@azure/msal-browser 5.4.0 → 5.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (422) hide show
  1. package/README.md +1 -0
  2. package/dist/app/IPublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientApplication.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +27 -12
  7. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
  8. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  9. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  10. package/dist/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  11. package/dist/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  12. package/dist/cache/AccountManager.mjs +1 -1
  13. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  14. package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
  15. package/dist/cache/BrowserCacheManager.mjs +4 -1
  16. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  17. package/dist/cache/CacheHelpers.mjs +1 -1
  18. package/dist/cache/CacheKeys.mjs +1 -1
  19. package/dist/cache/CookieStorage.mjs +1 -1
  20. package/dist/cache/DatabaseStorage.mjs +1 -1
  21. package/dist/cache/EncryptedData.mjs +1 -1
  22. package/dist/cache/LocalStorage.mjs +1 -1
  23. package/dist/cache/MemoryStorage.mjs +1 -1
  24. package/dist/cache/SessionStorage.mjs +1 -1
  25. package/dist/cache/TokenCache.mjs +1 -1
  26. package/dist/config/Configuration.d.ts +4 -0
  27. package/dist/config/Configuration.d.ts.map +1 -1
  28. package/dist/config/Configuration.mjs +2 -1
  29. package/dist/config/Configuration.mjs.map +1 -1
  30. package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
  31. package/dist/controllers/NestedAppAuthController.mjs +12 -2
  32. package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
  33. package/dist/controllers/StandardController.d.ts.map +1 -1
  34. package/dist/controllers/StandardController.mjs +11 -8
  35. package/dist/controllers/StandardController.mjs.map +1 -1
  36. package/dist/crypto/BrowserCrypto.mjs +1 -1
  37. package/dist/crypto/CryptoOps.mjs +1 -1
  38. package/dist/crypto/PkceGenerator.mjs +1 -1
  39. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  40. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  41. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  42. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  43. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +27 -12
  44. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
  45. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  46. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  47. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  48. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  49. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  50. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  51. package/dist/custom-auth-path/cache/BrowserCacheManager.d.ts.map +1 -1
  52. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +4 -1
  53. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs.map +1 -1
  54. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  55. package/dist/custom-auth-path/cache/CacheKeys.mjs +1 -1
  56. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  57. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  58. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  59. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  60. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  61. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  62. package/dist/custom-auth-path/config/Configuration.d.ts +4 -0
  63. package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
  64. package/dist/custom-auth-path/config/Configuration.mjs +2 -1
  65. package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
  66. package/dist/custom-auth-path/controllers/NestedAppAuthController.d.ts.map +1 -1
  67. package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
  68. package/dist/custom-auth-path/controllers/StandardController.mjs +11 -8
  69. package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
  70. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  71. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  72. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  74. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  158. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  159. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  160. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  169. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  170. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  171. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  172. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  173. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  174. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  175. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  176. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  177. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  178. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  179. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  180. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  181. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  182. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  183. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  184. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  185. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  186. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  187. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  188. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  189. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  190. package/dist/custom-auth-path/index.d.ts +1 -1
  191. package/dist/custom-auth-path/index.d.ts.map +1 -1
  192. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  193. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  194. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  195. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +2 -1
  196. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  197. package/dist/custom-auth-path/interaction_client/PopupClient.d.ts.map +1 -1
  198. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +5 -5
  199. package/dist/custom-auth-path/interaction_client/PopupClient.mjs.map +1 -1
  200. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
  201. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  202. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  203. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
  204. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +3 -3
  205. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
  206. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  207. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  208. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +6 -1
  209. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs.map +1 -1
  210. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  211. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
  212. package/dist/custom-auth-path/log-strings-mapping.json +19 -3
  213. package/dist/custom-auth-path/naa/TokenRequest.d.ts +1 -0
  214. package/dist/custom-auth-path/naa/TokenRequest.d.ts.map +1 -1
  215. package/dist/custom-auth-path/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  216. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  217. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  218. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  219. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  220. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  221. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  222. package/dist/custom-auth-path/protocol/Authorize.mjs +1 -1
  223. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  224. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  225. package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  226. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +1 -1
  227. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  228. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  229. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  230. package/dist/custom-auth-path/utils/BrowserUtils.d.ts +2 -2
  231. package/dist/custom-auth-path/utils/BrowserUtils.d.ts.map +1 -1
  232. package/dist/custom-auth-path/utils/BrowserUtils.mjs +12 -2
  233. package/dist/custom-auth-path/utils/BrowserUtils.mjs.map +1 -1
  234. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  235. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.d.ts +10 -0
  236. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  237. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +5 -1
  238. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs.map +1 -1
  239. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  240. package/dist/encode/Base64Decode.mjs +1 -1
  241. package/dist/encode/Base64Encode.mjs +1 -1
  242. package/dist/error/BrowserAuthError.mjs +1 -1
  243. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  244. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  245. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  246. package/dist/error/NativeAuthError.mjs +1 -1
  247. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  248. package/dist/error/NestedAppAuthError.mjs +1 -1
  249. package/dist/event/EventHandler.mjs +1 -1
  250. package/dist/event/EventMessage.mjs +1 -1
  251. package/dist/event/EventType.mjs +1 -1
  252. package/dist/index.d.ts +1 -1
  253. package/dist/index.d.ts.map +1 -1
  254. package/dist/index.mjs +2 -2
  255. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  256. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  257. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  258. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +2 -1
  259. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  260. package/dist/interaction_client/PopupClient.d.ts.map +1 -1
  261. package/dist/interaction_client/PopupClient.mjs +5 -5
  262. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  263. package/dist/interaction_client/RedirectClient.mjs +1 -1
  264. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  265. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  266. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  267. package/dist/interaction_client/SilentIframeClient.mjs +3 -3
  268. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  269. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  270. package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  271. package/dist/interaction_client/StandardInteractionClient.mjs +6 -1
  272. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  273. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  274. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  275. package/dist/log-strings-mapping.json +23 -7
  276. package/dist/naa/BridgeError.mjs +1 -1
  277. package/dist/naa/BridgeProxy.mjs +1 -1
  278. package/dist/naa/BridgeStatusCode.mjs +1 -1
  279. package/dist/naa/TokenRequest.d.ts +1 -0
  280. package/dist/naa/TokenRequest.d.ts.map +1 -1
  281. package/dist/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  282. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +2 -1
  283. package/dist/naa/mapping/NestedAppAuthAdapter.mjs.map +1 -1
  284. package/dist/navigation/NavigationClient.mjs +1 -1
  285. package/dist/network/FetchClient.mjs +1 -1
  286. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  287. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  288. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  289. package/dist/packageMetadata.d.ts +1 -1
  290. package/dist/packageMetadata.mjs +2 -2
  291. package/dist/protocol/Authorize.mjs +1 -1
  292. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  293. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  294. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  295. package/dist/redirect-bridge/cache/BrowserCacheManager.d.ts.map +1 -1
  296. package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
  297. package/dist/redirect-bridge/config/Configuration.d.ts +4 -0
  298. package/dist/redirect-bridge/config/Configuration.d.ts.map +1 -1
  299. package/dist/redirect-bridge/config/Configuration.mjs +1 -1
  300. package/dist/redirect-bridge/controllers/NestedAppAuthController.d.ts.map +1 -1
  301. package/dist/redirect-bridge/controllers/StandardController.d.ts.map +1 -1
  302. package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
  303. package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
  304. package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
  305. package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
  306. package/dist/redirect-bridge/index.d.ts +1 -1
  307. package/dist/redirect-bridge/index.d.ts.map +1 -1
  308. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  309. package/dist/redirect-bridge/interaction_client/PopupClient.d.ts.map +1 -1
  310. package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts.map +1 -1
  311. package/dist/redirect-bridge/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  312. package/dist/redirect-bridge/naa/TokenRequest.d.ts +1 -0
  313. package/dist/redirect-bridge/naa/TokenRequest.d.ts.map +1 -1
  314. package/dist/redirect-bridge/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  315. package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
  316. package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
  317. package/dist/redirect-bridge/redirect_bridge/index.mjs +1 -1
  318. package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  319. package/dist/redirect-bridge/utils/BrowserConstants.mjs +1 -1
  320. package/dist/redirect-bridge/utils/BrowserUtils.d.ts +2 -2
  321. package/dist/redirect-bridge/utils/BrowserUtils.d.ts.map +1 -1
  322. package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
  323. package/dist/redirect-bridge/utils/BrowserUtils.mjs.map +1 -1
  324. package/dist/redirect-bridge/utils/MsalFrameStatsUtils.d.ts +10 -0
  325. package/dist/redirect-bridge/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  326. package/dist/request/RequestHelpers.mjs +1 -1
  327. package/dist/response/ResponseHandler.mjs +1 -1
  328. package/dist/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  329. package/dist/telemetry/BrowserPerformanceClient.mjs +5 -1
  330. package/dist/telemetry/BrowserPerformanceClient.mjs.map +1 -1
  331. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  332. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  333. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  334. package/dist/utils/BrowserConstants.mjs +1 -1
  335. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  336. package/dist/utils/BrowserUtils.d.ts +2 -2
  337. package/dist/utils/BrowserUtils.d.ts.map +1 -1
  338. package/dist/utils/BrowserUtils.mjs +12 -2
  339. package/dist/utils/BrowserUtils.mjs.map +1 -1
  340. package/dist/utils/Helpers.mjs +1 -1
  341. package/dist/utils/MsalFrameStatsUtils.d.ts +10 -0
  342. package/dist/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  343. package/dist/utils/MsalFrameStatsUtils.mjs +18 -2
  344. package/dist/utils/MsalFrameStatsUtils.mjs.map +1 -1
  345. package/lib/custom-auth-path/log-strings-mapping.json +19 -3
  346. package/lib/custom-auth-path/msal-custom-auth.cjs +190 -92
  347. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  348. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  349. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  350. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  351. package/lib/custom-auth-path/types/cache/BrowserCacheManager.d.ts.map +1 -1
  352. package/lib/custom-auth-path/types/config/Configuration.d.ts +4 -0
  353. package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
  354. package/lib/custom-auth-path/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  355. package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
  356. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  357. package/lib/custom-auth-path/types/index.d.ts +1 -1
  358. package/lib/custom-auth-path/types/index.d.ts.map +1 -1
  359. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  360. package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts.map +1 -1
  361. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  362. package/lib/custom-auth-path/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  363. package/lib/custom-auth-path/types/naa/TokenRequest.d.ts +1 -0
  364. package/lib/custom-auth-path/types/naa/TokenRequest.d.ts.map +1 -1
  365. package/lib/custom-auth-path/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  366. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  367. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  368. package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts +2 -2
  369. package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts.map +1 -1
  370. package/lib/custom-auth-path/types/utils/MsalFrameStatsUtils.d.ts +10 -0
  371. package/lib/custom-auth-path/types/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  372. package/lib/log-strings-mapping.json +23 -7
  373. package/lib/msal-browser.cjs +224 -94
  374. package/lib/msal-browser.cjs.map +1 -1
  375. package/lib/msal-browser.js +224 -94
  376. package/lib/msal-browser.js.map +1 -1
  377. package/lib/msal-browser.min.js +2 -2
  378. package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
  379. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  380. package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
  381. package/lib/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  382. package/lib/types/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  383. package/lib/types/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  384. package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
  385. package/lib/types/config/Configuration.d.ts +4 -0
  386. package/lib/types/config/Configuration.d.ts.map +1 -1
  387. package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  388. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  389. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  390. package/lib/types/index.d.ts +1 -1
  391. package/lib/types/index.d.ts.map +1 -1
  392. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  393. package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
  394. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  395. package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  396. package/lib/types/naa/TokenRequest.d.ts +1 -0
  397. package/lib/types/naa/TokenRequest.d.ts.map +1 -1
  398. package/lib/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  399. package/lib/types/packageMetadata.d.ts +1 -1
  400. package/lib/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  401. package/lib/types/utils/BrowserUtils.d.ts +2 -2
  402. package/lib/types/utils/BrowserUtils.d.ts.map +1 -1
  403. package/lib/types/utils/MsalFrameStatsUtils.d.ts +10 -0
  404. package/lib/types/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  405. package/package.json +2 -2
  406. package/src/broker/nativeBroker/PlatformAuthDOMHandler.ts +34 -17
  407. package/src/broker/nativeBroker/PlatformAuthRequest.ts +1 -0
  408. package/src/cache/BrowserCacheManager.ts +4 -0
  409. package/src/config/Configuration.ts +5 -0
  410. package/src/controllers/NestedAppAuthController.ts +14 -0
  411. package/src/controllers/StandardController.ts +13 -6
  412. package/src/index.ts +1 -0
  413. package/src/interaction_client/PlatformAuthInteractionClient.ts +1 -0
  414. package/src/interaction_client/PopupClient.ts +8 -4
  415. package/src/interaction_client/SilentIframeClient.ts +4 -2
  416. package/src/interaction_client/StandardInteractionClient.ts +11 -0
  417. package/src/naa/TokenRequest.ts +1 -0
  418. package/src/naa/mapping/NestedAppAuthAdapter.ts +1 -0
  419. package/src/packageMetadata.ts +1 -1
  420. package/src/telemetry/BrowserPerformanceClient.ts +4 -0
  421. package/src/utils/BrowserUtils.ts +24 -1
  422. package/src/utils/MsalFrameStatsUtils.ts +27 -0
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v5.4.0 2026-03-02 */
1
+ /*! @azure/msal-browser v5.5.0 2026-03-13 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -234,7 +234,7 @@ const JsonWebTokenTypes$1 = {
234
234
  // Token renewal offset default in seconds
235
235
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
236
236
 
237
- /*! @azure/msal-common v16.2.0 2026-03-02 */
237
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
238
238
  /*
239
239
  * Copyright (c) Microsoft Corporation. All rights reserved.
240
240
  * Licensed under the MIT License.
@@ -282,9 +282,10 @@ const BROKER_CLIENT_ID = "brk_client_id";
282
282
  const BROKER_REDIRECT_URI = "brk_redirect_uri";
283
283
  const INSTANCE_AWARE = "instance_aware";
284
284
  const EAR_JWK = "ear_jwk";
285
- const EAR_JWE_CRYPTO = "ear_jwe_crypto";
285
+ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
286
+ const RESOURCE = "resource";
286
287
 
287
- /*! @azure/msal-common v16.2.0 2026-03-02 */
288
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
288
289
  /*
289
290
  * Copyright (c) Microsoft Corporation. All rights reserved.
290
291
  * Licensed under the MIT License.
@@ -315,7 +316,7 @@ function createAuthError(code, additionalMessage) {
315
316
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
316
317
  }
317
318
 
318
- /*! @azure/msal-common v16.2.0 2026-03-02 */
319
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
319
320
 
320
321
  /*
321
322
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -335,7 +336,7 @@ function createClientConfigurationError(errorCode) {
335
336
  return new ClientConfigurationError(errorCode);
336
337
  }
337
338
 
338
- /*! @azure/msal-common v16.2.0 2026-03-02 */
339
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
339
340
  /*
340
341
  * Copyright (c) Microsoft Corporation. All rights reserved.
341
342
  * Licensed under the MIT License.
@@ -415,7 +416,7 @@ class StringUtils {
415
416
  }
416
417
  }
417
418
 
418
- /*! @azure/msal-common v16.2.0 2026-03-02 */
419
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
419
420
 
420
421
  /*
421
422
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -438,7 +439,7 @@ function createClientAuthError(errorCode, additionalMessage) {
438
439
  return new ClientAuthError(errorCode, additionalMessage);
439
440
  }
440
441
 
441
- /*! @azure/msal-common v16.2.0 2026-03-02 */
442
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
442
443
  /*
443
444
  * Copyright (c) Microsoft Corporation. All rights reserved.
444
445
  * Licensed under the MIT License.
@@ -492,7 +493,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
492
493
  urlParseError: urlParseError
493
494
  });
494
495
 
495
- /*! @azure/msal-common v16.2.0 2026-03-02 */
496
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
496
497
  /*
497
498
  * Copyright (c) Microsoft Corporation. All rights reserved.
498
499
  * Licensed under the MIT License.
@@ -533,7 +534,9 @@ const noNetworkConnectivity$1 = "no_network_connectivity";
533
534
  const userCanceled = "user_canceled";
534
535
  const methodNotImplemented = "method_not_implemented";
535
536
  const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled";
536
- const platformBrokerError = "platform_broker_error";
537
+ const platformBrokerError = "platform_broker_error";
538
+ const resourceParameterRequired = "resource_parameter_required";
539
+ const misplacedResourceParam = "misplaced_resource_parameter";
537
540
 
538
541
  var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
539
542
  __proto__: null,
@@ -554,6 +557,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
554
557
  keyIdMissing: keyIdMissing,
555
558
  maxAgeTranspired: maxAgeTranspired,
556
559
  methodNotImplemented: methodNotImplemented,
560
+ misplacedResourceParam: misplacedResourceParam,
557
561
  multipleMatchingAppMetadata: multipleMatchingAppMetadata,
558
562
  multipleMatchingTokens: multipleMatchingTokens,
559
563
  nestedAppAuthBridgeDisabled: nestedAppAuthBridgeDisabled,
@@ -567,6 +571,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
567
571
  openIdConfigError: openIdConfigError,
568
572
  platformBrokerError: platformBrokerError,
569
573
  requestCannotBeMade: requestCannotBeMade,
574
+ resourceParameterRequired: resourceParameterRequired,
570
575
  stateMismatch: stateMismatch,
571
576
  stateNotFound: stateNotFound,
572
577
  tokenClaimsCnfRequiredForSignedJwt: tokenClaimsCnfRequiredForSignedJwt,
@@ -576,7 +581,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
576
581
  userCanceled: userCanceled
577
582
  });
578
583
 
579
- /*! @azure/msal-common v16.2.0 2026-03-02 */
584
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
580
585
 
581
586
  /*
582
587
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -771,7 +776,7 @@ class ScopeSet {
771
776
  }
772
777
  }
773
778
 
774
- /*! @azure/msal-common v16.2.0 2026-03-02 */
779
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
775
780
 
776
781
  /*
777
782
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1136,9 +1141,14 @@ function addEARParameters(parameters, jwk) {
1136
1141
  // ear_jwe_crypto will always have value: {"alg":"dir","enc":"A256GCM"} so we can hardcode this
1137
1142
  const jweCryptoB64Encoded = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0";
1138
1143
  parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
1144
+ }
1145
+ function addResource(parameters, resource) {
1146
+ if (resource) {
1147
+ parameters.set(RESOURCE, resource);
1148
+ }
1139
1149
  }
1140
1150
 
1141
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1151
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1142
1152
 
1143
1153
  /*
1144
1154
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1247,7 +1257,7 @@ function normalizeUrlForComparison(url) {
1247
1257
  }
1248
1258
  }
1249
1259
 
1250
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1260
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1251
1261
 
1252
1262
  /*
1253
1263
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1286,7 +1296,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
1286
1296
  },
1287
1297
  };
1288
1298
 
1289
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1299
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1290
1300
  /*
1291
1301
  * Copyright (c) Microsoft Corporation. All rights reserved.
1292
1302
  * Licensed under the MIT License.
@@ -1561,12 +1571,12 @@ class Logger {
1561
1571
  }
1562
1572
  }
1563
1573
 
1564
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1574
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1565
1575
  /* eslint-disable header/header */
1566
1576
  const name$1 = "@azure/msal-common";
1567
- const version$1 = "16.2.0";
1577
+ const version$1 = "16.3.0";
1568
1578
 
1569
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1579
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1570
1580
  /*
1571
1581
  * Copyright (c) Microsoft Corporation. All rights reserved.
1572
1582
  * Licensed under the MIT License.
@@ -1586,7 +1596,7 @@ const AzureCloudInstance = {
1586
1596
  AzureUsGovernment: "https://login.microsoftonline.us",
1587
1597
  };
1588
1598
 
1589
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1599
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1590
1600
  /*
1591
1601
  * Copyright (c) Microsoft Corporation. All rights reserved.
1592
1602
  * Licensed under the MIT License.
@@ -1668,7 +1678,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1668
1678
  return updatedAccountInfo;
1669
1679
  }
1670
1680
 
1671
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1681
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1672
1682
 
1673
1683
  /*
1674
1684
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1748,7 +1758,7 @@ function checkMaxAge(authTime, maxAge) {
1748
1758
  }
1749
1759
  }
1750
1760
 
1751
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1761
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1752
1762
 
1753
1763
  /*
1754
1764
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1905,7 +1915,7 @@ class UrlString {
1905
1915
  }
1906
1916
  }
1907
1917
 
1908
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1918
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
1909
1919
 
1910
1920
  /*
1911
1921
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2062,7 +2072,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2062
2072
  return null;
2063
2073
  }
2064
2074
 
2065
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2075
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2066
2076
  /*
2067
2077
  * Copyright (c) Microsoft Corporation. All rights reserved.
2068
2078
  * Licensed under the MIT License.
@@ -2070,7 +2080,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2070
2080
  const cacheQuotaExceeded = "cache_quota_exceeded";
2071
2081
  const cacheErrorUnknown = "cache_error_unknown";
2072
2082
 
2073
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2083
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2074
2084
 
2075
2085
  /*
2076
2086
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2108,7 +2118,7 @@ function createCacheError(e) {
2108
2118
  }
2109
2119
  }
2110
2120
 
2111
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2121
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2112
2122
 
2113
2123
  /*
2114
2124
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2146,7 +2156,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
2146
2156
  };
2147
2157
  }
2148
2158
 
2149
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2159
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2150
2160
  /*
2151
2161
  * Copyright (c) Microsoft Corporation. All rights reserved.
2152
2162
  * Licensed under the MIT License.
@@ -2161,7 +2171,7 @@ const AuthorityType = {
2161
2171
  Ciam: 3,
2162
2172
  };
2163
2173
 
2164
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2174
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2165
2175
  /*
2166
2176
  * Copyright (c) Microsoft Corporation. All rights reserved.
2167
2177
  * Licensed under the MIT License.
@@ -2183,7 +2193,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
2183
2193
  return null;
2184
2194
  }
2185
2195
 
2186
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2196
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2187
2197
  /*
2188
2198
  * Copyright (c) Microsoft Corporation. All rights reserved.
2189
2199
  * Licensed under the MIT License.
@@ -2207,7 +2217,7 @@ const ProtocolMode = {
2207
2217
  EAR: "EAR",
2208
2218
  };
2209
2219
 
2210
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2220
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2211
2221
  /**
2212
2222
  * Returns the AccountInfo interface for this account.
2213
2223
  */
@@ -2382,7 +2392,7 @@ function isAccountEntity(entity) {
2382
2392
  entity.hasOwnProperty("authorityType"));
2383
2393
  }
2384
2394
 
2385
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2395
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
2386
2396
 
2387
2397
  /*
2388
2398
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3479,7 +3489,7 @@ class DefaultStorageClass extends CacheManager {
3479
3489
  }
3480
3490
  }
3481
3491
 
3482
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3492
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3483
3493
  /*
3484
3494
  * Copyright (c) Microsoft Corporation. All rights reserved.
3485
3495
  * Licensed under the MIT License.
@@ -3524,9 +3534,12 @@ const IntFields = new Set([
3524
3534
  "currRefreshCount",
3525
3535
  "expiredCacheRemovedCount",
3526
3536
  "upgradedCacheCount",
3537
+ "networkRtt",
3538
+ "redirectBridgeTimeoutMs",
3539
+ "redirectBridgeMessageVersion",
3527
3540
  ]);
3528
3541
 
3529
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3542
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3530
3543
 
3531
3544
  /*
3532
3545
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3581,7 +3594,7 @@ class StubPerformanceClient {
3581
3594
  }
3582
3595
  }
3583
3596
 
3584
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3597
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3585
3598
 
3586
3599
  /*
3587
3600
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3664,6 +3677,7 @@ function buildAuthOptions(authOptions) {
3664
3677
  clientCapabilities: [],
3665
3678
  azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS,
3666
3679
  instanceAware: false,
3680
+ isMcp: false,
3667
3681
  ...authOptions,
3668
3682
  };
3669
3683
  }
@@ -3675,7 +3689,7 @@ function isOidcProtocolMode(config) {
3675
3689
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3676
3690
  }
3677
3691
 
3678
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3692
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3679
3693
 
3680
3694
  /*
3681
3695
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3694,7 +3708,7 @@ class ServerError extends AuthError {
3694
3708
  }
3695
3709
  }
3696
3710
 
3697
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3711
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3698
3712
  /*
3699
3713
  * Copyright (c) Microsoft Corporation. All rights reserved.
3700
3714
  * Licensed under the MIT License.
@@ -3758,7 +3772,7 @@ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
3758
3772
  uxNotAllowed: uxNotAllowed
3759
3773
  });
3760
3774
 
3761
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3775
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3762
3776
 
3763
3777
  /*
3764
3778
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3826,7 +3840,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
3826
3840
  return new InteractionRequiredAuthError(errorCode, errorMessage);
3827
3841
  }
3828
3842
 
3829
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3843
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3830
3844
 
3831
3845
  /*
3832
3846
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3894,7 +3908,7 @@ function parseRequestState(base64Decode, state) {
3894
3908
  }
3895
3909
  }
3896
3910
 
3897
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3911
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3898
3912
  /*
3899
3913
  * Copyright (c) Microsoft Corporation. All rights reserved.
3900
3914
  * Licensed under the MIT License.
@@ -3959,7 +3973,7 @@ function wasClockTurnedBack(cachedAt) {
3959
3973
  return cachedAtSec > nowSeconds();
3960
3974
  }
3961
3975
 
3962
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3976
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
3963
3977
  /*
3964
3978
  * Copyright (c) Microsoft Corporation. All rights reserved.
3965
3979
  * Licensed under the MIT License.
@@ -4030,7 +4044,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
4030
4044
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4031
4045
  const SetUserData = "setUserData";
4032
4046
 
4033
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4047
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4034
4048
  /*
4035
4049
  * Copyright (c) Microsoft Corporation. All rights reserved.
4036
4050
  * Licensed under the MIT License.
@@ -4123,7 +4137,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
4123
4137
  };
4124
4138
  };
4125
4139
 
4126
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4140
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4127
4141
 
4128
4142
  /*
4129
4143
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4203,7 +4217,7 @@ class PopTokenGenerator {
4203
4217
  }
4204
4218
  }
4205
4219
 
4206
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4220
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4207
4221
  /*
4208
4222
  * Copyright (c) Microsoft Corporation. All rights reserved.
4209
4223
  * Licensed under the MIT License.
@@ -4230,7 +4244,7 @@ class PopTokenGenerator {
4230
4244
  }
4231
4245
  }
4232
4246
 
4233
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4247
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4234
4248
 
4235
4249
  /*
4236
4250
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4489,7 +4503,7 @@ function isAuthorityMetadataExpired(metadata) {
4489
4503
  return metadata.expiresAt <= nowSeconds();
4490
4504
  }
4491
4505
 
4492
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4506
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4493
4507
 
4494
4508
  /*
4495
4509
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4674,6 +4688,11 @@ class ResponseHandler {
4674
4688
  : undefined;
4675
4689
  // non AAD scenarios can have empty realm
4676
4690
  cachedAccessToken = createAccessTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.access_token, this.clientId, claimsTenantId || authority.tenant || "", responseScopes.printScopes(), tokenExpirationSeconds, extendedTokenExpirationSeconds, this.cryptoObj.base64Decode, refreshOnSeconds, serverTokenResponse.token_type, userAssertionHash, serverTokenResponse.key_id);
4691
+ // Set resource (to be used for MCP scenarios)
4692
+ const resource = request.resource || null;
4693
+ if (resource) {
4694
+ cachedAccessToken.resource = resource;
4695
+ }
4677
4696
  }
4678
4697
  // refreshToken
4679
4698
  let cachedRefreshToken = null;
@@ -4825,7 +4844,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
4825
4844
  return baseAccount;
4826
4845
  }
4827
4846
 
4828
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4847
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4829
4848
  /*
4830
4849
  * Copyright (c) Microsoft Corporation. All rights reserved.
4831
4850
  * Licensed under the MIT License.
@@ -4835,7 +4854,7 @@ const CcsCredentialType = {
4835
4854
  UPN: "UPN",
4836
4855
  };
4837
4856
 
4838
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4857
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4839
4858
  /*
4840
4859
  * Copyright (c) Microsoft Corporation. All rights reserved.
4841
4860
  * Licensed under the MIT License.
@@ -4853,7 +4872,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
4853
4872
  }
4854
4873
  }
4855
4874
 
4856
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4875
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4857
4876
  /*
4858
4877
  * Copyright (c) Microsoft Corporation. All rights reserved.
4859
4878
  * Licensed under the MIT License.
@@ -4874,7 +4893,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
4874
4893
  };
4875
4894
  }
4876
4895
 
4877
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4896
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4878
4897
 
4879
4898
  /*
4880
4899
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4960,7 +4979,7 @@ class ThrottlingUtils {
4960
4979
  }
4961
4980
  }
4962
4981
 
4963
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4982
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4964
4983
 
4965
4984
  /*
4966
4985
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4991,7 +5010,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
4991
5010
  return new NetworkError(error, httpStatus, responseHeaders);
4992
5011
  }
4993
5012
 
4994
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5013
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
4995
5014
 
4996
5015
  /*
4997
5016
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5105,7 +5124,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
5105
5124
  return response;
5106
5125
  }
5107
5126
 
5108
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5127
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
5109
5128
  /*
5110
5129
  * Copyright (c) Microsoft Corporation. All rights reserved.
5111
5130
  * Licensed under the MIT License.
@@ -5117,7 +5136,7 @@ function isOpenIdConfigResponse(response) {
5117
5136
  response.hasOwnProperty("jwks_uri"));
5118
5137
  }
5119
5138
 
5120
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5139
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
5121
5140
  /*
5122
5141
  * Copyright (c) Microsoft Corporation. All rights reserved.
5123
5142
  * Licensed under the MIT License.
@@ -5127,7 +5146,7 @@ function isCloudInstanceDiscoveryResponse(response) {
5127
5146
  response.hasOwnProperty("metadata"));
5128
5147
  }
5129
5148
 
5130
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5149
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
5131
5150
  /*
5132
5151
  * Copyright (c) Microsoft Corporation. All rights reserved.
5133
5152
  * Licensed under the MIT License.
@@ -5137,7 +5156,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
5137
5156
  response.hasOwnProperty("error_description"));
5138
5157
  }
5139
5158
 
5140
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5159
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
5141
5160
 
5142
5161
  /*
5143
5162
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5242,7 +5261,7 @@ RegionDiscovery.IMDS_OPTIONS = {
5242
5261
  },
5243
5262
  };
5244
5263
 
5245
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5264
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
5246
5265
 
5247
5266
  /*
5248
5267
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6062,7 +6081,7 @@ function buildStaticAuthorityOptions(authOptions) {
6062
6081
  };
6063
6082
  }
6064
6083
 
6065
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6084
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6066
6085
 
6067
6086
  /*
6068
6087
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6096,7 +6115,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
6096
6115
  }
6097
6116
  }
6098
6117
 
6099
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6118
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6100
6119
 
6101
6120
  /*
6102
6121
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6216,6 +6235,7 @@ class AuthorizationCodeClient {
6216
6235
  }
6217
6236
  // Add scope array, parameter builder will add default scopes and dedupe
6218
6237
  addScopes(parameters, request.scopes, true, this.oidcDefaultScopes);
6238
+ addResource(parameters, request.resource);
6219
6239
  // add code: user set, not validated
6220
6240
  addAuthorizationCode(parameters, request.code);
6221
6241
  // Add library metadata
@@ -6356,7 +6376,7 @@ class AuthorizationCodeClient {
6356
6376
  }
6357
6377
  }
6358
6378
 
6359
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6379
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6360
6380
 
6361
6381
  /*
6362
6382
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6581,7 +6601,7 @@ class RefreshTokenClient {
6581
6601
  }
6582
6602
  }
6583
6603
 
6584
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6604
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6585
6605
 
6586
6606
  /*
6587
6607
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6637,6 +6657,13 @@ class SilentFlowClient {
6637
6657
  this.setCacheOutcome(CacheOutcome.CACHED_ACCESS_TOKEN_EXPIRED, request.correlationId);
6638
6658
  throw createClientAuthError(tokenRefreshRequired);
6639
6659
  }
6660
+ else if (request.resource) {
6661
+ // cached access token must have a resource that matches the request resource for MCP scenarios
6662
+ if (cachedAccessToken.resource !== request.resource) {
6663
+ this.setCacheOutcome(CacheOutcome.NO_CACHED_ACCESS_TOKEN, request.correlationId);
6664
+ throw createClientAuthError(tokenRefreshRequired);
6665
+ }
6666
+ }
6640
6667
  else if (cachedAccessToken.refreshOn &&
6641
6668
  isTokenExpired(cachedAccessToken.refreshOn, 0)) {
6642
6669
  // must refresh (in the background) due to the refresh_in value
@@ -6690,7 +6717,7 @@ class SilentFlowClient {
6690
6717
  }
6691
6718
  }
6692
6719
 
6693
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6720
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6694
6721
 
6695
6722
  /*
6696
6723
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6705,7 +6732,7 @@ const StubbedNetworkModule = {
6705
6732
  },
6706
6733
  };
6707
6734
 
6708
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6735
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6709
6736
 
6710
6737
  /*
6711
6738
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6731,6 +6758,7 @@ function getStandardAuthorizeRequestParameters(authOptions, request, logger, per
6731
6758
  ...(request.extraScopesToConsent || []),
6732
6759
  ];
6733
6760
  addScopes(parameters, requestScopes, true, authOptions.authority.options.OIDCOptions?.defaultScopes);
6761
+ addResource(parameters, request.resource);
6734
6762
  addRedirectUri(parameters, request.redirectUri);
6735
6763
  addCorrelationId(parameters, correlationId);
6736
6764
  // add response_mode. If not passed in it defaults to query.
@@ -6929,7 +6957,40 @@ function extractLoginHint(account) {
6929
6957
  return account.loginHint || account.idTokenClaims?.login_hint || null;
6930
6958
  }
6931
6959
 
6932
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6960
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6961
+
6962
+ /*
6963
+ * Copyright (c) Microsoft Corporation. All rights reserved.
6964
+ * Licensed under the MIT License.
6965
+ */
6966
+ /**
6967
+ * Helper to enforce resource parameter presence in token requests when isMcp is set in the configuration.
6968
+ * If resource parameter is set in both the request and in extraQueryParameters or extraParameters, an error will be thrown.
6969
+ * This is used for MCP flows.
6970
+ * @param isMcp - Flag indicating if application is an MCP app, from configuration
6971
+ * @param request - Auth request
6972
+ */
6973
+ function enforceResourceParameter(isMcp, request) {
6974
+ if (!isMcp) {
6975
+ return;
6976
+ }
6977
+ if (request.resource &&
6978
+ (containsResourceParam(request.extraParameters) ||
6979
+ containsResourceParam(request.extraQueryParameters))) {
6980
+ throw createClientAuthError(misplacedResourceParam);
6981
+ }
6982
+ if (!request.resource) {
6983
+ throw createClientAuthError(resourceParameterRequired);
6984
+ }
6985
+ }
6986
+ function containsResourceParam(params) {
6987
+ if (!params) {
6988
+ return false;
6989
+ }
6990
+ return Object.prototype.hasOwnProperty.call(params, "resource");
6991
+ }
6992
+
6993
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6933
6994
 
6934
6995
  /*
6935
6996
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6987,7 +7048,7 @@ class AuthenticationHeaderParser {
6987
7048
  }
6988
7049
  }
6989
7050
 
6990
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7051
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
6991
7052
  /*
6992
7053
  * Copyright (c) Microsoft Corporation. All rights reserved.
6993
7054
  * Licensed under the MIT License.
@@ -7004,7 +7065,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
7004
7065
  unexpectedError: unexpectedError
7005
7066
  });
7006
7067
 
7007
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7068
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
7008
7069
 
7009
7070
  /*
7010
7071
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7265,7 +7326,7 @@ class ServerTelemetryManager {
7265
7326
  }
7266
7327
  }
7267
7328
 
7268
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7329
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
7269
7330
 
7270
7331
  /*
7271
7332
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7286,7 +7347,7 @@ function createJoseHeaderError(code) {
7286
7347
  return new JoseHeaderError(code);
7287
7348
  }
7288
7349
 
7289
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7350
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
7290
7351
  /*
7291
7352
  * Copyright (c) Microsoft Corporation. All rights reserved.
7292
7353
  * Licensed under the MIT License.
@@ -7294,7 +7355,7 @@ function createJoseHeaderError(code) {
7294
7355
  const missingKidError = "missing_kid_error";
7295
7356
  const missingAlgError = "missing_alg_error";
7296
7357
 
7297
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7358
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
7298
7359
 
7299
7360
  /*
7300
7361
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7334,7 +7395,7 @@ class JoseHeader {
7334
7395
  }
7335
7396
  }
7336
7397
 
7337
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7398
+ /*! @azure/msal-common v16.3.0 2026-03-13 */
7338
7399
 
7339
7400
  /*
7340
7401
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8768,9 +8829,13 @@ function cancelPendingBridgeResponse(logger, correlationId) {
8768
8829
  activeBridgeMonitor = null;
8769
8830
  }
8770
8831
  }
8771
- async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request) {
8832
+ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient) {
8772
8833
  return new Promise((resolve, reject) => {
8773
8834
  logger.verbose("1rf6em", request.correlationId);
8835
+ const correlationId = request.correlationId;
8836
+ performanceClient.addFields({
8837
+ redirectBridgeTimeoutMs: timeoutMs,
8838
+ }, correlationId);
8774
8839
  const { libraryState } = parseRequestState(browserCrypto.base64Decode, request.state || "");
8775
8840
  const channel = new BroadcastChannel(libraryState.id);
8776
8841
  let responseString = undefined;
@@ -8788,6 +8853,12 @@ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request)
8788
8853
  };
8789
8854
  channel.onmessage = (event) => {
8790
8855
  responseString = event.data.payload;
8856
+ const messageVersion = event?.data && typeof event.data.v === "number"
8857
+ ? event.data.v
8858
+ : undefined;
8859
+ performanceClient.addFields({
8860
+ redirectBridgeMessageVersion: messageVersion,
8861
+ }, correlationId);
8791
8862
  // Clear the active monitor
8792
8863
  activeBridgeMonitor = null;
8793
8864
  clearTimeout(timeoutId);
@@ -10207,7 +10278,7 @@ const EventType = {
10207
10278
 
10208
10279
  /* eslint-disable header/header */
10209
10280
  const name = "@azure/msal-browser";
10210
- const version = "5.4.0";
10281
+ const version = "5.5.0";
10211
10282
 
10212
10283
  /*
10213
10284
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -11522,6 +11593,9 @@ class BrowserCacheManager extends CacheManager {
11522
11593
  : 0, base64Decode, undefined, // refreshOn
11523
11594
  result.tokenType, undefined, // userAssertionHash
11524
11595
  request.sshKid);
11596
+ if (request.resource) {
11597
+ accessTokenEntity.resource = request.resource;
11598
+ }
11525
11599
  const cacheRecord = {
11526
11600
  idToken: idTokenEntity,
11527
11601
  accessToken: accessTokenEntity,
@@ -12074,6 +12148,7 @@ class StandardInteractionClient extends BaseInteractionClient {
12074
12148
  authority: discoveredAuthority,
12075
12149
  clientCapabilities: this.config.auth.clientCapabilities,
12076
12150
  redirectUri: this.config.auth.redirectUri,
12151
+ isMcp: this.config.auth.isMcp,
12077
12152
  },
12078
12153
  systemOptions: {
12079
12154
  tokenRenewalOffsetSeconds: this.config.system.tokenRenewalOffsetSeconds,
@@ -12114,6 +12189,10 @@ class StandardInteractionClient extends BaseInteractionClient {
12114
12189
  */
12115
12190
  async function initializeAuthorizationRequest(request, interactionType, config, browserCrypto, browserStorage, logger, performanceClient, correlationId) {
12116
12191
  const redirectUri = getRedirectUri(request.redirectUri, config.auth.redirectUri, logger, correlationId);
12192
+ if (new URL(redirectUri).origin !== new URL(window.location.href).origin) {
12193
+ logger.warning("08qbvw", correlationId);
12194
+ performanceClient.addFields({ isRedirectUriCrossOrigin: true }, correlationId);
12195
+ }
12117
12196
  const browserState = {
12118
12197
  interactionType: interactionType,
12119
12198
  };
@@ -12791,6 +12870,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
12791
12870
  correlationId: this.correlationId,
12792
12871
  state: response.state,
12793
12872
  fromPlatformBroker: true,
12873
+ ...(request.resource && { resource: request.resource }),
12794
12874
  };
12795
12875
  return result;
12796
12876
  }
@@ -13519,6 +13599,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
13519
13599
  tenant: "",
13520
13600
  },
13521
13601
  instanceAware: false,
13602
+ isMcp: false,
13522
13603
  };
13523
13604
  // Default cache options for browser
13524
13605
  const DEFAULT_CACHE_OPTIONS = {
@@ -13911,14 +13992,17 @@ class PlatformAuthDOMHandler {
13911
13992
  initializePlatformDOMRequest(request) {
13912
13993
  this.logger.trace("15d6yv", request.correlationId);
13913
13994
  const { accountId, clientId, authority, scope, redirectUri, correlationId, state, storeInCache, embeddedClientId, extraParameters, ...remainingProperties } = request;
13914
- const validExtraParameters = this.getDOMExtraParams(remainingProperties);
13995
+ const validExtraParameters = this.getDOMExtraParams(remainingProperties, correlationId);
13915
13996
  const platformDOMRequest = {
13916
13997
  accountId: accountId,
13917
13998
  brokerId: this.getExtensionId(),
13918
13999
  authority: authority,
13919
14000
  clientId: clientId,
13920
14001
  correlationId: correlationId || this.correlationId,
13921
- extraParameters: { ...extraParameters, ...validExtraParameters },
14002
+ extraParameters: {
14003
+ ...extraParameters,
14004
+ ...validExtraParameters,
14005
+ },
13922
14006
  isSecurityTokenService: false,
13923
14007
  redirectUri: redirectUri,
13924
14008
  scope: scope,
@@ -13972,15 +14056,27 @@ class PlatformAuthDOMHandler {
13972
14056
  };
13973
14057
  return nativeResponse;
13974
14058
  }
13975
- getDOMExtraParams(extraParameters) {
13976
- const stringifiedParams = Object.entries(extraParameters).reduce((record, [key, value]) => {
13977
- record[key] = String(value);
13978
- return record;
13979
- }, {});
13980
- const validExtraParams = {
13981
- ...stringifiedParams,
13982
- };
13983
- return validExtraParams;
14059
+ getDOMExtraParams(extraParameters, correlationId) {
14060
+ try {
14061
+ const stringifiedProperties = {};
14062
+ for (const [key, value] of Object.entries(extraParameters)) {
14063
+ if (!value) {
14064
+ continue;
14065
+ }
14066
+ if (typeof value === "object") {
14067
+ stringifiedProperties[key] = JSON.stringify(value);
14068
+ }
14069
+ else {
14070
+ stringifiedProperties[key] = String(value);
14071
+ }
14072
+ }
14073
+ return stringifiedProperties;
14074
+ }
14075
+ catch (e) {
14076
+ this.logger.error("0eu9o3", correlationId);
14077
+ this.logger.errorPii("17rpl5", correlationId);
14078
+ return {};
14079
+ }
13984
14080
  }
13985
14081
  }
13986
14082
 
@@ -14224,7 +14320,7 @@ class PopupClient extends StandardInteractionClient {
14224
14320
  const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
14225
14321
  this.eventHandler.emitEvent(EventType.POPUP_OPENED, correlationId, exports.InteractionType.Popup, { popupWindow }, null);
14226
14322
  // Wait for the redirect bridge response
14227
- const responseString = await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request);
14323
+ const responseString = await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
14228
14324
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
14229
14325
  return await invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
14230
14326
  }
@@ -14259,7 +14355,7 @@ class PopupClient extends StandardInteractionClient {
14259
14355
  const form = await getEARForm(popupWindow.document, this.config, discoveredAuthority, popupRequest, this.logger, this.performanceClient);
14260
14356
  form.submit();
14261
14357
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
14262
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, popupRequest);
14358
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, popupRequest, this.performanceClient);
14263
14359
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
14264
14360
  if (!serverParams.ear_jwe && serverParams.code) {
14265
14361
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
@@ -14284,7 +14380,7 @@ class PopupClient extends StandardInteractionClient {
14284
14380
  const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
14285
14381
  form.submit();
14286
14382
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
14287
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request);
14383
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
14288
14384
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
14289
14385
  return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
14290
14386
  }
@@ -14337,7 +14433,7 @@ class PopupClient extends StandardInteractionClient {
14337
14433
  // Open the popup window to requestUrl.
14338
14434
  const popupWindow = this.openPopup(logoutUri, popupParams);
14339
14435
  this.eventHandler.emitEvent(EventType.POPUP_OPENED, validRequest.correlationId, exports.InteractionType.Popup, { popupWindow }, null);
14340
- await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, validRequest).catch(() => {
14436
+ await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, validRequest, this.performanceClient).catch(() => {
14341
14437
  // Swallow any errors related to monitoring the window. Server logout is best effort
14342
14438
  });
14343
14439
  if (mainWindowRedirectUri) {
@@ -15085,7 +15181,7 @@ class SilentIframeClient extends StandardInteractionClient {
15085
15181
  };
15086
15182
  await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
15087
15183
  const responseType = this.config.auth.OIDCOptions.responseMode;
15088
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request);
15184
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
15089
15185
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
15090
15186
  if (!serverParams.ear_jwe && serverParams.code) {
15091
15187
  // If server doesn't support EAR, they may fallback to auth code flow instead
@@ -15134,7 +15230,7 @@ class SilentIframeClient extends StandardInteractionClient {
15134
15230
  }
15135
15231
  const responseType = this.config.auth.OIDCOptions.responseMode;
15136
15232
  // Wait for response from the redirect bridge.
15137
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request);
15233
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
15138
15234
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
15139
15235
  return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
15140
15236
  }
@@ -15287,6 +15383,22 @@ class SilentAuthCodeClient extends StandardInteractionClient {
15287
15383
  * Copyright (c) Microsoft Corporation. All rights reserved.
15288
15384
  * Licensed under the MIT License.
15289
15385
  */
15386
+ /**
15387
+ * Get network information for telemetry purposes. This is only supported in Chromium-based browsers.
15388
+ * @returns Network connection information, or an empty object if not available.
15389
+ */
15390
+ function getNetworkInfo() {
15391
+ if (typeof window === "undefined" || !window.navigator) {
15392
+ return {};
15393
+ }
15394
+ const connection = "connection" in window.navigator
15395
+ ? window.navigator.connection
15396
+ : undefined;
15397
+ return {
15398
+ effectiveType: connection?.effectiveType,
15399
+ rtt: connection?.rtt,
15400
+ };
15401
+ }
15290
15402
  function collectInstanceStats(currentClientId, performanceEvent, logger, correlationId) {
15291
15403
  const frameInstances =
15292
15404
  // @ts-ignore
@@ -15306,12 +15418,13 @@ function collectInstanceStats(currentClientId, performanceEvent, logger, correla
15306
15418
  * Copyright (c) Microsoft Corporation. All rights reserved.
15307
15419
  * Licensed under the MIT License.
15308
15420
  */
15309
- function preflightCheck(initialized, performanceEvent, account) {
15421
+ function preflightCheck(initialized, performanceEvent, config, request) {
15310
15422
  try {
15311
15423
  preflightCheck$1(initialized);
15424
+ enforceResourceParameter(config.auth.isMcp, request);
15312
15425
  }
15313
15426
  catch (e) {
15314
- performanceEvent.end({ success: false }, e, account);
15427
+ performanceEvent.end({ success: false }, e, request.account);
15315
15428
  throw e;
15316
15429
  }
15317
15430
  }
@@ -15412,6 +15525,7 @@ class StandardController {
15412
15525
  this.eventHandler.emitEvent(EventType.INITIALIZE_START, correlationId);
15413
15526
  // Broker applications are initialized twice, so we avoid double-counting it
15414
15527
  this.logMultipleInstances(initMeasurement, correlationId);
15528
+ initMeasurement.add({ isMcp: this.config.auth.isMcp });
15415
15529
  await invokeAsync(this.browserStorage.initialize.bind(this.browserStorage), InitializeCache, this.logger, this.performanceClient, correlationId)(correlationId);
15416
15530
  if (allowPlatformBroker) {
15417
15531
  try {
@@ -15589,6 +15703,7 @@ class StandardController {
15589
15703
  };
15590
15704
  try {
15591
15705
  redirectPreflightCheck(this.initialized, this.config);
15706
+ enforceResourceParameter(this.config.auth.isMcp, request);
15592
15707
  this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
15593
15708
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Redirect, request);
15594
15709
  let result;
@@ -15653,7 +15768,7 @@ class StandardController {
15653
15768
  });
15654
15769
  try {
15655
15770
  this.logger.verbose("0ch87b", correlationId);
15656
- preflightCheck(this.initialized, atPopupMeasurement, request.account);
15771
+ preflightCheck(this.initialized, atPopupMeasurement, this.config, request);
15657
15772
  this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN, request.overrideInteractionInProgress, correlationId);
15658
15773
  }
15659
15774
  catch (e) {
@@ -15767,7 +15882,7 @@ class StandardController {
15767
15882
  this.ssoSilentMeasurement?.add({
15768
15883
  scenarioId: request.scenarioId,
15769
15884
  });
15770
- preflightCheck(this.initialized, this.ssoSilentMeasurement, request.account);
15885
+ preflightCheck(this.initialized, this.ssoSilentMeasurement, this.config, validRequest);
15771
15886
  this.ssoSilentMeasurement?.increment({
15772
15887
  visibilityChangeCount: 0,
15773
15888
  });
@@ -15831,7 +15946,7 @@ class StandardController {
15831
15946
  const correlationId = this.getRequestCorrelationId(request);
15832
15947
  this.logger.trace("0ch6ga", correlationId);
15833
15948
  const atbcMeasurement = this.performanceClient.startMeasurement(AcquireTokenByCode, correlationId);
15834
- preflightCheck(this.initialized, atbcMeasurement);
15949
+ preflightCheck(this.initialized, atbcMeasurement, this.config, request);
15835
15950
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Silent, request);
15836
15951
  atbcMeasurement.add({ scenarioId: request.scenarioId });
15837
15952
  try {
@@ -16333,7 +16448,7 @@ class StandardController {
16333
16448
  cacheLookupPolicy: request.cacheLookupPolicy,
16334
16449
  scenarioId: request.scenarioId,
16335
16450
  });
16336
- preflightCheck(this.initialized, atsMeasurement, request.account);
16451
+ preflightCheck(this.initialized, atsMeasurement, this.config, request);
16337
16452
  this.logger.verbose("0x1c4s", correlationId);
16338
16453
  const account = request.account || this.getActiveAccount();
16339
16454
  if (!account) {
@@ -16789,6 +16904,7 @@ class NestedAppAuthAdapter {
16789
16904
  platformBrokerId: request.account?.homeAccountId,
16790
16905
  clientId: this.clientId,
16791
16906
  authority: request.authority,
16907
+ resource: request.resource,
16792
16908
  scope: scopes.join(" "),
16793
16909
  correlationId,
16794
16910
  claims: !StringUtils.isEmptyObj(claims) ? claims : undefined,
@@ -17059,6 +17175,7 @@ class NestedAppAuthController {
17059
17175
  const atPopupMeasurement = this.performanceClient.startMeasurement(AcquireTokenPopup, correlationId);
17060
17176
  atPopupMeasurement.add({ nestedAppAuthRequest: true });
17061
17177
  try {
17178
+ enforceResourceParameter(this.config.auth.isMcp, validRequest);
17062
17179
  const naaRequest = this.nestedAppAuthAdapter.toNaaTokenRequest(validRequest);
17063
17180
  const reqTimestamp = nowSeconds();
17064
17181
  const response = await this.bridgeProxy.getTokenInteractive(naaRequest);
@@ -17125,6 +17242,7 @@ class NestedAppAuthController {
17125
17242
  nestedAppAuthRequest: true,
17126
17243
  });
17127
17244
  try {
17245
+ enforceResourceParameter(this.config.auth.isMcp, validRequest);
17128
17246
  const naaRequest = this.nestedAppAuthAdapter.toNaaTokenRequest(validRequest);
17129
17247
  naaRequest.forceRefresh = validRequest.forceRefresh;
17130
17248
  const reqTimestamp = nowSeconds();
@@ -17259,6 +17377,14 @@ class NestedAppAuthController {
17259
17377
  this.logger.verbose("18egye", correlationId);
17260
17378
  return Promise.resolve(null);
17261
17379
  }
17380
+ else if (authRequest.resource) {
17381
+ const requestedResource = authRequest.resource;
17382
+ const cachedResource = cachedAccessToken.resource;
17383
+ if (!cachedResource || cachedResource !== requestedResource) {
17384
+ this.logger.verbose("0qraxd", correlationId);
17385
+ return Promise.resolve(null);
17386
+ }
17387
+ }
17262
17388
  const cachedIdToken = this.browserStorage.getIdToken(currentAccount, authRequest.correlationId, tokenKeys, currentAccount.tenantId);
17263
17389
  if (!cachedIdToken) {
17264
17390
  this.logger.verbose("0d68kd", correlationId);
@@ -18428,11 +18554,14 @@ class BrowserPerformanceClient extends PerformanceClient {
18428
18554
  return {
18429
18555
  ...inProgressEvent,
18430
18556
  end: (event, error, account) => {
18557
+ const networkInfo = getNetworkInfo();
18431
18558
  const res = inProgressEvent.end({
18432
18559
  ...event,
18433
18560
  startPageVisibility,
18434
18561
  endPageVisibility: this.getPageVisibility(),
18435
18562
  durationMs: getPerfDurationMs(startTime),
18563
+ networkEffectiveType: networkInfo.effectiveType,
18564
+ networkRtt: networkInfo.rtt,
18436
18565
  }, error, account);
18437
18566
  void browserMeasurement?.then((measurement) => measurement.endMeasurement());
18438
18567
  this.deleteIncompleteSubMeasurements(inProgressEvent);
@@ -18604,6 +18733,7 @@ exports.StubPerformanceClient = StubPerformanceClient;
18604
18733
  exports.WrapperSKU = WrapperSKU;
18605
18734
  exports.createNestablePublicClientApplication = createNestablePublicClientApplication;
18606
18735
  exports.createStandardPublicClientApplication = createStandardPublicClientApplication;
18736
+ exports.enforceResourceParameter = enforceResourceParameter;
18607
18737
  exports.isPlatformBrokerAvailable = isPlatformBrokerAvailable;
18608
18738
  exports.loadExternalTokens = loadExternalTokens;
18609
18739
  exports.stubbedPublicClientApplication = stubbedPublicClientApplication;