@azure/msal-browser 5.6.1 → 5.6.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.mjs +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.d.ts.map +1 -1
- package/dist/cache/TokenCache.mjs +9 -9
- package/dist/cache/TokenCache.mjs.map +1 -1
- package/dist/config/Configuration.d.ts +13 -1
- package/dist/config/Configuration.d.ts.map +1 -1
- package/dist/config/Configuration.mjs +9 -2
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.d.ts +4 -2
- package/dist/controllers/StandardController.d.ts.map +1 -1
- package/dist/controllers/StandardController.mjs +56 -19
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
- package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
- package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
- package/dist/custom-auth-path/cache/CacheKeys.mjs +1 -1
- package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
- package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/TokenCache.d.ts.map +1 -1
- package/dist/custom-auth-path/config/Configuration.d.ts +13 -1
- package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
- package/dist/custom-auth-path/config/Configuration.mjs +9 -2
- package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
- package/dist/custom-auth-path/controllers/StandardController.d.ts +4 -2
- package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
- package/dist/custom-auth-path/controllers/StandardController.mjs +56 -19
- package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
- package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
- package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
- package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
- package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
- package/dist/custom-auth-path/event/EventType.mjs +1 -1
- package/dist/custom-auth-path/index.d.ts +1 -1
- package/dist/custom-auth-path/index.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +8 -8
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/PopupClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +21 -8
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/custom-auth-path/interaction_handler/SilentHandler.d.ts +6 -0
- package/dist/custom-auth-path/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +12 -2
- package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs.map +1 -1
- package/dist/custom-auth-path/log-strings-mapping.json +23 -3
- package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
- package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
- package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
- package/dist/custom-auth-path/packageMetadata.mjs +2 -2
- package/dist/custom-auth-path/protocol/Authorize.mjs +1 -1
- package/dist/custom-auth-path/redirect_bridge/index.d.ts.map +1 -1
- package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
- package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
- package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts +5 -0
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +9 -3
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
- package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserUtils.d.ts +2 -2
- package/dist/custom-auth-path/utils/BrowserUtils.d.ts.map +1 -1
- package/dist/custom-auth-path/utils/BrowserUtils.mjs +27 -3
- package/dist/custom-auth-path/utils/BrowserUtils.mjs.map +1 -1
- package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
- package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.mjs +1 -1
- package/dist/index.mjs.map +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
- package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +8 -8
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +1 -1
- package/dist/interaction_client/RedirectClient.mjs +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +21 -8
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.d.ts +6 -0
- package/dist/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +12 -2
- package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
- package/dist/log-strings-mapping.json +31 -11
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
- package/dist/redirect-bridge/cache/TokenCache.d.ts.map +1 -1
- package/dist/redirect-bridge/config/Configuration.d.ts +13 -1
- package/dist/redirect-bridge/config/Configuration.d.ts.map +1 -1
- package/dist/redirect-bridge/config/Configuration.mjs +1 -1
- package/dist/redirect-bridge/controllers/StandardController.d.ts +4 -2
- package/dist/redirect-bridge/controllers/StandardController.d.ts.map +1 -1
- package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
- package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
- package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/redirect-bridge/index.d.ts +1 -1
- package/dist/redirect-bridge/index.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
- package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_handler/SilentHandler.d.ts +6 -0
- package/dist/redirect-bridge/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
- package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
- package/dist/redirect-bridge/redirect_bridge/index.d.ts.map +1 -1
- package/dist/redirect-bridge/redirect_bridge/index.mjs +43 -24
- package/dist/redirect-bridge/redirect_bridge/index.mjs.map +1 -1
- package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts +5 -0
- package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/dist/redirect-bridge/utils/BrowserConstants.mjs +1 -1
- package/dist/redirect-bridge/utils/BrowserUtils.d.ts +2 -2
- package/dist/redirect-bridge/utils/BrowserUtils.d.ts.map +1 -1
- package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
- package/dist/redirect-bridge/utils/BrowserUtils.mjs.map +1 -1
- package/dist/redirect_bridge/index.d.ts.map +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/dist/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +6 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.d.ts +5 -0
- package/dist/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +9 -3
- package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.d.ts +2 -2
- package/dist/utils/BrowserUtils.d.ts.map +1 -1
- package/dist/utils/BrowserUtils.mjs +27 -3
- package/dist/utils/BrowserUtils.mjs.map +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +23 -3
- package/lib/custom-auth-path/msal-custom-auth.cjs +649 -546
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/types/cache/TokenCache.d.ts.map +1 -1
- package/lib/custom-auth-path/types/config/Configuration.d.ts +13 -1
- package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
- package/lib/custom-auth-path/types/controllers/StandardController.d.ts +4 -2
- package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/lib/custom-auth-path/types/index.d.ts +1 -1
- package/lib/custom-auth-path/types/index.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
- package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_handler/SilentHandler.d.ts +6 -0
- package/lib/custom-auth-path/types/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
- package/lib/custom-auth-path/types/redirect_bridge/index.d.ts.map +1 -1
- package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts +5 -0
- package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts +2 -2
- package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts.map +1 -1
- package/lib/log-strings-mapping.json +31 -11
- package/lib/msal-browser.cjs +794 -685
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +794 -685
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.js +52 -33
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
- package/lib/types/cache/TokenCache.d.ts.map +1 -1
- package/lib/types/config/Configuration.d.ts +13 -1
- package/lib/types/config/Configuration.d.ts.map +1 -1
- package/lib/types/controllers/StandardController.d.ts +4 -2
- package/lib/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/lib/types/index.d.ts +1 -1
- package/lib/types/index.d.ts.map +1 -1
- package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
- package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/lib/types/interaction_handler/SilentHandler.d.ts +6 -0
- package/lib/types/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/redirect_bridge/index.d.ts.map +1 -1
- package/lib/types/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/lib/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/lib/types/telemetry/BrowserPerformanceEvents.d.ts +5 -0
- package/lib/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/lib/types/utils/BrowserUtils.d.ts +2 -2
- package/lib/types/utils/BrowserUtils.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/cache/TokenCache.ts +27 -24
- package/src/config/Configuration.ts +22 -0
- package/src/controllers/StandardController.ts +84 -35
- package/src/index.ts +1 -0
- package/src/interaction_client/PlatformAuthInteractionClient.ts +55 -53
- package/src/interaction_client/SilentIframeClient.ts +55 -29
- package/src/interaction_handler/SilentHandler.ts +11 -0
- package/src/packageMetadata.ts +1 -1
- package/src/redirect_bridge/index.ts +47 -25
- package/src/telemetry/BrowserPerformanceClient.ts +6 -0
- package/src/telemetry/BrowserPerformanceEvents.ts +6 -0
- package/src/utils/BrowserUtils.ts +36 -4
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.6.
|
|
1
|
+
/*! @azure/msal-browser v5.6.3 2026-04-01 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
5
|
-
/*! @azure/msal-common v16.4.
|
|
5
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
6
6
|
/*
|
|
7
7
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8
8
|
* Licensed under the MIT License.
|
|
@@ -229,7 +229,7 @@ const JsonWebTokenTypes = {
|
|
|
229
229
|
// Token renewal offset default in seconds
|
|
230
230
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
231
231
|
|
|
232
|
-
/*! @azure/msal-common v16.4.
|
|
232
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
233
233
|
/*
|
|
234
234
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
235
235
|
* Licensed under the MIT License.
|
|
@@ -281,7 +281,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
|
|
|
281
281
|
const RESOURCE = "resource";
|
|
282
282
|
const CLI_DATA = "clidata";
|
|
283
283
|
|
|
284
|
-
/*! @azure/msal-common v16.4.
|
|
284
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
285
285
|
/*
|
|
286
286
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
287
287
|
* Licensed under the MIT License.
|
|
@@ -312,7 +312,7 @@ function createAuthError(code, additionalMessage) {
|
|
|
312
312
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
313
313
|
}
|
|
314
314
|
|
|
315
|
-
/*! @azure/msal-common v16.4.
|
|
315
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
316
316
|
|
|
317
317
|
/*
|
|
318
318
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -332,7 +332,7 @@ function createClientConfigurationError(errorCode) {
|
|
|
332
332
|
return new ClientConfigurationError(errorCode);
|
|
333
333
|
}
|
|
334
334
|
|
|
335
|
-
/*! @azure/msal-common v16.4.
|
|
335
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
336
336
|
/*
|
|
337
337
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
338
338
|
* Licensed under the MIT License.
|
|
@@ -412,7 +412,7 @@ class StringUtils {
|
|
|
412
412
|
}
|
|
413
413
|
}
|
|
414
414
|
|
|
415
|
-
/*! @azure/msal-common v16.4.
|
|
415
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
416
416
|
|
|
417
417
|
/*
|
|
418
418
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -435,7 +435,7 @@ function createClientAuthError(errorCode, additionalMessage) {
|
|
|
435
435
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
436
436
|
}
|
|
437
437
|
|
|
438
|
-
/*! @azure/msal-common v16.4.
|
|
438
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
439
439
|
/*
|
|
440
440
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
441
441
|
* Licensed under the MIT License.
|
|
@@ -459,7 +459,7 @@ const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
|
|
|
459
459
|
const authorityMismatch = "authority_mismatch";
|
|
460
460
|
const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
|
|
461
461
|
|
|
462
|
-
/*! @azure/msal-common v16.4.
|
|
462
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
463
463
|
/*
|
|
464
464
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
465
465
|
* Licensed under the MIT License.
|
|
@@ -498,7 +498,7 @@ const methodNotImplemented = "method_not_implemented";
|
|
|
498
498
|
const resourceParameterRequired = "resource_parameter_required";
|
|
499
499
|
const misplacedResourceParam = "misplaced_resource_parameter";
|
|
500
500
|
|
|
501
|
-
/*! @azure/msal-common v16.4.
|
|
501
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
502
502
|
|
|
503
503
|
/*
|
|
504
504
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -693,7 +693,7 @@ class ScopeSet {
|
|
|
693
693
|
}
|
|
694
694
|
}
|
|
695
695
|
|
|
696
|
-
/*! @azure/msal-common v16.4.
|
|
696
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
697
697
|
|
|
698
698
|
/*
|
|
699
699
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1071,7 +1071,7 @@ function addResource(parameters, resource) {
|
|
|
1071
1071
|
}
|
|
1072
1072
|
}
|
|
1073
1073
|
|
|
1074
|
-
/*! @azure/msal-common v16.4.
|
|
1074
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
1075
1075
|
|
|
1076
1076
|
/*
|
|
1077
1077
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1180,7 +1180,7 @@ function normalizeUrlForComparison(url) {
|
|
|
1180
1180
|
}
|
|
1181
1181
|
}
|
|
1182
1182
|
|
|
1183
|
-
/*! @azure/msal-common v16.4.
|
|
1183
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
1184
1184
|
|
|
1185
1185
|
/*
|
|
1186
1186
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1219,7 +1219,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
|
|
|
1219
1219
|
},
|
|
1220
1220
|
};
|
|
1221
1221
|
|
|
1222
|
-
/*! @azure/msal-common v16.4.
|
|
1222
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
1223
1223
|
/*
|
|
1224
1224
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1225
1225
|
* Licensed under the MIT License.
|
|
@@ -1480,12 +1480,12 @@ class Logger {
|
|
|
1480
1480
|
}
|
|
1481
1481
|
}
|
|
1482
1482
|
|
|
1483
|
-
/*! @azure/msal-common v16.4.
|
|
1483
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
1484
1484
|
/* eslint-disable header/header */
|
|
1485
1485
|
const name$1 = "@azure/msal-common";
|
|
1486
|
-
const version$1 = "16.4.
|
|
1486
|
+
const version$1 = "16.4.1";
|
|
1487
1487
|
|
|
1488
|
-
/*! @azure/msal-common v16.4.
|
|
1488
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
1489
1489
|
/*
|
|
1490
1490
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1491
1491
|
* Licensed under the MIT License.
|
|
@@ -1494,7 +1494,7 @@ const AzureCloudInstance = {
|
|
|
1494
1494
|
// AzureCloudInstance is not specified.
|
|
1495
1495
|
None: "none"};
|
|
1496
1496
|
|
|
1497
|
-
/*! @azure/msal-common v16.4.
|
|
1497
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
1498
1498
|
/*
|
|
1499
1499
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1500
1500
|
* Licensed under the MIT License.
|
|
@@ -1576,7 +1576,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
|
|
|
1576
1576
|
return updatedAccountInfo;
|
|
1577
1577
|
}
|
|
1578
1578
|
|
|
1579
|
-
/*! @azure/msal-common v16.4.
|
|
1579
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
1580
1580
|
|
|
1581
1581
|
/*
|
|
1582
1582
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1656,7 +1656,7 @@ function checkMaxAge(authTime, maxAge) {
|
|
|
1656
1656
|
}
|
|
1657
1657
|
}
|
|
1658
1658
|
|
|
1659
|
-
/*! @azure/msal-common v16.4.
|
|
1659
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
1660
1660
|
|
|
1661
1661
|
/*
|
|
1662
1662
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1813,7 +1813,7 @@ class UrlString {
|
|
|
1813
1813
|
}
|
|
1814
1814
|
}
|
|
1815
1815
|
|
|
1816
|
-
/*! @azure/msal-common v16.4.
|
|
1816
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
1817
1817
|
|
|
1818
1818
|
/*
|
|
1819
1819
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1970,7 +1970,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
1970
1970
|
return null;
|
|
1971
1971
|
}
|
|
1972
1972
|
|
|
1973
|
-
/*! @azure/msal-common v16.4.
|
|
1973
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
1974
1974
|
/*
|
|
1975
1975
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1976
1976
|
* Licensed under the MIT License.
|
|
@@ -1978,7 +1978,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
1978
1978
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
1979
1979
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
1980
1980
|
|
|
1981
|
-
/*! @azure/msal-common v16.4.
|
|
1981
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
1982
1982
|
|
|
1983
1983
|
/*
|
|
1984
1984
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2016,7 +2016,7 @@ function createCacheError(e) {
|
|
|
2016
2016
|
}
|
|
2017
2017
|
}
|
|
2018
2018
|
|
|
2019
|
-
/*! @azure/msal-common v16.4.
|
|
2019
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
2020
2020
|
|
|
2021
2021
|
/*
|
|
2022
2022
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2054,7 +2054,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
|
|
|
2054
2054
|
};
|
|
2055
2055
|
}
|
|
2056
2056
|
|
|
2057
|
-
/*! @azure/msal-common v16.4.
|
|
2057
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
2058
2058
|
/*
|
|
2059
2059
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2060
2060
|
* Licensed under the MIT License.
|
|
@@ -2069,7 +2069,7 @@ const AuthorityType = {
|
|
|
2069
2069
|
Ciam: 3,
|
|
2070
2070
|
};
|
|
2071
2071
|
|
|
2072
|
-
/*! @azure/msal-common v16.4.
|
|
2072
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
2073
2073
|
/*
|
|
2074
2074
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2075
2075
|
* Licensed under the MIT License.
|
|
@@ -2091,7 +2091,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
|
|
|
2091
2091
|
return null;
|
|
2092
2092
|
}
|
|
2093
2093
|
|
|
2094
|
-
/*! @azure/msal-common v16.4.
|
|
2094
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
2095
2095
|
/*
|
|
2096
2096
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2097
2097
|
* Licensed under the MIT License.
|
|
@@ -2115,7 +2115,7 @@ const ProtocolMode = {
|
|
|
2115
2115
|
EAR: "EAR",
|
|
2116
2116
|
};
|
|
2117
2117
|
|
|
2118
|
-
/*! @azure/msal-common v16.4.
|
|
2118
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
2119
2119
|
/**
|
|
2120
2120
|
* Returns the AccountInfo interface for this account.
|
|
2121
2121
|
*/
|
|
@@ -2290,7 +2290,7 @@ function isAccountEntity(entity) {
|
|
|
2290
2290
|
entity.hasOwnProperty("authorityType"));
|
|
2291
2291
|
}
|
|
2292
2292
|
|
|
2293
|
-
/*! @azure/msal-common v16.4.
|
|
2293
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
2294
2294
|
|
|
2295
2295
|
/*
|
|
2296
2296
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3391,7 +3391,7 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3391
3391
|
}
|
|
3392
3392
|
}
|
|
3393
3393
|
|
|
3394
|
-
/*! @azure/msal-common v16.4.
|
|
3394
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
3395
3395
|
/*
|
|
3396
3396
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3397
3397
|
* Licensed under the MIT License.
|
|
@@ -3405,7 +3405,7 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3405
3405
|
const PerformanceEventStatus = {
|
|
3406
3406
|
InProgress: 1};
|
|
3407
3407
|
|
|
3408
|
-
/*! @azure/msal-common v16.4.
|
|
3408
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
3409
3409
|
|
|
3410
3410
|
/*
|
|
3411
3411
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3460,7 +3460,7 @@ class StubPerformanceClient {
|
|
|
3460
3460
|
}
|
|
3461
3461
|
}
|
|
3462
3462
|
|
|
3463
|
-
/*! @azure/msal-common v16.4.
|
|
3463
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
3464
3464
|
|
|
3465
3465
|
/*
|
|
3466
3466
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3555,278 +3555,358 @@ function isOidcProtocolMode(config) {
|
|
|
3555
3555
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3556
3556
|
}
|
|
3557
3557
|
|
|
3558
|
-
/*! @azure/msal-common v16.4.
|
|
3559
|
-
|
|
3558
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
3560
3559
|
/*
|
|
3561
3560
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3562
3561
|
* Licensed under the MIT License.
|
|
3563
3562
|
*/
|
|
3564
3563
|
/**
|
|
3565
|
-
*
|
|
3566
|
-
|
|
3567
|
-
|
|
3568
|
-
constructor(
|
|
3569
|
-
|
|
3570
|
-
this.
|
|
3571
|
-
|
|
3572
|
-
|
|
3573
|
-
|
|
3564
|
+
* This class instance helps track the memory changes facilitating
|
|
3565
|
+
* decisions to read from and write to the persistent cache
|
|
3566
|
+
*/ class TokenCacheContext {
|
|
3567
|
+
constructor(tokenCache, hasChanged) {
|
|
3568
|
+
this.cache = tokenCache;
|
|
3569
|
+
this.hasChanged = hasChanged;
|
|
3570
|
+
}
|
|
3571
|
+
/**
|
|
3572
|
+
* boolean which indicates the changes in cache
|
|
3573
|
+
*/
|
|
3574
|
+
get cacheHasChanged() {
|
|
3575
|
+
return this.hasChanged;
|
|
3576
|
+
}
|
|
3577
|
+
/**
|
|
3578
|
+
* function to retrieve the token cache
|
|
3579
|
+
*/
|
|
3580
|
+
get tokenCache() {
|
|
3581
|
+
return this.cache;
|
|
3574
3582
|
}
|
|
3575
3583
|
}
|
|
3576
3584
|
|
|
3577
|
-
/*! @azure/msal-common v16.4.
|
|
3585
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
3578
3586
|
/*
|
|
3579
3587
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3580
3588
|
* Licensed under the MIT License.
|
|
3581
3589
|
*/
|
|
3582
3590
|
/**
|
|
3583
|
-
*
|
|
3584
|
-
* @public
|
|
3585
|
-
*/
|
|
3586
|
-
const noTokensFound = "no_tokens_found";
|
|
3587
|
-
/**
|
|
3588
|
-
* MSAL-defined error code indicating a native account is unavailable on the platform.
|
|
3589
|
-
* @public
|
|
3590
|
-
*/
|
|
3591
|
-
const nativeAccountUnavailable = "native_account_unavailable";
|
|
3592
|
-
/**
|
|
3593
|
-
* MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
|
|
3594
|
-
* @public
|
|
3595
|
-
*/
|
|
3596
|
-
const refreshTokenExpired = "refresh_token_expired";
|
|
3597
|
-
/**
|
|
3598
|
-
* MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
|
|
3599
|
-
* @public
|
|
3600
|
-
*/
|
|
3601
|
-
const uxNotAllowed = "ux_not_allowed";
|
|
3602
|
-
/**
|
|
3603
|
-
* Server-originated error code indicating interaction is required to complete the request.
|
|
3604
|
-
* @public
|
|
3605
|
-
*/
|
|
3606
|
-
const interactionRequired = "interaction_required";
|
|
3607
|
-
/**
|
|
3608
|
-
* Server-originated error code indicating user consent is required.
|
|
3609
|
-
* @public
|
|
3610
|
-
*/
|
|
3611
|
-
const consentRequired = "consent_required";
|
|
3612
|
-
/**
|
|
3613
|
-
* Server-originated error code indicating user login is required.
|
|
3614
|
-
* @public
|
|
3591
|
+
* Utility functions for managing date and time operations.
|
|
3615
3592
|
*/
|
|
3616
|
-
const loginRequired = "login_required";
|
|
3617
3593
|
/**
|
|
3618
|
-
*
|
|
3619
|
-
* @public
|
|
3594
|
+
* return the current time in Unix time (seconds).
|
|
3620
3595
|
*/
|
|
3621
|
-
|
|
3596
|
+
function nowSeconds() {
|
|
3597
|
+
// Date.getTime() returns in milliseconds.
|
|
3598
|
+
return Math.round(new Date().getTime() / 1000.0);
|
|
3599
|
+
}
|
|
3622
3600
|
/**
|
|
3623
|
-
*
|
|
3624
|
-
* @
|
|
3625
|
-
*/
|
|
3626
|
-
const interruptedUser = "interrupted_user";
|
|
3627
|
-
|
|
3628
|
-
/*! @azure/msal-common v16.4.0 2026-03-19 */
|
|
3629
|
-
|
|
3630
|
-
/*
|
|
3631
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3632
|
-
* Licensed under the MIT License.
|
|
3601
|
+
* Converts JS Date object to seconds
|
|
3602
|
+
* @param date Date
|
|
3633
3603
|
*/
|
|
3604
|
+
function toSecondsFromDate(date) {
|
|
3605
|
+
// Convert date to seconds
|
|
3606
|
+
return date.getTime() / 1000;
|
|
3607
|
+
}
|
|
3634
3608
|
/**
|
|
3635
|
-
*
|
|
3609
|
+
* Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
|
|
3610
|
+
* @param seconds
|
|
3636
3611
|
*/
|
|
3637
|
-
|
|
3638
|
-
|
|
3639
|
-
|
|
3640
|
-
|
|
3641
|
-
|
|
3642
|
-
|
|
3643
|
-
interruptedUser,
|
|
3644
|
-
];
|
|
3645
|
-
const InteractionRequiredAuthSubErrorMessage = [
|
|
3646
|
-
"message_only",
|
|
3647
|
-
"additional_action",
|
|
3648
|
-
"basic_action",
|
|
3649
|
-
"user_password_expired",
|
|
3650
|
-
"consent_required",
|
|
3651
|
-
"bad_token",
|
|
3652
|
-
"ux_not_allowed",
|
|
3653
|
-
"interrupted_user",
|
|
3654
|
-
];
|
|
3612
|
+
function toDateFromSeconds(seconds) {
|
|
3613
|
+
if (seconds) {
|
|
3614
|
+
return new Date(Number(seconds) * 1000);
|
|
3615
|
+
}
|
|
3616
|
+
return new Date();
|
|
3617
|
+
}
|
|
3655
3618
|
/**
|
|
3656
|
-
*
|
|
3619
|
+
* check if a token is expired based on given UTC time in seconds.
|
|
3620
|
+
* @param expiresOn
|
|
3657
3621
|
*/
|
|
3658
|
-
|
|
3659
|
-
|
|
3660
|
-
|
|
3661
|
-
|
|
3662
|
-
|
|
3663
|
-
|
|
3664
|
-
this.correlationId = correlationId || "";
|
|
3665
|
-
this.claims = claims || "";
|
|
3666
|
-
this.name = "InteractionRequiredAuthError";
|
|
3667
|
-
this.errorNo = errorNo;
|
|
3668
|
-
}
|
|
3622
|
+
function isTokenExpired(expiresOn, offset) {
|
|
3623
|
+
// check for access token expiry
|
|
3624
|
+
const expirationSec = Number(expiresOn) || 0;
|
|
3625
|
+
const offsetCurrentTimeSec = nowSeconds() + offset;
|
|
3626
|
+
// If current time + offset is greater than token expiration time, then token is expired.
|
|
3627
|
+
return offsetCurrentTimeSec > expirationSec;
|
|
3669
3628
|
}
|
|
3670
3629
|
/**
|
|
3671
|
-
*
|
|
3672
|
-
* @param
|
|
3673
|
-
* @param
|
|
3674
|
-
* @
|
|
3630
|
+
* Checks if a cache entry is expired based on the last updated time and cache retention days.
|
|
3631
|
+
* @param lastUpdatedAt
|
|
3632
|
+
* @param cacheRetentionDays
|
|
3633
|
+
* @returns
|
|
3675
3634
|
*/
|
|
3676
|
-
function
|
|
3677
|
-
const
|
|
3678
|
-
|
|
3679
|
-
const isInteractionRequiredSubError = !!subError &&
|
|
3680
|
-
InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
|
|
3681
|
-
const isInteractionRequiredErrorDesc = !!errorString &&
|
|
3682
|
-
InteractionRequiredServerErrorMessage.some((irErrorCode) => {
|
|
3683
|
-
return errorString.indexOf(irErrorCode) > -1;
|
|
3684
|
-
});
|
|
3685
|
-
return (isInteractionRequiredErrorCode ||
|
|
3686
|
-
isInteractionRequiredErrorDesc ||
|
|
3687
|
-
isInteractionRequiredSubError);
|
|
3635
|
+
function isCacheExpired(lastUpdatedAt, cacheRetentionDays) {
|
|
3636
|
+
const cacheExpirationTimestamp = Number(lastUpdatedAt) + cacheRetentionDays * 24 * 60 * 60 * 1000;
|
|
3637
|
+
return Date.now() > cacheExpirationTimestamp;
|
|
3688
3638
|
}
|
|
3689
3639
|
/**
|
|
3690
|
-
*
|
|
3640
|
+
* If the current time is earlier than the time that a token was cached at, we must discard the token
|
|
3641
|
+
* i.e. The system clock was turned back after acquiring the cached token
|
|
3642
|
+
* @param cachedAt
|
|
3643
|
+
* @param offset
|
|
3691
3644
|
*/
|
|
3692
|
-
function
|
|
3693
|
-
|
|
3645
|
+
function wasClockTurnedBack(cachedAt) {
|
|
3646
|
+
const cachedAtSec = Number(cachedAt);
|
|
3647
|
+
return cachedAtSec > nowSeconds();
|
|
3694
3648
|
}
|
|
3695
3649
|
|
|
3696
|
-
/*! @azure/msal-common v16.4.
|
|
3650
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
3697
3651
|
|
|
3698
3652
|
/*
|
|
3699
3653
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3700
3654
|
* Licensed under the MIT License.
|
|
3701
3655
|
*/
|
|
3702
3656
|
/**
|
|
3703
|
-
*
|
|
3704
|
-
* @param
|
|
3705
|
-
* @param
|
|
3706
|
-
* @param
|
|
3657
|
+
* Create IdTokenEntity
|
|
3658
|
+
* @param homeAccountId
|
|
3659
|
+
* @param authenticationResult
|
|
3660
|
+
* @param clientId
|
|
3661
|
+
* @param authority
|
|
3707
3662
|
*/
|
|
3708
|
-
function
|
|
3709
|
-
const
|
|
3710
|
-
|
|
3711
|
-
|
|
3712
|
-
:
|
|
3663
|
+
function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
|
|
3664
|
+
const idTokenEntity = {
|
|
3665
|
+
credentialType: CredentialType.ID_TOKEN,
|
|
3666
|
+
homeAccountId: homeAccountId,
|
|
3667
|
+
environment: environment,
|
|
3668
|
+
clientId: clientId,
|
|
3669
|
+
secret: idToken,
|
|
3670
|
+
realm: tenantId,
|
|
3671
|
+
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
3672
|
+
};
|
|
3673
|
+
return idTokenEntity;
|
|
3713
3674
|
}
|
|
3714
3675
|
/**
|
|
3715
|
-
*
|
|
3716
|
-
* @param
|
|
3717
|
-
* @param
|
|
3676
|
+
* Create AccessTokenEntity
|
|
3677
|
+
* @param homeAccountId
|
|
3678
|
+
* @param environment
|
|
3679
|
+
* @param accessToken
|
|
3680
|
+
* @param clientId
|
|
3681
|
+
* @param tenantId
|
|
3682
|
+
* @param scopes
|
|
3683
|
+
* @param expiresOn
|
|
3684
|
+
* @param extExpiresOn
|
|
3718
3685
|
*/
|
|
3719
|
-
function
|
|
3720
|
-
|
|
3721
|
-
|
|
3722
|
-
|
|
3723
|
-
|
|
3724
|
-
|
|
3725
|
-
|
|
3686
|
+
function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId) {
|
|
3687
|
+
const atEntity = {
|
|
3688
|
+
homeAccountId: homeAccountId,
|
|
3689
|
+
credentialType: CredentialType.ACCESS_TOKEN,
|
|
3690
|
+
secret: accessToken,
|
|
3691
|
+
cachedAt: nowSeconds().toString(),
|
|
3692
|
+
expiresOn: expiresOn.toString(),
|
|
3693
|
+
extendedExpiresOn: extExpiresOn.toString(),
|
|
3694
|
+
environment: environment,
|
|
3695
|
+
clientId: clientId,
|
|
3696
|
+
realm: tenantId,
|
|
3697
|
+
target: scopes,
|
|
3698
|
+
tokenType: tokenType || AuthenticationScheme.BEARER,
|
|
3699
|
+
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
3726
3700
|
};
|
|
3727
|
-
if (
|
|
3728
|
-
|
|
3701
|
+
if (userAssertionHash) {
|
|
3702
|
+
atEntity.userAssertionHash = userAssertionHash;
|
|
3729
3703
|
}
|
|
3730
|
-
|
|
3731
|
-
|
|
3704
|
+
if (refreshOn) {
|
|
3705
|
+
atEntity.refreshOn = refreshOn.toString();
|
|
3706
|
+
}
|
|
3707
|
+
/*
|
|
3708
|
+
* Create Access Token With Auth Scheme instead of regular access token
|
|
3709
|
+
* Cast to lower to handle "bearer" from ADFS
|
|
3710
|
+
*/
|
|
3711
|
+
if (atEntity.tokenType?.toLowerCase() !==
|
|
3712
|
+
AuthenticationScheme.BEARER.toLowerCase()) {
|
|
3713
|
+
atEntity.credentialType =
|
|
3714
|
+
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
|
|
3715
|
+
switch (atEntity.tokenType) {
|
|
3716
|
+
case AuthenticationScheme.POP:
|
|
3717
|
+
// Make sure keyId is present and add it to credential
|
|
3718
|
+
const tokenClaims = extractTokenClaims(accessToken, base64Decode);
|
|
3719
|
+
if (!tokenClaims?.cnf?.kid) {
|
|
3720
|
+
throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
|
|
3721
|
+
}
|
|
3722
|
+
atEntity.keyId = tokenClaims.cnf.kid;
|
|
3723
|
+
break;
|
|
3724
|
+
case AuthenticationScheme.SSH:
|
|
3725
|
+
atEntity.keyId = keyId;
|
|
3726
|
+
}
|
|
3727
|
+
}
|
|
3728
|
+
return atEntity;
|
|
3732
3729
|
}
|
|
3733
3730
|
/**
|
|
3734
|
-
*
|
|
3735
|
-
* @param
|
|
3736
|
-
* @param
|
|
3731
|
+
* Create RefreshTokenEntity
|
|
3732
|
+
* @param homeAccountId
|
|
3733
|
+
* @param authenticationResult
|
|
3734
|
+
* @param clientId
|
|
3735
|
+
* @param authority
|
|
3737
3736
|
*/
|
|
3738
|
-
function
|
|
3739
|
-
|
|
3740
|
-
|
|
3737
|
+
function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
|
|
3738
|
+
const rtEntity = {
|
|
3739
|
+
credentialType: CredentialType.REFRESH_TOKEN,
|
|
3740
|
+
homeAccountId: homeAccountId,
|
|
3741
|
+
environment: environment,
|
|
3742
|
+
clientId: clientId,
|
|
3743
|
+
secret: refreshToken,
|
|
3744
|
+
lastUpdatedAt: Date.now().toString(),
|
|
3745
|
+
};
|
|
3746
|
+
if (userAssertionHash) {
|
|
3747
|
+
rtEntity.userAssertionHash = userAssertionHash;
|
|
3741
3748
|
}
|
|
3742
|
-
if (
|
|
3743
|
-
|
|
3749
|
+
if (familyId) {
|
|
3750
|
+
rtEntity.familyId = familyId;
|
|
3744
3751
|
}
|
|
3745
|
-
|
|
3746
|
-
|
|
3747
|
-
const splitState = state.split(RESOURCE_DELIM);
|
|
3748
|
-
const libraryState = splitState[0];
|
|
3749
|
-
const userState = splitState.length > 1
|
|
3750
|
-
? splitState.slice(1).join(RESOURCE_DELIM)
|
|
3751
|
-
: "";
|
|
3752
|
-
const libraryStateString = base64Decode(libraryState);
|
|
3753
|
-
const libraryStateObj = JSON.parse(libraryStateString);
|
|
3754
|
-
return {
|
|
3755
|
-
userRequestState: userState || "",
|
|
3756
|
-
libraryState: libraryStateObj,
|
|
3757
|
-
};
|
|
3752
|
+
if (expiresOn) {
|
|
3753
|
+
rtEntity.expiresOn = expiresOn.toString();
|
|
3758
3754
|
}
|
|
3759
|
-
|
|
3760
|
-
|
|
3755
|
+
return rtEntity;
|
|
3756
|
+
}
|
|
3757
|
+
function isCredentialEntity(entity) {
|
|
3758
|
+
return (entity.hasOwnProperty("homeAccountId") &&
|
|
3759
|
+
entity.hasOwnProperty("environment") &&
|
|
3760
|
+
entity.hasOwnProperty("credentialType") &&
|
|
3761
|
+
entity.hasOwnProperty("clientId") &&
|
|
3762
|
+
entity.hasOwnProperty("secret"));
|
|
3763
|
+
}
|
|
3764
|
+
/**
|
|
3765
|
+
* Validates an entity: checks for all expected params
|
|
3766
|
+
* @param entity
|
|
3767
|
+
*/
|
|
3768
|
+
function isAccessTokenEntity(entity) {
|
|
3769
|
+
if (!entity) {
|
|
3770
|
+
return false;
|
|
3761
3771
|
}
|
|
3762
|
-
|
|
3763
|
-
|
|
3764
|
-
|
|
3765
|
-
|
|
3766
|
-
|
|
3767
|
-
|
|
3772
|
+
return (isCredentialEntity(entity) &&
|
|
3773
|
+
entity.hasOwnProperty("realm") &&
|
|
3774
|
+
entity.hasOwnProperty("target") &&
|
|
3775
|
+
(entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
|
|
3776
|
+
entity["credentialType"] ===
|
|
3777
|
+
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
|
|
3778
|
+
}
|
|
3779
|
+
/**
|
|
3780
|
+
* Validates an entity: checks for all expected params
|
|
3781
|
+
* @param entity
|
|
3768
3782
|
*/
|
|
3783
|
+
function isIdTokenEntity(entity) {
|
|
3784
|
+
if (!entity) {
|
|
3785
|
+
return false;
|
|
3786
|
+
}
|
|
3787
|
+
return (isCredentialEntity(entity) &&
|
|
3788
|
+
entity.hasOwnProperty("realm") &&
|
|
3789
|
+
entity["credentialType"] === CredentialType.ID_TOKEN);
|
|
3790
|
+
}
|
|
3769
3791
|
/**
|
|
3770
|
-
*
|
|
3792
|
+
* Validates an entity: checks for all expected params
|
|
3793
|
+
* @param entity
|
|
3771
3794
|
*/
|
|
3795
|
+
function isRefreshTokenEntity(entity) {
|
|
3796
|
+
if (!entity) {
|
|
3797
|
+
return false;
|
|
3798
|
+
}
|
|
3799
|
+
return (isCredentialEntity(entity) &&
|
|
3800
|
+
entity["credentialType"] === CredentialType.REFRESH_TOKEN);
|
|
3801
|
+
}
|
|
3772
3802
|
/**
|
|
3773
|
-
*
|
|
3803
|
+
* validates if a given cache entry is "Telemetry", parses <key,value>
|
|
3804
|
+
* @param key
|
|
3805
|
+
* @param entity
|
|
3774
3806
|
*/
|
|
3775
|
-
function
|
|
3776
|
-
|
|
3777
|
-
|
|
3807
|
+
function isServerTelemetryEntity(key, entity) {
|
|
3808
|
+
const validateKey = key.indexOf(SERVER_TELEM_CACHE_KEY) === 0;
|
|
3809
|
+
let validateEntity = true;
|
|
3810
|
+
if (entity) {
|
|
3811
|
+
validateEntity =
|
|
3812
|
+
entity.hasOwnProperty("failedRequests") &&
|
|
3813
|
+
entity.hasOwnProperty("errors") &&
|
|
3814
|
+
entity.hasOwnProperty("cacheHits");
|
|
3815
|
+
}
|
|
3816
|
+
return validateKey && validateEntity;
|
|
3778
3817
|
}
|
|
3779
3818
|
/**
|
|
3780
|
-
*
|
|
3781
|
-
* @param
|
|
3819
|
+
* validates if a given cache entry is "Throttling", parses <key,value>
|
|
3820
|
+
* @param key
|
|
3821
|
+
* @param entity
|
|
3782
3822
|
*/
|
|
3783
|
-
function
|
|
3784
|
-
|
|
3785
|
-
|
|
3823
|
+
function isThrottlingEntity(key, entity) {
|
|
3824
|
+
let validateKey = false;
|
|
3825
|
+
if (key) {
|
|
3826
|
+
validateKey = key.indexOf(THROTTLING_PREFIX) === 0;
|
|
3827
|
+
}
|
|
3828
|
+
let validateEntity = true;
|
|
3829
|
+
if (entity) {
|
|
3830
|
+
validateEntity = entity.hasOwnProperty("throttleTime");
|
|
3831
|
+
}
|
|
3832
|
+
return validateKey && validateEntity;
|
|
3786
3833
|
}
|
|
3787
3834
|
/**
|
|
3788
|
-
*
|
|
3789
|
-
* @param seconds
|
|
3835
|
+
* Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
|
|
3790
3836
|
*/
|
|
3791
|
-
function
|
|
3792
|
-
|
|
3793
|
-
|
|
3837
|
+
function generateAppMetadataKey({ environment, clientId, }) {
|
|
3838
|
+
const appMetaDataKeyArray = [
|
|
3839
|
+
APP_METADATA,
|
|
3840
|
+
environment,
|
|
3841
|
+
clientId,
|
|
3842
|
+
];
|
|
3843
|
+
return appMetaDataKeyArray
|
|
3844
|
+
.join(CACHE_KEY_SEPARATOR$1)
|
|
3845
|
+
.toLowerCase();
|
|
3846
|
+
}
|
|
3847
|
+
/*
|
|
3848
|
+
* Validates an entity: checks for all expected params
|
|
3849
|
+
* @param entity
|
|
3850
|
+
*/
|
|
3851
|
+
function isAppMetadataEntity(key, entity) {
|
|
3852
|
+
if (!entity) {
|
|
3853
|
+
return false;
|
|
3794
3854
|
}
|
|
3795
|
-
return
|
|
3855
|
+
return (key.indexOf(APP_METADATA) === 0 &&
|
|
3856
|
+
entity.hasOwnProperty("clientId") &&
|
|
3857
|
+
entity.hasOwnProperty("environment"));
|
|
3796
3858
|
}
|
|
3797
3859
|
/**
|
|
3798
|
-
*
|
|
3799
|
-
* @param
|
|
3860
|
+
* Validates an entity: checks for all expected params
|
|
3861
|
+
* @param entity
|
|
3800
3862
|
*/
|
|
3801
|
-
function
|
|
3802
|
-
|
|
3803
|
-
|
|
3804
|
-
|
|
3805
|
-
|
|
3806
|
-
|
|
3863
|
+
function isAuthorityMetadataEntity(key, entity) {
|
|
3864
|
+
if (!entity) {
|
|
3865
|
+
return false;
|
|
3866
|
+
}
|
|
3867
|
+
return (key.indexOf(AUTHORITY_METADATA_CACHE_KEY) === 0 &&
|
|
3868
|
+
entity.hasOwnProperty("aliases") &&
|
|
3869
|
+
entity.hasOwnProperty("preferred_cache") &&
|
|
3870
|
+
entity.hasOwnProperty("preferred_network") &&
|
|
3871
|
+
entity.hasOwnProperty("canonical_authority") &&
|
|
3872
|
+
entity.hasOwnProperty("authorization_endpoint") &&
|
|
3873
|
+
entity.hasOwnProperty("token_endpoint") &&
|
|
3874
|
+
entity.hasOwnProperty("issuer") &&
|
|
3875
|
+
entity.hasOwnProperty("aliasesFromNetwork") &&
|
|
3876
|
+
entity.hasOwnProperty("endpointsFromNetwork") &&
|
|
3877
|
+
entity.hasOwnProperty("expiresAt") &&
|
|
3878
|
+
entity.hasOwnProperty("jwks_uri"));
|
|
3807
3879
|
}
|
|
3808
3880
|
/**
|
|
3809
|
-
*
|
|
3810
|
-
* @param lastUpdatedAt
|
|
3811
|
-
* @param cacheRetentionDays
|
|
3812
|
-
* @returns
|
|
3881
|
+
* Reset the exiresAt value
|
|
3813
3882
|
*/
|
|
3814
|
-
function
|
|
3815
|
-
|
|
3816
|
-
|
|
3883
|
+
function generateAuthorityMetadataExpiresAt() {
|
|
3884
|
+
return (nowSeconds() +
|
|
3885
|
+
AUTHORITY_METADATA_REFRESH_TIME_SECONDS);
|
|
3886
|
+
}
|
|
3887
|
+
function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
|
|
3888
|
+
authorityMetadata.authorization_endpoint =
|
|
3889
|
+
updatedValues.authorization_endpoint;
|
|
3890
|
+
authorityMetadata.token_endpoint = updatedValues.token_endpoint;
|
|
3891
|
+
authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
|
|
3892
|
+
authorityMetadata.issuer = updatedValues.issuer;
|
|
3893
|
+
authorityMetadata.endpointsFromNetwork = fromNetwork;
|
|
3894
|
+
authorityMetadata.jwks_uri = updatedValues.jwks_uri;
|
|
3895
|
+
}
|
|
3896
|
+
function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
|
|
3897
|
+
authorityMetadata.aliases = updatedValues.aliases;
|
|
3898
|
+
authorityMetadata.preferred_cache = updatedValues.preferred_cache;
|
|
3899
|
+
authorityMetadata.preferred_network = updatedValues.preferred_network;
|
|
3900
|
+
authorityMetadata.aliasesFromNetwork = fromNetwork;
|
|
3817
3901
|
}
|
|
3818
3902
|
/**
|
|
3819
|
-
*
|
|
3820
|
-
* i.e. The system clock was turned back after acquiring the cached token
|
|
3821
|
-
* @param cachedAt
|
|
3822
|
-
* @param offset
|
|
3903
|
+
* Returns whether or not the data needs to be refreshed
|
|
3823
3904
|
*/
|
|
3824
|
-
function
|
|
3825
|
-
|
|
3826
|
-
return cachedAtSec > nowSeconds();
|
|
3905
|
+
function isAuthorityMetadataExpired(metadata) {
|
|
3906
|
+
return metadata.expiresAt <= nowSeconds();
|
|
3827
3907
|
}
|
|
3828
3908
|
|
|
3829
|
-
/*! @azure/msal-common v16.4.
|
|
3909
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
3830
3910
|
/*
|
|
3831
3911
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3832
3912
|
* Licensed under the MIT License.
|
|
@@ -3897,7 +3977,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
|
|
|
3897
3977
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
3898
3978
|
const SetUserData = "setUserData";
|
|
3899
3979
|
|
|
3900
|
-
/*! @azure/msal-common v16.4.
|
|
3980
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
3901
3981
|
/*
|
|
3902
3982
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3903
3983
|
* Licensed under the MIT License.
|
|
@@ -3990,7 +4070,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
|
|
|
3990
4070
|
};
|
|
3991
4071
|
};
|
|
3992
4072
|
|
|
3993
|
-
/*! @azure/msal-common v16.4.
|
|
4073
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
3994
4074
|
|
|
3995
4075
|
/*
|
|
3996
4076
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4070,293 +4150,213 @@ class PopTokenGenerator {
|
|
|
4070
4150
|
}
|
|
4071
4151
|
}
|
|
4072
4152
|
|
|
4073
|
-
/*! @azure/msal-common v16.4.
|
|
4153
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4074
4154
|
/*
|
|
4075
4155
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4076
4156
|
* Licensed under the MIT License.
|
|
4077
4157
|
*/
|
|
4078
4158
|
/**
|
|
4079
|
-
*
|
|
4080
|
-
*
|
|
4081
|
-
*/ class TokenCacheContext {
|
|
4082
|
-
constructor(tokenCache, hasChanged) {
|
|
4083
|
-
this.cache = tokenCache;
|
|
4084
|
-
this.hasChanged = hasChanged;
|
|
4085
|
-
}
|
|
4086
|
-
/**
|
|
4087
|
-
* boolean which indicates the changes in cache
|
|
4088
|
-
*/
|
|
4089
|
-
get cacheHasChanged() {
|
|
4090
|
-
return this.hasChanged;
|
|
4091
|
-
}
|
|
4092
|
-
/**
|
|
4093
|
-
* function to retrieve the token cache
|
|
4094
|
-
*/
|
|
4095
|
-
get tokenCache() {
|
|
4096
|
-
return this.cache;
|
|
4097
|
-
}
|
|
4098
|
-
}
|
|
4099
|
-
|
|
4100
|
-
/*! @azure/msal-common v16.4.0 2026-03-19 */
|
|
4101
|
-
|
|
4102
|
-
/*
|
|
4103
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4104
|
-
* Licensed under the MIT License.
|
|
4159
|
+
* MSAL-defined interaction required error code indicating no tokens are found in cache.
|
|
4160
|
+
* @public
|
|
4105
4161
|
*/
|
|
4162
|
+
const noTokensFound = "no_tokens_found";
|
|
4106
4163
|
/**
|
|
4107
|
-
*
|
|
4108
|
-
* @
|
|
4109
|
-
* @param authenticationResult
|
|
4110
|
-
* @param clientId
|
|
4111
|
-
* @param authority
|
|
4164
|
+
* MSAL-defined error code indicating a native account is unavailable on the platform.
|
|
4165
|
+
* @public
|
|
4112
4166
|
*/
|
|
4113
|
-
|
|
4114
|
-
const idTokenEntity = {
|
|
4115
|
-
credentialType: CredentialType.ID_TOKEN,
|
|
4116
|
-
homeAccountId: homeAccountId,
|
|
4117
|
-
environment: environment,
|
|
4118
|
-
clientId: clientId,
|
|
4119
|
-
secret: idToken,
|
|
4120
|
-
realm: tenantId,
|
|
4121
|
-
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
4122
|
-
};
|
|
4123
|
-
return idTokenEntity;
|
|
4124
|
-
}
|
|
4167
|
+
const nativeAccountUnavailable = "native_account_unavailable";
|
|
4125
4168
|
/**
|
|
4126
|
-
*
|
|
4127
|
-
* @
|
|
4128
|
-
* @param environment
|
|
4129
|
-
* @param accessToken
|
|
4130
|
-
* @param clientId
|
|
4131
|
-
* @param tenantId
|
|
4132
|
-
* @param scopes
|
|
4133
|
-
* @param expiresOn
|
|
4134
|
-
* @param extExpiresOn
|
|
4169
|
+
* MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
|
|
4170
|
+
* @public
|
|
4135
4171
|
*/
|
|
4136
|
-
|
|
4137
|
-
const atEntity = {
|
|
4138
|
-
homeAccountId: homeAccountId,
|
|
4139
|
-
credentialType: CredentialType.ACCESS_TOKEN,
|
|
4140
|
-
secret: accessToken,
|
|
4141
|
-
cachedAt: nowSeconds().toString(),
|
|
4142
|
-
expiresOn: expiresOn.toString(),
|
|
4143
|
-
extendedExpiresOn: extExpiresOn.toString(),
|
|
4144
|
-
environment: environment,
|
|
4145
|
-
clientId: clientId,
|
|
4146
|
-
realm: tenantId,
|
|
4147
|
-
target: scopes,
|
|
4148
|
-
tokenType: tokenType || AuthenticationScheme.BEARER,
|
|
4149
|
-
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
4150
|
-
};
|
|
4151
|
-
if (userAssertionHash) {
|
|
4152
|
-
atEntity.userAssertionHash = userAssertionHash;
|
|
4153
|
-
}
|
|
4154
|
-
if (refreshOn) {
|
|
4155
|
-
atEntity.refreshOn = refreshOn.toString();
|
|
4156
|
-
}
|
|
4157
|
-
/*
|
|
4158
|
-
* Create Access Token With Auth Scheme instead of regular access token
|
|
4159
|
-
* Cast to lower to handle "bearer" from ADFS
|
|
4160
|
-
*/
|
|
4161
|
-
if (atEntity.tokenType?.toLowerCase() !==
|
|
4162
|
-
AuthenticationScheme.BEARER.toLowerCase()) {
|
|
4163
|
-
atEntity.credentialType =
|
|
4164
|
-
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
|
|
4165
|
-
switch (atEntity.tokenType) {
|
|
4166
|
-
case AuthenticationScheme.POP:
|
|
4167
|
-
// Make sure keyId is present and add it to credential
|
|
4168
|
-
const tokenClaims = extractTokenClaims(accessToken, base64Decode);
|
|
4169
|
-
if (!tokenClaims?.cnf?.kid) {
|
|
4170
|
-
throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
|
|
4171
|
-
}
|
|
4172
|
-
atEntity.keyId = tokenClaims.cnf.kid;
|
|
4173
|
-
break;
|
|
4174
|
-
case AuthenticationScheme.SSH:
|
|
4175
|
-
atEntity.keyId = keyId;
|
|
4176
|
-
}
|
|
4177
|
-
}
|
|
4178
|
-
return atEntity;
|
|
4179
|
-
}
|
|
4172
|
+
const refreshTokenExpired = "refresh_token_expired";
|
|
4180
4173
|
/**
|
|
4181
|
-
*
|
|
4182
|
-
* @
|
|
4183
|
-
* @param authenticationResult
|
|
4184
|
-
* @param clientId
|
|
4185
|
-
* @param authority
|
|
4174
|
+
* MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
|
|
4175
|
+
* @public
|
|
4186
4176
|
*/
|
|
4187
|
-
|
|
4188
|
-
const rtEntity = {
|
|
4189
|
-
credentialType: CredentialType.REFRESH_TOKEN,
|
|
4190
|
-
homeAccountId: homeAccountId,
|
|
4191
|
-
environment: environment,
|
|
4192
|
-
clientId: clientId,
|
|
4193
|
-
secret: refreshToken,
|
|
4194
|
-
lastUpdatedAt: Date.now().toString(),
|
|
4195
|
-
};
|
|
4196
|
-
if (userAssertionHash) {
|
|
4197
|
-
rtEntity.userAssertionHash = userAssertionHash;
|
|
4198
|
-
}
|
|
4199
|
-
if (familyId) {
|
|
4200
|
-
rtEntity.familyId = familyId;
|
|
4201
|
-
}
|
|
4202
|
-
if (expiresOn) {
|
|
4203
|
-
rtEntity.expiresOn = expiresOn.toString();
|
|
4204
|
-
}
|
|
4205
|
-
return rtEntity;
|
|
4206
|
-
}
|
|
4207
|
-
function isCredentialEntity(entity) {
|
|
4208
|
-
return (entity.hasOwnProperty("homeAccountId") &&
|
|
4209
|
-
entity.hasOwnProperty("environment") &&
|
|
4210
|
-
entity.hasOwnProperty("credentialType") &&
|
|
4211
|
-
entity.hasOwnProperty("clientId") &&
|
|
4212
|
-
entity.hasOwnProperty("secret"));
|
|
4213
|
-
}
|
|
4177
|
+
const uxNotAllowed = "ux_not_allowed";
|
|
4214
4178
|
/**
|
|
4215
|
-
*
|
|
4216
|
-
* @
|
|
4179
|
+
* Server-originated error code indicating interaction is required to complete the request.
|
|
4180
|
+
* @public
|
|
4217
4181
|
*/
|
|
4218
|
-
|
|
4219
|
-
|
|
4220
|
-
|
|
4221
|
-
|
|
4222
|
-
|
|
4223
|
-
|
|
4224
|
-
|
|
4225
|
-
|
|
4226
|
-
|
|
4227
|
-
|
|
4228
|
-
|
|
4182
|
+
const interactionRequired = "interaction_required";
|
|
4183
|
+
/**
|
|
4184
|
+
* Server-originated error code indicating user consent is required.
|
|
4185
|
+
* @public
|
|
4186
|
+
*/
|
|
4187
|
+
const consentRequired = "consent_required";
|
|
4188
|
+
/**
|
|
4189
|
+
* Server-originated error code indicating user login is required.
|
|
4190
|
+
* @public
|
|
4191
|
+
*/
|
|
4192
|
+
const loginRequired = "login_required";
|
|
4193
|
+
/**
|
|
4194
|
+
* Server-originated error code indicating the token is invalid or corrupted.
|
|
4195
|
+
* @public
|
|
4196
|
+
*/
|
|
4197
|
+
const badToken = "bad_token";
|
|
4198
|
+
/**
|
|
4199
|
+
* Server-originated error code indicating the user is in an interrupted state and interaction is required.
|
|
4200
|
+
* @public
|
|
4201
|
+
*/
|
|
4202
|
+
const interruptedUser = "interrupted_user";
|
|
4203
|
+
|
|
4204
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4205
|
+
|
|
4206
|
+
/*
|
|
4207
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4208
|
+
* Licensed under the MIT License.
|
|
4209
|
+
*/
|
|
4210
|
+
/**
|
|
4211
|
+
* InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required
|
|
4212
|
+
*/
|
|
4213
|
+
const InteractionRequiredServerErrorMessage = [
|
|
4214
|
+
interactionRequired,
|
|
4215
|
+
consentRequired,
|
|
4216
|
+
loginRequired,
|
|
4217
|
+
badToken,
|
|
4218
|
+
uxNotAllowed,
|
|
4219
|
+
interruptedUser,
|
|
4220
|
+
];
|
|
4221
|
+
const InteractionRequiredAuthSubErrorMessage = [
|
|
4222
|
+
"message_only",
|
|
4223
|
+
"additional_action",
|
|
4224
|
+
"basic_action",
|
|
4225
|
+
"user_password_expired",
|
|
4226
|
+
"consent_required",
|
|
4227
|
+
"bad_token",
|
|
4228
|
+
"ux_not_allowed",
|
|
4229
|
+
"interrupted_user",
|
|
4230
|
+
];
|
|
4229
4231
|
/**
|
|
4230
|
-
*
|
|
4231
|
-
* @param entity
|
|
4232
|
+
* Error thrown when user interaction is required.
|
|
4232
4233
|
*/
|
|
4233
|
-
|
|
4234
|
-
|
|
4235
|
-
|
|
4234
|
+
class InteractionRequiredAuthError extends AuthError {
|
|
4235
|
+
constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
|
|
4236
|
+
super(errorCode, errorMessage, subError);
|
|
4237
|
+
Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
|
|
4238
|
+
this.timestamp = timestamp || "";
|
|
4239
|
+
this.traceId = traceId || "";
|
|
4240
|
+
this.correlationId = correlationId || "";
|
|
4241
|
+
this.claims = claims || "";
|
|
4242
|
+
this.name = "InteractionRequiredAuthError";
|
|
4243
|
+
this.errorNo = errorNo;
|
|
4236
4244
|
}
|
|
4237
|
-
return (isCredentialEntity(entity) &&
|
|
4238
|
-
entity.hasOwnProperty("realm") &&
|
|
4239
|
-
entity["credentialType"] === CredentialType.ID_TOKEN);
|
|
4240
4245
|
}
|
|
4241
4246
|
/**
|
|
4242
|
-
*
|
|
4243
|
-
* @param
|
|
4247
|
+
* Helper function used to determine if an error thrown by the server requires interaction to resolve
|
|
4248
|
+
* @param errorCode
|
|
4249
|
+
* @param errorString
|
|
4250
|
+
* @param subError
|
|
4244
4251
|
*/
|
|
4245
|
-
function
|
|
4246
|
-
|
|
4247
|
-
|
|
4248
|
-
|
|
4249
|
-
|
|
4250
|
-
|
|
4252
|
+
function isInteractionRequiredError(errorCode, errorString, subError) {
|
|
4253
|
+
const isInteractionRequiredErrorCode = !!errorCode &&
|
|
4254
|
+
InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;
|
|
4255
|
+
const isInteractionRequiredSubError = !!subError &&
|
|
4256
|
+
InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
|
|
4257
|
+
const isInteractionRequiredErrorDesc = !!errorString &&
|
|
4258
|
+
InteractionRequiredServerErrorMessage.some((irErrorCode) => {
|
|
4259
|
+
return errorString.indexOf(irErrorCode) > -1;
|
|
4260
|
+
});
|
|
4261
|
+
return (isInteractionRequiredErrorCode ||
|
|
4262
|
+
isInteractionRequiredErrorDesc ||
|
|
4263
|
+
isInteractionRequiredSubError);
|
|
4251
4264
|
}
|
|
4252
4265
|
/**
|
|
4253
|
-
*
|
|
4254
|
-
* @param key
|
|
4255
|
-
* @param entity
|
|
4266
|
+
* Creates an InteractionRequiredAuthError
|
|
4256
4267
|
*/
|
|
4257
|
-
function
|
|
4258
|
-
|
|
4259
|
-
|
|
4260
|
-
|
|
4261
|
-
|
|
4262
|
-
|
|
4263
|
-
|
|
4264
|
-
|
|
4265
|
-
|
|
4266
|
-
return validateKey && validateEntity;
|
|
4267
|
-
}
|
|
4268
|
-
/**
|
|
4269
|
-
* validates if a given cache entry is "Throttling", parses <key,value>
|
|
4270
|
-
* @param key
|
|
4271
|
-
* @param entity
|
|
4268
|
+
function createInteractionRequiredAuthError(errorCode, errorMessage) {
|
|
4269
|
+
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4270
|
+
}
|
|
4271
|
+
|
|
4272
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4273
|
+
|
|
4274
|
+
/*
|
|
4275
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4276
|
+
* Licensed under the MIT License.
|
|
4272
4277
|
*/
|
|
4273
|
-
function isThrottlingEntity(key, entity) {
|
|
4274
|
-
let validateKey = false;
|
|
4275
|
-
if (key) {
|
|
4276
|
-
validateKey = key.indexOf(THROTTLING_PREFIX) === 0;
|
|
4277
|
-
}
|
|
4278
|
-
let validateEntity = true;
|
|
4279
|
-
if (entity) {
|
|
4280
|
-
validateEntity = entity.hasOwnProperty("throttleTime");
|
|
4281
|
-
}
|
|
4282
|
-
return validateKey && validateEntity;
|
|
4283
|
-
}
|
|
4284
4278
|
/**
|
|
4285
|
-
*
|
|
4279
|
+
* Error thrown when there is an error with the server code, for example, unavailability.
|
|
4286
4280
|
*/
|
|
4287
|
-
|
|
4288
|
-
|
|
4289
|
-
|
|
4290
|
-
|
|
4291
|
-
|
|
4292
|
-
|
|
4293
|
-
|
|
4294
|
-
|
|
4295
|
-
|
|
4296
|
-
|
|
4281
|
+
class ServerError extends AuthError {
|
|
4282
|
+
constructor(errorCode, errorMessage, subError, errorNo, status) {
|
|
4283
|
+
super(errorCode, errorMessage, subError);
|
|
4284
|
+
this.name = "ServerError";
|
|
4285
|
+
this.errorNo = errorNo;
|
|
4286
|
+
this.status = status;
|
|
4287
|
+
Object.setPrototypeOf(this, ServerError.prototype);
|
|
4288
|
+
}
|
|
4289
|
+
}
|
|
4290
|
+
|
|
4291
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4292
|
+
|
|
4297
4293
|
/*
|
|
4298
|
-
*
|
|
4299
|
-
*
|
|
4294
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4295
|
+
* Licensed under the MIT License.
|
|
4300
4296
|
*/
|
|
4301
|
-
function isAppMetadataEntity(key, entity) {
|
|
4302
|
-
if (!entity) {
|
|
4303
|
-
return false;
|
|
4304
|
-
}
|
|
4305
|
-
return (key.indexOf(APP_METADATA) === 0 &&
|
|
4306
|
-
entity.hasOwnProperty("clientId") &&
|
|
4307
|
-
entity.hasOwnProperty("environment"));
|
|
4308
|
-
}
|
|
4309
4297
|
/**
|
|
4310
|
-
*
|
|
4311
|
-
* @param
|
|
4298
|
+
* Appends user state with random guid, or returns random guid.
|
|
4299
|
+
* @param cryptoObj
|
|
4300
|
+
* @param userState
|
|
4301
|
+
* @param meta
|
|
4312
4302
|
*/
|
|
4313
|
-
function
|
|
4314
|
-
|
|
4315
|
-
|
|
4316
|
-
|
|
4317
|
-
|
|
4318
|
-
entity.hasOwnProperty("aliases") &&
|
|
4319
|
-
entity.hasOwnProperty("preferred_cache") &&
|
|
4320
|
-
entity.hasOwnProperty("preferred_network") &&
|
|
4321
|
-
entity.hasOwnProperty("canonical_authority") &&
|
|
4322
|
-
entity.hasOwnProperty("authorization_endpoint") &&
|
|
4323
|
-
entity.hasOwnProperty("token_endpoint") &&
|
|
4324
|
-
entity.hasOwnProperty("issuer") &&
|
|
4325
|
-
entity.hasOwnProperty("aliasesFromNetwork") &&
|
|
4326
|
-
entity.hasOwnProperty("endpointsFromNetwork") &&
|
|
4327
|
-
entity.hasOwnProperty("expiresAt") &&
|
|
4328
|
-
entity.hasOwnProperty("jwks_uri"));
|
|
4303
|
+
function setRequestState(cryptoObj, userState, meta) {
|
|
4304
|
+
const libraryState = generateLibraryState(cryptoObj, meta);
|
|
4305
|
+
return userState
|
|
4306
|
+
? `${libraryState}${RESOURCE_DELIM}${userState}`
|
|
4307
|
+
: libraryState;
|
|
4329
4308
|
}
|
|
4330
4309
|
/**
|
|
4331
|
-
*
|
|
4310
|
+
* Generates the state value used by the common library.
|
|
4311
|
+
* @param cryptoObj
|
|
4312
|
+
* @param meta
|
|
4332
4313
|
*/
|
|
4333
|
-
function
|
|
4334
|
-
|
|
4335
|
-
|
|
4336
|
-
}
|
|
4337
|
-
|
|
4338
|
-
|
|
4339
|
-
|
|
4340
|
-
|
|
4341
|
-
|
|
4342
|
-
|
|
4343
|
-
|
|
4344
|
-
|
|
4345
|
-
|
|
4346
|
-
function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
|
|
4347
|
-
authorityMetadata.aliases = updatedValues.aliases;
|
|
4348
|
-
authorityMetadata.preferred_cache = updatedValues.preferred_cache;
|
|
4349
|
-
authorityMetadata.preferred_network = updatedValues.preferred_network;
|
|
4350
|
-
authorityMetadata.aliasesFromNetwork = fromNetwork;
|
|
4314
|
+
function generateLibraryState(cryptoObj, meta) {
|
|
4315
|
+
if (!cryptoObj) {
|
|
4316
|
+
throw createClientAuthError(noCryptoObject);
|
|
4317
|
+
}
|
|
4318
|
+
// Create a state object containing a unique id and the timestamp of the request creation
|
|
4319
|
+
const stateObj = {
|
|
4320
|
+
id: cryptoObj.createNewGuid(),
|
|
4321
|
+
};
|
|
4322
|
+
if (meta) {
|
|
4323
|
+
stateObj.meta = meta;
|
|
4324
|
+
}
|
|
4325
|
+
const stateString = JSON.stringify(stateObj);
|
|
4326
|
+
return cryptoObj.base64Encode(stateString);
|
|
4351
4327
|
}
|
|
4352
4328
|
/**
|
|
4353
|
-
*
|
|
4329
|
+
* Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.
|
|
4330
|
+
* @param base64Decode
|
|
4331
|
+
* @param state
|
|
4354
4332
|
*/
|
|
4355
|
-
function
|
|
4356
|
-
|
|
4333
|
+
function parseRequestState(base64Decode, state) {
|
|
4334
|
+
if (!base64Decode) {
|
|
4335
|
+
throw createClientAuthError(noCryptoObject);
|
|
4336
|
+
}
|
|
4337
|
+
if (!state) {
|
|
4338
|
+
throw createClientAuthError(invalidState);
|
|
4339
|
+
}
|
|
4340
|
+
try {
|
|
4341
|
+
// Split the state between library state and user passed state and decode them separately
|
|
4342
|
+
const splitState = state.split(RESOURCE_DELIM);
|
|
4343
|
+
const libraryState = splitState[0];
|
|
4344
|
+
const userState = splitState.length > 1
|
|
4345
|
+
? splitState.slice(1).join(RESOURCE_DELIM)
|
|
4346
|
+
: "";
|
|
4347
|
+
const libraryStateString = base64Decode(libraryState);
|
|
4348
|
+
const libraryStateObj = JSON.parse(libraryStateString);
|
|
4349
|
+
return {
|
|
4350
|
+
userRequestState: userState || "",
|
|
4351
|
+
libraryState: libraryStateObj,
|
|
4352
|
+
};
|
|
4353
|
+
}
|
|
4354
|
+
catch (e) {
|
|
4355
|
+
throw createClientAuthError(invalidState);
|
|
4356
|
+
}
|
|
4357
4357
|
}
|
|
4358
4358
|
|
|
4359
|
-
/*! @azure/msal-common v16.4.
|
|
4359
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4360
4360
|
|
|
4361
4361
|
/*
|
|
4362
4362
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4512,7 +4512,7 @@ class ResponseHandler {
|
|
|
4512
4512
|
if (serverTokenResponse.id_token && !!idTokenClaims) {
|
|
4513
4513
|
cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || "");
|
|
4514
4514
|
cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, request.correlationId, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
|
|
4515
|
-
this.logger);
|
|
4515
|
+
this.logger, this.performanceClient);
|
|
4516
4516
|
}
|
|
4517
4517
|
// AccessToken
|
|
4518
4518
|
let cachedAccessToken = null;
|
|
@@ -4663,17 +4663,24 @@ class ResponseHandler {
|
|
|
4663
4663
|
};
|
|
4664
4664
|
}
|
|
4665
4665
|
}
|
|
4666
|
-
function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
|
|
4666
|
+
function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger, performanceClient) {
|
|
4667
4667
|
logger?.verbose("09jz0t", correlationId);
|
|
4668
|
-
|
|
4669
|
-
|
|
4670
|
-
|
|
4671
|
-
|
|
4672
|
-
|
|
4673
|
-
|
|
4674
|
-
|
|
4675
|
-
|
|
4668
|
+
/*
|
|
4669
|
+
* Check if base account is already cached. Filter by homeAccountId (identifies
|
|
4670
|
+
* the user's home identity) and environment (identifies the cloud) — the two
|
|
4671
|
+
* tenant-agnostic properties that uniquely locate a base AccountEntity.
|
|
4672
|
+
*/
|
|
4673
|
+
const accountEnvironment = environment || authority.getPreferredCache();
|
|
4674
|
+
const matchedAccounts = cacheStorage.getAccountsFilteredBy({ homeAccountId, environment: accountEnvironment }, correlationId);
|
|
4675
|
+
performanceClient?.addFields({ cacheMatchedAccounts: matchedAccounts.length }, correlationId);
|
|
4676
|
+
if (matchedAccounts.length > 1) {
|
|
4677
|
+
/*
|
|
4678
|
+
* Base accounts are expected to be unique for a given homeAccountId in normal cache usage.
|
|
4679
|
+
* If multiple matches exist, ignore the cache hit rather than arbitrarily choosing one.
|
|
4680
|
+
*/
|
|
4681
|
+
logger?.warning("0x7ad1", correlationId);
|
|
4676
4682
|
}
|
|
4683
|
+
const cachedAccount = matchedAccounts.length === 1 ? matchedAccounts[0] : null;
|
|
4677
4684
|
const baseAccount = cachedAccount ||
|
|
4678
4685
|
createAccountEntity({
|
|
4679
4686
|
homeAccountId,
|
|
@@ -4697,7 +4704,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
|
|
|
4697
4704
|
return baseAccount;
|
|
4698
4705
|
}
|
|
4699
4706
|
|
|
4700
|
-
/*! @azure/msal-common v16.4.
|
|
4707
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4701
4708
|
/*
|
|
4702
4709
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4703
4710
|
* Licensed under the MIT License.
|
|
@@ -4707,7 +4714,7 @@ const CcsCredentialType = {
|
|
|
4707
4714
|
UPN: "UPN",
|
|
4708
4715
|
};
|
|
4709
4716
|
|
|
4710
|
-
/*! @azure/msal-common v16.4.
|
|
4717
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4711
4718
|
/*
|
|
4712
4719
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4713
4720
|
* Licensed under the MIT License.
|
|
@@ -4725,7 +4732,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
|
|
|
4725
4732
|
}
|
|
4726
4733
|
}
|
|
4727
4734
|
|
|
4728
|
-
/*! @azure/msal-common v16.4.
|
|
4735
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4729
4736
|
/*
|
|
4730
4737
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4731
4738
|
* Licensed under the MIT License.
|
|
@@ -4746,7 +4753,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
|
|
|
4746
4753
|
};
|
|
4747
4754
|
}
|
|
4748
4755
|
|
|
4749
|
-
/*! @azure/msal-common v16.4.
|
|
4756
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4750
4757
|
|
|
4751
4758
|
/*
|
|
4752
4759
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4832,7 +4839,7 @@ class ThrottlingUtils {
|
|
|
4832
4839
|
}
|
|
4833
4840
|
}
|
|
4834
4841
|
|
|
4835
|
-
/*! @azure/msal-common v16.4.
|
|
4842
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4836
4843
|
|
|
4837
4844
|
/*
|
|
4838
4845
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4863,7 +4870,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
|
|
|
4863
4870
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
4864
4871
|
}
|
|
4865
4872
|
|
|
4866
|
-
/*! @azure/msal-common v16.4.
|
|
4873
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4867
4874
|
|
|
4868
4875
|
/*
|
|
4869
4876
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4977,7 +4984,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
|
|
|
4977
4984
|
return response;
|
|
4978
4985
|
}
|
|
4979
4986
|
|
|
4980
|
-
/*! @azure/msal-common v16.4.
|
|
4987
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4981
4988
|
/*
|
|
4982
4989
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4983
4990
|
* Licensed under the MIT License.
|
|
@@ -4989,7 +4996,7 @@ function isOpenIdConfigResponse(response) {
|
|
|
4989
4996
|
response.hasOwnProperty("jwks_uri"));
|
|
4990
4997
|
}
|
|
4991
4998
|
|
|
4992
|
-
/*! @azure/msal-common v16.4.
|
|
4999
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4993
5000
|
/*
|
|
4994
5001
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4995
5002
|
* Licensed under the MIT License.
|
|
@@ -4999,7 +5006,7 @@ function isCloudInstanceDiscoveryResponse(response) {
|
|
|
4999
5006
|
response.hasOwnProperty("metadata"));
|
|
5000
5007
|
}
|
|
5001
5008
|
|
|
5002
|
-
/*! @azure/msal-common v16.4.
|
|
5009
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
5003
5010
|
/*
|
|
5004
5011
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5005
5012
|
* Licensed under the MIT License.
|
|
@@ -5009,7 +5016,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
|
|
|
5009
5016
|
response.hasOwnProperty("error_description"));
|
|
5010
5017
|
}
|
|
5011
5018
|
|
|
5012
|
-
/*! @azure/msal-common v16.4.
|
|
5019
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
5013
5020
|
|
|
5014
5021
|
/*
|
|
5015
5022
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5114,7 +5121,7 @@ RegionDiscovery.IMDS_OPTIONS = {
|
|
|
5114
5121
|
},
|
|
5115
5122
|
};
|
|
5116
5123
|
|
|
5117
|
-
/*! @azure/msal-common v16.4.
|
|
5124
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
5118
5125
|
|
|
5119
5126
|
/*
|
|
5120
5127
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5934,7 +5941,7 @@ function buildStaticAuthorityOptions(authOptions) {
|
|
|
5934
5941
|
};
|
|
5935
5942
|
}
|
|
5936
5943
|
|
|
5937
|
-
/*! @azure/msal-common v16.4.
|
|
5944
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
5938
5945
|
|
|
5939
5946
|
/*
|
|
5940
5947
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5968,7 +5975,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
|
|
|
5968
5975
|
}
|
|
5969
5976
|
}
|
|
5970
5977
|
|
|
5971
|
-
/*! @azure/msal-common v16.4.
|
|
5978
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
5972
5979
|
|
|
5973
5980
|
/*
|
|
5974
5981
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6229,7 +6236,7 @@ class AuthorizationCodeClient {
|
|
|
6229
6236
|
}
|
|
6230
6237
|
}
|
|
6231
6238
|
|
|
6232
|
-
/*! @azure/msal-common v16.4.
|
|
6239
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
6233
6240
|
|
|
6234
6241
|
/*
|
|
6235
6242
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6454,7 +6461,7 @@ class RefreshTokenClient {
|
|
|
6454
6461
|
}
|
|
6455
6462
|
}
|
|
6456
6463
|
|
|
6457
|
-
/*! @azure/msal-common v16.4.
|
|
6464
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
6458
6465
|
|
|
6459
6466
|
/*
|
|
6460
6467
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6570,7 +6577,7 @@ class SilentFlowClient {
|
|
|
6570
6577
|
}
|
|
6571
6578
|
}
|
|
6572
6579
|
|
|
6573
|
-
/*! @azure/msal-common v16.4.
|
|
6580
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
6574
6581
|
|
|
6575
6582
|
/*
|
|
6576
6583
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6585,7 +6592,7 @@ const StubbedNetworkModule = {
|
|
|
6585
6592
|
},
|
|
6586
6593
|
};
|
|
6587
6594
|
|
|
6588
|
-
/*! @azure/msal-common v16.4.
|
|
6595
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
6589
6596
|
|
|
6590
6597
|
/*
|
|
6591
6598
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6812,7 +6819,7 @@ function extractLoginHint(account) {
|
|
|
6812
6819
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
6813
6820
|
}
|
|
6814
6821
|
|
|
6815
|
-
/*! @azure/msal-common v16.4.
|
|
6822
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
6816
6823
|
|
|
6817
6824
|
/*
|
|
6818
6825
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6845,7 +6852,7 @@ function containsResourceParam(params) {
|
|
|
6845
6852
|
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
6846
6853
|
}
|
|
6847
6854
|
|
|
6848
|
-
/*! @azure/msal-common v16.4.
|
|
6855
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
6849
6856
|
/*
|
|
6850
6857
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6851
6858
|
* Licensed under the MIT License.
|
|
@@ -6855,7 +6862,7 @@ function containsResourceParam(params) {
|
|
|
6855
6862
|
*/
|
|
6856
6863
|
const unexpectedError = "unexpected_error";
|
|
6857
6864
|
|
|
6858
|
-
/*! @azure/msal-common v16.4.
|
|
6865
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
6859
6866
|
|
|
6860
6867
|
/*
|
|
6861
6868
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7116,7 +7123,7 @@ class ServerTelemetryManager {
|
|
|
7116
7123
|
}
|
|
7117
7124
|
}
|
|
7118
7125
|
|
|
7119
|
-
/*! @azure/msal-common v16.4.
|
|
7126
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
7120
7127
|
|
|
7121
7128
|
/*
|
|
7122
7129
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7137,7 +7144,7 @@ function createJoseHeaderError(code) {
|
|
|
7137
7144
|
return new JoseHeaderError(code);
|
|
7138
7145
|
}
|
|
7139
7146
|
|
|
7140
|
-
/*! @azure/msal-common v16.4.
|
|
7147
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
7141
7148
|
/*
|
|
7142
7149
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7143
7150
|
* Licensed under the MIT License.
|
|
@@ -7145,7 +7152,7 @@ function createJoseHeaderError(code) {
|
|
|
7145
7152
|
const missingKidError = "missing_kid_error";
|
|
7146
7153
|
const missingAlgError = "missing_alg_error";
|
|
7147
7154
|
|
|
7148
|
-
/*! @azure/msal-common v16.4.
|
|
7155
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
7149
7156
|
|
|
7150
7157
|
/*
|
|
7151
7158
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7580,7 +7587,7 @@ function ensureArgumentIsJSONString(argName, argValue, correlationId) {
|
|
|
7580
7587
|
|
|
7581
7588
|
/* eslint-disable header/header */
|
|
7582
7589
|
const name = "@azure/msal-browser";
|
|
7583
|
-
const version = "5.6.
|
|
7590
|
+
const version = "5.6.3";
|
|
7584
7591
|
|
|
7585
7592
|
/*
|
|
7586
7593
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8183,6 +8190,7 @@ const AcquireTokenByCodeAsync = "acquireTokenByCodeAsync";
|
|
|
8183
8190
|
const HandleRedirectPromiseMeasurement = "handleRedirectPromise";
|
|
8184
8191
|
const HandleNativeRedirectPromiseMeasurement = "handleNativeRedirectPromise";
|
|
8185
8192
|
const NativeMessageHandlerHandshake = "nativeMessageHandlerHandshake";
|
|
8193
|
+
const RemoveHiddenIframe = "removeHiddenIframe";
|
|
8186
8194
|
const ImportExistingCache = "importExistingCache";
|
|
8187
8195
|
/**
|
|
8188
8196
|
* Crypto Operations
|
|
@@ -8199,7 +8207,12 @@ const UrlEncodeArr = "urlEncodeArr";
|
|
|
8199
8207
|
const Encrypt = "encrypt";
|
|
8200
8208
|
const Decrypt = "decrypt";
|
|
8201
8209
|
const GenerateEarKey = "generateEarKey";
|
|
8202
|
-
const DecryptEarResponse = "decryptEarResponse";
|
|
8210
|
+
const DecryptEarResponse = "decryptEarResponse";
|
|
8211
|
+
/**
|
|
8212
|
+
* Background telemetry measurement that tracks whether a late bridge response
|
|
8213
|
+
* arrives after the iframe timeout has already fired.
|
|
8214
|
+
*/
|
|
8215
|
+
const WaitForBridgeLateResponse = "waitForBridgeLateResponse";
|
|
8203
8216
|
|
|
8204
8217
|
/*
|
|
8205
8218
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -9007,20 +9020,35 @@ function cancelPendingBridgeResponse(logger, correlationId) {
|
|
|
9007
9020
|
activeBridgeMonitor = null;
|
|
9008
9021
|
}
|
|
9009
9022
|
}
|
|
9010
|
-
async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient) {
|
|
9023
|
+
async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient, experimentalConfig) {
|
|
9011
9024
|
return new Promise((resolve, reject) => {
|
|
9012
9025
|
logger.verbose("1rf6em", request.correlationId);
|
|
9013
9026
|
const correlationId = request.correlationId;
|
|
9014
9027
|
performanceClient.addFields({
|
|
9015
9028
|
redirectBridgeTimeoutMs: timeoutMs,
|
|
9029
|
+
lateResponseExperimentEnabled: experimentalConfig?.iframeTimeoutTelemetry || false,
|
|
9016
9030
|
}, correlationId);
|
|
9017
9031
|
const { libraryState } = parseRequestState(browserCrypto.base64Decode, request.state || "");
|
|
9018
9032
|
const channel = new BroadcastChannel(libraryState.id);
|
|
9019
9033
|
let responseString = undefined;
|
|
9034
|
+
let timedOut$1 = false;
|
|
9035
|
+
let lateTimeoutId;
|
|
9036
|
+
let lateMeasurement;
|
|
9020
9037
|
const timeoutId = window.setTimeout(() => {
|
|
9021
9038
|
// Clear the active monitor
|
|
9022
9039
|
activeBridgeMonitor = null;
|
|
9023
|
-
|
|
9040
|
+
if (experimentalConfig?.iframeTimeoutTelemetry) {
|
|
9041
|
+
lateMeasurement = performanceClient.startMeasurement(WaitForBridgeLateResponse, correlationId);
|
|
9042
|
+
timedOut$1 = true;
|
|
9043
|
+
lateTimeoutId = window.setTimeout(() => {
|
|
9044
|
+
lateMeasurement?.end({ success: false });
|
|
9045
|
+
clearTimeout(lateTimeoutId);
|
|
9046
|
+
channel.close();
|
|
9047
|
+
}, 60000); // 60s late response timeout to allow for telemetry of late responses
|
|
9048
|
+
}
|
|
9049
|
+
else {
|
|
9050
|
+
channel.close();
|
|
9051
|
+
}
|
|
9024
9052
|
reject(createBrowserAuthError(timedOut, "redirect_bridge_timeout"));
|
|
9025
9053
|
}, timeoutMs);
|
|
9026
9054
|
// Track this monitor so it can be cancelled if needed
|
|
@@ -9034,6 +9062,14 @@ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request,
|
|
|
9034
9062
|
const messageVersion = event?.data && typeof event.data.v === "number"
|
|
9035
9063
|
? event.data.v
|
|
9036
9064
|
: undefined;
|
|
9065
|
+
if (timedOut$1) {
|
|
9066
|
+
lateMeasurement?.end({
|
|
9067
|
+
success: responseString ? true : false,
|
|
9068
|
+
});
|
|
9069
|
+
clearTimeout(lateTimeoutId);
|
|
9070
|
+
channel.close();
|
|
9071
|
+
return;
|
|
9072
|
+
}
|
|
9037
9073
|
performanceClient.addFields({
|
|
9038
9074
|
redirectBridgeMessageVersion: messageVersion,
|
|
9039
9075
|
}, correlationId);
|
|
@@ -16716,9 +16752,9 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
16716
16752
|
}
|
|
16717
16753
|
// Get the preferred_cache domain for the given authority
|
|
16718
16754
|
const authority = await getDiscoveredAuthority(this.config, this.correlationId, this.performanceClient, this.browserStorage, this.logger, request.authority);
|
|
16719
|
-
const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info,
|
|
16755
|
+
const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info, authority.getPreferredCache(), // environment
|
|
16720
16756
|
idTokenClaims.tid, undefined, // auth code payload
|
|
16721
|
-
response.account.id);
|
|
16757
|
+
response.account.id, this.logger, this.performanceClient);
|
|
16722
16758
|
// Ensure expires_in is in number format
|
|
16723
16759
|
response.expires_in = Number(response.expires_in);
|
|
16724
16760
|
// generate authenticationResult
|
|
@@ -17603,7 +17639,7 @@ const DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS = 2000;
|
|
|
17603
17639
|
*
|
|
17604
17640
|
* @returns Configuration object
|
|
17605
17641
|
*/
|
|
17606
|
-
function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system: userInputSystem, telemetry: userInputTelemetry, }, isBrowserEnvironment) {
|
|
17642
|
+
function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system: userInputSystem, experimental: userInputExperimental, telemetry: userInputTelemetry, }, isBrowserEnvironment) {
|
|
17607
17643
|
// Default auth options for browser
|
|
17608
17644
|
const DEFAULT_AUTH_OPTIONS = {
|
|
17609
17645
|
clientId: "",
|
|
@@ -17675,6 +17711,9 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
|
|
|
17675
17711
|
},
|
|
17676
17712
|
client: new StubPerformanceClient(),
|
|
17677
17713
|
};
|
|
17714
|
+
const DEFAULT_EXPERIMENTAL_OPTIONS = {
|
|
17715
|
+
iframeTimeoutTelemetry: false,
|
|
17716
|
+
};
|
|
17678
17717
|
// Throw an error if user has set OIDCOptions without being in OIDC protocol mode
|
|
17679
17718
|
if (userInputSystem?.protocolMode !== ProtocolMode.OIDC &&
|
|
17680
17719
|
userInputAuth?.OIDCOptions) {
|
|
@@ -17698,6 +17737,10 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
|
|
|
17698
17737
|
},
|
|
17699
17738
|
cache: { ...DEFAULT_CACHE_OPTIONS, ...userInputCache },
|
|
17700
17739
|
system: providedSystemOptions,
|
|
17740
|
+
experimental: {
|
|
17741
|
+
...DEFAULT_EXPERIMENTAL_OPTIONS,
|
|
17742
|
+
...userInputExperimental,
|
|
17743
|
+
},
|
|
17701
17744
|
telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...userInputTelemetry },
|
|
17702
17745
|
};
|
|
17703
17746
|
return overlayedConfig;
|
|
@@ -19096,6 +19139,16 @@ function createHiddenIframe() {
|
|
|
19096
19139
|
authFrame.setAttribute("allow", "local-network-access *");
|
|
19097
19140
|
document.body.appendChild(authFrame);
|
|
19098
19141
|
return authFrame;
|
|
19142
|
+
}
|
|
19143
|
+
/**
|
|
19144
|
+
* @hidden
|
|
19145
|
+
* Removes a hidden iframe from `document.body` if it is a direct child.
|
|
19146
|
+
* @param iframe - The iframe element to remove.
|
|
19147
|
+
*/
|
|
19148
|
+
function removeHiddenIframe(iframe) {
|
|
19149
|
+
if (document.body === iframe.parentNode) {
|
|
19150
|
+
document.body.removeChild(iframe);
|
|
19151
|
+
}
|
|
19099
19152
|
}
|
|
19100
19153
|
|
|
19101
19154
|
/*
|
|
@@ -19191,9 +19244,15 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
19191
19244
|
earJwk: earJwk,
|
|
19192
19245
|
codeChallenge: pkceCodes.challenge,
|
|
19193
19246
|
};
|
|
19194
|
-
await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
|
|
19247
|
+
const iframe = await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
|
|
19195
19248
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
19196
|
-
|
|
19249
|
+
let responseString;
|
|
19250
|
+
try {
|
|
19251
|
+
responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
|
|
19252
|
+
}
|
|
19253
|
+
finally {
|
|
19254
|
+
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
19255
|
+
}
|
|
19197
19256
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
|
|
19198
19257
|
if (!serverParams.ear_jwe && serverParams.code) {
|
|
19199
19258
|
// If server doesn't support EAR, they may fallback to auth code flow instead
|
|
@@ -19231,18 +19290,25 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
19231
19290
|
...request,
|
|
19232
19291
|
codeChallenge: pkceCodes.challenge,
|
|
19233
19292
|
};
|
|
19293
|
+
let iframe;
|
|
19234
19294
|
if (request.httpMethod === HttpMethod$1.POST) {
|
|
19235
|
-
await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
19295
|
+
iframe = await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
19236
19296
|
}
|
|
19237
19297
|
else {
|
|
19238
19298
|
// Create authorize request url
|
|
19239
19299
|
const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
19240
19300
|
// Get the frame handle for the silent request
|
|
19241
|
-
await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId);
|
|
19301
|
+
iframe = await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId);
|
|
19242
19302
|
}
|
|
19243
19303
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
19244
19304
|
// Wait for response from the redirect bridge.
|
|
19245
|
-
|
|
19305
|
+
let responseString;
|
|
19306
|
+
try {
|
|
19307
|
+
responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
|
|
19308
|
+
}
|
|
19309
|
+
finally {
|
|
19310
|
+
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
19311
|
+
}
|
|
19246
19312
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
|
|
19247
19313
|
return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
19248
19314
|
}
|
|
@@ -19486,22 +19552,32 @@ class StandardController {
|
|
|
19486
19552
|
this.nativeInternalStorage = new BrowserCacheManager(this.config.auth.clientId, nativeCacheOptions, this.browserCrypto, this.logger, this.performanceClient, this.eventHandler);
|
|
19487
19553
|
this.activeSilentTokenRequests = new Map();
|
|
19488
19554
|
// Register listener functions
|
|
19489
|
-
this.
|
|
19555
|
+
this.trackStateChange = this.trackStateChange.bind(this);
|
|
19490
19556
|
// Register listener functions
|
|
19491
|
-
this.
|
|
19492
|
-
this.
|
|
19557
|
+
this.trackStateChangeWithMeasurement =
|
|
19558
|
+
this.trackStateChangeWithMeasurement.bind(this);
|
|
19493
19559
|
}
|
|
19494
19560
|
static async createController(operatingContext, request) {
|
|
19495
19561
|
const controller = new StandardController(operatingContext);
|
|
19496
19562
|
await controller.initialize(request);
|
|
19497
19563
|
return controller;
|
|
19498
19564
|
}
|
|
19499
|
-
|
|
19565
|
+
trackStateChange(correlationId, event) {
|
|
19500
19566
|
if (!correlationId) {
|
|
19501
19567
|
return;
|
|
19502
19568
|
}
|
|
19503
|
-
|
|
19504
|
-
|
|
19569
|
+
if (event.type === "visibilitychange") {
|
|
19570
|
+
this.logger.info("16v6hv", correlationId);
|
|
19571
|
+
this.performanceClient.incrementFields({ visibilityChangeCount: 1 }, correlationId);
|
|
19572
|
+
}
|
|
19573
|
+
else if (event.type === "online") {
|
|
19574
|
+
this.logger.info("0zirfd", correlationId);
|
|
19575
|
+
this.performanceClient.incrementFields({ onlineStatusChangeCount: 1 }, correlationId);
|
|
19576
|
+
}
|
|
19577
|
+
else if (event.type === "offline") {
|
|
19578
|
+
this.logger.info("1xk9ef", correlationId);
|
|
19579
|
+
this.performanceClient.incrementFields({ onlineStatusChangeCount: 1 }, correlationId);
|
|
19580
|
+
}
|
|
19505
19581
|
}
|
|
19506
19582
|
/**
|
|
19507
19583
|
* Initializer function to perform async startup tasks such as connecting to WAM extension
|
|
@@ -19843,15 +19919,40 @@ class StandardController {
|
|
|
19843
19919
|
}
|
|
19844
19920
|
});
|
|
19845
19921
|
}
|
|
19846
|
-
|
|
19922
|
+
trackStateChangeWithMeasurement(event) {
|
|
19847
19923
|
const measurement = this.ssoSilentMeasurement ||
|
|
19848
19924
|
this.acquireTokenByCodeAsyncMeasurement;
|
|
19849
19925
|
if (!measurement) {
|
|
19850
19926
|
return;
|
|
19851
19927
|
}
|
|
19852
|
-
|
|
19853
|
-
|
|
19854
|
-
|
|
19928
|
+
if (event.type === "visibilitychange") {
|
|
19929
|
+
this.logger.info("0yzimq", measurement.event.correlationId);
|
|
19930
|
+
measurement.increment({
|
|
19931
|
+
visibilityChangeCount: 1,
|
|
19932
|
+
});
|
|
19933
|
+
}
|
|
19934
|
+
else if (event.type === "online") {
|
|
19935
|
+
this.logger.info("1caf53", measurement.event.correlationId);
|
|
19936
|
+
measurement.increment({
|
|
19937
|
+
onlineStatusChangeCount: 1,
|
|
19938
|
+
});
|
|
19939
|
+
}
|
|
19940
|
+
else if (event.type === "offline") {
|
|
19941
|
+
this.logger.info("0fdyk7", measurement.event.correlationId);
|
|
19942
|
+
measurement.increment({
|
|
19943
|
+
onlineStatusChangeCount: 1,
|
|
19944
|
+
});
|
|
19945
|
+
}
|
|
19946
|
+
}
|
|
19947
|
+
addStateChangeListeners(listener) {
|
|
19948
|
+
document.addEventListener("visibilitychange", listener);
|
|
19949
|
+
window.addEventListener("online", listener);
|
|
19950
|
+
window.addEventListener("offline", listener);
|
|
19951
|
+
}
|
|
19952
|
+
removeStateChangeListeners(listener) {
|
|
19953
|
+
document.removeEventListener("visibilitychange", listener);
|
|
19954
|
+
window.removeEventListener("online", listener);
|
|
19955
|
+
window.removeEventListener("offline", listener);
|
|
19855
19956
|
}
|
|
19856
19957
|
// #endregion
|
|
19857
19958
|
// #region Silent Flow
|
|
@@ -19885,8 +19986,9 @@ class StandardController {
|
|
|
19885
19986
|
preflightCheck(this.initialized, this.ssoSilentMeasurement, this.config, validRequest);
|
|
19886
19987
|
this.ssoSilentMeasurement?.increment({
|
|
19887
19988
|
visibilityChangeCount: 0,
|
|
19989
|
+
onlineStatusChangeCount: 0,
|
|
19888
19990
|
});
|
|
19889
|
-
|
|
19991
|
+
this.addStateChangeListeners(this.trackStateChangeWithMeasurement);
|
|
19890
19992
|
const loggedInAccounts = this.getAllAccounts();
|
|
19891
19993
|
this.logger.verbose("0w1b45", correlationId);
|
|
19892
19994
|
this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, InteractionType.Silent, validRequest);
|
|
@@ -19929,7 +20031,7 @@ class StandardController {
|
|
|
19929
20031
|
throw e;
|
|
19930
20032
|
})
|
|
19931
20033
|
.finally(() => {
|
|
19932
|
-
|
|
20034
|
+
this.removeStateChangeListeners(this.trackStateChangeWithMeasurement);
|
|
19933
20035
|
});
|
|
19934
20036
|
}
|
|
19935
20037
|
/**
|
|
@@ -20036,8 +20138,9 @@ class StandardController {
|
|
|
20036
20138
|
this.performanceClient.startMeasurement(AcquireTokenByCodeAsync, correlationId);
|
|
20037
20139
|
this.acquireTokenByCodeAsyncMeasurement?.increment({
|
|
20038
20140
|
visibilityChangeCount: 0,
|
|
20141
|
+
onlineStatusChangeCount: 0,
|
|
20039
20142
|
});
|
|
20040
|
-
|
|
20143
|
+
this.addStateChangeListeners(this.trackStateChangeWithMeasurement);
|
|
20041
20144
|
const silentAuthCodeClient = this.createSilentAuthCodeClient(correlationId);
|
|
20042
20145
|
const silentTokenResult = await silentAuthCodeClient
|
|
20043
20146
|
.acquireToken(request)
|
|
@@ -20056,7 +20159,7 @@ class StandardController {
|
|
|
20056
20159
|
throw tokenRenewalError;
|
|
20057
20160
|
})
|
|
20058
20161
|
.finally(() => {
|
|
20059
|
-
|
|
20162
|
+
this.removeStateChangeListeners(this.trackStateChangeWithMeasurement);
|
|
20060
20163
|
});
|
|
20061
20164
|
return silentTokenResult;
|
|
20062
20165
|
}
|
|
@@ -20518,12 +20621,12 @@ class StandardController {
|
|
|
20518
20621
|
* @returns {Promise.<AuthenticationResult>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse}
|
|
20519
20622
|
*/
|
|
20520
20623
|
async acquireTokenSilentAsync(request, account) {
|
|
20521
|
-
const
|
|
20624
|
+
const trackStateChange = (event) => this.trackStateChange(request.correlationId, event);
|
|
20522
20625
|
this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, request.correlationId, InteractionType.Silent, request);
|
|
20523
20626
|
if (request.correlationId) {
|
|
20524
|
-
this.performanceClient.incrementFields({ visibilityChangeCount: 0 }, request.correlationId);
|
|
20627
|
+
this.performanceClient.incrementFields({ visibilityChangeCount: 0, onlineStatusChangeCount: 0 }, request.correlationId);
|
|
20525
20628
|
}
|
|
20526
|
-
|
|
20629
|
+
this.addStateChangeListeners(trackStateChange);
|
|
20527
20630
|
const silentRequest = await invokeAsync(initializeSilentRequest, InitializeSilentRequest, this.logger, this.performanceClient, request.correlationId)(request, account, this.config, this.performanceClient, this.logger);
|
|
20528
20631
|
const cacheLookupPolicy = request.cacheLookupPolicy || CacheLookupPolicy.Default;
|
|
20529
20632
|
const result = this.acquireTokenSilentNoIframe(silentRequest, cacheLookupPolicy).catch(async (refreshTokenError) => {
|
|
@@ -20605,7 +20708,7 @@ class StandardController {
|
|
|
20605
20708
|
throw tokenRenewalError;
|
|
20606
20709
|
})
|
|
20607
20710
|
.finally(() => {
|
|
20608
|
-
|
|
20711
|
+
this.removeStateChangeListeners(trackStateChange);
|
|
20609
20712
|
});
|
|
20610
20713
|
}
|
|
20611
20714
|
/**
|