@azure/msal-browser 5.4.0 → 5.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +27 -12
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
- package/dist/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
- package/dist/cache/AccountManager.d.ts.map +1 -1
- package/dist/cache/AccountManager.mjs +1 -5
- package/dist/cache/AccountManager.mjs.map +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
- package/dist/cache/BrowserCacheManager.mjs +4 -1
- package/dist/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.mjs +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.d.ts +4 -0
- package/dist/config/Configuration.d.ts.map +1 -1
- package/dist/config/Configuration.mjs +2 -1
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +12 -2
- package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
- package/dist/controllers/StandardController.d.ts.map +1 -1
- package/dist/controllers/StandardController.mjs +11 -8
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +27 -12
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
- package/dist/custom-auth-path/cache/AccountManager.d.ts.map +1 -1
- package/dist/custom-auth-path/cache/AccountManager.mjs +1 -5
- package/dist/custom-auth-path/cache/AccountManager.mjs.map +1 -1
- package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/BrowserCacheManager.d.ts.map +1 -1
- package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +4 -1
- package/dist/custom-auth-path/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
- package/dist/custom-auth-path/cache/CacheKeys.mjs +1 -1
- package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
- package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
- package/dist/custom-auth-path/config/Configuration.d.ts +4 -0
- package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
- package/dist/custom-auth-path/config/Configuration.mjs +2 -1
- package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
- package/dist/custom-auth-path/controllers/NestedAppAuthController.d.ts.map +1 -1
- package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
- package/dist/custom-auth-path/controllers/StandardController.mjs +11 -8
- package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
- package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
- package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
- package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
- package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
- package/dist/custom-auth-path/event/EventType.mjs +1 -1
- package/dist/custom-auth-path/index.d.ts +1 -1
- package/dist/custom-auth-path/index.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +2 -1
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/PopupClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/PopupClient.mjs +5 -5
- package/dist/custom-auth-path/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +3 -3
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/StandardInteractionClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +6 -1
- package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/custom-auth-path/log-strings-mapping.json +19 -7
- package/dist/custom-auth-path/naa/TokenRequest.d.ts +1 -0
- package/dist/custom-auth-path/naa/TokenRequest.d.ts.map +1 -1
- package/dist/custom-auth-path/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
- package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
- package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
- package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
- package/dist/custom-auth-path/packageMetadata.mjs +2 -2
- package/dist/custom-auth-path/protocol/Authorize.d.ts +33 -0
- package/dist/custom-auth-path/protocol/Authorize.d.ts.map +1 -1
- package/dist/custom-auth-path/protocol/Authorize.mjs +62 -2
- package/dist/custom-auth-path/protocol/Authorize.mjs.map +1 -1
- package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
- package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
- package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +1 -1
- package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserUtils.d.ts +2 -2
- package/dist/custom-auth-path/utils/BrowserUtils.d.ts.map +1 -1
- package/dist/custom-auth-path/utils/BrowserUtils.mjs +12 -2
- package/dist/custom-auth-path/utils/BrowserUtils.mjs.map +1 -1
- package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
- package/dist/custom-auth-path/utils/MsalFrameStatsUtils.d.ts +10 -0
- package/dist/custom-auth-path/utils/MsalFrameStatsUtils.d.ts.map +1 -1
- package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +5 -1
- package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs.map +1 -1
- package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.mjs +2 -2
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +2 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.d.ts.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +5 -5
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +3 -3
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +6 -1
- package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/log-strings-mapping.json +23 -11
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/TokenRequest.d.ts +1 -0
- package/dist/naa/TokenRequest.d.ts.map +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +2 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs.map +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.d.ts +33 -0
- package/dist/protocol/Authorize.d.ts.map +1 -1
- package/dist/protocol/Authorize.mjs +62 -2
- package/dist/protocol/Authorize.mjs.map +1 -1
- package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
- package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
- package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
- package/dist/redirect-bridge/cache/AccountManager.d.ts.map +1 -1
- package/dist/redirect-bridge/cache/BrowserCacheManager.d.ts.map +1 -1
- package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
- package/dist/redirect-bridge/config/Configuration.d.ts +4 -0
- package/dist/redirect-bridge/config/Configuration.d.ts.map +1 -1
- package/dist/redirect-bridge/config/Configuration.mjs +1 -1
- package/dist/redirect-bridge/controllers/NestedAppAuthController.d.ts.map +1 -1
- package/dist/redirect-bridge/controllers/StandardController.d.ts.map +1 -1
- package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
- package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
- package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/redirect-bridge/index.d.ts +1 -1
- package/dist/redirect-bridge/index.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/PopupClient.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/StandardInteractionClient.d.ts.map +1 -1
- package/dist/redirect-bridge/naa/TokenRequest.d.ts +1 -0
- package/dist/redirect-bridge/naa/TokenRequest.d.ts.map +1 -1
- package/dist/redirect-bridge/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
- package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
- package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
- package/dist/redirect-bridge/protocol/Authorize.d.ts +33 -0
- package/dist/redirect-bridge/protocol/Authorize.d.ts.map +1 -1
- package/dist/redirect-bridge/redirect_bridge/index.mjs +1 -1
- package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/dist/redirect-bridge/utils/BrowserConstants.mjs +1 -1
- package/dist/redirect-bridge/utils/BrowserUtils.d.ts +2 -2
- package/dist/redirect-bridge/utils/BrowserUtils.d.ts.map +1 -1
- package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
- package/dist/redirect-bridge/utils/BrowserUtils.mjs.map +1 -1
- package/dist/redirect-bridge/utils/MsalFrameStatsUtils.d.ts +10 -0
- package/dist/redirect-bridge/utils/MsalFrameStatsUtils.d.ts.map +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +5 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.d.ts +2 -2
- package/dist/utils/BrowserUtils.d.ts.map +1 -1
- package/dist/utils/BrowserUtils.mjs +12 -2
- package/dist/utils/BrowserUtils.mjs.map +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.d.ts +10 -0
- package/dist/utils/MsalFrameStatsUtils.d.ts.map +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +18 -2
- package/dist/utils/MsalFrameStatsUtils.mjs.map +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +19 -7
- package/lib/custom-auth-path/msal-custom-auth.cjs +264 -96
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
- package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
- package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
- package/lib/custom-auth-path/types/cache/AccountManager.d.ts.map +1 -1
- package/lib/custom-auth-path/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/lib/custom-auth-path/types/config/Configuration.d.ts +4 -0
- package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
- package/lib/custom-auth-path/types/controllers/NestedAppAuthController.d.ts.map +1 -1
- package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/lib/custom-auth-path/types/index.d.ts +1 -1
- package/lib/custom-auth-path/types/index.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/naa/TokenRequest.d.ts +1 -0
- package/lib/custom-auth-path/types/naa/TokenRequest.d.ts.map +1 -1
- package/lib/custom-auth-path/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
- package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
- package/lib/custom-auth-path/types/protocol/Authorize.d.ts +33 -0
- package/lib/custom-auth-path/types/protocol/Authorize.d.ts.map +1 -1
- package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts +2 -2
- package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts.map +1 -1
- package/lib/custom-auth-path/types/utils/MsalFrameStatsUtils.d.ts +10 -0
- package/lib/custom-auth-path/types/utils/MsalFrameStatsUtils.d.ts.map +1 -1
- package/lib/log-strings-mapping.json +23 -11
- package/lib/msal-browser.cjs +302 -100
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +302 -100
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
- package/lib/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
- package/lib/types/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
- package/lib/types/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
- package/lib/types/cache/AccountManager.d.ts.map +1 -1
- package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/lib/types/config/Configuration.d.ts +4 -0
- package/lib/types/config/Configuration.d.ts.map +1 -1
- package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
- package/lib/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/lib/types/index.d.ts +1 -1
- package/lib/types/index.d.ts.map +1 -1
- package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
- package/lib/types/naa/TokenRequest.d.ts +1 -0
- package/lib/types/naa/TokenRequest.d.ts.map +1 -1
- package/lib/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/protocol/Authorize.d.ts +33 -0
- package/lib/types/protocol/Authorize.d.ts.map +1 -1
- package/lib/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/lib/types/utils/BrowserUtils.d.ts +2 -2
- package/lib/types/utils/BrowserUtils.d.ts.map +1 -1
- package/lib/types/utils/MsalFrameStatsUtils.d.ts +10 -0
- package/lib/types/utils/MsalFrameStatsUtils.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/broker/nativeBroker/PlatformAuthDOMHandler.ts +34 -17
- package/src/broker/nativeBroker/PlatformAuthRequest.ts +1 -0
- package/src/cache/AccountManager.ts +0 -5
- package/src/cache/BrowserCacheManager.ts +4 -0
- package/src/config/Configuration.ts +5 -0
- package/src/controllers/NestedAppAuthController.ts +14 -0
- package/src/controllers/StandardController.ts +13 -6
- package/src/index.ts +1 -0
- package/src/interaction_client/PlatformAuthInteractionClient.ts +1 -0
- package/src/interaction_client/PopupClient.ts +8 -4
- package/src/interaction_client/SilentIframeClient.ts +4 -2
- package/src/interaction_client/StandardInteractionClient.ts +11 -0
- package/src/naa/TokenRequest.ts +1 -0
- package/src/naa/mapping/NestedAppAuthAdapter.ts +1 -0
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +100 -0
- package/src/telemetry/BrowserPerformanceClient.ts +4 -0
- package/src/utils/BrowserUtils.ts +24 -1
- package/src/utils/MsalFrameStatsUtils.ts +27 -0
package/lib/msal-browser.cjs
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.
|
|
1
|
+
/*! @azure/msal-browser v5.6.0 2026-03-18 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
5
|
-
/*! @azure/msal-common v16.
|
|
5
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
6
6
|
/*
|
|
7
7
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8
8
|
* Licensed under the MIT License.
|
|
@@ -234,7 +234,7 @@ const JsonWebTokenTypes$1 = {
|
|
|
234
234
|
// Token renewal offset default in seconds
|
|
235
235
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
236
236
|
|
|
237
|
-
/*! @azure/msal-common v16.
|
|
237
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
238
238
|
/*
|
|
239
239
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
240
240
|
* Licensed under the MIT License.
|
|
@@ -282,9 +282,11 @@ const BROKER_CLIENT_ID = "brk_client_id";
|
|
|
282
282
|
const BROKER_REDIRECT_URI = "brk_redirect_uri";
|
|
283
283
|
const INSTANCE_AWARE = "instance_aware";
|
|
284
284
|
const EAR_JWK = "ear_jwk";
|
|
285
|
-
const EAR_JWE_CRYPTO = "ear_jwe_crypto";
|
|
285
|
+
const EAR_JWE_CRYPTO = "ear_jwe_crypto";
|
|
286
|
+
const RESOURCE = "resource";
|
|
287
|
+
const CLI_DATA = "clidata";
|
|
286
288
|
|
|
287
|
-
/*! @azure/msal-common v16.
|
|
289
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
288
290
|
/*
|
|
289
291
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
290
292
|
* Licensed under the MIT License.
|
|
@@ -315,7 +317,7 @@ function createAuthError(code, additionalMessage) {
|
|
|
315
317
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
316
318
|
}
|
|
317
319
|
|
|
318
|
-
/*! @azure/msal-common v16.
|
|
320
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
319
321
|
|
|
320
322
|
/*
|
|
321
323
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -335,7 +337,7 @@ function createClientConfigurationError(errorCode) {
|
|
|
335
337
|
return new ClientConfigurationError(errorCode);
|
|
336
338
|
}
|
|
337
339
|
|
|
338
|
-
/*! @azure/msal-common v16.
|
|
340
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
339
341
|
/*
|
|
340
342
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
341
343
|
* Licensed under the MIT License.
|
|
@@ -415,7 +417,7 @@ class StringUtils {
|
|
|
415
417
|
}
|
|
416
418
|
}
|
|
417
419
|
|
|
418
|
-
/*! @azure/msal-common v16.
|
|
420
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
419
421
|
|
|
420
422
|
/*
|
|
421
423
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -438,7 +440,7 @@ function createClientAuthError(errorCode, additionalMessage) {
|
|
|
438
440
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
439
441
|
}
|
|
440
442
|
|
|
441
|
-
/*! @azure/msal-common v16.
|
|
443
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
442
444
|
/*
|
|
443
445
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
444
446
|
* Licensed under the MIT License.
|
|
@@ -492,7 +494,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
492
494
|
urlParseError: urlParseError
|
|
493
495
|
});
|
|
494
496
|
|
|
495
|
-
/*! @azure/msal-common v16.
|
|
497
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
496
498
|
/*
|
|
497
499
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
498
500
|
* Licensed under the MIT License.
|
|
@@ -533,7 +535,9 @@ const noNetworkConnectivity$1 = "no_network_connectivity";
|
|
|
533
535
|
const userCanceled = "user_canceled";
|
|
534
536
|
const methodNotImplemented = "method_not_implemented";
|
|
535
537
|
const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled";
|
|
536
|
-
const platformBrokerError = "platform_broker_error";
|
|
538
|
+
const platformBrokerError = "platform_broker_error";
|
|
539
|
+
const resourceParameterRequired = "resource_parameter_required";
|
|
540
|
+
const misplacedResourceParam = "misplaced_resource_parameter";
|
|
537
541
|
|
|
538
542
|
var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
539
543
|
__proto__: null,
|
|
@@ -554,6 +558,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
554
558
|
keyIdMissing: keyIdMissing,
|
|
555
559
|
maxAgeTranspired: maxAgeTranspired,
|
|
556
560
|
methodNotImplemented: methodNotImplemented,
|
|
561
|
+
misplacedResourceParam: misplacedResourceParam,
|
|
557
562
|
multipleMatchingAppMetadata: multipleMatchingAppMetadata,
|
|
558
563
|
multipleMatchingTokens: multipleMatchingTokens,
|
|
559
564
|
nestedAppAuthBridgeDisabled: nestedAppAuthBridgeDisabled,
|
|
@@ -567,6 +572,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
567
572
|
openIdConfigError: openIdConfigError,
|
|
568
573
|
platformBrokerError: platformBrokerError,
|
|
569
574
|
requestCannotBeMade: requestCannotBeMade,
|
|
575
|
+
resourceParameterRequired: resourceParameterRequired,
|
|
570
576
|
stateMismatch: stateMismatch,
|
|
571
577
|
stateNotFound: stateNotFound,
|
|
572
578
|
tokenClaimsCnfRequiredForSignedJwt: tokenClaimsCnfRequiredForSignedJwt,
|
|
@@ -576,7 +582,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
576
582
|
userCanceled: userCanceled
|
|
577
583
|
});
|
|
578
584
|
|
|
579
|
-
/*! @azure/msal-common v16.
|
|
585
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
580
586
|
|
|
581
587
|
/*
|
|
582
588
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -771,7 +777,7 @@ class ScopeSet {
|
|
|
771
777
|
}
|
|
772
778
|
}
|
|
773
779
|
|
|
774
|
-
/*! @azure/msal-common v16.
|
|
780
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
775
781
|
|
|
776
782
|
/*
|
|
777
783
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1037,6 +1043,12 @@ function addGrantType(parameters, grantType) {
|
|
|
1037
1043
|
function addClientInfo(parameters) {
|
|
1038
1044
|
parameters.set(CLIENT_INFO, "1");
|
|
1039
1045
|
}
|
|
1046
|
+
/**
|
|
1047
|
+
* add clidata=1 to request to indicate client data support
|
|
1048
|
+
*/
|
|
1049
|
+
function addCliData(parameters) {
|
|
1050
|
+
parameters.set(CLI_DATA, "1");
|
|
1051
|
+
}
|
|
1040
1052
|
function addInstanceAware(parameters) {
|
|
1041
1053
|
if (!parameters.has(INSTANCE_AWARE)) {
|
|
1042
1054
|
parameters.set(INSTANCE_AWARE, "true");
|
|
@@ -1136,9 +1148,14 @@ function addEARParameters(parameters, jwk) {
|
|
|
1136
1148
|
// ear_jwe_crypto will always have value: {"alg":"dir","enc":"A256GCM"} so we can hardcode this
|
|
1137
1149
|
const jweCryptoB64Encoded = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0";
|
|
1138
1150
|
parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
|
|
1151
|
+
}
|
|
1152
|
+
function addResource(parameters, resource) {
|
|
1153
|
+
if (resource) {
|
|
1154
|
+
parameters.set(RESOURCE, resource);
|
|
1155
|
+
}
|
|
1139
1156
|
}
|
|
1140
1157
|
|
|
1141
|
-
/*! @azure/msal-common v16.
|
|
1158
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
1142
1159
|
|
|
1143
1160
|
/*
|
|
1144
1161
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1247,7 +1264,7 @@ function normalizeUrlForComparison(url) {
|
|
|
1247
1264
|
}
|
|
1248
1265
|
}
|
|
1249
1266
|
|
|
1250
|
-
/*! @azure/msal-common v16.
|
|
1267
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
1251
1268
|
|
|
1252
1269
|
/*
|
|
1253
1270
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1286,7 +1303,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
|
|
|
1286
1303
|
},
|
|
1287
1304
|
};
|
|
1288
1305
|
|
|
1289
|
-
/*! @azure/msal-common v16.
|
|
1306
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
1290
1307
|
/*
|
|
1291
1308
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1292
1309
|
* Licensed under the MIT License.
|
|
@@ -1561,12 +1578,12 @@ class Logger {
|
|
|
1561
1578
|
}
|
|
1562
1579
|
}
|
|
1563
1580
|
|
|
1564
|
-
/*! @azure/msal-common v16.
|
|
1581
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
1565
1582
|
/* eslint-disable header/header */
|
|
1566
1583
|
const name$1 = "@azure/msal-common";
|
|
1567
|
-
const version$1 = "16.
|
|
1584
|
+
const version$1 = "16.4.0";
|
|
1568
1585
|
|
|
1569
|
-
/*! @azure/msal-common v16.
|
|
1586
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
1570
1587
|
/*
|
|
1571
1588
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1572
1589
|
* Licensed under the MIT License.
|
|
@@ -1586,7 +1603,7 @@ const AzureCloudInstance = {
|
|
|
1586
1603
|
AzureUsGovernment: "https://login.microsoftonline.us",
|
|
1587
1604
|
};
|
|
1588
1605
|
|
|
1589
|
-
/*! @azure/msal-common v16.
|
|
1606
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
1590
1607
|
/*
|
|
1591
1608
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1592
1609
|
* Licensed under the MIT License.
|
|
@@ -1668,7 +1685,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
|
|
|
1668
1685
|
return updatedAccountInfo;
|
|
1669
1686
|
}
|
|
1670
1687
|
|
|
1671
|
-
/*! @azure/msal-common v16.
|
|
1688
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
1672
1689
|
|
|
1673
1690
|
/*
|
|
1674
1691
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1748,7 +1765,7 @@ function checkMaxAge(authTime, maxAge) {
|
|
|
1748
1765
|
}
|
|
1749
1766
|
}
|
|
1750
1767
|
|
|
1751
|
-
/*! @azure/msal-common v16.
|
|
1768
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
1752
1769
|
|
|
1753
1770
|
/*
|
|
1754
1771
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1905,7 +1922,7 @@ class UrlString {
|
|
|
1905
1922
|
}
|
|
1906
1923
|
}
|
|
1907
1924
|
|
|
1908
|
-
/*! @azure/msal-common v16.
|
|
1925
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
1909
1926
|
|
|
1910
1927
|
/*
|
|
1911
1928
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2062,7 +2079,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
2062
2079
|
return null;
|
|
2063
2080
|
}
|
|
2064
2081
|
|
|
2065
|
-
/*! @azure/msal-common v16.
|
|
2082
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
2066
2083
|
/*
|
|
2067
2084
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2068
2085
|
* Licensed under the MIT License.
|
|
@@ -2070,7 +2087,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
2070
2087
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
2071
2088
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
2072
2089
|
|
|
2073
|
-
/*! @azure/msal-common v16.
|
|
2090
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
2074
2091
|
|
|
2075
2092
|
/*
|
|
2076
2093
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2108,7 +2125,7 @@ function createCacheError(e) {
|
|
|
2108
2125
|
}
|
|
2109
2126
|
}
|
|
2110
2127
|
|
|
2111
|
-
/*! @azure/msal-common v16.
|
|
2128
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
2112
2129
|
|
|
2113
2130
|
/*
|
|
2114
2131
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2146,7 +2163,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
|
|
|
2146
2163
|
};
|
|
2147
2164
|
}
|
|
2148
2165
|
|
|
2149
|
-
/*! @azure/msal-common v16.
|
|
2166
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
2150
2167
|
/*
|
|
2151
2168
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2152
2169
|
* Licensed under the MIT License.
|
|
@@ -2161,7 +2178,7 @@ const AuthorityType = {
|
|
|
2161
2178
|
Ciam: 3,
|
|
2162
2179
|
};
|
|
2163
2180
|
|
|
2164
|
-
/*! @azure/msal-common v16.
|
|
2181
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
2165
2182
|
/*
|
|
2166
2183
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2167
2184
|
* Licensed under the MIT License.
|
|
@@ -2183,7 +2200,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
|
|
|
2183
2200
|
return null;
|
|
2184
2201
|
}
|
|
2185
2202
|
|
|
2186
|
-
/*! @azure/msal-common v16.
|
|
2203
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
2187
2204
|
/*
|
|
2188
2205
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2189
2206
|
* Licensed under the MIT License.
|
|
@@ -2207,7 +2224,7 @@ const ProtocolMode = {
|
|
|
2207
2224
|
EAR: "EAR",
|
|
2208
2225
|
};
|
|
2209
2226
|
|
|
2210
|
-
/*! @azure/msal-common v16.
|
|
2227
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
2211
2228
|
/**
|
|
2212
2229
|
* Returns the AccountInfo interface for this account.
|
|
2213
2230
|
*/
|
|
@@ -2382,7 +2399,7 @@ function isAccountEntity(entity) {
|
|
|
2382
2399
|
entity.hasOwnProperty("authorityType"));
|
|
2383
2400
|
}
|
|
2384
2401
|
|
|
2385
|
-
/*! @azure/msal-common v16.
|
|
2402
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
2386
2403
|
|
|
2387
2404
|
/*
|
|
2388
2405
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2412,6 +2429,11 @@ class CacheManager {
|
|
|
2412
2429
|
* Gets first tenanted AccountInfo object found based on provided filters
|
|
2413
2430
|
*/
|
|
2414
2431
|
getAccountInfoFilteredBy(accountFilter, correlationId) {
|
|
2432
|
+
if (Object.keys(accountFilter).length === 0 ||
|
|
2433
|
+
Object.values(accountFilter).every((value) => value === null || value === undefined || value === "")) {
|
|
2434
|
+
this.commonLogger.warning("1skb02", correlationId);
|
|
2435
|
+
return null;
|
|
2436
|
+
}
|
|
2415
2437
|
const allAccounts = this.getAllAccounts(accountFilter, correlationId);
|
|
2416
2438
|
if (allAccounts.length > 1) {
|
|
2417
2439
|
// If one or more accounts are found, prioritize accounts that have an ID token
|
|
@@ -3479,7 +3501,7 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3479
3501
|
}
|
|
3480
3502
|
}
|
|
3481
3503
|
|
|
3482
|
-
/*! @azure/msal-common v16.
|
|
3504
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
3483
3505
|
/*
|
|
3484
3506
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3485
3507
|
* Licensed under the MIT License.
|
|
@@ -3524,9 +3546,12 @@ const IntFields = new Set([
|
|
|
3524
3546
|
"currRefreshCount",
|
|
3525
3547
|
"expiredCacheRemovedCount",
|
|
3526
3548
|
"upgradedCacheCount",
|
|
3549
|
+
"networkRtt",
|
|
3550
|
+
"redirectBridgeTimeoutMs",
|
|
3551
|
+
"redirectBridgeMessageVersion",
|
|
3527
3552
|
]);
|
|
3528
3553
|
|
|
3529
|
-
/*! @azure/msal-common v16.
|
|
3554
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
3530
3555
|
|
|
3531
3556
|
/*
|
|
3532
3557
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3581,7 +3606,7 @@ class StubPerformanceClient {
|
|
|
3581
3606
|
}
|
|
3582
3607
|
}
|
|
3583
3608
|
|
|
3584
|
-
/*! @azure/msal-common v16.
|
|
3609
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
3585
3610
|
|
|
3586
3611
|
/*
|
|
3587
3612
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3664,6 +3689,7 @@ function buildAuthOptions(authOptions) {
|
|
|
3664
3689
|
clientCapabilities: [],
|
|
3665
3690
|
azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS,
|
|
3666
3691
|
instanceAware: false,
|
|
3692
|
+
isMcp: false,
|
|
3667
3693
|
...authOptions,
|
|
3668
3694
|
};
|
|
3669
3695
|
}
|
|
@@ -3675,7 +3701,7 @@ function isOidcProtocolMode(config) {
|
|
|
3675
3701
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3676
3702
|
}
|
|
3677
3703
|
|
|
3678
|
-
/*! @azure/msal-common v16.
|
|
3704
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
3679
3705
|
|
|
3680
3706
|
/*
|
|
3681
3707
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3694,7 +3720,7 @@ class ServerError extends AuthError {
|
|
|
3694
3720
|
}
|
|
3695
3721
|
}
|
|
3696
3722
|
|
|
3697
|
-
/*! @azure/msal-common v16.
|
|
3723
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
3698
3724
|
/*
|
|
3699
3725
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3700
3726
|
* Licensed under the MIT License.
|
|
@@ -3758,7 +3784,7 @@ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
3758
3784
|
uxNotAllowed: uxNotAllowed
|
|
3759
3785
|
});
|
|
3760
3786
|
|
|
3761
|
-
/*! @azure/msal-common v16.
|
|
3787
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
3762
3788
|
|
|
3763
3789
|
/*
|
|
3764
3790
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3826,7 +3852,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
|
|
|
3826
3852
|
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
3827
3853
|
}
|
|
3828
3854
|
|
|
3829
|
-
/*! @azure/msal-common v16.
|
|
3855
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
3830
3856
|
|
|
3831
3857
|
/*
|
|
3832
3858
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3894,7 +3920,7 @@ function parseRequestState(base64Decode, state) {
|
|
|
3894
3920
|
}
|
|
3895
3921
|
}
|
|
3896
3922
|
|
|
3897
|
-
/*! @azure/msal-common v16.
|
|
3923
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
3898
3924
|
/*
|
|
3899
3925
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3900
3926
|
* Licensed under the MIT License.
|
|
@@ -3959,7 +3985,7 @@ function wasClockTurnedBack(cachedAt) {
|
|
|
3959
3985
|
return cachedAtSec > nowSeconds();
|
|
3960
3986
|
}
|
|
3961
3987
|
|
|
3962
|
-
/*! @azure/msal-common v16.
|
|
3988
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
3963
3989
|
/*
|
|
3964
3990
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3965
3991
|
* Licensed under the MIT License.
|
|
@@ -4030,7 +4056,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
|
|
|
4030
4056
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
4031
4057
|
const SetUserData = "setUserData";
|
|
4032
4058
|
|
|
4033
|
-
/*! @azure/msal-common v16.
|
|
4059
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
4034
4060
|
/*
|
|
4035
4061
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4036
4062
|
* Licensed under the MIT License.
|
|
@@ -4123,7 +4149,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
|
|
|
4123
4149
|
};
|
|
4124
4150
|
};
|
|
4125
4151
|
|
|
4126
|
-
/*! @azure/msal-common v16.
|
|
4152
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
4127
4153
|
|
|
4128
4154
|
/*
|
|
4129
4155
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4203,7 +4229,7 @@ class PopTokenGenerator {
|
|
|
4203
4229
|
}
|
|
4204
4230
|
}
|
|
4205
4231
|
|
|
4206
|
-
/*! @azure/msal-common v16.
|
|
4232
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
4207
4233
|
/*
|
|
4208
4234
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4209
4235
|
* Licensed under the MIT License.
|
|
@@ -4230,7 +4256,7 @@ class PopTokenGenerator {
|
|
|
4230
4256
|
}
|
|
4231
4257
|
}
|
|
4232
4258
|
|
|
4233
|
-
/*! @azure/msal-common v16.
|
|
4259
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
4234
4260
|
|
|
4235
4261
|
/*
|
|
4236
4262
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4489,7 +4515,7 @@ function isAuthorityMetadataExpired(metadata) {
|
|
|
4489
4515
|
return metadata.expiresAt <= nowSeconds();
|
|
4490
4516
|
}
|
|
4491
4517
|
|
|
4492
|
-
/*! @azure/msal-common v16.
|
|
4518
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
4493
4519
|
|
|
4494
4520
|
/*
|
|
4495
4521
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4674,6 +4700,11 @@ class ResponseHandler {
|
|
|
4674
4700
|
: undefined;
|
|
4675
4701
|
// non AAD scenarios can have empty realm
|
|
4676
4702
|
cachedAccessToken = createAccessTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.access_token, this.clientId, claimsTenantId || authority.tenant || "", responseScopes.printScopes(), tokenExpirationSeconds, extendedTokenExpirationSeconds, this.cryptoObj.base64Decode, refreshOnSeconds, serverTokenResponse.token_type, userAssertionHash, serverTokenResponse.key_id);
|
|
4703
|
+
// Set resource (to be used for MCP scenarios)
|
|
4704
|
+
const resource = request.resource || null;
|
|
4705
|
+
if (resource) {
|
|
4706
|
+
cachedAccessToken.resource = resource;
|
|
4707
|
+
}
|
|
4677
4708
|
}
|
|
4678
4709
|
// refreshToken
|
|
4679
4710
|
let cachedRefreshToken = null;
|
|
@@ -4825,7 +4856,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
|
|
|
4825
4856
|
return baseAccount;
|
|
4826
4857
|
}
|
|
4827
4858
|
|
|
4828
|
-
/*! @azure/msal-common v16.
|
|
4859
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
4829
4860
|
/*
|
|
4830
4861
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4831
4862
|
* Licensed under the MIT License.
|
|
@@ -4835,7 +4866,7 @@ const CcsCredentialType = {
|
|
|
4835
4866
|
UPN: "UPN",
|
|
4836
4867
|
};
|
|
4837
4868
|
|
|
4838
|
-
/*! @azure/msal-common v16.
|
|
4869
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
4839
4870
|
/*
|
|
4840
4871
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4841
4872
|
* Licensed under the MIT License.
|
|
@@ -4853,7 +4884,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
|
|
|
4853
4884
|
}
|
|
4854
4885
|
}
|
|
4855
4886
|
|
|
4856
|
-
/*! @azure/msal-common v16.
|
|
4887
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
4857
4888
|
/*
|
|
4858
4889
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4859
4890
|
* Licensed under the MIT License.
|
|
@@ -4874,7 +4905,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
|
|
|
4874
4905
|
};
|
|
4875
4906
|
}
|
|
4876
4907
|
|
|
4877
|
-
/*! @azure/msal-common v16.
|
|
4908
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
4878
4909
|
|
|
4879
4910
|
/*
|
|
4880
4911
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4960,7 +4991,7 @@ class ThrottlingUtils {
|
|
|
4960
4991
|
}
|
|
4961
4992
|
}
|
|
4962
4993
|
|
|
4963
|
-
/*! @azure/msal-common v16.
|
|
4994
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
4964
4995
|
|
|
4965
4996
|
/*
|
|
4966
4997
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4991,7 +5022,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
|
|
|
4991
5022
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
4992
5023
|
}
|
|
4993
5024
|
|
|
4994
|
-
/*! @azure/msal-common v16.
|
|
5025
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
4995
5026
|
|
|
4996
5027
|
/*
|
|
4997
5028
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5105,7 +5136,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
|
|
|
5105
5136
|
return response;
|
|
5106
5137
|
}
|
|
5107
5138
|
|
|
5108
|
-
/*! @azure/msal-common v16.
|
|
5139
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
5109
5140
|
/*
|
|
5110
5141
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5111
5142
|
* Licensed under the MIT License.
|
|
@@ -5117,7 +5148,7 @@ function isOpenIdConfigResponse(response) {
|
|
|
5117
5148
|
response.hasOwnProperty("jwks_uri"));
|
|
5118
5149
|
}
|
|
5119
5150
|
|
|
5120
|
-
/*! @azure/msal-common v16.
|
|
5151
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
5121
5152
|
/*
|
|
5122
5153
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5123
5154
|
* Licensed under the MIT License.
|
|
@@ -5127,7 +5158,7 @@ function isCloudInstanceDiscoveryResponse(response) {
|
|
|
5127
5158
|
response.hasOwnProperty("metadata"));
|
|
5128
5159
|
}
|
|
5129
5160
|
|
|
5130
|
-
/*! @azure/msal-common v16.
|
|
5161
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
5131
5162
|
/*
|
|
5132
5163
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5133
5164
|
* Licensed under the MIT License.
|
|
@@ -5137,7 +5168,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
|
|
|
5137
5168
|
response.hasOwnProperty("error_description"));
|
|
5138
5169
|
}
|
|
5139
5170
|
|
|
5140
|
-
/*! @azure/msal-common v16.
|
|
5171
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
5141
5172
|
|
|
5142
5173
|
/*
|
|
5143
5174
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5242,7 +5273,7 @@ RegionDiscovery.IMDS_OPTIONS = {
|
|
|
5242
5273
|
},
|
|
5243
5274
|
};
|
|
5244
5275
|
|
|
5245
|
-
/*! @azure/msal-common v16.
|
|
5276
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
5246
5277
|
|
|
5247
5278
|
/*
|
|
5248
5279
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6062,7 +6093,7 @@ function buildStaticAuthorityOptions(authOptions) {
|
|
|
6062
6093
|
};
|
|
6063
6094
|
}
|
|
6064
6095
|
|
|
6065
|
-
/*! @azure/msal-common v16.
|
|
6096
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
6066
6097
|
|
|
6067
6098
|
/*
|
|
6068
6099
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6096,7 +6127,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
|
|
|
6096
6127
|
}
|
|
6097
6128
|
}
|
|
6098
6129
|
|
|
6099
|
-
/*! @azure/msal-common v16.
|
|
6130
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
6100
6131
|
|
|
6101
6132
|
/*
|
|
6102
6133
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6216,6 +6247,7 @@ class AuthorizationCodeClient {
|
|
|
6216
6247
|
}
|
|
6217
6248
|
// Add scope array, parameter builder will add default scopes and dedupe
|
|
6218
6249
|
addScopes(parameters, request.scopes, true, this.oidcDefaultScopes);
|
|
6250
|
+
addResource(parameters, request.resource);
|
|
6219
6251
|
// add code: user set, not validated
|
|
6220
6252
|
addAuthorizationCode(parameters, request.code);
|
|
6221
6253
|
// Add library metadata
|
|
@@ -6356,7 +6388,7 @@ class AuthorizationCodeClient {
|
|
|
6356
6388
|
}
|
|
6357
6389
|
}
|
|
6358
6390
|
|
|
6359
|
-
/*! @azure/msal-common v16.
|
|
6391
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
6360
6392
|
|
|
6361
6393
|
/*
|
|
6362
6394
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6581,7 +6613,7 @@ class RefreshTokenClient {
|
|
|
6581
6613
|
}
|
|
6582
6614
|
}
|
|
6583
6615
|
|
|
6584
|
-
/*! @azure/msal-common v16.
|
|
6616
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
6585
6617
|
|
|
6586
6618
|
/*
|
|
6587
6619
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6637,6 +6669,13 @@ class SilentFlowClient {
|
|
|
6637
6669
|
this.setCacheOutcome(CacheOutcome.CACHED_ACCESS_TOKEN_EXPIRED, request.correlationId);
|
|
6638
6670
|
throw createClientAuthError(tokenRefreshRequired);
|
|
6639
6671
|
}
|
|
6672
|
+
else if (request.resource) {
|
|
6673
|
+
// cached access token must have a resource that matches the request resource for MCP scenarios
|
|
6674
|
+
if (cachedAccessToken.resource !== request.resource) {
|
|
6675
|
+
this.setCacheOutcome(CacheOutcome.NO_CACHED_ACCESS_TOKEN, request.correlationId);
|
|
6676
|
+
throw createClientAuthError(tokenRefreshRequired);
|
|
6677
|
+
}
|
|
6678
|
+
}
|
|
6640
6679
|
else if (cachedAccessToken.refreshOn &&
|
|
6641
6680
|
isTokenExpired(cachedAccessToken.refreshOn, 0)) {
|
|
6642
6681
|
// must refresh (in the background) due to the refresh_in value
|
|
@@ -6690,7 +6729,7 @@ class SilentFlowClient {
|
|
|
6690
6729
|
}
|
|
6691
6730
|
}
|
|
6692
6731
|
|
|
6693
|
-
/*! @azure/msal-common v16.
|
|
6732
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
6694
6733
|
|
|
6695
6734
|
/*
|
|
6696
6735
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6705,7 +6744,7 @@ const StubbedNetworkModule = {
|
|
|
6705
6744
|
},
|
|
6706
6745
|
};
|
|
6707
6746
|
|
|
6708
|
-
/*! @azure/msal-common v16.
|
|
6747
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
6709
6748
|
|
|
6710
6749
|
/*
|
|
6711
6750
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6731,12 +6770,15 @@ function getStandardAuthorizeRequestParameters(authOptions, request, logger, per
|
|
|
6731
6770
|
...(request.extraScopesToConsent || []),
|
|
6732
6771
|
];
|
|
6733
6772
|
addScopes(parameters, requestScopes, true, authOptions.authority.options.OIDCOptions?.defaultScopes);
|
|
6773
|
+
addResource(parameters, request.resource);
|
|
6734
6774
|
addRedirectUri(parameters, request.redirectUri);
|
|
6735
6775
|
addCorrelationId(parameters, correlationId);
|
|
6736
6776
|
// add response_mode. If not passed in it defaults to query.
|
|
6737
6777
|
addResponseMode(parameters, request.responseMode);
|
|
6738
6778
|
// add client_info=1
|
|
6739
6779
|
addClientInfo(parameters);
|
|
6780
|
+
// add clidata=1
|
|
6781
|
+
addCliData(parameters);
|
|
6740
6782
|
if (request.prompt) {
|
|
6741
6783
|
addPrompt(parameters, request.prompt);
|
|
6742
6784
|
performanceClient?.addFields({ prompt: request.prompt }, correlationId);
|
|
@@ -6929,7 +6971,40 @@ function extractLoginHint(account) {
|
|
|
6929
6971
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
6930
6972
|
}
|
|
6931
6973
|
|
|
6932
|
-
/*! @azure/msal-common v16.
|
|
6974
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
6975
|
+
|
|
6976
|
+
/*
|
|
6977
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6978
|
+
* Licensed under the MIT License.
|
|
6979
|
+
*/
|
|
6980
|
+
/**
|
|
6981
|
+
* Helper to enforce resource parameter presence in token requests when isMcp is set in the configuration.
|
|
6982
|
+
* If resource parameter is set in both the request and in extraQueryParameters or extraParameters, an error will be thrown.
|
|
6983
|
+
* This is used for MCP flows.
|
|
6984
|
+
* @param isMcp - Flag indicating if application is an MCP app, from configuration
|
|
6985
|
+
* @param request - Auth request
|
|
6986
|
+
*/
|
|
6987
|
+
function enforceResourceParameter(isMcp, request) {
|
|
6988
|
+
if (!isMcp) {
|
|
6989
|
+
return;
|
|
6990
|
+
}
|
|
6991
|
+
if (request.resource &&
|
|
6992
|
+
(containsResourceParam(request.extraParameters) ||
|
|
6993
|
+
containsResourceParam(request.extraQueryParameters))) {
|
|
6994
|
+
throw createClientAuthError(misplacedResourceParam);
|
|
6995
|
+
}
|
|
6996
|
+
if (!request.resource) {
|
|
6997
|
+
throw createClientAuthError(resourceParameterRequired);
|
|
6998
|
+
}
|
|
6999
|
+
}
|
|
7000
|
+
function containsResourceParam(params) {
|
|
7001
|
+
if (!params) {
|
|
7002
|
+
return false;
|
|
7003
|
+
}
|
|
7004
|
+
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
7005
|
+
}
|
|
7006
|
+
|
|
7007
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
6933
7008
|
|
|
6934
7009
|
/*
|
|
6935
7010
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6987,7 +7062,7 @@ class AuthenticationHeaderParser {
|
|
|
6987
7062
|
}
|
|
6988
7063
|
}
|
|
6989
7064
|
|
|
6990
|
-
/*! @azure/msal-common v16.
|
|
7065
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
6991
7066
|
/*
|
|
6992
7067
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6993
7068
|
* Licensed under the MIT License.
|
|
@@ -7004,7 +7079,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
7004
7079
|
unexpectedError: unexpectedError
|
|
7005
7080
|
});
|
|
7006
7081
|
|
|
7007
|
-
/*! @azure/msal-common v16.
|
|
7082
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
7008
7083
|
|
|
7009
7084
|
/*
|
|
7010
7085
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7265,7 +7340,7 @@ class ServerTelemetryManager {
|
|
|
7265
7340
|
}
|
|
7266
7341
|
}
|
|
7267
7342
|
|
|
7268
|
-
/*! @azure/msal-common v16.
|
|
7343
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
7269
7344
|
|
|
7270
7345
|
/*
|
|
7271
7346
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7286,7 +7361,7 @@ function createJoseHeaderError(code) {
|
|
|
7286
7361
|
return new JoseHeaderError(code);
|
|
7287
7362
|
}
|
|
7288
7363
|
|
|
7289
|
-
/*! @azure/msal-common v16.
|
|
7364
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
7290
7365
|
/*
|
|
7291
7366
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7292
7367
|
* Licensed under the MIT License.
|
|
@@ -7294,7 +7369,7 @@ function createJoseHeaderError(code) {
|
|
|
7294
7369
|
const missingKidError = "missing_kid_error";
|
|
7295
7370
|
const missingAlgError = "missing_alg_error";
|
|
7296
7371
|
|
|
7297
|
-
/*! @azure/msal-common v16.
|
|
7372
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
7298
7373
|
|
|
7299
7374
|
/*
|
|
7300
7375
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7334,7 +7409,7 @@ class JoseHeader {
|
|
|
7334
7409
|
}
|
|
7335
7410
|
}
|
|
7336
7411
|
|
|
7337
|
-
/*! @azure/msal-common v16.
|
|
7412
|
+
/*! @azure/msal-common v16.4.0 2026-03-18 */
|
|
7338
7413
|
|
|
7339
7414
|
/*
|
|
7340
7415
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7430,8 +7505,10 @@ function addError(error, logger, event, stackMaxSize = 5) {
|
|
|
7430
7505
|
else if (error instanceof AuthError) {
|
|
7431
7506
|
event.errorCode = error.errorCode;
|
|
7432
7507
|
event.subErrorCode = error.subError;
|
|
7433
|
-
if (
|
|
7434
|
-
error instanceof
|
|
7508
|
+
if (!event.serverErrorNo &&
|
|
7509
|
+
(error instanceof ServerError ||
|
|
7510
|
+
error instanceof InteractionRequiredAuthError) &&
|
|
7511
|
+
error.errorNo) {
|
|
7435
7512
|
event.serverErrorNo = error.errorNo;
|
|
7436
7513
|
}
|
|
7437
7514
|
return;
|
|
@@ -8768,9 +8845,13 @@ function cancelPendingBridgeResponse(logger, correlationId) {
|
|
|
8768
8845
|
activeBridgeMonitor = null;
|
|
8769
8846
|
}
|
|
8770
8847
|
}
|
|
8771
|
-
async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request) {
|
|
8848
|
+
async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient) {
|
|
8772
8849
|
return new Promise((resolve, reject) => {
|
|
8773
8850
|
logger.verbose("1rf6em", request.correlationId);
|
|
8851
|
+
const correlationId = request.correlationId;
|
|
8852
|
+
performanceClient.addFields({
|
|
8853
|
+
redirectBridgeTimeoutMs: timeoutMs,
|
|
8854
|
+
}, correlationId);
|
|
8774
8855
|
const { libraryState } = parseRequestState(browserCrypto.base64Decode, request.state || "");
|
|
8775
8856
|
const channel = new BroadcastChannel(libraryState.id);
|
|
8776
8857
|
let responseString = undefined;
|
|
@@ -8788,6 +8869,12 @@ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request)
|
|
|
8788
8869
|
};
|
|
8789
8870
|
channel.onmessage = (event) => {
|
|
8790
8871
|
responseString = event.data.payload;
|
|
8872
|
+
const messageVersion = event?.data && typeof event.data.v === "number"
|
|
8873
|
+
? event.data.v
|
|
8874
|
+
: undefined;
|
|
8875
|
+
performanceClient.addFields({
|
|
8876
|
+
redirectBridgeMessageVersion: messageVersion,
|
|
8877
|
+
}, correlationId);
|
|
8791
8878
|
// Clear the active monitor
|
|
8792
8879
|
activeBridgeMonitor = null;
|
|
8793
8880
|
clearTimeout(timeoutId);
|
|
@@ -10207,7 +10294,7 @@ const EventType = {
|
|
|
10207
10294
|
|
|
10208
10295
|
/* eslint-disable header/header */
|
|
10209
10296
|
const name = "@azure/msal-browser";
|
|
10210
|
-
const version = "5.
|
|
10297
|
+
const version = "5.6.0";
|
|
10211
10298
|
|
|
10212
10299
|
/*
|
|
10213
10300
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -11522,6 +11609,9 @@ class BrowserCacheManager extends CacheManager {
|
|
|
11522
11609
|
: 0, base64Decode, undefined, // refreshOn
|
|
11523
11610
|
result.tokenType, undefined, // userAssertionHash
|
|
11524
11611
|
request.sshKid);
|
|
11612
|
+
if (request.resource) {
|
|
11613
|
+
accessTokenEntity.resource = request.resource;
|
|
11614
|
+
}
|
|
11525
11615
|
const cacheRecord = {
|
|
11526
11616
|
idToken: idTokenEntity,
|
|
11527
11617
|
accessToken: accessTokenEntity,
|
|
@@ -11607,10 +11697,6 @@ function getAllAccounts(logger, browserStorage, isInBrowser, correlationId, acco
|
|
|
11607
11697
|
*/
|
|
11608
11698
|
function getAccount(accountFilter, logger, browserStorage, correlationId) {
|
|
11609
11699
|
logger.trace("0u7b90", correlationId);
|
|
11610
|
-
if (Object.keys(accountFilter).length === 0) {
|
|
11611
|
-
logger.warning("1kz0cu", correlationId);
|
|
11612
|
-
return null;
|
|
11613
|
-
}
|
|
11614
11700
|
const account = browserStorage.getAccountInfoFilteredBy(accountFilter, correlationId);
|
|
11615
11701
|
if (account) {
|
|
11616
11702
|
logger.verbose("0btgll", correlationId);
|
|
@@ -12074,6 +12160,7 @@ class StandardInteractionClient extends BaseInteractionClient {
|
|
|
12074
12160
|
authority: discoveredAuthority,
|
|
12075
12161
|
clientCapabilities: this.config.auth.clientCapabilities,
|
|
12076
12162
|
redirectUri: this.config.auth.redirectUri,
|
|
12163
|
+
isMcp: this.config.auth.isMcp,
|
|
12077
12164
|
},
|
|
12078
12165
|
systemOptions: {
|
|
12079
12166
|
tokenRenewalOffsetSeconds: this.config.system.tokenRenewalOffsetSeconds,
|
|
@@ -12114,6 +12201,10 @@ class StandardInteractionClient extends BaseInteractionClient {
|
|
|
12114
12201
|
*/
|
|
12115
12202
|
async function initializeAuthorizationRequest(request, interactionType, config, browserCrypto, browserStorage, logger, performanceClient, correlationId) {
|
|
12116
12203
|
const redirectUri = getRedirectUri(request.redirectUri, config.auth.redirectUri, logger, correlationId);
|
|
12204
|
+
if (new URL(redirectUri).origin !== new URL(window.location.href).origin) {
|
|
12205
|
+
logger.warning("08qbvw", correlationId);
|
|
12206
|
+
performanceClient.addFields({ isRedirectUriCrossOrigin: true }, correlationId);
|
|
12207
|
+
}
|
|
12117
12208
|
const browserState = {
|
|
12118
12209
|
interactionType: interactionType,
|
|
12119
12210
|
};
|
|
@@ -12791,6 +12882,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
12791
12882
|
correlationId: this.correlationId,
|
|
12792
12883
|
state: response.state,
|
|
12793
12884
|
fromPlatformBroker: true,
|
|
12885
|
+
...(request.resource && { resource: request.resource }),
|
|
12794
12886
|
};
|
|
12795
12887
|
return result;
|
|
12796
12888
|
}
|
|
@@ -13032,6 +13124,62 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
13032
13124
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
13033
13125
|
* Licensed under the MIT License.
|
|
13034
13126
|
*/
|
|
13127
|
+
const clientDataAccountTypeMapping = new Map([
|
|
13128
|
+
["e", "AAD"],
|
|
13129
|
+
["m", "MSA"],
|
|
13130
|
+
]);
|
|
13131
|
+
/**
|
|
13132
|
+
* Parses the clientdata response parameter from the /authorize endpoint.
|
|
13133
|
+
*
|
|
13134
|
+
* Logically, the clientdata value is URL-encoded and pipe-delimited:
|
|
13135
|
+
* urlencoded(account_type | error | sub_error | cloud_instance | caller_data_boundary)
|
|
13136
|
+
*
|
|
13137
|
+
* In normal browser flows, this value may already have been URL-decoded
|
|
13138
|
+
* (e.g. by URLSearchParams). This function will only apply decodeURIComponent
|
|
13139
|
+
* when the string appears to contain percent-encoded sequences to avoid
|
|
13140
|
+
* double-decoding.
|
|
13141
|
+
*
|
|
13142
|
+
* @param clientdata - The raw clientdata string from the authorize response
|
|
13143
|
+
* @returns Parsed ClientData object, or null if the input is empty/invalid
|
|
13144
|
+
*/
|
|
13145
|
+
function parseClientData(clientdata) {
|
|
13146
|
+
if (!clientdata) {
|
|
13147
|
+
return null;
|
|
13148
|
+
}
|
|
13149
|
+
try {
|
|
13150
|
+
// Only decode when the string appears to contain percent-encoded sequences
|
|
13151
|
+
const shouldDecode = /%(?:[0-9A-Fa-f]{2})/.test(clientdata);
|
|
13152
|
+
const decoded = shouldDecode
|
|
13153
|
+
? decodeURIComponent(clientdata)
|
|
13154
|
+
: clientdata;
|
|
13155
|
+
const parts = decoded.split("|");
|
|
13156
|
+
if (parts.length < 5) {
|
|
13157
|
+
return null;
|
|
13158
|
+
}
|
|
13159
|
+
return {
|
|
13160
|
+
accountType: clientDataAccountTypeMapping.get(parts[0]?.trim() || "") || "",
|
|
13161
|
+
error: parts[1]?.trim() || "",
|
|
13162
|
+
subError: parts[2]?.trim() || "",
|
|
13163
|
+
cloudInstance: parts[3]?.trim() || "",
|
|
13164
|
+
callerDataBoundary: parts[4]?.trim() || "",
|
|
13165
|
+
};
|
|
13166
|
+
}
|
|
13167
|
+
catch {
|
|
13168
|
+
return null;
|
|
13169
|
+
}
|
|
13170
|
+
}
|
|
13171
|
+
/**
|
|
13172
|
+
* Instruments account type, error, and suberror from clientdata
|
|
13173
|
+
*/
|
|
13174
|
+
function instrumentClientData(response, correlationId, performanceClient) {
|
|
13175
|
+
const parsed = parseClientData(response.clientdata);
|
|
13176
|
+
parsed?.accountType &&
|
|
13177
|
+
performanceClient.addFields({ accountType: parsed.accountType }, correlationId);
|
|
13178
|
+
parsed?.error &&
|
|
13179
|
+
performanceClient.addFields({ serverErrorNo: parsed.error }, correlationId);
|
|
13180
|
+
parsed?.subError &&
|
|
13181
|
+
performanceClient.addFields({ serverSubErrorNo: parsed.subError }, correlationId);
|
|
13182
|
+
}
|
|
13035
13183
|
/**
|
|
13036
13184
|
* Returns map of parameters that are applicable to all calls to /authorize whether using PKCE or EAR
|
|
13037
13185
|
* @param config
|
|
@@ -13201,6 +13349,8 @@ async function handleResponsePlatformBroker(request, accountId, apiId, config, b
|
|
|
13201
13349
|
async function handleResponseCode(request, response, codeVerifier, apiId, config, authClient, browserStorage, nativeStorage, eventHandler, logger, performanceClient, platformAuthProvider) {
|
|
13202
13350
|
// Remove throttle if it exists
|
|
13203
13351
|
ThrottlingUtils.removeThrottle(browserStorage, config.auth.clientId, request);
|
|
13352
|
+
// Instrument clientdata telemetry fields from the authorize response
|
|
13353
|
+
instrumentClientData(response, request.correlationId, performanceClient);
|
|
13204
13354
|
if (response.accountId) {
|
|
13205
13355
|
return invokeAsync(handleResponsePlatformBroker, HandleResponsePlatformBroker, logger, performanceClient, request.correlationId)(request, response.accountId, apiId, config, browserStorage, nativeStorage, eventHandler, logger, performanceClient, platformAuthProvider);
|
|
13206
13356
|
}
|
|
@@ -13233,6 +13383,8 @@ async function handleResponseCode(request, response, codeVerifier, apiId, config
|
|
|
13233
13383
|
async function handleResponseEAR(request, response, apiId, config, authority, browserStorage, nativeStorage, eventHandler, logger, performanceClient, platformAuthProvider) {
|
|
13234
13384
|
// Remove throttle if it exists
|
|
13235
13385
|
ThrottlingUtils.removeThrottle(browserStorage, config.auth.clientId, request);
|
|
13386
|
+
// Instrument clientdata telemetry fields from the authorize response
|
|
13387
|
+
instrumentClientData(response, request.correlationId, performanceClient);
|
|
13236
13388
|
// Validate state & check response for errors
|
|
13237
13389
|
validateAuthorizationResponse(response, request.state);
|
|
13238
13390
|
if (!response.ear_jwe) {
|
|
@@ -13519,6 +13671,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
|
|
|
13519
13671
|
tenant: "",
|
|
13520
13672
|
},
|
|
13521
13673
|
instanceAware: false,
|
|
13674
|
+
isMcp: false,
|
|
13522
13675
|
};
|
|
13523
13676
|
// Default cache options for browser
|
|
13524
13677
|
const DEFAULT_CACHE_OPTIONS = {
|
|
@@ -13911,14 +14064,17 @@ class PlatformAuthDOMHandler {
|
|
|
13911
14064
|
initializePlatformDOMRequest(request) {
|
|
13912
14065
|
this.logger.trace("15d6yv", request.correlationId);
|
|
13913
14066
|
const { accountId, clientId, authority, scope, redirectUri, correlationId, state, storeInCache, embeddedClientId, extraParameters, ...remainingProperties } = request;
|
|
13914
|
-
const validExtraParameters = this.getDOMExtraParams(remainingProperties);
|
|
14067
|
+
const validExtraParameters = this.getDOMExtraParams(remainingProperties, correlationId);
|
|
13915
14068
|
const platformDOMRequest = {
|
|
13916
14069
|
accountId: accountId,
|
|
13917
14070
|
brokerId: this.getExtensionId(),
|
|
13918
14071
|
authority: authority,
|
|
13919
14072
|
clientId: clientId,
|
|
13920
14073
|
correlationId: correlationId || this.correlationId,
|
|
13921
|
-
extraParameters: {
|
|
14074
|
+
extraParameters: {
|
|
14075
|
+
...extraParameters,
|
|
14076
|
+
...validExtraParameters,
|
|
14077
|
+
},
|
|
13922
14078
|
isSecurityTokenService: false,
|
|
13923
14079
|
redirectUri: redirectUri,
|
|
13924
14080
|
scope: scope,
|
|
@@ -13972,15 +14128,27 @@ class PlatformAuthDOMHandler {
|
|
|
13972
14128
|
};
|
|
13973
14129
|
return nativeResponse;
|
|
13974
14130
|
}
|
|
13975
|
-
getDOMExtraParams(extraParameters) {
|
|
13976
|
-
|
|
13977
|
-
|
|
13978
|
-
|
|
13979
|
-
|
|
13980
|
-
|
|
13981
|
-
|
|
13982
|
-
|
|
13983
|
-
|
|
14131
|
+
getDOMExtraParams(extraParameters, correlationId) {
|
|
14132
|
+
try {
|
|
14133
|
+
const stringifiedProperties = {};
|
|
14134
|
+
for (const [key, value] of Object.entries(extraParameters)) {
|
|
14135
|
+
if (!value) {
|
|
14136
|
+
continue;
|
|
14137
|
+
}
|
|
14138
|
+
if (typeof value === "object") {
|
|
14139
|
+
stringifiedProperties[key] = JSON.stringify(value);
|
|
14140
|
+
}
|
|
14141
|
+
else {
|
|
14142
|
+
stringifiedProperties[key] = String(value);
|
|
14143
|
+
}
|
|
14144
|
+
}
|
|
14145
|
+
return stringifiedProperties;
|
|
14146
|
+
}
|
|
14147
|
+
catch (e) {
|
|
14148
|
+
this.logger.error("0eu9o3", correlationId);
|
|
14149
|
+
this.logger.errorPii("17rpl5", correlationId);
|
|
14150
|
+
return {};
|
|
14151
|
+
}
|
|
13984
14152
|
}
|
|
13985
14153
|
}
|
|
13986
14154
|
|
|
@@ -14224,7 +14392,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
14224
14392
|
const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
|
|
14225
14393
|
this.eventHandler.emitEvent(EventType.POPUP_OPENED, correlationId, exports.InteractionType.Popup, { popupWindow }, null);
|
|
14226
14394
|
// Wait for the redirect bridge response
|
|
14227
|
-
const responseString = await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request);
|
|
14395
|
+
const responseString = await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
|
|
14228
14396
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
14229
14397
|
return await invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
14230
14398
|
}
|
|
@@ -14259,7 +14427,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
14259
14427
|
const form = await getEARForm(popupWindow.document, this.config, discoveredAuthority, popupRequest, this.logger, this.performanceClient);
|
|
14260
14428
|
form.submit();
|
|
14261
14429
|
// Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
14262
|
-
const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, popupRequest);
|
|
14430
|
+
const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, popupRequest, this.performanceClient);
|
|
14263
14431
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
14264
14432
|
if (!serverParams.ear_jwe && serverParams.code) {
|
|
14265
14433
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
|
|
@@ -14284,7 +14452,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
14284
14452
|
const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
|
|
14285
14453
|
form.submit();
|
|
14286
14454
|
// Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
14287
|
-
const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request);
|
|
14455
|
+
const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
|
|
14288
14456
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
|
|
14289
14457
|
return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
14290
14458
|
}
|
|
@@ -14337,7 +14505,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
14337
14505
|
// Open the popup window to requestUrl.
|
|
14338
14506
|
const popupWindow = this.openPopup(logoutUri, popupParams);
|
|
14339
14507
|
this.eventHandler.emitEvent(EventType.POPUP_OPENED, validRequest.correlationId, exports.InteractionType.Popup, { popupWindow }, null);
|
|
14340
|
-
await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, validRequest).catch(() => {
|
|
14508
|
+
await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, validRequest, this.performanceClient).catch(() => {
|
|
14341
14509
|
// Swallow any errors related to monitoring the window. Server logout is best effort
|
|
14342
14510
|
});
|
|
14343
14511
|
if (mainWindowRedirectUri) {
|
|
@@ -15085,7 +15253,7 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
15085
15253
|
};
|
|
15086
15254
|
await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
|
|
15087
15255
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
15088
|
-
const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request);
|
|
15256
|
+
const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
|
|
15089
15257
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
|
|
15090
15258
|
if (!serverParams.ear_jwe && serverParams.code) {
|
|
15091
15259
|
// If server doesn't support EAR, they may fallback to auth code flow instead
|
|
@@ -15134,7 +15302,7 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
15134
15302
|
}
|
|
15135
15303
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
15136
15304
|
// Wait for response from the redirect bridge.
|
|
15137
|
-
const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request);
|
|
15305
|
+
const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
|
|
15138
15306
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
|
|
15139
15307
|
return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
15140
15308
|
}
|
|
@@ -15287,6 +15455,22 @@ class SilentAuthCodeClient extends StandardInteractionClient {
|
|
|
15287
15455
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
15288
15456
|
* Licensed under the MIT License.
|
|
15289
15457
|
*/
|
|
15458
|
+
/**
|
|
15459
|
+
* Get network information for telemetry purposes. This is only supported in Chromium-based browsers.
|
|
15460
|
+
* @returns Network connection information, or an empty object if not available.
|
|
15461
|
+
*/
|
|
15462
|
+
function getNetworkInfo() {
|
|
15463
|
+
if (typeof window === "undefined" || !window.navigator) {
|
|
15464
|
+
return {};
|
|
15465
|
+
}
|
|
15466
|
+
const connection = "connection" in window.navigator
|
|
15467
|
+
? window.navigator.connection
|
|
15468
|
+
: undefined;
|
|
15469
|
+
return {
|
|
15470
|
+
effectiveType: connection?.effectiveType,
|
|
15471
|
+
rtt: connection?.rtt,
|
|
15472
|
+
};
|
|
15473
|
+
}
|
|
15290
15474
|
function collectInstanceStats(currentClientId, performanceEvent, logger, correlationId) {
|
|
15291
15475
|
const frameInstances =
|
|
15292
15476
|
// @ts-ignore
|
|
@@ -15306,12 +15490,13 @@ function collectInstanceStats(currentClientId, performanceEvent, logger, correla
|
|
|
15306
15490
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
15307
15491
|
* Licensed under the MIT License.
|
|
15308
15492
|
*/
|
|
15309
|
-
function preflightCheck(initialized, performanceEvent,
|
|
15493
|
+
function preflightCheck(initialized, performanceEvent, config, request) {
|
|
15310
15494
|
try {
|
|
15311
15495
|
preflightCheck$1(initialized);
|
|
15496
|
+
enforceResourceParameter(config.auth.isMcp, request);
|
|
15312
15497
|
}
|
|
15313
15498
|
catch (e) {
|
|
15314
|
-
performanceEvent.end({ success: false }, e, account);
|
|
15499
|
+
performanceEvent.end({ success: false }, e, request.account);
|
|
15315
15500
|
throw e;
|
|
15316
15501
|
}
|
|
15317
15502
|
}
|
|
@@ -15412,6 +15597,7 @@ class StandardController {
|
|
|
15412
15597
|
this.eventHandler.emitEvent(EventType.INITIALIZE_START, correlationId);
|
|
15413
15598
|
// Broker applications are initialized twice, so we avoid double-counting it
|
|
15414
15599
|
this.logMultipleInstances(initMeasurement, correlationId);
|
|
15600
|
+
initMeasurement.add({ isMcp: this.config.auth.isMcp });
|
|
15415
15601
|
await invokeAsync(this.browserStorage.initialize.bind(this.browserStorage), InitializeCache, this.logger, this.performanceClient, correlationId)(correlationId);
|
|
15416
15602
|
if (allowPlatformBroker) {
|
|
15417
15603
|
try {
|
|
@@ -15589,6 +15775,7 @@ class StandardController {
|
|
|
15589
15775
|
};
|
|
15590
15776
|
try {
|
|
15591
15777
|
redirectPreflightCheck(this.initialized, this.config);
|
|
15778
|
+
enforceResourceParameter(this.config.auth.isMcp, request);
|
|
15592
15779
|
this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
|
|
15593
15780
|
this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Redirect, request);
|
|
15594
15781
|
let result;
|
|
@@ -15653,7 +15840,7 @@ class StandardController {
|
|
|
15653
15840
|
});
|
|
15654
15841
|
try {
|
|
15655
15842
|
this.logger.verbose("0ch87b", correlationId);
|
|
15656
|
-
preflightCheck(this.initialized, atPopupMeasurement, request
|
|
15843
|
+
preflightCheck(this.initialized, atPopupMeasurement, this.config, request);
|
|
15657
15844
|
this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN, request.overrideInteractionInProgress, correlationId);
|
|
15658
15845
|
}
|
|
15659
15846
|
catch (e) {
|
|
@@ -15767,7 +15954,7 @@ class StandardController {
|
|
|
15767
15954
|
this.ssoSilentMeasurement?.add({
|
|
15768
15955
|
scenarioId: request.scenarioId,
|
|
15769
15956
|
});
|
|
15770
|
-
preflightCheck(this.initialized, this.ssoSilentMeasurement,
|
|
15957
|
+
preflightCheck(this.initialized, this.ssoSilentMeasurement, this.config, validRequest);
|
|
15771
15958
|
this.ssoSilentMeasurement?.increment({
|
|
15772
15959
|
visibilityChangeCount: 0,
|
|
15773
15960
|
});
|
|
@@ -15831,7 +16018,7 @@ class StandardController {
|
|
|
15831
16018
|
const correlationId = this.getRequestCorrelationId(request);
|
|
15832
16019
|
this.logger.trace("0ch6ga", correlationId);
|
|
15833
16020
|
const atbcMeasurement = this.performanceClient.startMeasurement(AcquireTokenByCode, correlationId);
|
|
15834
|
-
preflightCheck(this.initialized, atbcMeasurement);
|
|
16021
|
+
preflightCheck(this.initialized, atbcMeasurement, this.config, request);
|
|
15835
16022
|
this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Silent, request);
|
|
15836
16023
|
atbcMeasurement.add({ scenarioId: request.scenarioId });
|
|
15837
16024
|
try {
|
|
@@ -16333,7 +16520,7 @@ class StandardController {
|
|
|
16333
16520
|
cacheLookupPolicy: request.cacheLookupPolicy,
|
|
16334
16521
|
scenarioId: request.scenarioId,
|
|
16335
16522
|
});
|
|
16336
|
-
preflightCheck(this.initialized, atsMeasurement, request
|
|
16523
|
+
preflightCheck(this.initialized, atsMeasurement, this.config, request);
|
|
16337
16524
|
this.logger.verbose("0x1c4s", correlationId);
|
|
16338
16525
|
const account = request.account || this.getActiveAccount();
|
|
16339
16526
|
if (!account) {
|
|
@@ -16789,6 +16976,7 @@ class NestedAppAuthAdapter {
|
|
|
16789
16976
|
platformBrokerId: request.account?.homeAccountId,
|
|
16790
16977
|
clientId: this.clientId,
|
|
16791
16978
|
authority: request.authority,
|
|
16979
|
+
resource: request.resource,
|
|
16792
16980
|
scope: scopes.join(" "),
|
|
16793
16981
|
correlationId,
|
|
16794
16982
|
claims: !StringUtils.isEmptyObj(claims) ? claims : undefined,
|
|
@@ -17059,6 +17247,7 @@ class NestedAppAuthController {
|
|
|
17059
17247
|
const atPopupMeasurement = this.performanceClient.startMeasurement(AcquireTokenPopup, correlationId);
|
|
17060
17248
|
atPopupMeasurement.add({ nestedAppAuthRequest: true });
|
|
17061
17249
|
try {
|
|
17250
|
+
enforceResourceParameter(this.config.auth.isMcp, validRequest);
|
|
17062
17251
|
const naaRequest = this.nestedAppAuthAdapter.toNaaTokenRequest(validRequest);
|
|
17063
17252
|
const reqTimestamp = nowSeconds();
|
|
17064
17253
|
const response = await this.bridgeProxy.getTokenInteractive(naaRequest);
|
|
@@ -17125,6 +17314,7 @@ class NestedAppAuthController {
|
|
|
17125
17314
|
nestedAppAuthRequest: true,
|
|
17126
17315
|
});
|
|
17127
17316
|
try {
|
|
17317
|
+
enforceResourceParameter(this.config.auth.isMcp, validRequest);
|
|
17128
17318
|
const naaRequest = this.nestedAppAuthAdapter.toNaaTokenRequest(validRequest);
|
|
17129
17319
|
naaRequest.forceRefresh = validRequest.forceRefresh;
|
|
17130
17320
|
const reqTimestamp = nowSeconds();
|
|
@@ -17259,6 +17449,14 @@ class NestedAppAuthController {
|
|
|
17259
17449
|
this.logger.verbose("18egye", correlationId);
|
|
17260
17450
|
return Promise.resolve(null);
|
|
17261
17451
|
}
|
|
17452
|
+
else if (authRequest.resource) {
|
|
17453
|
+
const requestedResource = authRequest.resource;
|
|
17454
|
+
const cachedResource = cachedAccessToken.resource;
|
|
17455
|
+
if (!cachedResource || cachedResource !== requestedResource) {
|
|
17456
|
+
this.logger.verbose("0qraxd", correlationId);
|
|
17457
|
+
return Promise.resolve(null);
|
|
17458
|
+
}
|
|
17459
|
+
}
|
|
17262
17460
|
const cachedIdToken = this.browserStorage.getIdToken(currentAccount, authRequest.correlationId, tokenKeys, currentAccount.tenantId);
|
|
17263
17461
|
if (!cachedIdToken) {
|
|
17264
17462
|
this.logger.verbose("0d68kd", correlationId);
|
|
@@ -18428,11 +18626,14 @@ class BrowserPerformanceClient extends PerformanceClient {
|
|
|
18428
18626
|
return {
|
|
18429
18627
|
...inProgressEvent,
|
|
18430
18628
|
end: (event, error, account) => {
|
|
18629
|
+
const networkInfo = getNetworkInfo();
|
|
18431
18630
|
const res = inProgressEvent.end({
|
|
18432
18631
|
...event,
|
|
18433
18632
|
startPageVisibility,
|
|
18434
18633
|
endPageVisibility: this.getPageVisibility(),
|
|
18435
18634
|
durationMs: getPerfDurationMs(startTime),
|
|
18635
|
+
networkEffectiveType: networkInfo.effectiveType,
|
|
18636
|
+
networkRtt: networkInfo.rtt,
|
|
18436
18637
|
}, error, account);
|
|
18437
18638
|
void browserMeasurement?.then((measurement) => measurement.endMeasurement());
|
|
18438
18639
|
this.deleteIncompleteSubMeasurements(inProgressEvent);
|
|
@@ -18604,6 +18805,7 @@ exports.StubPerformanceClient = StubPerformanceClient;
|
|
|
18604
18805
|
exports.WrapperSKU = WrapperSKU;
|
|
18605
18806
|
exports.createNestablePublicClientApplication = createNestablePublicClientApplication;
|
|
18606
18807
|
exports.createStandardPublicClientApplication = createStandardPublicClientApplication;
|
|
18808
|
+
exports.enforceResourceParameter = enforceResourceParameter;
|
|
18607
18809
|
exports.isPlatformBrokerAvailable = isPlatformBrokerAvailable;
|
|
18608
18810
|
exports.loadExternalTokens = loadExternalTokens;
|
|
18609
18811
|
exports.stubbedPublicClientApplication = stubbedPublicClientApplication;
|