@azure/msal-browser 5.4.0 → 5.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (443) hide show
  1. package/README.md +1 -0
  2. package/dist/app/IPublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientApplication.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +27 -12
  7. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
  8. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  9. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  10. package/dist/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  11. package/dist/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  12. package/dist/cache/AccountManager.d.ts.map +1 -1
  13. package/dist/cache/AccountManager.mjs +1 -5
  14. package/dist/cache/AccountManager.mjs.map +1 -1
  15. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  16. package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
  17. package/dist/cache/BrowserCacheManager.mjs +4 -1
  18. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  19. package/dist/cache/CacheHelpers.mjs +1 -1
  20. package/dist/cache/CacheKeys.mjs +1 -1
  21. package/dist/cache/CookieStorage.mjs +1 -1
  22. package/dist/cache/DatabaseStorage.mjs +1 -1
  23. package/dist/cache/EncryptedData.mjs +1 -1
  24. package/dist/cache/LocalStorage.mjs +1 -1
  25. package/dist/cache/MemoryStorage.mjs +1 -1
  26. package/dist/cache/SessionStorage.mjs +1 -1
  27. package/dist/cache/TokenCache.mjs +1 -1
  28. package/dist/config/Configuration.d.ts +4 -0
  29. package/dist/config/Configuration.d.ts.map +1 -1
  30. package/dist/config/Configuration.mjs +2 -1
  31. package/dist/config/Configuration.mjs.map +1 -1
  32. package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
  33. package/dist/controllers/NestedAppAuthController.mjs +12 -2
  34. package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
  35. package/dist/controllers/StandardController.d.ts.map +1 -1
  36. package/dist/controllers/StandardController.mjs +11 -8
  37. package/dist/controllers/StandardController.mjs.map +1 -1
  38. package/dist/crypto/BrowserCrypto.mjs +1 -1
  39. package/dist/crypto/CryptoOps.mjs +1 -1
  40. package/dist/crypto/PkceGenerator.mjs +1 -1
  41. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  42. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  43. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  44. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  45. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +27 -12
  46. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
  47. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  48. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  49. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  50. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  51. package/dist/custom-auth-path/cache/AccountManager.d.ts.map +1 -1
  52. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -5
  53. package/dist/custom-auth-path/cache/AccountManager.mjs.map +1 -1
  54. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  55. package/dist/custom-auth-path/cache/BrowserCacheManager.d.ts.map +1 -1
  56. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +4 -1
  57. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs.map +1 -1
  58. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  59. package/dist/custom-auth-path/cache/CacheKeys.mjs +1 -1
  60. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  61. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  62. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  63. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  64. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  65. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  66. package/dist/custom-auth-path/config/Configuration.d.ts +4 -0
  67. package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
  68. package/dist/custom-auth-path/config/Configuration.mjs +2 -1
  69. package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
  70. package/dist/custom-auth-path/controllers/NestedAppAuthController.d.ts.map +1 -1
  71. package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
  72. package/dist/custom-auth-path/controllers/StandardController.mjs +11 -8
  73. package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
  74. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  75. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  76. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  78. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  158. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  159. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  160. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  169. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  170. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  171. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  172. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  173. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  174. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  175. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  176. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  177. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  178. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  179. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  180. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  181. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  182. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  183. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  184. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  185. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  186. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  187. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  188. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  189. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  190. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  191. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  192. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  193. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  194. package/dist/custom-auth-path/index.d.ts +1 -1
  195. package/dist/custom-auth-path/index.d.ts.map +1 -1
  196. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  197. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  198. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  199. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +2 -1
  200. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  201. package/dist/custom-auth-path/interaction_client/PopupClient.d.ts.map +1 -1
  202. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +5 -5
  203. package/dist/custom-auth-path/interaction_client/PopupClient.mjs.map +1 -1
  204. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
  205. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  206. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  207. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
  208. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +3 -3
  209. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
  210. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  211. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  212. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +6 -1
  213. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs.map +1 -1
  214. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  215. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
  216. package/dist/custom-auth-path/log-strings-mapping.json +19 -7
  217. package/dist/custom-auth-path/naa/TokenRequest.d.ts +1 -0
  218. package/dist/custom-auth-path/naa/TokenRequest.d.ts.map +1 -1
  219. package/dist/custom-auth-path/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  220. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  221. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  222. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  223. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  224. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  225. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  226. package/dist/custom-auth-path/protocol/Authorize.d.ts +33 -0
  227. package/dist/custom-auth-path/protocol/Authorize.d.ts.map +1 -1
  228. package/dist/custom-auth-path/protocol/Authorize.mjs +62 -2
  229. package/dist/custom-auth-path/protocol/Authorize.mjs.map +1 -1
  230. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  231. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  232. package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  233. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +1 -1
  234. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  235. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  236. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  237. package/dist/custom-auth-path/utils/BrowserUtils.d.ts +2 -2
  238. package/dist/custom-auth-path/utils/BrowserUtils.d.ts.map +1 -1
  239. package/dist/custom-auth-path/utils/BrowserUtils.mjs +12 -2
  240. package/dist/custom-auth-path/utils/BrowserUtils.mjs.map +1 -1
  241. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  242. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.d.ts +10 -0
  243. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  244. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +5 -1
  245. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs.map +1 -1
  246. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  247. package/dist/encode/Base64Decode.mjs +1 -1
  248. package/dist/encode/Base64Encode.mjs +1 -1
  249. package/dist/error/BrowserAuthError.mjs +1 -1
  250. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  251. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  252. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  253. package/dist/error/NativeAuthError.mjs +1 -1
  254. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  255. package/dist/error/NestedAppAuthError.mjs +1 -1
  256. package/dist/event/EventHandler.mjs +1 -1
  257. package/dist/event/EventMessage.mjs +1 -1
  258. package/dist/event/EventType.mjs +1 -1
  259. package/dist/index.d.ts +1 -1
  260. package/dist/index.d.ts.map +1 -1
  261. package/dist/index.mjs +2 -2
  262. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  263. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  264. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  265. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +2 -1
  266. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  267. package/dist/interaction_client/PopupClient.d.ts.map +1 -1
  268. package/dist/interaction_client/PopupClient.mjs +5 -5
  269. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  270. package/dist/interaction_client/RedirectClient.mjs +1 -1
  271. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  272. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  273. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  274. package/dist/interaction_client/SilentIframeClient.mjs +3 -3
  275. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  276. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  277. package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  278. package/dist/interaction_client/StandardInteractionClient.mjs +6 -1
  279. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  280. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  281. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  282. package/dist/log-strings-mapping.json +23 -11
  283. package/dist/naa/BridgeError.mjs +1 -1
  284. package/dist/naa/BridgeProxy.mjs +1 -1
  285. package/dist/naa/BridgeStatusCode.mjs +1 -1
  286. package/dist/naa/TokenRequest.d.ts +1 -0
  287. package/dist/naa/TokenRequest.d.ts.map +1 -1
  288. package/dist/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  289. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +2 -1
  290. package/dist/naa/mapping/NestedAppAuthAdapter.mjs.map +1 -1
  291. package/dist/navigation/NavigationClient.mjs +1 -1
  292. package/dist/network/FetchClient.mjs +1 -1
  293. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  294. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  295. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  296. package/dist/packageMetadata.d.ts +1 -1
  297. package/dist/packageMetadata.mjs +2 -2
  298. package/dist/protocol/Authorize.d.ts +33 -0
  299. package/dist/protocol/Authorize.d.ts.map +1 -1
  300. package/dist/protocol/Authorize.mjs +62 -2
  301. package/dist/protocol/Authorize.mjs.map +1 -1
  302. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  303. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  304. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  305. package/dist/redirect-bridge/cache/AccountManager.d.ts.map +1 -1
  306. package/dist/redirect-bridge/cache/BrowserCacheManager.d.ts.map +1 -1
  307. package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
  308. package/dist/redirect-bridge/config/Configuration.d.ts +4 -0
  309. package/dist/redirect-bridge/config/Configuration.d.ts.map +1 -1
  310. package/dist/redirect-bridge/config/Configuration.mjs +1 -1
  311. package/dist/redirect-bridge/controllers/NestedAppAuthController.d.ts.map +1 -1
  312. package/dist/redirect-bridge/controllers/StandardController.d.ts.map +1 -1
  313. package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
  314. package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
  315. package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
  316. package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
  317. package/dist/redirect-bridge/index.d.ts +1 -1
  318. package/dist/redirect-bridge/index.d.ts.map +1 -1
  319. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  320. package/dist/redirect-bridge/interaction_client/PopupClient.d.ts.map +1 -1
  321. package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts.map +1 -1
  322. package/dist/redirect-bridge/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  323. package/dist/redirect-bridge/naa/TokenRequest.d.ts +1 -0
  324. package/dist/redirect-bridge/naa/TokenRequest.d.ts.map +1 -1
  325. package/dist/redirect-bridge/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  326. package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
  327. package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
  328. package/dist/redirect-bridge/protocol/Authorize.d.ts +33 -0
  329. package/dist/redirect-bridge/protocol/Authorize.d.ts.map +1 -1
  330. package/dist/redirect-bridge/redirect_bridge/index.mjs +1 -1
  331. package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  332. package/dist/redirect-bridge/utils/BrowserConstants.mjs +1 -1
  333. package/dist/redirect-bridge/utils/BrowserUtils.d.ts +2 -2
  334. package/dist/redirect-bridge/utils/BrowserUtils.d.ts.map +1 -1
  335. package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
  336. package/dist/redirect-bridge/utils/BrowserUtils.mjs.map +1 -1
  337. package/dist/redirect-bridge/utils/MsalFrameStatsUtils.d.ts +10 -0
  338. package/dist/redirect-bridge/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  339. package/dist/request/RequestHelpers.mjs +1 -1
  340. package/dist/response/ResponseHandler.mjs +1 -1
  341. package/dist/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  342. package/dist/telemetry/BrowserPerformanceClient.mjs +5 -1
  343. package/dist/telemetry/BrowserPerformanceClient.mjs.map +1 -1
  344. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  345. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  346. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  347. package/dist/utils/BrowserConstants.mjs +1 -1
  348. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  349. package/dist/utils/BrowserUtils.d.ts +2 -2
  350. package/dist/utils/BrowserUtils.d.ts.map +1 -1
  351. package/dist/utils/BrowserUtils.mjs +12 -2
  352. package/dist/utils/BrowserUtils.mjs.map +1 -1
  353. package/dist/utils/Helpers.mjs +1 -1
  354. package/dist/utils/MsalFrameStatsUtils.d.ts +10 -0
  355. package/dist/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  356. package/dist/utils/MsalFrameStatsUtils.mjs +18 -2
  357. package/dist/utils/MsalFrameStatsUtils.mjs.map +1 -1
  358. package/lib/custom-auth-path/log-strings-mapping.json +19 -7
  359. package/lib/custom-auth-path/msal-custom-auth.cjs +264 -96
  360. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  361. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  362. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  363. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  364. package/lib/custom-auth-path/types/cache/AccountManager.d.ts.map +1 -1
  365. package/lib/custom-auth-path/types/cache/BrowserCacheManager.d.ts.map +1 -1
  366. package/lib/custom-auth-path/types/config/Configuration.d.ts +4 -0
  367. package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
  368. package/lib/custom-auth-path/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  369. package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
  370. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  371. package/lib/custom-auth-path/types/index.d.ts +1 -1
  372. package/lib/custom-auth-path/types/index.d.ts.map +1 -1
  373. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  374. package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts.map +1 -1
  375. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  376. package/lib/custom-auth-path/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  377. package/lib/custom-auth-path/types/naa/TokenRequest.d.ts +1 -0
  378. package/lib/custom-auth-path/types/naa/TokenRequest.d.ts.map +1 -1
  379. package/lib/custom-auth-path/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  380. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  381. package/lib/custom-auth-path/types/protocol/Authorize.d.ts +33 -0
  382. package/lib/custom-auth-path/types/protocol/Authorize.d.ts.map +1 -1
  383. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  384. package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts +2 -2
  385. package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts.map +1 -1
  386. package/lib/custom-auth-path/types/utils/MsalFrameStatsUtils.d.ts +10 -0
  387. package/lib/custom-auth-path/types/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  388. package/lib/log-strings-mapping.json +23 -11
  389. package/lib/msal-browser.cjs +302 -100
  390. package/lib/msal-browser.cjs.map +1 -1
  391. package/lib/msal-browser.js +302 -100
  392. package/lib/msal-browser.js.map +1 -1
  393. package/lib/msal-browser.min.js +2 -2
  394. package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
  395. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  396. package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
  397. package/lib/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -1
  398. package/lib/types/broker/nativeBroker/PlatformAuthRequest.d.ts +1 -0
  399. package/lib/types/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -1
  400. package/lib/types/cache/AccountManager.d.ts.map +1 -1
  401. package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
  402. package/lib/types/config/Configuration.d.ts +4 -0
  403. package/lib/types/config/Configuration.d.ts.map +1 -1
  404. package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  405. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  406. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  407. package/lib/types/index.d.ts +1 -1
  408. package/lib/types/index.d.ts.map +1 -1
  409. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  410. package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
  411. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  412. package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  413. package/lib/types/naa/TokenRequest.d.ts +1 -0
  414. package/lib/types/naa/TokenRequest.d.ts.map +1 -1
  415. package/lib/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  416. package/lib/types/packageMetadata.d.ts +1 -1
  417. package/lib/types/protocol/Authorize.d.ts +33 -0
  418. package/lib/types/protocol/Authorize.d.ts.map +1 -1
  419. package/lib/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  420. package/lib/types/utils/BrowserUtils.d.ts +2 -2
  421. package/lib/types/utils/BrowserUtils.d.ts.map +1 -1
  422. package/lib/types/utils/MsalFrameStatsUtils.d.ts +10 -0
  423. package/lib/types/utils/MsalFrameStatsUtils.d.ts.map +1 -1
  424. package/package.json +2 -2
  425. package/src/broker/nativeBroker/PlatformAuthDOMHandler.ts +34 -17
  426. package/src/broker/nativeBroker/PlatformAuthRequest.ts +1 -0
  427. package/src/cache/AccountManager.ts +0 -5
  428. package/src/cache/BrowserCacheManager.ts +4 -0
  429. package/src/config/Configuration.ts +5 -0
  430. package/src/controllers/NestedAppAuthController.ts +14 -0
  431. package/src/controllers/StandardController.ts +13 -6
  432. package/src/index.ts +1 -0
  433. package/src/interaction_client/PlatformAuthInteractionClient.ts +1 -0
  434. package/src/interaction_client/PopupClient.ts +8 -4
  435. package/src/interaction_client/SilentIframeClient.ts +4 -2
  436. package/src/interaction_client/StandardInteractionClient.ts +11 -0
  437. package/src/naa/TokenRequest.ts +1 -0
  438. package/src/naa/mapping/NestedAppAuthAdapter.ts +1 -0
  439. package/src/packageMetadata.ts +1 -1
  440. package/src/protocol/Authorize.ts +100 -0
  441. package/src/telemetry/BrowserPerformanceClient.ts +4 -0
  442. package/src/utils/BrowserUtils.ts +24 -1
  443. package/src/utils/MsalFrameStatsUtils.ts +27 -0
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-browser v5.4.0 2026-03-02 */
1
+ /*! @azure/msal-browser v5.6.0 2026-03-18 */
2
2
  'use strict';
3
3
  (function (global, factory) {
4
4
  typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
@@ -6,7 +6,7 @@
6
6
  (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msal = {}));
7
7
  })(this, (function (exports) { 'use strict';
8
8
 
9
- /*! @azure/msal-common v16.2.0 2026-03-02 */
9
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
10
10
  /*
11
11
  * Copyright (c) Microsoft Corporation. All rights reserved.
12
12
  * Licensed under the MIT License.
@@ -238,7 +238,7 @@
238
238
  // Token renewal offset default in seconds
239
239
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
240
240
 
241
- /*! @azure/msal-common v16.2.0 2026-03-02 */
241
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
242
242
  /*
243
243
  * Copyright (c) Microsoft Corporation. All rights reserved.
244
244
  * Licensed under the MIT License.
@@ -286,9 +286,11 @@
286
286
  const BROKER_REDIRECT_URI = "brk_redirect_uri";
287
287
  const INSTANCE_AWARE = "instance_aware";
288
288
  const EAR_JWK = "ear_jwk";
289
- const EAR_JWE_CRYPTO = "ear_jwe_crypto";
289
+ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
290
+ const RESOURCE = "resource";
291
+ const CLI_DATA = "clidata";
290
292
 
291
- /*! @azure/msal-common v16.2.0 2026-03-02 */
293
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
292
294
  /*
293
295
  * Copyright (c) Microsoft Corporation. All rights reserved.
294
296
  * Licensed under the MIT License.
@@ -319,7 +321,7 @@
319
321
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
320
322
  }
321
323
 
322
- /*! @azure/msal-common v16.2.0 2026-03-02 */
324
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
323
325
 
324
326
  /*
325
327
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -339,7 +341,7 @@
339
341
  return new ClientConfigurationError(errorCode);
340
342
  }
341
343
 
342
- /*! @azure/msal-common v16.2.0 2026-03-02 */
344
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
343
345
  /*
344
346
  * Copyright (c) Microsoft Corporation. All rights reserved.
345
347
  * Licensed under the MIT License.
@@ -419,7 +421,7 @@
419
421
  }
420
422
  }
421
423
 
422
- /*! @azure/msal-common v16.2.0 2026-03-02 */
424
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
423
425
 
424
426
  /*
425
427
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -442,7 +444,7 @@
442
444
  return new ClientAuthError(errorCode, additionalMessage);
443
445
  }
444
446
 
445
- /*! @azure/msal-common v16.2.0 2026-03-02 */
447
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
446
448
  /*
447
449
  * Copyright (c) Microsoft Corporation. All rights reserved.
448
450
  * Licensed under the MIT License.
@@ -496,7 +498,7 @@
496
498
  urlParseError: urlParseError
497
499
  });
498
500
 
499
- /*! @azure/msal-common v16.2.0 2026-03-02 */
501
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
500
502
  /*
501
503
  * Copyright (c) Microsoft Corporation. All rights reserved.
502
504
  * Licensed under the MIT License.
@@ -537,7 +539,9 @@
537
539
  const userCanceled = "user_canceled";
538
540
  const methodNotImplemented = "method_not_implemented";
539
541
  const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled";
540
- const platformBrokerError = "platform_broker_error";
542
+ const platformBrokerError = "platform_broker_error";
543
+ const resourceParameterRequired = "resource_parameter_required";
544
+ const misplacedResourceParam = "misplaced_resource_parameter";
541
545
 
542
546
  var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
543
547
  __proto__: null,
@@ -558,6 +562,7 @@
558
562
  keyIdMissing: keyIdMissing,
559
563
  maxAgeTranspired: maxAgeTranspired,
560
564
  methodNotImplemented: methodNotImplemented,
565
+ misplacedResourceParam: misplacedResourceParam,
561
566
  multipleMatchingAppMetadata: multipleMatchingAppMetadata,
562
567
  multipleMatchingTokens: multipleMatchingTokens,
563
568
  nestedAppAuthBridgeDisabled: nestedAppAuthBridgeDisabled,
@@ -571,6 +576,7 @@
571
576
  openIdConfigError: openIdConfigError,
572
577
  platformBrokerError: platformBrokerError,
573
578
  requestCannotBeMade: requestCannotBeMade,
579
+ resourceParameterRequired: resourceParameterRequired,
574
580
  stateMismatch: stateMismatch,
575
581
  stateNotFound: stateNotFound,
576
582
  tokenClaimsCnfRequiredForSignedJwt: tokenClaimsCnfRequiredForSignedJwt,
@@ -580,7 +586,7 @@
580
586
  userCanceled: userCanceled
581
587
  });
582
588
 
583
- /*! @azure/msal-common v16.2.0 2026-03-02 */
589
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
584
590
 
585
591
  /*
586
592
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -775,7 +781,7 @@
775
781
  }
776
782
  }
777
783
 
778
- /*! @azure/msal-common v16.2.0 2026-03-02 */
784
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
779
785
 
780
786
  /*
781
787
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1041,6 +1047,12 @@
1041
1047
  function addClientInfo(parameters) {
1042
1048
  parameters.set(CLIENT_INFO, "1");
1043
1049
  }
1050
+ /**
1051
+ * add clidata=1 to request to indicate client data support
1052
+ */
1053
+ function addCliData(parameters) {
1054
+ parameters.set(CLI_DATA, "1");
1055
+ }
1044
1056
  function addInstanceAware(parameters) {
1045
1057
  if (!parameters.has(INSTANCE_AWARE)) {
1046
1058
  parameters.set(INSTANCE_AWARE, "true");
@@ -1140,9 +1152,14 @@
1140
1152
  // ear_jwe_crypto will always have value: {"alg":"dir","enc":"A256GCM"} so we can hardcode this
1141
1153
  const jweCryptoB64Encoded = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0";
1142
1154
  parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
1155
+ }
1156
+ function addResource(parameters, resource) {
1157
+ if (resource) {
1158
+ parameters.set(RESOURCE, resource);
1159
+ }
1143
1160
  }
1144
1161
 
1145
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1162
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1146
1163
 
1147
1164
  /*
1148
1165
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1251,7 +1268,7 @@
1251
1268
  }
1252
1269
  }
1253
1270
 
1254
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1271
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1255
1272
 
1256
1273
  /*
1257
1274
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1290,7 +1307,7 @@
1290
1307
  },
1291
1308
  };
1292
1309
 
1293
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1310
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1294
1311
  /*
1295
1312
  * Copyright (c) Microsoft Corporation. All rights reserved.
1296
1313
  * Licensed under the MIT License.
@@ -1565,12 +1582,12 @@
1565
1582
  }
1566
1583
  }
1567
1584
 
1568
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1585
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1569
1586
  /* eslint-disable header/header */
1570
1587
  const name$1 = "@azure/msal-common";
1571
- const version$1 = "16.2.0";
1588
+ const version$1 = "16.4.0";
1572
1589
 
1573
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1590
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1574
1591
  /*
1575
1592
  * Copyright (c) Microsoft Corporation. All rights reserved.
1576
1593
  * Licensed under the MIT License.
@@ -1590,7 +1607,7 @@
1590
1607
  AzureUsGovernment: "https://login.microsoftonline.us",
1591
1608
  };
1592
1609
 
1593
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1610
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1594
1611
  /*
1595
1612
  * Copyright (c) Microsoft Corporation. All rights reserved.
1596
1613
  * Licensed under the MIT License.
@@ -1672,7 +1689,7 @@
1672
1689
  return updatedAccountInfo;
1673
1690
  }
1674
1691
 
1675
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1692
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1676
1693
 
1677
1694
  /*
1678
1695
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1752,7 +1769,7 @@
1752
1769
  }
1753
1770
  }
1754
1771
 
1755
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1772
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1756
1773
 
1757
1774
  /*
1758
1775
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1909,7 +1926,7 @@
1909
1926
  }
1910
1927
  }
1911
1928
 
1912
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1929
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
1913
1930
 
1914
1931
  /*
1915
1932
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2066,7 +2083,7 @@
2066
2083
  return null;
2067
2084
  }
2068
2085
 
2069
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2086
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
2070
2087
  /*
2071
2088
  * Copyright (c) Microsoft Corporation. All rights reserved.
2072
2089
  * Licensed under the MIT License.
@@ -2074,7 +2091,7 @@
2074
2091
  const cacheQuotaExceeded = "cache_quota_exceeded";
2075
2092
  const cacheErrorUnknown = "cache_error_unknown";
2076
2093
 
2077
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2094
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
2078
2095
 
2079
2096
  /*
2080
2097
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2112,7 +2129,7 @@
2112
2129
  }
2113
2130
  }
2114
2131
 
2115
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2132
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
2116
2133
 
2117
2134
  /*
2118
2135
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2150,7 +2167,7 @@
2150
2167
  };
2151
2168
  }
2152
2169
 
2153
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2170
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
2154
2171
  /*
2155
2172
  * Copyright (c) Microsoft Corporation. All rights reserved.
2156
2173
  * Licensed under the MIT License.
@@ -2165,7 +2182,7 @@
2165
2182
  Ciam: 3,
2166
2183
  };
2167
2184
 
2168
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2185
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
2169
2186
  /*
2170
2187
  * Copyright (c) Microsoft Corporation. All rights reserved.
2171
2188
  * Licensed under the MIT License.
@@ -2187,7 +2204,7 @@
2187
2204
  return null;
2188
2205
  }
2189
2206
 
2190
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2207
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
2191
2208
  /*
2192
2209
  * Copyright (c) Microsoft Corporation. All rights reserved.
2193
2210
  * Licensed under the MIT License.
@@ -2211,7 +2228,7 @@
2211
2228
  EAR: "EAR",
2212
2229
  };
2213
2230
 
2214
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2231
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
2215
2232
  /**
2216
2233
  * Returns the AccountInfo interface for this account.
2217
2234
  */
@@ -2386,7 +2403,7 @@
2386
2403
  entity.hasOwnProperty("authorityType"));
2387
2404
  }
2388
2405
 
2389
- /*! @azure/msal-common v16.2.0 2026-03-02 */
2406
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
2390
2407
 
2391
2408
  /*
2392
2409
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2416,6 +2433,11 @@
2416
2433
  * Gets first tenanted AccountInfo object found based on provided filters
2417
2434
  */
2418
2435
  getAccountInfoFilteredBy(accountFilter, correlationId) {
2436
+ if (Object.keys(accountFilter).length === 0 ||
2437
+ Object.values(accountFilter).every((value) => value === null || value === undefined || value === "")) {
2438
+ this.commonLogger.warning("1skb02", correlationId);
2439
+ return null;
2440
+ }
2419
2441
  const allAccounts = this.getAllAccounts(accountFilter, correlationId);
2420
2442
  if (allAccounts.length > 1) {
2421
2443
  // If one or more accounts are found, prioritize accounts that have an ID token
@@ -3483,7 +3505,7 @@
3483
3505
  }
3484
3506
  }
3485
3507
 
3486
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3508
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3487
3509
  /*
3488
3510
  * Copyright (c) Microsoft Corporation. All rights reserved.
3489
3511
  * Licensed under the MIT License.
@@ -3528,9 +3550,12 @@
3528
3550
  "currRefreshCount",
3529
3551
  "expiredCacheRemovedCount",
3530
3552
  "upgradedCacheCount",
3553
+ "networkRtt",
3554
+ "redirectBridgeTimeoutMs",
3555
+ "redirectBridgeMessageVersion",
3531
3556
  ]);
3532
3557
 
3533
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3558
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3534
3559
 
3535
3560
  /*
3536
3561
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3585,7 +3610,7 @@
3585
3610
  }
3586
3611
  }
3587
3612
 
3588
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3613
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3589
3614
 
3590
3615
  /*
3591
3616
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3668,6 +3693,7 @@
3668
3693
  clientCapabilities: [],
3669
3694
  azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS,
3670
3695
  instanceAware: false,
3696
+ isMcp: false,
3671
3697
  ...authOptions,
3672
3698
  };
3673
3699
  }
@@ -3679,7 +3705,7 @@
3679
3705
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3680
3706
  }
3681
3707
 
3682
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3708
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3683
3709
 
3684
3710
  /*
3685
3711
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3698,7 +3724,7 @@
3698
3724
  }
3699
3725
  }
3700
3726
 
3701
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3727
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3702
3728
  /*
3703
3729
  * Copyright (c) Microsoft Corporation. All rights reserved.
3704
3730
  * Licensed under the MIT License.
@@ -3762,7 +3788,7 @@
3762
3788
  uxNotAllowed: uxNotAllowed
3763
3789
  });
3764
3790
 
3765
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3791
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3766
3792
 
3767
3793
  /*
3768
3794
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3830,7 +3856,7 @@
3830
3856
  return new InteractionRequiredAuthError(errorCode, errorMessage);
3831
3857
  }
3832
3858
 
3833
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3859
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3834
3860
 
3835
3861
  /*
3836
3862
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3898,7 +3924,7 @@
3898
3924
  }
3899
3925
  }
3900
3926
 
3901
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3927
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3902
3928
  /*
3903
3929
  * Copyright (c) Microsoft Corporation. All rights reserved.
3904
3930
  * Licensed under the MIT License.
@@ -3963,7 +3989,7 @@
3963
3989
  return cachedAtSec > nowSeconds();
3964
3990
  }
3965
3991
 
3966
- /*! @azure/msal-common v16.2.0 2026-03-02 */
3992
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
3967
3993
  /*
3968
3994
  * Copyright (c) Microsoft Corporation. All rights reserved.
3969
3995
  * Licensed under the MIT License.
@@ -4034,7 +4060,7 @@
4034
4060
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4035
4061
  const SetUserData = "setUserData";
4036
4062
 
4037
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4063
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4038
4064
  /*
4039
4065
  * Copyright (c) Microsoft Corporation. All rights reserved.
4040
4066
  * Licensed under the MIT License.
@@ -4127,7 +4153,7 @@
4127
4153
  };
4128
4154
  };
4129
4155
 
4130
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4156
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4131
4157
 
4132
4158
  /*
4133
4159
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4207,7 +4233,7 @@
4207
4233
  }
4208
4234
  }
4209
4235
 
4210
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4236
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4211
4237
  /*
4212
4238
  * Copyright (c) Microsoft Corporation. All rights reserved.
4213
4239
  * Licensed under the MIT License.
@@ -4234,7 +4260,7 @@
4234
4260
  }
4235
4261
  }
4236
4262
 
4237
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4263
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4238
4264
 
4239
4265
  /*
4240
4266
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4493,7 +4519,7 @@
4493
4519
  return metadata.expiresAt <= nowSeconds();
4494
4520
  }
4495
4521
 
4496
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4522
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4497
4523
 
4498
4524
  /*
4499
4525
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4678,6 +4704,11 @@
4678
4704
  : undefined;
4679
4705
  // non AAD scenarios can have empty realm
4680
4706
  cachedAccessToken = createAccessTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.access_token, this.clientId, claimsTenantId || authority.tenant || "", responseScopes.printScopes(), tokenExpirationSeconds, extendedTokenExpirationSeconds, this.cryptoObj.base64Decode, refreshOnSeconds, serverTokenResponse.token_type, userAssertionHash, serverTokenResponse.key_id);
4707
+ // Set resource (to be used for MCP scenarios)
4708
+ const resource = request.resource || null;
4709
+ if (resource) {
4710
+ cachedAccessToken.resource = resource;
4711
+ }
4681
4712
  }
4682
4713
  // refreshToken
4683
4714
  let cachedRefreshToken = null;
@@ -4829,7 +4860,7 @@
4829
4860
  return baseAccount;
4830
4861
  }
4831
4862
 
4832
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4863
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4833
4864
  /*
4834
4865
  * Copyright (c) Microsoft Corporation. All rights reserved.
4835
4866
  * Licensed under the MIT License.
@@ -4839,7 +4870,7 @@
4839
4870
  UPN: "UPN",
4840
4871
  };
4841
4872
 
4842
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4873
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4843
4874
  /*
4844
4875
  * Copyright (c) Microsoft Corporation. All rights reserved.
4845
4876
  * Licensed under the MIT License.
@@ -4857,7 +4888,7 @@
4857
4888
  }
4858
4889
  }
4859
4890
 
4860
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4891
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4861
4892
  /*
4862
4893
  * Copyright (c) Microsoft Corporation. All rights reserved.
4863
4894
  * Licensed under the MIT License.
@@ -4878,7 +4909,7 @@
4878
4909
  };
4879
4910
  }
4880
4911
 
4881
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4912
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4882
4913
 
4883
4914
  /*
4884
4915
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4964,7 +4995,7 @@
4964
4995
  }
4965
4996
  }
4966
4997
 
4967
- /*! @azure/msal-common v16.2.0 2026-03-02 */
4998
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4968
4999
 
4969
5000
  /*
4970
5001
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4995,7 +5026,7 @@
4995
5026
  return new NetworkError(error, httpStatus, responseHeaders);
4996
5027
  }
4997
5028
 
4998
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5029
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
4999
5030
 
5000
5031
  /*
5001
5032
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5109,7 +5140,7 @@
5109
5140
  return response;
5110
5141
  }
5111
5142
 
5112
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5143
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
5113
5144
  /*
5114
5145
  * Copyright (c) Microsoft Corporation. All rights reserved.
5115
5146
  * Licensed under the MIT License.
@@ -5121,7 +5152,7 @@
5121
5152
  response.hasOwnProperty("jwks_uri"));
5122
5153
  }
5123
5154
 
5124
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5155
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
5125
5156
  /*
5126
5157
  * Copyright (c) Microsoft Corporation. All rights reserved.
5127
5158
  * Licensed under the MIT License.
@@ -5131,7 +5162,7 @@
5131
5162
  response.hasOwnProperty("metadata"));
5132
5163
  }
5133
5164
 
5134
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5165
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
5135
5166
  /*
5136
5167
  * Copyright (c) Microsoft Corporation. All rights reserved.
5137
5168
  * Licensed under the MIT License.
@@ -5141,7 +5172,7 @@
5141
5172
  response.hasOwnProperty("error_description"));
5142
5173
  }
5143
5174
 
5144
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5175
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
5145
5176
 
5146
5177
  /*
5147
5178
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5246,7 +5277,7 @@
5246
5277
  },
5247
5278
  };
5248
5279
 
5249
- /*! @azure/msal-common v16.2.0 2026-03-02 */
5280
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
5250
5281
 
5251
5282
  /*
5252
5283
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6066,7 +6097,7 @@
6066
6097
  };
6067
6098
  }
6068
6099
 
6069
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6100
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6070
6101
 
6071
6102
  /*
6072
6103
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6100,7 +6131,7 @@
6100
6131
  }
6101
6132
  }
6102
6133
 
6103
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6134
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6104
6135
 
6105
6136
  /*
6106
6137
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6220,6 +6251,7 @@
6220
6251
  }
6221
6252
  // Add scope array, parameter builder will add default scopes and dedupe
6222
6253
  addScopes(parameters, request.scopes, true, this.oidcDefaultScopes);
6254
+ addResource(parameters, request.resource);
6223
6255
  // add code: user set, not validated
6224
6256
  addAuthorizationCode(parameters, request.code);
6225
6257
  // Add library metadata
@@ -6360,7 +6392,7 @@
6360
6392
  }
6361
6393
  }
6362
6394
 
6363
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6395
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6364
6396
 
6365
6397
  /*
6366
6398
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6585,7 +6617,7 @@
6585
6617
  }
6586
6618
  }
6587
6619
 
6588
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6620
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6589
6621
 
6590
6622
  /*
6591
6623
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6641,6 +6673,13 @@
6641
6673
  this.setCacheOutcome(CacheOutcome.CACHED_ACCESS_TOKEN_EXPIRED, request.correlationId);
6642
6674
  throw createClientAuthError(tokenRefreshRequired);
6643
6675
  }
6676
+ else if (request.resource) {
6677
+ // cached access token must have a resource that matches the request resource for MCP scenarios
6678
+ if (cachedAccessToken.resource !== request.resource) {
6679
+ this.setCacheOutcome(CacheOutcome.NO_CACHED_ACCESS_TOKEN, request.correlationId);
6680
+ throw createClientAuthError(tokenRefreshRequired);
6681
+ }
6682
+ }
6644
6683
  else if (cachedAccessToken.refreshOn &&
6645
6684
  isTokenExpired(cachedAccessToken.refreshOn, 0)) {
6646
6685
  // must refresh (in the background) due to the refresh_in value
@@ -6694,7 +6733,7 @@
6694
6733
  }
6695
6734
  }
6696
6735
 
6697
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6736
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6698
6737
 
6699
6738
  /*
6700
6739
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6709,7 +6748,7 @@
6709
6748
  },
6710
6749
  };
6711
6750
 
6712
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6751
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6713
6752
 
6714
6753
  /*
6715
6754
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6735,12 +6774,15 @@
6735
6774
  ...(request.extraScopesToConsent || []),
6736
6775
  ];
6737
6776
  addScopes(parameters, requestScopes, true, authOptions.authority.options.OIDCOptions?.defaultScopes);
6777
+ addResource(parameters, request.resource);
6738
6778
  addRedirectUri(parameters, request.redirectUri);
6739
6779
  addCorrelationId(parameters, correlationId);
6740
6780
  // add response_mode. If not passed in it defaults to query.
6741
6781
  addResponseMode(parameters, request.responseMode);
6742
6782
  // add client_info=1
6743
6783
  addClientInfo(parameters);
6784
+ // add clidata=1
6785
+ addCliData(parameters);
6744
6786
  if (request.prompt) {
6745
6787
  addPrompt(parameters, request.prompt);
6746
6788
  performanceClient?.addFields({ prompt: request.prompt }, correlationId);
@@ -6933,7 +6975,40 @@
6933
6975
  return account.loginHint || account.idTokenClaims?.login_hint || null;
6934
6976
  }
6935
6977
 
6936
- /*! @azure/msal-common v16.2.0 2026-03-02 */
6978
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6979
+
6980
+ /*
6981
+ * Copyright (c) Microsoft Corporation. All rights reserved.
6982
+ * Licensed under the MIT License.
6983
+ */
6984
+ /**
6985
+ * Helper to enforce resource parameter presence in token requests when isMcp is set in the configuration.
6986
+ * If resource parameter is set in both the request and in extraQueryParameters or extraParameters, an error will be thrown.
6987
+ * This is used for MCP flows.
6988
+ * @param isMcp - Flag indicating if application is an MCP app, from configuration
6989
+ * @param request - Auth request
6990
+ */
6991
+ function enforceResourceParameter(isMcp, request) {
6992
+ if (!isMcp) {
6993
+ return;
6994
+ }
6995
+ if (request.resource &&
6996
+ (containsResourceParam(request.extraParameters) ||
6997
+ containsResourceParam(request.extraQueryParameters))) {
6998
+ throw createClientAuthError(misplacedResourceParam);
6999
+ }
7000
+ if (!request.resource) {
7001
+ throw createClientAuthError(resourceParameterRequired);
7002
+ }
7003
+ }
7004
+ function containsResourceParam(params) {
7005
+ if (!params) {
7006
+ return false;
7007
+ }
7008
+ return Object.prototype.hasOwnProperty.call(params, "resource");
7009
+ }
7010
+
7011
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6937
7012
 
6938
7013
  /*
6939
7014
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6991,7 +7066,7 @@
6991
7066
  }
6992
7067
  }
6993
7068
 
6994
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7069
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
6995
7070
  /*
6996
7071
  * Copyright (c) Microsoft Corporation. All rights reserved.
6997
7072
  * Licensed under the MIT License.
@@ -7008,7 +7083,7 @@
7008
7083
  unexpectedError: unexpectedError
7009
7084
  });
7010
7085
 
7011
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7086
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
7012
7087
 
7013
7088
  /*
7014
7089
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7269,7 +7344,7 @@
7269
7344
  }
7270
7345
  }
7271
7346
 
7272
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7347
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
7273
7348
 
7274
7349
  /*
7275
7350
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7290,7 +7365,7 @@
7290
7365
  return new JoseHeaderError(code);
7291
7366
  }
7292
7367
 
7293
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7368
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
7294
7369
  /*
7295
7370
  * Copyright (c) Microsoft Corporation. All rights reserved.
7296
7371
  * Licensed under the MIT License.
@@ -7298,7 +7373,7 @@
7298
7373
  const missingKidError = "missing_kid_error";
7299
7374
  const missingAlgError = "missing_alg_error";
7300
7375
 
7301
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7376
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
7302
7377
 
7303
7378
  /*
7304
7379
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7338,7 +7413,7 @@
7338
7413
  }
7339
7414
  }
7340
7415
 
7341
- /*! @azure/msal-common v16.2.0 2026-03-02 */
7416
+ /*! @azure/msal-common v16.4.0 2026-03-18 */
7342
7417
 
7343
7418
  /*
7344
7419
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7434,8 +7509,10 @@
7434
7509
  else if (error instanceof AuthError) {
7435
7510
  event.errorCode = error.errorCode;
7436
7511
  event.subErrorCode = error.subError;
7437
- if (error instanceof ServerError ||
7438
- error instanceof InteractionRequiredAuthError) {
7512
+ if (!event.serverErrorNo &&
7513
+ (error instanceof ServerError ||
7514
+ error instanceof InteractionRequiredAuthError) &&
7515
+ error.errorNo) {
7439
7516
  event.serverErrorNo = error.errorNo;
7440
7517
  }
7441
7518
  return;
@@ -8772,9 +8849,13 @@
8772
8849
  activeBridgeMonitor = null;
8773
8850
  }
8774
8851
  }
8775
- async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request) {
8852
+ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient) {
8776
8853
  return new Promise((resolve, reject) => {
8777
8854
  logger.verbose("1rf6em", request.correlationId);
8855
+ const correlationId = request.correlationId;
8856
+ performanceClient.addFields({
8857
+ redirectBridgeTimeoutMs: timeoutMs,
8858
+ }, correlationId);
8778
8859
  const { libraryState } = parseRequestState(browserCrypto.base64Decode, request.state || "");
8779
8860
  const channel = new BroadcastChannel(libraryState.id);
8780
8861
  let responseString = undefined;
@@ -8792,6 +8873,12 @@
8792
8873
  };
8793
8874
  channel.onmessage = (event) => {
8794
8875
  responseString = event.data.payload;
8876
+ const messageVersion = event?.data && typeof event.data.v === "number"
8877
+ ? event.data.v
8878
+ : undefined;
8879
+ performanceClient.addFields({
8880
+ redirectBridgeMessageVersion: messageVersion,
8881
+ }, correlationId);
8795
8882
  // Clear the active monitor
8796
8883
  activeBridgeMonitor = null;
8797
8884
  clearTimeout(timeoutId);
@@ -10211,7 +10298,7 @@
10211
10298
 
10212
10299
  /* eslint-disable header/header */
10213
10300
  const name = "@azure/msal-browser";
10214
- const version = "5.4.0";
10301
+ const version = "5.6.0";
10215
10302
 
10216
10303
  /*
10217
10304
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -11526,6 +11613,9 @@
11526
11613
  : 0, base64Decode, undefined, // refreshOn
11527
11614
  result.tokenType, undefined, // userAssertionHash
11528
11615
  request.sshKid);
11616
+ if (request.resource) {
11617
+ accessTokenEntity.resource = request.resource;
11618
+ }
11529
11619
  const cacheRecord = {
11530
11620
  idToken: idTokenEntity,
11531
11621
  accessToken: accessTokenEntity,
@@ -11611,10 +11701,6 @@
11611
11701
  */
11612
11702
  function getAccount(accountFilter, logger, browserStorage, correlationId) {
11613
11703
  logger.trace("0u7b90", correlationId);
11614
- if (Object.keys(accountFilter).length === 0) {
11615
- logger.warning("1kz0cu", correlationId);
11616
- return null;
11617
- }
11618
11704
  const account = browserStorage.getAccountInfoFilteredBy(accountFilter, correlationId);
11619
11705
  if (account) {
11620
11706
  logger.verbose("0btgll", correlationId);
@@ -12078,6 +12164,7 @@
12078
12164
  authority: discoveredAuthority,
12079
12165
  clientCapabilities: this.config.auth.clientCapabilities,
12080
12166
  redirectUri: this.config.auth.redirectUri,
12167
+ isMcp: this.config.auth.isMcp,
12081
12168
  },
12082
12169
  systemOptions: {
12083
12170
  tokenRenewalOffsetSeconds: this.config.system.tokenRenewalOffsetSeconds,
@@ -12118,6 +12205,10 @@
12118
12205
  */
12119
12206
  async function initializeAuthorizationRequest(request, interactionType, config, browserCrypto, browserStorage, logger, performanceClient, correlationId) {
12120
12207
  const redirectUri = getRedirectUri(request.redirectUri, config.auth.redirectUri, logger, correlationId);
12208
+ if (new URL(redirectUri).origin !== new URL(window.location.href).origin) {
12209
+ logger.warning("08qbvw", correlationId);
12210
+ performanceClient.addFields({ isRedirectUriCrossOrigin: true }, correlationId);
12211
+ }
12121
12212
  const browserState = {
12122
12213
  interactionType: interactionType,
12123
12214
  };
@@ -12795,6 +12886,7 @@
12795
12886
  correlationId: this.correlationId,
12796
12887
  state: response.state,
12797
12888
  fromPlatformBroker: true,
12889
+ ...(request.resource && { resource: request.resource }),
12798
12890
  };
12799
12891
  return result;
12800
12892
  }
@@ -13036,6 +13128,62 @@
13036
13128
  * Copyright (c) Microsoft Corporation. All rights reserved.
13037
13129
  * Licensed under the MIT License.
13038
13130
  */
13131
+ const clientDataAccountTypeMapping = new Map([
13132
+ ["e", "AAD"],
13133
+ ["m", "MSA"],
13134
+ ]);
13135
+ /**
13136
+ * Parses the clientdata response parameter from the /authorize endpoint.
13137
+ *
13138
+ * Logically, the clientdata value is URL-encoded and pipe-delimited:
13139
+ * urlencoded(account_type | error | sub_error | cloud_instance | caller_data_boundary)
13140
+ *
13141
+ * In normal browser flows, this value may already have been URL-decoded
13142
+ * (e.g. by URLSearchParams). This function will only apply decodeURIComponent
13143
+ * when the string appears to contain percent-encoded sequences to avoid
13144
+ * double-decoding.
13145
+ *
13146
+ * @param clientdata - The raw clientdata string from the authorize response
13147
+ * @returns Parsed ClientData object, or null if the input is empty/invalid
13148
+ */
13149
+ function parseClientData(clientdata) {
13150
+ if (!clientdata) {
13151
+ return null;
13152
+ }
13153
+ try {
13154
+ // Only decode when the string appears to contain percent-encoded sequences
13155
+ const shouldDecode = /%(?:[0-9A-Fa-f]{2})/.test(clientdata);
13156
+ const decoded = shouldDecode
13157
+ ? decodeURIComponent(clientdata)
13158
+ : clientdata;
13159
+ const parts = decoded.split("|");
13160
+ if (parts.length < 5) {
13161
+ return null;
13162
+ }
13163
+ return {
13164
+ accountType: clientDataAccountTypeMapping.get(parts[0]?.trim() || "") || "",
13165
+ error: parts[1]?.trim() || "",
13166
+ subError: parts[2]?.trim() || "",
13167
+ cloudInstance: parts[3]?.trim() || "",
13168
+ callerDataBoundary: parts[4]?.trim() || "",
13169
+ };
13170
+ }
13171
+ catch {
13172
+ return null;
13173
+ }
13174
+ }
13175
+ /**
13176
+ * Instruments account type, error, and suberror from clientdata
13177
+ */
13178
+ function instrumentClientData(response, correlationId, performanceClient) {
13179
+ const parsed = parseClientData(response.clientdata);
13180
+ parsed?.accountType &&
13181
+ performanceClient.addFields({ accountType: parsed.accountType }, correlationId);
13182
+ parsed?.error &&
13183
+ performanceClient.addFields({ serverErrorNo: parsed.error }, correlationId);
13184
+ parsed?.subError &&
13185
+ performanceClient.addFields({ serverSubErrorNo: parsed.subError }, correlationId);
13186
+ }
13039
13187
  /**
13040
13188
  * Returns map of parameters that are applicable to all calls to /authorize whether using PKCE or EAR
13041
13189
  * @param config
@@ -13205,6 +13353,8 @@
13205
13353
  async function handleResponseCode(request, response, codeVerifier, apiId, config, authClient, browserStorage, nativeStorage, eventHandler, logger, performanceClient, platformAuthProvider) {
13206
13354
  // Remove throttle if it exists
13207
13355
  ThrottlingUtils.removeThrottle(browserStorage, config.auth.clientId, request);
13356
+ // Instrument clientdata telemetry fields from the authorize response
13357
+ instrumentClientData(response, request.correlationId, performanceClient);
13208
13358
  if (response.accountId) {
13209
13359
  return invokeAsync(handleResponsePlatformBroker, HandleResponsePlatformBroker, logger, performanceClient, request.correlationId)(request, response.accountId, apiId, config, browserStorage, nativeStorage, eventHandler, logger, performanceClient, platformAuthProvider);
13210
13360
  }
@@ -13237,6 +13387,8 @@
13237
13387
  async function handleResponseEAR(request, response, apiId, config, authority, browserStorage, nativeStorage, eventHandler, logger, performanceClient, platformAuthProvider) {
13238
13388
  // Remove throttle if it exists
13239
13389
  ThrottlingUtils.removeThrottle(browserStorage, config.auth.clientId, request);
13390
+ // Instrument clientdata telemetry fields from the authorize response
13391
+ instrumentClientData(response, request.correlationId, performanceClient);
13240
13392
  // Validate state & check response for errors
13241
13393
  validateAuthorizationResponse(response, request.state);
13242
13394
  if (!response.ear_jwe) {
@@ -13523,6 +13675,7 @@
13523
13675
  tenant: "",
13524
13676
  },
13525
13677
  instanceAware: false,
13678
+ isMcp: false,
13526
13679
  };
13527
13680
  // Default cache options for browser
13528
13681
  const DEFAULT_CACHE_OPTIONS = {
@@ -13915,14 +14068,17 @@
13915
14068
  initializePlatformDOMRequest(request) {
13916
14069
  this.logger.trace("15d6yv", request.correlationId);
13917
14070
  const { accountId, clientId, authority, scope, redirectUri, correlationId, state, storeInCache, embeddedClientId, extraParameters, ...remainingProperties } = request;
13918
- const validExtraParameters = this.getDOMExtraParams(remainingProperties);
14071
+ const validExtraParameters = this.getDOMExtraParams(remainingProperties, correlationId);
13919
14072
  const platformDOMRequest = {
13920
14073
  accountId: accountId,
13921
14074
  brokerId: this.getExtensionId(),
13922
14075
  authority: authority,
13923
14076
  clientId: clientId,
13924
14077
  correlationId: correlationId || this.correlationId,
13925
- extraParameters: { ...extraParameters, ...validExtraParameters },
14078
+ extraParameters: {
14079
+ ...extraParameters,
14080
+ ...validExtraParameters,
14081
+ },
13926
14082
  isSecurityTokenService: false,
13927
14083
  redirectUri: redirectUri,
13928
14084
  scope: scope,
@@ -13976,15 +14132,27 @@
13976
14132
  };
13977
14133
  return nativeResponse;
13978
14134
  }
13979
- getDOMExtraParams(extraParameters) {
13980
- const stringifiedParams = Object.entries(extraParameters).reduce((record, [key, value]) => {
13981
- record[key] = String(value);
13982
- return record;
13983
- }, {});
13984
- const validExtraParams = {
13985
- ...stringifiedParams,
13986
- };
13987
- return validExtraParams;
14135
+ getDOMExtraParams(extraParameters, correlationId) {
14136
+ try {
14137
+ const stringifiedProperties = {};
14138
+ for (const [key, value] of Object.entries(extraParameters)) {
14139
+ if (!value) {
14140
+ continue;
14141
+ }
14142
+ if (typeof value === "object") {
14143
+ stringifiedProperties[key] = JSON.stringify(value);
14144
+ }
14145
+ else {
14146
+ stringifiedProperties[key] = String(value);
14147
+ }
14148
+ }
14149
+ return stringifiedProperties;
14150
+ }
14151
+ catch (e) {
14152
+ this.logger.error("0eu9o3", correlationId);
14153
+ this.logger.errorPii("17rpl5", correlationId);
14154
+ return {};
14155
+ }
13988
14156
  }
13989
14157
  }
13990
14158
 
@@ -14228,7 +14396,7 @@
14228
14396
  const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
14229
14397
  this.eventHandler.emitEvent(EventType.POPUP_OPENED, correlationId, exports.InteractionType.Popup, { popupWindow }, null);
14230
14398
  // Wait for the redirect bridge response
14231
- const responseString = await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request);
14399
+ const responseString = await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
14232
14400
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
14233
14401
  return await invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
14234
14402
  }
@@ -14263,7 +14431,7 @@
14263
14431
  const form = await getEARForm(popupWindow.document, this.config, discoveredAuthority, popupRequest, this.logger, this.performanceClient);
14264
14432
  form.submit();
14265
14433
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
14266
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, popupRequest);
14434
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, popupRequest, this.performanceClient);
14267
14435
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
14268
14436
  if (!serverParams.ear_jwe && serverParams.code) {
14269
14437
  const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
@@ -14288,7 +14456,7 @@
14288
14456
  const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
14289
14457
  form.submit();
14290
14458
  // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
14291
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request);
14459
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
14292
14460
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
14293
14461
  return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
14294
14462
  }
@@ -14341,7 +14509,7 @@
14341
14509
  // Open the popup window to requestUrl.
14342
14510
  const popupWindow = this.openPopup(logoutUri, popupParams);
14343
14511
  this.eventHandler.emitEvent(EventType.POPUP_OPENED, validRequest.correlationId, exports.InteractionType.Popup, { popupWindow }, null);
14344
- await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, validRequest).catch(() => {
14512
+ await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, validRequest, this.performanceClient).catch(() => {
14345
14513
  // Swallow any errors related to monitoring the window. Server logout is best effort
14346
14514
  });
14347
14515
  if (mainWindowRedirectUri) {
@@ -15089,7 +15257,7 @@
15089
15257
  };
15090
15258
  await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
15091
15259
  const responseType = this.config.auth.OIDCOptions.responseMode;
15092
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request);
15260
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
15093
15261
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
15094
15262
  if (!serverParams.ear_jwe && serverParams.code) {
15095
15263
  // If server doesn't support EAR, they may fallback to auth code flow instead
@@ -15138,7 +15306,7 @@
15138
15306
  }
15139
15307
  const responseType = this.config.auth.OIDCOptions.responseMode;
15140
15308
  // Wait for response from the redirect bridge.
15141
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request);
15309
+ const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
15142
15310
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
15143
15311
  return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
15144
15312
  }
@@ -15291,6 +15459,22 @@
15291
15459
  * Copyright (c) Microsoft Corporation. All rights reserved.
15292
15460
  * Licensed under the MIT License.
15293
15461
  */
15462
+ /**
15463
+ * Get network information for telemetry purposes. This is only supported in Chromium-based browsers.
15464
+ * @returns Network connection information, or an empty object if not available.
15465
+ */
15466
+ function getNetworkInfo() {
15467
+ if (typeof window === "undefined" || !window.navigator) {
15468
+ return {};
15469
+ }
15470
+ const connection = "connection" in window.navigator
15471
+ ? window.navigator.connection
15472
+ : undefined;
15473
+ return {
15474
+ effectiveType: connection?.effectiveType,
15475
+ rtt: connection?.rtt,
15476
+ };
15477
+ }
15294
15478
  function collectInstanceStats(currentClientId, performanceEvent, logger, correlationId) {
15295
15479
  const frameInstances =
15296
15480
  // @ts-ignore
@@ -15310,12 +15494,13 @@
15310
15494
  * Copyright (c) Microsoft Corporation. All rights reserved.
15311
15495
  * Licensed under the MIT License.
15312
15496
  */
15313
- function preflightCheck(initialized, performanceEvent, account) {
15497
+ function preflightCheck(initialized, performanceEvent, config, request) {
15314
15498
  try {
15315
15499
  preflightCheck$1(initialized);
15500
+ enforceResourceParameter(config.auth.isMcp, request);
15316
15501
  }
15317
15502
  catch (e) {
15318
- performanceEvent.end({ success: false }, e, account);
15503
+ performanceEvent.end({ success: false }, e, request.account);
15319
15504
  throw e;
15320
15505
  }
15321
15506
  }
@@ -15416,6 +15601,7 @@
15416
15601
  this.eventHandler.emitEvent(EventType.INITIALIZE_START, correlationId);
15417
15602
  // Broker applications are initialized twice, so we avoid double-counting it
15418
15603
  this.logMultipleInstances(initMeasurement, correlationId);
15604
+ initMeasurement.add({ isMcp: this.config.auth.isMcp });
15419
15605
  await invokeAsync(this.browserStorage.initialize.bind(this.browserStorage), InitializeCache, this.logger, this.performanceClient, correlationId)(correlationId);
15420
15606
  if (allowPlatformBroker) {
15421
15607
  try {
@@ -15593,6 +15779,7 @@
15593
15779
  };
15594
15780
  try {
15595
15781
  redirectPreflightCheck(this.initialized, this.config);
15782
+ enforceResourceParameter(this.config.auth.isMcp, request);
15596
15783
  this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN);
15597
15784
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Redirect, request);
15598
15785
  let result;
@@ -15657,7 +15844,7 @@
15657
15844
  });
15658
15845
  try {
15659
15846
  this.logger.verbose("0ch87b", correlationId);
15660
- preflightCheck(this.initialized, atPopupMeasurement, request.account);
15847
+ preflightCheck(this.initialized, atPopupMeasurement, this.config, request);
15661
15848
  this.browserStorage.setInteractionInProgress(true, INTERACTION_TYPE.SIGNIN, request.overrideInteractionInProgress, correlationId);
15662
15849
  }
15663
15850
  catch (e) {
@@ -15771,7 +15958,7 @@
15771
15958
  this.ssoSilentMeasurement?.add({
15772
15959
  scenarioId: request.scenarioId,
15773
15960
  });
15774
- preflightCheck(this.initialized, this.ssoSilentMeasurement, request.account);
15961
+ preflightCheck(this.initialized, this.ssoSilentMeasurement, this.config, validRequest);
15775
15962
  this.ssoSilentMeasurement?.increment({
15776
15963
  visibilityChangeCount: 0,
15777
15964
  });
@@ -15835,7 +16022,7 @@
15835
16022
  const correlationId = this.getRequestCorrelationId(request);
15836
16023
  this.logger.trace("0ch6ga", correlationId);
15837
16024
  const atbcMeasurement = this.performanceClient.startMeasurement(AcquireTokenByCode, correlationId);
15838
- preflightCheck(this.initialized, atbcMeasurement);
16025
+ preflightCheck(this.initialized, atbcMeasurement, this.config, request);
15839
16026
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Silent, request);
15840
16027
  atbcMeasurement.add({ scenarioId: request.scenarioId });
15841
16028
  try {
@@ -16337,7 +16524,7 @@
16337
16524
  cacheLookupPolicy: request.cacheLookupPolicy,
16338
16525
  scenarioId: request.scenarioId,
16339
16526
  });
16340
- preflightCheck(this.initialized, atsMeasurement, request.account);
16527
+ preflightCheck(this.initialized, atsMeasurement, this.config, request);
16341
16528
  this.logger.verbose("0x1c4s", correlationId);
16342
16529
  const account = request.account || this.getActiveAccount();
16343
16530
  if (!account) {
@@ -16793,6 +16980,7 @@
16793
16980
  platformBrokerId: request.account?.homeAccountId,
16794
16981
  clientId: this.clientId,
16795
16982
  authority: request.authority,
16983
+ resource: request.resource,
16796
16984
  scope: scopes.join(" "),
16797
16985
  correlationId,
16798
16986
  claims: !StringUtils.isEmptyObj(claims) ? claims : undefined,
@@ -17063,6 +17251,7 @@
17063
17251
  const atPopupMeasurement = this.performanceClient.startMeasurement(AcquireTokenPopup, correlationId);
17064
17252
  atPopupMeasurement.add({ nestedAppAuthRequest: true });
17065
17253
  try {
17254
+ enforceResourceParameter(this.config.auth.isMcp, validRequest);
17066
17255
  const naaRequest = this.nestedAppAuthAdapter.toNaaTokenRequest(validRequest);
17067
17256
  const reqTimestamp = nowSeconds();
17068
17257
  const response = await this.bridgeProxy.getTokenInteractive(naaRequest);
@@ -17129,6 +17318,7 @@
17129
17318
  nestedAppAuthRequest: true,
17130
17319
  });
17131
17320
  try {
17321
+ enforceResourceParameter(this.config.auth.isMcp, validRequest);
17132
17322
  const naaRequest = this.nestedAppAuthAdapter.toNaaTokenRequest(validRequest);
17133
17323
  naaRequest.forceRefresh = validRequest.forceRefresh;
17134
17324
  const reqTimestamp = nowSeconds();
@@ -17263,6 +17453,14 @@
17263
17453
  this.logger.verbose("18egye", correlationId);
17264
17454
  return Promise.resolve(null);
17265
17455
  }
17456
+ else if (authRequest.resource) {
17457
+ const requestedResource = authRequest.resource;
17458
+ const cachedResource = cachedAccessToken.resource;
17459
+ if (!cachedResource || cachedResource !== requestedResource) {
17460
+ this.logger.verbose("0qraxd", correlationId);
17461
+ return Promise.resolve(null);
17462
+ }
17463
+ }
17266
17464
  const cachedIdToken = this.browserStorage.getIdToken(currentAccount, authRequest.correlationId, tokenKeys, currentAccount.tenantId);
17267
17465
  if (!cachedIdToken) {
17268
17466
  this.logger.verbose("0d68kd", correlationId);
@@ -18432,11 +18630,14 @@
18432
18630
  return {
18433
18631
  ...inProgressEvent,
18434
18632
  end: (event, error, account) => {
18633
+ const networkInfo = getNetworkInfo();
18435
18634
  const res = inProgressEvent.end({
18436
18635
  ...event,
18437
18636
  startPageVisibility,
18438
18637
  endPageVisibility: this.getPageVisibility(),
18439
18638
  durationMs: getPerfDurationMs(startTime),
18639
+ networkEffectiveType: networkInfo.effectiveType,
18640
+ networkRtt: networkInfo.rtt,
18440
18641
  }, error, account);
18441
18642
  void browserMeasurement?.then((measurement) => measurement.endMeasurement());
18442
18643
  this.deleteIncompleteSubMeasurements(inProgressEvent);
@@ -18608,6 +18809,7 @@
18608
18809
  exports.WrapperSKU = WrapperSKU;
18609
18810
  exports.createNestablePublicClientApplication = createNestablePublicClientApplication;
18610
18811
  exports.createStandardPublicClientApplication = createStandardPublicClientApplication;
18812
+ exports.enforceResourceParameter = enforceResourceParameter;
18611
18813
  exports.isPlatformBrokerAvailable = isPlatformBrokerAvailable;
18612
18814
  exports.loadExternalTokens = loadExternalTokens;
18613
18815
  exports.stubbedPublicClientApplication = stubbedPublicClientApplication;