
  /**
4332
- * Returns whether or not the data needs to be refreshed
4308
+ * Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.
4309
+ * @param base64Decode
4310
+ * @param state
4333
4311
  */
4334
- function isAuthorityMetadataExpired(metadata) {
4335
- return metadata.expiresAt <= nowSeconds();
4312
+ function parseRequestState(base64Decode, state) {
4313
+ if (!base64Decode) {
4314
+ throw createClientAuthError(noCryptoObject);
4315
+ }
4316
+ if (!state) {
4317
+ throw createClientAuthError(invalidState);
4318
+ }
4319
+ try {
4320
+ // Split the state between library state and user passed state and decode them separately
4321
+ const splitState = state.split(RESOURCE_DELIM);
4322
+ const libraryState = splitState[0];
4323
+ const userState = splitState.length > 1
4324
+ ? splitState.slice(1).join(RESOURCE_DELIM)
4325
+ : "";
4326
+ const libraryStateString = base64Decode(libraryState);
4327
+ const libraryStateObj = JSON.parse(libraryStateString);
4328
+ return {
4329
+ userRequestState: userState || "",
4330
+ libraryState: libraryStateObj,
4331
+ };
4332
+ }
4333
+ catch (e) {
4334
+ throw createClientAuthError(invalidState);
4335
+ }
4336
4336
  }
4337
4337
 
4338
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4338
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4339
4339
 
4340
4340
  /*
4341
4341
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4491,7 +4491,7 @@ class ResponseHandler {
4491
4491
  if (serverTokenResponse.id_token && !!idTokenClaims) {
4492
4492
  cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || "");
4493
4493
  cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, request.correlationId, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
4494
- this.logger);
4494
+ this.logger, this.performanceClient);
4495
4495
  }
4496
4496
  // AccessToken
4497
4497
  let cachedAccessToken = null;
@@ -4637,17 +4637,24 @@ class ResponseHandler {
4637
4637
  };
4638
4638
  }
4639
4639
  }
4640
- function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
4640
+ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger, performanceClient) {
4641
4641
  logger?.verbose("09jz0t", correlationId);
4642
- // Check if base account is already cached
4643
- const accountKeys = cacheStorage.getAccountKeys();
4644
- const baseAccountKey = accountKeys.find((accountKey) => {
4645
- return accountKey.startsWith(homeAccountId);
4646
- });
4647
- let cachedAccount = null;
4648
- if (baseAccountKey) {
4649
- cachedAccount = cacheStorage.getAccount(baseAccountKey, correlationId);
4642
+ /*
4643
+ * Check if base account is already cached. Filter by homeAccountId (identifies
4644
+ * the user's home identity) and environment (identifies the cloud) the two
4645
+ * tenant-agnostic properties that uniquely locate a base AccountEntity.
4646
+ */
4647
+ const accountEnvironment = environment || authority.getPreferredCache();
4648
+ const matchedAccounts = cacheStorage.getAccountsFilteredBy({ homeAccountId, environment: accountEnvironment }, correlationId);
4649
+ performanceClient?.addFields({ cacheMatchedAccounts: matchedAccounts.length }, correlationId);
4650
+ if (matchedAccounts.length > 1) {
4651
+ /*
4652
+ * Base accounts are expected to be unique for a given homeAccountId in normal cache usage.
4653
+ * If multiple matches exist, ignore the cache hit rather than arbitrarily choosing one.
4654
+ */
4655
+ logger?.warning("0x7ad1", correlationId);
4650
4656
  }
4657
+ const cachedAccount = matchedAccounts.length === 1 ? matchedAccounts[0] : null;
4651
4658
  const baseAccount = cachedAccount ||
4652
4659
  createAccountEntity({
4653
4660
  homeAccountId,
@@ -4671,7 +4678,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
4671
4678
  return baseAccount;
4672
4679
  }
4673
4680
 
4674
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4681
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4675
4682
  /*
4676
4683
  * Copyright (c) Microsoft Corporation. All rights reserved.
4677
4684
  * Licensed under the MIT License.
@@ -4681,7 +4688,7 @@ const CcsCredentialType = {
4681
4688
  UPN: "UPN",
4682
4689
  };
4683
4690
 
4684
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4691
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4685
4692
  /*
4686
4693
  * Copyright (c) Microsoft Corporation. All rights reserved.
4687
4694
  * Licensed under the MIT License.
@@ -4699,7 +4706,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
4699
4706
  }
4700
4707
  }
4701
4708
 
4702
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4709
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4703
4710
  /*
4704
4711
  * Copyright (c) Microsoft Corporation. All rights reserved.
4705
4712
  * Licensed under the MIT License.
@@ -4720,7 +4727,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
4720
4727
  };
4721
4728
  }
4722
4729
 
4723
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4730
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4724
4731
 
4725
4732
  /*
4726
4733
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4806,7 +4813,7 @@ class ThrottlingUtils {
4806
4813
  }
4807
4814
  }
4808
4815
 
4809
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4816
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4810
4817
 
4811
4818
  /*
4812
4819
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4837,7 +4844,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
4837
4844
  return new NetworkError(error, httpStatus, responseHeaders);
4838
4845
  }
4839
4846
 
4840
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4847
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4841
4848
 
4842
4849
  /*
4843
4850
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4951,7 +4958,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
4951
4958
  return response;
4952
4959
  }
4953
4960
 
4954
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4961
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4955
4962
  /*
4956
4963
  * Copyright (c) Microsoft Corporation. All rights reserved.
4957
4964
  * Licensed under the MIT License.
@@ -4963,7 +4970,7 @@ function isOpenIdConfigResponse(response) {
4963
4970
  response.hasOwnProperty("jwks_uri"));
4964
4971
  }
4965
4972
 
4966
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4973
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4967
4974
  /*
4968
4975
  * Copyright (c) Microsoft Corporation. All rights reserved.
4969
4976
  * Licensed under the MIT License.
@@ -4973,7 +4980,7 @@ function isCloudInstanceDiscoveryResponse(response) {
4973
4980
  response.hasOwnProperty("metadata"));
4974
4981
  }
4975
4982
 
4976
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4983
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4977
4984
  /*
4978
4985
  * Copyright (c) Microsoft Corporation. All rights reserved.
4979
4986
  * Licensed under the MIT License.
@@ -4983,7 +4990,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
4983
4990
  response.hasOwnProperty("error_description"));
4984
4991
  }
4985
4992
 
4986
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4993
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4987
4994
 
4988
4995
  /*
4989
4996
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5088,7 +5095,7 @@ RegionDiscovery.IMDS_OPTIONS = {
5088
5095
  },
5089
5096
  };
5090
5097
 
5091
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5098
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
5092
5099
 
5093
5100
  /*
5094
5101
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5908,7 +5915,7 @@ function buildStaticAuthorityOptions(authOptions) {
5908
5915
  };
5909
5916
  }
5910
5917
 
5911
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5918
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
5912
5919
 
5913
5920
  /*
5914
5921
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5942,7 +5949,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
5942
5949
  }
5943
5950
  }
5944
5951
 
5945
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5952
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
5946
5953
 
5947
5954
  /*
5948
5955
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6202,7 +6209,7 @@ class AuthorizationCodeClient {
6202
6209
  }
6203
6210
  }
6204
6211
 
6205
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6212
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6206
6213
 
6207
6214
  /*
6208
6215
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6427,7 +6434,7 @@ class RefreshTokenClient {
6427
6434
  }
6428
6435
  }
6429
6436
 
6430
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6437
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6431
6438
 
6432
6439
  /*
6433
6440
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6536,7 +6543,7 @@ class SilentFlowClient {
6536
6543
  }
6537
6544
  }
6538
6545
 
6539
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6546
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6540
6547
 
6541
6548
  /*
6542
6549
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6551,7 +6558,7 @@ const StubbedNetworkModule = {
6551
6558
  },
6552
6559
  };
6553
6560
 
6554
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6561
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6555
6562
 
6556
6563
  /*
6557
6564
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6775,7 +6782,7 @@ function extractLoginHint(account) {
6775
6782
  return account.loginHint || account.idTokenClaims?.login_hint || null;
6776
6783
  }
6777
6784
 
6778
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6785
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6779
6786
  /*
6780
6787
  * Copyright (c) Microsoft Corporation. All rights reserved.
6781
6788
  * Licensed under the MIT License.
@@ -6785,7 +6792,7 @@ function extractLoginHint(account) {
6785
6792
  */
6786
6793
  const unexpectedError = "unexpected_error";
6787
6794
 
6788
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6795
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6789
6796
 
6790
6797
  /*
6791
6798
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7046,7 +7053,7 @@ class ServerTelemetryManager {
7046
7053
  }
7047
7054
  }
7048
7055
 
7049
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7056
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
7050
7057
 
7051
7058
  /*
7052
7059
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7067,7 +7074,7 @@ function createJoseHeaderError(code) {
7067
7074
  return new JoseHeaderError(code);
7068
7075
  }
7069
7076
 
7070
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7077
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
7071
7078
  /*
7072
7079
  * Copyright (c) Microsoft Corporation. All rights reserved.
7073
7080
  * Licensed under the MIT License.
@@ -7075,7 +7082,7 @@ function createJoseHeaderError(code) {
7075
7082
  const missingKidError = "missing_kid_error";
7076
7083
  const missingAlgError = "missing_alg_error";
7077
7084
 
7078
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7085
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
7079
7086
 
7080
7087
  /*
7081
7088
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7510,7 +7517,7 @@ function ensureArgumentIsJSONString(argName, argValue, correlationId) {
7510
7517
 
7511
7518
  /* eslint-disable header/header */
7512
7519
  const name = "@azure/msal-browser";
7513
- const version = "5.4.0";
7520
+ const version = "5.4.1";
7514
7521
 
7515
7522
  /*
7516
7523
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -16632,9 +16639,9 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
16632
16639
  }
16633
16640
  // Get the preferred_cache domain for the given authority
16634
16641
  const authority = await getDiscoveredAuthority(this.config, this.correlationId, this.performanceClient, this.browserStorage, this.logger, request.authority);
16635
- const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info, undefined, // environment
16642
+ const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info, authority.getPreferredCache(), // environment
16636
16643
  idTokenClaims.tid, undefined, // auth code payload
16637
- response.account.id);
16644
+ response.account.id, this.logger, this.performanceClient);
16638
16645
  // Ensure expires_in is in number format
16639
16646
  response.expires_in = Number(response.expires_in);
16640
16647
  // generate authenticationResult