@azure/msal-browser 5.4.0 → 5.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (291) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  4. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  7. package/dist/cache/AccountManager.mjs +1 -1
  8. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  9. package/dist/cache/BrowserCacheManager.mjs +1 -1
  10. package/dist/cache/CacheHelpers.mjs +1 -1
  11. package/dist/cache/CacheKeys.mjs +1 -1
  12. package/dist/cache/CookieStorage.mjs +1 -1
  13. package/dist/cache/DatabaseStorage.mjs +1 -1
  14. package/dist/cache/EncryptedData.mjs +1 -1
  15. package/dist/cache/LocalStorage.mjs +1 -1
  16. package/dist/cache/MemoryStorage.mjs +1 -1
  17. package/dist/cache/SessionStorage.mjs +1 -1
  18. package/dist/cache/TokenCache.d.ts.map +1 -1
  19. package/dist/cache/TokenCache.mjs +9 -9
  20. package/dist/cache/TokenCache.mjs.map +1 -1
  21. package/dist/config/Configuration.mjs +1 -1
  22. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  23. package/dist/controllers/StandardController.mjs +1 -1
  24. package/dist/crypto/BrowserCrypto.mjs +1 -1
  25. package/dist/crypto/CryptoOps.mjs +1 -1
  26. package/dist/crypto/PkceGenerator.mjs +1 -1
  27. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  28. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  29. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  30. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  31. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  32. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  33. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  34. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  35. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
  36. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  37. package/dist/custom-auth-path/cache/CacheKeys.mjs +1 -1
  38. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  39. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  40. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  41. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  42. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  43. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  44. package/dist/custom-auth-path/cache/TokenCache.d.ts.map +1 -1
  45. package/dist/custom-auth-path/config/Configuration.mjs +1 -1
  46. package/dist/custom-auth-path/controllers/StandardController.mjs +1 -1
  47. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  48. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  49. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  50. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  51. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  52. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  53. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  54. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  55. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  56. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  57. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  58. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  59. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  60. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  61. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  62. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  63. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  64. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  65. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  66. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  67. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  68. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  69. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  70. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  71. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  72. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  74. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  157. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  158. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  159. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  160. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  161. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  162. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  163. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  164. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  165. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  166. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  167. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  168. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  169. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  170. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  171. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +8 -8
  172. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  173. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +1 -1
  174. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
  175. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  176. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  177. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +1 -1
  178. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  179. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
  180. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  181. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
  182. package/dist/custom-auth-path/log-strings-mapping.json +2 -2
  183. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  184. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  185. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  186. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  187. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  188. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  189. package/dist/custom-auth-path/protocol/Authorize.mjs +1 -1
  190. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  191. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  192. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +1 -1
  193. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  194. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  195. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  196. package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
  197. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  198. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
  199. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  200. package/dist/encode/Base64Decode.mjs +1 -1
  201. package/dist/encode/Base64Encode.mjs +1 -1
  202. package/dist/error/BrowserAuthError.mjs +1 -1
  203. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  204. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  205. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  206. package/dist/error/NativeAuthError.mjs +1 -1
  207. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  208. package/dist/error/NestedAppAuthError.mjs +1 -1
  209. package/dist/event/EventHandler.mjs +1 -1
  210. package/dist/event/EventMessage.mjs +1 -1
  211. package/dist/event/EventType.mjs +1 -1
  212. package/dist/index.mjs +1 -1
  213. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  214. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  215. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  216. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  217. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +8 -8
  218. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  219. package/dist/interaction_client/PopupClient.mjs +1 -1
  220. package/dist/interaction_client/RedirectClient.mjs +1 -1
  221. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  222. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  223. package/dist/interaction_client/SilentIframeClient.mjs +1 -1
  224. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  225. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  226. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  227. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  228. package/dist/log-strings-mapping.json +10 -10
  229. package/dist/naa/BridgeError.mjs +1 -1
  230. package/dist/naa/BridgeProxy.mjs +1 -1
  231. package/dist/naa/BridgeStatusCode.mjs +1 -1
  232. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  233. package/dist/navigation/NavigationClient.mjs +1 -1
  234. package/dist/network/FetchClient.mjs +1 -1
  235. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  236. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  237. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  238. package/dist/packageMetadata.d.ts +1 -1
  239. package/dist/packageMetadata.mjs +2 -2
  240. package/dist/protocol/Authorize.mjs +1 -1
  241. package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
  242. package/dist/redirect-bridge/cache/TokenCache.d.ts.map +1 -1
  243. package/dist/redirect-bridge/config/Configuration.mjs +1 -1
  244. package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
  245. package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
  246. package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
  247. package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
  248. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  249. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  250. package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
  251. package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
  252. package/dist/redirect-bridge/redirect_bridge/index.mjs +1 -1
  253. package/dist/redirect-bridge/utils/BrowserConstants.mjs +1 -1
  254. package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
  255. package/dist/request/RequestHelpers.mjs +1 -1
  256. package/dist/response/ResponseHandler.mjs +1 -1
  257. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  258. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  259. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  260. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  261. package/dist/utils/BrowserConstants.mjs +1 -1
  262. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  263. package/dist/utils/BrowserUtils.mjs +1 -1
  264. package/dist/utils/Helpers.mjs +1 -1
  265. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  266. package/lib/custom-auth-path/log-strings-mapping.json +2 -2
  267. package/lib/custom-auth-path/msal-custom-auth.cjs +523 -516
  268. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  269. package/lib/custom-auth-path/types/cache/TokenCache.d.ts.map +1 -1
  270. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  271. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  272. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  273. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  274. package/lib/log-strings-mapping.json +10 -10
  275. package/lib/msal-browser.cjs +542 -534
  276. package/lib/msal-browser.cjs.map +1 -1
  277. package/lib/msal-browser.js +542 -534
  278. package/lib/msal-browser.js.map +1 -1
  279. package/lib/msal-browser.min.js +2 -2
  280. package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
  281. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  282. package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
  283. package/lib/types/cache/TokenCache.d.ts.map +1 -1
  284. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  285. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  286. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  287. package/lib/types/packageMetadata.d.ts +1 -1
  288. package/package.json +2 -2
  289. package/src/cache/TokenCache.ts +27 -24
  290. package/src/interaction_client/PlatformAuthInteractionClient.ts +55 -53
  291. package/src/packageMetadata.ts +1 -1
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v5.4.0 2026-03-02 */
1
+ /*! @azure/msal-browser v5.4.1 2026-04-01 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -234,7 +234,7 @@ const JsonWebTokenTypes$1 = {
234
234
  // Token renewal offset default in seconds
235
235
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
236
236
 
237
- /*! @azure/msal-common v16.2.0 2026-03-02 */
237
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
238
238
  /*
239
239
  * Copyright (c) Microsoft Corporation. All rights reserved.
240
240
  * Licensed under the MIT License.
@@ -284,7 +284,7 @@ const INSTANCE_AWARE = "instance_aware";
284
284
  const EAR_JWK = "ear_jwk";
285
285
  const EAR_JWE_CRYPTO = "ear_jwe_crypto";
286
286
 
287
- /*! @azure/msal-common v16.2.0 2026-03-02 */
287
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
288
288
  /*
289
289
  * Copyright (c) Microsoft Corporation. All rights reserved.
290
290
  * Licensed under the MIT License.
@@ -315,7 +315,7 @@ function createAuthError(code, additionalMessage) {
315
315
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
316
316
  }
317
317
 
318
- /*! @azure/msal-common v16.2.0 2026-03-02 */
318
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
319
319
 
320
320
  /*
321
321
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -335,7 +335,7 @@ function createClientConfigurationError(errorCode) {
335
335
  return new ClientConfigurationError(errorCode);
336
336
  }
337
337
 
338
- /*! @azure/msal-common v16.2.0 2026-03-02 */
338
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
339
339
  /*
340
340
  * Copyright (c) Microsoft Corporation. All rights reserved.
341
341
  * Licensed under the MIT License.
@@ -415,7 +415,7 @@ class StringUtils {
415
415
  }
416
416
  }
417
417
 
418
- /*! @azure/msal-common v16.2.0 2026-03-02 */
418
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
419
419
 
420
420
  /*
421
421
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -438,7 +438,7 @@ function createClientAuthError(errorCode, additionalMessage) {
438
438
  return new ClientAuthError(errorCode, additionalMessage);
439
439
  }
440
440
 
441
- /*! @azure/msal-common v16.2.0 2026-03-02 */
441
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
442
442
  /*
443
443
  * Copyright (c) Microsoft Corporation. All rights reserved.
444
444
  * Licensed under the MIT License.
@@ -492,7 +492,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
492
492
  urlParseError: urlParseError
493
493
  });
494
494
 
495
- /*! @azure/msal-common v16.2.0 2026-03-02 */
495
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
496
496
  /*
497
497
  * Copyright (c) Microsoft Corporation. All rights reserved.
498
498
  * Licensed under the MIT License.
@@ -576,7 +576,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
576
576
  userCanceled: userCanceled
577
577
  });
578
578
 
579
- /*! @azure/msal-common v16.2.0 2026-03-02 */
579
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
580
580
 
581
581
  /*
582
582
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -771,7 +771,7 @@ class ScopeSet {
771
771
  }
772
772
  }
773
773
 
774
- /*! @azure/msal-common v16.2.0 2026-03-02 */
774
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
775
775
 
776
776
  /*
777
777
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1138,7 +1138,7 @@ function addEARParameters(parameters, jwk) {
1138
1138
  parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
1139
1139
  }
1140
1140
 
1141
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1141
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1142
1142
 
1143
1143
  /*
1144
1144
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1247,7 +1247,7 @@ function normalizeUrlForComparison(url) {
1247
1247
  }
1248
1248
  }
1249
1249
 
1250
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1250
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1251
1251
 
1252
1252
  /*
1253
1253
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1286,7 +1286,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
1286
1286
  },
1287
1287
  };
1288
1288
 
1289
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1289
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1290
1290
  /*
1291
1291
  * Copyright (c) Microsoft Corporation. All rights reserved.
1292
1292
  * Licensed under the MIT License.
@@ -1561,12 +1561,12 @@ class Logger {
1561
1561
  }
1562
1562
  }
1563
1563
 
1564
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1564
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1565
1565
  /* eslint-disable header/header */
1566
1566
  const name$1 = "@azure/msal-common";
1567
- const version$1 = "16.2.0";
1567
+ const version$1 = "16.2.1";
1568
1568
 
1569
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1569
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1570
1570
  /*
1571
1571
  * Copyright (c) Microsoft Corporation. All rights reserved.
1572
1572
  * Licensed under the MIT License.
@@ -1586,7 +1586,7 @@ const AzureCloudInstance = {
1586
1586
  AzureUsGovernment: "https://login.microsoftonline.us",
1587
1587
  };
1588
1588
 
1589
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1589
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1590
1590
  /*
1591
1591
  * Copyright (c) Microsoft Corporation. All rights reserved.
1592
1592
  * Licensed under the MIT License.
@@ -1668,7 +1668,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1668
1668
  return updatedAccountInfo;
1669
1669
  }
1670
1670
 
1671
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1671
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1672
1672
 
1673
1673
  /*
1674
1674
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1748,7 +1748,7 @@ function checkMaxAge(authTime, maxAge) {
1748
1748
  }
1749
1749
  }
1750
1750
 
1751
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1751
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1752
1752
 
1753
1753
  /*
1754
1754
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1905,7 +1905,7 @@ class UrlString {
1905
1905
  }
1906
1906
  }
1907
1907
 
1908
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1908
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
1909
1909
 
1910
1910
  /*
1911
1911
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2062,7 +2062,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2062
2062
  return null;
2063
2063
  }
2064
2064
 
2065
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2065
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2066
2066
  /*
2067
2067
  * Copyright (c) Microsoft Corporation. All rights reserved.
2068
2068
  * Licensed under the MIT License.
@@ -2070,7 +2070,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2070
2070
  const cacheQuotaExceeded = "cache_quota_exceeded";
2071
2071
  const cacheErrorUnknown = "cache_error_unknown";
2072
2072
 
2073
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2073
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2074
2074
 
2075
2075
  /*
2076
2076
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2108,7 +2108,7 @@ function createCacheError(e) {
2108
2108
  }
2109
2109
  }
2110
2110
 
2111
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2111
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2112
2112
 
2113
2113
  /*
2114
2114
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2146,7 +2146,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
2146
2146
  };
2147
2147
  }
2148
2148
 
2149
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2149
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2150
2150
  /*
2151
2151
  * Copyright (c) Microsoft Corporation. All rights reserved.
2152
2152
  * Licensed under the MIT License.
@@ -2161,7 +2161,7 @@ const AuthorityType = {
2161
2161
  Ciam: 3,
2162
2162
  };
2163
2163
 
2164
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2164
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2165
2165
  /*
2166
2166
  * Copyright (c) Microsoft Corporation. All rights reserved.
2167
2167
  * Licensed under the MIT License.
@@ -2183,7 +2183,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
2183
2183
  return null;
2184
2184
  }
2185
2185
 
2186
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2186
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2187
2187
  /*
2188
2188
  * Copyright (c) Microsoft Corporation. All rights reserved.
2189
2189
  * Licensed under the MIT License.
@@ -2207,7 +2207,7 @@ const ProtocolMode = {
2207
2207
  EAR: "EAR",
2208
2208
  };
2209
2209
 
2210
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2210
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2211
2211
  /**
2212
2212
  * Returns the AccountInfo interface for this account.
2213
2213
  */
@@ -2382,7 +2382,7 @@ function isAccountEntity(entity) {
2382
2382
  entity.hasOwnProperty("authorityType"));
2383
2383
  }
2384
2384
 
2385
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2385
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2386
2386
 
2387
2387
  /*
2388
2388
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3479,7 +3479,7 @@ class DefaultStorageClass extends CacheManager {
3479
3479
  }
3480
3480
  }
3481
3481
 
3482
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3482
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3483
3483
  /*
3484
3484
  * Copyright (c) Microsoft Corporation. All rights reserved.
3485
3485
  * Licensed under the MIT License.
@@ -3524,9 +3524,10 @@ const IntFields = new Set([
3524
3524
  "currRefreshCount",
3525
3525
  "expiredCacheRemovedCount",
3526
3526
  "upgradedCacheCount",
3527
+ "cacheMatchedAccounts",
3527
3528
  ]);
3528
3529
 
3529
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3530
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3530
3531
 
3531
3532
  /*
3532
3533
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3581,7 +3582,7 @@ class StubPerformanceClient {
3581
3582
  }
3582
3583
  }
3583
3584
 
3584
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3585
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3585
3586
 
3586
3587
  /*
3587
3588
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3675,291 +3676,358 @@ function isOidcProtocolMode(config) {
3675
3676
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3676
3677
  }
3677
3678
 
3678
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3679
-
3679
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3680
3680
  /*
3681
3681
  * Copyright (c) Microsoft Corporation. All rights reserved.
3682
3682
  * Licensed under the MIT License.
3683
3683
  */
3684
3684
  /**
3685
- * Error thrown when there is an error with the server code, for example, unavailability.
3686
- */
3687
- class ServerError extends AuthError {
3688
- constructor(errorCode, errorMessage, subError, errorNo, status) {
3689
- super(errorCode, errorMessage, subError);
3690
- this.name = "ServerError";
3691
- this.errorNo = errorNo;
3692
- this.status = status;
3693
- Object.setPrototypeOf(this, ServerError.prototype);
3685
+ * This class instance helps track the memory changes facilitating
3686
+ * decisions to read from and write to the persistent cache
3687
+ */ class TokenCacheContext {
3688
+ constructor(tokenCache, hasChanged) {
3689
+ this.cache = tokenCache;
3690
+ this.hasChanged = hasChanged;
3691
+ }
3692
+ /**
3693
+ * boolean which indicates the changes in cache
3694
+ */
3695
+ get cacheHasChanged() {
3696
+ return this.hasChanged;
3697
+ }
3698
+ /**
3699
+ * function to retrieve the token cache
3700
+ */
3701
+ get tokenCache() {
3702
+ return this.cache;
3694
3703
  }
3695
3704
  }
3696
3705
 
3697
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3706
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3698
3707
  /*
3699
3708
  * Copyright (c) Microsoft Corporation. All rights reserved.
3700
3709
  * Licensed under the MIT License.
3701
3710
  */
3702
3711
  /**
3703
- * MSAL-defined interaction required error code indicating no tokens are found in cache.
3704
- * @public
3705
- */
3706
- const noTokensFound = "no_tokens_found";
3707
- /**
3708
- * MSAL-defined error code indicating a native account is unavailable on the platform.
3709
- * @public
3710
- */
3711
- const nativeAccountUnavailable = "native_account_unavailable";
3712
- /**
3713
- * MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
3714
- * @public
3715
- */
3716
- const refreshTokenExpired = "refresh_token_expired";
3717
- /**
3718
- * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
3719
- * @public
3720
- */
3721
- const uxNotAllowed = "ux_not_allowed";
3722
- /**
3723
- * Server-originated error code indicating interaction is required to complete the request.
3724
- * @public
3725
- */
3726
- const interactionRequired = "interaction_required";
3727
- /**
3728
- * Server-originated error code indicating user consent is required.
3729
- * @public
3730
- */
3731
- const consentRequired = "consent_required";
3732
- /**
3733
- * Server-originated error code indicating user login is required.
3734
- * @public
3712
+ * Utility functions for managing date and time operations.
3735
3713
  */
3736
- const loginRequired = "login_required";
3737
3714
  /**
3738
- * Server-originated error code indicating the token is invalid or corrupted.
3739
- * @public
3715
+ * return the current time in Unix time (seconds).
3740
3716
  */
3741
- const badToken = "bad_token";
3717
+ function nowSeconds() {
3718
+ // Date.getTime() returns in milliseconds.
3719
+ return Math.round(new Date().getTime() / 1000.0);
3720
+ }
3742
3721
  /**
3743
- * Server-originated error code indicating the user is in an interrupted state and interaction is required.
3744
- * @public
3745
- */
3746
- const interruptedUser = "interrupted_user";
3747
-
3748
- var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
3749
- __proto__: null,
3750
- badToken: badToken,
3751
- consentRequired: consentRequired,
3752
- interactionRequired: interactionRequired,
3753
- interruptedUser: interruptedUser,
3754
- loginRequired: loginRequired,
3755
- nativeAccountUnavailable: nativeAccountUnavailable,
3756
- noTokensFound: noTokensFound,
3757
- refreshTokenExpired: refreshTokenExpired,
3758
- uxNotAllowed: uxNotAllowed
3759
- });
3760
-
3761
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3762
-
3763
- /*
3764
- * Copyright (c) Microsoft Corporation. All rights reserved.
3765
- * Licensed under the MIT License.
3722
+ * Converts JS Date object to seconds
3723
+ * @param date Date
3766
3724
  */
3725
+ function toSecondsFromDate(date) {
3726
+ // Convert date to seconds
3727
+ return date.getTime() / 1000;
3728
+ }
3767
3729
  /**
3768
- * InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required
3730
+ * Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
3731
+ * @param seconds
3769
3732
  */
3770
- const InteractionRequiredServerErrorMessage = [
3771
- interactionRequired,
3772
- consentRequired,
3773
- loginRequired,
3774
- badToken,
3775
- uxNotAllowed,
3776
- interruptedUser,
3777
- ];
3778
- const InteractionRequiredAuthSubErrorMessage = [
3779
- "message_only",
3780
- "additional_action",
3781
- "basic_action",
3782
- "user_password_expired",
3783
- "consent_required",
3784
- "bad_token",
3785
- "ux_not_allowed",
3786
- "interrupted_user",
3787
- ];
3733
+ function toDateFromSeconds(seconds) {
3734
+ if (seconds) {
3735
+ return new Date(Number(seconds) * 1000);
3736
+ }
3737
+ return new Date();
3738
+ }
3788
3739
  /**
3789
- * Error thrown when user interaction is required.
3740
+ * check if a token is expired based on given UTC time in seconds.
3741
+ * @param expiresOn
3790
3742
  */
3791
- class InteractionRequiredAuthError extends AuthError {
3792
- constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
3793
- super(errorCode, errorMessage, subError);
3794
- Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
3795
- this.timestamp = timestamp || "";
3796
- this.traceId = traceId || "";
3797
- this.correlationId = correlationId || "";
3798
- this.claims = claims || "";
3799
- this.name = "InteractionRequiredAuthError";
3800
- this.errorNo = errorNo;
3801
- }
3743
+ function isTokenExpired(expiresOn, offset) {
3744
+ // check for access token expiry
3745
+ const expirationSec = Number(expiresOn) || 0;
3746
+ const offsetCurrentTimeSec = nowSeconds() + offset;
3747
+ // If current time + offset is greater than token expiration time, then token is expired.
3748
+ return offsetCurrentTimeSec > expirationSec;
3802
3749
  }
3803
3750
  /**
3804
- * Helper function used to determine if an error thrown by the server requires interaction to resolve
3805
- * @param errorCode
3806
- * @param errorString
3807
- * @param subError
3751
+ * Checks if a cache entry is expired based on the last updated time and cache retention days.
3752
+ * @param lastUpdatedAt
3753
+ * @param cacheRetentionDays
3754
+ * @returns
3808
3755
  */
3809
- function isInteractionRequiredError(errorCode, errorString, subError) {
3810
- const isInteractionRequiredErrorCode = !!errorCode &&
3811
- InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;
3812
- const isInteractionRequiredSubError = !!subError &&
3813
- InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
3814
- const isInteractionRequiredErrorDesc = !!errorString &&
3815
- InteractionRequiredServerErrorMessage.some((irErrorCode) => {
3816
- return errorString.indexOf(irErrorCode) > -1;
3817
- });
3818
- return (isInteractionRequiredErrorCode ||
3819
- isInteractionRequiredErrorDesc ||
3820
- isInteractionRequiredSubError);
3756
+ function isCacheExpired(lastUpdatedAt, cacheRetentionDays) {
3757
+ const cacheExpirationTimestamp = Number(lastUpdatedAt) + cacheRetentionDays * 24 * 60 * 60 * 1000;
3758
+ return Date.now() > cacheExpirationTimestamp;
3821
3759
  }
3822
3760
  /**
3823
- * Creates an InteractionRequiredAuthError
3761
+ * If the current time is earlier than the time that a token was cached at, we must discard the token
3762
+ * i.e. The system clock was turned back after acquiring the cached token
3763
+ * @param cachedAt
3764
+ * @param offset
3824
3765
  */
3825
- function createInteractionRequiredAuthError(errorCode, errorMessage) {
3826
- return new InteractionRequiredAuthError(errorCode, errorMessage);
3766
+ function wasClockTurnedBack(cachedAt) {
3767
+ const cachedAtSec = Number(cachedAt);
3768
+ return cachedAtSec > nowSeconds();
3827
3769
  }
3828
3770
 
3829
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3771
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3830
3772
 
3831
3773
  /*
3832
3774
  * Copyright (c) Microsoft Corporation. All rights reserved.
3833
3775
  * Licensed under the MIT License.
3834
3776
  */
3835
3777
  /**
3836
- * Appends user state with random guid, or returns random guid.
3837
- * @param cryptoObj
3838
- * @param userState
3839
- * @param meta
3778
+ * Create IdTokenEntity
3779
+ * @param homeAccountId
3780
+ * @param authenticationResult
3781
+ * @param clientId
3782
+ * @param authority
3840
3783
  */
3841
- function setRequestState(cryptoObj, userState, meta) {
3842
- const libraryState = generateLibraryState(cryptoObj, meta);
3843
- return userState
3844
- ? `${libraryState}${RESOURCE_DELIM}${userState}`
3845
- : libraryState;
3784
+ function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
3785
+ const idTokenEntity = {
3786
+ credentialType: CredentialType.ID_TOKEN,
3787
+ homeAccountId: homeAccountId,
3788
+ environment: environment,
3789
+ clientId: clientId,
3790
+ secret: idToken,
3791
+ realm: tenantId,
3792
+ lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
3793
+ };
3794
+ return idTokenEntity;
3846
3795
  }
3847
3796
  /**
3848
- * Generates the state value used by the common library.
3849
- * @param cryptoObj
3850
- * @param meta
3797
+ * Create AccessTokenEntity
3798
+ * @param homeAccountId
3799
+ * @param environment
3800
+ * @param accessToken
3801
+ * @param clientId
3802
+ * @param tenantId
3803
+ * @param scopes
3804
+ * @param expiresOn
3805
+ * @param extExpiresOn
3851
3806
  */
3852
- function generateLibraryState(cryptoObj, meta) {
3853
- if (!cryptoObj) {
3854
- throw createClientAuthError(noCryptoObject);
3855
- }
3856
- // Create a state object containing a unique id and the timestamp of the request creation
3857
- const stateObj = {
3858
- id: cryptoObj.createNewGuid(),
3807
+ function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId) {
3808
+ const atEntity = {
3809
+ homeAccountId: homeAccountId,
3810
+ credentialType: CredentialType.ACCESS_TOKEN,
3811
+ secret: accessToken,
3812
+ cachedAt: nowSeconds().toString(),
3813
+ expiresOn: expiresOn.toString(),
3814
+ extendedExpiresOn: extExpiresOn.toString(),
3815
+ environment: environment,
3816
+ clientId: clientId,
3817
+ realm: tenantId,
3818
+ target: scopes,
3819
+ tokenType: tokenType || AuthenticationScheme$1.BEARER,
3820
+ lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
3859
3821
  };
3860
- if (meta) {
3861
- stateObj.meta = meta;
3822
+ if (userAssertionHash) {
3823
+ atEntity.userAssertionHash = userAssertionHash;
3862
3824
  }
3863
- const stateString = JSON.stringify(stateObj);
3864
- return cryptoObj.base64Encode(stateString);
3825
+ if (refreshOn) {
3826
+ atEntity.refreshOn = refreshOn.toString();
3827
+ }
3828
+ /*
3829
+ * Create Access Token With Auth Scheme instead of regular access token
3830
+ * Cast to lower to handle "bearer" from ADFS
3831
+ */
3832
+ if (atEntity.tokenType?.toLowerCase() !==
3833
+ AuthenticationScheme$1.BEARER.toLowerCase()) {
3834
+ atEntity.credentialType =
3835
+ CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
3836
+ switch (atEntity.tokenType) {
3837
+ case AuthenticationScheme$1.POP:
3838
+ // Make sure keyId is present and add it to credential
3839
+ const tokenClaims = extractTokenClaims(accessToken, base64Decode);
3840
+ if (!tokenClaims?.cnf?.kid) {
3841
+ throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
3842
+ }
3843
+ atEntity.keyId = tokenClaims.cnf.kid;
3844
+ break;
3845
+ case AuthenticationScheme$1.SSH:
3846
+ atEntity.keyId = keyId;
3847
+ }
3848
+ }
3849
+ return atEntity;
3865
3850
  }
3866
3851
  /**
3867
- * Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.
3868
- * @param base64Decode
3869
- * @param state
3852
+ * Create RefreshTokenEntity
3853
+ * @param homeAccountId
3854
+ * @param authenticationResult
3855
+ * @param clientId
3856
+ * @param authority
3870
3857
  */
3871
- function parseRequestState(base64Decode, state) {
3872
- if (!base64Decode) {
3873
- throw createClientAuthError(noCryptoObject);
3858
+ function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
3859
+ const rtEntity = {
3860
+ credentialType: CredentialType.REFRESH_TOKEN,
3861
+ homeAccountId: homeAccountId,
3862
+ environment: environment,
3863
+ clientId: clientId,
3864
+ secret: refreshToken,
3865
+ lastUpdatedAt: Date.now().toString(),
3866
+ };
3867
+ if (userAssertionHash) {
3868
+ rtEntity.userAssertionHash = userAssertionHash;
3874
3869
  }
3875
- if (!state) {
3876
- throw createClientAuthError(invalidState);
3870
+ if (familyId) {
3871
+ rtEntity.familyId = familyId;
3877
3872
  }
3878
- try {
3879
- // Split the state between library state and user passed state and decode them separately
3880
- const splitState = state.split(RESOURCE_DELIM);
3881
- const libraryState = splitState[0];
3882
- const userState = splitState.length > 1
3883
- ? splitState.slice(1).join(RESOURCE_DELIM)
3884
- : "";
3885
- const libraryStateString = base64Decode(libraryState);
3886
- const libraryStateObj = JSON.parse(libraryStateString);
3887
- return {
3888
- userRequestState: userState || "",
3889
- libraryState: libraryStateObj,
3890
- };
3873
+ if (expiresOn) {
3874
+ rtEntity.expiresOn = expiresOn.toString();
3891
3875
  }
3892
- catch (e) {
3893
- throw createClientAuthError(invalidState);
3876
+ return rtEntity;
3877
+ }
3878
+ function isCredentialEntity(entity) {
3879
+ return (entity.hasOwnProperty("homeAccountId") &&
3880
+ entity.hasOwnProperty("environment") &&
3881
+ entity.hasOwnProperty("credentialType") &&
3882
+ entity.hasOwnProperty("clientId") &&
3883
+ entity.hasOwnProperty("secret"));
3884
+ }
3885
+ /**
3886
+ * Validates an entity: checks for all expected params
3887
+ * @param entity
3888
+ */
3889
+ function isAccessTokenEntity(entity) {
3890
+ if (!entity) {
3891
+ return false;
3894
3892
  }
3895
- }
3896
-
3897
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3898
- /*
3899
- * Copyright (c) Microsoft Corporation. All rights reserved.
3900
- * Licensed under the MIT License.
3893
+ return (isCredentialEntity(entity) &&
3894
+ entity.hasOwnProperty("realm") &&
3895
+ entity.hasOwnProperty("target") &&
3896
+ (entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
3897
+ entity["credentialType"] ===
3898
+ CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
3899
+ }
3900
+ /**
3901
+ * Validates an entity: checks for all expected params
3902
+ * @param entity
3901
3903
  */
3904
+ function isIdTokenEntity(entity) {
3905
+ if (!entity) {
3906
+ return false;
3907
+ }
3908
+ return (isCredentialEntity(entity) &&
3909
+ entity.hasOwnProperty("realm") &&
3910
+ entity["credentialType"] === CredentialType.ID_TOKEN);
3911
+ }
3902
3912
  /**
3903
- * Utility functions for managing date and time operations.
3913
+ * Validates an entity: checks for all expected params
3914
+ * @param entity
3904
3915
  */
3916
+ function isRefreshTokenEntity(entity) {
3917
+ if (!entity) {
3918
+ return false;
3919
+ }
3920
+ return (isCredentialEntity(entity) &&
3921
+ entity["credentialType"] === CredentialType.REFRESH_TOKEN);
3922
+ }
3905
3923
  /**
3906
- * return the current time in Unix time (seconds).
3924
+ * validates if a given cache entry is "Telemetry", parses <key,value>
3925
+ * @param key
3926
+ * @param entity
3907
3927
  */
3908
- function nowSeconds() {
3909
- // Date.getTime() returns in milliseconds.
3910
- return Math.round(new Date().getTime() / 1000.0);
3928
+ function isServerTelemetryEntity(key, entity) {
3929
+ const validateKey = key.indexOf(SERVER_TELEM_CACHE_KEY) === 0;
3930
+ let validateEntity = true;
3931
+ if (entity) {
3932
+ validateEntity =
3933
+ entity.hasOwnProperty("failedRequests") &&
3934
+ entity.hasOwnProperty("errors") &&
3935
+ entity.hasOwnProperty("cacheHits");
3936
+ }
3937
+ return validateKey && validateEntity;
3911
3938
  }
3912
3939
  /**
3913
- * Converts JS Date object to seconds
3914
- * @param date Date
3940
+ * validates if a given cache entry is "Throttling", parses <key,value>
3941
+ * @param key
3942
+ * @param entity
3915
3943
  */
3916
- function toSecondsFromDate(date) {
3917
- // Convert date to seconds
3918
- return date.getTime() / 1000;
3944
+ function isThrottlingEntity(key, entity) {
3945
+ let validateKey = false;
3946
+ if (key) {
3947
+ validateKey = key.indexOf(THROTTLING_PREFIX) === 0;
3948
+ }
3949
+ let validateEntity = true;
3950
+ if (entity) {
3951
+ validateEntity = entity.hasOwnProperty("throttleTime");
3952
+ }
3953
+ return validateKey && validateEntity;
3919
3954
  }
3920
3955
  /**
3921
- * Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
3922
- * @param seconds
3956
+ * Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
3923
3957
  */
3924
- function toDateFromSeconds(seconds) {
3925
- if (seconds) {
3926
- return new Date(Number(seconds) * 1000);
3958
+ function generateAppMetadataKey({ environment, clientId, }) {
3959
+ const appMetaDataKeyArray = [
3960
+ APP_METADATA,
3961
+ environment,
3962
+ clientId,
3963
+ ];
3964
+ return appMetaDataKeyArray
3965
+ .join(CACHE_KEY_SEPARATOR$1)
3966
+ .toLowerCase();
3967
+ }
3968
+ /*
3969
+ * Validates an entity: checks for all expected params
3970
+ * @param entity
3971
+ */
3972
+ function isAppMetadataEntity(key, entity) {
3973
+ if (!entity) {
3974
+ return false;
3927
3975
  }
3928
- return new Date();
3976
+ return (key.indexOf(APP_METADATA) === 0 &&
3977
+ entity.hasOwnProperty("clientId") &&
3978
+ entity.hasOwnProperty("environment"));
3929
3979
  }
3930
3980
  /**
3931
- * check if a token is expired based on given UTC time in seconds.
3932
- * @param expiresOn
3981
+ * Validates an entity: checks for all expected params
3982
+ * @param entity
3933
3983
  */
3934
- function isTokenExpired(expiresOn, offset) {
3935
- // check for access token expiry
3936
- const expirationSec = Number(expiresOn) || 0;
3937
- const offsetCurrentTimeSec = nowSeconds() + offset;
3938
- // If current time + offset is greater than token expiration time, then token is expired.
3939
- return offsetCurrentTimeSec > expirationSec;
3984
+ function isAuthorityMetadataEntity(key, entity) {
3985
+ if (!entity) {
3986
+ return false;
3987
+ }
3988
+ return (key.indexOf(AUTHORITY_METADATA_CACHE_KEY) === 0 &&
3989
+ entity.hasOwnProperty("aliases") &&
3990
+ entity.hasOwnProperty("preferred_cache") &&
3991
+ entity.hasOwnProperty("preferred_network") &&
3992
+ entity.hasOwnProperty("canonical_authority") &&
3993
+ entity.hasOwnProperty("authorization_endpoint") &&
3994
+ entity.hasOwnProperty("token_endpoint") &&
3995
+ entity.hasOwnProperty("issuer") &&
3996
+ entity.hasOwnProperty("aliasesFromNetwork") &&
3997
+ entity.hasOwnProperty("endpointsFromNetwork") &&
3998
+ entity.hasOwnProperty("expiresAt") &&
3999
+ entity.hasOwnProperty("jwks_uri"));
3940
4000
  }
3941
4001
  /**
3942
- * Checks if a cache entry is expired based on the last updated time and cache retention days.
3943
- * @param lastUpdatedAt
3944
- * @param cacheRetentionDays
3945
- * @returns
4002
+ * Reset the exiresAt value
3946
4003
  */
3947
- function isCacheExpired(lastUpdatedAt, cacheRetentionDays) {
3948
- const cacheExpirationTimestamp = Number(lastUpdatedAt) + cacheRetentionDays * 24 * 60 * 60 * 1000;
3949
- return Date.now() > cacheExpirationTimestamp;
4004
+ function generateAuthorityMetadataExpiresAt() {
4005
+ return (nowSeconds() +
4006
+ AUTHORITY_METADATA_REFRESH_TIME_SECONDS);
4007
+ }
4008
+ function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
4009
+ authorityMetadata.authorization_endpoint =
4010
+ updatedValues.authorization_endpoint;
4011
+ authorityMetadata.token_endpoint = updatedValues.token_endpoint;
4012
+ authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
4013
+ authorityMetadata.issuer = updatedValues.issuer;
4014
+ authorityMetadata.endpointsFromNetwork = fromNetwork;
4015
+ authorityMetadata.jwks_uri = updatedValues.jwks_uri;
4016
+ }
4017
+ function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
4018
+ authorityMetadata.aliases = updatedValues.aliases;
4019
+ authorityMetadata.preferred_cache = updatedValues.preferred_cache;
4020
+ authorityMetadata.preferred_network = updatedValues.preferred_network;
4021
+ authorityMetadata.aliasesFromNetwork = fromNetwork;
3950
4022
  }
3951
4023
  /**
3952
- * If the current time is earlier than the time that a token was cached at, we must discard the token
3953
- * i.e. The system clock was turned back after acquiring the cached token
3954
- * @param cachedAt
3955
- * @param offset
4024
+ * Returns whether or not the data needs to be refreshed
3956
4025
  */
3957
- function wasClockTurnedBack(cachedAt) {
3958
- const cachedAtSec = Number(cachedAt);
3959
- return cachedAtSec > nowSeconds();
4026
+ function isAuthorityMetadataExpired(metadata) {
4027
+ return metadata.expiresAt <= nowSeconds();
3960
4028
  }
3961
4029
 
3962
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4030
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
3963
4031
  /*
3964
4032
  * Copyright (c) Microsoft Corporation. All rights reserved.
3965
4033
  * Licensed under the MIT License.
@@ -4030,7 +4098,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
4030
4098
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4031
4099
  const SetUserData = "setUserData";
4032
4100
 
4033
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4101
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4034
4102
  /*
4035
4103
  * Copyright (c) Microsoft Corporation. All rights reserved.
4036
4104
  * Licensed under the MIT License.
@@ -4123,7 +4191,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
4123
4191
  };
4124
4192
  };
4125
4193
 
4126
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4194
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4127
4195
 
4128
4196
  /*
4129
4197
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4203,293 +4271,226 @@ class PopTokenGenerator {
4203
4271
  }
4204
4272
  }
4205
4273
 
4206
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4274
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4207
4275
  /*
4208
4276
  * Copyright (c) Microsoft Corporation. All rights reserved.
4209
4277
  * Licensed under the MIT License.
4210
4278
  */
4211
4279
  /**
4212
- * This class instance helps track the memory changes facilitating
4213
- * decisions to read from and write to the persistent cache
4214
- */ class TokenCacheContext {
4215
- constructor(tokenCache, hasChanged) {
4216
- this.cache = tokenCache;
4217
- this.hasChanged = hasChanged;
4218
- }
4219
- /**
4220
- * boolean which indicates the changes in cache
4221
- */
4222
- get cacheHasChanged() {
4223
- return this.hasChanged;
4224
- }
4225
- /**
4226
- * function to retrieve the token cache
4227
- */
4228
- get tokenCache() {
4229
- return this.cache;
4230
- }
4231
- }
4232
-
4233
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4234
-
4235
- /*
4236
- * Copyright (c) Microsoft Corporation. All rights reserved.
4237
- * Licensed under the MIT License.
4280
+ * MSAL-defined interaction required error code indicating no tokens are found in cache.
4281
+ * @public
4238
4282
  */
4283
+ const noTokensFound = "no_tokens_found";
4239
4284
  /**
4240
- * Create IdTokenEntity
4241
- * @param homeAccountId
4242
- * @param authenticationResult
4243
- * @param clientId
4244
- * @param authority
4285
+ * MSAL-defined error code indicating a native account is unavailable on the platform.
4286
+ * @public
4245
4287
  */
4246
- function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
4247
- const idTokenEntity = {
4248
- credentialType: CredentialType.ID_TOKEN,
4249
- homeAccountId: homeAccountId,
4250
- environment: environment,
4251
- clientId: clientId,
4252
- secret: idToken,
4253
- realm: tenantId,
4254
- lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
4255
- };
4256
- return idTokenEntity;
4257
- }
4288
+ const nativeAccountUnavailable = "native_account_unavailable";
4258
4289
  /**
4259
- * Create AccessTokenEntity
4260
- * @param homeAccountId
4261
- * @param environment
4262
- * @param accessToken
4263
- * @param clientId
4264
- * @param tenantId
4265
- * @param scopes
4266
- * @param expiresOn
4267
- * @param extExpiresOn
4290
+ * MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
4291
+ * @public
4268
4292
  */
4269
- function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId) {
4270
- const atEntity = {
4271
- homeAccountId: homeAccountId,
4272
- credentialType: CredentialType.ACCESS_TOKEN,
4273
- secret: accessToken,
4274
- cachedAt: nowSeconds().toString(),
4275
- expiresOn: expiresOn.toString(),
4276
- extendedExpiresOn: extExpiresOn.toString(),
4277
- environment: environment,
4278
- clientId: clientId,
4279
- realm: tenantId,
4280
- target: scopes,
4281
- tokenType: tokenType || AuthenticationScheme$1.BEARER,
4282
- lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
4283
- };
4284
- if (userAssertionHash) {
4285
- atEntity.userAssertionHash = userAssertionHash;
4286
- }
4287
- if (refreshOn) {
4288
- atEntity.refreshOn = refreshOn.toString();
4289
- }
4290
- /*
4291
- * Create Access Token With Auth Scheme instead of regular access token
4292
- * Cast to lower to handle "bearer" from ADFS
4293
- */
4294
- if (atEntity.tokenType?.toLowerCase() !==
4295
- AuthenticationScheme$1.BEARER.toLowerCase()) {
4296
- atEntity.credentialType =
4297
- CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
4298
- switch (atEntity.tokenType) {
4299
- case AuthenticationScheme$1.POP:
4300
- // Make sure keyId is present and add it to credential
4301
- const tokenClaims = extractTokenClaims(accessToken, base64Decode);
4302
- if (!tokenClaims?.cnf?.kid) {
4303
- throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
4304
- }
4305
- atEntity.keyId = tokenClaims.cnf.kid;
4306
- break;
4307
- case AuthenticationScheme$1.SSH:
4308
- atEntity.keyId = keyId;
4309
- }
4310
- }
4311
- return atEntity;
4312
- }
4293
+ const refreshTokenExpired = "refresh_token_expired";
4313
4294
  /**
4314
- * Create RefreshTokenEntity
4315
- * @param homeAccountId
4316
- * @param authenticationResult
4317
- * @param clientId
4318
- * @param authority
4295
+ * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
4296
+ * @public
4319
4297
  */
4320
- function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
4321
- const rtEntity = {
4322
- credentialType: CredentialType.REFRESH_TOKEN,
4323
- homeAccountId: homeAccountId,
4324
- environment: environment,
4325
- clientId: clientId,
4326
- secret: refreshToken,
4327
- lastUpdatedAt: Date.now().toString(),
4328
- };
4329
- if (userAssertionHash) {
4330
- rtEntity.userAssertionHash = userAssertionHash;
4331
- }
4332
- if (familyId) {
4333
- rtEntity.familyId = familyId;
4334
- }
4335
- if (expiresOn) {
4336
- rtEntity.expiresOn = expiresOn.toString();
4337
- }
4338
- return rtEntity;
4339
- }
4340
- function isCredentialEntity(entity) {
4341
- return (entity.hasOwnProperty("homeAccountId") &&
4342
- entity.hasOwnProperty("environment") &&
4343
- entity.hasOwnProperty("credentialType") &&
4344
- entity.hasOwnProperty("clientId") &&
4345
- entity.hasOwnProperty("secret"));
4346
- }
4298
+ const uxNotAllowed = "ux_not_allowed";
4347
4299
  /**
4348
- * Validates an entity: checks for all expected params
4349
- * @param entity
4300
+ * Server-originated error code indicating interaction is required to complete the request.
4301
+ * @public
4350
4302
  */
4351
- function isAccessTokenEntity(entity) {
4352
- if (!entity) {
4353
- return false;
4354
- }
4355
- return (isCredentialEntity(entity) &&
4356
- entity.hasOwnProperty("realm") &&
4357
- entity.hasOwnProperty("target") &&
4358
- (entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
4359
- entity["credentialType"] ===
4360
- CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
4361
- }
4303
+ const interactionRequired = "interaction_required";
4304
+ /**
4305
+ * Server-originated error code indicating user consent is required.
4306
+ * @public
4307
+ */
4308
+ const consentRequired = "consent_required";
4309
+ /**
4310
+ * Server-originated error code indicating user login is required.
4311
+ * @public
4312
+ */
4313
+ const loginRequired = "login_required";
4314
+ /**
4315
+ * Server-originated error code indicating the token is invalid or corrupted.
4316
+ * @public
4317
+ */
4318
+ const badToken = "bad_token";
4362
4319
  /**
4363
- * Validates an entity: checks for all expected params
4364
- * @param entity
4320
+ * Server-originated error code indicating the user is in an interrupted state and interaction is required.
4321
+ * @public
4322
+ */
4323
+ const interruptedUser = "interrupted_user";
4324
+
4325
+ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
4326
+ __proto__: null,
4327
+ badToken: badToken,
4328
+ consentRequired: consentRequired,
4329
+ interactionRequired: interactionRequired,
4330
+ interruptedUser: interruptedUser,
4331
+ loginRequired: loginRequired,
4332
+ nativeAccountUnavailable: nativeAccountUnavailable,
4333
+ noTokensFound: noTokensFound,
4334
+ refreshTokenExpired: refreshTokenExpired,
4335
+ uxNotAllowed: uxNotAllowed
4336
+ });
4337
+
4338
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4339
+
4340
+ /*
4341
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4342
+ * Licensed under the MIT License.
4365
4343
  */
4366
- function isIdTokenEntity(entity) {
4367
- if (!entity) {
4368
- return false;
4369
- }
4370
- return (isCredentialEntity(entity) &&
4371
- entity.hasOwnProperty("realm") &&
4372
- entity["credentialType"] === CredentialType.ID_TOKEN);
4373
- }
4374
4344
  /**
4375
- * Validates an entity: checks for all expected params
4376
- * @param entity
4345
+ * InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required
4377
4346
  */
4378
- function isRefreshTokenEntity(entity) {
4379
- if (!entity) {
4380
- return false;
4381
- }
4382
- return (isCredentialEntity(entity) &&
4383
- entity["credentialType"] === CredentialType.REFRESH_TOKEN);
4384
- }
4347
+ const InteractionRequiredServerErrorMessage = [
4348
+ interactionRequired,
4349
+ consentRequired,
4350
+ loginRequired,
4351
+ badToken,
4352
+ uxNotAllowed,
4353
+ interruptedUser,
4354
+ ];
4355
+ const InteractionRequiredAuthSubErrorMessage = [
4356
+ "message_only",
4357
+ "additional_action",
4358
+ "basic_action",
4359
+ "user_password_expired",
4360
+ "consent_required",
4361
+ "bad_token",
4362
+ "ux_not_allowed",
4363
+ "interrupted_user",
4364
+ ];
4385
4365
  /**
4386
- * validates if a given cache entry is "Telemetry", parses <key,value>
4387
- * @param key
4388
- * @param entity
4366
+ * Error thrown when user interaction is required.
4389
4367
  */
4390
- function isServerTelemetryEntity(key, entity) {
4391
- const validateKey = key.indexOf(SERVER_TELEM_CACHE_KEY) === 0;
4392
- let validateEntity = true;
4393
- if (entity) {
4394
- validateEntity =
4395
- entity.hasOwnProperty("failedRequests") &&
4396
- entity.hasOwnProperty("errors") &&
4397
- entity.hasOwnProperty("cacheHits");
4368
+ class InteractionRequiredAuthError extends AuthError {
4369
+ constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
4370
+ super(errorCode, errorMessage, subError);
4371
+ Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
4372
+ this.timestamp = timestamp || "";
4373
+ this.traceId = traceId || "";
4374
+ this.correlationId = correlationId || "";
4375
+ this.claims = claims || "";
4376
+ this.name = "InteractionRequiredAuthError";
4377
+ this.errorNo = errorNo;
4398
4378
  }
4399
- return validateKey && validateEntity;
4400
4379
  }
4401
4380
  /**
4402
- * validates if a given cache entry is "Throttling", parses <key,value>
4403
- * @param key
4404
- * @param entity
4381
+ * Helper function used to determine if an error thrown by the server requires interaction to resolve
4382
+ * @param errorCode
4383
+ * @param errorString
4384
+ * @param subError
4405
4385
  */
4406
- function isThrottlingEntity(key, entity) {
4407
- let validateKey = false;
4408
- if (key) {
4409
- validateKey = key.indexOf(THROTTLING_PREFIX) === 0;
4410
- }
4411
- let validateEntity = true;
4412
- if (entity) {
4413
- validateEntity = entity.hasOwnProperty("throttleTime");
4414
- }
4415
- return validateKey && validateEntity;
4386
+ function isInteractionRequiredError(errorCode, errorString, subError) {
4387
+ const isInteractionRequiredErrorCode = !!errorCode &&
4388
+ InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;
4389
+ const isInteractionRequiredSubError = !!subError &&
4390
+ InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
4391
+ const isInteractionRequiredErrorDesc = !!errorString &&
4392
+ InteractionRequiredServerErrorMessage.some((irErrorCode) => {
4393
+ return errorString.indexOf(irErrorCode) > -1;
4394
+ });
4395
+ return (isInteractionRequiredErrorCode ||
4396
+ isInteractionRequiredErrorDesc ||
4397
+ isInteractionRequiredSubError);
4416
4398
  }
4417
4399
  /**
4418
- * Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
4400
+ * Creates an InteractionRequiredAuthError
4419
4401
  */
4420
- function generateAppMetadataKey({ environment, clientId, }) {
4421
- const appMetaDataKeyArray = [
4422
- APP_METADATA,
4423
- environment,
4424
- clientId,
4425
- ];
4426
- return appMetaDataKeyArray
4427
- .join(CACHE_KEY_SEPARATOR$1)
4428
- .toLowerCase();
4429
- }
4402
+ function createInteractionRequiredAuthError(errorCode, errorMessage) {
4403
+ return new InteractionRequiredAuthError(errorCode, errorMessage);
4404
+ }
4405
+
4406
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4407
+
4430
4408
  /*
4431
- * Validates an entity: checks for all expected params
4432
- * @param entity
4409
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4410
+ * Licensed under the MIT License.
4433
4411
  */
4434
- function isAppMetadataEntity(key, entity) {
4435
- if (!entity) {
4436
- return false;
4437
- }
4438
- return (key.indexOf(APP_METADATA) === 0 &&
4439
- entity.hasOwnProperty("clientId") &&
4440
- entity.hasOwnProperty("environment"));
4441
- }
4442
4412
  /**
4443
- * Validates an entity: checks for all expected params
4444
- * @param entity
4413
+ * Error thrown when there is an error with the server code, for example, unavailability.
4445
4414
  */
4446
- function isAuthorityMetadataEntity(key, entity) {
4447
- if (!entity) {
4448
- return false;
4415
+ class ServerError extends AuthError {
4416
+ constructor(errorCode, errorMessage, subError, errorNo, status) {
4417
+ super(errorCode, errorMessage, subError);
4418
+ this.name = "ServerError";
4419
+ this.errorNo = errorNo;
4420
+ this.status = status;
4421
+ Object.setPrototypeOf(this, ServerError.prototype);
4449
4422
  }
4450
- return (key.indexOf(AUTHORITY_METADATA_CACHE_KEY) === 0 &&
4451
- entity.hasOwnProperty("aliases") &&
4452
- entity.hasOwnProperty("preferred_cache") &&
4453
- entity.hasOwnProperty("preferred_network") &&
4454
- entity.hasOwnProperty("canonical_authority") &&
4455
- entity.hasOwnProperty("authorization_endpoint") &&
4456
- entity.hasOwnProperty("token_endpoint") &&
4457
- entity.hasOwnProperty("issuer") &&
4458
- entity.hasOwnProperty("aliasesFromNetwork") &&
4459
- entity.hasOwnProperty("endpointsFromNetwork") &&
4460
- entity.hasOwnProperty("expiresAt") &&
4461
- entity.hasOwnProperty("jwks_uri"));
4462
- }
4423
+ }
4424
+
4425
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4426
+
4427
+ /*
4428
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4429
+ * Licensed under the MIT License.
4430
+ */
4463
4431
  /**
4464
- * Reset the exiresAt value
4432
+ * Appends user state with random guid, or returns random guid.
4433
+ * @param cryptoObj
4434
+ * @param userState
4435
+ * @param meta
4465
4436
  */
4466
- function generateAuthorityMetadataExpiresAt() {
4467
- return (nowSeconds() +
4468
- AUTHORITY_METADATA_REFRESH_TIME_SECONDS);
4469
- }
4470
- function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
4471
- authorityMetadata.authorization_endpoint =
4472
- updatedValues.authorization_endpoint;
4473
- authorityMetadata.token_endpoint = updatedValues.token_endpoint;
4474
- authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
4475
- authorityMetadata.issuer = updatedValues.issuer;
4476
- authorityMetadata.endpointsFromNetwork = fromNetwork;
4477
- authorityMetadata.jwks_uri = updatedValues.jwks_uri;
4437
+ function setRequestState(cryptoObj, userState, meta) {
4438
+ const libraryState = generateLibraryState(cryptoObj, meta);
4439
+ return userState
4440
+ ? `${libraryState}${RESOURCE_DELIM}${userState}`
4441
+ : libraryState;
4478
4442
  }
4479
- function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
4480
- authorityMetadata.aliases = updatedValues.aliases;
4481
- authorityMetadata.preferred_cache = updatedValues.preferred_cache;
4482
- authorityMetadata.preferred_network = updatedValues.preferred_network;
4483
- authorityMetadata.aliasesFromNetwork = fromNetwork;
4443
+ /**
4444
+ * Generates the state value used by the common library.
4445
+ * @param cryptoObj
4446
+ * @param meta
4447
+ */
4448
+ function generateLibraryState(cryptoObj, meta) {
4449
+ if (!cryptoObj) {
4450
+ throw createClientAuthError(noCryptoObject);
4451
+ }
4452
+ // Create a state object containing a unique id and the timestamp of the request creation
4453
+ const stateObj = {
4454
+ id: cryptoObj.createNewGuid(),
4455
+ };
4456
+ if (meta) {
4457
+ stateObj.meta = meta;
4458
+ }
4459
+ const stateString = JSON.stringify(stateObj);
4460
+ return cryptoObj.base64Encode(stateString);
4484
4461
  }
4485
4462
  /**
4486
- * Returns whether or not the data needs to be refreshed
4463
+ * Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.
4464
+ * @param base64Decode
4465
+ * @param state
4487
4466
  */
4488
- function isAuthorityMetadataExpired(metadata) {
4489
- return metadata.expiresAt <= nowSeconds();
4467
+ function parseRequestState(base64Decode, state) {
4468
+ if (!base64Decode) {
4469
+ throw createClientAuthError(noCryptoObject);
4470
+ }
4471
+ if (!state) {
4472
+ throw createClientAuthError(invalidState);
4473
+ }
4474
+ try {
4475
+ // Split the state between library state and user passed state and decode them separately
4476
+ const splitState = state.split(RESOURCE_DELIM);
4477
+ const libraryState = splitState[0];
4478
+ const userState = splitState.length > 1
4479
+ ? splitState.slice(1).join(RESOURCE_DELIM)
4480
+ : "";
4481
+ const libraryStateString = base64Decode(libraryState);
4482
+ const libraryStateObj = JSON.parse(libraryStateString);
4483
+ return {
4484
+ userRequestState: userState || "",
4485
+ libraryState: libraryStateObj,
4486
+ };
4487
+ }
4488
+ catch (e) {
4489
+ throw createClientAuthError(invalidState);
4490
+ }
4490
4491
  }
4491
4492
 
4492
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4493
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4493
4494
 
4494
4495
  /*
4495
4496
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4645,7 +4646,7 @@ class ResponseHandler {
4645
4646
  if (serverTokenResponse.id_token && !!idTokenClaims) {
4646
4647
  cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || "");
4647
4648
  cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, request.correlationId, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
4648
- this.logger);
4649
+ this.logger, this.performanceClient);
4649
4650
  }
4650
4651
  // AccessToken
4651
4652
  let cachedAccessToken = null;
@@ -4791,17 +4792,24 @@ class ResponseHandler {
4791
4792
  };
4792
4793
  }
4793
4794
  }
4794
- function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
4795
+ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger, performanceClient) {
4795
4796
  logger?.verbose("09jz0t", correlationId);
4796
- // Check if base account is already cached
4797
- const accountKeys = cacheStorage.getAccountKeys();
4798
- const baseAccountKey = accountKeys.find((accountKey) => {
4799
- return accountKey.startsWith(homeAccountId);
4800
- });
4801
- let cachedAccount = null;
4802
- if (baseAccountKey) {
4803
- cachedAccount = cacheStorage.getAccount(baseAccountKey, correlationId);
4797
+ /*
4798
+ * Check if base account is already cached. Filter by homeAccountId (identifies
4799
+ * the user's home identity) and environment (identifies the cloud) the two
4800
+ * tenant-agnostic properties that uniquely locate a base AccountEntity.
4801
+ */
4802
+ const accountEnvironment = environment || authority.getPreferredCache();
4803
+ const matchedAccounts = cacheStorage.getAccountsFilteredBy({ homeAccountId, environment: accountEnvironment }, correlationId);
4804
+ performanceClient?.addFields({ cacheMatchedAccounts: matchedAccounts.length }, correlationId);
4805
+ if (matchedAccounts.length > 1) {
4806
+ /*
4807
+ * Base accounts are expected to be unique for a given homeAccountId in normal cache usage.
4808
+ * If multiple matches exist, ignore the cache hit rather than arbitrarily choosing one.
4809
+ */
4810
+ logger?.warning("0x7ad1", correlationId);
4804
4811
  }
4812
+ const cachedAccount = matchedAccounts.length === 1 ? matchedAccounts[0] : null;
4805
4813
  const baseAccount = cachedAccount ||
4806
4814
  createAccountEntity({
4807
4815
  homeAccountId,
@@ -4825,7 +4833,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
4825
4833
  return baseAccount;
4826
4834
  }
4827
4835
 
4828
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4836
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4829
4837
  /*
4830
4838
  * Copyright (c) Microsoft Corporation. All rights reserved.
4831
4839
  * Licensed under the MIT License.
@@ -4835,7 +4843,7 @@ const CcsCredentialType = {
4835
4843
  UPN: "UPN",
4836
4844
  };
4837
4845
 
4838
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4846
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4839
4847
  /*
4840
4848
  * Copyright (c) Microsoft Corporation. All rights reserved.
4841
4849
  * Licensed under the MIT License.
@@ -4853,7 +4861,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
4853
4861
  }
4854
4862
  }
4855
4863
 
4856
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4864
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4857
4865
  /*
4858
4866
  * Copyright (c) Microsoft Corporation. All rights reserved.
4859
4867
  * Licensed under the MIT License.
@@ -4874,7 +4882,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
4874
4882
  };
4875
4883
  }
4876
4884
 
4877
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4885
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4878
4886
 
4879
4887
  /*
4880
4888
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4960,7 +4968,7 @@ class ThrottlingUtils {
4960
4968
  }
4961
4969
  }
4962
4970
 
4963
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4971
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4964
4972
 
4965
4973
  /*
4966
4974
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4991,7 +4999,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
4991
4999
  return new NetworkError(error, httpStatus, responseHeaders);
4992
5000
  }
4993
5001
 
4994
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5002
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
4995
5003
 
4996
5004
  /*
4997
5005
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5105,7 +5113,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
5105
5113
  return response;
5106
5114
  }
5107
5115
 
5108
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5116
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
5109
5117
  /*
5110
5118
  * Copyright (c) Microsoft Corporation. All rights reserved.
5111
5119
  * Licensed under the MIT License.
@@ -5117,7 +5125,7 @@ function isOpenIdConfigResponse(response) {
5117
5125
  response.hasOwnProperty("jwks_uri"));
5118
5126
  }
5119
5127
 
5120
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5128
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
5121
5129
  /*
5122
5130
  * Copyright (c) Microsoft Corporation. All rights reserved.
5123
5131
  * Licensed under the MIT License.
@@ -5127,7 +5135,7 @@ function isCloudInstanceDiscoveryResponse(response) {
5127
5135
  response.hasOwnProperty("metadata"));
5128
5136
  }
5129
5137
 
5130
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5138
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
5131
5139
  /*
5132
5140
  * Copyright (c) Microsoft Corporation. All rights reserved.
5133
5141
  * Licensed under the MIT License.
@@ -5137,7 +5145,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
5137
5145
  response.hasOwnProperty("error_description"));
5138
5146
  }
5139
5147
 
5140
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5148
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
5141
5149
 
5142
5150
  /*
5143
5151
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5242,7 +5250,7 @@ RegionDiscovery.IMDS_OPTIONS = {
5242
5250
  },
5243
5251
  };
5244
5252
 
5245
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5253
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
5246
5254
 
5247
5255
  /*
5248
5256
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6062,7 +6070,7 @@ function buildStaticAuthorityOptions(authOptions) {
6062
6070
  };
6063
6071
  }
6064
6072
 
6065
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6073
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6066
6074
 
6067
6075
  /*
6068
6076
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6096,7 +6104,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
6096
6104
  }
6097
6105
  }
6098
6106
 
6099
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6107
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6100
6108
 
6101
6109
  /*
6102
6110
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6356,7 +6364,7 @@ class AuthorizationCodeClient {
6356
6364
  }
6357
6365
  }
6358
6366
 
6359
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6367
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6360
6368
 
6361
6369
  /*
6362
6370
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6581,7 +6589,7 @@ class RefreshTokenClient {
6581
6589
  }
6582
6590
  }
6583
6591
 
6584
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6592
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6585
6593
 
6586
6594
  /*
6587
6595
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6690,7 +6698,7 @@ class SilentFlowClient {
6690
6698
  }
6691
6699
  }
6692
6700
 
6693
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6701
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6694
6702
 
6695
6703
  /*
6696
6704
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6705,7 +6713,7 @@ const StubbedNetworkModule = {
6705
6713
  },
6706
6714
  };
6707
6715
 
6708
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6716
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6709
6717
 
6710
6718
  /*
6711
6719
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6929,7 +6937,7 @@ function extractLoginHint(account) {
6929
6937
  return account.loginHint || account.idTokenClaims?.login_hint || null;
6930
6938
  }
6931
6939
 
6932
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6940
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6933
6941
 
6934
6942
  /*
6935
6943
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6987,7 +6995,7 @@ class AuthenticationHeaderParser {
6987
6995
  }
6988
6996
  }
6989
6997
 
6990
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6998
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
6991
6999
  /*
6992
7000
  * Copyright (c) Microsoft Corporation. All rights reserved.
6993
7001
  * Licensed under the MIT License.
@@ -7004,7 +7012,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
7004
7012
  unexpectedError: unexpectedError
7005
7013
  });
7006
7014
 
7007
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7015
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
7008
7016
 
7009
7017
  /*
7010
7018
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7265,7 +7273,7 @@ class ServerTelemetryManager {
7265
7273
  }
7266
7274
  }
7267
7275
 
7268
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7276
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
7269
7277
 
7270
7278
  /*
7271
7279
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7286,7 +7294,7 @@ function createJoseHeaderError(code) {
7286
7294
  return new JoseHeaderError(code);
7287
7295
  }
7288
7296
 
7289
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7297
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
7290
7298
  /*
7291
7299
  * Copyright (c) Microsoft Corporation. All rights reserved.
7292
7300
  * Licensed under the MIT License.
@@ -7294,7 +7302,7 @@ function createJoseHeaderError(code) {
7294
7302
  const missingKidError = "missing_kid_error";
7295
7303
  const missingAlgError = "missing_alg_error";
7296
7304
 
7297
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7305
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
7298
7306
 
7299
7307
  /*
7300
7308
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7334,7 +7342,7 @@ class JoseHeader {
7334
7342
  }
7335
7343
  }
7336
7344
 
7337
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7345
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
7338
7346
 
7339
7347
  /*
7340
7348
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -10207,7 +10215,7 @@ const EventType = {
10207
10215
 
10208
10216
  /* eslint-disable header/header */
10209
10217
  const name = "@azure/msal-browser";
10210
- const version = "5.4.0";
10218
+ const version = "5.4.1";
10211
10219
 
10212
10220
  /*
10213
10221
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -12667,9 +12675,9 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
12667
12675
  }
12668
12676
  // Get the preferred_cache domain for the given authority
12669
12677
  const authority = await getDiscoveredAuthority(this.config, this.correlationId, this.performanceClient, this.browserStorage, this.logger, request.authority);
12670
- const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info, undefined, // environment
12678
+ const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info, authority.getPreferredCache(), // environment
12671
12679
  idTokenClaims.tid, undefined, // auth code payload
12672
- response.account.id);
12680
+ response.account.id, this.logger, this.performanceClient);
12673
12681
  // Ensure expires_in is in number format
12674
12682
  response.expires_in = Number(response.expires_in);
12675
12683
  // generate authenticationResult
@@ -18078,7 +18086,7 @@ async function loadExternalTokens(config, request, response, options, performanc
18078
18086
  const storage = new BrowserCacheManager(browserConfig.auth.clientId, browserConfig.cache, cryptoOps, logger, browserConfig.telemetry.client, new EventHandler(logger), buildStaticAuthorityOptions(browserConfig.auth));
18079
18087
  const authorityString = request.authority || browserConfig.auth.authority;
18080
18088
  const authority = await createDiscoveredInstance(Authority.generateAuthority(authorityString, request.azureCloudOptions), browserConfig.system.networkClient, storage, authorityOptions, logger, correlationId, performanceClient);
18081
- const cacheRecordAccount = await invokeAsync(loadAccount, LoadAccount, logger, performanceClient, correlationId)(request, options.clientInfo || response.client_info || "", correlationId, storage, logger, cryptoOps, authority, idTokenClaims);
18089
+ const cacheRecordAccount = await invokeAsync(loadAccount, LoadAccount, logger, performanceClient, correlationId)(request, options.clientInfo || response.client_info || "", correlationId, storage, logger, cryptoOps, authority, idTokenClaims, performanceClient);
18082
18090
  const idToken = await invokeAsync(loadIdToken, LoadIdToken, logger, performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, kmsi, correlationId, storage, logger, config.auth.clientId);
18083
18091
  const accessToken = await invokeAsync(loadAccessToken, LoadAccessToken, logger, performanceClient, correlationId)(request, response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, kmsi, options, correlationId, storage, logger, config.auth.clientId);
18084
18092
  const refreshToken = await invokeAsync(loadRefreshToken, LoadRefreshToken, logger, performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, kmsi, correlationId, storage, logger, config.auth.clientId, performanceClient);
@@ -18104,7 +18112,7 @@ async function loadExternalTokens(config, request, response, options, performanc
18104
18112
  * @param requestHomeAccountId
18105
18113
  * @returns `AccountEntity`
18106
18114
  */
18107
- async function loadAccount(request, clientInfo, correlationId, storage, logger, cryptoObj, authority, idTokenClaims) {
18115
+ async function loadAccount(request, clientInfo, correlationId, storage, logger, cryptoObj, authority, idTokenClaims, performanceClient) {
18108
18116
  logger.verbose("0ke46k", correlationId);
18109
18117
  if (request.account) {
18110
18118
  const accountEntity = createAccountEntityFromAccountInfo(request.account);
@@ -18119,7 +18127,7 @@ async function loadAccount(request, clientInfo, correlationId, storage, logger,
18119
18127
  const claimsTenantId = idTokenClaims?.tid;
18120
18128
  const cachedAccount = buildAccountToCache(storage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, authority.getPreferredCache(), claimsTenantId, undefined, // authCodePayload
18121
18129
  undefined, // nativeAccountId
18122
- logger);
18130
+ logger, performanceClient);
18123
18131
  await storage.setAccount(cachedAccount, correlationId, isKmsi(idTokenClaims || {}), ApiId.loadExternalTokens);
18124
18132
  return cachedAccount;
18125
18133
  }