@azure/msal-browser 5.4.0 → 5.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.mjs +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.d.ts.map +1 -1
- package/dist/cache/TokenCache.mjs +9 -9
- package/dist/cache/TokenCache.mjs.map +1 -1
- package/dist/config/Configuration.mjs +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.mjs +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
- package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
- package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
- package/dist/custom-auth-path/cache/CacheKeys.mjs +1 -1
- package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
- package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/TokenCache.d.ts.map +1 -1
- package/dist/custom-auth-path/config/Configuration.mjs +1 -1
- package/dist/custom-auth-path/controllers/StandardController.mjs +1 -1
- package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
- package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
- package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
- package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
- package/dist/custom-auth-path/event/EventType.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +8 -8
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/PopupClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/custom-auth-path/log-strings-mapping.json +2 -2
- package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
- package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
- package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
- package/dist/custom-auth-path/packageMetadata.mjs +2 -2
- package/dist/custom-auth-path/protocol/Authorize.mjs +1 -1
- package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
- package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +1 -1
- package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
- package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
- package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
- package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +8 -8
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +1 -1
- package/dist/interaction_client/RedirectClient.mjs +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/log-strings-mapping.json +10 -10
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
- package/dist/redirect-bridge/cache/TokenCache.d.ts.map +1 -1
- package/dist/redirect-bridge/config/Configuration.mjs +1 -1
- package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
- package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
- package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
- package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
- package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
- package/dist/redirect-bridge/redirect_bridge/index.mjs +1 -1
- package/dist/redirect-bridge/utils/BrowserConstants.mjs +1 -1
- package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +2 -2
- package/lib/custom-auth-path/msal-custom-auth.cjs +523 -516
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/types/cache/TokenCache.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
- package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
- package/lib/log-strings-mapping.json +10 -10
- package/lib/msal-browser.cjs +542 -534
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +542 -534
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
- package/lib/types/cache/TokenCache.d.ts.map +1 -1
- package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
- package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/package.json +2 -2
- package/src/cache/TokenCache.ts +27 -24
- package/src/interaction_client/PlatformAuthInteractionClient.ts +55 -53
- package/src/packageMetadata.ts +1 -1
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.4.
|
|
1
|
+
/*! @azure/msal-browser v5.4.1 2026-04-01 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
5
|
-
/*! @azure/msal-common v16.2.
|
|
5
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
6
6
|
/*
|
|
7
7
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8
8
|
* Licensed under the MIT License.
|
|
@@ -229,7 +229,7 @@ const JsonWebTokenTypes = {
|
|
|
229
229
|
// Token renewal offset default in seconds
|
|
230
230
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
231
231
|
|
|
232
|
-
/*! @azure/msal-common v16.2.
|
|
232
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
233
233
|
/*
|
|
234
234
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
235
235
|
* Licensed under the MIT License.
|
|
@@ -279,7 +279,7 @@ const INSTANCE_AWARE = "instance_aware";
|
|
|
279
279
|
const EAR_JWK = "ear_jwk";
|
|
280
280
|
const EAR_JWE_CRYPTO = "ear_jwe_crypto";
|
|
281
281
|
|
|
282
|
-
/*! @azure/msal-common v16.2.
|
|
282
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
283
283
|
/*
|
|
284
284
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
285
285
|
* Licensed under the MIT License.
|
|
@@ -310,7 +310,7 @@ function createAuthError(code, additionalMessage) {
|
|
|
310
310
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
311
311
|
}
|
|
312
312
|
|
|
313
|
-
/*! @azure/msal-common v16.2.
|
|
313
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
314
314
|
|
|
315
315
|
/*
|
|
316
316
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -330,7 +330,7 @@ function createClientConfigurationError(errorCode) {
|
|
|
330
330
|
return new ClientConfigurationError(errorCode);
|
|
331
331
|
}
|
|
332
332
|
|
|
333
|
-
/*! @azure/msal-common v16.2.
|
|
333
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
334
334
|
/*
|
|
335
335
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
336
336
|
* Licensed under the MIT License.
|
|
@@ -410,7 +410,7 @@ class StringUtils {
|
|
|
410
410
|
}
|
|
411
411
|
}
|
|
412
412
|
|
|
413
|
-
/*! @azure/msal-common v16.2.
|
|
413
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
414
414
|
|
|
415
415
|
/*
|
|
416
416
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -433,7 +433,7 @@ function createClientAuthError(errorCode, additionalMessage) {
|
|
|
433
433
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
434
434
|
}
|
|
435
435
|
|
|
436
|
-
/*! @azure/msal-common v16.2.
|
|
436
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
437
437
|
/*
|
|
438
438
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
439
439
|
* Licensed under the MIT License.
|
|
@@ -457,7 +457,7 @@ const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
|
|
|
457
457
|
const authorityMismatch = "authority_mismatch";
|
|
458
458
|
const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
|
|
459
459
|
|
|
460
|
-
/*! @azure/msal-common v16.2.
|
|
460
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
461
461
|
/*
|
|
462
462
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
463
463
|
* Licensed under the MIT License.
|
|
@@ -494,7 +494,7 @@ const endSessionEndpointNotSupported = "end_session_endpoint_not_supported";
|
|
|
494
494
|
const keyIdMissing = "key_id_missing";
|
|
495
495
|
const methodNotImplemented = "method_not_implemented";
|
|
496
496
|
|
|
497
|
-
/*! @azure/msal-common v16.2.
|
|
497
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
498
498
|
|
|
499
499
|
/*
|
|
500
500
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -689,7 +689,7 @@ class ScopeSet {
|
|
|
689
689
|
}
|
|
690
690
|
}
|
|
691
691
|
|
|
692
|
-
/*! @azure/msal-common v16.2.
|
|
692
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
693
693
|
|
|
694
694
|
/*
|
|
695
695
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1056,7 +1056,7 @@ function addEARParameters(parameters, jwk) {
|
|
|
1056
1056
|
parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
|
|
1057
1057
|
}
|
|
1058
1058
|
|
|
1059
|
-
/*! @azure/msal-common v16.2.
|
|
1059
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
1060
1060
|
|
|
1061
1061
|
/*
|
|
1062
1062
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1165,7 +1165,7 @@ function normalizeUrlForComparison(url) {
|
|
|
1165
1165
|
}
|
|
1166
1166
|
}
|
|
1167
1167
|
|
|
1168
|
-
/*! @azure/msal-common v16.2.
|
|
1168
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
1169
1169
|
|
|
1170
1170
|
/*
|
|
1171
1171
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1204,7 +1204,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
|
|
|
1204
1204
|
},
|
|
1205
1205
|
};
|
|
1206
1206
|
|
|
1207
|
-
/*! @azure/msal-common v16.2.
|
|
1207
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
1208
1208
|
/*
|
|
1209
1209
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1210
1210
|
* Licensed under the MIT License.
|
|
@@ -1465,12 +1465,12 @@ class Logger {
|
|
|
1465
1465
|
}
|
|
1466
1466
|
}
|
|
1467
1467
|
|
|
1468
|
-
/*! @azure/msal-common v16.2.
|
|
1468
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
1469
1469
|
/* eslint-disable header/header */
|
|
1470
1470
|
const name$1 = "@azure/msal-common";
|
|
1471
|
-
const version$1 = "16.2.
|
|
1471
|
+
const version$1 = "16.2.1";
|
|
1472
1472
|
|
|
1473
|
-
/*! @azure/msal-common v16.2.
|
|
1473
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
1474
1474
|
/*
|
|
1475
1475
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1476
1476
|
* Licensed under the MIT License.
|
|
@@ -1479,7 +1479,7 @@ const AzureCloudInstance = {
|
|
|
1479
1479
|
// AzureCloudInstance is not specified.
|
|
1480
1480
|
None: "none"};
|
|
1481
1481
|
|
|
1482
|
-
/*! @azure/msal-common v16.2.
|
|
1482
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
1483
1483
|
/*
|
|
1484
1484
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1485
1485
|
* Licensed under the MIT License.
|
|
@@ -1561,7 +1561,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
|
|
|
1561
1561
|
return updatedAccountInfo;
|
|
1562
1562
|
}
|
|
1563
1563
|
|
|
1564
|
-
/*! @azure/msal-common v16.2.
|
|
1564
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
1565
1565
|
|
|
1566
1566
|
/*
|
|
1567
1567
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1641,7 +1641,7 @@ function checkMaxAge(authTime, maxAge) {
|
|
|
1641
1641
|
}
|
|
1642
1642
|
}
|
|
1643
1643
|
|
|
1644
|
-
/*! @azure/msal-common v16.2.
|
|
1644
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
1645
1645
|
|
|
1646
1646
|
/*
|
|
1647
1647
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1798,7 +1798,7 @@ class UrlString {
|
|
|
1798
1798
|
}
|
|
1799
1799
|
}
|
|
1800
1800
|
|
|
1801
|
-
/*! @azure/msal-common v16.2.
|
|
1801
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
1802
1802
|
|
|
1803
1803
|
/*
|
|
1804
1804
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1955,7 +1955,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
1955
1955
|
return null;
|
|
1956
1956
|
}
|
|
1957
1957
|
|
|
1958
|
-
/*! @azure/msal-common v16.2.
|
|
1958
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
1959
1959
|
/*
|
|
1960
1960
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1961
1961
|
* Licensed under the MIT License.
|
|
@@ -1963,7 +1963,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
1963
1963
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
1964
1964
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
1965
1965
|
|
|
1966
|
-
/*! @azure/msal-common v16.2.
|
|
1966
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
1967
1967
|
|
|
1968
1968
|
/*
|
|
1969
1969
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2001,7 +2001,7 @@ function createCacheError(e) {
|
|
|
2001
2001
|
}
|
|
2002
2002
|
}
|
|
2003
2003
|
|
|
2004
|
-
/*! @azure/msal-common v16.2.
|
|
2004
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
2005
2005
|
|
|
2006
2006
|
/*
|
|
2007
2007
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2039,7 +2039,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
|
|
|
2039
2039
|
};
|
|
2040
2040
|
}
|
|
2041
2041
|
|
|
2042
|
-
/*! @azure/msal-common v16.2.
|
|
2042
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
2043
2043
|
/*
|
|
2044
2044
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2045
2045
|
* Licensed under the MIT License.
|
|
@@ -2054,7 +2054,7 @@ const AuthorityType = {
|
|
|
2054
2054
|
Ciam: 3,
|
|
2055
2055
|
};
|
|
2056
2056
|
|
|
2057
|
-
/*! @azure/msal-common v16.2.
|
|
2057
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
2058
2058
|
/*
|
|
2059
2059
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2060
2060
|
* Licensed under the MIT License.
|
|
@@ -2076,7 +2076,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
|
|
|
2076
2076
|
return null;
|
|
2077
2077
|
}
|
|
2078
2078
|
|
|
2079
|
-
/*! @azure/msal-common v16.2.
|
|
2079
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
2080
2080
|
/*
|
|
2081
2081
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2082
2082
|
* Licensed under the MIT License.
|
|
@@ -2100,7 +2100,7 @@ const ProtocolMode = {
|
|
|
2100
2100
|
EAR: "EAR",
|
|
2101
2101
|
};
|
|
2102
2102
|
|
|
2103
|
-
/*! @azure/msal-common v16.2.
|
|
2103
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
2104
2104
|
/**
|
|
2105
2105
|
* Returns the AccountInfo interface for this account.
|
|
2106
2106
|
*/
|
|
@@ -2275,7 +2275,7 @@ function isAccountEntity(entity) {
|
|
|
2275
2275
|
entity.hasOwnProperty("authorityType"));
|
|
2276
2276
|
}
|
|
2277
2277
|
|
|
2278
|
-
/*! @azure/msal-common v16.2.
|
|
2278
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
2279
2279
|
|
|
2280
2280
|
/*
|
|
2281
2281
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3371,7 +3371,7 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3371
3371
|
}
|
|
3372
3372
|
}
|
|
3373
3373
|
|
|
3374
|
-
/*! @azure/msal-common v16.2.
|
|
3374
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
3375
3375
|
/*
|
|
3376
3376
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3377
3377
|
* Licensed under the MIT License.
|
|
@@ -3385,7 +3385,7 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3385
3385
|
const PerformanceEventStatus = {
|
|
3386
3386
|
InProgress: 1};
|
|
3387
3387
|
|
|
3388
|
-
/*! @azure/msal-common v16.2.
|
|
3388
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
3389
3389
|
|
|
3390
3390
|
/*
|
|
3391
3391
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3440,7 +3440,7 @@ class StubPerformanceClient {
|
|
|
3440
3440
|
}
|
|
3441
3441
|
}
|
|
3442
3442
|
|
|
3443
|
-
/*! @azure/msal-common v16.2.
|
|
3443
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
3444
3444
|
|
|
3445
3445
|
/*
|
|
3446
3446
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3534,278 +3534,358 @@ function isOidcProtocolMode(config) {
|
|
|
3534
3534
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3535
3535
|
}
|
|
3536
3536
|
|
|
3537
|
-
/*! @azure/msal-common v16.2.
|
|
3538
|
-
|
|
3537
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
3539
3538
|
/*
|
|
3540
3539
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3541
3540
|
* Licensed under the MIT License.
|
|
3542
3541
|
*/
|
|
3543
3542
|
/**
|
|
3544
|
-
*
|
|
3545
|
-
|
|
3546
|
-
|
|
3547
|
-
constructor(
|
|
3548
|
-
|
|
3549
|
-
this.
|
|
3550
|
-
|
|
3551
|
-
|
|
3552
|
-
|
|
3543
|
+
* This class instance helps track the memory changes facilitating
|
|
3544
|
+
* decisions to read from and write to the persistent cache
|
|
3545
|
+
*/ class TokenCacheContext {
|
|
3546
|
+
constructor(tokenCache, hasChanged) {
|
|
3547
|
+
this.cache = tokenCache;
|
|
3548
|
+
this.hasChanged = hasChanged;
|
|
3549
|
+
}
|
|
3550
|
+
/**
|
|
3551
|
+
* boolean which indicates the changes in cache
|
|
3552
|
+
*/
|
|
3553
|
+
get cacheHasChanged() {
|
|
3554
|
+
return this.hasChanged;
|
|
3555
|
+
}
|
|
3556
|
+
/**
|
|
3557
|
+
* function to retrieve the token cache
|
|
3558
|
+
*/
|
|
3559
|
+
get tokenCache() {
|
|
3560
|
+
return this.cache;
|
|
3553
3561
|
}
|
|
3554
3562
|
}
|
|
3555
3563
|
|
|
3556
|
-
/*! @azure/msal-common v16.2.
|
|
3564
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
3557
3565
|
/*
|
|
3558
3566
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3559
3567
|
* Licensed under the MIT License.
|
|
3560
3568
|
*/
|
|
3561
3569
|
/**
|
|
3562
|
-
*
|
|
3563
|
-
* @public
|
|
3564
|
-
*/
|
|
3565
|
-
const noTokensFound = "no_tokens_found";
|
|
3566
|
-
/**
|
|
3567
|
-
* MSAL-defined error code indicating a native account is unavailable on the platform.
|
|
3568
|
-
* @public
|
|
3570
|
+
* Utility functions for managing date and time operations.
|
|
3569
3571
|
*/
|
|
3570
|
-
const nativeAccountUnavailable = "native_account_unavailable";
|
|
3571
3572
|
/**
|
|
3572
|
-
*
|
|
3573
|
-
* @public
|
|
3574
|
-
*/
|
|
3575
|
-
const refreshTokenExpired = "refresh_token_expired";
|
|
3576
|
-
/**
|
|
3577
|
-
* MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
|
|
3578
|
-
* @public
|
|
3573
|
+
* return the current time in Unix time (seconds).
|
|
3579
3574
|
*/
|
|
3580
|
-
|
|
3575
|
+
function nowSeconds() {
|
|
3576
|
+
// Date.getTime() returns in milliseconds.
|
|
3577
|
+
return Math.round(new Date().getTime() / 1000.0);
|
|
3578
|
+
}
|
|
3581
3579
|
/**
|
|
3582
|
-
*
|
|
3583
|
-
* @
|
|
3580
|
+
* Converts JS Date object to seconds
|
|
3581
|
+
* @param date Date
|
|
3584
3582
|
*/
|
|
3585
|
-
|
|
3583
|
+
function toSecondsFromDate(date) {
|
|
3584
|
+
// Convert date to seconds
|
|
3585
|
+
return date.getTime() / 1000;
|
|
3586
|
+
}
|
|
3586
3587
|
/**
|
|
3587
|
-
*
|
|
3588
|
-
* @
|
|
3588
|
+
* Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
|
|
3589
|
+
* @param seconds
|
|
3589
3590
|
*/
|
|
3590
|
-
|
|
3591
|
+
function toDateFromSeconds(seconds) {
|
|
3592
|
+
if (seconds) {
|
|
3593
|
+
return new Date(Number(seconds) * 1000);
|
|
3594
|
+
}
|
|
3595
|
+
return new Date();
|
|
3596
|
+
}
|
|
3591
3597
|
/**
|
|
3592
|
-
*
|
|
3593
|
-
* @
|
|
3598
|
+
* check if a token is expired based on given UTC time in seconds.
|
|
3599
|
+
* @param expiresOn
|
|
3594
3600
|
*/
|
|
3595
|
-
|
|
3601
|
+
function isTokenExpired(expiresOn, offset) {
|
|
3602
|
+
// check for access token expiry
|
|
3603
|
+
const expirationSec = Number(expiresOn) || 0;
|
|
3604
|
+
const offsetCurrentTimeSec = nowSeconds() + offset;
|
|
3605
|
+
// If current time + offset is greater than token expiration time, then token is expired.
|
|
3606
|
+
return offsetCurrentTimeSec > expirationSec;
|
|
3607
|
+
}
|
|
3596
3608
|
/**
|
|
3597
|
-
*
|
|
3598
|
-
* @
|
|
3609
|
+
* Checks if a cache entry is expired based on the last updated time and cache retention days.
|
|
3610
|
+
* @param lastUpdatedAt
|
|
3611
|
+
* @param cacheRetentionDays
|
|
3612
|
+
* @returns
|
|
3599
3613
|
*/
|
|
3600
|
-
|
|
3614
|
+
function isCacheExpired(lastUpdatedAt, cacheRetentionDays) {
|
|
3615
|
+
const cacheExpirationTimestamp = Number(lastUpdatedAt) + cacheRetentionDays * 24 * 60 * 60 * 1000;
|
|
3616
|
+
return Date.now() > cacheExpirationTimestamp;
|
|
3617
|
+
}
|
|
3601
3618
|
/**
|
|
3602
|
-
*
|
|
3603
|
-
*
|
|
3619
|
+
* If the current time is earlier than the time that a token was cached at, we must discard the token
|
|
3620
|
+
* i.e. The system clock was turned back after acquiring the cached token
|
|
3621
|
+
* @param cachedAt
|
|
3622
|
+
* @param offset
|
|
3604
3623
|
*/
|
|
3605
|
-
|
|
3624
|
+
function wasClockTurnedBack(cachedAt) {
|
|
3625
|
+
const cachedAtSec = Number(cachedAt);
|
|
3626
|
+
return cachedAtSec > nowSeconds();
|
|
3627
|
+
}
|
|
3606
3628
|
|
|
3607
|
-
/*! @azure/msal-common v16.2.
|
|
3629
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
3608
3630
|
|
|
3609
3631
|
/*
|
|
3610
3632
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3611
3633
|
* Licensed under the MIT License.
|
|
3612
3634
|
*/
|
|
3613
3635
|
/**
|
|
3614
|
-
*
|
|
3636
|
+
* Create IdTokenEntity
|
|
3637
|
+
* @param homeAccountId
|
|
3638
|
+
* @param authenticationResult
|
|
3639
|
+
* @param clientId
|
|
3640
|
+
* @param authority
|
|
3615
3641
|
*/
|
|
3616
|
-
|
|
3617
|
-
|
|
3618
|
-
|
|
3619
|
-
|
|
3620
|
-
|
|
3621
|
-
|
|
3622
|
-
|
|
3623
|
-
|
|
3624
|
-
|
|
3625
|
-
|
|
3626
|
-
|
|
3627
|
-
|
|
3628
|
-
"user_password_expired",
|
|
3629
|
-
"consent_required",
|
|
3630
|
-
"bad_token",
|
|
3631
|
-
"ux_not_allowed",
|
|
3632
|
-
"interrupted_user",
|
|
3633
|
-
];
|
|
3642
|
+
function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
|
|
3643
|
+
const idTokenEntity = {
|
|
3644
|
+
credentialType: CredentialType.ID_TOKEN,
|
|
3645
|
+
homeAccountId: homeAccountId,
|
|
3646
|
+
environment: environment,
|
|
3647
|
+
clientId: clientId,
|
|
3648
|
+
secret: idToken,
|
|
3649
|
+
realm: tenantId,
|
|
3650
|
+
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
3651
|
+
};
|
|
3652
|
+
return idTokenEntity;
|
|
3653
|
+
}
|
|
3634
3654
|
/**
|
|
3635
|
-
*
|
|
3655
|
+
* Create AccessTokenEntity
|
|
3656
|
+
* @param homeAccountId
|
|
3657
|
+
* @param environment
|
|
3658
|
+
* @param accessToken
|
|
3659
|
+
* @param clientId
|
|
3660
|
+
* @param tenantId
|
|
3661
|
+
* @param scopes
|
|
3662
|
+
* @param expiresOn
|
|
3663
|
+
* @param extExpiresOn
|
|
3636
3664
|
*/
|
|
3637
|
-
|
|
3638
|
-
|
|
3639
|
-
|
|
3640
|
-
|
|
3641
|
-
|
|
3642
|
-
|
|
3643
|
-
|
|
3644
|
-
|
|
3645
|
-
|
|
3646
|
-
|
|
3665
|
+
function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId) {
|
|
3666
|
+
const atEntity = {
|
|
3667
|
+
homeAccountId: homeAccountId,
|
|
3668
|
+
credentialType: CredentialType.ACCESS_TOKEN,
|
|
3669
|
+
secret: accessToken,
|
|
3670
|
+
cachedAt: nowSeconds().toString(),
|
|
3671
|
+
expiresOn: expiresOn.toString(),
|
|
3672
|
+
extendedExpiresOn: extExpiresOn.toString(),
|
|
3673
|
+
environment: environment,
|
|
3674
|
+
clientId: clientId,
|
|
3675
|
+
realm: tenantId,
|
|
3676
|
+
target: scopes,
|
|
3677
|
+
tokenType: tokenType || AuthenticationScheme.BEARER,
|
|
3678
|
+
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
3679
|
+
};
|
|
3680
|
+
if (userAssertionHash) {
|
|
3681
|
+
atEntity.userAssertionHash = userAssertionHash;
|
|
3682
|
+
}
|
|
3683
|
+
if (refreshOn) {
|
|
3684
|
+
atEntity.refreshOn = refreshOn.toString();
|
|
3685
|
+
}
|
|
3686
|
+
/*
|
|
3687
|
+
* Create Access Token With Auth Scheme instead of regular access token
|
|
3688
|
+
* Cast to lower to handle "bearer" from ADFS
|
|
3689
|
+
*/
|
|
3690
|
+
if (atEntity.tokenType?.toLowerCase() !==
|
|
3691
|
+
AuthenticationScheme.BEARER.toLowerCase()) {
|
|
3692
|
+
atEntity.credentialType =
|
|
3693
|
+
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
|
|
3694
|
+
switch (atEntity.tokenType) {
|
|
3695
|
+
case AuthenticationScheme.POP:
|
|
3696
|
+
// Make sure keyId is present and add it to credential
|
|
3697
|
+
const tokenClaims = extractTokenClaims(accessToken, base64Decode);
|
|
3698
|
+
if (!tokenClaims?.cnf?.kid) {
|
|
3699
|
+
throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
|
|
3700
|
+
}
|
|
3701
|
+
atEntity.keyId = tokenClaims.cnf.kid;
|
|
3702
|
+
break;
|
|
3703
|
+
case AuthenticationScheme.SSH:
|
|
3704
|
+
atEntity.keyId = keyId;
|
|
3705
|
+
}
|
|
3647
3706
|
}
|
|
3707
|
+
return atEntity;
|
|
3648
3708
|
}
|
|
3649
3709
|
/**
|
|
3650
|
-
*
|
|
3651
|
-
* @param
|
|
3652
|
-
* @param
|
|
3653
|
-
* @param
|
|
3710
|
+
* Create RefreshTokenEntity
|
|
3711
|
+
* @param homeAccountId
|
|
3712
|
+
* @param authenticationResult
|
|
3713
|
+
* @param clientId
|
|
3714
|
+
* @param authority
|
|
3654
3715
|
*/
|
|
3655
|
-
function
|
|
3656
|
-
const
|
|
3657
|
-
|
|
3658
|
-
|
|
3659
|
-
|
|
3660
|
-
|
|
3661
|
-
|
|
3662
|
-
|
|
3663
|
-
|
|
3664
|
-
|
|
3665
|
-
|
|
3666
|
-
|
|
3716
|
+
function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
|
|
3717
|
+
const rtEntity = {
|
|
3718
|
+
credentialType: CredentialType.REFRESH_TOKEN,
|
|
3719
|
+
homeAccountId: homeAccountId,
|
|
3720
|
+
environment: environment,
|
|
3721
|
+
clientId: clientId,
|
|
3722
|
+
secret: refreshToken,
|
|
3723
|
+
lastUpdatedAt: Date.now().toString(),
|
|
3724
|
+
};
|
|
3725
|
+
if (userAssertionHash) {
|
|
3726
|
+
rtEntity.userAssertionHash = userAssertionHash;
|
|
3727
|
+
}
|
|
3728
|
+
if (familyId) {
|
|
3729
|
+
rtEntity.familyId = familyId;
|
|
3730
|
+
}
|
|
3731
|
+
if (expiresOn) {
|
|
3732
|
+
rtEntity.expiresOn = expiresOn.toString();
|
|
3733
|
+
}
|
|
3734
|
+
return rtEntity;
|
|
3735
|
+
}
|
|
3736
|
+
function isCredentialEntity(entity) {
|
|
3737
|
+
return (entity.hasOwnProperty("homeAccountId") &&
|
|
3738
|
+
entity.hasOwnProperty("environment") &&
|
|
3739
|
+
entity.hasOwnProperty("credentialType") &&
|
|
3740
|
+
entity.hasOwnProperty("clientId") &&
|
|
3741
|
+
entity.hasOwnProperty("secret"));
|
|
3667
3742
|
}
|
|
3668
3743
|
/**
|
|
3669
|
-
*
|
|
3670
|
-
|
|
3671
|
-
function createInteractionRequiredAuthError(errorCode, errorMessage) {
|
|
3672
|
-
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
3673
|
-
}
|
|
3674
|
-
|
|
3675
|
-
/*! @azure/msal-common v16.2.0 2026-03-02 */
|
|
3676
|
-
|
|
3677
|
-
/*
|
|
3678
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3679
|
-
* Licensed under the MIT License.
|
|
3680
|
-
*/
|
|
3681
|
-
/**
|
|
3682
|
-
* Appends user state with random guid, or returns random guid.
|
|
3683
|
-
* @param cryptoObj
|
|
3684
|
-
* @param userState
|
|
3685
|
-
* @param meta
|
|
3744
|
+
* Validates an entity: checks for all expected params
|
|
3745
|
+
* @param entity
|
|
3686
3746
|
*/
|
|
3687
|
-
function
|
|
3688
|
-
|
|
3689
|
-
|
|
3690
|
-
|
|
3691
|
-
|
|
3747
|
+
function isAccessTokenEntity(entity) {
|
|
3748
|
+
if (!entity) {
|
|
3749
|
+
return false;
|
|
3750
|
+
}
|
|
3751
|
+
return (isCredentialEntity(entity) &&
|
|
3752
|
+
entity.hasOwnProperty("realm") &&
|
|
3753
|
+
entity.hasOwnProperty("target") &&
|
|
3754
|
+
(entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
|
|
3755
|
+
entity["credentialType"] ===
|
|
3756
|
+
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
|
|
3692
3757
|
}
|
|
3693
3758
|
/**
|
|
3694
|
-
*
|
|
3695
|
-
* @param
|
|
3696
|
-
* @param meta
|
|
3759
|
+
* Validates an entity: checks for all expected params
|
|
3760
|
+
* @param entity
|
|
3697
3761
|
*/
|
|
3698
|
-
function
|
|
3699
|
-
if (!
|
|
3700
|
-
|
|
3701
|
-
}
|
|
3702
|
-
// Create a state object containing a unique id and the timestamp of the request creation
|
|
3703
|
-
const stateObj = {
|
|
3704
|
-
id: cryptoObj.createNewGuid(),
|
|
3705
|
-
};
|
|
3706
|
-
if (meta) {
|
|
3707
|
-
stateObj.meta = meta;
|
|
3762
|
+
function isIdTokenEntity(entity) {
|
|
3763
|
+
if (!entity) {
|
|
3764
|
+
return false;
|
|
3708
3765
|
}
|
|
3709
|
-
|
|
3710
|
-
|
|
3766
|
+
return (isCredentialEntity(entity) &&
|
|
3767
|
+
entity.hasOwnProperty("realm") &&
|
|
3768
|
+
entity["credentialType"] === CredentialType.ID_TOKEN);
|
|
3711
3769
|
}
|
|
3712
3770
|
/**
|
|
3713
|
-
*
|
|
3714
|
-
* @param
|
|
3715
|
-
* @param state
|
|
3771
|
+
* Validates an entity: checks for all expected params
|
|
3772
|
+
* @param entity
|
|
3716
3773
|
*/
|
|
3717
|
-
function
|
|
3718
|
-
if (!
|
|
3719
|
-
|
|
3720
|
-
}
|
|
3721
|
-
if (!state) {
|
|
3722
|
-
throw createClientAuthError(invalidState);
|
|
3723
|
-
}
|
|
3724
|
-
try {
|
|
3725
|
-
// Split the state between library state and user passed state and decode them separately
|
|
3726
|
-
const splitState = state.split(RESOURCE_DELIM);
|
|
3727
|
-
const libraryState = splitState[0];
|
|
3728
|
-
const userState = splitState.length > 1
|
|
3729
|
-
? splitState.slice(1).join(RESOURCE_DELIM)
|
|
3730
|
-
: "";
|
|
3731
|
-
const libraryStateString = base64Decode(libraryState);
|
|
3732
|
-
const libraryStateObj = JSON.parse(libraryStateString);
|
|
3733
|
-
return {
|
|
3734
|
-
userRequestState: userState || "",
|
|
3735
|
-
libraryState: libraryStateObj,
|
|
3736
|
-
};
|
|
3737
|
-
}
|
|
3738
|
-
catch (e) {
|
|
3739
|
-
throw createClientAuthError(invalidState);
|
|
3774
|
+
function isRefreshTokenEntity(entity) {
|
|
3775
|
+
if (!entity) {
|
|
3776
|
+
return false;
|
|
3740
3777
|
}
|
|
3741
|
-
|
|
3742
|
-
|
|
3743
|
-
|
|
3744
|
-
/*
|
|
3745
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3746
|
-
* Licensed under the MIT License.
|
|
3747
|
-
*/
|
|
3778
|
+
return (isCredentialEntity(entity) &&
|
|
3779
|
+
entity["credentialType"] === CredentialType.REFRESH_TOKEN);
|
|
3780
|
+
}
|
|
3748
3781
|
/**
|
|
3749
|
-
*
|
|
3782
|
+
* validates if a given cache entry is "Telemetry", parses <key,value>
|
|
3783
|
+
* @param key
|
|
3784
|
+
* @param entity
|
|
3750
3785
|
*/
|
|
3786
|
+
function isServerTelemetryEntity(key, entity) {
|
|
3787
|
+
const validateKey = key.indexOf(SERVER_TELEM_CACHE_KEY) === 0;
|
|
3788
|
+
let validateEntity = true;
|
|
3789
|
+
if (entity) {
|
|
3790
|
+
validateEntity =
|
|
3791
|
+
entity.hasOwnProperty("failedRequests") &&
|
|
3792
|
+
entity.hasOwnProperty("errors") &&
|
|
3793
|
+
entity.hasOwnProperty("cacheHits");
|
|
3794
|
+
}
|
|
3795
|
+
return validateKey && validateEntity;
|
|
3796
|
+
}
|
|
3751
3797
|
/**
|
|
3752
|
-
*
|
|
3798
|
+
* validates if a given cache entry is "Throttling", parses <key,value>
|
|
3799
|
+
* @param key
|
|
3800
|
+
* @param entity
|
|
3753
3801
|
*/
|
|
3754
|
-
function
|
|
3755
|
-
|
|
3756
|
-
|
|
3802
|
+
function isThrottlingEntity(key, entity) {
|
|
3803
|
+
let validateKey = false;
|
|
3804
|
+
if (key) {
|
|
3805
|
+
validateKey = key.indexOf(THROTTLING_PREFIX) === 0;
|
|
3806
|
+
}
|
|
3807
|
+
let validateEntity = true;
|
|
3808
|
+
if (entity) {
|
|
3809
|
+
validateEntity = entity.hasOwnProperty("throttleTime");
|
|
3810
|
+
}
|
|
3811
|
+
return validateKey && validateEntity;
|
|
3757
3812
|
}
|
|
3758
3813
|
/**
|
|
3759
|
-
*
|
|
3760
|
-
* @param date Date
|
|
3814
|
+
* Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
|
|
3761
3815
|
*/
|
|
3762
|
-
function
|
|
3763
|
-
|
|
3764
|
-
|
|
3816
|
+
function generateAppMetadataKey({ environment, clientId, }) {
|
|
3817
|
+
const appMetaDataKeyArray = [
|
|
3818
|
+
APP_METADATA,
|
|
3819
|
+
environment,
|
|
3820
|
+
clientId,
|
|
3821
|
+
];
|
|
3822
|
+
return appMetaDataKeyArray
|
|
3823
|
+
.join(CACHE_KEY_SEPARATOR$1)
|
|
3824
|
+
.toLowerCase();
|
|
3765
3825
|
}
|
|
3766
|
-
|
|
3767
|
-
*
|
|
3768
|
-
* @param
|
|
3826
|
+
/*
|
|
3827
|
+
* Validates an entity: checks for all expected params
|
|
3828
|
+
* @param entity
|
|
3769
3829
|
*/
|
|
3770
|
-
function
|
|
3771
|
-
if (
|
|
3772
|
-
return
|
|
3830
|
+
function isAppMetadataEntity(key, entity) {
|
|
3831
|
+
if (!entity) {
|
|
3832
|
+
return false;
|
|
3773
3833
|
}
|
|
3774
|
-
return
|
|
3834
|
+
return (key.indexOf(APP_METADATA) === 0 &&
|
|
3835
|
+
entity.hasOwnProperty("clientId") &&
|
|
3836
|
+
entity.hasOwnProperty("environment"));
|
|
3775
3837
|
}
|
|
3776
3838
|
/**
|
|
3777
|
-
*
|
|
3778
|
-
* @param
|
|
3839
|
+
* Validates an entity: checks for all expected params
|
|
3840
|
+
* @param entity
|
|
3779
3841
|
*/
|
|
3780
|
-
function
|
|
3781
|
-
|
|
3782
|
-
|
|
3783
|
-
|
|
3784
|
-
|
|
3785
|
-
|
|
3842
|
+
function isAuthorityMetadataEntity(key, entity) {
|
|
3843
|
+
if (!entity) {
|
|
3844
|
+
return false;
|
|
3845
|
+
}
|
|
3846
|
+
return (key.indexOf(AUTHORITY_METADATA_CACHE_KEY) === 0 &&
|
|
3847
|
+
entity.hasOwnProperty("aliases") &&
|
|
3848
|
+
entity.hasOwnProperty("preferred_cache") &&
|
|
3849
|
+
entity.hasOwnProperty("preferred_network") &&
|
|
3850
|
+
entity.hasOwnProperty("canonical_authority") &&
|
|
3851
|
+
entity.hasOwnProperty("authorization_endpoint") &&
|
|
3852
|
+
entity.hasOwnProperty("token_endpoint") &&
|
|
3853
|
+
entity.hasOwnProperty("issuer") &&
|
|
3854
|
+
entity.hasOwnProperty("aliasesFromNetwork") &&
|
|
3855
|
+
entity.hasOwnProperty("endpointsFromNetwork") &&
|
|
3856
|
+
entity.hasOwnProperty("expiresAt") &&
|
|
3857
|
+
entity.hasOwnProperty("jwks_uri"));
|
|
3786
3858
|
}
|
|
3787
3859
|
/**
|
|
3788
|
-
*
|
|
3789
|
-
* @param lastUpdatedAt
|
|
3790
|
-
* @param cacheRetentionDays
|
|
3791
|
-
* @returns
|
|
3860
|
+
* Reset the exiresAt value
|
|
3792
3861
|
*/
|
|
3793
|
-
function
|
|
3794
|
-
|
|
3795
|
-
|
|
3862
|
+
function generateAuthorityMetadataExpiresAt() {
|
|
3863
|
+
return (nowSeconds() +
|
|
3864
|
+
AUTHORITY_METADATA_REFRESH_TIME_SECONDS);
|
|
3865
|
+
}
|
|
3866
|
+
function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
|
|
3867
|
+
authorityMetadata.authorization_endpoint =
|
|
3868
|
+
updatedValues.authorization_endpoint;
|
|
3869
|
+
authorityMetadata.token_endpoint = updatedValues.token_endpoint;
|
|
3870
|
+
authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
|
|
3871
|
+
authorityMetadata.issuer = updatedValues.issuer;
|
|
3872
|
+
authorityMetadata.endpointsFromNetwork = fromNetwork;
|
|
3873
|
+
authorityMetadata.jwks_uri = updatedValues.jwks_uri;
|
|
3874
|
+
}
|
|
3875
|
+
function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
|
|
3876
|
+
authorityMetadata.aliases = updatedValues.aliases;
|
|
3877
|
+
authorityMetadata.preferred_cache = updatedValues.preferred_cache;
|
|
3878
|
+
authorityMetadata.preferred_network = updatedValues.preferred_network;
|
|
3879
|
+
authorityMetadata.aliasesFromNetwork = fromNetwork;
|
|
3796
3880
|
}
|
|
3797
3881
|
/**
|
|
3798
|
-
*
|
|
3799
|
-
* i.e. The system clock was turned back after acquiring the cached token
|
|
3800
|
-
* @param cachedAt
|
|
3801
|
-
* @param offset
|
|
3882
|
+
* Returns whether or not the data needs to be refreshed
|
|
3802
3883
|
*/
|
|
3803
|
-
function
|
|
3804
|
-
|
|
3805
|
-
return cachedAtSec > nowSeconds();
|
|
3884
|
+
function isAuthorityMetadataExpired(metadata) {
|
|
3885
|
+
return metadata.expiresAt <= nowSeconds();
|
|
3806
3886
|
}
|
|
3807
3887
|
|
|
3808
|
-
/*! @azure/msal-common v16.2.
|
|
3888
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
3809
3889
|
/*
|
|
3810
3890
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3811
3891
|
* Licensed under the MIT License.
|
|
@@ -3876,7 +3956,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
|
|
|
3876
3956
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
3877
3957
|
const SetUserData = "setUserData";
|
|
3878
3958
|
|
|
3879
|
-
/*! @azure/msal-common v16.2.
|
|
3959
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
3880
3960
|
/*
|
|
3881
3961
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3882
3962
|
* Licensed under the MIT License.
|
|
@@ -3969,7 +4049,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
|
|
|
3969
4049
|
};
|
|
3970
4050
|
};
|
|
3971
4051
|
|
|
3972
|
-
/*! @azure/msal-common v16.2.
|
|
4052
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
3973
4053
|
|
|
3974
4054
|
/*
|
|
3975
4055
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4049,293 +4129,213 @@ class PopTokenGenerator {
|
|
|
4049
4129
|
}
|
|
4050
4130
|
}
|
|
4051
4131
|
|
|
4052
|
-
/*! @azure/msal-common v16.2.
|
|
4132
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
4053
4133
|
/*
|
|
4054
4134
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4055
4135
|
* Licensed under the MIT License.
|
|
4056
4136
|
*/
|
|
4057
4137
|
/**
|
|
4058
|
-
*
|
|
4059
|
-
*
|
|
4060
|
-
*/ class TokenCacheContext {
|
|
4061
|
-
constructor(tokenCache, hasChanged) {
|
|
4062
|
-
this.cache = tokenCache;
|
|
4063
|
-
this.hasChanged = hasChanged;
|
|
4064
|
-
}
|
|
4065
|
-
/**
|
|
4066
|
-
* boolean which indicates the changes in cache
|
|
4067
|
-
*/
|
|
4068
|
-
get cacheHasChanged() {
|
|
4069
|
-
return this.hasChanged;
|
|
4070
|
-
}
|
|
4071
|
-
/**
|
|
4072
|
-
* function to retrieve the token cache
|
|
4073
|
-
*/
|
|
4074
|
-
get tokenCache() {
|
|
4075
|
-
return this.cache;
|
|
4076
|
-
}
|
|
4077
|
-
}
|
|
4078
|
-
|
|
4079
|
-
/*! @azure/msal-common v16.2.0 2026-03-02 */
|
|
4080
|
-
|
|
4081
|
-
/*
|
|
4082
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4083
|
-
* Licensed under the MIT License.
|
|
4138
|
+
* MSAL-defined interaction required error code indicating no tokens are found in cache.
|
|
4139
|
+
* @public
|
|
4084
4140
|
*/
|
|
4141
|
+
const noTokensFound = "no_tokens_found";
|
|
4085
4142
|
/**
|
|
4086
|
-
*
|
|
4087
|
-
* @
|
|
4088
|
-
* @param authenticationResult
|
|
4089
|
-
* @param clientId
|
|
4090
|
-
* @param authority
|
|
4143
|
+
* MSAL-defined error code indicating a native account is unavailable on the platform.
|
|
4144
|
+
* @public
|
|
4091
4145
|
*/
|
|
4092
|
-
|
|
4093
|
-
const idTokenEntity = {
|
|
4094
|
-
credentialType: CredentialType.ID_TOKEN,
|
|
4095
|
-
homeAccountId: homeAccountId,
|
|
4096
|
-
environment: environment,
|
|
4097
|
-
clientId: clientId,
|
|
4098
|
-
secret: idToken,
|
|
4099
|
-
realm: tenantId,
|
|
4100
|
-
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
4101
|
-
};
|
|
4102
|
-
return idTokenEntity;
|
|
4103
|
-
}
|
|
4146
|
+
const nativeAccountUnavailable = "native_account_unavailable";
|
|
4104
4147
|
/**
|
|
4105
|
-
*
|
|
4106
|
-
* @
|
|
4107
|
-
* @param environment
|
|
4108
|
-
* @param accessToken
|
|
4109
|
-
* @param clientId
|
|
4110
|
-
* @param tenantId
|
|
4111
|
-
* @param scopes
|
|
4112
|
-
* @param expiresOn
|
|
4113
|
-
* @param extExpiresOn
|
|
4148
|
+
* MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
|
|
4149
|
+
* @public
|
|
4114
4150
|
*/
|
|
4115
|
-
|
|
4116
|
-
const atEntity = {
|
|
4117
|
-
homeAccountId: homeAccountId,
|
|
4118
|
-
credentialType: CredentialType.ACCESS_TOKEN,
|
|
4119
|
-
secret: accessToken,
|
|
4120
|
-
cachedAt: nowSeconds().toString(),
|
|
4121
|
-
expiresOn: expiresOn.toString(),
|
|
4122
|
-
extendedExpiresOn: extExpiresOn.toString(),
|
|
4123
|
-
environment: environment,
|
|
4124
|
-
clientId: clientId,
|
|
4125
|
-
realm: tenantId,
|
|
4126
|
-
target: scopes,
|
|
4127
|
-
tokenType: tokenType || AuthenticationScheme.BEARER,
|
|
4128
|
-
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
4129
|
-
};
|
|
4130
|
-
if (userAssertionHash) {
|
|
4131
|
-
atEntity.userAssertionHash = userAssertionHash;
|
|
4132
|
-
}
|
|
4133
|
-
if (refreshOn) {
|
|
4134
|
-
atEntity.refreshOn = refreshOn.toString();
|
|
4135
|
-
}
|
|
4136
|
-
/*
|
|
4137
|
-
* Create Access Token With Auth Scheme instead of regular access token
|
|
4138
|
-
* Cast to lower to handle "bearer" from ADFS
|
|
4139
|
-
*/
|
|
4140
|
-
if (atEntity.tokenType?.toLowerCase() !==
|
|
4141
|
-
AuthenticationScheme.BEARER.toLowerCase()) {
|
|
4142
|
-
atEntity.credentialType =
|
|
4143
|
-
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
|
|
4144
|
-
switch (atEntity.tokenType) {
|
|
4145
|
-
case AuthenticationScheme.POP:
|
|
4146
|
-
// Make sure keyId is present and add it to credential
|
|
4147
|
-
const tokenClaims = extractTokenClaims(accessToken, base64Decode);
|
|
4148
|
-
if (!tokenClaims?.cnf?.kid) {
|
|
4149
|
-
throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
|
|
4150
|
-
}
|
|
4151
|
-
atEntity.keyId = tokenClaims.cnf.kid;
|
|
4152
|
-
break;
|
|
4153
|
-
case AuthenticationScheme.SSH:
|
|
4154
|
-
atEntity.keyId = keyId;
|
|
4155
|
-
}
|
|
4156
|
-
}
|
|
4157
|
-
return atEntity;
|
|
4158
|
-
}
|
|
4151
|
+
const refreshTokenExpired = "refresh_token_expired";
|
|
4159
4152
|
/**
|
|
4160
|
-
*
|
|
4161
|
-
* @
|
|
4162
|
-
* @param authenticationResult
|
|
4163
|
-
* @param clientId
|
|
4164
|
-
* @param authority
|
|
4153
|
+
* MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
|
|
4154
|
+
* @public
|
|
4165
4155
|
*/
|
|
4166
|
-
|
|
4167
|
-
|
|
4168
|
-
|
|
4169
|
-
|
|
4170
|
-
|
|
4171
|
-
|
|
4172
|
-
|
|
4173
|
-
|
|
4174
|
-
|
|
4175
|
-
|
|
4176
|
-
|
|
4177
|
-
|
|
4178
|
-
|
|
4179
|
-
|
|
4180
|
-
|
|
4181
|
-
|
|
4182
|
-
rtEntity.expiresOn = expiresOn.toString();
|
|
4183
|
-
}
|
|
4184
|
-
return rtEntity;
|
|
4185
|
-
}
|
|
4186
|
-
function isCredentialEntity(entity) {
|
|
4187
|
-
return (entity.hasOwnProperty("homeAccountId") &&
|
|
4188
|
-
entity.hasOwnProperty("environment") &&
|
|
4189
|
-
entity.hasOwnProperty("credentialType") &&
|
|
4190
|
-
entity.hasOwnProperty("clientId") &&
|
|
4191
|
-
entity.hasOwnProperty("secret"));
|
|
4192
|
-
}
|
|
4156
|
+
const uxNotAllowed = "ux_not_allowed";
|
|
4157
|
+
/**
|
|
4158
|
+
* Server-originated error code indicating interaction is required to complete the request.
|
|
4159
|
+
* @public
|
|
4160
|
+
*/
|
|
4161
|
+
const interactionRequired = "interaction_required";
|
|
4162
|
+
/**
|
|
4163
|
+
* Server-originated error code indicating user consent is required.
|
|
4164
|
+
* @public
|
|
4165
|
+
*/
|
|
4166
|
+
const consentRequired = "consent_required";
|
|
4167
|
+
/**
|
|
4168
|
+
* Server-originated error code indicating user login is required.
|
|
4169
|
+
* @public
|
|
4170
|
+
*/
|
|
4171
|
+
const loginRequired = "login_required";
|
|
4193
4172
|
/**
|
|
4194
|
-
*
|
|
4195
|
-
* @
|
|
4173
|
+
* Server-originated error code indicating the token is invalid or corrupted.
|
|
4174
|
+
* @public
|
|
4196
4175
|
*/
|
|
4197
|
-
|
|
4198
|
-
if (!entity) {
|
|
4199
|
-
return false;
|
|
4200
|
-
}
|
|
4201
|
-
return (isCredentialEntity(entity) &&
|
|
4202
|
-
entity.hasOwnProperty("realm") &&
|
|
4203
|
-
entity.hasOwnProperty("target") &&
|
|
4204
|
-
(entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
|
|
4205
|
-
entity["credentialType"] ===
|
|
4206
|
-
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
|
|
4207
|
-
}
|
|
4176
|
+
const badToken = "bad_token";
|
|
4208
4177
|
/**
|
|
4209
|
-
*
|
|
4210
|
-
* @
|
|
4178
|
+
* Server-originated error code indicating the user is in an interrupted state and interaction is required.
|
|
4179
|
+
* @public
|
|
4180
|
+
*/
|
|
4181
|
+
const interruptedUser = "interrupted_user";
|
|
4182
|
+
|
|
4183
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
4184
|
+
|
|
4185
|
+
/*
|
|
4186
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4187
|
+
* Licensed under the MIT License.
|
|
4211
4188
|
*/
|
|
4212
|
-
function isIdTokenEntity(entity) {
|
|
4213
|
-
if (!entity) {
|
|
4214
|
-
return false;
|
|
4215
|
-
}
|
|
4216
|
-
return (isCredentialEntity(entity) &&
|
|
4217
|
-
entity.hasOwnProperty("realm") &&
|
|
4218
|
-
entity["credentialType"] === CredentialType.ID_TOKEN);
|
|
4219
|
-
}
|
|
4220
4189
|
/**
|
|
4221
|
-
*
|
|
4222
|
-
* @param entity
|
|
4190
|
+
* InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required
|
|
4223
4191
|
*/
|
|
4224
|
-
|
|
4225
|
-
|
|
4226
|
-
|
|
4227
|
-
|
|
4228
|
-
|
|
4229
|
-
|
|
4230
|
-
|
|
4192
|
+
const InteractionRequiredServerErrorMessage = [
|
|
4193
|
+
interactionRequired,
|
|
4194
|
+
consentRequired,
|
|
4195
|
+
loginRequired,
|
|
4196
|
+
badToken,
|
|
4197
|
+
uxNotAllowed,
|
|
4198
|
+
interruptedUser,
|
|
4199
|
+
];
|
|
4200
|
+
const InteractionRequiredAuthSubErrorMessage = [
|
|
4201
|
+
"message_only",
|
|
4202
|
+
"additional_action",
|
|
4203
|
+
"basic_action",
|
|
4204
|
+
"user_password_expired",
|
|
4205
|
+
"consent_required",
|
|
4206
|
+
"bad_token",
|
|
4207
|
+
"ux_not_allowed",
|
|
4208
|
+
"interrupted_user",
|
|
4209
|
+
];
|
|
4231
4210
|
/**
|
|
4232
|
-
*
|
|
4233
|
-
* @param key
|
|
4234
|
-
* @param entity
|
|
4211
|
+
* Error thrown when user interaction is required.
|
|
4235
4212
|
*/
|
|
4236
|
-
|
|
4237
|
-
|
|
4238
|
-
|
|
4239
|
-
|
|
4240
|
-
|
|
4241
|
-
|
|
4242
|
-
|
|
4243
|
-
|
|
4213
|
+
class InteractionRequiredAuthError extends AuthError {
|
|
4214
|
+
constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
|
|
4215
|
+
super(errorCode, errorMessage, subError);
|
|
4216
|
+
Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
|
|
4217
|
+
this.timestamp = timestamp || "";
|
|
4218
|
+
this.traceId = traceId || "";
|
|
4219
|
+
this.correlationId = correlationId || "";
|
|
4220
|
+
this.claims = claims || "";
|
|
4221
|
+
this.name = "InteractionRequiredAuthError";
|
|
4222
|
+
this.errorNo = errorNo;
|
|
4244
4223
|
}
|
|
4245
|
-
return validateKey && validateEntity;
|
|
4246
4224
|
}
|
|
4247
4225
|
/**
|
|
4248
|
-
*
|
|
4249
|
-
* @param
|
|
4250
|
-
* @param
|
|
4226
|
+
* Helper function used to determine if an error thrown by the server requires interaction to resolve
|
|
4227
|
+
* @param errorCode
|
|
4228
|
+
* @param errorString
|
|
4229
|
+
* @param subError
|
|
4251
4230
|
*/
|
|
4252
|
-
function
|
|
4253
|
-
|
|
4254
|
-
|
|
4255
|
-
|
|
4256
|
-
|
|
4257
|
-
|
|
4258
|
-
|
|
4259
|
-
|
|
4260
|
-
|
|
4261
|
-
return
|
|
4231
|
+
function isInteractionRequiredError(errorCode, errorString, subError) {
|
|
4232
|
+
const isInteractionRequiredErrorCode = !!errorCode &&
|
|
4233
|
+
InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;
|
|
4234
|
+
const isInteractionRequiredSubError = !!subError &&
|
|
4235
|
+
InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
|
|
4236
|
+
const isInteractionRequiredErrorDesc = !!errorString &&
|
|
4237
|
+
InteractionRequiredServerErrorMessage.some((irErrorCode) => {
|
|
4238
|
+
return errorString.indexOf(irErrorCode) > -1;
|
|
4239
|
+
});
|
|
4240
|
+
return (isInteractionRequiredErrorCode ||
|
|
4241
|
+
isInteractionRequiredErrorDesc ||
|
|
4242
|
+
isInteractionRequiredSubError);
|
|
4262
4243
|
}
|
|
4263
4244
|
/**
|
|
4264
|
-
*
|
|
4245
|
+
* Creates an InteractionRequiredAuthError
|
|
4265
4246
|
*/
|
|
4266
|
-
function
|
|
4267
|
-
|
|
4268
|
-
|
|
4269
|
-
|
|
4270
|
-
|
|
4271
|
-
|
|
4272
|
-
return appMetaDataKeyArray
|
|
4273
|
-
.join(CACHE_KEY_SEPARATOR$1)
|
|
4274
|
-
.toLowerCase();
|
|
4275
|
-
}
|
|
4247
|
+
function createInteractionRequiredAuthError(errorCode, errorMessage) {
|
|
4248
|
+
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4249
|
+
}
|
|
4250
|
+
|
|
4251
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
4252
|
+
|
|
4276
4253
|
/*
|
|
4277
|
-
*
|
|
4278
|
-
*
|
|
4254
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4255
|
+
* Licensed under the MIT License.
|
|
4279
4256
|
*/
|
|
4280
|
-
function isAppMetadataEntity(key, entity) {
|
|
4281
|
-
if (!entity) {
|
|
4282
|
-
return false;
|
|
4283
|
-
}
|
|
4284
|
-
return (key.indexOf(APP_METADATA) === 0 &&
|
|
4285
|
-
entity.hasOwnProperty("clientId") &&
|
|
4286
|
-
entity.hasOwnProperty("environment"));
|
|
4287
|
-
}
|
|
4288
4257
|
/**
|
|
4289
|
-
*
|
|
4290
|
-
* @param entity
|
|
4258
|
+
* Error thrown when there is an error with the server code, for example, unavailability.
|
|
4291
4259
|
*/
|
|
4292
|
-
|
|
4293
|
-
|
|
4294
|
-
|
|
4260
|
+
class ServerError extends AuthError {
|
|
4261
|
+
constructor(errorCode, errorMessage, subError, errorNo, status) {
|
|
4262
|
+
super(errorCode, errorMessage, subError);
|
|
4263
|
+
this.name = "ServerError";
|
|
4264
|
+
this.errorNo = errorNo;
|
|
4265
|
+
this.status = status;
|
|
4266
|
+
Object.setPrototypeOf(this, ServerError.prototype);
|
|
4295
4267
|
}
|
|
4296
|
-
|
|
4297
|
-
|
|
4298
|
-
|
|
4299
|
-
|
|
4300
|
-
|
|
4301
|
-
|
|
4302
|
-
|
|
4303
|
-
|
|
4304
|
-
entity.hasOwnProperty("aliasesFromNetwork") &&
|
|
4305
|
-
entity.hasOwnProperty("endpointsFromNetwork") &&
|
|
4306
|
-
entity.hasOwnProperty("expiresAt") &&
|
|
4307
|
-
entity.hasOwnProperty("jwks_uri"));
|
|
4308
|
-
}
|
|
4268
|
+
}
|
|
4269
|
+
|
|
4270
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
4271
|
+
|
|
4272
|
+
/*
|
|
4273
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4274
|
+
* Licensed under the MIT License.
|
|
4275
|
+
*/
|
|
4309
4276
|
/**
|
|
4310
|
-
*
|
|
4277
|
+
* Appends user state with random guid, or returns random guid.
|
|
4278
|
+
* @param cryptoObj
|
|
4279
|
+
* @param userState
|
|
4280
|
+
* @param meta
|
|
4311
4281
|
*/
|
|
4312
|
-
function
|
|
4313
|
-
|
|
4314
|
-
|
|
4315
|
-
}
|
|
4316
|
-
|
|
4317
|
-
authorityMetadata.authorization_endpoint =
|
|
4318
|
-
updatedValues.authorization_endpoint;
|
|
4319
|
-
authorityMetadata.token_endpoint = updatedValues.token_endpoint;
|
|
4320
|
-
authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
|
|
4321
|
-
authorityMetadata.issuer = updatedValues.issuer;
|
|
4322
|
-
authorityMetadata.endpointsFromNetwork = fromNetwork;
|
|
4323
|
-
authorityMetadata.jwks_uri = updatedValues.jwks_uri;
|
|
4282
|
+
function setRequestState(cryptoObj, userState, meta) {
|
|
4283
|
+
const libraryState = generateLibraryState(cryptoObj, meta);
|
|
4284
|
+
return userState
|
|
4285
|
+
? `${libraryState}${RESOURCE_DELIM}${userState}`
|
|
4286
|
+
: libraryState;
|
|
4324
4287
|
}
|
|
4325
|
-
|
|
4326
|
-
|
|
4327
|
-
|
|
4328
|
-
|
|
4329
|
-
|
|
4288
|
+
/**
|
|
4289
|
+
* Generates the state value used by the common library.
|
|
4290
|
+
* @param cryptoObj
|
|
4291
|
+
* @param meta
|
|
4292
|
+
*/
|
|
4293
|
+
function generateLibraryState(cryptoObj, meta) {
|
|
4294
|
+
if (!cryptoObj) {
|
|
4295
|
+
throw createClientAuthError(noCryptoObject);
|
|
4296
|
+
}
|
|
4297
|
+
// Create a state object containing a unique id and the timestamp of the request creation
|
|
4298
|
+
const stateObj = {
|
|
4299
|
+
id: cryptoObj.createNewGuid(),
|
|
4300
|
+
};
|
|
4301
|
+
if (meta) {
|
|
4302
|
+
stateObj.meta = meta;
|
|
4303
|
+
}
|
|
4304
|
+
const stateString = JSON.stringify(stateObj);
|
|
4305
|
+
return cryptoObj.base64Encode(stateString);
|
|
4330
4306
|
}
|
|
4331
4307
|
/**
|
|
4332
|
-
*
|
|
4308
|
+
* Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.
|
|
4309
|
+
* @param base64Decode
|
|
4310
|
+
* @param state
|
|
4333
4311
|
*/
|
|
4334
|
-
function
|
|
4335
|
-
|
|
4312
|
+
function parseRequestState(base64Decode, state) {
|
|
4313
|
+
if (!base64Decode) {
|
|
4314
|
+
throw createClientAuthError(noCryptoObject);
|
|
4315
|
+
}
|
|
4316
|
+
if (!state) {
|
|
4317
|
+
throw createClientAuthError(invalidState);
|
|
4318
|
+
}
|
|
4319
|
+
try {
|
|
4320
|
+
// Split the state between library state and user passed state and decode them separately
|
|
4321
|
+
const splitState = state.split(RESOURCE_DELIM);
|
|
4322
|
+
const libraryState = splitState[0];
|
|
4323
|
+
const userState = splitState.length > 1
|
|
4324
|
+
? splitState.slice(1).join(RESOURCE_DELIM)
|
|
4325
|
+
: "";
|
|
4326
|
+
const libraryStateString = base64Decode(libraryState);
|
|
4327
|
+
const libraryStateObj = JSON.parse(libraryStateString);
|
|
4328
|
+
return {
|
|
4329
|
+
userRequestState: userState || "",
|
|
4330
|
+
libraryState: libraryStateObj,
|
|
4331
|
+
};
|
|
4332
|
+
}
|
|
4333
|
+
catch (e) {
|
|
4334
|
+
throw createClientAuthError(invalidState);
|
|
4335
|
+
}
|
|
4336
4336
|
}
|
|
4337
4337
|
|
|
4338
|
-
/*! @azure/msal-common v16.2.
|
|
4338
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
4339
4339
|
|
|
4340
4340
|
/*
|
|
4341
4341
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4491,7 +4491,7 @@ class ResponseHandler {
|
|
|
4491
4491
|
if (serverTokenResponse.id_token && !!idTokenClaims) {
|
|
4492
4492
|
cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || "");
|
|
4493
4493
|
cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, request.correlationId, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
|
|
4494
|
-
this.logger);
|
|
4494
|
+
this.logger, this.performanceClient);
|
|
4495
4495
|
}
|
|
4496
4496
|
// AccessToken
|
|
4497
4497
|
let cachedAccessToken = null;
|
|
@@ -4637,17 +4637,24 @@ class ResponseHandler {
|
|
|
4637
4637
|
};
|
|
4638
4638
|
}
|
|
4639
4639
|
}
|
|
4640
|
-
function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
|
|
4640
|
+
function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger, performanceClient) {
|
|
4641
4641
|
logger?.verbose("09jz0t", correlationId);
|
|
4642
|
-
|
|
4643
|
-
|
|
4644
|
-
|
|
4645
|
-
|
|
4646
|
-
|
|
4647
|
-
|
|
4648
|
-
|
|
4649
|
-
|
|
4642
|
+
/*
|
|
4643
|
+
* Check if base account is already cached. Filter by homeAccountId (identifies
|
|
4644
|
+
* the user's home identity) and environment (identifies the cloud) — the two
|
|
4645
|
+
* tenant-agnostic properties that uniquely locate a base AccountEntity.
|
|
4646
|
+
*/
|
|
4647
|
+
const accountEnvironment = environment || authority.getPreferredCache();
|
|
4648
|
+
const matchedAccounts = cacheStorage.getAccountsFilteredBy({ homeAccountId, environment: accountEnvironment }, correlationId);
|
|
4649
|
+
performanceClient?.addFields({ cacheMatchedAccounts: matchedAccounts.length }, correlationId);
|
|
4650
|
+
if (matchedAccounts.length > 1) {
|
|
4651
|
+
/*
|
|
4652
|
+
* Base accounts are expected to be unique for a given homeAccountId in normal cache usage.
|
|
4653
|
+
* If multiple matches exist, ignore the cache hit rather than arbitrarily choosing one.
|
|
4654
|
+
*/
|
|
4655
|
+
logger?.warning("0x7ad1", correlationId);
|
|
4650
4656
|
}
|
|
4657
|
+
const cachedAccount = matchedAccounts.length === 1 ? matchedAccounts[0] : null;
|
|
4651
4658
|
const baseAccount = cachedAccount ||
|
|
4652
4659
|
createAccountEntity({
|
|
4653
4660
|
homeAccountId,
|
|
@@ -4671,7 +4678,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
|
|
|
4671
4678
|
return baseAccount;
|
|
4672
4679
|
}
|
|
4673
4680
|
|
|
4674
|
-
/*! @azure/msal-common v16.2.
|
|
4681
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
4675
4682
|
/*
|
|
4676
4683
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4677
4684
|
* Licensed under the MIT License.
|
|
@@ -4681,7 +4688,7 @@ const CcsCredentialType = {
|
|
|
4681
4688
|
UPN: "UPN",
|
|
4682
4689
|
};
|
|
4683
4690
|
|
|
4684
|
-
/*! @azure/msal-common v16.2.
|
|
4691
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
4685
4692
|
/*
|
|
4686
4693
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4687
4694
|
* Licensed under the MIT License.
|
|
@@ -4699,7 +4706,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
|
|
|
4699
4706
|
}
|
|
4700
4707
|
}
|
|
4701
4708
|
|
|
4702
|
-
/*! @azure/msal-common v16.2.
|
|
4709
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
4703
4710
|
/*
|
|
4704
4711
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4705
4712
|
* Licensed under the MIT License.
|
|
@@ -4720,7 +4727,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
|
|
|
4720
4727
|
};
|
|
4721
4728
|
}
|
|
4722
4729
|
|
|
4723
|
-
/*! @azure/msal-common v16.2.
|
|
4730
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
4724
4731
|
|
|
4725
4732
|
/*
|
|
4726
4733
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4806,7 +4813,7 @@ class ThrottlingUtils {
|
|
|
4806
4813
|
}
|
|
4807
4814
|
}
|
|
4808
4815
|
|
|
4809
|
-
/*! @azure/msal-common v16.2.
|
|
4816
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
4810
4817
|
|
|
4811
4818
|
/*
|
|
4812
4819
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4837,7 +4844,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
|
|
|
4837
4844
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
4838
4845
|
}
|
|
4839
4846
|
|
|
4840
|
-
/*! @azure/msal-common v16.2.
|
|
4847
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
4841
4848
|
|
|
4842
4849
|
/*
|
|
4843
4850
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4951,7 +4958,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
|
|
|
4951
4958
|
return response;
|
|
4952
4959
|
}
|
|
4953
4960
|
|
|
4954
|
-
/*! @azure/msal-common v16.2.
|
|
4961
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
4955
4962
|
/*
|
|
4956
4963
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4957
4964
|
* Licensed under the MIT License.
|
|
@@ -4963,7 +4970,7 @@ function isOpenIdConfigResponse(response) {
|
|
|
4963
4970
|
response.hasOwnProperty("jwks_uri"));
|
|
4964
4971
|
}
|
|
4965
4972
|
|
|
4966
|
-
/*! @azure/msal-common v16.2.
|
|
4973
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
4967
4974
|
/*
|
|
4968
4975
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4969
4976
|
* Licensed under the MIT License.
|
|
@@ -4973,7 +4980,7 @@ function isCloudInstanceDiscoveryResponse(response) {
|
|
|
4973
4980
|
response.hasOwnProperty("metadata"));
|
|
4974
4981
|
}
|
|
4975
4982
|
|
|
4976
|
-
/*! @azure/msal-common v16.2.
|
|
4983
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
4977
4984
|
/*
|
|
4978
4985
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4979
4986
|
* Licensed under the MIT License.
|
|
@@ -4983,7 +4990,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
|
|
|
4983
4990
|
response.hasOwnProperty("error_description"));
|
|
4984
4991
|
}
|
|
4985
4992
|
|
|
4986
|
-
/*! @azure/msal-common v16.2.
|
|
4993
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
4987
4994
|
|
|
4988
4995
|
/*
|
|
4989
4996
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5088,7 +5095,7 @@ RegionDiscovery.IMDS_OPTIONS = {
|
|
|
5088
5095
|
},
|
|
5089
5096
|
};
|
|
5090
5097
|
|
|
5091
|
-
/*! @azure/msal-common v16.2.
|
|
5098
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
5092
5099
|
|
|
5093
5100
|
/*
|
|
5094
5101
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5908,7 +5915,7 @@ function buildStaticAuthorityOptions(authOptions) {
|
|
|
5908
5915
|
};
|
|
5909
5916
|
}
|
|
5910
5917
|
|
|
5911
|
-
/*! @azure/msal-common v16.2.
|
|
5918
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
5912
5919
|
|
|
5913
5920
|
/*
|
|
5914
5921
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5942,7 +5949,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
|
|
|
5942
5949
|
}
|
|
5943
5950
|
}
|
|
5944
5951
|
|
|
5945
|
-
/*! @azure/msal-common v16.2.
|
|
5952
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
5946
5953
|
|
|
5947
5954
|
/*
|
|
5948
5955
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6202,7 +6209,7 @@ class AuthorizationCodeClient {
|
|
|
6202
6209
|
}
|
|
6203
6210
|
}
|
|
6204
6211
|
|
|
6205
|
-
/*! @azure/msal-common v16.2.
|
|
6212
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
6206
6213
|
|
|
6207
6214
|
/*
|
|
6208
6215
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6427,7 +6434,7 @@ class RefreshTokenClient {
|
|
|
6427
6434
|
}
|
|
6428
6435
|
}
|
|
6429
6436
|
|
|
6430
|
-
/*! @azure/msal-common v16.2.
|
|
6437
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
6431
6438
|
|
|
6432
6439
|
/*
|
|
6433
6440
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6536,7 +6543,7 @@ class SilentFlowClient {
|
|
|
6536
6543
|
}
|
|
6537
6544
|
}
|
|
6538
6545
|
|
|
6539
|
-
/*! @azure/msal-common v16.2.
|
|
6546
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
6540
6547
|
|
|
6541
6548
|
/*
|
|
6542
6549
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6551,7 +6558,7 @@ const StubbedNetworkModule = {
|
|
|
6551
6558
|
},
|
|
6552
6559
|
};
|
|
6553
6560
|
|
|
6554
|
-
/*! @azure/msal-common v16.2.
|
|
6561
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
6555
6562
|
|
|
6556
6563
|
/*
|
|
6557
6564
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6775,7 +6782,7 @@ function extractLoginHint(account) {
|
|
|
6775
6782
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
6776
6783
|
}
|
|
6777
6784
|
|
|
6778
|
-
/*! @azure/msal-common v16.2.
|
|
6785
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
6779
6786
|
/*
|
|
6780
6787
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6781
6788
|
* Licensed under the MIT License.
|
|
@@ -6785,7 +6792,7 @@ function extractLoginHint(account) {
|
|
|
6785
6792
|
*/
|
|
6786
6793
|
const unexpectedError = "unexpected_error";
|
|
6787
6794
|
|
|
6788
|
-
/*! @azure/msal-common v16.2.
|
|
6795
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
6789
6796
|
|
|
6790
6797
|
/*
|
|
6791
6798
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7046,7 +7053,7 @@ class ServerTelemetryManager {
|
|
|
7046
7053
|
}
|
|
7047
7054
|
}
|
|
7048
7055
|
|
|
7049
|
-
/*! @azure/msal-common v16.2.
|
|
7056
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
7050
7057
|
|
|
7051
7058
|
/*
|
|
7052
7059
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7067,7 +7074,7 @@ function createJoseHeaderError(code) {
|
|
|
7067
7074
|
return new JoseHeaderError(code);
|
|
7068
7075
|
}
|
|
7069
7076
|
|
|
7070
|
-
/*! @azure/msal-common v16.2.
|
|
7077
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
7071
7078
|
/*
|
|
7072
7079
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7073
7080
|
* Licensed under the MIT License.
|
|
@@ -7075,7 +7082,7 @@ function createJoseHeaderError(code) {
|
|
|
7075
7082
|
const missingKidError = "missing_kid_error";
|
|
7076
7083
|
const missingAlgError = "missing_alg_error";
|
|
7077
7084
|
|
|
7078
|
-
/*! @azure/msal-common v16.2.
|
|
7085
|
+
/*! @azure/msal-common v16.2.1 2026-04-01 */
|
|
7079
7086
|
|
|
7080
7087
|
/*
|
|
7081
7088
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7510,7 +7517,7 @@ function ensureArgumentIsJSONString(argName, argValue, correlationId) {
|
|
|
7510
7517
|
|
|
7511
7518
|
/* eslint-disable header/header */
|
|
7512
7519
|
const name = "@azure/msal-browser";
|
|
7513
|
-
const version = "5.4.
|
|
7520
|
+
const version = "5.4.1";
|
|
7514
7521
|
|
|
7515
7522
|
/*
|
|
7516
7523
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -16632,9 +16639,9 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
16632
16639
|
}
|
|
16633
16640
|
// Get the preferred_cache domain for the given authority
|
|
16634
16641
|
const authority = await getDiscoveredAuthority(this.config, this.correlationId, this.performanceClient, this.browserStorage, this.logger, request.authority);
|
|
16635
|
-
const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info,
|
|
16642
|
+
const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info, authority.getPreferredCache(), // environment
|
|
16636
16643
|
idTokenClaims.tid, undefined, // auth code payload
|
|
16637
|
-
response.account.id);
|
|
16644
|
+
response.account.id, this.logger, this.performanceClient);
|
|
16638
16645
|
// Ensure expires_in is in number format
|
|
16639
16646
|
response.expires_in = Number(response.expires_in);
|
|
16640
16647
|
// generate authenticationResult
|