@azure/msal-browser 5.4.0 → 5.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (422) hide show
  1. package/README.md +1 -0
  2. package/dist/app/IPublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientApplication.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +27 -12
  7. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
  8. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  9. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  10. package/dist/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  11. package/dist/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  12. package/dist/cache/AccountManager.mjs +1 -1
  13. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  14. package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
  15. package/dist/cache/BrowserCacheManager.mjs +4 -1
  16. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  17. package/dist/cache/CacheHelpers.mjs +1 -1
  18. package/dist/cache/CacheKeys.mjs +1 -1
  19. package/dist/cache/CookieStorage.mjs +1 -1
  20. package/dist/cache/DatabaseStorage.mjs +1 -1
  21. package/dist/cache/EncryptedData.mjs +1 -1
  22. package/dist/cache/LocalStorage.mjs +1 -1
  23. package/dist/cache/MemoryStorage.mjs +1 -1
  24. package/dist/cache/SessionStorage.mjs +1 -1
  25. package/dist/cache/TokenCache.mjs +1 -1
  26. package/dist/config/Configuration.d.ts +4 -0
  27. package/dist/config/Configuration.d.ts.map +1 -1
  28. package/dist/config/Configuration.mjs +2 -1
  29. package/dist/config/Configuration.mjs.map +1 -1
  30. package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
  31. package/dist/controllers/NestedAppAuthController.mjs +12 -2
  32. package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
  33. package/dist/controllers/StandardController.d.ts.map +1 -1
  34. package/dist/controllers/StandardController.mjs +11 -8
  35. package/dist/controllers/StandardController.mjs.map +1 -1
  36. package/dist/crypto/BrowserCrypto.mjs +1 -1
  37. package/dist/crypto/CryptoOps.mjs +1 -1
  38. package/dist/crypto/PkceGenerator.mjs +1 -1
  39. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  40. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  41. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  42. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  43. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +27 -12
  44. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
  45. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  46. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  47. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  48. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  49. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  50. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  51. package/dist/custom-auth-path/cache/BrowserCacheManager.d.ts.map +1 -1
  52. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +4 -1
  53. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs.map +1 -1
  54. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  55. package/dist/custom-auth-path/cache/CacheKeys.mjs +1 -1
  56. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  57. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  58. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  59. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  60. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  61. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  62. package/dist/custom-auth-path/config/Configuration.d.ts +4 -0
  63. package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
  64. package/dist/custom-auth-path/config/Configuration.mjs +2 -1
  65. package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
  66. package/dist/custom-auth-path/controllers/NestedAppAuthController.d.ts.map +1 -1
  67. package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
  68. package/dist/custom-auth-path/controllers/StandardController.mjs +11 -8
  69. package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
  70. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  71. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  72. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  74. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  158. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  159. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  160. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  169. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  170. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  171. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  172. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  173. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  174. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  175. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  176. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  177. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  178. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  179. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  180. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  181. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  182. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  183. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  184. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  185. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  186. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  187. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  188. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  189. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  190. package/dist/custom-auth-path/index.d.ts +1 -1
  191. package/dist/custom-auth-path/index.d.ts.map +1 -1
  192. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  193. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  194. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  195. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +2 -1
  196. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  197. package/dist/custom-auth-path/interaction_client/PopupClient.d.ts.map +1 -1
  198. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +5 -5
  199. package/dist/custom-auth-path/interaction_client/PopupClient.mjs.map +1 -1
  200. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
  201. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  202. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  203. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
  204. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +3 -3
  205. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
  206. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  207. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  208. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +6 -1
  209. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs.map +1 -1
  210. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  211. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
  212. package/dist/custom-auth-path/log-strings-mapping.json +19 -3
  213. package/dist/custom-auth-path/naa/TokenRequest.d.ts +1 -0
  214. package/dist/custom-auth-path/naa/TokenRequest.d.ts.map +1 -1
  215. package/dist/custom-auth-path/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  216. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  217. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  218. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  219. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  220. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  221. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  222. package/dist/custom-auth-path/protocol/Authorize.mjs +1 -1
  223. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  224. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  225. package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  226. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +1 -1
  227. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  228. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  229. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  230. package/dist/custom-auth-path/utils/BrowserUtils.d.ts +2 -2
  231. package/dist/custom-auth-path/utils/BrowserUtils.d.ts.map +1 -1
  232. package/dist/custom-auth-path/utils/BrowserUtils.mjs +12 -2
  233. package/dist/custom-auth-path/utils/BrowserUtils.mjs.map +1 -1
  234. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  235. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.d.ts +10 -0
  236. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  237. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +5 -1
  238. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs.map +1 -1
  239. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  240. package/dist/encode/Base64Decode.mjs +1 -1
  241. package/dist/encode/Base64Encode.mjs +1 -1
  242. package/dist/error/BrowserAuthError.mjs +1 -1
  243. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  244. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  245. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  246. package/dist/error/NativeAuthError.mjs +1 -1
  247. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  248. package/dist/error/NestedAppAuthError.mjs +1 -1
  249. package/dist/event/EventHandler.mjs +1 -1
  250. package/dist/event/EventMessage.mjs +1 -1
  251. package/dist/event/EventType.mjs +1 -1
  252. package/dist/index.d.ts +1 -1
  253. package/dist/index.d.ts.map +1 -1
  254. package/dist/index.mjs +2 -2
  255. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  256. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  257. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  258. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +2 -1
  259. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  260. package/dist/interaction_client/PopupClient.d.ts.map +1 -1
  261. package/dist/interaction_client/PopupClient.mjs +5 -5
  262. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  263. package/dist/interaction_client/RedirectClient.mjs +1 -1
  264. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  265. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  266. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  267. package/dist/interaction_client/SilentIframeClient.mjs +3 -3
  268. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  269. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  270. package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  271. package/dist/interaction_client/StandardInteractionClient.mjs +6 -1
  272. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  273. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  274. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  275. package/dist/log-strings-mapping.json +23 -7
  276. package/dist/naa/BridgeError.mjs +1 -1
  277. package/dist/naa/BridgeProxy.mjs +1 -1
  278. package/dist/naa/BridgeStatusCode.mjs +1 -1
  279. package/dist/naa/TokenRequest.d.ts +1 -0
  280. package/dist/naa/TokenRequest.d.ts.map +1 -1
  281. package/dist/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  282. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +2 -1
  283. package/dist/naa/mapping/NestedAppAuthAdapter.mjs.map +1 -1
  284. package/dist/navigation/NavigationClient.mjs +1 -1
  285. package/dist/network/FetchClient.mjs +1 -1
  286. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  287. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  288. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  289. package/dist/packageMetadata.d.ts +1 -1
  290. package/dist/packageMetadata.mjs +2 -2
  291. package/dist/protocol/Authorize.mjs +1 -1
  292. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  293. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  294. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  295. package/dist/redirect-bridge/cache/BrowserCacheManager.d.ts.map +1 -1
  296. package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
  297. package/dist/redirect-bridge/config/Configuration.d.ts +4 -0
  298. package/dist/redirect-bridge/config/Configuration.d.ts.map +1 -1
  299. package/dist/redirect-bridge/config/Configuration.mjs +1 -1
  300. package/dist/redirect-bridge/controllers/NestedAppAuthController.d.ts.map +1 -1
  301. package/dist/redirect-bridge/controllers/StandardController.d.ts.map +1 -1
  302. package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
  303. package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
  304. package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
  305. package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
  306. package/dist/redirect-bridge/index.d.ts +1 -1
  307. package/dist/redirect-bridge/index.d.ts.map +1 -1
  308. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  309. package/dist/redirect-bridge/interaction_client/PopupClient.d.ts.map +1 -1
  310. package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts.map +1 -1
  311. package/dist/redirect-bridge/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  312. package/dist/redirect-bridge/naa/TokenRequest.d.ts +1 -0
  313. package/dist/redirect-bridge/naa/TokenRequest.d.ts.map +1 -1
  314. package/dist/redirect-bridge/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  315. package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
  316. package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
  317. package/dist/redirect-bridge/redirect_bridge/index.mjs +1 -1
  318. package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  319. package/dist/redirect-bridge/utils/BrowserConstants.mjs +1 -1
  320. package/dist/redirect-bridge/utils/BrowserUtils.d.ts +2 -2
  321. package/dist/redirect-bridge/utils/BrowserUtils.d.ts.map +1 -1
  322. package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
  323. package/dist/redirect-bridge/utils/BrowserUtils.mjs.map +1 -1
  324. package/dist/redirect-bridge/utils/MsalFrameStatsUtils.d.ts +10 -0
  325. package/dist/redirect-bridge/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  326. package/dist/request/RequestHelpers.mjs +1 -1
  327. package/dist/response/ResponseHandler.mjs +1 -1
  328. package/dist/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  329. package/dist/telemetry/BrowserPerformanceClient.mjs +5 -1
  330. package/dist/telemetry/BrowserPerformanceClient.mjs.map +1 -1
  331. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  332. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  333. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  334. package/dist/utils/BrowserConstants.mjs +1 -1
  335. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  336. package/dist/utils/BrowserUtils.d.ts +2 -2
  337. package/dist/utils/BrowserUtils.d.ts.map +1 -1
  338. package/dist/utils/BrowserUtils.mjs +12 -2
  339. package/dist/utils/BrowserUtils.mjs.map +1 -1
  340. package/dist/utils/Helpers.mjs +1 -1
  341. package/dist/utils/MsalFrameStatsUtils.d.ts +10 -0
  342. package/dist/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  343. package/dist/utils/MsalFrameStatsUtils.mjs +18 -2
  344. package/dist/utils/MsalFrameStatsUtils.mjs.map +1 -1
  345. package/lib/custom-auth-path/log-strings-mapping.json +19 -3
  346. package/lib/custom-auth-path/msal-custom-auth.cjs +190 -92
  347. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  348. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  349. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  350. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  351. package/lib/custom-auth-path/types/cache/BrowserCacheManager.d.ts.map +1 -1
  352. package/lib/custom-auth-path/types/config/Configuration.d.ts +4 -0
  353. package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
  354. package/lib/custom-auth-path/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  355. package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
  356. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  357. package/lib/custom-auth-path/types/index.d.ts +1 -1
  358. package/lib/custom-auth-path/types/index.d.ts.map +1 -1
  359. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  360. package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts.map +1 -1
  361. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  362. package/lib/custom-auth-path/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  363. package/lib/custom-auth-path/types/naa/TokenRequest.d.ts +1 -0
  364. package/lib/custom-auth-path/types/naa/TokenRequest.d.ts.map +1 -1
  365. package/lib/custom-auth-path/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  366. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  367. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  368. package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts +2 -2
  369. package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts.map +1 -1
  370. package/lib/custom-auth-path/types/utils/MsalFrameStatsUtils.d.ts +10 -0
  371. package/lib/custom-auth-path/types/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  372. package/lib/log-strings-mapping.json +23 -7
  373. package/lib/msal-browser.cjs +224 -94
  374. package/lib/msal-browser.cjs.map +1 -1
  375. package/lib/msal-browser.js +224 -94
  376. package/lib/msal-browser.js.map +1 -1
  377. package/lib/msal-browser.min.js +2 -2
  378. package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
  379. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  380. package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
  381. package/lib/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  382. package/lib/types/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  383. package/lib/types/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  384. package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
  385. package/lib/types/config/Configuration.d.ts +4 -0
  386. package/lib/types/config/Configuration.d.ts.map +1 -1
  387. package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  388. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  389. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  390. package/lib/types/index.d.ts +1 -1
  391. package/lib/types/index.d.ts.map +1 -1
  392. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  393. package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
  394. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  395. package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  396. package/lib/types/naa/TokenRequest.d.ts +1 -0
  397. package/lib/types/naa/TokenRequest.d.ts.map +1 -1
  398. package/lib/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  399. package/lib/types/packageMetadata.d.ts +1 -1
  400. package/lib/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  401. package/lib/types/utils/BrowserUtils.d.ts +2 -2
  402. package/lib/types/utils/BrowserUtils.d.ts.map +1 -1
  403. package/lib/types/utils/MsalFrameStatsUtils.d.ts +10 -0
  404. package/lib/types/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  405. package/package.json +2 -2
  406. package/src/broker/nativeBroker/PlatformAuthDOMHandler.ts +34 -17
  407. package/src/broker/nativeBroker/PlatformAuthRequest.ts +1 -0
  408. package/src/cache/BrowserCacheManager.ts +4 -0
  409. package/src/config/Configuration.ts +5 -0
  410. package/src/controllers/NestedAppAuthController.ts +14 -0
  411. package/src/controllers/StandardController.ts +13 -6
  412. package/src/index.ts +1 -0
  413. package/src/interaction_client/PlatformAuthInteractionClient.ts +1 -0
  414. package/src/interaction_client/PopupClient.ts +8 -4
  415. package/src/interaction_client/SilentIframeClient.ts +4 -2
  416. package/src/interaction_client/StandardInteractionClient.ts +11 -0
  417. package/src/naa/TokenRequest.ts +1 -0
  418. package/src/naa/mapping/NestedAppAuthAdapter.ts +1 -0
  419. package/src/packageMetadata.ts +1 -1
  420. package/src/telemetry/BrowserPerformanceClient.ts +4 -0
  421. package/src/utils/BrowserUtils.ts +24 -1
  422. package/src/utils/MsalFrameStatsUtils.ts +27 -0
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v5.4.0 2026-03-02 */
1
+ /*! @azure/msal-browser v5.5.0 2026-03-13 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -229,7 +229,7 @@ const JsonWebTokenTypes = {
229
229
  // Token renewal offset default in seconds
230
230
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
231
231
 
232
- /*! @azure/msal-common v16.2.0 2026-03-02 */
232
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
233
233
  /*
234
234
  * Copyright (c) Microsoft Corporation. All rights reserved.
235
235
  * Licensed under the MIT License.
@@ -277,9 +277,10 @@ const BROKER_CLIENT_ID = "brk_client_id";
277
277
  const BROKER_REDIRECT_URI = "brk_redirect_uri";
278
278
  const INSTANCE_AWARE = "instance_aware";
279
279
  const EAR_JWK = "ear_jwk";
280
- const EAR_JWE_CRYPTO = "ear_jwe_crypto";
280
+ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
281
+ const RESOURCE = "resource";
281
282
 
282
- /*! @azure/msal-common v16.2.0 2026-03-02 */
283
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
283
284
  /*
284
285
  * Copyright (c) Microsoft Corporation. All rights reserved.
285
286
  * Licensed under the MIT License.
@@ -310,7 +311,7 @@ function createAuthError(code, additionalMessage) {
310
311
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
311
312
  }
312
313
 
313
- /*! @azure/msal-common v16.2.0 2026-03-02 */
314
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
314
315
 
315
316
  /*
316
317
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -330,7 +331,7 @@ function createClientConfigurationError(errorCode) {
330
331
  return new ClientConfigurationError(errorCode);
331
332
  }
332
333
 
333
- /*! @azure/msal-common v16.2.0 2026-03-02 */
334
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
334
335
  /*
335
336
  * Copyright (c) Microsoft Corporation. All rights reserved.
336
337
  * Licensed under the MIT License.
@@ -410,7 +411,7 @@ class StringUtils {
410
411
  }
411
412
  }
412
413
 
413
- /*! @azure/msal-common v16.2.0 2026-03-02 */
414
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
414
415
 
415
416
  /*
416
417
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -433,7 +434,7 @@ function createClientAuthError(errorCode, additionalMessage) {
433
434
  return new ClientAuthError(errorCode, additionalMessage);
434
435
  }
435
436
 
436
- /*! @azure/msal-common v16.2.0 2026-03-02 */
437
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
437
438
  /*
438
439
  * Copyright (c) Microsoft Corporation. All rights reserved.
439
440
  * Licensed under the MIT License.
@@ -457,7 +458,7 @@ const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
457
458
  const authorityMismatch = "authority_mismatch";
458
459
  const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
459
460
 
460
- /*! @azure/msal-common v16.2.0 2026-03-02 */
461
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
461
462
  /*
462
463
  * Copyright (c) Microsoft Corporation. All rights reserved.
463
464
  * Licensed under the MIT License.
@@ -492,9 +493,11 @@ const authorizationCodeMissingFromServerResponse = "authorization_code_missing_f
492
493
  const bindingKeyNotRemoved = "binding_key_not_removed";
493
494
  const endSessionEndpointNotSupported = "end_session_endpoint_not_supported";
494
495
  const keyIdMissing = "key_id_missing";
495
- const methodNotImplemented = "method_not_implemented";
496
+ const methodNotImplemented = "method_not_implemented";
497
+ const resourceParameterRequired = "resource_parameter_required";
498
+ const misplacedResourceParam = "misplaced_resource_parameter";
496
499
 
497
- /*! @azure/msal-common v16.2.0 2026-03-02 */
500
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
498
501
 
499
502
  /*
500
503
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -689,7 +692,7 @@ class ScopeSet {
689
692
  }
690
693
  }
691
694
 
692
- /*! @azure/msal-common v16.2.0 2026-03-02 */
695
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
693
696
 
694
697
  /*
695
698
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1054,9 +1057,14 @@ function addEARParameters(parameters, jwk) {
1054
1057
  // ear_jwe_crypto will always have value: {"alg":"dir","enc":"A256GCM"} so we can hardcode this
1055
1058
  const jweCryptoB64Encoded = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0";
1056
1059
  parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
1060
+ }
1061
+ function addResource(parameters, resource) {
1062
+ if (resource) {
1063
+ parameters.set(RESOURCE, resource);
1064
+ }
1057
1065
  }
1058
1066
 
1059
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1067
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1060
1068
 
1061
1069
  /*
1062
1070
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1165,7 +1173,7 @@ function normalizeUrlForComparison(url) {
1165
1173
  }
1166
1174
  }
1167
1175
 
1168
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1176
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1169
1177
 
1170
1178
  /*
1171
1179
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1204,7 +1212,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
1204
1212
  },
1205
1213
  };
1206
1214
 
1207
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1215
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1208
1216
  /*
1209
1217
  * Copyright (c) Microsoft Corporation. All rights reserved.
1210
1218
  * Licensed under the MIT License.
@@ -1465,12 +1473,12 @@ class Logger {
1465
1473
  }
1466
1474
  }
1467
1475
 
1468
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1476
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1469
1477
  /* eslint-disable header/header */
1470
1478
  const name$1 = "@azure/msal-common";
1471
- const version$1 = "16.2.0";
1479
+ const version$1 = "16.3.0";
1472
1480
 
1473
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1481
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1474
1482
  /*
1475
1483
  * Copyright (c) Microsoft Corporation. All rights reserved.
1476
1484
  * Licensed under the MIT License.
@@ -1479,7 +1487,7 @@ const AzureCloudInstance = {
1479
1487
  // AzureCloudInstance is not specified.
1480
1488
  None: "none"};
1481
1489
 
1482
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1490
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1483
1491
  /*
1484
1492
  * Copyright (c) Microsoft Corporation. All rights reserved.
1485
1493
  * Licensed under the MIT License.
@@ -1561,7 +1569,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1561
1569
  return updatedAccountInfo;
1562
1570
  }
1563
1571
 
1564
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1572
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1565
1573
 
1566
1574
  /*
1567
1575
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1641,7 +1649,7 @@ function checkMaxAge(authTime, maxAge) {
1641
1649
  }
1642
1650
  }
1643
1651
 
1644
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1652
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1645
1653
 
1646
1654
  /*
1647
1655
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1798,7 +1806,7 @@ class UrlString {
1798
1806
  }
1799
1807
  }
1800
1808
 
1801
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1809
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1802
1810
 
1803
1811
  /*
1804
1812
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1955,7 +1963,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1955
1963
  return null;
1956
1964
  }
1957
1965
 
1958
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1966
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1959
1967
  /*
1960
1968
  * Copyright (c) Microsoft Corporation. All rights reserved.
1961
1969
  * Licensed under the MIT License.
@@ -1963,7 +1971,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1963
1971
  const cacheQuotaExceeded = "cache_quota_exceeded";
1964
1972
  const cacheErrorUnknown = "cache_error_unknown";
1965
1973
 
1966
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1974
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1967
1975
 
1968
1976
  /*
1969
1977
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2001,7 +2009,7 @@ function createCacheError(e) {
2001
2009
  }
2002
2010
  }
2003
2011
 
2004
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2012
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2005
2013
 
2006
2014
  /*
2007
2015
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2039,7 +2047,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
2039
2047
  };
2040
2048
  }
2041
2049
 
2042
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2050
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2043
2051
  /*
2044
2052
  * Copyright (c) Microsoft Corporation. All rights reserved.
2045
2053
  * Licensed under the MIT License.
@@ -2054,7 +2062,7 @@ const AuthorityType = {
2054
2062
  Ciam: 3,
2055
2063
  };
2056
2064
 
2057
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2065
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2058
2066
  /*
2059
2067
  * Copyright (c) Microsoft Corporation. All rights reserved.
2060
2068
  * Licensed under the MIT License.
@@ -2076,7 +2084,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
2076
2084
  return null;
2077
2085
  }
2078
2086
 
2079
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2087
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2080
2088
  /*
2081
2089
  * Copyright (c) Microsoft Corporation. All rights reserved.
2082
2090
  * Licensed under the MIT License.
@@ -2100,7 +2108,7 @@ const ProtocolMode = {
2100
2108
  EAR: "EAR",
2101
2109
  };
2102
2110
 
2103
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2111
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2104
2112
  /**
2105
2113
  * Returns the AccountInfo interface for this account.
2106
2114
  */
@@ -2275,7 +2283,7 @@ function isAccountEntity(entity) {
2275
2283
  entity.hasOwnProperty("authorityType"));
2276
2284
  }
2277
2285
 
2278
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2286
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2279
2287
 
2280
2288
  /*
2281
2289
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3371,7 +3379,7 @@ class DefaultStorageClass extends CacheManager {
3371
3379
  }
3372
3380
  }
3373
3381
 
3374
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3382
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3375
3383
  /*
3376
3384
  * Copyright (c) Microsoft Corporation. All rights reserved.
3377
3385
  * Licensed under the MIT License.
@@ -3385,7 +3393,7 @@ class DefaultStorageClass extends CacheManager {
3385
3393
  const PerformanceEventStatus = {
3386
3394
  InProgress: 1};
3387
3395
 
3388
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3396
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3389
3397
 
3390
3398
  /*
3391
3399
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3440,7 +3448,7 @@ class StubPerformanceClient {
3440
3448
  }
3441
3449
  }
3442
3450
 
3443
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3451
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3444
3452
 
3445
3453
  /*
3446
3454
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3523,6 +3531,7 @@ function buildAuthOptions(authOptions) {
3523
3531
  clientCapabilities: [],
3524
3532
  azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS,
3525
3533
  instanceAware: false,
3534
+ isMcp: false,
3526
3535
  ...authOptions,
3527
3536
  };
3528
3537
  }
@@ -3534,7 +3543,7 @@ function isOidcProtocolMode(config) {
3534
3543
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3535
3544
  }
3536
3545
 
3537
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3546
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3538
3547
 
3539
3548
  /*
3540
3549
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3553,7 +3562,7 @@ class ServerError extends AuthError {
3553
3562
  }
3554
3563
  }
3555
3564
 
3556
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3565
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3557
3566
  /*
3558
3567
  * Copyright (c) Microsoft Corporation. All rights reserved.
3559
3568
  * Licensed under the MIT License.
@@ -3604,7 +3613,7 @@ const badToken = "bad_token";
3604
3613
  */
3605
3614
  const interruptedUser = "interrupted_user";
3606
3615
 
3607
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3616
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3608
3617
 
3609
3618
  /*
3610
3619
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3672,7 +3681,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
3672
3681
  return new InteractionRequiredAuthError(errorCode, errorMessage);
3673
3682
  }
3674
3683
 
3675
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3684
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3676
3685
 
3677
3686
  /*
3678
3687
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3740,7 +3749,7 @@ function parseRequestState(base64Decode, state) {
3740
3749
  }
3741
3750
  }
3742
3751
 
3743
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3752
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3744
3753
  /*
3745
3754
  * Copyright (c) Microsoft Corporation. All rights reserved.
3746
3755
  * Licensed under the MIT License.
@@ -3805,7 +3814,7 @@ function wasClockTurnedBack(cachedAt) {
3805
3814
  return cachedAtSec > nowSeconds();
3806
3815
  }
3807
3816
 
3808
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3817
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3809
3818
  /*
3810
3819
  * Copyright (c) Microsoft Corporation. All rights reserved.
3811
3820
  * Licensed under the MIT License.
@@ -3876,7 +3885,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
3876
3885
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
3877
3886
  const SetUserData = "setUserData";
3878
3887
 
3879
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3888
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3880
3889
  /*
3881
3890
  * Copyright (c) Microsoft Corporation. All rights reserved.
3882
3891
  * Licensed under the MIT License.
@@ -3969,7 +3978,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
3969
3978
  };
3970
3979
  };
3971
3980
 
3972
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3981
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3973
3982
 
3974
3983
  /*
3975
3984
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4049,7 +4058,7 @@ class PopTokenGenerator {
4049
4058
  }
4050
4059
  }
4051
4060
 
4052
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4061
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4053
4062
  /*
4054
4063
  * Copyright (c) Microsoft Corporation. All rights reserved.
4055
4064
  * Licensed under the MIT License.
@@ -4076,7 +4085,7 @@ class PopTokenGenerator {
4076
4085
  }
4077
4086
  }
4078
4087
 
4079
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4088
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4080
4089
 
4081
4090
  /*
4082
4091
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4335,7 +4344,7 @@ function isAuthorityMetadataExpired(metadata) {
4335
4344
  return metadata.expiresAt <= nowSeconds();
4336
4345
  }
4337
4346
 
4338
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4347
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4339
4348
 
4340
4349
  /*
4341
4350
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4520,6 +4529,11 @@ class ResponseHandler {
4520
4529
  : undefined;
4521
4530
  // non AAD scenarios can have empty realm
4522
4531
  cachedAccessToken = createAccessTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.access_token, this.clientId, claimsTenantId || authority.tenant || "", responseScopes.printScopes(), tokenExpirationSeconds, extendedTokenExpirationSeconds, this.cryptoObj.base64Decode, refreshOnSeconds, serverTokenResponse.token_type, userAssertionHash, serverTokenResponse.key_id);
4532
+ // Set resource (to be used for MCP scenarios)
4533
+ const resource = request.resource || null;
4534
+ if (resource) {
4535
+ cachedAccessToken.resource = resource;
4536
+ }
4523
4537
  }
4524
4538
  // refreshToken
4525
4539
  let cachedRefreshToken = null;
@@ -4671,7 +4685,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
4671
4685
  return baseAccount;
4672
4686
  }
4673
4687
 
4674
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4688
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4675
4689
  /*
4676
4690
  * Copyright (c) Microsoft Corporation. All rights reserved.
4677
4691
  * Licensed under the MIT License.
@@ -4681,7 +4695,7 @@ const CcsCredentialType = {
4681
4695
  UPN: "UPN",
4682
4696
  };
4683
4697
 
4684
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4698
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4685
4699
  /*
4686
4700
  * Copyright (c) Microsoft Corporation. All rights reserved.
4687
4701
  * Licensed under the MIT License.
@@ -4699,7 +4713,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
4699
4713
  }
4700
4714
  }
4701
4715
 
4702
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4716
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4703
4717
  /*
4704
4718
  * Copyright (c) Microsoft Corporation. All rights reserved.
4705
4719
  * Licensed under the MIT License.
@@ -4720,7 +4734,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
4720
4734
  };
4721
4735
  }
4722
4736
 
4723
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4737
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4724
4738
 
4725
4739
  /*
4726
4740
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4806,7 +4820,7 @@ class ThrottlingUtils {
4806
4820
  }
4807
4821
  }
4808
4822
 
4809
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4823
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4810
4824
 
4811
4825
  /*
4812
4826
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4837,7 +4851,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
4837
4851
  return new NetworkError(error, httpStatus, responseHeaders);
4838
4852
  }
4839
4853
 
4840
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4854
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4841
4855
 
4842
4856
  /*
4843
4857
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4951,7 +4965,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
4951
4965
  return response;
4952
4966
  }
4953
4967
 
4954
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4968
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4955
4969
  /*
4956
4970
  * Copyright (c) Microsoft Corporation. All rights reserved.
4957
4971
  * Licensed under the MIT License.
@@ -4963,7 +4977,7 @@ function isOpenIdConfigResponse(response) {
4963
4977
  response.hasOwnProperty("jwks_uri"));
4964
4978
  }
4965
4979
 
4966
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4980
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4967
4981
  /*
4968
4982
  * Copyright (c) Microsoft Corporation. All rights reserved.
4969
4983
  * Licensed under the MIT License.
@@ -4973,7 +4987,7 @@ function isCloudInstanceDiscoveryResponse(response) {
4973
4987
  response.hasOwnProperty("metadata"));
4974
4988
  }
4975
4989
 
4976
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4990
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4977
4991
  /*
4978
4992
  * Copyright (c) Microsoft Corporation. All rights reserved.
4979
4993
  * Licensed under the MIT License.
@@ -4983,7 +4997,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
4983
4997
  response.hasOwnProperty("error_description"));
4984
4998
  }
4985
4999
 
4986
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5000
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4987
5001
 
4988
5002
  /*
4989
5003
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5088,7 +5102,7 @@ RegionDiscovery.IMDS_OPTIONS = {
5088
5102
  },
5089
5103
  };
5090
5104
 
5091
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5105
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
5092
5106
 
5093
5107
  /*
5094
5108
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5908,7 +5922,7 @@ function buildStaticAuthorityOptions(authOptions) {
5908
5922
  };
5909
5923
  }
5910
5924
 
5911
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5925
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
5912
5926
 
5913
5927
  /*
5914
5928
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5942,7 +5956,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
5942
5956
  }
5943
5957
  }
5944
5958
 
5945
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5959
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
5946
5960
 
5947
5961
  /*
5948
5962
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6062,6 +6076,7 @@ class AuthorizationCodeClient {
6062
6076
  }
6063
6077
  // Add scope array, parameter builder will add default scopes and dedupe
6064
6078
  addScopes(parameters, request.scopes, true, this.oidcDefaultScopes);
6079
+ addResource(parameters, request.resource);
6065
6080
  // add code: user set, not validated
6066
6081
  addAuthorizationCode(parameters, request.code);
6067
6082
  // Add library metadata
@@ -6202,7 +6217,7 @@ class AuthorizationCodeClient {
6202
6217
  }
6203
6218
  }
6204
6219
 
6205
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6220
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6206
6221
 
6207
6222
  /*
6208
6223
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6427,7 +6442,7 @@ class RefreshTokenClient {
6427
6442
  }
6428
6443
  }
6429
6444
 
6430
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6445
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6431
6446
 
6432
6447
  /*
6433
6448
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6483,6 +6498,13 @@ class SilentFlowClient {
6483
6498
  this.setCacheOutcome(CacheOutcome.CACHED_ACCESS_TOKEN_EXPIRED, request.correlationId);
6484
6499
  throw createClientAuthError(tokenRefreshRequired);
6485
6500
  }
6501
+ else if (request.resource) {
6502
+ // cached access token must have a resource that matches the request resource for MCP scenarios
6503
+ if (cachedAccessToken.resource !== request.resource) {
6504
+ this.setCacheOutcome(CacheOutcome.NO_CACHED_ACCESS_TOKEN, request.correlationId);
6505
+ throw createClientAuthError(tokenRefreshRequired);
6506
+ }
6507
+ }
6486
6508
  else if (cachedAccessToken.refreshOn &&
6487
6509
  isTokenExpired(cachedAccessToken.refreshOn, 0)) {
6488
6510
  // must refresh (in the background) due to the refresh_in value
@@ -6536,7 +6558,7 @@ class SilentFlowClient {
6536
6558
  }
6537
6559
  }
6538
6560
 
6539
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6561
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6540
6562
 
6541
6563
  /*
6542
6564
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6551,7 +6573,7 @@ const StubbedNetworkModule = {
6551
6573
  },
6552
6574
  };
6553
6575
 
6554
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6576
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6555
6577
 
6556
6578
  /*
6557
6579
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6577,6 +6599,7 @@ function getStandardAuthorizeRequestParameters(authOptions, request, logger, per
6577
6599
  ...(request.extraScopesToConsent || []),
6578
6600
  ];
6579
6601
  addScopes(parameters, requestScopes, true, authOptions.authority.options.OIDCOptions?.defaultScopes);
6602
+ addResource(parameters, request.resource);
6580
6603
  addRedirectUri(parameters, request.redirectUri);
6581
6604
  addCorrelationId(parameters, correlationId);
6582
6605
  // add response_mode. If not passed in it defaults to query.
@@ -6775,7 +6798,40 @@ function extractLoginHint(account) {
6775
6798
  return account.loginHint || account.idTokenClaims?.login_hint || null;
6776
6799
  }
6777
6800
 
6778
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6801
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6802
+
6803
+ /*
6804
+ * Copyright (c) Microsoft Corporation. All rights reserved.
6805
+ * Licensed under the MIT License.
6806
+ */
6807
+ /**
6808
+ * Helper to enforce resource parameter presence in token requests when isMcp is set in the configuration.
6809
+ * If resource parameter is set in both the request and in extraQueryParameters or extraParameters, an error will be thrown.
6810
+ * This is used for MCP flows.
6811
+ * @param isMcp - Flag indicating if application is an MCP app, from configuration
6812
+ * @param request - Auth request
6813
+ */
6814
+ function enforceResourceParameter(isMcp, request) {
6815
+ if (!isMcp) {
6816
+ return;
6817
+ }
6818
+ if (request.resource &&
6819
+ (containsResourceParam(request.extraParameters) ||
6820
+ containsResourceParam(request.extraQueryParameters))) {
6821
+ throw createClientAuthError(misplacedResourceParam);
6822
+ }
6823
+ if (!request.resource) {
6824
+ throw createClientAuthError(resourceParameterRequired);
6825
+ }
6826
+ }
6827
+ function containsResourceParam(params) {
6828
+ if (!params) {
6829
+ return false;
6830
+ }
6831
+ return Object.prototype.hasOwnProperty.call(params, "resource");
6832
+ }
6833
+
6834
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6779
6835
  /*
6780
6836
  * Copyright (c) Microsoft Corporation. All rights reserved.
6781
6837
  * Licensed under the MIT License.
@@ -6785,7 +6841,7 @@ function extractLoginHint(account) {
6785
6841
  */
6786
6842
  const unexpectedError = "unexpected_error";
6787
6843
 
6788
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6844
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6789
6845
 
6790
6846
  /*
6791
6847
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7046,7 +7102,7 @@ class ServerTelemetryManager {
7046
7102
  }
7047
7103
  }
7048
7104
 
7049
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7105
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
7050
7106
 
7051
7107
  /*
7052
7108
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7067,7 +7123,7 @@ function createJoseHeaderError(code) {
7067
7123
  return new JoseHeaderError(code);
7068
7124
  }
7069
7125
 
7070
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7126
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
7071
7127
  /*
7072
7128
  * Copyright (c) Microsoft Corporation. All rights reserved.
7073
7129
  * Licensed under the MIT License.
@@ -7075,7 +7131,7 @@ function createJoseHeaderError(code) {
7075
7131
  const missingKidError = "missing_kid_error";
7076
7132
  const missingAlgError = "missing_alg_error";
7077
7133
 
7078
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7134
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
7079
7135
 
7080
7136
  /*
7081
7137
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7510,7 +7566,7 @@ function ensureArgumentIsJSONString(argName, argValue, correlationId) {
7510
7566
 
7511
7567
  /* eslint-disable header/header */
7512
7568
  const name = "@azure/msal-browser";
7513
- const version = "5.4.0";
7569
+ const version = "5.5.0";
7514
7570
 
7515
7571
  /*
7516
7572
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8937,9 +8993,13 @@ function cancelPendingBridgeResponse(logger, correlationId) {
8937
8993
  activeBridgeMonitor = null;
8938
8994
  }
8939
8995
  }
8940
- async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request) {
8996
+ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient) {
8941
8997
  return new Promise((resolve, reject) => {
8942
8998
  logger.verbose("1rf6em", request.correlationId);
8999
+ const correlationId = request.correlationId;
9000
+ performanceClient.addFields({
9001
+ redirectBridgeTimeoutMs: timeoutMs,
9002
+ }, correlationId);
8943
9003
  const { libraryState } = parseRequestState(browserCrypto.base64Decode, request.state || "");
8944
9004
  const channel = new BroadcastChannel(libraryState.id);
8945
9005
  let responseString = undefined;
@@ -8957,6 +9017,12 @@ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request)
8957
9017
  };
8958
9018
  channel.onmessage = (event) => {
8959
9019
  responseString = event.data.payload;
9020
+ const messageVersion = event?.data && typeof event.data.v === "number"
9021
+ ? event.data.v
9022
+ : undefined;
9023
+ performanceClient.addFields({
9024
+ redirectBridgeMessageVersion: messageVersion,
9025
+ }, correlationId);
8960
9026
  // Clear the active monitor
8961
9027
  activeBridgeMonitor = null;
8962
9028
  clearTimeout(timeoutId);
@@ -9427,6 +9493,7 @@ class StandardInteractionClient extends BaseInteractionClient {
9427
9493
  authority: discoveredAuthority,
9428
9494
  clientCapabilities: this.config.auth.clientCapabilities,
9429
9495
  redirectUri: this.config.auth.redirectUri,
9496
+ isMcp: this.config.auth.isMcp,
9430
9497
  },
9431
9498
  systemOptions: {
9432
9499
  tokenRenewalOffsetSeconds: this.config.system.tokenRenewalOffsetSeconds,
@@ -9467,6 +9534,10 @@ class StandardInteractionClient extends BaseInteractionClient {
9467
9534
  */
9468
9535
  async function initializeAuthorizationRequest(request, interactionType, config, browserCrypto, browserStorage, logger, performanceClient, correlationId) {
9469
9536
  const redirectUri = getRedirectUri(request.redirectUri, config.auth.redirectUri, logger, correlationId);
9537
+ if (new URL(redirectUri).origin !== new URL(window.location.href).origin) {
9538
+ logger.warning("08qbvw", correlationId);
9539
+ performanceClient.addFields({ isRedirectUriCrossOrigin: true }, correlationId);
9540
+ }
9470
9541
  const browserState = {
9471
9542
  interactionType: interactionType,
9472
9543
  };
@@ -15894,6 +15965,9 @@ class BrowserCacheManager extends CacheManager {
15894
15965
  : 0, base64Decode, undefined, // refreshOn
15895
15966
  result.tokenType, undefined, // userAssertionHash
15896
15967
  request.sshKid);
15968
+ if (request.resource) {
15969
+ accessTokenEntity.resource = request.resource;
15970
+ }
15897
15971
  const cacheRecord = {
15898
15972
  idToken: idTokenEntity,
15899
15973
  accessToken: accessTokenEntity,
@@ -16756,6 +16830,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
16756
16830
  correlationId: this.correlationId,
16757
16831
  state: response.state,
16758
16832
  fromPlatformBroker: true,
16833
+ ...(request.resource && { resource: request.resource }),
16759
16834
  };
16760
16835
  return result;
16761
16836
  }
@@ -17484,6 +17559,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
17484
17559
  tenant: "",
17485
17560
  },
17486
17561
  instanceAware: false,
17562
+ isMcp: false,
17487
17563
  };
17488
17564
  // Default cache options for browser
17489
17565
  const DEFAULT_CACHE_OPTIONS = {
@@ -17876,14 +17952,17 @@ class PlatformAuthDOMHandler {
17876
17952
  initializePlatformDOMRequest(request) {
17877
17953
  this.logger.trace("15d6yv", request.correlationId);
17878
17954
  const { accountId, clientId, authority, scope, redirectUri, correlationId, state, storeInCache, embeddedClientId, extraParameters, ...remainingProperties } = request;
17879
- const validExtraParameters = this.getDOMExtraParams(remainingProperties);
17955
+ const validExtraParameters = this.getDOMExtraParams(remainingProperties, correlationId);
17880
17956
  const platformDOMRequest = {
17881
17957
  accountId: accountId,
17882
17958
  brokerId: this.getExtensionId(),
17883
17959
  authority: authority,
17884
17960
  clientId: clientId,
17885
17961
  correlationId: correlationId || this.correlationId,
17886
- extraParameters: { ...extraParameters, ...validExtraParameters },
17962
+ extraParameters: {
17963
+ ...extraParameters,
17964
+ ...validExtraParameters,
17965
+ },
17887
17966
  isSecurityTokenService: false,
17888
17967
  redirectUri: redirectUri,
17889
17968
  scope: scope,
@@ -17937,15 +18016,27 @@ class PlatformAuthDOMHandler {
17937
18016
  };
17938
18017
  return nativeResponse;
17939
18018
  }
17940
- getDOMExtraParams(extraParameters) {
17941
- const stringifiedParams = Object.entries(extraParameters).reduce((record, [key, value]) => {
17942
- record[key] = String(value);
17943
- return record;
17944
- }, {});
17945
- const validExtraParams = {
17946
- ...stringifiedParams,
17947
- };
17948
- return validExtraParams;
18019
+ getDOMExtraParams(extraParameters, correlationId) {
18020
+ try {
18021
+ const stringifiedProperties = {};
18022
+ for (const [key, value] of Object.entries(extraParameters)) {
18023
+ if (!value) {
18024
+ continue;
18025
+ }
18026
+ if (typeof value === "object") {
18027
+ stringifiedProperties[key] = JSON.stringify(value);
18028
+ }
18029
+ else {
18030
+ stringifiedProperties[key] = String(value);
18031
+ }
18032
+ }
18033
+ return stringifiedProperties;
18034
+ }
18035
+ catch (e) {
18036
+ this.logger.error("0eu9o3", correlationId);
18037
+ this.logger.errorPii("17rpl5", correlationId);
18038
+ return {};
18039
+ }
17949
18040
  }
17950
18041
  }
17951
18042
 
@@ -18171,7 +18262,7 @@ class PopupClient extends StandardInteractionClient {
18171
18262
  const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
18172
18263
  this.eventHandler.emitEvent(EventType.POPUP_OPENED, correlationId, InteractionType.Popup, { popupWindow }, null);
18173
18264
  // Wait for the redirect bridge response
18174
- const responseString = await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request);
18265
+ const responseString = await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
18175
18266
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
18176
18267
  return await invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
18177
18268
  }
@@ -18206,7 +18297,7 @@ class PopupClient extends StandardInteractionClient {
18206
18297
  const form = await getEARForm(popupWindow.document, this.config, discoveredAuthority, popupRequest, this.logger, this.performanceClient);
18207
18298
  form.submit();
18208
18299
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
18209
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, popupRequest);
18300
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, popupRequest, this.performanceClient);
18210
18301
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
18211
18302
  if (!serverParams.ear_jwe && serverParams.code) {
18212
18303
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
@@ -18231,7 +18322,7 @@ class PopupClient extends StandardInteractionClient {
18231
18322
  const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
18232
18323
  form.submit();
18233
18324
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
18234
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request);
18325
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
18235
18326
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
18236
18327
  return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
18237
18328
  }
@@ -18284,7 +18375,7 @@ class PopupClient extends StandardInteractionClient {
18284
18375
  // Open the popup window to requestUrl.
18285
18376
  const popupWindow = this.openPopup(logoutUri, popupParams);
18286
18377
  this.eventHandler.emitEvent(EventType.POPUP_OPENED, validRequest.correlationId, InteractionType.Popup, { popupWindow }, null);
18287
- await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, validRequest).catch(() => {
18378
+ await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, validRequest, this.performanceClient).catch(() => {
18288
18379
  // Swallow any errors related to monitoring the window. Server logout is best effort
18289
18380
  });
18290
18381
  if (mainWindowRedirectUri) {
@@ -19032,7 +19123,7 @@ class SilentIframeClient extends StandardInteractionClient {
19032
19123
  };
19033
19124
  await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
19034
19125
  const responseType = this.config.auth.OIDCOptions.responseMode;
19035
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request);
19126
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
19036
19127
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
19037
19128
  if (!serverParams.ear_jwe && serverParams.code) {
19038
19129
  // If server doesn't support EAR, they may fallback to auth code flow instead
@@ -19081,7 +19172,7 @@ class SilentIframeClient extends StandardInteractionClient {
19081
19172
  }
19082
19173
  const responseType = this.config.auth.OIDCOptions.responseMode;
19083
19174
  // Wait for response from the redirect bridge.
19084
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request);
19175
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
19085
19176
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
19086
19177
  return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
19087
19178
  }
@@ -19234,6 +19325,10 @@ class SilentAuthCodeClient extends StandardInteractionClient {
19234
19325
  * Copyright (c) Microsoft Corporation. All rights reserved.
19235
19326
  * Licensed under the MIT License.
19236
19327
  */
19328
+ /**
19329
+ * Get network information for telemetry purposes. This is only supported in Chromium-based browsers.
19330
+ * @returns Network connection information, or an empty object if not available.
19331
+ */
19237
19332
  function collectInstanceStats(currentClientId, performanceEvent, logger, correlationId) {
19238
19333
  const frameInstances =
19239
19334
  // @ts-ignore
@@ -19253,12 +19348,13 @@ function collectInstanceStats(currentClientId, performanceEvent, logger, correla
19253
19348
  * Copyright (c) Microsoft Corporation. All rights reserved.
19254
19349
  * Licensed under the MIT License.
19255
19350
  */
19256
- function preflightCheck(initialized, performanceEvent, account) {
19351
+ function preflightCheck(initialized, performanceEvent, config, request) {
19257
19352
  try {
19258
19353
  preflightCheck$1(initialized);
19354
+ enforceResourceParameter(config.auth.isMcp, request);
19259
19355
  }
19260
19356
  catch (e) {
19261
- performanceEvent.end({ success: false }, e, account);
19357
+ performanceEvent.end({ success: false }, e, request.account);
19262
19358
  throw e;
19263
19359
  }
19264
19360
  }
@@ -19359,6 +19455,7 @@ class StandardController {
19359
19455
  this.eventHandler.emitEvent(EventType.INITIALIZE_START, correlationId);
19360
19456
  // Broker applications are initialized twice, so we avoid double-counting it
19361
19457
  this.logMultipleInstances(initMeasurement, correlationId);
19458
+ initMeasurement.add({ isMcp: this.config.auth.isMcp });
19362
19459
  await invokeAsync(this.browserStorage.initialize.bind(this.browserStorage), InitializeCache, this.logger, this.performanceClient, correlationId)(correlationId);
19363
19460
  if (allowPlatformBroker) {
19364
19461
  try {
@@ -19536,6 +19633,7 @@ class StandardController {
19536
19633
  };
19537
19634
  try {
19538
19635
  redirectPreflightCheck(this.initialized, this.config);
19636
+ enforceResourceParameter(this.config.auth.isMcp, request);
19539
19637
  this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
19540
19638
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, InteractionType.Redirect, request);
19541
19639
  let result;
@@ -19600,7 +19698,7 @@ class StandardController {
19600
19698
  });
19601
19699
  try {
19602
19700
  this.logger.verbose("0ch87b", correlationId);
19603
- preflightCheck(this.initialized, atPopupMeasurement, request.account);
19701
+ preflightCheck(this.initialized, atPopupMeasurement, this.config, request);
19604
19702
  this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN, request.overrideInteractionInProgress, correlationId);
19605
19703
  }
19606
19704
  catch (e) {
@@ -19714,7 +19812,7 @@ class StandardController {
19714
19812
  this.ssoSilentMeasurement?.add({
19715
19813
  scenarioId: request.scenarioId,
19716
19814
  });
19717
- preflightCheck(this.initialized, this.ssoSilentMeasurement, request.account);
19815
+ preflightCheck(this.initialized, this.ssoSilentMeasurement, this.config, validRequest);
19718
19816
  this.ssoSilentMeasurement?.increment({
19719
19817
  visibilityChangeCount: 0,
19720
19818
  });
@@ -19778,7 +19876,7 @@ class StandardController {
19778
19876
  const correlationId = this.getRequestCorrelationId(request);
19779
19877
  this.logger.trace("0ch6ga", correlationId);
19780
19878
  const atbcMeasurement = this.performanceClient.startMeasurement(AcquireTokenByCode, correlationId);
19781
- preflightCheck(this.initialized, atbcMeasurement);
19879
+ preflightCheck(this.initialized, atbcMeasurement, this.config, request);
19782
19880
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, InteractionType.Silent, request);
19783
19881
  atbcMeasurement.add({ scenarioId: request.scenarioId });
19784
19882
  try {
@@ -20280,7 +20378,7 @@ class StandardController {
20280
20378
  cacheLookupPolicy: request.cacheLookupPolicy,
20281
20379
  scenarioId: request.scenarioId,
20282
20380
  });
20283
- preflightCheck(this.initialized, atsMeasurement, request.account);
20381
+ preflightCheck(this.initialized, atsMeasurement, this.config, request);
20284
20382
  this.logger.verbose("0x1c4s", correlationId);
20285
20383
  const account = request.account || this.getActiveAccount();
20286
20384
  if (!account) {