@azure/msal-browser 5.4.0 → 5.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (443) hide show
  1. package/README.md +1 -0
  2. package/dist/app/IPublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientApplication.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +27 -12
  7. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
  8. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  9. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  10. package/dist/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  11. package/dist/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  12. package/dist/cache/AccountManager.d.ts.map +1 -1
  13. package/dist/cache/AccountManager.mjs +1 -5
  14. package/dist/cache/AccountManager.mjs.map +1 -1
  15. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  16. package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
  17. package/dist/cache/BrowserCacheManager.mjs +4 -1
  18. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  19. package/dist/cache/CacheHelpers.mjs +1 -1
  20. package/dist/cache/CacheKeys.mjs +1 -1
  21. package/dist/cache/CookieStorage.mjs +1 -1
  22. package/dist/cache/DatabaseStorage.mjs +1 -1
  23. package/dist/cache/EncryptedData.mjs +1 -1
  24. package/dist/cache/LocalStorage.mjs +1 -1
  25. package/dist/cache/MemoryStorage.mjs +1 -1
  26. package/dist/cache/SessionStorage.mjs +1 -1
  27. package/dist/cache/TokenCache.mjs +1 -1
  28. package/dist/config/Configuration.d.ts +4 -0
  29. package/dist/config/Configuration.d.ts.map +1 -1
  30. package/dist/config/Configuration.mjs +2 -1
  31. package/dist/config/Configuration.mjs.map +1 -1
  32. package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
  33. package/dist/controllers/NestedAppAuthController.mjs +12 -2
  34. package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
  35. package/dist/controllers/StandardController.d.ts.map +1 -1
  36. package/dist/controllers/StandardController.mjs +11 -8
  37. package/dist/controllers/StandardController.mjs.map +1 -1
  38. package/dist/crypto/BrowserCrypto.mjs +1 -1
  39. package/dist/crypto/CryptoOps.mjs +1 -1
  40. package/dist/crypto/PkceGenerator.mjs +1 -1
  41. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  42. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  43. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  44. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  45. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +27 -12
  46. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
  47. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  48. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  49. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  50. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  51. package/dist/custom-auth-path/cache/AccountManager.d.ts.map +1 -1
  52. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -5
  53. package/dist/custom-auth-path/cache/AccountManager.mjs.map +1 -1
  54. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  55. package/dist/custom-auth-path/cache/BrowserCacheManager.d.ts.map +1 -1
  56. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +4 -1
  57. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs.map +1 -1
  58. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  59. package/dist/custom-auth-path/cache/CacheKeys.mjs +1 -1
  60. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  61. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  62. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  63. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  64. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  65. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  66. package/dist/custom-auth-path/config/Configuration.d.ts +4 -0
  67. package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
  68. package/dist/custom-auth-path/config/Configuration.mjs +2 -1
  69. package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
  70. package/dist/custom-auth-path/controllers/NestedAppAuthController.d.ts.map +1 -1
  71. package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
  72. package/dist/custom-auth-path/controllers/StandardController.mjs +11 -8
  73. package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
  74. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  75. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  76. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  78. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  158. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  159. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  160. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  169. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  170. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  171. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  172. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  173. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  174. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  175. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  176. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  177. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  178. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  179. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  180. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  181. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  182. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  183. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  184. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  185. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  186. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  187. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  188. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  189. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  190. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  191. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  192. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  193. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  194. package/dist/custom-auth-path/index.d.ts +1 -1
  195. package/dist/custom-auth-path/index.d.ts.map +1 -1
  196. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  197. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  198. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  199. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +2 -1
  200. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  201. package/dist/custom-auth-path/interaction_client/PopupClient.d.ts.map +1 -1
  202. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +5 -5
  203. package/dist/custom-auth-path/interaction_client/PopupClient.mjs.map +1 -1
  204. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
  205. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  206. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  207. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
  208. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +3 -3
  209. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
  210. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  211. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  212. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +6 -1
  213. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs.map +1 -1
  214. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  215. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
  216. package/dist/custom-auth-path/log-strings-mapping.json +19 -7
  217. package/dist/custom-auth-path/naa/TokenRequest.d.ts +1 -0
  218. package/dist/custom-auth-path/naa/TokenRequest.d.ts.map +1 -1
  219. package/dist/custom-auth-path/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  220. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  221. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  222. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  223. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  224. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  225. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  226. package/dist/custom-auth-path/protocol/Authorize.d.ts +33 -0
  227. package/dist/custom-auth-path/protocol/Authorize.d.ts.map +1 -1
  228. package/dist/custom-auth-path/protocol/Authorize.mjs +62 -2
  229. package/dist/custom-auth-path/protocol/Authorize.mjs.map +1 -1
  230. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  231. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  232. package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  233. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +1 -1
  234. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  235. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  236. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  237. package/dist/custom-auth-path/utils/BrowserUtils.d.ts +2 -2
  238. package/dist/custom-auth-path/utils/BrowserUtils.d.ts.map +1 -1
  239. package/dist/custom-auth-path/utils/BrowserUtils.mjs +12 -2
  240. package/dist/custom-auth-path/utils/BrowserUtils.mjs.map +1 -1
  241. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  242. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.d.ts +10 -0
  243. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  244. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +5 -1
  245. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs.map +1 -1
  246. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  247. package/dist/encode/Base64Decode.mjs +1 -1
  248. package/dist/encode/Base64Encode.mjs +1 -1
  249. package/dist/error/BrowserAuthError.mjs +1 -1
  250. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  251. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  252. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  253. package/dist/error/NativeAuthError.mjs +1 -1
  254. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  255. package/dist/error/NestedAppAuthError.mjs +1 -1
  256. package/dist/event/EventHandler.mjs +1 -1
  257. package/dist/event/EventMessage.mjs +1 -1
  258. package/dist/event/EventType.mjs +1 -1
  259. package/dist/index.d.ts +1 -1
  260. package/dist/index.d.ts.map +1 -1
  261. package/dist/index.mjs +2 -2
  262. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  263. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  264. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  265. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +2 -1
  266. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  267. package/dist/interaction_client/PopupClient.d.ts.map +1 -1
  268. package/dist/interaction_client/PopupClient.mjs +5 -5
  269. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  270. package/dist/interaction_client/RedirectClient.mjs +1 -1
  271. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  272. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  273. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  274. package/dist/interaction_client/SilentIframeClient.mjs +3 -3
  275. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  276. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  277. package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  278. package/dist/interaction_client/StandardInteractionClient.mjs +6 -1
  279. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  280. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  281. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  282. package/dist/log-strings-mapping.json +23 -11
  283. package/dist/naa/BridgeError.mjs +1 -1
  284. package/dist/naa/BridgeProxy.mjs +1 -1
  285. package/dist/naa/BridgeStatusCode.mjs +1 -1
  286. package/dist/naa/TokenRequest.d.ts +1 -0
  287. package/dist/naa/TokenRequest.d.ts.map +1 -1
  288. package/dist/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  289. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +2 -1
  290. package/dist/naa/mapping/NestedAppAuthAdapter.mjs.map +1 -1
  291. package/dist/navigation/NavigationClient.mjs +1 -1
  292. package/dist/network/FetchClient.mjs +1 -1
  293. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  294. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  295. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  296. package/dist/packageMetadata.d.ts +1 -1
  297. package/dist/packageMetadata.mjs +2 -2
  298. package/dist/protocol/Authorize.d.ts +33 -0
  299. package/dist/protocol/Authorize.d.ts.map +1 -1
  300. package/dist/protocol/Authorize.mjs +62 -2
  301. package/dist/protocol/Authorize.mjs.map +1 -1
  302. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  303. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  304. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  305. package/dist/redirect-bridge/cache/AccountManager.d.ts.map +1 -1
  306. package/dist/redirect-bridge/cache/BrowserCacheManager.d.ts.map +1 -1
  307. package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
  308. package/dist/redirect-bridge/config/Configuration.d.ts +4 -0
  309. package/dist/redirect-bridge/config/Configuration.d.ts.map +1 -1
  310. package/dist/redirect-bridge/config/Configuration.mjs +1 -1
  311. package/dist/redirect-bridge/controllers/NestedAppAuthController.d.ts.map +1 -1
  312. package/dist/redirect-bridge/controllers/StandardController.d.ts.map +1 -1
  313. package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
  314. package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
  315. package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
  316. package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
  317. package/dist/redirect-bridge/index.d.ts +1 -1
  318. package/dist/redirect-bridge/index.d.ts.map +1 -1
  319. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  320. package/dist/redirect-bridge/interaction_client/PopupClient.d.ts.map +1 -1
  321. package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts.map +1 -1
  322. package/dist/redirect-bridge/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  323. package/dist/redirect-bridge/naa/TokenRequest.d.ts +1 -0
  324. package/dist/redirect-bridge/naa/TokenRequest.d.ts.map +1 -1
  325. package/dist/redirect-bridge/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  326. package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
  327. package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
  328. package/dist/redirect-bridge/protocol/Authorize.d.ts +33 -0
  329. package/dist/redirect-bridge/protocol/Authorize.d.ts.map +1 -1
  330. package/dist/redirect-bridge/redirect_bridge/index.mjs +1 -1
  331. package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  332. package/dist/redirect-bridge/utils/BrowserConstants.mjs +1 -1
  333. package/dist/redirect-bridge/utils/BrowserUtils.d.ts +2 -2
  334. package/dist/redirect-bridge/utils/BrowserUtils.d.ts.map +1 -1
  335. package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
  336. package/dist/redirect-bridge/utils/BrowserUtils.mjs.map +1 -1
  337. package/dist/redirect-bridge/utils/MsalFrameStatsUtils.d.ts +10 -0
  338. package/dist/redirect-bridge/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  339. package/dist/request/RequestHelpers.mjs +1 -1
  340. package/dist/response/ResponseHandler.mjs +1 -1
  341. package/dist/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  342. package/dist/telemetry/BrowserPerformanceClient.mjs +5 -1
  343. package/dist/telemetry/BrowserPerformanceClient.mjs.map +1 -1
  344. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  345. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  346. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  347. package/dist/utils/BrowserConstants.mjs +1 -1
  348. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  349. package/dist/utils/BrowserUtils.d.ts +2 -2
  350. package/dist/utils/BrowserUtils.d.ts.map +1 -1
  351. package/dist/utils/BrowserUtils.mjs +12 -2
  352. package/dist/utils/BrowserUtils.mjs.map +1 -1
  353. package/dist/utils/Helpers.mjs +1 -1
  354. package/dist/utils/MsalFrameStatsUtils.d.ts +10 -0
  355. package/dist/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  356. package/dist/utils/MsalFrameStatsUtils.mjs +18 -2
  357. package/dist/utils/MsalFrameStatsUtils.mjs.map +1 -1
  358. package/lib/custom-auth-path/log-strings-mapping.json +19 -7
  359. package/lib/custom-auth-path/msal-custom-auth.cjs +264 -96
  360. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  361. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  362. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  363. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  364. package/lib/custom-auth-path/types/cache/AccountManager.d.ts.map +1 -1
  365. package/lib/custom-auth-path/types/cache/BrowserCacheManager.d.ts.map +1 -1
  366. package/lib/custom-auth-path/types/config/Configuration.d.ts +4 -0
  367. package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
  368. package/lib/custom-auth-path/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  369. package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
  370. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  371. package/lib/custom-auth-path/types/index.d.ts +1 -1
  372. package/lib/custom-auth-path/types/index.d.ts.map +1 -1
  373. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  374. package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts.map +1 -1
  375. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  376. package/lib/custom-auth-path/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  377. package/lib/custom-auth-path/types/naa/TokenRequest.d.ts +1 -0
  378. package/lib/custom-auth-path/types/naa/TokenRequest.d.ts.map +1 -1
  379. package/lib/custom-auth-path/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  380. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  381. package/lib/custom-auth-path/types/protocol/Authorize.d.ts +33 -0
  382. package/lib/custom-auth-path/types/protocol/Authorize.d.ts.map +1 -1
  383. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  384. package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts +2 -2
  385. package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts.map +1 -1
  386. package/lib/custom-auth-path/types/utils/MsalFrameStatsUtils.d.ts +10 -0
  387. package/lib/custom-auth-path/types/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  388. package/lib/log-strings-mapping.json +23 -11
  389. package/lib/msal-browser.cjs +302 -100
  390. package/lib/msal-browser.cjs.map +1 -1
  391. package/lib/msal-browser.js +302 -100
  392. package/lib/msal-browser.js.map +1 -1
  393. package/lib/msal-browser.min.js +2 -2
  394. package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
  395. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  396. package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
  397. package/lib/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  398. package/lib/types/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  399. package/lib/types/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  400. package/lib/types/cache/AccountManager.d.ts.map +1 -1
  401. package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
  402. package/lib/types/config/Configuration.d.ts +4 -0
  403. package/lib/types/config/Configuration.d.ts.map +1 -1
  404. package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  405. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  406. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  407. package/lib/types/index.d.ts +1 -1
  408. package/lib/types/index.d.ts.map +1 -1
  409. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  410. package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
  411. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  412. package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  413. package/lib/types/naa/TokenRequest.d.ts +1 -0
  414. package/lib/types/naa/TokenRequest.d.ts.map +1 -1
  415. package/lib/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  416. package/lib/types/packageMetadata.d.ts +1 -1
  417. package/lib/types/protocol/Authorize.d.ts +33 -0
  418. package/lib/types/protocol/Authorize.d.ts.map +1 -1
  419. package/lib/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  420. package/lib/types/utils/BrowserUtils.d.ts +2 -2
  421. package/lib/types/utils/BrowserUtils.d.ts.map +1 -1
  422. package/lib/types/utils/MsalFrameStatsUtils.d.ts +10 -0
  423. package/lib/types/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  424. package/package.json +2 -2
  425. package/src/broker/nativeBroker/PlatformAuthDOMHandler.ts +34 -17
  426. package/src/broker/nativeBroker/PlatformAuthRequest.ts +1 -0
  427. package/src/cache/AccountManager.ts +0 -5
  428. package/src/cache/BrowserCacheManager.ts +4 -0
  429. package/src/config/Configuration.ts +5 -0
  430. package/src/controllers/NestedAppAuthController.ts +14 -0
  431. package/src/controllers/StandardController.ts +13 -6
  432. package/src/index.ts +1 -0
  433. package/src/interaction_client/PlatformAuthInteractionClient.ts +1 -0
  434. package/src/interaction_client/PopupClient.ts +8 -4
  435. package/src/interaction_client/SilentIframeClient.ts +4 -2
  436. package/src/interaction_client/StandardInteractionClient.ts +11 -0
  437. package/src/naa/TokenRequest.ts +1 -0
  438. package/src/naa/mapping/NestedAppAuthAdapter.ts +1 -0
  439. package/src/packageMetadata.ts +1 -1
  440. package/src/protocol/Authorize.ts +100 -0
  441. package/src/telemetry/BrowserPerformanceClient.ts +4 -0
  442. package/src/utils/BrowserUtils.ts +24 -1
  443. package/src/utils/MsalFrameStatsUtils.ts +27 -0
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v5.4.0 2026-03-02 */
1
+ /*! @azure/msal-browser v5.6.0 2026-03-18 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -229,7 +229,7 @@ const JsonWebTokenTypes = {
229
229
  // Token renewal offset default in seconds
230
230
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
231
231
 
232
- /*! @azure/msal-common v16.2.0 2026-03-02 */
232
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
233
233
  /*
234
234
  * Copyright (c) Microsoft Corporation. All rights reserved.
235
235
  * Licensed under the MIT License.
@@ -277,9 +277,11 @@ const BROKER_CLIENT_ID = "brk_client_id";
277
277
  const BROKER_REDIRECT_URI = "brk_redirect_uri";
278
278
  const INSTANCE_AWARE = "instance_aware";
279
279
  const EAR_JWK = "ear_jwk";
280
- const EAR_JWE_CRYPTO = "ear_jwe_crypto";
280
+ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
281
+ const RESOURCE = "resource";
282
+ const CLI_DATA = "clidata";
281
283
 
282
- /*! @azure/msal-common v16.2.0 2026-03-02 */
284
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
283
285
  /*
284
286
  * Copyright (c) Microsoft Corporation. All rights reserved.
285
287
  * Licensed under the MIT License.
@@ -310,7 +312,7 @@ function createAuthError(code, additionalMessage) {
310
312
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
311
313
  }
312
314
 
313
- /*! @azure/msal-common v16.2.0 2026-03-02 */
315
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
314
316
 
315
317
  /*
316
318
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -330,7 +332,7 @@ function createClientConfigurationError(errorCode) {
330
332
  return new ClientConfigurationError(errorCode);
331
333
  }
332
334
 
333
- /*! @azure/msal-common v16.2.0 2026-03-02 */
335
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
334
336
  /*
335
337
  * Copyright (c) Microsoft Corporation. All rights reserved.
336
338
  * Licensed under the MIT License.
@@ -410,7 +412,7 @@ class StringUtils {
410
412
  }
411
413
  }
412
414
 
413
- /*! @azure/msal-common v16.2.0 2026-03-02 */
415
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
414
416
 
415
417
  /*
416
418
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -433,7 +435,7 @@ function createClientAuthError(errorCode, additionalMessage) {
433
435
  return new ClientAuthError(errorCode, additionalMessage);
434
436
  }
435
437
 
436
- /*! @azure/msal-common v16.2.0 2026-03-02 */
438
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
437
439
  /*
438
440
  * Copyright (c) Microsoft Corporation. All rights reserved.
439
441
  * Licensed under the MIT License.
@@ -457,7 +459,7 @@ const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
457
459
  const authorityMismatch = "authority_mismatch";
458
460
  const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
459
461
 
460
- /*! @azure/msal-common v16.2.0 2026-03-02 */
462
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
461
463
  /*
462
464
  * Copyright (c) Microsoft Corporation. All rights reserved.
463
465
  * Licensed under the MIT License.
@@ -492,9 +494,11 @@ const authorizationCodeMissingFromServerResponse = "authorization_code_missing_f
492
494
  const bindingKeyNotRemoved = "binding_key_not_removed";
493
495
  const endSessionEndpointNotSupported = "end_session_endpoint_not_supported";
494
496
  const keyIdMissing = "key_id_missing";
495
- const methodNotImplemented = "method_not_implemented";
497
+ const methodNotImplemented = "method_not_implemented";
498
+ const resourceParameterRequired = "resource_parameter_required";
499
+ const misplacedResourceParam = "misplaced_resource_parameter";
496
500
 
497
- /*! @azure/msal-common v16.2.0 2026-03-02 */
501
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
498
502
 
499
503
  /*
500
504
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -689,7 +693,7 @@ class ScopeSet {
689
693
  }
690
694
  }
691
695
 
692
- /*! @azure/msal-common v16.2.0 2026-03-02 */
696
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
693
697
 
694
698
  /*
695
699
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -955,6 +959,12 @@ function addGrantType(parameters, grantType) {
955
959
  function addClientInfo(parameters) {
956
960
  parameters.set(CLIENT_INFO, "1");
957
961
  }
962
+ /**
963
+ * add clidata=1 to request to indicate client data support
964
+ */
965
+ function addCliData(parameters) {
966
+ parameters.set(CLI_DATA, "1");
967
+ }
958
968
  function addInstanceAware(parameters) {
959
969
  if (!parameters.has(INSTANCE_AWARE)) {
960
970
  parameters.set(INSTANCE_AWARE, "true");
@@ -1054,9 +1064,14 @@ function addEARParameters(parameters, jwk) {
1054
1064
  // ear_jwe_crypto will always have value: {"alg":"dir","enc":"A256GCM"} so we can hardcode this
1055
1065
  const jweCryptoB64Encoded = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0";
1056
1066
  parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
1067
+ }
1068
+ function addResource(parameters, resource) {
1069
+ if (resource) {
1070
+ parameters.set(RESOURCE, resource);
1071
+ }
1057
1072
  }
1058
1073
 
1059
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1074
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1060
1075
 
1061
1076
  /*
1062
1077
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1165,7 +1180,7 @@ function normalizeUrlForComparison(url) {
1165
1180
  }
1166
1181
  }
1167
1182
 
1168
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1183
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1169
1184
 
1170
1185
  /*
1171
1186
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1204,7 +1219,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
1204
1219
  },
1205
1220
  };
1206
1221
 
1207
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1222
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1208
1223
  /*
1209
1224
  * Copyright (c) Microsoft Corporation. All rights reserved.
1210
1225
  * Licensed under the MIT License.
@@ -1465,12 +1480,12 @@ class Logger {
1465
1480
  }
1466
1481
  }
1467
1482
 
1468
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1483
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1469
1484
  /* eslint-disable header/header */
1470
1485
  const name$1 = "@azure/msal-common";
1471
- const version$1 = "16.2.0";
1486
+ const version$1 = "16.4.0";
1472
1487
 
1473
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1488
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1474
1489
  /*
1475
1490
  * Copyright (c) Microsoft Corporation. All rights reserved.
1476
1491
  * Licensed under the MIT License.
@@ -1479,7 +1494,7 @@ const AzureCloudInstance = {
1479
1494
  // AzureCloudInstance is not specified.
1480
1495
  None: "none"};
1481
1496
 
1482
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1497
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1483
1498
  /*
1484
1499
  * Copyright (c) Microsoft Corporation. All rights reserved.
1485
1500
  * Licensed under the MIT License.
@@ -1561,7 +1576,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1561
1576
  return updatedAccountInfo;
1562
1577
  }
1563
1578
 
1564
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1579
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1565
1580
 
1566
1581
  /*
1567
1582
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1641,7 +1656,7 @@ function checkMaxAge(authTime, maxAge) {
1641
1656
  }
1642
1657
  }
1643
1658
 
1644
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1659
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1645
1660
 
1646
1661
  /*
1647
1662
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1798,7 +1813,7 @@ class UrlString {
1798
1813
  }
1799
1814
  }
1800
1815
 
1801
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1816
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1802
1817
 
1803
1818
  /*
1804
1819
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1955,7 +1970,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1955
1970
  return null;
1956
1971
  }
1957
1972
 
1958
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1973
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1959
1974
  /*
1960
1975
  * Copyright (c) Microsoft Corporation. All rights reserved.
1961
1976
  * Licensed under the MIT License.
@@ -1963,7 +1978,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1963
1978
  const cacheQuotaExceeded = "cache_quota_exceeded";
1964
1979
  const cacheErrorUnknown = "cache_error_unknown";
1965
1980
 
1966
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1981
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1967
1982
 
1968
1983
  /*
1969
1984
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2001,7 +2016,7 @@ function createCacheError(e) {
2001
2016
  }
2002
2017
  }
2003
2018
 
2004
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2019
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
2005
2020
 
2006
2021
  /*
2007
2022
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2039,7 +2054,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
2039
2054
  };
2040
2055
  }
2041
2056
 
2042
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2057
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
2043
2058
  /*
2044
2059
  * Copyright (c) Microsoft Corporation. All rights reserved.
2045
2060
  * Licensed under the MIT License.
@@ -2054,7 +2069,7 @@ const AuthorityType = {
2054
2069
  Ciam: 3,
2055
2070
  };
2056
2071
 
2057
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2072
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
2058
2073
  /*
2059
2074
  * Copyright (c) Microsoft Corporation. All rights reserved.
2060
2075
  * Licensed under the MIT License.
@@ -2076,7 +2091,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
2076
2091
  return null;
2077
2092
  }
2078
2093
 
2079
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2094
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
2080
2095
  /*
2081
2096
  * Copyright (c) Microsoft Corporation. All rights reserved.
2082
2097
  * Licensed under the MIT License.
@@ -2100,7 +2115,7 @@ const ProtocolMode = {
2100
2115
  EAR: "EAR",
2101
2116
  };
2102
2117
 
2103
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2118
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
2104
2119
  /**
2105
2120
  * Returns the AccountInfo interface for this account.
2106
2121
  */
@@ -2275,7 +2290,7 @@ function isAccountEntity(entity) {
2275
2290
  entity.hasOwnProperty("authorityType"));
2276
2291
  }
2277
2292
 
2278
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2293
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
2279
2294
 
2280
2295
  /*
2281
2296
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2305,6 +2320,11 @@ class CacheManager {
2305
2320
  * Gets first tenanted AccountInfo object found based on provided filters
2306
2321
  */
2307
2322
  getAccountInfoFilteredBy(accountFilter, correlationId) {
2323
+ if (Object.keys(accountFilter).length === 0 ||
2324
+ Object.values(accountFilter).every((value) => value === null || value === undefined || value === "")) {
2325
+ this.commonLogger.warning("1skb02", correlationId);
2326
+ return null;
2327
+ }
2308
2328
  const allAccounts = this.getAllAccounts(accountFilter, correlationId);
2309
2329
  if (allAccounts.length > 1) {
2310
2330
  // If one or more accounts are found, prioritize accounts that have an ID token
@@ -3371,7 +3391,7 @@ class DefaultStorageClass extends CacheManager {
3371
3391
  }
3372
3392
  }
3373
3393
 
3374
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3394
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3375
3395
  /*
3376
3396
  * Copyright (c) Microsoft Corporation. All rights reserved.
3377
3397
  * Licensed under the MIT License.
@@ -3385,7 +3405,7 @@ class DefaultStorageClass extends CacheManager {
3385
3405
  const PerformanceEventStatus = {
3386
3406
  InProgress: 1};
3387
3407
 
3388
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3408
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3389
3409
 
3390
3410
  /*
3391
3411
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3440,7 +3460,7 @@ class StubPerformanceClient {
3440
3460
  }
3441
3461
  }
3442
3462
 
3443
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3463
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3444
3464
 
3445
3465
  /*
3446
3466
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3523,6 +3543,7 @@ function buildAuthOptions(authOptions) {
3523
3543
  clientCapabilities: [],
3524
3544
  azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS,
3525
3545
  instanceAware: false,
3546
+ isMcp: false,
3526
3547
  ...authOptions,
3527
3548
  };
3528
3549
  }
@@ -3534,7 +3555,7 @@ function isOidcProtocolMode(config) {
3534
3555
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3535
3556
  }
3536
3557
 
3537
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3558
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3538
3559
 
3539
3560
  /*
3540
3561
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3553,7 +3574,7 @@ class ServerError extends AuthError {
3553
3574
  }
3554
3575
  }
3555
3576
 
3556
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3577
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3557
3578
  /*
3558
3579
  * Copyright (c) Microsoft Corporation. All rights reserved.
3559
3580
  * Licensed under the MIT License.
@@ -3604,7 +3625,7 @@ const badToken = "bad_token";
3604
3625
  */
3605
3626
  const interruptedUser = "interrupted_user";
3606
3627
 
3607
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3628
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3608
3629
 
3609
3630
  /*
3610
3631
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3672,7 +3693,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
3672
3693
  return new InteractionRequiredAuthError(errorCode, errorMessage);
3673
3694
  }
3674
3695
 
3675
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3696
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3676
3697
 
3677
3698
  /*
3678
3699
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3740,7 +3761,7 @@ function parseRequestState(base64Decode, state) {
3740
3761
  }
3741
3762
  }
3742
3763
 
3743
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3764
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3744
3765
  /*
3745
3766
  * Copyright (c) Microsoft Corporation. All rights reserved.
3746
3767
  * Licensed under the MIT License.
@@ -3805,7 +3826,7 @@ function wasClockTurnedBack(cachedAt) {
3805
3826
  return cachedAtSec > nowSeconds();
3806
3827
  }
3807
3828
 
3808
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3829
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3809
3830
  /*
3810
3831
  * Copyright (c) Microsoft Corporation. All rights reserved.
3811
3832
  * Licensed under the MIT License.
@@ -3876,7 +3897,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
3876
3897
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
3877
3898
  const SetUserData = "setUserData";
3878
3899
 
3879
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3900
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3880
3901
  /*
3881
3902
  * Copyright (c) Microsoft Corporation. All rights reserved.
3882
3903
  * Licensed under the MIT License.
@@ -3969,7 +3990,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
3969
3990
  };
3970
3991
  };
3971
3992
 
3972
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3993
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3973
3994
 
3974
3995
  /*
3975
3996
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4049,7 +4070,7 @@ class PopTokenGenerator {
4049
4070
  }
4050
4071
  }
4051
4072
 
4052
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4073
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4053
4074
  /*
4054
4075
  * Copyright (c) Microsoft Corporation. All rights reserved.
4055
4076
  * Licensed under the MIT License.
@@ -4076,7 +4097,7 @@ class PopTokenGenerator {
4076
4097
  }
4077
4098
  }
4078
4099
 
4079
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4100
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4080
4101
 
4081
4102
  /*
4082
4103
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4335,7 +4356,7 @@ function isAuthorityMetadataExpired(metadata) {
4335
4356
  return metadata.expiresAt <= nowSeconds();
4336
4357
  }
4337
4358
 
4338
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4359
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4339
4360
 
4340
4361
  /*
4341
4362
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4520,6 +4541,11 @@ class ResponseHandler {
4520
4541
  : undefined;
4521
4542
  // non AAD scenarios can have empty realm
4522
4543
  cachedAccessToken = createAccessTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.access_token, this.clientId, claimsTenantId || authority.tenant || "", responseScopes.printScopes(), tokenExpirationSeconds, extendedTokenExpirationSeconds, this.cryptoObj.base64Decode, refreshOnSeconds, serverTokenResponse.token_type, userAssertionHash, serverTokenResponse.key_id);
4544
+ // Set resource (to be used for MCP scenarios)
4545
+ const resource = request.resource || null;
4546
+ if (resource) {
4547
+ cachedAccessToken.resource = resource;
4548
+ }
4523
4549
  }
4524
4550
  // refreshToken
4525
4551
  let cachedRefreshToken = null;
@@ -4671,7 +4697,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
4671
4697
  return baseAccount;
4672
4698
  }
4673
4699
 
4674
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4700
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4675
4701
  /*
4676
4702
  * Copyright (c) Microsoft Corporation. All rights reserved.
4677
4703
  * Licensed under the MIT License.
@@ -4681,7 +4707,7 @@ const CcsCredentialType = {
4681
4707
  UPN: "UPN",
4682
4708
  };
4683
4709
 
4684
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4710
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4685
4711
  /*
4686
4712
  * Copyright (c) Microsoft Corporation. All rights reserved.
4687
4713
  * Licensed under the MIT License.
@@ -4699,7 +4725,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
4699
4725
  }
4700
4726
  }
4701
4727
 
4702
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4728
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4703
4729
  /*
4704
4730
  * Copyright (c) Microsoft Corporation. All rights reserved.
4705
4731
  * Licensed under the MIT License.
@@ -4720,7 +4746,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
4720
4746
  };
4721
4747
  }
4722
4748
 
4723
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4749
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4724
4750
 
4725
4751
  /*
4726
4752
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4806,7 +4832,7 @@ class ThrottlingUtils {
4806
4832
  }
4807
4833
  }
4808
4834
 
4809
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4835
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4810
4836
 
4811
4837
  /*
4812
4838
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4837,7 +4863,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
4837
4863
  return new NetworkError(error, httpStatus, responseHeaders);
4838
4864
  }
4839
4865
 
4840
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4866
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4841
4867
 
4842
4868
  /*
4843
4869
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4951,7 +4977,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
4951
4977
  return response;
4952
4978
  }
4953
4979
 
4954
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4980
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4955
4981
  /*
4956
4982
  * Copyright (c) Microsoft Corporation. All rights reserved.
4957
4983
  * Licensed under the MIT License.
@@ -4963,7 +4989,7 @@ function isOpenIdConfigResponse(response) {
4963
4989
  response.hasOwnProperty("jwks_uri"));
4964
4990
  }
4965
4991
 
4966
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4992
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4967
4993
  /*
4968
4994
  * Copyright (c) Microsoft Corporation. All rights reserved.
4969
4995
  * Licensed under the MIT License.
@@ -4973,7 +4999,7 @@ function isCloudInstanceDiscoveryResponse(response) {
4973
4999
  response.hasOwnProperty("metadata"));
4974
5000
  }
4975
5001
 
4976
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5002
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4977
5003
  /*
4978
5004
  * Copyright (c) Microsoft Corporation. All rights reserved.
4979
5005
  * Licensed under the MIT License.
@@ -4983,7 +5009,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
4983
5009
  response.hasOwnProperty("error_description"));
4984
5010
  }
4985
5011
 
4986
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5012
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4987
5013
 
4988
5014
  /*
4989
5015
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5088,7 +5114,7 @@ RegionDiscovery.IMDS_OPTIONS = {
5088
5114
  },
5089
5115
  };
5090
5116
 
5091
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5117
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
5092
5118
 
5093
5119
  /*
5094
5120
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5908,7 +5934,7 @@ function buildStaticAuthorityOptions(authOptions) {
5908
5934
  };
5909
5935
  }
5910
5936
 
5911
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5937
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
5912
5938
 
5913
5939
  /*
5914
5940
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5942,7 +5968,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
5942
5968
  }
5943
5969
  }
5944
5970
 
5945
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5971
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
5946
5972
 
5947
5973
  /*
5948
5974
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6062,6 +6088,7 @@ class AuthorizationCodeClient {
6062
6088
  }
6063
6089
  // Add scope array, parameter builder will add default scopes and dedupe
6064
6090
  addScopes(parameters, request.scopes, true, this.oidcDefaultScopes);
6091
+ addResource(parameters, request.resource);
6065
6092
  // add code: user set, not validated
6066
6093
  addAuthorizationCode(parameters, request.code);
6067
6094
  // Add library metadata
@@ -6202,7 +6229,7 @@ class AuthorizationCodeClient {
6202
6229
  }
6203
6230
  }
6204
6231
 
6205
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6232
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6206
6233
 
6207
6234
  /*
6208
6235
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6427,7 +6454,7 @@ class RefreshTokenClient {
6427
6454
  }
6428
6455
  }
6429
6456
 
6430
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6457
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6431
6458
 
6432
6459
  /*
6433
6460
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6483,6 +6510,13 @@ class SilentFlowClient {
6483
6510
  this.setCacheOutcome(CacheOutcome.CACHED_ACCESS_TOKEN_EXPIRED, request.correlationId);
6484
6511
  throw createClientAuthError(tokenRefreshRequired);
6485
6512
  }
6513
+ else if (request.resource) {
6514
+ // cached access token must have a resource that matches the request resource for MCP scenarios
6515
+ if (cachedAccessToken.resource !== request.resource) {
6516
+ this.setCacheOutcome(CacheOutcome.NO_CACHED_ACCESS_TOKEN, request.correlationId);
6517
+ throw createClientAuthError(tokenRefreshRequired);
6518
+ }
6519
+ }
6486
6520
  else if (cachedAccessToken.refreshOn &&
6487
6521
  isTokenExpired(cachedAccessToken.refreshOn, 0)) {
6488
6522
  // must refresh (in the background) due to the refresh_in value
@@ -6536,7 +6570,7 @@ class SilentFlowClient {
6536
6570
  }
6537
6571
  }
6538
6572
 
6539
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6573
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6540
6574
 
6541
6575
  /*
6542
6576
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6551,7 +6585,7 @@ const StubbedNetworkModule = {
6551
6585
  },
6552
6586
  };
6553
6587
 
6554
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6588
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6555
6589
 
6556
6590
  /*
6557
6591
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6577,12 +6611,15 @@ function getStandardAuthorizeRequestParameters(authOptions, request, logger, per
6577
6611
  ...(request.extraScopesToConsent || []),
6578
6612
  ];
6579
6613
  addScopes(parameters, requestScopes, true, authOptions.authority.options.OIDCOptions?.defaultScopes);
6614
+ addResource(parameters, request.resource);
6580
6615
  addRedirectUri(parameters, request.redirectUri);
6581
6616
  addCorrelationId(parameters, correlationId);
6582
6617
  // add response_mode. If not passed in it defaults to query.
6583
6618
  addResponseMode(parameters, request.responseMode);
6584
6619
  // add client_info=1
6585
6620
  addClientInfo(parameters);
6621
+ // add clidata=1
6622
+ addCliData(parameters);
6586
6623
  if (request.prompt) {
6587
6624
  addPrompt(parameters, request.prompt);
6588
6625
  performanceClient?.addFields({ prompt: request.prompt }, correlationId);
@@ -6775,7 +6812,40 @@ function extractLoginHint(account) {
6775
6812
  return account.loginHint || account.idTokenClaims?.login_hint || null;
6776
6813
  }
6777
6814
 
6778
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6815
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6816
+
6817
+ /*
6818
+ * Copyright (c) Microsoft Corporation. All rights reserved.
6819
+ * Licensed under the MIT License.
6820
+ */
6821
+ /**
6822
+ * Helper to enforce resource parameter presence in token requests when isMcp is set in the configuration.
6823
+ * If resource parameter is set in both the request and in extraQueryParameters or extraParameters, an error will be thrown.
6824
+ * This is used for MCP flows.
6825
+ * @param isMcp - Flag indicating if application is an MCP app, from configuration
6826
+ * @param request - Auth request
6827
+ */
6828
+ function enforceResourceParameter(isMcp, request) {
6829
+ if (!isMcp) {
6830
+ return;
6831
+ }
6832
+ if (request.resource &&
6833
+ (containsResourceParam(request.extraParameters) ||
6834
+ containsResourceParam(request.extraQueryParameters))) {
6835
+ throw createClientAuthError(misplacedResourceParam);
6836
+ }
6837
+ if (!request.resource) {
6838
+ throw createClientAuthError(resourceParameterRequired);
6839
+ }
6840
+ }
6841
+ function containsResourceParam(params) {
6842
+ if (!params) {
6843
+ return false;
6844
+ }
6845
+ return Object.prototype.hasOwnProperty.call(params, "resource");
6846
+ }
6847
+
6848
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6779
6849
  /*
6780
6850
  * Copyright (c) Microsoft Corporation. All rights reserved.
6781
6851
  * Licensed under the MIT License.
@@ -6785,7 +6855,7 @@ function extractLoginHint(account) {
6785
6855
  */
6786
6856
  const unexpectedError = "unexpected_error";
6787
6857
 
6788
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6858
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6789
6859
 
6790
6860
  /*
6791
6861
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7046,7 +7116,7 @@ class ServerTelemetryManager {
7046
7116
  }
7047
7117
  }
7048
7118
 
7049
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7119
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
7050
7120
 
7051
7121
  /*
7052
7122
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7067,7 +7137,7 @@ function createJoseHeaderError(code) {
7067
7137
  return new JoseHeaderError(code);
7068
7138
  }
7069
7139
 
7070
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7140
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
7071
7141
  /*
7072
7142
  * Copyright (c) Microsoft Corporation. All rights reserved.
7073
7143
  * Licensed under the MIT License.
@@ -7075,7 +7145,7 @@ function createJoseHeaderError(code) {
7075
7145
  const missingKidError = "missing_kid_error";
7076
7146
  const missingAlgError = "missing_alg_error";
7077
7147
 
7078
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7148
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
7079
7149
 
7080
7150
  /*
7081
7151
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7510,7 +7580,7 @@ function ensureArgumentIsJSONString(argName, argValue, correlationId) {
7510
7580
 
7511
7581
  /* eslint-disable header/header */
7512
7582
  const name = "@azure/msal-browser";
7513
- const version = "5.4.0";
7583
+ const version = "5.6.0";
7514
7584
 
7515
7585
  /*
7516
7586
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8937,9 +9007,13 @@ function cancelPendingBridgeResponse(logger, correlationId) {
8937
9007
  activeBridgeMonitor = null;
8938
9008
  }
8939
9009
  }
8940
- async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request) {
9010
+ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient) {
8941
9011
  return new Promise((resolve, reject) => {
8942
9012
  logger.verbose("1rf6em", request.correlationId);
9013
+ const correlationId = request.correlationId;
9014
+ performanceClient.addFields({
9015
+ redirectBridgeTimeoutMs: timeoutMs,
9016
+ }, correlationId);
8943
9017
  const { libraryState } = parseRequestState(browserCrypto.base64Decode, request.state || "");
8944
9018
  const channel = new BroadcastChannel(libraryState.id);
8945
9019
  let responseString = undefined;
@@ -8957,6 +9031,12 @@ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request)
8957
9031
  };
8958
9032
  channel.onmessage = (event) => {
8959
9033
  responseString = event.data.payload;
9034
+ const messageVersion = event?.data && typeof event.data.v === "number"
9035
+ ? event.data.v
9036
+ : undefined;
9037
+ performanceClient.addFields({
9038
+ redirectBridgeMessageVersion: messageVersion,
9039
+ }, correlationId);
8960
9040
  // Clear the active monitor
8961
9041
  activeBridgeMonitor = null;
8962
9042
  clearTimeout(timeoutId);
@@ -9427,6 +9507,7 @@ class StandardInteractionClient extends BaseInteractionClient {
9427
9507
  authority: discoveredAuthority,
9428
9508
  clientCapabilities: this.config.auth.clientCapabilities,
9429
9509
  redirectUri: this.config.auth.redirectUri,
9510
+ isMcp: this.config.auth.isMcp,
9430
9511
  },
9431
9512
  systemOptions: {
9432
9513
  tokenRenewalOffsetSeconds: this.config.system.tokenRenewalOffsetSeconds,
@@ -9467,6 +9548,10 @@ class StandardInteractionClient extends BaseInteractionClient {
9467
9548
  */
9468
9549
  async function initializeAuthorizationRequest(request, interactionType, config, browserCrypto, browserStorage, logger, performanceClient, correlationId) {
9469
9550
  const redirectUri = getRedirectUri(request.redirectUri, config.auth.redirectUri, logger, correlationId);
9551
+ if (new URL(redirectUri).origin !== new URL(window.location.href).origin) {
9552
+ logger.warning("08qbvw", correlationId);
9553
+ performanceClient.addFields({ isRedirectUriCrossOrigin: true }, correlationId);
9554
+ }
9470
9555
  const browserState = {
9471
9556
  interactionType: interactionType,
9472
9557
  };
@@ -15894,6 +15979,9 @@ class BrowserCacheManager extends CacheManager {
15894
15979
  : 0, base64Decode, undefined, // refreshOn
15895
15980
  result.tokenType, undefined, // userAssertionHash
15896
15981
  request.sshKid);
15982
+ if (request.resource) {
15983
+ accessTokenEntity.resource = request.resource;
15984
+ }
15897
15985
  const cacheRecord = {
15898
15986
  idToken: idTokenEntity,
15899
15987
  accessToken: accessTokenEntity,
@@ -15979,10 +16067,6 @@ function getAllAccounts(logger, browserStorage, isInBrowser, correlationId, acco
15979
16067
  */
15980
16068
  function getAccount(accountFilter, logger, browserStorage, correlationId) {
15981
16069
  logger.trace("0u7b90", correlationId);
15982
- if (Object.keys(accountFilter).length === 0) {
15983
- logger.warning("1kz0cu", correlationId);
15984
- return null;
15985
- }
15986
16070
  const account = browserStorage.getAccountInfoFilteredBy(accountFilter, correlationId);
15987
16071
  if (account) {
15988
16072
  logger.verbose("0btgll", correlationId);
@@ -16756,6 +16840,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
16756
16840
  correlationId: this.correlationId,
16757
16841
  state: response.state,
16758
16842
  fromPlatformBroker: true,
16843
+ ...(request.resource && { resource: request.resource }),
16759
16844
  };
16760
16845
  return result;
16761
16846
  }
@@ -16997,6 +17082,62 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
16997
17082
  * Copyright (c) Microsoft Corporation. All rights reserved.
16998
17083
  * Licensed under the MIT License.
16999
17084
  */
17085
+ const clientDataAccountTypeMapping = new Map([
17086
+ ["e", "AAD"],
17087
+ ["m", "MSA"],
17088
+ ]);
17089
+ /**
17090
+ * Parses the clientdata response parameter from the /authorize endpoint.
17091
+ *
17092
+ * Logically, the clientdata value is URL-encoded and pipe-delimited:
17093
+ * urlencoded(account_type | error | sub_error | cloud_instance | caller_data_boundary)
17094
+ *
17095
+ * In normal browser flows, this value may already have been URL-decoded
17096
+ * (e.g. by URLSearchParams). This function will only apply decodeURIComponent
17097
+ * when the string appears to contain percent-encoded sequences to avoid
17098
+ * double-decoding.
17099
+ *
17100
+ * @param clientdata - The raw clientdata string from the authorize response
17101
+ * @returns Parsed ClientData object, or null if the input is empty/invalid
17102
+ */
17103
+ function parseClientData(clientdata) {
17104
+ if (!clientdata) {
17105
+ return null;
17106
+ }
17107
+ try {
17108
+ // Only decode when the string appears to contain percent-encoded sequences
17109
+ const shouldDecode = /%(?:[0-9A-Fa-f]{2})/.test(clientdata);
17110
+ const decoded = shouldDecode
17111
+ ? decodeURIComponent(clientdata)
17112
+ : clientdata;
17113
+ const parts = decoded.split("|");
17114
+ if (parts.length < 5) {
17115
+ return null;
17116
+ }
17117
+ return {
17118
+ accountType: clientDataAccountTypeMapping.get(parts[0]?.trim() || "") || "",
17119
+ error: parts[1]?.trim() || "",
17120
+ subError: parts[2]?.trim() || "",
17121
+ cloudInstance: parts[3]?.trim() || "",
17122
+ callerDataBoundary: parts[4]?.trim() || "",
17123
+ };
17124
+ }
17125
+ catch {
17126
+ return null;
17127
+ }
17128
+ }
17129
+ /**
17130
+ * Instruments account type, error, and suberror from clientdata
17131
+ */
17132
+ function instrumentClientData(response, correlationId, performanceClient) {
17133
+ const parsed = parseClientData(response.clientdata);
17134
+ parsed?.accountType &&
17135
+ performanceClient.addFields({ accountType: parsed.accountType }, correlationId);
17136
+ parsed?.error &&
17137
+ performanceClient.addFields({ serverErrorNo: parsed.error }, correlationId);
17138
+ parsed?.subError &&
17139
+ performanceClient.addFields({ serverSubErrorNo: parsed.subError }, correlationId);
17140
+ }
17000
17141
  /**
17001
17142
  * Returns map of parameters that are applicable to all calls to /authorize whether using PKCE or EAR
17002
17143
  * @param config
@@ -17166,6 +17307,8 @@ async function handleResponsePlatformBroker(request, accountId, apiId, config, b
17166
17307
  async function handleResponseCode(request, response, codeVerifier, apiId, config, authClient, browserStorage, nativeStorage, eventHandler, logger, performanceClient, platformAuthProvider) {
17167
17308
  // Remove throttle if it exists
17168
17309
  ThrottlingUtils.removeThrottle(browserStorage, config.auth.clientId, request);
17310
+ // Instrument clientdata telemetry fields from the authorize response
17311
+ instrumentClientData(response, request.correlationId, performanceClient);
17169
17312
  if (response.accountId) {
17170
17313
  return invokeAsync(handleResponsePlatformBroker, HandleResponsePlatformBroker, logger, performanceClient, request.correlationId)(request, response.accountId, apiId, config, browserStorage, nativeStorage, eventHandler, logger, performanceClient, platformAuthProvider);
17171
17314
  }
@@ -17198,6 +17341,8 @@ async function handleResponseCode(request, response, codeVerifier, apiId, config
17198
17341
  async function handleResponseEAR(request, response, apiId, config, authority, browserStorage, nativeStorage, eventHandler, logger, performanceClient, platformAuthProvider) {
17199
17342
  // Remove throttle if it exists
17200
17343
  ThrottlingUtils.removeThrottle(browserStorage, config.auth.clientId, request);
17344
+ // Instrument clientdata telemetry fields from the authorize response
17345
+ instrumentClientData(response, request.correlationId, performanceClient);
17201
17346
  // Validate state & check response for errors
17202
17347
  validateAuthorizationResponse(response, request.state);
17203
17348
  if (!response.ear_jwe) {
@@ -17484,6 +17629,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
17484
17629
  tenant: "",
17485
17630
  },
17486
17631
  instanceAware: false,
17632
+ isMcp: false,
17487
17633
  };
17488
17634
  // Default cache options for browser
17489
17635
  const DEFAULT_CACHE_OPTIONS = {
@@ -17876,14 +18022,17 @@ class PlatformAuthDOMHandler {
17876
18022
  initializePlatformDOMRequest(request) {
17877
18023
  this.logger.trace("15d6yv", request.correlationId);
17878
18024
  const { accountId, clientId, authority, scope, redirectUri, correlationId, state, storeInCache, embeddedClientId, extraParameters, ...remainingProperties } = request;
17879
- const validExtraParameters = this.getDOMExtraParams(remainingProperties);
18025
+ const validExtraParameters = this.getDOMExtraParams(remainingProperties, correlationId);
17880
18026
  const platformDOMRequest = {
17881
18027
  accountId: accountId,
17882
18028
  brokerId: this.getExtensionId(),
17883
18029
  authority: authority,
17884
18030
  clientId: clientId,
17885
18031
  correlationId: correlationId || this.correlationId,
17886
- extraParameters: { ...extraParameters, ...validExtraParameters },
18032
+ extraParameters: {
18033
+ ...extraParameters,
18034
+ ...validExtraParameters,
18035
+ },
17887
18036
  isSecurityTokenService: false,
17888
18037
  redirectUri: redirectUri,
17889
18038
  scope: scope,
@@ -17937,15 +18086,27 @@ class PlatformAuthDOMHandler {
17937
18086
  };
17938
18087
  return nativeResponse;
17939
18088
  }
17940
- getDOMExtraParams(extraParameters) {
17941
- const stringifiedParams = Object.entries(extraParameters).reduce((record, [key, value]) => {
17942
- record[key] = String(value);
17943
- return record;
17944
- }, {});
17945
- const validExtraParams = {
17946
- ...stringifiedParams,
17947
- };
17948
- return validExtraParams;
18089
+ getDOMExtraParams(extraParameters, correlationId) {
18090
+ try {
18091
+ const stringifiedProperties = {};
18092
+ for (const [key, value] of Object.entries(extraParameters)) {
18093
+ if (!value) {
18094
+ continue;
18095
+ }
18096
+ if (typeof value === "object") {
18097
+ stringifiedProperties[key] = JSON.stringify(value);
18098
+ }
18099
+ else {
18100
+ stringifiedProperties[key] = String(value);
18101
+ }
18102
+ }
18103
+ return stringifiedProperties;
18104
+ }
18105
+ catch (e) {
18106
+ this.logger.error("0eu9o3", correlationId);
18107
+ this.logger.errorPii("17rpl5", correlationId);
18108
+ return {};
18109
+ }
17949
18110
  }
17950
18111
  }
17951
18112
 
@@ -18171,7 +18332,7 @@ class PopupClient extends StandardInteractionClient {
18171
18332
  const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
18172
18333
  this.eventHandler.emitEvent(EventType.POPUP_OPENED, correlationId, InteractionType.Popup, { popupWindow }, null);
18173
18334
  // Wait for the redirect bridge response
18174
- const responseString = await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request);
18335
+ const responseString = await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
18175
18336
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
18176
18337
  return await invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
18177
18338
  }
@@ -18206,7 +18367,7 @@ class PopupClient extends StandardInteractionClient {
18206
18367
  const form = await getEARForm(popupWindow.document, this.config, discoveredAuthority, popupRequest, this.logger, this.performanceClient);
18207
18368
  form.submit();
18208
18369
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
18209
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, popupRequest);
18370
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, popupRequest, this.performanceClient);
18210
18371
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
18211
18372
  if (!serverParams.ear_jwe && serverParams.code) {
18212
18373
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
@@ -18231,7 +18392,7 @@ class PopupClient extends StandardInteractionClient {
18231
18392
  const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
18232
18393
  form.submit();
18233
18394
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
18234
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request);
18395
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
18235
18396
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
18236
18397
  return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
18237
18398
  }
@@ -18284,7 +18445,7 @@ class PopupClient extends StandardInteractionClient {
18284
18445
  // Open the popup window to requestUrl.
18285
18446
  const popupWindow = this.openPopup(logoutUri, popupParams);
18286
18447
  this.eventHandler.emitEvent(EventType.POPUP_OPENED, validRequest.correlationId, InteractionType.Popup, { popupWindow }, null);
18287
- await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, validRequest).catch(() => {
18448
+ await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, validRequest, this.performanceClient).catch(() => {
18288
18449
  // Swallow any errors related to monitoring the window. Server logout is best effort
18289
18450
  });
18290
18451
  if (mainWindowRedirectUri) {
@@ -19032,7 +19193,7 @@ class SilentIframeClient extends StandardInteractionClient {
19032
19193
  };
19033
19194
  await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
19034
19195
  const responseType = this.config.auth.OIDCOptions.responseMode;
19035
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request);
19196
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
19036
19197
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
19037
19198
  if (!serverParams.ear_jwe && serverParams.code) {
19038
19199
  // If server doesn't support EAR, they may fallback to auth code flow instead
@@ -19081,7 +19242,7 @@ class SilentIframeClient extends StandardInteractionClient {
19081
19242
  }
19082
19243
  const responseType = this.config.auth.OIDCOptions.responseMode;
19083
19244
  // Wait for response from the redirect bridge.
19084
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request);
19245
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
19085
19246
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
19086
19247
  return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
19087
19248
  }
@@ -19234,6 +19395,10 @@ class SilentAuthCodeClient extends StandardInteractionClient {
19234
19395
  * Copyright (c) Microsoft Corporation. All rights reserved.
19235
19396
  * Licensed under the MIT License.
19236
19397
  */
19398
+ /**
19399
+ * Get network information for telemetry purposes. This is only supported in Chromium-based browsers.
19400
+ * @returns Network connection information, or an empty object if not available.
19401
+ */
19237
19402
  function collectInstanceStats(currentClientId, performanceEvent, logger, correlationId) {
19238
19403
  const frameInstances =
19239
19404
  // @ts-ignore
@@ -19253,12 +19418,13 @@ function collectInstanceStats(currentClientId, performanceEvent, logger, correla
19253
19418
  * Copyright (c) Microsoft Corporation. All rights reserved.
19254
19419
  * Licensed under the MIT License.
19255
19420
  */
19256
- function preflightCheck(initialized, performanceEvent, account) {
19421
+ function preflightCheck(initialized, performanceEvent, config, request) {
19257
19422
  try {
19258
19423
  preflightCheck$1(initialized);
19424
+ enforceResourceParameter(config.auth.isMcp, request);
19259
19425
  }
19260
19426
  catch (e) {
19261
- performanceEvent.end({ success: false }, e, account);
19427
+ performanceEvent.end({ success: false }, e, request.account);
19262
19428
  throw e;
19263
19429
  }
19264
19430
  }
@@ -19359,6 +19525,7 @@ class StandardController {
19359
19525
  this.eventHandler.emitEvent(EventType.INITIALIZE_START, correlationId);
19360
19526
  // Broker applications are initialized twice, so we avoid double-counting it
19361
19527
  this.logMultipleInstances(initMeasurement, correlationId);
19528
+ initMeasurement.add({ isMcp: this.config.auth.isMcp });
19362
19529
  await invokeAsync(this.browserStorage.initialize.bind(this.browserStorage), InitializeCache, this.logger, this.performanceClient, correlationId)(correlationId);
19363
19530
  if (allowPlatformBroker) {
19364
19531
  try {
@@ -19536,6 +19703,7 @@ class StandardController {
19536
19703
  };
19537
19704
  try {
19538
19705
  redirectPreflightCheck(this.initialized, this.config);
19706
+ enforceResourceParameter(this.config.auth.isMcp, request);
19539
19707
  this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
19540
19708
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, InteractionType.Redirect, request);
19541
19709
  let result;
@@ -19600,7 +19768,7 @@ class StandardController {
19600
19768
  });
19601
19769
  try {
19602
19770
  this.logger.verbose("0ch87b", correlationId);
19603
- preflightCheck(this.initialized, atPopupMeasurement, request.account);
19771
+ preflightCheck(this.initialized, atPopupMeasurement, this.config, request);
19604
19772
  this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN, request.overrideInteractionInProgress, correlationId);
19605
19773
  }
19606
19774
  catch (e) {
@@ -19714,7 +19882,7 @@ class StandardController {
19714
19882
  this.ssoSilentMeasurement?.add({
19715
19883
  scenarioId: request.scenarioId,
19716
19884
  });
19717
- preflightCheck(this.initialized, this.ssoSilentMeasurement, request.account);
19885
+ preflightCheck(this.initialized, this.ssoSilentMeasurement, this.config, validRequest);
19718
19886
  this.ssoSilentMeasurement?.increment({
19719
19887
  visibilityChangeCount: 0,
19720
19888
  });
@@ -19778,7 +19946,7 @@ class StandardController {
19778
19946
  const correlationId = this.getRequestCorrelationId(request);
19779
19947
  this.logger.trace("0ch6ga", correlationId);
19780
19948
  const atbcMeasurement = this.performanceClient.startMeasurement(AcquireTokenByCode, correlationId);
19781
- preflightCheck(this.initialized, atbcMeasurement);
19949
+ preflightCheck(this.initialized, atbcMeasurement, this.config, request);
19782
19950
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, InteractionType.Silent, request);
19783
19951
  atbcMeasurement.add({ scenarioId: request.scenarioId });
19784
19952
  try {
@@ -20280,7 +20448,7 @@ class StandardController {
20280
20448
  cacheLookupPolicy: request.cacheLookupPolicy,
20281
20449
  scenarioId: request.scenarioId,
20282
20450
  });
20283
- preflightCheck(this.initialized, atsMeasurement, request.account);
20451
+ preflightCheck(this.initialized, atsMeasurement, this.config, request);
20284
20452
  this.logger.verbose("0x1c4s", correlationId);
20285
20453
  const account = request.account || this.getActiveAccount();
20286
20454
  if (!account) {