@azure/msal-browser 5.4.0 → 5.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (443) hide show
  1. package/README.md +1 -0
  2. package/dist/app/IPublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientApplication.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +27 -12
  7. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
  8. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  9. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  10. package/dist/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  11. package/dist/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  12. package/dist/cache/AccountManager.d.ts.map +1 -1
  13. package/dist/cache/AccountManager.mjs +1 -5
  14. package/dist/cache/AccountManager.mjs.map +1 -1
  15. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  16. package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
  17. package/dist/cache/BrowserCacheManager.mjs +4 -1
  18. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  19. package/dist/cache/CacheHelpers.mjs +1 -1
  20. package/dist/cache/CacheKeys.mjs +1 -1
  21. package/dist/cache/CookieStorage.mjs +1 -1
  22. package/dist/cache/DatabaseStorage.mjs +1 -1
  23. package/dist/cache/EncryptedData.mjs +1 -1
  24. package/dist/cache/LocalStorage.mjs +1 -1
  25. package/dist/cache/MemoryStorage.mjs +1 -1
  26. package/dist/cache/SessionStorage.mjs +1 -1
  27. package/dist/cache/TokenCache.mjs +1 -1
  28. package/dist/config/Configuration.d.ts +4 -0
  29. package/dist/config/Configuration.d.ts.map +1 -1
  30. package/dist/config/Configuration.mjs +2 -1
  31. package/dist/config/Configuration.mjs.map +1 -1
  32. package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
  33. package/dist/controllers/NestedAppAuthController.mjs +12 -2
  34. package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
  35. package/dist/controllers/StandardController.d.ts.map +1 -1
  36. package/dist/controllers/StandardController.mjs +11 -8
  37. package/dist/controllers/StandardController.mjs.map +1 -1
  38. package/dist/crypto/BrowserCrypto.mjs +1 -1
  39. package/dist/crypto/CryptoOps.mjs +1 -1
  40. package/dist/crypto/PkceGenerator.mjs +1 -1
  41. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  42. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  43. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  44. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  45. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +27 -12
  46. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
  47. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  48. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  49. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  50. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  51. package/dist/custom-auth-path/cache/AccountManager.d.ts.map +1 -1
  52. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -5
  53. package/dist/custom-auth-path/cache/AccountManager.mjs.map +1 -1
  54. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  55. package/dist/custom-auth-path/cache/BrowserCacheManager.d.ts.map +1 -1
  56. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +4 -1
  57. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs.map +1 -1
  58. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  59. package/dist/custom-auth-path/cache/CacheKeys.mjs +1 -1
  60. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  61. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  62. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  63. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  64. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  65. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  66. package/dist/custom-auth-path/config/Configuration.d.ts +4 -0
  67. package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
  68. package/dist/custom-auth-path/config/Configuration.mjs +2 -1
  69. package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
  70. package/dist/custom-auth-path/controllers/NestedAppAuthController.d.ts.map +1 -1
  71. package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
  72. package/dist/custom-auth-path/controllers/StandardController.mjs +11 -8
  73. package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
  74. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  75. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  76. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  78. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  158. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  159. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  160. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  169. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  170. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  171. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  172. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  173. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  174. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  175. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  176. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  177. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  178. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  179. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  180. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  181. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  182. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  183. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  184. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  185. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  186. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  187. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  188. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  189. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  190. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  191. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  192. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  193. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  194. package/dist/custom-auth-path/index.d.ts +1 -1
  195. package/dist/custom-auth-path/index.d.ts.map +1 -1
  196. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  197. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  198. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  199. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +2 -1
  200. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  201. package/dist/custom-auth-path/interaction_client/PopupClient.d.ts.map +1 -1
  202. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +5 -5
  203. package/dist/custom-auth-path/interaction_client/PopupClient.mjs.map +1 -1
  204. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
  205. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  206. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  207. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
  208. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +3 -3
  209. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
  210. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  211. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  212. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +6 -1
  213. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs.map +1 -1
  214. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  215. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
  216. package/dist/custom-auth-path/log-strings-mapping.json +19 -7
  217. package/dist/custom-auth-path/naa/TokenRequest.d.ts +1 -0
  218. package/dist/custom-auth-path/naa/TokenRequest.d.ts.map +1 -1
  219. package/dist/custom-auth-path/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  220. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  221. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  222. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  223. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  224. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  225. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  226. package/dist/custom-auth-path/protocol/Authorize.d.ts +33 -0
  227. package/dist/custom-auth-path/protocol/Authorize.d.ts.map +1 -1
  228. package/dist/custom-auth-path/protocol/Authorize.mjs +62 -2
  229. package/dist/custom-auth-path/protocol/Authorize.mjs.map +1 -1
  230. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  231. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  232. package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  233. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +1 -1
  234. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  235. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  236. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  237. package/dist/custom-auth-path/utils/BrowserUtils.d.ts +2 -2
  238. package/dist/custom-auth-path/utils/BrowserUtils.d.ts.map +1 -1
  239. package/dist/custom-auth-path/utils/BrowserUtils.mjs +12 -2
  240. package/dist/custom-auth-path/utils/BrowserUtils.mjs.map +1 -1
  241. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  242. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.d.ts +10 -0
  243. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  244. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +5 -1
  245. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs.map +1 -1
  246. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  247. package/dist/encode/Base64Decode.mjs +1 -1
  248. package/dist/encode/Base64Encode.mjs +1 -1
  249. package/dist/error/BrowserAuthError.mjs +1 -1
  250. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  251. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  252. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  253. package/dist/error/NativeAuthError.mjs +1 -1
  254. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  255. package/dist/error/NestedAppAuthError.mjs +1 -1
  256. package/dist/event/EventHandler.mjs +1 -1
  257. package/dist/event/EventMessage.mjs +1 -1
  258. package/dist/event/EventType.mjs +1 -1
  259. package/dist/index.d.ts +1 -1
  260. package/dist/index.d.ts.map +1 -1
  261. package/dist/index.mjs +2 -2
  262. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  263. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  264. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  265. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +2 -1
  266. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  267. package/dist/interaction_client/PopupClient.d.ts.map +1 -1
  268. package/dist/interaction_client/PopupClient.mjs +5 -5
  269. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  270. package/dist/interaction_client/RedirectClient.mjs +1 -1
  271. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  272. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  273. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  274. package/dist/interaction_client/SilentIframeClient.mjs +3 -3
  275. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  276. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  277. package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  278. package/dist/interaction_client/StandardInteractionClient.mjs +6 -1
  279. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  280. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  281. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  282. package/dist/log-strings-mapping.json +23 -11
  283. package/dist/naa/BridgeError.mjs +1 -1
  284. package/dist/naa/BridgeProxy.mjs +1 -1
  285. package/dist/naa/BridgeStatusCode.mjs +1 -1
  286. package/dist/naa/TokenRequest.d.ts +1 -0
  287. package/dist/naa/TokenRequest.d.ts.map +1 -1
  288. package/dist/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  289. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +2 -1
  290. package/dist/naa/mapping/NestedAppAuthAdapter.mjs.map +1 -1
  291. package/dist/navigation/NavigationClient.mjs +1 -1
  292. package/dist/network/FetchClient.mjs +1 -1
  293. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  294. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  295. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  296. package/dist/packageMetadata.d.ts +1 -1
  297. package/dist/packageMetadata.mjs +2 -2
  298. package/dist/protocol/Authorize.d.ts +33 -0
  299. package/dist/protocol/Authorize.d.ts.map +1 -1
  300. package/dist/protocol/Authorize.mjs +62 -2
  301. package/dist/protocol/Authorize.mjs.map +1 -1
  302. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  303. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  304. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  305. package/dist/redirect-bridge/cache/AccountManager.d.ts.map +1 -1
  306. package/dist/redirect-bridge/cache/BrowserCacheManager.d.ts.map +1 -1
  307. package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
  308. package/dist/redirect-bridge/config/Configuration.d.ts +4 -0
  309. package/dist/redirect-bridge/config/Configuration.d.ts.map +1 -1
  310. package/dist/redirect-bridge/config/Configuration.mjs +1 -1
  311. package/dist/redirect-bridge/controllers/NestedAppAuthController.d.ts.map +1 -1
  312. package/dist/redirect-bridge/controllers/StandardController.d.ts.map +1 -1
  313. package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
  314. package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
  315. package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
  316. package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
  317. package/dist/redirect-bridge/index.d.ts +1 -1
  318. package/dist/redirect-bridge/index.d.ts.map +1 -1
  319. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  320. package/dist/redirect-bridge/interaction_client/PopupClient.d.ts.map +1 -1
  321. package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts.map +1 -1
  322. package/dist/redirect-bridge/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  323. package/dist/redirect-bridge/naa/TokenRequest.d.ts +1 -0
  324. package/dist/redirect-bridge/naa/TokenRequest.d.ts.map +1 -1
  325. package/dist/redirect-bridge/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  326. package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
  327. package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
  328. package/dist/redirect-bridge/protocol/Authorize.d.ts +33 -0
  329. package/dist/redirect-bridge/protocol/Authorize.d.ts.map +1 -1
  330. package/dist/redirect-bridge/redirect_bridge/index.mjs +1 -1
  331. package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  332. package/dist/redirect-bridge/utils/BrowserConstants.mjs +1 -1
  333. package/dist/redirect-bridge/utils/BrowserUtils.d.ts +2 -2
  334. package/dist/redirect-bridge/utils/BrowserUtils.d.ts.map +1 -1
  335. package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
  336. package/dist/redirect-bridge/utils/BrowserUtils.mjs.map +1 -1
  337. package/dist/redirect-bridge/utils/MsalFrameStatsUtils.d.ts +10 -0
  338. package/dist/redirect-bridge/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  339. package/dist/request/RequestHelpers.mjs +1 -1
  340. package/dist/response/ResponseHandler.mjs +1 -1
  341. package/dist/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  342. package/dist/telemetry/BrowserPerformanceClient.mjs +5 -1
  343. package/dist/telemetry/BrowserPerformanceClient.mjs.map +1 -1
  344. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  345. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  346. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  347. package/dist/utils/BrowserConstants.mjs +1 -1
  348. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  349. package/dist/utils/BrowserUtils.d.ts +2 -2
  350. package/dist/utils/BrowserUtils.d.ts.map +1 -1
  351. package/dist/utils/BrowserUtils.mjs +12 -2
  352. package/dist/utils/BrowserUtils.mjs.map +1 -1
  353. package/dist/utils/Helpers.mjs +1 -1
  354. package/dist/utils/MsalFrameStatsUtils.d.ts +10 -0
  355. package/dist/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  356. package/dist/utils/MsalFrameStatsUtils.mjs +18 -2
  357. package/dist/utils/MsalFrameStatsUtils.mjs.map +1 -1
  358. package/lib/custom-auth-path/log-strings-mapping.json +19 -7
  359. package/lib/custom-auth-path/msal-custom-auth.cjs +264 -96
  360. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  361. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  362. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  363. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  364. package/lib/custom-auth-path/types/cache/AccountManager.d.ts.map +1 -1
  365. package/lib/custom-auth-path/types/cache/BrowserCacheManager.d.ts.map +1 -1
  366. package/lib/custom-auth-path/types/config/Configuration.d.ts +4 -0
  367. package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
  368. package/lib/custom-auth-path/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  369. package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
  370. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  371. package/lib/custom-auth-path/types/index.d.ts +1 -1
  372. package/lib/custom-auth-path/types/index.d.ts.map +1 -1
  373. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  374. package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts.map +1 -1
  375. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  376. package/lib/custom-auth-path/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  377. package/lib/custom-auth-path/types/naa/TokenRequest.d.ts +1 -0
  378. package/lib/custom-auth-path/types/naa/TokenRequest.d.ts.map +1 -1
  379. package/lib/custom-auth-path/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  380. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  381. package/lib/custom-auth-path/types/protocol/Authorize.d.ts +33 -0
  382. package/lib/custom-auth-path/types/protocol/Authorize.d.ts.map +1 -1
  383. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  384. package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts +2 -2
  385. package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts.map +1 -1
  386. package/lib/custom-auth-path/types/utils/MsalFrameStatsUtils.d.ts +10 -0
  387. package/lib/custom-auth-path/types/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  388. package/lib/log-strings-mapping.json +23 -11
  389. package/lib/msal-browser.cjs +302 -100
  390. package/lib/msal-browser.cjs.map +1 -1
  391. package/lib/msal-browser.js +302 -100
  392. package/lib/msal-browser.js.map +1 -1
  393. package/lib/msal-browser.min.js +2 -2
  394. package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
  395. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  396. package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
  397. package/lib/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  398. package/lib/types/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  399. package/lib/types/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  400. package/lib/types/cache/AccountManager.d.ts.map +1 -1
  401. package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
  402. package/lib/types/config/Configuration.d.ts +4 -0
  403. package/lib/types/config/Configuration.d.ts.map +1 -1
  404. package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  405. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  406. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  407. package/lib/types/index.d.ts +1 -1
  408. package/lib/types/index.d.ts.map +1 -1
  409. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  410. package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
  411. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  412. package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  413. package/lib/types/naa/TokenRequest.d.ts +1 -0
  414. package/lib/types/naa/TokenRequest.d.ts.map +1 -1
  415. package/lib/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  416. package/lib/types/packageMetadata.d.ts +1 -1
  417. package/lib/types/protocol/Authorize.d.ts +33 -0
  418. package/lib/types/protocol/Authorize.d.ts.map +1 -1
  419. package/lib/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  420. package/lib/types/utils/BrowserUtils.d.ts +2 -2
  421. package/lib/types/utils/BrowserUtils.d.ts.map +1 -1
  422. package/lib/types/utils/MsalFrameStatsUtils.d.ts +10 -0
  423. package/lib/types/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  424. package/package.json +2 -2
  425. package/src/broker/nativeBroker/PlatformAuthDOMHandler.ts +34 -17
  426. package/src/broker/nativeBroker/PlatformAuthRequest.ts +1 -0
  427. package/src/cache/AccountManager.ts +0 -5
  428. package/src/cache/BrowserCacheManager.ts +4 -0
  429. package/src/config/Configuration.ts +5 -0
  430. package/src/controllers/NestedAppAuthController.ts +14 -0
  431. package/src/controllers/StandardController.ts +13 -6
  432. package/src/index.ts +1 -0
  433. package/src/interaction_client/PlatformAuthInteractionClient.ts +1 -0
  434. package/src/interaction_client/PopupClient.ts +8 -4
  435. package/src/interaction_client/SilentIframeClient.ts +4 -2
  436. package/src/interaction_client/StandardInteractionClient.ts +11 -0
  437. package/src/naa/TokenRequest.ts +1 -0
  438. package/src/naa/mapping/NestedAppAuthAdapter.ts +1 -0
  439. package/src/packageMetadata.ts +1 -1
  440. package/src/protocol/Authorize.ts +100 -0
  441. package/src/telemetry/BrowserPerformanceClient.ts +4 -0
  442. package/src/utils/BrowserUtils.ts +24 -1
  443. package/src/utils/MsalFrameStatsUtils.ts +27 -0
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v5.4.0 2026-03-02 */
1
+ /*! @azure/msal-browser v5.6.0 2026-03-18 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -234,7 +234,7 @@ const JsonWebTokenTypes$1 = {
234
234
  // Token renewal offset default in seconds
235
235
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
236
236
 
237
- /*! @azure/msal-common v16.2.0 2026-03-02 */
237
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
238
238
  /*
239
239
  * Copyright (c) Microsoft Corporation. All rights reserved.
240
240
  * Licensed under the MIT License.
@@ -282,9 +282,11 @@ const BROKER_CLIENT_ID = "brk_client_id";
282
282
  const BROKER_REDIRECT_URI = "brk_redirect_uri";
283
283
  const INSTANCE_AWARE = "instance_aware";
284
284
  const EAR_JWK = "ear_jwk";
285
- const EAR_JWE_CRYPTO = "ear_jwe_crypto";
285
+ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
286
+ const RESOURCE = "resource";
287
+ const CLI_DATA = "clidata";
286
288
 
287
- /*! @azure/msal-common v16.2.0 2026-03-02 */
289
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
288
290
  /*
289
291
  * Copyright (c) Microsoft Corporation. All rights reserved.
290
292
  * Licensed under the MIT License.
@@ -315,7 +317,7 @@ function createAuthError(code, additionalMessage) {
315
317
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
316
318
  }
317
319
 
318
- /*! @azure/msal-common v16.2.0 2026-03-02 */
320
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
319
321
 
320
322
  /*
321
323
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -335,7 +337,7 @@ function createClientConfigurationError(errorCode) {
335
337
  return new ClientConfigurationError(errorCode);
336
338
  }
337
339
 
338
- /*! @azure/msal-common v16.2.0 2026-03-02 */
340
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
339
341
  /*
340
342
  * Copyright (c) Microsoft Corporation. All rights reserved.
341
343
  * Licensed under the MIT License.
@@ -415,7 +417,7 @@ class StringUtils {
415
417
  }
416
418
  }
417
419
 
418
- /*! @azure/msal-common v16.2.0 2026-03-02 */
420
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
419
421
 
420
422
  /*
421
423
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -438,7 +440,7 @@ function createClientAuthError(errorCode, additionalMessage) {
438
440
  return new ClientAuthError(errorCode, additionalMessage);
439
441
  }
440
442
 
441
- /*! @azure/msal-common v16.2.0 2026-03-02 */
443
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
442
444
  /*
443
445
  * Copyright (c) Microsoft Corporation. All rights reserved.
444
446
  * Licensed under the MIT License.
@@ -492,7 +494,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
492
494
  urlParseError: urlParseError
493
495
  });
494
496
 
495
- /*! @azure/msal-common v16.2.0 2026-03-02 */
497
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
496
498
  /*
497
499
  * Copyright (c) Microsoft Corporation. All rights reserved.
498
500
  * Licensed under the MIT License.
@@ -533,7 +535,9 @@ const noNetworkConnectivity$1 = "no_network_connectivity";
533
535
  const userCanceled = "user_canceled";
534
536
  const methodNotImplemented = "method_not_implemented";
535
537
  const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled";
536
- const platformBrokerError = "platform_broker_error";
538
+ const platformBrokerError = "platform_broker_error";
539
+ const resourceParameterRequired = "resource_parameter_required";
540
+ const misplacedResourceParam = "misplaced_resource_parameter";
537
541
 
538
542
  var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
539
543
  __proto__: null,
@@ -554,6 +558,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
554
558
  keyIdMissing: keyIdMissing,
555
559
  maxAgeTranspired: maxAgeTranspired,
556
560
  methodNotImplemented: methodNotImplemented,
561
+ misplacedResourceParam: misplacedResourceParam,
557
562
  multipleMatchingAppMetadata: multipleMatchingAppMetadata,
558
563
  multipleMatchingTokens: multipleMatchingTokens,
559
564
  nestedAppAuthBridgeDisabled: nestedAppAuthBridgeDisabled,
@@ -567,6 +572,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
567
572
  openIdConfigError: openIdConfigError,
568
573
  platformBrokerError: platformBrokerError,
569
574
  requestCannotBeMade: requestCannotBeMade,
575
+ resourceParameterRequired: resourceParameterRequired,
570
576
  stateMismatch: stateMismatch,
571
577
  stateNotFound: stateNotFound,
572
578
  tokenClaimsCnfRequiredForSignedJwt: tokenClaimsCnfRequiredForSignedJwt,
@@ -576,7 +582,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
576
582
  userCanceled: userCanceled
577
583
  });
578
584
 
579
- /*! @azure/msal-common v16.2.0 2026-03-02 */
585
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
580
586
 
581
587
  /*
582
588
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -771,7 +777,7 @@ class ScopeSet {
771
777
  }
772
778
  }
773
779
 
774
- /*! @azure/msal-common v16.2.0 2026-03-02 */
780
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
775
781
 
776
782
  /*
777
783
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1037,6 +1043,12 @@ function addGrantType(parameters, grantType) {
1037
1043
  function addClientInfo(parameters) {
1038
1044
  parameters.set(CLIENT_INFO, "1");
1039
1045
  }
1046
+ /**
1047
+ * add clidata=1 to request to indicate client data support
1048
+ */
1049
+ function addCliData(parameters) {
1050
+ parameters.set(CLI_DATA, "1");
1051
+ }
1040
1052
  function addInstanceAware(parameters) {
1041
1053
  if (!parameters.has(INSTANCE_AWARE)) {
1042
1054
  parameters.set(INSTANCE_AWARE, "true");
@@ -1136,9 +1148,14 @@ function addEARParameters(parameters, jwk) {
1136
1148
  // ear_jwe_crypto will always have value: {"alg":"dir","enc":"A256GCM"} so we can hardcode this
1137
1149
  const jweCryptoB64Encoded = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0";
1138
1150
  parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
1151
+ }
1152
+ function addResource(parameters, resource) {
1153
+ if (resource) {
1154
+ parameters.set(RESOURCE, resource);
1155
+ }
1139
1156
  }
1140
1157
 
1141
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1158
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1142
1159
 
1143
1160
  /*
1144
1161
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1247,7 +1264,7 @@ function normalizeUrlForComparison(url) {
1247
1264
  }
1248
1265
  }
1249
1266
 
1250
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1267
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1251
1268
 
1252
1269
  /*
1253
1270
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1286,7 +1303,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
1286
1303
  },
1287
1304
  };
1288
1305
 
1289
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1306
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1290
1307
  /*
1291
1308
  * Copyright (c) Microsoft Corporation. All rights reserved.
1292
1309
  * Licensed under the MIT License.
@@ -1561,12 +1578,12 @@ class Logger {
1561
1578
  }
1562
1579
  }
1563
1580
 
1564
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1581
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1565
1582
  /* eslint-disable header/header */
1566
1583
  const name$1 = "@azure/msal-common";
1567
- const version$1 = "16.2.0";
1584
+ const version$1 = "16.4.0";
1568
1585
 
1569
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1586
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1570
1587
  /*
1571
1588
  * Copyright (c) Microsoft Corporation. All rights reserved.
1572
1589
  * Licensed under the MIT License.
@@ -1586,7 +1603,7 @@ const AzureCloudInstance = {
1586
1603
  AzureUsGovernment: "https://login.microsoftonline.us",
1587
1604
  };
1588
1605
 
1589
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1606
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1590
1607
  /*
1591
1608
  * Copyright (c) Microsoft Corporation. All rights reserved.
1592
1609
  * Licensed under the MIT License.
@@ -1668,7 +1685,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1668
1685
  return updatedAccountInfo;
1669
1686
  }
1670
1687
 
1671
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1688
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1672
1689
 
1673
1690
  /*
1674
1691
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1748,7 +1765,7 @@ function checkMaxAge(authTime, maxAge) {
1748
1765
  }
1749
1766
  }
1750
1767
 
1751
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1768
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1752
1769
 
1753
1770
  /*
1754
1771
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1905,7 +1922,7 @@ class UrlString {
1905
1922
  }
1906
1923
  }
1907
1924
 
1908
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1925
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1909
1926
 
1910
1927
  /*
1911
1928
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2062,7 +2079,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2062
2079
  return null;
2063
2080
  }
2064
2081
 
2065
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2082
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
2066
2083
  /*
2067
2084
  * Copyright (c) Microsoft Corporation. All rights reserved.
2068
2085
  * Licensed under the MIT License.
@@ -2070,7 +2087,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2070
2087
  const cacheQuotaExceeded = "cache_quota_exceeded";
2071
2088
  const cacheErrorUnknown = "cache_error_unknown";
2072
2089
 
2073
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2090
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
2074
2091
 
2075
2092
  /*
2076
2093
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2108,7 +2125,7 @@ function createCacheError(e) {
2108
2125
  }
2109
2126
  }
2110
2127
 
2111
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2128
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
2112
2129
 
2113
2130
  /*
2114
2131
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2146,7 +2163,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
2146
2163
  };
2147
2164
  }
2148
2165
 
2149
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2166
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
2150
2167
  /*
2151
2168
  * Copyright (c) Microsoft Corporation. All rights reserved.
2152
2169
  * Licensed under the MIT License.
@@ -2161,7 +2178,7 @@ const AuthorityType = {
2161
2178
  Ciam: 3,
2162
2179
  };
2163
2180
 
2164
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2181
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
2165
2182
  /*
2166
2183
  * Copyright (c) Microsoft Corporation. All rights reserved.
2167
2184
  * Licensed under the MIT License.
@@ -2183,7 +2200,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
2183
2200
  return null;
2184
2201
  }
2185
2202
 
2186
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2203
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
2187
2204
  /*
2188
2205
  * Copyright (c) Microsoft Corporation. All rights reserved.
2189
2206
  * Licensed under the MIT License.
@@ -2207,7 +2224,7 @@ const ProtocolMode = {
2207
2224
  EAR: "EAR",
2208
2225
  };
2209
2226
 
2210
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2227
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
2211
2228
  /**
2212
2229
  * Returns the AccountInfo interface for this account.
2213
2230
  */
@@ -2382,7 +2399,7 @@ function isAccountEntity(entity) {
2382
2399
  entity.hasOwnProperty("authorityType"));
2383
2400
  }
2384
2401
 
2385
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2402
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
2386
2403
 
2387
2404
  /*
2388
2405
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2412,6 +2429,11 @@ class CacheManager {
2412
2429
  * Gets first tenanted AccountInfo object found based on provided filters
2413
2430
  */
2414
2431
  getAccountInfoFilteredBy(accountFilter, correlationId) {
2432
+ if (Object.keys(accountFilter).length === 0 ||
2433
+ Object.values(accountFilter).every((value) => value === null || value === undefined || value === "")) {
2434
+ this.commonLogger.warning("1skb02", correlationId);
2435
+ return null;
2436
+ }
2415
2437
  const allAccounts = this.getAllAccounts(accountFilter, correlationId);
2416
2438
  if (allAccounts.length > 1) {
2417
2439
  // If one or more accounts are found, prioritize accounts that have an ID token
@@ -3479,7 +3501,7 @@ class DefaultStorageClass extends CacheManager {
3479
3501
  }
3480
3502
  }
3481
3503
 
3482
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3504
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3483
3505
  /*
3484
3506
  * Copyright (c) Microsoft Corporation. All rights reserved.
3485
3507
  * Licensed under the MIT License.
@@ -3524,9 +3546,12 @@ const IntFields = new Set([
3524
3546
  "currRefreshCount",
3525
3547
  "expiredCacheRemovedCount",
3526
3548
  "upgradedCacheCount",
3549
+ "networkRtt",
3550
+ "redirectBridgeTimeoutMs",
3551
+ "redirectBridgeMessageVersion",
3527
3552
  ]);
3528
3553
 
3529
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3554
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3530
3555
 
3531
3556
  /*
3532
3557
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3581,7 +3606,7 @@ class StubPerformanceClient {
3581
3606
  }
3582
3607
  }
3583
3608
 
3584
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3609
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3585
3610
 
3586
3611
  /*
3587
3612
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3664,6 +3689,7 @@ function buildAuthOptions(authOptions) {
3664
3689
  clientCapabilities: [],
3665
3690
  azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS,
3666
3691
  instanceAware: false,
3692
+ isMcp: false,
3667
3693
  ...authOptions,
3668
3694
  };
3669
3695
  }
@@ -3675,7 +3701,7 @@ function isOidcProtocolMode(config) {
3675
3701
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3676
3702
  }
3677
3703
 
3678
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3704
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3679
3705
 
3680
3706
  /*
3681
3707
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3694,7 +3720,7 @@ class ServerError extends AuthError {
3694
3720
  }
3695
3721
  }
3696
3722
 
3697
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3723
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3698
3724
  /*
3699
3725
  * Copyright (c) Microsoft Corporation. All rights reserved.
3700
3726
  * Licensed under the MIT License.
@@ -3758,7 +3784,7 @@ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
3758
3784
  uxNotAllowed: uxNotAllowed
3759
3785
  });
3760
3786
 
3761
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3787
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3762
3788
 
3763
3789
  /*
3764
3790
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3826,7 +3852,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
3826
3852
  return new InteractionRequiredAuthError(errorCode, errorMessage);
3827
3853
  }
3828
3854
 
3829
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3855
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3830
3856
 
3831
3857
  /*
3832
3858
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3894,7 +3920,7 @@ function parseRequestState(base64Decode, state) {
3894
3920
  }
3895
3921
  }
3896
3922
 
3897
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3923
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3898
3924
  /*
3899
3925
  * Copyright (c) Microsoft Corporation. All rights reserved.
3900
3926
  * Licensed under the MIT License.
@@ -3959,7 +3985,7 @@ function wasClockTurnedBack(cachedAt) {
3959
3985
  return cachedAtSec > nowSeconds();
3960
3986
  }
3961
3987
 
3962
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3988
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3963
3989
  /*
3964
3990
  * Copyright (c) Microsoft Corporation. All rights reserved.
3965
3991
  * Licensed under the MIT License.
@@ -4030,7 +4056,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
4030
4056
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4031
4057
  const SetUserData = "setUserData";
4032
4058
 
4033
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4059
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4034
4060
  /*
4035
4061
  * Copyright (c) Microsoft Corporation. All rights reserved.
4036
4062
  * Licensed under the MIT License.
@@ -4123,7 +4149,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
4123
4149
  };
4124
4150
  };
4125
4151
 
4126
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4152
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4127
4153
 
4128
4154
  /*
4129
4155
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4203,7 +4229,7 @@ class PopTokenGenerator {
4203
4229
  }
4204
4230
  }
4205
4231
 
4206
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4232
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4207
4233
  /*
4208
4234
  * Copyright (c) Microsoft Corporation. All rights reserved.
4209
4235
  * Licensed under the MIT License.
@@ -4230,7 +4256,7 @@ class PopTokenGenerator {
4230
4256
  }
4231
4257
  }
4232
4258
 
4233
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4259
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4234
4260
 
4235
4261
  /*
4236
4262
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4489,7 +4515,7 @@ function isAuthorityMetadataExpired(metadata) {
4489
4515
  return metadata.expiresAt <= nowSeconds();
4490
4516
  }
4491
4517
 
4492
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4518
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4493
4519
 
4494
4520
  /*
4495
4521
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4674,6 +4700,11 @@ class ResponseHandler {
4674
4700
  : undefined;
4675
4701
  // non AAD scenarios can have empty realm
4676
4702
  cachedAccessToken = createAccessTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.access_token, this.clientId, claimsTenantId || authority.tenant || "", responseScopes.printScopes(), tokenExpirationSeconds, extendedTokenExpirationSeconds, this.cryptoObj.base64Decode, refreshOnSeconds, serverTokenResponse.token_type, userAssertionHash, serverTokenResponse.key_id);
4703
+ // Set resource (to be used for MCP scenarios)
4704
+ const resource = request.resource || null;
4705
+ if (resource) {
4706
+ cachedAccessToken.resource = resource;
4707
+ }
4677
4708
  }
4678
4709
  // refreshToken
4679
4710
  let cachedRefreshToken = null;
@@ -4825,7 +4856,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
4825
4856
  return baseAccount;
4826
4857
  }
4827
4858
 
4828
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4859
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4829
4860
  /*
4830
4861
  * Copyright (c) Microsoft Corporation. All rights reserved.
4831
4862
  * Licensed under the MIT License.
@@ -4835,7 +4866,7 @@ const CcsCredentialType = {
4835
4866
  UPN: "UPN",
4836
4867
  };
4837
4868
 
4838
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4869
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4839
4870
  /*
4840
4871
  * Copyright (c) Microsoft Corporation. All rights reserved.
4841
4872
  * Licensed under the MIT License.
@@ -4853,7 +4884,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
4853
4884
  }
4854
4885
  }
4855
4886
 
4856
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4887
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4857
4888
  /*
4858
4889
  * Copyright (c) Microsoft Corporation. All rights reserved.
4859
4890
  * Licensed under the MIT License.
@@ -4874,7 +4905,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
4874
4905
  };
4875
4906
  }
4876
4907
 
4877
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4908
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4878
4909
 
4879
4910
  /*
4880
4911
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4960,7 +4991,7 @@ class ThrottlingUtils {
4960
4991
  }
4961
4992
  }
4962
4993
 
4963
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4994
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4964
4995
 
4965
4996
  /*
4966
4997
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4991,7 +5022,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
4991
5022
  return new NetworkError(error, httpStatus, responseHeaders);
4992
5023
  }
4993
5024
 
4994
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5025
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4995
5026
 
4996
5027
  /*
4997
5028
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5105,7 +5136,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
5105
5136
  return response;
5106
5137
  }
5107
5138
 
5108
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5139
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
5109
5140
  /*
5110
5141
  * Copyright (c) Microsoft Corporation. All rights reserved.
5111
5142
  * Licensed under the MIT License.
@@ -5117,7 +5148,7 @@ function isOpenIdConfigResponse(response) {
5117
5148
  response.hasOwnProperty("jwks_uri"));
5118
5149
  }
5119
5150
 
5120
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5151
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
5121
5152
  /*
5122
5153
  * Copyright (c) Microsoft Corporation. All rights reserved.
5123
5154
  * Licensed under the MIT License.
@@ -5127,7 +5158,7 @@ function isCloudInstanceDiscoveryResponse(response) {
5127
5158
  response.hasOwnProperty("metadata"));
5128
5159
  }
5129
5160
 
5130
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5161
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
5131
5162
  /*
5132
5163
  * Copyright (c) Microsoft Corporation. All rights reserved.
5133
5164
  * Licensed under the MIT License.
@@ -5137,7 +5168,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
5137
5168
  response.hasOwnProperty("error_description"));
5138
5169
  }
5139
5170
 
5140
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5171
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
5141
5172
 
5142
5173
  /*
5143
5174
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5242,7 +5273,7 @@ RegionDiscovery.IMDS_OPTIONS = {
5242
5273
  },
5243
5274
  };
5244
5275
 
5245
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5276
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
5246
5277
 
5247
5278
  /*
5248
5279
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6062,7 +6093,7 @@ function buildStaticAuthorityOptions(authOptions) {
6062
6093
  };
6063
6094
  }
6064
6095
 
6065
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6096
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6066
6097
 
6067
6098
  /*
6068
6099
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6096,7 +6127,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
6096
6127
  }
6097
6128
  }
6098
6129
 
6099
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6130
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6100
6131
 
6101
6132
  /*
6102
6133
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6216,6 +6247,7 @@ class AuthorizationCodeClient {
6216
6247
  }
6217
6248
  // Add scope array, parameter builder will add default scopes and dedupe
6218
6249
  addScopes(parameters, request.scopes, true, this.oidcDefaultScopes);
6250
+ addResource(parameters, request.resource);
6219
6251
  // add code: user set, not validated
6220
6252
  addAuthorizationCode(parameters, request.code);
6221
6253
  // Add library metadata
@@ -6356,7 +6388,7 @@ class AuthorizationCodeClient {
6356
6388
  }
6357
6389
  }
6358
6390
 
6359
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6391
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6360
6392
 
6361
6393
  /*
6362
6394
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6581,7 +6613,7 @@ class RefreshTokenClient {
6581
6613
  }
6582
6614
  }
6583
6615
 
6584
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6616
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6585
6617
 
6586
6618
  /*
6587
6619
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6637,6 +6669,13 @@ class SilentFlowClient {
6637
6669
  this.setCacheOutcome(CacheOutcome.CACHED_ACCESS_TOKEN_EXPIRED, request.correlationId);
6638
6670
  throw createClientAuthError(tokenRefreshRequired);
6639
6671
  }
6672
+ else if (request.resource) {
6673
+ // cached access token must have a resource that matches the request resource for MCP scenarios
6674
+ if (cachedAccessToken.resource !== request.resource) {
6675
+ this.setCacheOutcome(CacheOutcome.NO_CACHED_ACCESS_TOKEN, request.correlationId);
6676
+ throw createClientAuthError(tokenRefreshRequired);
6677
+ }
6678
+ }
6640
6679
  else if (cachedAccessToken.refreshOn &&
6641
6680
  isTokenExpired(cachedAccessToken.refreshOn, 0)) {
6642
6681
  // must refresh (in the background) due to the refresh_in value
@@ -6690,7 +6729,7 @@ class SilentFlowClient {
6690
6729
  }
6691
6730
  }
6692
6731
 
6693
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6732
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6694
6733
 
6695
6734
  /*
6696
6735
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6705,7 +6744,7 @@ const StubbedNetworkModule = {
6705
6744
  },
6706
6745
  };
6707
6746
 
6708
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6747
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6709
6748
 
6710
6749
  /*
6711
6750
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6731,12 +6770,15 @@ function getStandardAuthorizeRequestParameters(authOptions, request, logger, per
6731
6770
  ...(request.extraScopesToConsent || []),
6732
6771
  ];
6733
6772
  addScopes(parameters, requestScopes, true, authOptions.authority.options.OIDCOptions?.defaultScopes);
6773
+ addResource(parameters, request.resource);
6734
6774
  addRedirectUri(parameters, request.redirectUri);
6735
6775
  addCorrelationId(parameters, correlationId);
6736
6776
  // add response_mode. If not passed in it defaults to query.
6737
6777
  addResponseMode(parameters, request.responseMode);
6738
6778
  // add client_info=1
6739
6779
  addClientInfo(parameters);
6780
+ // add clidata=1
6781
+ addCliData(parameters);
6740
6782
  if (request.prompt) {
6741
6783
  addPrompt(parameters, request.prompt);
6742
6784
  performanceClient?.addFields({ prompt: request.prompt }, correlationId);
@@ -6929,7 +6971,40 @@ function extractLoginHint(account) {
6929
6971
  return account.loginHint || account.idTokenClaims?.login_hint || null;
6930
6972
  }
6931
6973
 
6932
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6974
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6975
+
6976
+ /*
6977
+ * Copyright (c) Microsoft Corporation. All rights reserved.
6978
+ * Licensed under the MIT License.
6979
+ */
6980
+ /**
6981
+ * Helper to enforce resource parameter presence in token requests when isMcp is set in the configuration.
6982
+ * If resource parameter is set in both the request and in extraQueryParameters or extraParameters, an error will be thrown.
6983
+ * This is used for MCP flows.
6984
+ * @param isMcp - Flag indicating if application is an MCP app, from configuration
6985
+ * @param request - Auth request
6986
+ */
6987
+ function enforceResourceParameter(isMcp, request) {
6988
+ if (!isMcp) {
6989
+ return;
6990
+ }
6991
+ if (request.resource &&
6992
+ (containsResourceParam(request.extraParameters) ||
6993
+ containsResourceParam(request.extraQueryParameters))) {
6994
+ throw createClientAuthError(misplacedResourceParam);
6995
+ }
6996
+ if (!request.resource) {
6997
+ throw createClientAuthError(resourceParameterRequired);
6998
+ }
6999
+ }
7000
+ function containsResourceParam(params) {
7001
+ if (!params) {
7002
+ return false;
7003
+ }
7004
+ return Object.prototype.hasOwnProperty.call(params, "resource");
7005
+ }
7006
+
7007
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6933
7008
 
6934
7009
  /*
6935
7010
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6987,7 +7062,7 @@ class AuthenticationHeaderParser {
6987
7062
  }
6988
7063
  }
6989
7064
 
6990
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7065
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6991
7066
  /*
6992
7067
  * Copyright (c) Microsoft Corporation. All rights reserved.
6993
7068
  * Licensed under the MIT License.
@@ -7004,7 +7079,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
7004
7079
  unexpectedError: unexpectedError
7005
7080
  });
7006
7081
 
7007
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7082
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
7008
7083
 
7009
7084
  /*
7010
7085
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7265,7 +7340,7 @@ class ServerTelemetryManager {
7265
7340
  }
7266
7341
  }
7267
7342
 
7268
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7343
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
7269
7344
 
7270
7345
  /*
7271
7346
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7286,7 +7361,7 @@ function createJoseHeaderError(code) {
7286
7361
  return new JoseHeaderError(code);
7287
7362
  }
7288
7363
 
7289
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7364
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
7290
7365
  /*
7291
7366
  * Copyright (c) Microsoft Corporation. All rights reserved.
7292
7367
  * Licensed under the MIT License.
@@ -7294,7 +7369,7 @@ function createJoseHeaderError(code) {
7294
7369
  const missingKidError = "missing_kid_error";
7295
7370
  const missingAlgError = "missing_alg_error";
7296
7371
 
7297
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7372
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
7298
7373
 
7299
7374
  /*
7300
7375
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7334,7 +7409,7 @@ class JoseHeader {
7334
7409
  }
7335
7410
  }
7336
7411
 
7337
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7412
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
7338
7413
 
7339
7414
  /*
7340
7415
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7430,8 +7505,10 @@ function addError(error, logger, event, stackMaxSize = 5) {
7430
7505
  else if (error instanceof AuthError) {
7431
7506
  event.errorCode = error.errorCode;
7432
7507
  event.subErrorCode = error.subError;
7433
- if (error instanceof ServerError ||
7434
- error instanceof InteractionRequiredAuthError) {
7508
+ if (!event.serverErrorNo &&
7509
+ (error instanceof ServerError ||
7510
+ error instanceof InteractionRequiredAuthError) &&
7511
+ error.errorNo) {
7435
7512
  event.serverErrorNo = error.errorNo;
7436
7513
  }
7437
7514
  return;
@@ -8768,9 +8845,13 @@ function cancelPendingBridgeResponse(logger, correlationId) {
8768
8845
  activeBridgeMonitor = null;
8769
8846
  }
8770
8847
  }
8771
- async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request) {
8848
+ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient) {
8772
8849
  return new Promise((resolve, reject) => {
8773
8850
  logger.verbose("1rf6em", request.correlationId);
8851
+ const correlationId = request.correlationId;
8852
+ performanceClient.addFields({
8853
+ redirectBridgeTimeoutMs: timeoutMs,
8854
+ }, correlationId);
8774
8855
  const { libraryState } = parseRequestState(browserCrypto.base64Decode, request.state || "");
8775
8856
  const channel = new BroadcastChannel(libraryState.id);
8776
8857
  let responseString = undefined;
@@ -8788,6 +8869,12 @@ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request)
8788
8869
  };
8789
8870
  channel.onmessage = (event) => {
8790
8871
  responseString = event.data.payload;
8872
+ const messageVersion = event?.data && typeof event.data.v === "number"
8873
+ ? event.data.v
8874
+ : undefined;
8875
+ performanceClient.addFields({
8876
+ redirectBridgeMessageVersion: messageVersion,
8877
+ }, correlationId);
8791
8878
  // Clear the active monitor
8792
8879
  activeBridgeMonitor = null;
8793
8880
  clearTimeout(timeoutId);
@@ -10207,7 +10294,7 @@ const EventType = {
10207
10294
 
10208
10295
  /* eslint-disable header/header */
10209
10296
  const name = "@azure/msal-browser";
10210
- const version = "5.4.0";
10297
+ const version = "5.6.0";
10211
10298
 
10212
10299
  /*
10213
10300
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -11522,6 +11609,9 @@ class BrowserCacheManager extends CacheManager {
11522
11609
  : 0, base64Decode, undefined, // refreshOn
11523
11610
  result.tokenType, undefined, // userAssertionHash
11524
11611
  request.sshKid);
11612
+ if (request.resource) {
11613
+ accessTokenEntity.resource = request.resource;
11614
+ }
11525
11615
  const cacheRecord = {
11526
11616
  idToken: idTokenEntity,
11527
11617
  accessToken: accessTokenEntity,
@@ -11607,10 +11697,6 @@ function getAllAccounts(logger, browserStorage, isInBrowser, correlationId, acco
11607
11697
  */
11608
11698
  function getAccount(accountFilter, logger, browserStorage, correlationId) {
11609
11699
  logger.trace("0u7b90", correlationId);
11610
- if (Object.keys(accountFilter).length === 0) {
11611
- logger.warning("1kz0cu", correlationId);
11612
- return null;
11613
- }
11614
11700
  const account = browserStorage.getAccountInfoFilteredBy(accountFilter, correlationId);
11615
11701
  if (account) {
11616
11702
  logger.verbose("0btgll", correlationId);
@@ -12074,6 +12160,7 @@ class StandardInteractionClient extends BaseInteractionClient {
12074
12160
  authority: discoveredAuthority,
12075
12161
  clientCapabilities: this.config.auth.clientCapabilities,
12076
12162
  redirectUri: this.config.auth.redirectUri,
12163
+ isMcp: this.config.auth.isMcp,
12077
12164
  },
12078
12165
  systemOptions: {
12079
12166
  tokenRenewalOffsetSeconds: this.config.system.tokenRenewalOffsetSeconds,
@@ -12114,6 +12201,10 @@ class StandardInteractionClient extends BaseInteractionClient {
12114
12201
  */
12115
12202
  async function initializeAuthorizationRequest(request, interactionType, config, browserCrypto, browserStorage, logger, performanceClient, correlationId) {
12116
12203
  const redirectUri = getRedirectUri(request.redirectUri, config.auth.redirectUri, logger, correlationId);
12204
+ if (new URL(redirectUri).origin !== new URL(window.location.href).origin) {
12205
+ logger.warning("08qbvw", correlationId);
12206
+ performanceClient.addFields({ isRedirectUriCrossOrigin: true }, correlationId);
12207
+ }
12117
12208
  const browserState = {
12118
12209
  interactionType: interactionType,
12119
12210
  };
@@ -12791,6 +12882,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
12791
12882
  correlationId: this.correlationId,
12792
12883
  state: response.state,
12793
12884
  fromPlatformBroker: true,
12885
+ ...(request.resource && { resource: request.resource }),
12794
12886
  };
12795
12887
  return result;
12796
12888
  }
@@ -13032,6 +13124,62 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
13032
13124
  * Copyright (c) Microsoft Corporation. All rights reserved.
13033
13125
  * Licensed under the MIT License.
13034
13126
  */
13127
+ const clientDataAccountTypeMapping = new Map([
13128
+ ["e", "AAD"],
13129
+ ["m", "MSA"],
13130
+ ]);
13131
+ /**
13132
+ * Parses the clientdata response parameter from the /authorize endpoint.
13133
+ *
13134
+ * Logically, the clientdata value is URL-encoded and pipe-delimited:
13135
+ * urlencoded(account_type | error | sub_error | cloud_instance | caller_data_boundary)
13136
+ *
13137
+ * In normal browser flows, this value may already have been URL-decoded
13138
+ * (e.g. by URLSearchParams). This function will only apply decodeURIComponent
13139
+ * when the string appears to contain percent-encoded sequences to avoid
13140
+ * double-decoding.
13141
+ *
13142
+ * @param clientdata - The raw clientdata string from the authorize response
13143
+ * @returns Parsed ClientData object, or null if the input is empty/invalid
13144
+ */
13145
+ function parseClientData(clientdata) {
13146
+ if (!clientdata) {
13147
+ return null;
13148
+ }
13149
+ try {
13150
+ // Only decode when the string appears to contain percent-encoded sequences
13151
+ const shouldDecode = /%(?:[0-9A-Fa-f]{2})/.test(clientdata);
13152
+ const decoded = shouldDecode
13153
+ ? decodeURIComponent(clientdata)
13154
+ : clientdata;
13155
+ const parts = decoded.split("|");
13156
+ if (parts.length < 5) {
13157
+ return null;
13158
+ }
13159
+ return {
13160
+ accountType: clientDataAccountTypeMapping.get(parts[0]?.trim() || "") || "",
13161
+ error: parts[1]?.trim() || "",
13162
+ subError: parts[2]?.trim() || "",
13163
+ cloudInstance: parts[3]?.trim() || "",
13164
+ callerDataBoundary: parts[4]?.trim() || "",
13165
+ };
13166
+ }
13167
+ catch {
13168
+ return null;
13169
+ }
13170
+ }
13171
+ /**
13172
+ * Instruments account type, error, and suberror from clientdata
13173
+ */
13174
+ function instrumentClientData(response, correlationId, performanceClient) {
13175
+ const parsed = parseClientData(response.clientdata);
13176
+ parsed?.accountType &&
13177
+ performanceClient.addFields({ accountType: parsed.accountType }, correlationId);
13178
+ parsed?.error &&
13179
+ performanceClient.addFields({ serverErrorNo: parsed.error }, correlationId);
13180
+ parsed?.subError &&
13181
+ performanceClient.addFields({ serverSubErrorNo: parsed.subError }, correlationId);
13182
+ }
13035
13183
  /**
13036
13184
  * Returns map of parameters that are applicable to all calls to /authorize whether using PKCE or EAR
13037
13185
  * @param config
@@ -13201,6 +13349,8 @@ async function handleResponsePlatformBroker(request, accountId, apiId, config, b
13201
13349
  async function handleResponseCode(request, response, codeVerifier, apiId, config, authClient, browserStorage, nativeStorage, eventHandler, logger, performanceClient, platformAuthProvider) {
13202
13350
  // Remove throttle if it exists
13203
13351
  ThrottlingUtils.removeThrottle(browserStorage, config.auth.clientId, request);
13352
+ // Instrument clientdata telemetry fields from the authorize response
13353
+ instrumentClientData(response, request.correlationId, performanceClient);
13204
13354
  if (response.accountId) {
13205
13355
  return invokeAsync(handleResponsePlatformBroker, HandleResponsePlatformBroker, logger, performanceClient, request.correlationId)(request, response.accountId, apiId, config, browserStorage, nativeStorage, eventHandler, logger, performanceClient, platformAuthProvider);
13206
13356
  }
@@ -13233,6 +13383,8 @@ async function handleResponseCode(request, response, codeVerifier, apiId, config
13233
13383
  async function handleResponseEAR(request, response, apiId, config, authority, browserStorage, nativeStorage, eventHandler, logger, performanceClient, platformAuthProvider) {
13234
13384
  // Remove throttle if it exists
13235
13385
  ThrottlingUtils.removeThrottle(browserStorage, config.auth.clientId, request);
13386
+ // Instrument clientdata telemetry fields from the authorize response
13387
+ instrumentClientData(response, request.correlationId, performanceClient);
13236
13388
  // Validate state & check response for errors
13237
13389
  validateAuthorizationResponse(response, request.state);
13238
13390
  if (!response.ear_jwe) {
@@ -13519,6 +13671,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
13519
13671
  tenant: "",
13520
13672
  },
13521
13673
  instanceAware: false,
13674
+ isMcp: false,
13522
13675
  };
13523
13676
  // Default cache options for browser
13524
13677
  const DEFAULT_CACHE_OPTIONS = {
@@ -13911,14 +14064,17 @@ class PlatformAuthDOMHandler {
13911
14064
  initializePlatformDOMRequest(request) {
13912
14065
  this.logger.trace("15d6yv", request.correlationId);
13913
14066
  const { accountId, clientId, authority, scope, redirectUri, correlationId, state, storeInCache, embeddedClientId, extraParameters, ...remainingProperties } = request;
13914
- const validExtraParameters = this.getDOMExtraParams(remainingProperties);
14067
+ const validExtraParameters = this.getDOMExtraParams(remainingProperties, correlationId);
13915
14068
  const platformDOMRequest = {
13916
14069
  accountId: accountId,
13917
14070
  brokerId: this.getExtensionId(),
13918
14071
  authority: authority,
13919
14072
  clientId: clientId,
13920
14073
  correlationId: correlationId || this.correlationId,
13921
- extraParameters: { ...extraParameters, ...validExtraParameters },
14074
+ extraParameters: {
14075
+ ...extraParameters,
14076
+ ...validExtraParameters,
14077
+ },
13922
14078
  isSecurityTokenService: false,
13923
14079
  redirectUri: redirectUri,
13924
14080
  scope: scope,
@@ -13972,15 +14128,27 @@ class PlatformAuthDOMHandler {
13972
14128
  };
13973
14129
  return nativeResponse;
13974
14130
  }
13975
- getDOMExtraParams(extraParameters) {
13976
- const stringifiedParams = Object.entries(extraParameters).reduce((record, [key, value]) => {
13977
- record[key] = String(value);
13978
- return record;
13979
- }, {});
13980
- const validExtraParams = {
13981
- ...stringifiedParams,
13982
- };
13983
- return validExtraParams;
14131
+ getDOMExtraParams(extraParameters, correlationId) {
14132
+ try {
14133
+ const stringifiedProperties = {};
14134
+ for (const [key, value] of Object.entries(extraParameters)) {
14135
+ if (!value) {
14136
+ continue;
14137
+ }
14138
+ if (typeof value === "object") {
14139
+ stringifiedProperties[key] = JSON.stringify(value);
14140
+ }
14141
+ else {
14142
+ stringifiedProperties[key] = String(value);
14143
+ }
14144
+ }
14145
+ return stringifiedProperties;
14146
+ }
14147
+ catch (e) {
14148
+ this.logger.error("0eu9o3", correlationId);
14149
+ this.logger.errorPii("17rpl5", correlationId);
14150
+ return {};
14151
+ }
13984
14152
  }
13985
14153
  }
13986
14154
 
@@ -14224,7 +14392,7 @@ class PopupClient extends StandardInteractionClient {
14224
14392
  const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
14225
14393
  this.eventHandler.emitEvent(EventType.POPUP_OPENED, correlationId, exports.InteractionType.Popup, { popupWindow }, null);
14226
14394
  // Wait for the redirect bridge response
14227
- const responseString = await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request);
14395
+ const responseString = await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
14228
14396
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
14229
14397
  return await invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
14230
14398
  }
@@ -14259,7 +14427,7 @@ class PopupClient extends StandardInteractionClient {
14259
14427
  const form = await getEARForm(popupWindow.document, this.config, discoveredAuthority, popupRequest, this.logger, this.performanceClient);
14260
14428
  form.submit();
14261
14429
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
14262
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, popupRequest);
14430
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, popupRequest, this.performanceClient);
14263
14431
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
14264
14432
  if (!serverParams.ear_jwe && serverParams.code) {
14265
14433
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
@@ -14284,7 +14452,7 @@ class PopupClient extends StandardInteractionClient {
14284
14452
  const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
14285
14453
  form.submit();
14286
14454
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
14287
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request);
14455
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
14288
14456
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
14289
14457
  return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
14290
14458
  }
@@ -14337,7 +14505,7 @@ class PopupClient extends StandardInteractionClient {
14337
14505
  // Open the popup window to requestUrl.
14338
14506
  const popupWindow = this.openPopup(logoutUri, popupParams);
14339
14507
  this.eventHandler.emitEvent(EventType.POPUP_OPENED, validRequest.correlationId, exports.InteractionType.Popup, { popupWindow }, null);
14340
- await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, validRequest).catch(() => {
14508
+ await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, validRequest, this.performanceClient).catch(() => {
14341
14509
  // Swallow any errors related to monitoring the window. Server logout is best effort
14342
14510
  });
14343
14511
  if (mainWindowRedirectUri) {
@@ -15085,7 +15253,7 @@ class SilentIframeClient extends StandardInteractionClient {
15085
15253
  };
15086
15254
  await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
15087
15255
  const responseType = this.config.auth.OIDCOptions.responseMode;
15088
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request);
15256
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
15089
15257
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
15090
15258
  if (!serverParams.ear_jwe && serverParams.code) {
15091
15259
  // If server doesn't support EAR, they may fallback to auth code flow instead
@@ -15134,7 +15302,7 @@ class SilentIframeClient extends StandardInteractionClient {
15134
15302
  }
15135
15303
  const responseType = this.config.auth.OIDCOptions.responseMode;
15136
15304
  // Wait for response from the redirect bridge.
15137
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request);
15305
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
15138
15306
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
15139
15307
  return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
15140
15308
  }
@@ -15287,6 +15455,22 @@ class SilentAuthCodeClient extends StandardInteractionClient {
15287
15455
  * Copyright (c) Microsoft Corporation. All rights reserved.
15288
15456
  * Licensed under the MIT License.
15289
15457
  */
15458
+ /**
15459
+ * Get network information for telemetry purposes. This is only supported in Chromium-based browsers.
15460
+ * @returns Network connection information, or an empty object if not available.
15461
+ */
15462
+ function getNetworkInfo() {
15463
+ if (typeof window === "undefined" || !window.navigator) {
15464
+ return {};
15465
+ }
15466
+ const connection = "connection" in window.navigator
15467
+ ? window.navigator.connection
15468
+ : undefined;
15469
+ return {
15470
+ effectiveType: connection?.effectiveType,
15471
+ rtt: connection?.rtt,
15472
+ };
15473
+ }
15290
15474
  function collectInstanceStats(currentClientId, performanceEvent, logger, correlationId) {
15291
15475
  const frameInstances =
15292
15476
  // @ts-ignore
@@ -15306,12 +15490,13 @@ function collectInstanceStats(currentClientId, performanceEvent, logger, correla
15306
15490
  * Copyright (c) Microsoft Corporation. All rights reserved.
15307
15491
  * Licensed under the MIT License.
15308
15492
  */
15309
- function preflightCheck(initialized, performanceEvent, account) {
15493
+ function preflightCheck(initialized, performanceEvent, config, request) {
15310
15494
  try {
15311
15495
  preflightCheck$1(initialized);
15496
+ enforceResourceParameter(config.auth.isMcp, request);
15312
15497
  }
15313
15498
  catch (e) {
15314
- performanceEvent.end({ success: false }, e, account);
15499
+ performanceEvent.end({ success: false }, e, request.account);
15315
15500
  throw e;
15316
15501
  }
15317
15502
  }
@@ -15412,6 +15597,7 @@ class StandardController {
15412
15597
  this.eventHandler.emitEvent(EventType.INITIALIZE_START, correlationId);
15413
15598
  // Broker applications are initialized twice, so we avoid double-counting it
15414
15599
  this.logMultipleInstances(initMeasurement, correlationId);
15600
+ initMeasurement.add({ isMcp: this.config.auth.isMcp });
15415
15601
  await invokeAsync(this.browserStorage.initialize.bind(this.browserStorage), InitializeCache, this.logger, this.performanceClient, correlationId)(correlationId);
15416
15602
  if (allowPlatformBroker) {
15417
15603
  try {
@@ -15589,6 +15775,7 @@ class StandardController {
15589
15775
  };
15590
15776
  try {
15591
15777
  redirectPreflightCheck(this.initialized, this.config);
15778
+ enforceResourceParameter(this.config.auth.isMcp, request);
15592
15779
  this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
15593
15780
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Redirect, request);
15594
15781
  let result;
@@ -15653,7 +15840,7 @@ class StandardController {
15653
15840
  });
15654
15841
  try {
15655
15842
  this.logger.verbose("0ch87b", correlationId);
15656
- preflightCheck(this.initialized, atPopupMeasurement, request.account);
15843
+ preflightCheck(this.initialized, atPopupMeasurement, this.config, request);
15657
15844
  this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN, request.overrideInteractionInProgress, correlationId);
15658
15845
  }
15659
15846
  catch (e) {
@@ -15767,7 +15954,7 @@ class StandardController {
15767
15954
  this.ssoSilentMeasurement?.add({
15768
15955
  scenarioId: request.scenarioId,
15769
15956
  });
15770
- preflightCheck(this.initialized, this.ssoSilentMeasurement, request.account);
15957
+ preflightCheck(this.initialized, this.ssoSilentMeasurement, this.config, validRequest);
15771
15958
  this.ssoSilentMeasurement?.increment({
15772
15959
  visibilityChangeCount: 0,
15773
15960
  });
@@ -15831,7 +16018,7 @@ class StandardController {
15831
16018
  const correlationId = this.getRequestCorrelationId(request);
15832
16019
  this.logger.trace("0ch6ga", correlationId);
15833
16020
  const atbcMeasurement = this.performanceClient.startMeasurement(AcquireTokenByCode, correlationId);
15834
- preflightCheck(this.initialized, atbcMeasurement);
16021
+ preflightCheck(this.initialized, atbcMeasurement, this.config, request);
15835
16022
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Silent, request);
15836
16023
  atbcMeasurement.add({ scenarioId: request.scenarioId });
15837
16024
  try {
@@ -16333,7 +16520,7 @@ class StandardController {
16333
16520
  cacheLookupPolicy: request.cacheLookupPolicy,
16334
16521
  scenarioId: request.scenarioId,
16335
16522
  });
16336
- preflightCheck(this.initialized, atsMeasurement, request.account);
16523
+ preflightCheck(this.initialized, atsMeasurement, this.config, request);
16337
16524
  this.logger.verbose("0x1c4s", correlationId);
16338
16525
  const account = request.account || this.getActiveAccount();
16339
16526
  if (!account) {
@@ -16789,6 +16976,7 @@ class NestedAppAuthAdapter {
16789
16976
  platformBrokerId: request.account?.homeAccountId,
16790
16977
  clientId: this.clientId,
16791
16978
  authority: request.authority,
16979
+ resource: request.resource,
16792
16980
  scope: scopes.join(" "),
16793
16981
  correlationId,
16794
16982
  claims: !StringUtils.isEmptyObj(claims) ? claims : undefined,
@@ -17059,6 +17247,7 @@ class NestedAppAuthController {
17059
17247
  const atPopupMeasurement = this.performanceClient.startMeasurement(AcquireTokenPopup, correlationId);
17060
17248
  atPopupMeasurement.add({ nestedAppAuthRequest: true });
17061
17249
  try {
17250
+ enforceResourceParameter(this.config.auth.isMcp, validRequest);
17062
17251
  const naaRequest = this.nestedAppAuthAdapter.toNaaTokenRequest(validRequest);
17063
17252
  const reqTimestamp = nowSeconds();
17064
17253
  const response = await this.bridgeProxy.getTokenInteractive(naaRequest);
@@ -17125,6 +17314,7 @@ class NestedAppAuthController {
17125
17314
  nestedAppAuthRequest: true,
17126
17315
  });
17127
17316
  try {
17317
+ enforceResourceParameter(this.config.auth.isMcp, validRequest);
17128
17318
  const naaRequest = this.nestedAppAuthAdapter.toNaaTokenRequest(validRequest);
17129
17319
  naaRequest.forceRefresh = validRequest.forceRefresh;
17130
17320
  const reqTimestamp = nowSeconds();
@@ -17259,6 +17449,14 @@ class NestedAppAuthController {
17259
17449
  this.logger.verbose("18egye", correlationId);
17260
17450
  return Promise.resolve(null);
17261
17451
  }
17452
+ else if (authRequest.resource) {
17453
+ const requestedResource = authRequest.resource;
17454
+ const cachedResource = cachedAccessToken.resource;
17455
+ if (!cachedResource || cachedResource !== requestedResource) {
17456
+ this.logger.verbose("0qraxd", correlationId);
17457
+ return Promise.resolve(null);
17458
+ }
17459
+ }
17262
17460
  const cachedIdToken = this.browserStorage.getIdToken(currentAccount, authRequest.correlationId, tokenKeys, currentAccount.tenantId);
17263
17461
  if (!cachedIdToken) {
17264
17462
  this.logger.verbose("0d68kd", correlationId);
@@ -18428,11 +18626,14 @@ class BrowserPerformanceClient extends PerformanceClient {
18428
18626
  return {
18429
18627
  ...inProgressEvent,
18430
18628
  end: (event, error, account) => {
18629
+ const networkInfo = getNetworkInfo();
18431
18630
  const res = inProgressEvent.end({
18432
18631
  ...event,
18433
18632
  startPageVisibility,
18434
18633
  endPageVisibility: this.getPageVisibility(),
18435
18634
  durationMs: getPerfDurationMs(startTime),
18635
+ networkEffectiveType: networkInfo.effectiveType,
18636
+ networkRtt: networkInfo.rtt,
18436
18637
  }, error, account);
18437
18638
  void browserMeasurement?.then((measurement) => measurement.endMeasurement());
18438
18639
  this.deleteIncompleteSubMeasurements(inProgressEvent);
@@ -18604,6 +18805,7 @@ exports.StubPerformanceClient = StubPerformanceClient;
18604
18805
  exports.WrapperSKU = WrapperSKU;
18605
18806
  exports.createNestablePublicClientApplication = createNestablePublicClientApplication;
18606
18807
  exports.createStandardPublicClientApplication = createStandardPublicClientApplication;
18808
+ exports.enforceResourceParameter = enforceResourceParameter;
18607
18809
  exports.isPlatformBrokerAvailable = isPlatformBrokerAvailable;
18608
18810
  exports.loadExternalTokens = loadExternalTokens;
18609
18811
  exports.stubbedPublicClientApplication = stubbedPublicClientApplication;