@azure/msal-browser 5.6.1 → 5.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (396) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  4. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  7. package/dist/cache/AccountManager.mjs +1 -1
  8. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  9. package/dist/cache/BrowserCacheManager.mjs +1 -1
  10. package/dist/cache/CacheHelpers.mjs +1 -1
  11. package/dist/cache/CacheKeys.mjs +1 -1
  12. package/dist/cache/CookieStorage.mjs +1 -1
  13. package/dist/cache/DatabaseStorage.mjs +1 -1
  14. package/dist/cache/EncryptedData.mjs +1 -1
  15. package/dist/cache/LocalStorage.mjs +1 -1
  16. package/dist/cache/MemoryStorage.mjs +1 -1
  17. package/dist/cache/SessionStorage.mjs +1 -1
  18. package/dist/cache/TokenCache.d.ts.map +1 -1
  19. package/dist/cache/TokenCache.mjs +9 -9
  20. package/dist/cache/TokenCache.mjs.map +1 -1
  21. package/dist/config/Configuration.d.ts +13 -1
  22. package/dist/config/Configuration.d.ts.map +1 -1
  23. package/dist/config/Configuration.mjs +9 -2
  24. package/dist/config/Configuration.mjs.map +1 -1
  25. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  26. package/dist/controllers/StandardController.d.ts +4 -2
  27. package/dist/controllers/StandardController.d.ts.map +1 -1
  28. package/dist/controllers/StandardController.mjs +56 -19
  29. package/dist/controllers/StandardController.mjs.map +1 -1
  30. package/dist/crypto/BrowserCrypto.mjs +1 -1
  31. package/dist/crypto/CryptoOps.mjs +1 -1
  32. package/dist/crypto/PkceGenerator.mjs +1 -1
  33. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  34. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  35. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  36. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  37. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  38. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  39. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  40. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  41. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
  42. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  43. package/dist/custom-auth-path/cache/CacheKeys.mjs +1 -1
  44. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  45. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  46. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  47. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  48. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  49. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  50. package/dist/custom-auth-path/cache/TokenCache.d.ts.map +1 -1
  51. package/dist/custom-auth-path/config/Configuration.d.ts +13 -1
  52. package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
  53. package/dist/custom-auth-path/config/Configuration.mjs +9 -2
  54. package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
  55. package/dist/custom-auth-path/controllers/StandardController.d.ts +4 -2
  56. package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
  57. package/dist/custom-auth-path/controllers/StandardController.mjs +56 -19
  58. package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
  59. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  60. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  61. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  62. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  63. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  64. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  65. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  66. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  67. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  68. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  69. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  70. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  71. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  72. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  74. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  158. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  159. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  160. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  169. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  170. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  171. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  172. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  173. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  174. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  175. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  176. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  177. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  178. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  179. package/dist/custom-auth-path/index.d.ts +1 -1
  180. package/dist/custom-auth-path/index.d.ts.map +1 -1
  181. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  182. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  183. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  184. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  185. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +8 -8
  186. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  187. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +1 -1
  188. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
  189. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  190. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  191. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
  192. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +21 -8
  193. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
  194. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  195. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
  196. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  197. package/dist/custom-auth-path/interaction_handler/SilentHandler.d.ts +6 -0
  198. package/dist/custom-auth-path/interaction_handler/SilentHandler.d.ts.map +1 -1
  199. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +12 -2
  200. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs.map +1 -1
  201. package/dist/custom-auth-path/log-strings-mapping.json +23 -3
  202. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  203. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  204. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  205. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  206. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  207. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  208. package/dist/custom-auth-path/protocol/Authorize.mjs +1 -1
  209. package/dist/custom-auth-path/redirect_bridge/index.d.ts.map +1 -1
  210. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  211. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  212. package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts +1 -0
  213. package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  214. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts +5 -0
  215. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  216. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +9 -3
  217. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
  218. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  219. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  220. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  221. package/dist/custom-auth-path/utils/BrowserUtils.d.ts +2 -2
  222. package/dist/custom-auth-path/utils/BrowserUtils.d.ts.map +1 -1
  223. package/dist/custom-auth-path/utils/BrowserUtils.mjs +27 -3
  224. package/dist/custom-auth-path/utils/BrowserUtils.mjs.map +1 -1
  225. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  226. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
  227. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  228. package/dist/encode/Base64Decode.mjs +1 -1
  229. package/dist/encode/Base64Encode.mjs +1 -1
  230. package/dist/error/BrowserAuthError.mjs +1 -1
  231. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  232. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  233. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  234. package/dist/error/NativeAuthError.mjs +1 -1
  235. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  236. package/dist/error/NestedAppAuthError.mjs +1 -1
  237. package/dist/event/EventHandler.mjs +1 -1
  238. package/dist/event/EventMessage.mjs +1 -1
  239. package/dist/event/EventType.mjs +1 -1
  240. package/dist/index.d.ts +1 -1
  241. package/dist/index.d.ts.map +1 -1
  242. package/dist/index.mjs +1 -1
  243. package/dist/index.mjs.map +1 -1
  244. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  245. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  246. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  247. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  248. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +8 -8
  249. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  250. package/dist/interaction_client/PopupClient.mjs +1 -1
  251. package/dist/interaction_client/RedirectClient.mjs +1 -1
  252. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  253. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  254. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  255. package/dist/interaction_client/SilentIframeClient.mjs +21 -8
  256. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  257. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  258. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  259. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  260. package/dist/interaction_handler/SilentHandler.d.ts +6 -0
  261. package/dist/interaction_handler/SilentHandler.d.ts.map +1 -1
  262. package/dist/interaction_handler/SilentHandler.mjs +12 -2
  263. package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
  264. package/dist/log-strings-mapping.json +31 -11
  265. package/dist/naa/BridgeError.mjs +1 -1
  266. package/dist/naa/BridgeProxy.mjs +1 -1
  267. package/dist/naa/BridgeStatusCode.mjs +1 -1
  268. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  269. package/dist/navigation/NavigationClient.mjs +1 -1
  270. package/dist/network/FetchClient.mjs +1 -1
  271. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  272. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  273. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  274. package/dist/packageMetadata.d.ts +1 -1
  275. package/dist/packageMetadata.mjs +2 -2
  276. package/dist/protocol/Authorize.mjs +1 -1
  277. package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
  278. package/dist/redirect-bridge/cache/TokenCache.d.ts.map +1 -1
  279. package/dist/redirect-bridge/config/Configuration.d.ts +13 -1
  280. package/dist/redirect-bridge/config/Configuration.d.ts.map +1 -1
  281. package/dist/redirect-bridge/config/Configuration.mjs +1 -1
  282. package/dist/redirect-bridge/controllers/StandardController.d.ts +4 -2
  283. package/dist/redirect-bridge/controllers/StandardController.d.ts.map +1 -1
  284. package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
  285. package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
  286. package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
  287. package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
  288. package/dist/redirect-bridge/index.d.ts +1 -1
  289. package/dist/redirect-bridge/index.d.ts.map +1 -1
  290. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  291. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  292. package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts.map +1 -1
  293. package/dist/redirect-bridge/interaction_handler/SilentHandler.d.ts +6 -0
  294. package/dist/redirect-bridge/interaction_handler/SilentHandler.d.ts.map +1 -1
  295. package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
  296. package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
  297. package/dist/redirect-bridge/redirect_bridge/index.d.ts.map +1 -1
  298. package/dist/redirect-bridge/redirect_bridge/index.mjs +43 -24
  299. package/dist/redirect-bridge/redirect_bridge/index.mjs.map +1 -1
  300. package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts +1 -0
  301. package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  302. package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts +5 -0
  303. package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  304. package/dist/redirect-bridge/utils/BrowserConstants.mjs +1 -1
  305. package/dist/redirect-bridge/utils/BrowserUtils.d.ts +2 -2
  306. package/dist/redirect-bridge/utils/BrowserUtils.d.ts.map +1 -1
  307. package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
  308. package/dist/redirect-bridge/utils/BrowserUtils.mjs.map +1 -1
  309. package/dist/redirect_bridge/index.d.ts.map +1 -1
  310. package/dist/request/RequestHelpers.mjs +1 -1
  311. package/dist/response/ResponseHandler.mjs +1 -1
  312. package/dist/telemetry/BrowserPerformanceClient.d.ts +1 -0
  313. package/dist/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  314. package/dist/telemetry/BrowserPerformanceClient.mjs +6 -1
  315. package/dist/telemetry/BrowserPerformanceClient.mjs.map +1 -1
  316. package/dist/telemetry/BrowserPerformanceEvents.d.ts +5 -0
  317. package/dist/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  318. package/dist/telemetry/BrowserPerformanceEvents.mjs +9 -3
  319. package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
  320. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  321. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  322. package/dist/utils/BrowserConstants.mjs +1 -1
  323. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  324. package/dist/utils/BrowserUtils.d.ts +2 -2
  325. package/dist/utils/BrowserUtils.d.ts.map +1 -1
  326. package/dist/utils/BrowserUtils.mjs +27 -3
  327. package/dist/utils/BrowserUtils.mjs.map +1 -1
  328. package/dist/utils/Helpers.mjs +1 -1
  329. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  330. package/lib/custom-auth-path/log-strings-mapping.json +23 -3
  331. package/lib/custom-auth-path/msal-custom-auth.cjs +649 -546
  332. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  333. package/lib/custom-auth-path/types/cache/TokenCache.d.ts.map +1 -1
  334. package/lib/custom-auth-path/types/config/Configuration.d.ts +13 -1
  335. package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
  336. package/lib/custom-auth-path/types/controllers/StandardController.d.ts +4 -2
  337. package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
  338. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  339. package/lib/custom-auth-path/types/index.d.ts +1 -1
  340. package/lib/custom-auth-path/types/index.d.ts.map +1 -1
  341. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  342. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  343. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  344. package/lib/custom-auth-path/types/interaction_handler/SilentHandler.d.ts +6 -0
  345. package/lib/custom-auth-path/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  346. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  347. package/lib/custom-auth-path/types/redirect_bridge/index.d.ts.map +1 -1
  348. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts +1 -0
  349. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  350. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts +5 -0
  351. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  352. package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts +2 -2
  353. package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts.map +1 -1
  354. package/lib/log-strings-mapping.json +31 -11
  355. package/lib/msal-browser.cjs +794 -685
  356. package/lib/msal-browser.cjs.map +1 -1
  357. package/lib/msal-browser.js +794 -685
  358. package/lib/msal-browser.js.map +1 -1
  359. package/lib/msal-browser.min.js +2 -2
  360. package/lib/redirect-bridge/msal-redirect-bridge.js +52 -33
  361. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  362. package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
  363. package/lib/types/cache/TokenCache.d.ts.map +1 -1
  364. package/lib/types/config/Configuration.d.ts +13 -1
  365. package/lib/types/config/Configuration.d.ts.map +1 -1
  366. package/lib/types/controllers/StandardController.d.ts +4 -2
  367. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  368. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  369. package/lib/types/index.d.ts +1 -1
  370. package/lib/types/index.d.ts.map +1 -1
  371. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  372. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  373. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  374. package/lib/types/interaction_handler/SilentHandler.d.ts +6 -0
  375. package/lib/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  376. package/lib/types/packageMetadata.d.ts +1 -1
  377. package/lib/types/redirect_bridge/index.d.ts.map +1 -1
  378. package/lib/types/telemetry/BrowserPerformanceClient.d.ts +1 -0
  379. package/lib/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  380. package/lib/types/telemetry/BrowserPerformanceEvents.d.ts +5 -0
  381. package/lib/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  382. package/lib/types/utils/BrowserUtils.d.ts +2 -2
  383. package/lib/types/utils/BrowserUtils.d.ts.map +1 -1
  384. package/package.json +2 -2
  385. package/src/cache/TokenCache.ts +27 -24
  386. package/src/config/Configuration.ts +22 -0
  387. package/src/controllers/StandardController.ts +84 -35
  388. package/src/index.ts +1 -0
  389. package/src/interaction_client/PlatformAuthInteractionClient.ts +55 -53
  390. package/src/interaction_client/SilentIframeClient.ts +55 -29
  391. package/src/interaction_handler/SilentHandler.ts +11 -0
  392. package/src/packageMetadata.ts +1 -1
  393. package/src/redirect_bridge/index.ts +47 -25
  394. package/src/telemetry/BrowserPerformanceClient.ts +6 -0
  395. package/src/telemetry/BrowserPerformanceEvents.ts +6 -0
  396. package/src/utils/BrowserUtils.ts +36 -4
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v5.6.1 2026-03-19 */
1
+ /*! @azure/msal-browser v5.6.3 2026-04-01 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v16.4.0 2026-03-19 */
5
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -229,7 +229,7 @@ const JsonWebTokenTypes = {
229
229
  // Token renewal offset default in seconds
230
230
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
231
231
 
232
- /*! @azure/msal-common v16.4.0 2026-03-19 */
232
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
233
233
  /*
234
234
  * Copyright (c) Microsoft Corporation. All rights reserved.
235
235
  * Licensed under the MIT License.
@@ -281,7 +281,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
281
281
  const RESOURCE = "resource";
282
282
  const CLI_DATA = "clidata";
283
283
 
284
- /*! @azure/msal-common v16.4.0 2026-03-19 */
284
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
285
285
  /*
286
286
  * Copyright (c) Microsoft Corporation. All rights reserved.
287
287
  * Licensed under the MIT License.
@@ -312,7 +312,7 @@ function createAuthError(code, additionalMessage) {
312
312
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
313
313
  }
314
314
 
315
- /*! @azure/msal-common v16.4.0 2026-03-19 */
315
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
316
316
 
317
317
  /*
318
318
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -332,7 +332,7 @@ function createClientConfigurationError(errorCode) {
332
332
  return new ClientConfigurationError(errorCode);
333
333
  }
334
334
 
335
- /*! @azure/msal-common v16.4.0 2026-03-19 */
335
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
336
336
  /*
337
337
  * Copyright (c) Microsoft Corporation. All rights reserved.
338
338
  * Licensed under the MIT License.
@@ -412,7 +412,7 @@ class StringUtils {
412
412
  }
413
413
  }
414
414
 
415
- /*! @azure/msal-common v16.4.0 2026-03-19 */
415
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
416
416
 
417
417
  /*
418
418
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -435,7 +435,7 @@ function createClientAuthError(errorCode, additionalMessage) {
435
435
  return new ClientAuthError(errorCode, additionalMessage);
436
436
  }
437
437
 
438
- /*! @azure/msal-common v16.4.0 2026-03-19 */
438
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
439
439
  /*
440
440
  * Copyright (c) Microsoft Corporation. All rights reserved.
441
441
  * Licensed under the MIT License.
@@ -459,7 +459,7 @@ const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
459
459
  const authorityMismatch = "authority_mismatch";
460
460
  const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
461
461
 
462
- /*! @azure/msal-common v16.4.0 2026-03-19 */
462
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
463
463
  /*
464
464
  * Copyright (c) Microsoft Corporation. All rights reserved.
465
465
  * Licensed under the MIT License.
@@ -498,7 +498,7 @@ const methodNotImplemented = "method_not_implemented";
498
498
  const resourceParameterRequired = "resource_parameter_required";
499
499
  const misplacedResourceParam = "misplaced_resource_parameter";
500
500
 
501
- /*! @azure/msal-common v16.4.0 2026-03-19 */
501
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
502
502
 
503
503
  /*
504
504
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -693,7 +693,7 @@ class ScopeSet {
693
693
  }
694
694
  }
695
695
 
696
- /*! @azure/msal-common v16.4.0 2026-03-19 */
696
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
697
697
 
698
698
  /*
699
699
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1071,7 +1071,7 @@ function addResource(parameters, resource) {
1071
1071
  }
1072
1072
  }
1073
1073
 
1074
- /*! @azure/msal-common v16.4.0 2026-03-19 */
1074
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
1075
1075
 
1076
1076
  /*
1077
1077
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1180,7 +1180,7 @@ function normalizeUrlForComparison(url) {
1180
1180
  }
1181
1181
  }
1182
1182
 
1183
- /*! @azure/msal-common v16.4.0 2026-03-19 */
1183
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
1184
1184
 
1185
1185
  /*
1186
1186
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1219,7 +1219,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
1219
1219
  },
1220
1220
  };
1221
1221
 
1222
- /*! @azure/msal-common v16.4.0 2026-03-19 */
1222
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
1223
1223
  /*
1224
1224
  * Copyright (c) Microsoft Corporation. All rights reserved.
1225
1225
  * Licensed under the MIT License.
@@ -1480,12 +1480,12 @@ class Logger {
1480
1480
  }
1481
1481
  }
1482
1482
 
1483
- /*! @azure/msal-common v16.4.0 2026-03-19 */
1483
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
1484
1484
  /* eslint-disable header/header */
1485
1485
  const name$1 = "@azure/msal-common";
1486
- const version$1 = "16.4.0";
1486
+ const version$1 = "16.4.1";
1487
1487
 
1488
- /*! @azure/msal-common v16.4.0 2026-03-19 */
1488
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
1489
1489
  /*
1490
1490
  * Copyright (c) Microsoft Corporation. All rights reserved.
1491
1491
  * Licensed under the MIT License.
@@ -1494,7 +1494,7 @@ const AzureCloudInstance = {
1494
1494
  // AzureCloudInstance is not specified.
1495
1495
  None: "none"};
1496
1496
 
1497
- /*! @azure/msal-common v16.4.0 2026-03-19 */
1497
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
1498
1498
  /*
1499
1499
  * Copyright (c) Microsoft Corporation. All rights reserved.
1500
1500
  * Licensed under the MIT License.
@@ -1576,7 +1576,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1576
1576
  return updatedAccountInfo;
1577
1577
  }
1578
1578
 
1579
- /*! @azure/msal-common v16.4.0 2026-03-19 */
1579
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
1580
1580
 
1581
1581
  /*
1582
1582
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1656,7 +1656,7 @@ function checkMaxAge(authTime, maxAge) {
1656
1656
  }
1657
1657
  }
1658
1658
 
1659
- /*! @azure/msal-common v16.4.0 2026-03-19 */
1659
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
1660
1660
 
1661
1661
  /*
1662
1662
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1813,7 +1813,7 @@ class UrlString {
1813
1813
  }
1814
1814
  }
1815
1815
 
1816
- /*! @azure/msal-common v16.4.0 2026-03-19 */
1816
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
1817
1817
 
1818
1818
  /*
1819
1819
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1970,7 +1970,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1970
1970
  return null;
1971
1971
  }
1972
1972
 
1973
- /*! @azure/msal-common v16.4.0 2026-03-19 */
1973
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
1974
1974
  /*
1975
1975
  * Copyright (c) Microsoft Corporation. All rights reserved.
1976
1976
  * Licensed under the MIT License.
@@ -1978,7 +1978,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1978
1978
  const cacheQuotaExceeded = "cache_quota_exceeded";
1979
1979
  const cacheErrorUnknown = "cache_error_unknown";
1980
1980
 
1981
- /*! @azure/msal-common v16.4.0 2026-03-19 */
1981
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
1982
1982
 
1983
1983
  /*
1984
1984
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2016,7 +2016,7 @@ function createCacheError(e) {
2016
2016
  }
2017
2017
  }
2018
2018
 
2019
- /*! @azure/msal-common v16.4.0 2026-03-19 */
2019
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
2020
2020
 
2021
2021
  /*
2022
2022
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2054,7 +2054,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
2054
2054
  };
2055
2055
  }
2056
2056
 
2057
- /*! @azure/msal-common v16.4.0 2026-03-19 */
2057
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
2058
2058
  /*
2059
2059
  * Copyright (c) Microsoft Corporation. All rights reserved.
2060
2060
  * Licensed under the MIT License.
@@ -2069,7 +2069,7 @@ const AuthorityType = {
2069
2069
  Ciam: 3,
2070
2070
  };
2071
2071
 
2072
- /*! @azure/msal-common v16.4.0 2026-03-19 */
2072
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
2073
2073
  /*
2074
2074
  * Copyright (c) Microsoft Corporation. All rights reserved.
2075
2075
  * Licensed under the MIT License.
@@ -2091,7 +2091,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
2091
2091
  return null;
2092
2092
  }
2093
2093
 
2094
- /*! @azure/msal-common v16.4.0 2026-03-19 */
2094
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
2095
2095
  /*
2096
2096
  * Copyright (c) Microsoft Corporation. All rights reserved.
2097
2097
  * Licensed under the MIT License.
@@ -2115,7 +2115,7 @@ const ProtocolMode = {
2115
2115
  EAR: "EAR",
2116
2116
  };
2117
2117
 
2118
- /*! @azure/msal-common v16.4.0 2026-03-19 */
2118
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
2119
2119
  /**
2120
2120
  * Returns the AccountInfo interface for this account.
2121
2121
  */
@@ -2290,7 +2290,7 @@ function isAccountEntity(entity) {
2290
2290
  entity.hasOwnProperty("authorityType"));
2291
2291
  }
2292
2292
 
2293
- /*! @azure/msal-common v16.4.0 2026-03-19 */
2293
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
2294
2294
 
2295
2295
  /*
2296
2296
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3391,7 +3391,7 @@ class DefaultStorageClass extends CacheManager {
3391
3391
  }
3392
3392
  }
3393
3393
 
3394
- /*! @azure/msal-common v16.4.0 2026-03-19 */
3394
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
3395
3395
  /*
3396
3396
  * Copyright (c) Microsoft Corporation. All rights reserved.
3397
3397
  * Licensed under the MIT License.
@@ -3405,7 +3405,7 @@ class DefaultStorageClass extends CacheManager {
3405
3405
  const PerformanceEventStatus = {
3406
3406
  InProgress: 1};
3407
3407
 
3408
- /*! @azure/msal-common v16.4.0 2026-03-19 */
3408
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
3409
3409
 
3410
3410
  /*
3411
3411
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3460,7 +3460,7 @@ class StubPerformanceClient {
3460
3460
  }
3461
3461
  }
3462
3462
 
3463
- /*! @azure/msal-common v16.4.0 2026-03-19 */
3463
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
3464
3464
 
3465
3465
  /*
3466
3466
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3555,278 +3555,358 @@ function isOidcProtocolMode(config) {
3555
3555
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3556
3556
  }
3557
3557
 
3558
- /*! @azure/msal-common v16.4.0 2026-03-19 */
3559
-
3558
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
3560
3559
  /*
3561
3560
  * Copyright (c) Microsoft Corporation. All rights reserved.
3562
3561
  * Licensed under the MIT License.
3563
3562
  */
3564
3563
  /**
3565
- * Error thrown when there is an error with the server code, for example, unavailability.
3566
- */
3567
- class ServerError extends AuthError {
3568
- constructor(errorCode, errorMessage, subError, errorNo, status) {
3569
- super(errorCode, errorMessage, subError);
3570
- this.name = "ServerError";
3571
- this.errorNo = errorNo;
3572
- this.status = status;
3573
- Object.setPrototypeOf(this, ServerError.prototype);
3564
+ * This class instance helps track the memory changes facilitating
3565
+ * decisions to read from and write to the persistent cache
3566
+ */ class TokenCacheContext {
3567
+ constructor(tokenCache, hasChanged) {
3568
+ this.cache = tokenCache;
3569
+ this.hasChanged = hasChanged;
3570
+ }
3571
+ /**
3572
+ * boolean which indicates the changes in cache
3573
+ */
3574
+ get cacheHasChanged() {
3575
+ return this.hasChanged;
3576
+ }
3577
+ /**
3578
+ * function to retrieve the token cache
3579
+ */
3580
+ get tokenCache() {
3581
+ return this.cache;
3574
3582
  }
3575
3583
  }
3576
3584
 
3577
- /*! @azure/msal-common v16.4.0 2026-03-19 */
3585
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
3578
3586
  /*
3579
3587
  * Copyright (c) Microsoft Corporation. All rights reserved.
3580
3588
  * Licensed under the MIT License.
3581
3589
  */
3582
3590
  /**
3583
- * MSAL-defined interaction required error code indicating no tokens are found in cache.
3584
- * @public
3585
- */
3586
- const noTokensFound = "no_tokens_found";
3587
- /**
3588
- * MSAL-defined error code indicating a native account is unavailable on the platform.
3589
- * @public
3590
- */
3591
- const nativeAccountUnavailable = "native_account_unavailable";
3592
- /**
3593
- * MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
3594
- * @public
3595
- */
3596
- const refreshTokenExpired = "refresh_token_expired";
3597
- /**
3598
- * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
3599
- * @public
3600
- */
3601
- const uxNotAllowed = "ux_not_allowed";
3602
- /**
3603
- * Server-originated error code indicating interaction is required to complete the request.
3604
- * @public
3605
- */
3606
- const interactionRequired = "interaction_required";
3607
- /**
3608
- * Server-originated error code indicating user consent is required.
3609
- * @public
3610
- */
3611
- const consentRequired = "consent_required";
3612
- /**
3613
- * Server-originated error code indicating user login is required.
3614
- * @public
3591
+ * Utility functions for managing date and time operations.
3615
3592
  */
3616
- const loginRequired = "login_required";
3617
3593
  /**
3618
- * Server-originated error code indicating the token is invalid or corrupted.
3619
- * @public
3594
+ * return the current time in Unix time (seconds).
3620
3595
  */
3621
- const badToken = "bad_token";
3596
+ function nowSeconds() {
3597
+ // Date.getTime() returns in milliseconds.
3598
+ return Math.round(new Date().getTime() / 1000.0);
3599
+ }
3622
3600
  /**
3623
- * Server-originated error code indicating the user is in an interrupted state and interaction is required.
3624
- * @public
3625
- */
3626
- const interruptedUser = "interrupted_user";
3627
-
3628
- /*! @azure/msal-common v16.4.0 2026-03-19 */
3629
-
3630
- /*
3631
- * Copyright (c) Microsoft Corporation. All rights reserved.
3632
- * Licensed under the MIT License.
3601
+ * Converts JS Date object to seconds
3602
+ * @param date Date
3633
3603
  */
3604
+ function toSecondsFromDate(date) {
3605
+ // Convert date to seconds
3606
+ return date.getTime() / 1000;
3607
+ }
3634
3608
  /**
3635
- * InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required
3609
+ * Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
3610
+ * @param seconds
3636
3611
  */
3637
- const InteractionRequiredServerErrorMessage = [
3638
- interactionRequired,
3639
- consentRequired,
3640
- loginRequired,
3641
- badToken,
3642
- uxNotAllowed,
3643
- interruptedUser,
3644
- ];
3645
- const InteractionRequiredAuthSubErrorMessage = [
3646
- "message_only",
3647
- "additional_action",
3648
- "basic_action",
3649
- "user_password_expired",
3650
- "consent_required",
3651
- "bad_token",
3652
- "ux_not_allowed",
3653
- "interrupted_user",
3654
- ];
3612
+ function toDateFromSeconds(seconds) {
3613
+ if (seconds) {
3614
+ return new Date(Number(seconds) * 1000);
3615
+ }
3616
+ return new Date();
3617
+ }
3655
3618
  /**
3656
- * Error thrown when user interaction is required.
3619
+ * check if a token is expired based on given UTC time in seconds.
3620
+ * @param expiresOn
3657
3621
  */
3658
- class InteractionRequiredAuthError extends AuthError {
3659
- constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
3660
- super(errorCode, errorMessage, subError);
3661
- Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
3662
- this.timestamp = timestamp || "";
3663
- this.traceId = traceId || "";
3664
- this.correlationId = correlationId || "";
3665
- this.claims = claims || "";
3666
- this.name = "InteractionRequiredAuthError";
3667
- this.errorNo = errorNo;
3668
- }
3622
+ function isTokenExpired(expiresOn, offset) {
3623
+ // check for access token expiry
3624
+ const expirationSec = Number(expiresOn) || 0;
3625
+ const offsetCurrentTimeSec = nowSeconds() + offset;
3626
+ // If current time + offset is greater than token expiration time, then token is expired.
3627
+ return offsetCurrentTimeSec > expirationSec;
3669
3628
  }
3670
3629
  /**
3671
- * Helper function used to determine if an error thrown by the server requires interaction to resolve
3672
- * @param errorCode
3673
- * @param errorString
3674
- * @param subError
3630
+ * Checks if a cache entry is expired based on the last updated time and cache retention days.
3631
+ * @param lastUpdatedAt
3632
+ * @param cacheRetentionDays
3633
+ * @returns
3675
3634
  */
3676
- function isInteractionRequiredError(errorCode, errorString, subError) {
3677
- const isInteractionRequiredErrorCode = !!errorCode &&
3678
- InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;
3679
- const isInteractionRequiredSubError = !!subError &&
3680
- InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
3681
- const isInteractionRequiredErrorDesc = !!errorString &&
3682
- InteractionRequiredServerErrorMessage.some((irErrorCode) => {
3683
- return errorString.indexOf(irErrorCode) > -1;
3684
- });
3685
- return (isInteractionRequiredErrorCode ||
3686
- isInteractionRequiredErrorDesc ||
3687
- isInteractionRequiredSubError);
3635
+ function isCacheExpired(lastUpdatedAt, cacheRetentionDays) {
3636
+ const cacheExpirationTimestamp = Number(lastUpdatedAt) + cacheRetentionDays * 24 * 60 * 60 * 1000;
3637
+ return Date.now() > cacheExpirationTimestamp;
3688
3638
  }
3689
3639
  /**
3690
- * Creates an InteractionRequiredAuthError
3640
+ * If the current time is earlier than the time that a token was cached at, we must discard the token
3641
+ * i.e. The system clock was turned back after acquiring the cached token
3642
+ * @param cachedAt
3643
+ * @param offset
3691
3644
  */
3692
- function createInteractionRequiredAuthError(errorCode, errorMessage) {
3693
- return new InteractionRequiredAuthError(errorCode, errorMessage);
3645
+ function wasClockTurnedBack(cachedAt) {
3646
+ const cachedAtSec = Number(cachedAt);
3647
+ return cachedAtSec > nowSeconds();
3694
3648
  }
3695
3649
 
3696
- /*! @azure/msal-common v16.4.0 2026-03-19 */
3650
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
3697
3651
 
3698
3652
  /*
3699
3653
  * Copyright (c) Microsoft Corporation. All rights reserved.
3700
3654
  * Licensed under the MIT License.
3701
3655
  */
3702
3656
  /**
3703
- * Appends user state with random guid, or returns random guid.
3704
- * @param cryptoObj
3705
- * @param userState
3706
- * @param meta
3657
+ * Create IdTokenEntity
3658
+ * @param homeAccountId
3659
+ * @param authenticationResult
3660
+ * @param clientId
3661
+ * @param authority
3707
3662
  */
3708
- function setRequestState(cryptoObj, userState, meta) {
3709
- const libraryState = generateLibraryState(cryptoObj, meta);
3710
- return userState
3711
- ? `${libraryState}${RESOURCE_DELIM}${userState}`
3712
- : libraryState;
3663
+ function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
3664
+ const idTokenEntity = {
3665
+ credentialType: CredentialType.ID_TOKEN,
3666
+ homeAccountId: homeAccountId,
3667
+ environment: environment,
3668
+ clientId: clientId,
3669
+ secret: idToken,
3670
+ realm: tenantId,
3671
+ lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
3672
+ };
3673
+ return idTokenEntity;
3713
3674
  }
3714
3675
  /**
3715
- * Generates the state value used by the common library.
3716
- * @param cryptoObj
3717
- * @param meta
3676
+ * Create AccessTokenEntity
3677
+ * @param homeAccountId
3678
+ * @param environment
3679
+ * @param accessToken
3680
+ * @param clientId
3681
+ * @param tenantId
3682
+ * @param scopes
3683
+ * @param expiresOn
3684
+ * @param extExpiresOn
3718
3685
  */
3719
- function generateLibraryState(cryptoObj, meta) {
3720
- if (!cryptoObj) {
3721
- throw createClientAuthError(noCryptoObject);
3722
- }
3723
- // Create a state object containing a unique id and the timestamp of the request creation
3724
- const stateObj = {
3725
- id: cryptoObj.createNewGuid(),
3686
+ function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId) {
3687
+ const atEntity = {
3688
+ homeAccountId: homeAccountId,
3689
+ credentialType: CredentialType.ACCESS_TOKEN,
3690
+ secret: accessToken,
3691
+ cachedAt: nowSeconds().toString(),
3692
+ expiresOn: expiresOn.toString(),
3693
+ extendedExpiresOn: extExpiresOn.toString(),
3694
+ environment: environment,
3695
+ clientId: clientId,
3696
+ realm: tenantId,
3697
+ target: scopes,
3698
+ tokenType: tokenType || AuthenticationScheme.BEARER,
3699
+ lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
3726
3700
  };
3727
- if (meta) {
3728
- stateObj.meta = meta;
3701
+ if (userAssertionHash) {
3702
+ atEntity.userAssertionHash = userAssertionHash;
3729
3703
  }
3730
- const stateString = JSON.stringify(stateObj);
3731
- return cryptoObj.base64Encode(stateString);
3704
+ if (refreshOn) {
3705
+ atEntity.refreshOn = refreshOn.toString();
3706
+ }
3707
+ /*
3708
+ * Create Access Token With Auth Scheme instead of regular access token
3709
+ * Cast to lower to handle "bearer" from ADFS
3710
+ */
3711
+ if (atEntity.tokenType?.toLowerCase() !==
3712
+ AuthenticationScheme.BEARER.toLowerCase()) {
3713
+ atEntity.credentialType =
3714
+ CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
3715
+ switch (atEntity.tokenType) {
3716
+ case AuthenticationScheme.POP:
3717
+ // Make sure keyId is present and add it to credential
3718
+ const tokenClaims = extractTokenClaims(accessToken, base64Decode);
3719
+ if (!tokenClaims?.cnf?.kid) {
3720
+ throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
3721
+ }
3722
+ atEntity.keyId = tokenClaims.cnf.kid;
3723
+ break;
3724
+ case AuthenticationScheme.SSH:
3725
+ atEntity.keyId = keyId;
3726
+ }
3727
+ }
3728
+ return atEntity;
3732
3729
  }
3733
3730
  /**
3734
- * Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.
3735
- * @param base64Decode
3736
- * @param state
3731
+ * Create RefreshTokenEntity
3732
+ * @param homeAccountId
3733
+ * @param authenticationResult
3734
+ * @param clientId
3735
+ * @param authority
3737
3736
  */
3738
- function parseRequestState(base64Decode, state) {
3739
- if (!base64Decode) {
3740
- throw createClientAuthError(noCryptoObject);
3737
+ function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
3738
+ const rtEntity = {
3739
+ credentialType: CredentialType.REFRESH_TOKEN,
3740
+ homeAccountId: homeAccountId,
3741
+ environment: environment,
3742
+ clientId: clientId,
3743
+ secret: refreshToken,
3744
+ lastUpdatedAt: Date.now().toString(),
3745
+ };
3746
+ if (userAssertionHash) {
3747
+ rtEntity.userAssertionHash = userAssertionHash;
3741
3748
  }
3742
- if (!state) {
3743
- throw createClientAuthError(invalidState);
3749
+ if (familyId) {
3750
+ rtEntity.familyId = familyId;
3744
3751
  }
3745
- try {
3746
- // Split the state between library state and user passed state and decode them separately
3747
- const splitState = state.split(RESOURCE_DELIM);
3748
- const libraryState = splitState[0];
3749
- const userState = splitState.length > 1
3750
- ? splitState.slice(1).join(RESOURCE_DELIM)
3751
- : "";
3752
- const libraryStateString = base64Decode(libraryState);
3753
- const libraryStateObj = JSON.parse(libraryStateString);
3754
- return {
3755
- userRequestState: userState || "",
3756
- libraryState: libraryStateObj,
3757
- };
3752
+ if (expiresOn) {
3753
+ rtEntity.expiresOn = expiresOn.toString();
3758
3754
  }
3759
- catch (e) {
3760
- throw createClientAuthError(invalidState);
3755
+ return rtEntity;
3756
+ }
3757
+ function isCredentialEntity(entity) {
3758
+ return (entity.hasOwnProperty("homeAccountId") &&
3759
+ entity.hasOwnProperty("environment") &&
3760
+ entity.hasOwnProperty("credentialType") &&
3761
+ entity.hasOwnProperty("clientId") &&
3762
+ entity.hasOwnProperty("secret"));
3763
+ }
3764
+ /**
3765
+ * Validates an entity: checks for all expected params
3766
+ * @param entity
3767
+ */
3768
+ function isAccessTokenEntity(entity) {
3769
+ if (!entity) {
3770
+ return false;
3761
3771
  }
3762
- }
3763
-
3764
- /*! @azure/msal-common v16.4.0 2026-03-19 */
3765
- /*
3766
- * Copyright (c) Microsoft Corporation. All rights reserved.
3767
- * Licensed under the MIT License.
3772
+ return (isCredentialEntity(entity) &&
3773
+ entity.hasOwnProperty("realm") &&
3774
+ entity.hasOwnProperty("target") &&
3775
+ (entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
3776
+ entity["credentialType"] ===
3777
+ CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
3778
+ }
3779
+ /**
3780
+ * Validates an entity: checks for all expected params
3781
+ * @param entity
3768
3782
  */
3783
+ function isIdTokenEntity(entity) {
3784
+ if (!entity) {
3785
+ return false;
3786
+ }
3787
+ return (isCredentialEntity(entity) &&
3788
+ entity.hasOwnProperty("realm") &&
3789
+ entity["credentialType"] === CredentialType.ID_TOKEN);
3790
+ }
3769
3791
  /**
3770
- * Utility functions for managing date and time operations.
3792
+ * Validates an entity: checks for all expected params
3793
+ * @param entity
3771
3794
  */
3795
+ function isRefreshTokenEntity(entity) {
3796
+ if (!entity) {
3797
+ return false;
3798
+ }
3799
+ return (isCredentialEntity(entity) &&
3800
+ entity["credentialType"] === CredentialType.REFRESH_TOKEN);
3801
+ }
3772
3802
  /**
3773
- * return the current time in Unix time (seconds).
3803
+ * validates if a given cache entry is "Telemetry", parses <key,value>
3804
+ * @param key
3805
+ * @param entity
3774
3806
  */
3775
- function nowSeconds() {
3776
- // Date.getTime() returns in milliseconds.
3777
- return Math.round(new Date().getTime() / 1000.0);
3807
+ function isServerTelemetryEntity(key, entity) {
3808
+ const validateKey = key.indexOf(SERVER_TELEM_CACHE_KEY) === 0;
3809
+ let validateEntity = true;
3810
+ if (entity) {
3811
+ validateEntity =
3812
+ entity.hasOwnProperty("failedRequests") &&
3813
+ entity.hasOwnProperty("errors") &&
3814
+ entity.hasOwnProperty("cacheHits");
3815
+ }
3816
+ return validateKey && validateEntity;
3778
3817
  }
3779
3818
  /**
3780
- * Converts JS Date object to seconds
3781
- * @param date Date
3819
+ * validates if a given cache entry is "Throttling", parses <key,value>
3820
+ * @param key
3821
+ * @param entity
3782
3822
  */
3783
- function toSecondsFromDate(date) {
3784
- // Convert date to seconds
3785
- return date.getTime() / 1000;
3823
+ function isThrottlingEntity(key, entity) {
3824
+ let validateKey = false;
3825
+ if (key) {
3826
+ validateKey = key.indexOf(THROTTLING_PREFIX) === 0;
3827
+ }
3828
+ let validateEntity = true;
3829
+ if (entity) {
3830
+ validateEntity = entity.hasOwnProperty("throttleTime");
3831
+ }
3832
+ return validateKey && validateEntity;
3786
3833
  }
3787
3834
  /**
3788
- * Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
3789
- * @param seconds
3835
+ * Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
3790
3836
  */
3791
- function toDateFromSeconds(seconds) {
3792
- if (seconds) {
3793
- return new Date(Number(seconds) * 1000);
3837
+ function generateAppMetadataKey({ environment, clientId, }) {
3838
+ const appMetaDataKeyArray = [
3839
+ APP_METADATA,
3840
+ environment,
3841
+ clientId,
3842
+ ];
3843
+ return appMetaDataKeyArray
3844
+ .join(CACHE_KEY_SEPARATOR$1)
3845
+ .toLowerCase();
3846
+ }
3847
+ /*
3848
+ * Validates an entity: checks for all expected params
3849
+ * @param entity
3850
+ */
3851
+ function isAppMetadataEntity(key, entity) {
3852
+ if (!entity) {
3853
+ return false;
3794
3854
  }
3795
- return new Date();
3855
+ return (key.indexOf(APP_METADATA) === 0 &&
3856
+ entity.hasOwnProperty("clientId") &&
3857
+ entity.hasOwnProperty("environment"));
3796
3858
  }
3797
3859
  /**
3798
- * check if a token is expired based on given UTC time in seconds.
3799
- * @param expiresOn
3860
+ * Validates an entity: checks for all expected params
3861
+ * @param entity
3800
3862
  */
3801
- function isTokenExpired(expiresOn, offset) {
3802
- // check for access token expiry
3803
- const expirationSec = Number(expiresOn) || 0;
3804
- const offsetCurrentTimeSec = nowSeconds() + offset;
3805
- // If current time + offset is greater than token expiration time, then token is expired.
3806
- return offsetCurrentTimeSec > expirationSec;
3863
+ function isAuthorityMetadataEntity(key, entity) {
3864
+ if (!entity) {
3865
+ return false;
3866
+ }
3867
+ return (key.indexOf(AUTHORITY_METADATA_CACHE_KEY) === 0 &&
3868
+ entity.hasOwnProperty("aliases") &&
3869
+ entity.hasOwnProperty("preferred_cache") &&
3870
+ entity.hasOwnProperty("preferred_network") &&
3871
+ entity.hasOwnProperty("canonical_authority") &&
3872
+ entity.hasOwnProperty("authorization_endpoint") &&
3873
+ entity.hasOwnProperty("token_endpoint") &&
3874
+ entity.hasOwnProperty("issuer") &&
3875
+ entity.hasOwnProperty("aliasesFromNetwork") &&
3876
+ entity.hasOwnProperty("endpointsFromNetwork") &&
3877
+ entity.hasOwnProperty("expiresAt") &&
3878
+ entity.hasOwnProperty("jwks_uri"));
3807
3879
  }
3808
3880
  /**
3809
- * Checks if a cache entry is expired based on the last updated time and cache retention days.
3810
- * @param lastUpdatedAt
3811
- * @param cacheRetentionDays
3812
- * @returns
3881
+ * Reset the exiresAt value
3813
3882
  */
3814
- function isCacheExpired(lastUpdatedAt, cacheRetentionDays) {
3815
- const cacheExpirationTimestamp = Number(lastUpdatedAt) + cacheRetentionDays * 24 * 60 * 60 * 1000;
3816
- return Date.now() > cacheExpirationTimestamp;
3883
+ function generateAuthorityMetadataExpiresAt() {
3884
+ return (nowSeconds() +
3885
+ AUTHORITY_METADATA_REFRESH_TIME_SECONDS);
3886
+ }
3887
+ function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
3888
+ authorityMetadata.authorization_endpoint =
3889
+ updatedValues.authorization_endpoint;
3890
+ authorityMetadata.token_endpoint = updatedValues.token_endpoint;
3891
+ authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
3892
+ authorityMetadata.issuer = updatedValues.issuer;
3893
+ authorityMetadata.endpointsFromNetwork = fromNetwork;
3894
+ authorityMetadata.jwks_uri = updatedValues.jwks_uri;
3895
+ }
3896
+ function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
3897
+ authorityMetadata.aliases = updatedValues.aliases;
3898
+ authorityMetadata.preferred_cache = updatedValues.preferred_cache;
3899
+ authorityMetadata.preferred_network = updatedValues.preferred_network;
3900
+ authorityMetadata.aliasesFromNetwork = fromNetwork;
3817
3901
  }
3818
3902
  /**
3819
- * If the current time is earlier than the time that a token was cached at, we must discard the token
3820
- * i.e. The system clock was turned back after acquiring the cached token
3821
- * @param cachedAt
3822
- * @param offset
3903
+ * Returns whether or not the data needs to be refreshed
3823
3904
  */
3824
- function wasClockTurnedBack(cachedAt) {
3825
- const cachedAtSec = Number(cachedAt);
3826
- return cachedAtSec > nowSeconds();
3905
+ function isAuthorityMetadataExpired(metadata) {
3906
+ return metadata.expiresAt <= nowSeconds();
3827
3907
  }
3828
3908
 
3829
- /*! @azure/msal-common v16.4.0 2026-03-19 */
3909
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
3830
3910
  /*
3831
3911
  * Copyright (c) Microsoft Corporation. All rights reserved.
3832
3912
  * Licensed under the MIT License.
@@ -3897,7 +3977,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
3897
3977
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
3898
3978
  const SetUserData = "setUserData";
3899
3979
 
3900
- /*! @azure/msal-common v16.4.0 2026-03-19 */
3980
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
3901
3981
  /*
3902
3982
  * Copyright (c) Microsoft Corporation. All rights reserved.
3903
3983
  * Licensed under the MIT License.
@@ -3990,7 +4070,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
3990
4070
  };
3991
4071
  };
3992
4072
 
3993
- /*! @azure/msal-common v16.4.0 2026-03-19 */
4073
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
3994
4074
 
3995
4075
  /*
3996
4076
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4070,293 +4150,213 @@ class PopTokenGenerator {
4070
4150
  }
4071
4151
  }
4072
4152
 
4073
- /*! @azure/msal-common v16.4.0 2026-03-19 */
4153
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4074
4154
  /*
4075
4155
  * Copyright (c) Microsoft Corporation. All rights reserved.
4076
4156
  * Licensed under the MIT License.
4077
4157
  */
4078
4158
  /**
4079
- * This class instance helps track the memory changes facilitating
4080
- * decisions to read from and write to the persistent cache
4081
- */ class TokenCacheContext {
4082
- constructor(tokenCache, hasChanged) {
4083
- this.cache = tokenCache;
4084
- this.hasChanged = hasChanged;
4085
- }
4086
- /**
4087
- * boolean which indicates the changes in cache
4088
- */
4089
- get cacheHasChanged() {
4090
- return this.hasChanged;
4091
- }
4092
- /**
4093
- * function to retrieve the token cache
4094
- */
4095
- get tokenCache() {
4096
- return this.cache;
4097
- }
4098
- }
4099
-
4100
- /*! @azure/msal-common v16.4.0 2026-03-19 */
4101
-
4102
- /*
4103
- * Copyright (c) Microsoft Corporation. All rights reserved.
4104
- * Licensed under the MIT License.
4159
+ * MSAL-defined interaction required error code indicating no tokens are found in cache.
4160
+ * @public
4105
4161
  */
4162
+ const noTokensFound = "no_tokens_found";
4106
4163
  /**
4107
- * Create IdTokenEntity
4108
- * @param homeAccountId
4109
- * @param authenticationResult
4110
- * @param clientId
4111
- * @param authority
4164
+ * MSAL-defined error code indicating a native account is unavailable on the platform.
4165
+ * @public
4112
4166
  */
4113
- function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
4114
- const idTokenEntity = {
4115
- credentialType: CredentialType.ID_TOKEN,
4116
- homeAccountId: homeAccountId,
4117
- environment: environment,
4118
- clientId: clientId,
4119
- secret: idToken,
4120
- realm: tenantId,
4121
- lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
4122
- };
4123
- return idTokenEntity;
4124
- }
4167
+ const nativeAccountUnavailable = "native_account_unavailable";
4125
4168
  /**
4126
- * Create AccessTokenEntity
4127
- * @param homeAccountId
4128
- * @param environment
4129
- * @param accessToken
4130
- * @param clientId
4131
- * @param tenantId
4132
- * @param scopes
4133
- * @param expiresOn
4134
- * @param extExpiresOn
4169
+ * MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
4170
+ * @public
4135
4171
  */
4136
- function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId) {
4137
- const atEntity = {
4138
- homeAccountId: homeAccountId,
4139
- credentialType: CredentialType.ACCESS_TOKEN,
4140
- secret: accessToken,
4141
- cachedAt: nowSeconds().toString(),
4142
- expiresOn: expiresOn.toString(),
4143
- extendedExpiresOn: extExpiresOn.toString(),
4144
- environment: environment,
4145
- clientId: clientId,
4146
- realm: tenantId,
4147
- target: scopes,
4148
- tokenType: tokenType || AuthenticationScheme.BEARER,
4149
- lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
4150
- };
4151
- if (userAssertionHash) {
4152
- atEntity.userAssertionHash = userAssertionHash;
4153
- }
4154
- if (refreshOn) {
4155
- atEntity.refreshOn = refreshOn.toString();
4156
- }
4157
- /*
4158
- * Create Access Token With Auth Scheme instead of regular access token
4159
- * Cast to lower to handle "bearer" from ADFS
4160
- */
4161
- if (atEntity.tokenType?.toLowerCase() !==
4162
- AuthenticationScheme.BEARER.toLowerCase()) {
4163
- atEntity.credentialType =
4164
- CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
4165
- switch (atEntity.tokenType) {
4166
- case AuthenticationScheme.POP:
4167
- // Make sure keyId is present and add it to credential
4168
- const tokenClaims = extractTokenClaims(accessToken, base64Decode);
4169
- if (!tokenClaims?.cnf?.kid) {
4170
- throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
4171
- }
4172
- atEntity.keyId = tokenClaims.cnf.kid;
4173
- break;
4174
- case AuthenticationScheme.SSH:
4175
- atEntity.keyId = keyId;
4176
- }
4177
- }
4178
- return atEntity;
4179
- }
4172
+ const refreshTokenExpired = "refresh_token_expired";
4180
4173
  /**
4181
- * Create RefreshTokenEntity
4182
- * @param homeAccountId
4183
- * @param authenticationResult
4184
- * @param clientId
4185
- * @param authority
4174
+ * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
4175
+ * @public
4186
4176
  */
4187
- function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
4188
- const rtEntity = {
4189
- credentialType: CredentialType.REFRESH_TOKEN,
4190
- homeAccountId: homeAccountId,
4191
- environment: environment,
4192
- clientId: clientId,
4193
- secret: refreshToken,
4194
- lastUpdatedAt: Date.now().toString(),
4195
- };
4196
- if (userAssertionHash) {
4197
- rtEntity.userAssertionHash = userAssertionHash;
4198
- }
4199
- if (familyId) {
4200
- rtEntity.familyId = familyId;
4201
- }
4202
- if (expiresOn) {
4203
- rtEntity.expiresOn = expiresOn.toString();
4204
- }
4205
- return rtEntity;
4206
- }
4207
- function isCredentialEntity(entity) {
4208
- return (entity.hasOwnProperty("homeAccountId") &&
4209
- entity.hasOwnProperty("environment") &&
4210
- entity.hasOwnProperty("credentialType") &&
4211
- entity.hasOwnProperty("clientId") &&
4212
- entity.hasOwnProperty("secret"));
4213
- }
4177
+ const uxNotAllowed = "ux_not_allowed";
4214
4178
  /**
4215
- * Validates an entity: checks for all expected params
4216
- * @param entity
4179
+ * Server-originated error code indicating interaction is required to complete the request.
4180
+ * @public
4217
4181
  */
4218
- function isAccessTokenEntity(entity) {
4219
- if (!entity) {
4220
- return false;
4221
- }
4222
- return (isCredentialEntity(entity) &&
4223
- entity.hasOwnProperty("realm") &&
4224
- entity.hasOwnProperty("target") &&
4225
- (entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
4226
- entity["credentialType"] ===
4227
- CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
4228
- }
4182
+ const interactionRequired = "interaction_required";
4183
+ /**
4184
+ * Server-originated error code indicating user consent is required.
4185
+ * @public
4186
+ */
4187
+ const consentRequired = "consent_required";
4188
+ /**
4189
+ * Server-originated error code indicating user login is required.
4190
+ * @public
4191
+ */
4192
+ const loginRequired = "login_required";
4193
+ /**
4194
+ * Server-originated error code indicating the token is invalid or corrupted.
4195
+ * @public
4196
+ */
4197
+ const badToken = "bad_token";
4198
+ /**
4199
+ * Server-originated error code indicating the user is in an interrupted state and interaction is required.
4200
+ * @public
4201
+ */
4202
+ const interruptedUser = "interrupted_user";
4203
+
4204
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4205
+
4206
+ /*
4207
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4208
+ * Licensed under the MIT License.
4209
+ */
4210
+ /**
4211
+ * InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required
4212
+ */
4213
+ const InteractionRequiredServerErrorMessage = [
4214
+ interactionRequired,
4215
+ consentRequired,
4216
+ loginRequired,
4217
+ badToken,
4218
+ uxNotAllowed,
4219
+ interruptedUser,
4220
+ ];
4221
+ const InteractionRequiredAuthSubErrorMessage = [
4222
+ "message_only",
4223
+ "additional_action",
4224
+ "basic_action",
4225
+ "user_password_expired",
4226
+ "consent_required",
4227
+ "bad_token",
4228
+ "ux_not_allowed",
4229
+ "interrupted_user",
4230
+ ];
4229
4231
  /**
4230
- * Validates an entity: checks for all expected params
4231
- * @param entity
4232
+ * Error thrown when user interaction is required.
4232
4233
  */
4233
- function isIdTokenEntity(entity) {
4234
- if (!entity) {
4235
- return false;
4234
+ class InteractionRequiredAuthError extends AuthError {
4235
+ constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
4236
+ super(errorCode, errorMessage, subError);
4237
+ Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
4238
+ this.timestamp = timestamp || "";
4239
+ this.traceId = traceId || "";
4240
+ this.correlationId = correlationId || "";
4241
+ this.claims = claims || "";
4242
+ this.name = "InteractionRequiredAuthError";
4243
+ this.errorNo = errorNo;
4236
4244
  }
4237
- return (isCredentialEntity(entity) &&
4238
- entity.hasOwnProperty("realm") &&
4239
- entity["credentialType"] === CredentialType.ID_TOKEN);
4240
4245
  }
4241
4246
  /**
4242
- * Validates an entity: checks for all expected params
4243
- * @param entity
4247
+ * Helper function used to determine if an error thrown by the server requires interaction to resolve
4248
+ * @param errorCode
4249
+ * @param errorString
4250
+ * @param subError
4244
4251
  */
4245
- function isRefreshTokenEntity(entity) {
4246
- if (!entity) {
4247
- return false;
4248
- }
4249
- return (isCredentialEntity(entity) &&
4250
- entity["credentialType"] === CredentialType.REFRESH_TOKEN);
4252
+ function isInteractionRequiredError(errorCode, errorString, subError) {
4253
+ const isInteractionRequiredErrorCode = !!errorCode &&
4254
+ InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;
4255
+ const isInteractionRequiredSubError = !!subError &&
4256
+ InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
4257
+ const isInteractionRequiredErrorDesc = !!errorString &&
4258
+ InteractionRequiredServerErrorMessage.some((irErrorCode) => {
4259
+ return errorString.indexOf(irErrorCode) > -1;
4260
+ });
4261
+ return (isInteractionRequiredErrorCode ||
4262
+ isInteractionRequiredErrorDesc ||
4263
+ isInteractionRequiredSubError);
4251
4264
  }
4252
4265
  /**
4253
- * validates if a given cache entry is "Telemetry", parses <key,value>
4254
- * @param key
4255
- * @param entity
4266
+ * Creates an InteractionRequiredAuthError
4256
4267
  */
4257
- function isServerTelemetryEntity(key, entity) {
4258
- const validateKey = key.indexOf(SERVER_TELEM_CACHE_KEY) === 0;
4259
- let validateEntity = true;
4260
- if (entity) {
4261
- validateEntity =
4262
- entity.hasOwnProperty("failedRequests") &&
4263
- entity.hasOwnProperty("errors") &&
4264
- entity.hasOwnProperty("cacheHits");
4265
- }
4266
- return validateKey && validateEntity;
4267
- }
4268
- /**
4269
- * validates if a given cache entry is "Throttling", parses <key,value>
4270
- * @param key
4271
- * @param entity
4268
+ function createInteractionRequiredAuthError(errorCode, errorMessage) {
4269
+ return new InteractionRequiredAuthError(errorCode, errorMessage);
4270
+ }
4271
+
4272
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4273
+
4274
+ /*
4275
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4276
+ * Licensed under the MIT License.
4272
4277
  */
4273
- function isThrottlingEntity(key, entity) {
4274
- let validateKey = false;
4275
- if (key) {
4276
- validateKey = key.indexOf(THROTTLING_PREFIX) === 0;
4277
- }
4278
- let validateEntity = true;
4279
- if (entity) {
4280
- validateEntity = entity.hasOwnProperty("throttleTime");
4281
- }
4282
- return validateKey && validateEntity;
4283
- }
4284
4278
  /**
4285
- * Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
4279
+ * Error thrown when there is an error with the server code, for example, unavailability.
4286
4280
  */
4287
- function generateAppMetadataKey({ environment, clientId, }) {
4288
- const appMetaDataKeyArray = [
4289
- APP_METADATA,
4290
- environment,
4291
- clientId,
4292
- ];
4293
- return appMetaDataKeyArray
4294
- .join(CACHE_KEY_SEPARATOR$1)
4295
- .toLowerCase();
4296
- }
4281
+ class ServerError extends AuthError {
4282
+ constructor(errorCode, errorMessage, subError, errorNo, status) {
4283
+ super(errorCode, errorMessage, subError);
4284
+ this.name = "ServerError";
4285
+ this.errorNo = errorNo;
4286
+ this.status = status;
4287
+ Object.setPrototypeOf(this, ServerError.prototype);
4288
+ }
4289
+ }
4290
+
4291
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4292
+
4297
4293
  /*
4298
- * Validates an entity: checks for all expected params
4299
- * @param entity
4294
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4295
+ * Licensed under the MIT License.
4300
4296
  */
4301
- function isAppMetadataEntity(key, entity) {
4302
- if (!entity) {
4303
- return false;
4304
- }
4305
- return (key.indexOf(APP_METADATA) === 0 &&
4306
- entity.hasOwnProperty("clientId") &&
4307
- entity.hasOwnProperty("environment"));
4308
- }
4309
4297
  /**
4310
- * Validates an entity: checks for all expected params
4311
- * @param entity
4298
+ * Appends user state with random guid, or returns random guid.
4299
+ * @param cryptoObj
4300
+ * @param userState
4301
+ * @param meta
4312
4302
  */
4313
- function isAuthorityMetadataEntity(key, entity) {
4314
- if (!entity) {
4315
- return false;
4316
- }
4317
- return (key.indexOf(AUTHORITY_METADATA_CACHE_KEY) === 0 &&
4318
- entity.hasOwnProperty("aliases") &&
4319
- entity.hasOwnProperty("preferred_cache") &&
4320
- entity.hasOwnProperty("preferred_network") &&
4321
- entity.hasOwnProperty("canonical_authority") &&
4322
- entity.hasOwnProperty("authorization_endpoint") &&
4323
- entity.hasOwnProperty("token_endpoint") &&
4324
- entity.hasOwnProperty("issuer") &&
4325
- entity.hasOwnProperty("aliasesFromNetwork") &&
4326
- entity.hasOwnProperty("endpointsFromNetwork") &&
4327
- entity.hasOwnProperty("expiresAt") &&
4328
- entity.hasOwnProperty("jwks_uri"));
4303
+ function setRequestState(cryptoObj, userState, meta) {
4304
+ const libraryState = generateLibraryState(cryptoObj, meta);
4305
+ return userState
4306
+ ? `${libraryState}${RESOURCE_DELIM}${userState}`
4307
+ : libraryState;
4329
4308
  }
4330
4309
  /**
4331
- * Reset the exiresAt value
4310
+ * Generates the state value used by the common library.
4311
+ * @param cryptoObj
4312
+ * @param meta
4332
4313
  */
4333
- function generateAuthorityMetadataExpiresAt() {
4334
- return (nowSeconds() +
4335
- AUTHORITY_METADATA_REFRESH_TIME_SECONDS);
4336
- }
4337
- function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
4338
- authorityMetadata.authorization_endpoint =
4339
- updatedValues.authorization_endpoint;
4340
- authorityMetadata.token_endpoint = updatedValues.token_endpoint;
4341
- authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
4342
- authorityMetadata.issuer = updatedValues.issuer;
4343
- authorityMetadata.endpointsFromNetwork = fromNetwork;
4344
- authorityMetadata.jwks_uri = updatedValues.jwks_uri;
4345
- }
4346
- function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
4347
- authorityMetadata.aliases = updatedValues.aliases;
4348
- authorityMetadata.preferred_cache = updatedValues.preferred_cache;
4349
- authorityMetadata.preferred_network = updatedValues.preferred_network;
4350
- authorityMetadata.aliasesFromNetwork = fromNetwork;
4314
+ function generateLibraryState(cryptoObj, meta) {
4315
+ if (!cryptoObj) {
4316
+ throw createClientAuthError(noCryptoObject);
4317
+ }
4318
+ // Create a state object containing a unique id and the timestamp of the request creation
4319
+ const stateObj = {
4320
+ id: cryptoObj.createNewGuid(),
4321
+ };
4322
+ if (meta) {
4323
+ stateObj.meta = meta;
4324
+ }
4325
+ const stateString = JSON.stringify(stateObj);
4326
+ return cryptoObj.base64Encode(stateString);
4351
4327
  }
4352
4328
  /**
4353
- * Returns whether or not the data needs to be refreshed
4329
+ * Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.
4330
+ * @param base64Decode
4331
+ * @param state
4354
4332
  */
4355
- function isAuthorityMetadataExpired(metadata) {
4356
- return metadata.expiresAt <= nowSeconds();
4333
+ function parseRequestState(base64Decode, state) {
4334
+ if (!base64Decode) {
4335
+ throw createClientAuthError(noCryptoObject);
4336
+ }
4337
+ if (!state) {
4338
+ throw createClientAuthError(invalidState);
4339
+ }
4340
+ try {
4341
+ // Split the state between library state and user passed state and decode them separately
4342
+ const splitState = state.split(RESOURCE_DELIM);
4343
+ const libraryState = splitState[0];
4344
+ const userState = splitState.length > 1
4345
+ ? splitState.slice(1).join(RESOURCE_DELIM)
4346
+ : "";
4347
+ const libraryStateString = base64Decode(libraryState);
4348
+ const libraryStateObj = JSON.parse(libraryStateString);
4349
+ return {
4350
+ userRequestState: userState || "",
4351
+ libraryState: libraryStateObj,
4352
+ };
4353
+ }
4354
+ catch (e) {
4355
+ throw createClientAuthError(invalidState);
4356
+ }
4357
4357
  }
4358
4358
 
4359
- /*! @azure/msal-common v16.4.0 2026-03-19 */
4359
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4360
4360
 
4361
4361
  /*
4362
4362
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4512,7 +4512,7 @@ class ResponseHandler {
4512
4512
  if (serverTokenResponse.id_token && !!idTokenClaims) {
4513
4513
  cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || "");
4514
4514
  cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, request.correlationId, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
4515
- this.logger);
4515
+ this.logger, this.performanceClient);
4516
4516
  }
4517
4517
  // AccessToken
4518
4518
  let cachedAccessToken = null;
@@ -4663,17 +4663,24 @@ class ResponseHandler {
4663
4663
  };
4664
4664
  }
4665
4665
  }
4666
- function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
4666
+ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger, performanceClient) {
4667
4667
  logger?.verbose("09jz0t", correlationId);
4668
- // Check if base account is already cached
4669
- const accountKeys = cacheStorage.getAccountKeys();
4670
- const baseAccountKey = accountKeys.find((accountKey) => {
4671
- return accountKey.startsWith(homeAccountId);
4672
- });
4673
- let cachedAccount = null;
4674
- if (baseAccountKey) {
4675
- cachedAccount = cacheStorage.getAccount(baseAccountKey, correlationId);
4668
+ /*
4669
+ * Check if base account is already cached. Filter by homeAccountId (identifies
4670
+ * the user's home identity) and environment (identifies the cloud) the two
4671
+ * tenant-agnostic properties that uniquely locate a base AccountEntity.
4672
+ */
4673
+ const accountEnvironment = environment || authority.getPreferredCache();
4674
+ const matchedAccounts = cacheStorage.getAccountsFilteredBy({ homeAccountId, environment: accountEnvironment }, correlationId);
4675
+ performanceClient?.addFields({ cacheMatchedAccounts: matchedAccounts.length }, correlationId);
4676
+ if (matchedAccounts.length > 1) {
4677
+ /*
4678
+ * Base accounts are expected to be unique for a given homeAccountId in normal cache usage.
4679
+ * If multiple matches exist, ignore the cache hit rather than arbitrarily choosing one.
4680
+ */
4681
+ logger?.warning("0x7ad1", correlationId);
4676
4682
  }
4683
+ const cachedAccount = matchedAccounts.length === 1 ? matchedAccounts[0] : null;
4677
4684
  const baseAccount = cachedAccount ||
4678
4685
  createAccountEntity({
4679
4686
  homeAccountId,
@@ -4697,7 +4704,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
4697
4704
  return baseAccount;
4698
4705
  }
4699
4706
 
4700
- /*! @azure/msal-common v16.4.0 2026-03-19 */
4707
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4701
4708
  /*
4702
4709
  * Copyright (c) Microsoft Corporation. All rights reserved.
4703
4710
  * Licensed under the MIT License.
@@ -4707,7 +4714,7 @@ const CcsCredentialType = {
4707
4714
  UPN: "UPN",
4708
4715
  };
4709
4716
 
4710
- /*! @azure/msal-common v16.4.0 2026-03-19 */
4717
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4711
4718
  /*
4712
4719
  * Copyright (c) Microsoft Corporation. All rights reserved.
4713
4720
  * Licensed under the MIT License.
@@ -4725,7 +4732,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
4725
4732
  }
4726
4733
  }
4727
4734
 
4728
- /*! @azure/msal-common v16.4.0 2026-03-19 */
4735
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4729
4736
  /*
4730
4737
  * Copyright (c) Microsoft Corporation. All rights reserved.
4731
4738
  * Licensed under the MIT License.
@@ -4746,7 +4753,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
4746
4753
  };
4747
4754
  }
4748
4755
 
4749
- /*! @azure/msal-common v16.4.0 2026-03-19 */
4756
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4750
4757
 
4751
4758
  /*
4752
4759
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4832,7 +4839,7 @@ class ThrottlingUtils {
4832
4839
  }
4833
4840
  }
4834
4841
 
4835
- /*! @azure/msal-common v16.4.0 2026-03-19 */
4842
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4836
4843
 
4837
4844
  /*
4838
4845
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4863,7 +4870,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
4863
4870
  return new NetworkError(error, httpStatus, responseHeaders);
4864
4871
  }
4865
4872
 
4866
- /*! @azure/msal-common v16.4.0 2026-03-19 */
4873
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4867
4874
 
4868
4875
  /*
4869
4876
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4977,7 +4984,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
4977
4984
  return response;
4978
4985
  }
4979
4986
 
4980
- /*! @azure/msal-common v16.4.0 2026-03-19 */
4987
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4981
4988
  /*
4982
4989
  * Copyright (c) Microsoft Corporation. All rights reserved.
4983
4990
  * Licensed under the MIT License.
@@ -4989,7 +4996,7 @@ function isOpenIdConfigResponse(response) {
4989
4996
  response.hasOwnProperty("jwks_uri"));
4990
4997
  }
4991
4998
 
4992
- /*! @azure/msal-common v16.4.0 2026-03-19 */
4999
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4993
5000
  /*
4994
5001
  * Copyright (c) Microsoft Corporation. All rights reserved.
4995
5002
  * Licensed under the MIT License.
@@ -4999,7 +5006,7 @@ function isCloudInstanceDiscoveryResponse(response) {
4999
5006
  response.hasOwnProperty("metadata"));
5000
5007
  }
5001
5008
 
5002
- /*! @azure/msal-common v16.4.0 2026-03-19 */
5009
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
5003
5010
  /*
5004
5011
  * Copyright (c) Microsoft Corporation. All rights reserved.
5005
5012
  * Licensed under the MIT License.
@@ -5009,7 +5016,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
5009
5016
  response.hasOwnProperty("error_description"));
5010
5017
  }
5011
5018
 
5012
- /*! @azure/msal-common v16.4.0 2026-03-19 */
5019
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
5013
5020
 
5014
5021
  /*
5015
5022
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5114,7 +5121,7 @@ RegionDiscovery.IMDS_OPTIONS = {
5114
5121
  },
5115
5122
  };
5116
5123
 
5117
- /*! @azure/msal-common v16.4.0 2026-03-19 */
5124
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
5118
5125
 
5119
5126
  /*
5120
5127
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5934,7 +5941,7 @@ function buildStaticAuthorityOptions(authOptions) {
5934
5941
  };
5935
5942
  }
5936
5943
 
5937
- /*! @azure/msal-common v16.4.0 2026-03-19 */
5944
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
5938
5945
 
5939
5946
  /*
5940
5947
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5968,7 +5975,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
5968
5975
  }
5969
5976
  }
5970
5977
 
5971
- /*! @azure/msal-common v16.4.0 2026-03-19 */
5978
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
5972
5979
 
5973
5980
  /*
5974
5981
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6229,7 +6236,7 @@ class AuthorizationCodeClient {
6229
6236
  }
6230
6237
  }
6231
6238
 
6232
- /*! @azure/msal-common v16.4.0 2026-03-19 */
6239
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
6233
6240
 
6234
6241
  /*
6235
6242
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6454,7 +6461,7 @@ class RefreshTokenClient {
6454
6461
  }
6455
6462
  }
6456
6463
 
6457
- /*! @azure/msal-common v16.4.0 2026-03-19 */
6464
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
6458
6465
 
6459
6466
  /*
6460
6467
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6570,7 +6577,7 @@ class SilentFlowClient {
6570
6577
  }
6571
6578
  }
6572
6579
 
6573
- /*! @azure/msal-common v16.4.0 2026-03-19 */
6580
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
6574
6581
 
6575
6582
  /*
6576
6583
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6585,7 +6592,7 @@ const StubbedNetworkModule = {
6585
6592
  },
6586
6593
  };
6587
6594
 
6588
- /*! @azure/msal-common v16.4.0 2026-03-19 */
6595
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
6589
6596
 
6590
6597
  /*
6591
6598
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6812,7 +6819,7 @@ function extractLoginHint(account) {
6812
6819
  return account.loginHint || account.idTokenClaims?.login_hint || null;
6813
6820
  }
6814
6821
 
6815
- /*! @azure/msal-common v16.4.0 2026-03-19 */
6822
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
6816
6823
 
6817
6824
  /*
6818
6825
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6845,7 +6852,7 @@ function containsResourceParam(params) {
6845
6852
  return Object.prototype.hasOwnProperty.call(params, "resource");
6846
6853
  }
6847
6854
 
6848
- /*! @azure/msal-common v16.4.0 2026-03-19 */
6855
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
6849
6856
  /*
6850
6857
  * Copyright (c) Microsoft Corporation. All rights reserved.
6851
6858
  * Licensed under the MIT License.
@@ -6855,7 +6862,7 @@ function containsResourceParam(params) {
6855
6862
  */
6856
6863
  const unexpectedError = "unexpected_error";
6857
6864
 
6858
- /*! @azure/msal-common v16.4.0 2026-03-19 */
6865
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
6859
6866
 
6860
6867
  /*
6861
6868
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7116,7 +7123,7 @@ class ServerTelemetryManager {
7116
7123
  }
7117
7124
  }
7118
7125
 
7119
- /*! @azure/msal-common v16.4.0 2026-03-19 */
7126
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
7120
7127
 
7121
7128
  /*
7122
7129
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7137,7 +7144,7 @@ function createJoseHeaderError(code) {
7137
7144
  return new JoseHeaderError(code);
7138
7145
  }
7139
7146
 
7140
- /*! @azure/msal-common v16.4.0 2026-03-19 */
7147
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
7141
7148
  /*
7142
7149
  * Copyright (c) Microsoft Corporation. All rights reserved.
7143
7150
  * Licensed under the MIT License.
@@ -7145,7 +7152,7 @@ function createJoseHeaderError(code) {
7145
7152
  const missingKidError = "missing_kid_error";
7146
7153
  const missingAlgError = "missing_alg_error";
7147
7154
 
7148
- /*! @azure/msal-common v16.4.0 2026-03-19 */
7155
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
7149
7156
 
7150
7157
  /*
7151
7158
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7580,7 +7587,7 @@ function ensureArgumentIsJSONString(argName, argValue, correlationId) {
7580
7587
 
7581
7588
  /* eslint-disable header/header */
7582
7589
  const name = "@azure/msal-browser";
7583
- const version = "5.6.1";
7590
+ const version = "5.6.3";
7584
7591
 
7585
7592
  /*
7586
7593
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8183,6 +8190,7 @@ const AcquireTokenByCodeAsync = "acquireTokenByCodeAsync";
8183
8190
  const HandleRedirectPromiseMeasurement = "handleRedirectPromise";
8184
8191
  const HandleNativeRedirectPromiseMeasurement = "handleNativeRedirectPromise";
8185
8192
  const NativeMessageHandlerHandshake = "nativeMessageHandlerHandshake";
8193
+ const RemoveHiddenIframe = "removeHiddenIframe";
8186
8194
  const ImportExistingCache = "importExistingCache";
8187
8195
  /**
8188
8196
  * Crypto Operations
@@ -8199,7 +8207,12 @@ const UrlEncodeArr = "urlEncodeArr";
8199
8207
  const Encrypt = "encrypt";
8200
8208
  const Decrypt = "decrypt";
8201
8209
  const GenerateEarKey = "generateEarKey";
8202
- const DecryptEarResponse = "decryptEarResponse";
8210
+ const DecryptEarResponse = "decryptEarResponse";
8211
+ /**
8212
+ * Background telemetry measurement that tracks whether a late bridge response
8213
+ * arrives after the iframe timeout has already fired.
8214
+ */
8215
+ const WaitForBridgeLateResponse = "waitForBridgeLateResponse";
8203
8216
 
8204
8217
  /*
8205
8218
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -9007,20 +9020,35 @@ function cancelPendingBridgeResponse(logger, correlationId) {
9007
9020
  activeBridgeMonitor = null;
9008
9021
  }
9009
9022
  }
9010
- async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient) {
9023
+ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient, experimentalConfig) {
9011
9024
  return new Promise((resolve, reject) => {
9012
9025
  logger.verbose("1rf6em", request.correlationId);
9013
9026
  const correlationId = request.correlationId;
9014
9027
  performanceClient.addFields({
9015
9028
  redirectBridgeTimeoutMs: timeoutMs,
9029
+ lateResponseExperimentEnabled: experimentalConfig?.iframeTimeoutTelemetry || false,
9016
9030
  }, correlationId);
9017
9031
  const { libraryState } = parseRequestState(browserCrypto.base64Decode, request.state || "");
9018
9032
  const channel = new BroadcastChannel(libraryState.id);
9019
9033
  let responseString = undefined;
9034
+ let timedOut$1 = false;
9035
+ let lateTimeoutId;
9036
+ let lateMeasurement;
9020
9037
  const timeoutId = window.setTimeout(() => {
9021
9038
  // Clear the active monitor
9022
9039
  activeBridgeMonitor = null;
9023
- channel.close();
9040
+ if (experimentalConfig?.iframeTimeoutTelemetry) {
9041
+ lateMeasurement = performanceClient.startMeasurement(WaitForBridgeLateResponse, correlationId);
9042
+ timedOut$1 = true;
9043
+ lateTimeoutId = window.setTimeout(() => {
9044
+ lateMeasurement?.end({ success: false });
9045
+ clearTimeout(lateTimeoutId);
9046
+ channel.close();
9047
+ }, 60000); // 60s late response timeout to allow for telemetry of late responses
9048
+ }
9049
+ else {
9050
+ channel.close();
9051
+ }
9024
9052
  reject(createBrowserAuthError(timedOut, "redirect_bridge_timeout"));
9025
9053
  }, timeoutMs);
9026
9054
  // Track this monitor so it can be cancelled if needed
@@ -9034,6 +9062,14 @@ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request,
9034
9062
  const messageVersion = event?.data && typeof event.data.v === "number"
9035
9063
  ? event.data.v
9036
9064
  : undefined;
9065
+ if (timedOut$1) {
9066
+ lateMeasurement?.end({
9067
+ success: responseString ? true : false,
9068
+ });
9069
+ clearTimeout(lateTimeoutId);
9070
+ channel.close();
9071
+ return;
9072
+ }
9037
9073
  performanceClient.addFields({
9038
9074
  redirectBridgeMessageVersion: messageVersion,
9039
9075
  }, correlationId);
@@ -16716,9 +16752,9 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
16716
16752
  }
16717
16753
  // Get the preferred_cache domain for the given authority
16718
16754
  const authority = await getDiscoveredAuthority(this.config, this.correlationId, this.performanceClient, this.browserStorage, this.logger, request.authority);
16719
- const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info, undefined, // environment
16755
+ const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info, authority.getPreferredCache(), // environment
16720
16756
  idTokenClaims.tid, undefined, // auth code payload
16721
- response.account.id);
16757
+ response.account.id, this.logger, this.performanceClient);
16722
16758
  // Ensure expires_in is in number format
16723
16759
  response.expires_in = Number(response.expires_in);
16724
16760
  // generate authenticationResult
@@ -17603,7 +17639,7 @@ const DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS = 2000;
17603
17639
  *
17604
17640
  * @returns Configuration object
17605
17641
  */
17606
- function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system: userInputSystem, telemetry: userInputTelemetry, }, isBrowserEnvironment) {
17642
+ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system: userInputSystem, experimental: userInputExperimental, telemetry: userInputTelemetry, }, isBrowserEnvironment) {
17607
17643
  // Default auth options for browser
17608
17644
  const DEFAULT_AUTH_OPTIONS = {
17609
17645
  clientId: "",
@@ -17675,6 +17711,9 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
17675
17711
  },
17676
17712
  client: new StubPerformanceClient(),
17677
17713
  };
17714
+ const DEFAULT_EXPERIMENTAL_OPTIONS = {
17715
+ iframeTimeoutTelemetry: false,
17716
+ };
17678
17717
  // Throw an error if user has set OIDCOptions without being in OIDC protocol mode
17679
17718
  if (userInputSystem?.protocolMode !== ProtocolMode.OIDC &&
17680
17719
  userInputAuth?.OIDCOptions) {
@@ -17698,6 +17737,10 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
17698
17737
  },
17699
17738
  cache: { ...DEFAULT_CACHE_OPTIONS, ...userInputCache },
17700
17739
  system: providedSystemOptions,
17740
+ experimental: {
17741
+ ...DEFAULT_EXPERIMENTAL_OPTIONS,
17742
+ ...userInputExperimental,
17743
+ },
17701
17744
  telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...userInputTelemetry },
17702
17745
  };
17703
17746
  return overlayedConfig;
@@ -19096,6 +19139,16 @@ function createHiddenIframe() {
19096
19139
  authFrame.setAttribute("allow", "local-network-access *");
19097
19140
  document.body.appendChild(authFrame);
19098
19141
  return authFrame;
19142
+ }
19143
+ /**
19144
+ * @hidden
19145
+ * Removes a hidden iframe from `document.body` if it is a direct child.
19146
+ * @param iframe - The iframe element to remove.
19147
+ */
19148
+ function removeHiddenIframe(iframe) {
19149
+ if (document.body === iframe.parentNode) {
19150
+ document.body.removeChild(iframe);
19151
+ }
19099
19152
  }
19100
19153
 
19101
19154
  /*
@@ -19191,9 +19244,15 @@ class SilentIframeClient extends StandardInteractionClient {
19191
19244
  earJwk: earJwk,
19192
19245
  codeChallenge: pkceCodes.challenge,
19193
19246
  };
19194
- await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
19247
+ const iframe = await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
19195
19248
  const responseType = this.config.auth.OIDCOptions.responseMode;
19196
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
19249
+ let responseString;
19250
+ try {
19251
+ responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
19252
+ }
19253
+ finally {
19254
+ invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
19255
+ }
19197
19256
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
19198
19257
  if (!serverParams.ear_jwe && serverParams.code) {
19199
19258
  // If server doesn't support EAR, they may fallback to auth code flow instead
@@ -19231,18 +19290,25 @@ class SilentIframeClient extends StandardInteractionClient {
19231
19290
  ...request,
19232
19291
  codeChallenge: pkceCodes.challenge,
19233
19292
  };
19293
+ let iframe;
19234
19294
  if (request.httpMethod === HttpMethod$1.POST) {
19235
- await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
19295
+ iframe = await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
19236
19296
  }
19237
19297
  else {
19238
19298
  // Create authorize request url
19239
19299
  const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
19240
19300
  // Get the frame handle for the silent request
19241
- await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId);
19301
+ iframe = await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId);
19242
19302
  }
19243
19303
  const responseType = this.config.auth.OIDCOptions.responseMode;
19244
19304
  // Wait for response from the redirect bridge.
19245
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
19305
+ let responseString;
19306
+ try {
19307
+ responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
19308
+ }
19309
+ finally {
19310
+ invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
19311
+ }
19246
19312
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
19247
19313
  return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
19248
19314
  }
@@ -19486,22 +19552,32 @@ class StandardController {
19486
19552
  this.nativeInternalStorage = new BrowserCacheManager(this.config.auth.clientId, nativeCacheOptions, this.browserCrypto, this.logger, this.performanceClient, this.eventHandler);
19487
19553
  this.activeSilentTokenRequests = new Map();
19488
19554
  // Register listener functions
19489
- this.trackPageVisibility = this.trackPageVisibility.bind(this);
19555
+ this.trackStateChange = this.trackStateChange.bind(this);
19490
19556
  // Register listener functions
19491
- this.trackPageVisibilityWithMeasurement =
19492
- this.trackPageVisibilityWithMeasurement.bind(this);
19557
+ this.trackStateChangeWithMeasurement =
19558
+ this.trackStateChangeWithMeasurement.bind(this);
19493
19559
  }
19494
19560
  static async createController(operatingContext, request) {
19495
19561
  const controller = new StandardController(operatingContext);
19496
19562
  await controller.initialize(request);
19497
19563
  return controller;
19498
19564
  }
19499
- trackPageVisibility(correlationId) {
19565
+ trackStateChange(correlationId, event) {
19500
19566
  if (!correlationId) {
19501
19567
  return;
19502
19568
  }
19503
- this.logger.info("16v6hv", correlationId);
19504
- this.performanceClient.incrementFields({ visibilityChangeCount: 1 }, correlationId);
19569
+ if (event.type === "visibilitychange") {
19570
+ this.logger.info("16v6hv", correlationId);
19571
+ this.performanceClient.incrementFields({ visibilityChangeCount: 1 }, correlationId);
19572
+ }
19573
+ else if (event.type === "online") {
19574
+ this.logger.info("0zirfd", correlationId);
19575
+ this.performanceClient.incrementFields({ onlineStatusChangeCount: 1 }, correlationId);
19576
+ }
19577
+ else if (event.type === "offline") {
19578
+ this.logger.info("1xk9ef", correlationId);
19579
+ this.performanceClient.incrementFields({ onlineStatusChangeCount: 1 }, correlationId);
19580
+ }
19505
19581
  }
19506
19582
  /**
19507
19583
  * Initializer function to perform async startup tasks such as connecting to WAM extension
@@ -19843,15 +19919,40 @@ class StandardController {
19843
19919
  }
19844
19920
  });
19845
19921
  }
19846
- trackPageVisibilityWithMeasurement() {
19922
+ trackStateChangeWithMeasurement(event) {
19847
19923
  const measurement = this.ssoSilentMeasurement ||
19848
19924
  this.acquireTokenByCodeAsyncMeasurement;
19849
19925
  if (!measurement) {
19850
19926
  return;
19851
19927
  }
19852
- measurement.increment({
19853
- visibilityChangeCount: 1,
19854
- });
19928
+ if (event.type === "visibilitychange") {
19929
+ this.logger.info("0yzimq", measurement.event.correlationId);
19930
+ measurement.increment({
19931
+ visibilityChangeCount: 1,
19932
+ });
19933
+ }
19934
+ else if (event.type === "online") {
19935
+ this.logger.info("1caf53", measurement.event.correlationId);
19936
+ measurement.increment({
19937
+ onlineStatusChangeCount: 1,
19938
+ });
19939
+ }
19940
+ else if (event.type === "offline") {
19941
+ this.logger.info("0fdyk7", measurement.event.correlationId);
19942
+ measurement.increment({
19943
+ onlineStatusChangeCount: 1,
19944
+ });
19945
+ }
19946
+ }
19947
+ addStateChangeListeners(listener) {
19948
+ document.addEventListener("visibilitychange", listener);
19949
+ window.addEventListener("online", listener);
19950
+ window.addEventListener("offline", listener);
19951
+ }
19952
+ removeStateChangeListeners(listener) {
19953
+ document.removeEventListener("visibilitychange", listener);
19954
+ window.removeEventListener("online", listener);
19955
+ window.removeEventListener("offline", listener);
19855
19956
  }
19856
19957
  // #endregion
19857
19958
  // #region Silent Flow
@@ -19885,8 +19986,9 @@ class StandardController {
19885
19986
  preflightCheck(this.initialized, this.ssoSilentMeasurement, this.config, validRequest);
19886
19987
  this.ssoSilentMeasurement?.increment({
19887
19988
  visibilityChangeCount: 0,
19989
+ onlineStatusChangeCount: 0,
19888
19990
  });
19889
- document.addEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
19991
+ this.addStateChangeListeners(this.trackStateChangeWithMeasurement);
19890
19992
  const loggedInAccounts = this.getAllAccounts();
19891
19993
  this.logger.verbose("0w1b45", correlationId);
19892
19994
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, InteractionType.Silent, validRequest);
@@ -19929,7 +20031,7 @@ class StandardController {
19929
20031
  throw e;
19930
20032
  })
19931
20033
  .finally(() => {
19932
- document.removeEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
20034
+ this.removeStateChangeListeners(this.trackStateChangeWithMeasurement);
19933
20035
  });
19934
20036
  }
19935
20037
  /**
@@ -20036,8 +20138,9 @@ class StandardController {
20036
20138
  this.performanceClient.startMeasurement(AcquireTokenByCodeAsync, correlationId);
20037
20139
  this.acquireTokenByCodeAsyncMeasurement?.increment({
20038
20140
  visibilityChangeCount: 0,
20141
+ onlineStatusChangeCount: 0,
20039
20142
  });
20040
- document.addEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
20143
+ this.addStateChangeListeners(this.trackStateChangeWithMeasurement);
20041
20144
  const silentAuthCodeClient = this.createSilentAuthCodeClient(correlationId);
20042
20145
  const silentTokenResult = await silentAuthCodeClient
20043
20146
  .acquireToken(request)
@@ -20056,7 +20159,7 @@ class StandardController {
20056
20159
  throw tokenRenewalError;
20057
20160
  })
20058
20161
  .finally(() => {
20059
- document.removeEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
20162
+ this.removeStateChangeListeners(this.trackStateChangeWithMeasurement);
20060
20163
  });
20061
20164
  return silentTokenResult;
20062
20165
  }
@@ -20518,12 +20621,12 @@ class StandardController {
20518
20621
  * @returns {Promise.<AuthenticationResult>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse}
20519
20622
  */
20520
20623
  async acquireTokenSilentAsync(request, account) {
20521
- const trackPageVisibility = () => this.trackPageVisibility(request.correlationId);
20624
+ const trackStateChange = (event) => this.trackStateChange(request.correlationId, event);
20522
20625
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, request.correlationId, InteractionType.Silent, request);
20523
20626
  if (request.correlationId) {
20524
- this.performanceClient.incrementFields({ visibilityChangeCount: 0 }, request.correlationId);
20627
+ this.performanceClient.incrementFields({ visibilityChangeCount: 0, onlineStatusChangeCount: 0 }, request.correlationId);
20525
20628
  }
20526
- document.addEventListener("visibilitychange", trackPageVisibility);
20629
+ this.addStateChangeListeners(trackStateChange);
20527
20630
  const silentRequest = await invokeAsync(initializeSilentRequest, InitializeSilentRequest, this.logger, this.performanceClient, request.correlationId)(request, account, this.config, this.performanceClient, this.logger);
20528
20631
  const cacheLookupPolicy = request.cacheLookupPolicy || CacheLookupPolicy.Default;
20529
20632
  const result = this.acquireTokenSilentNoIframe(silentRequest, cacheLookupPolicy).catch(async (refreshTokenError) => {
@@ -20605,7 +20708,7 @@ class StandardController {
20605
20708
  throw tokenRenewalError;
20606
20709
  })
20607
20710
  .finally(() => {
20608
- document.removeEventListener("visibilitychange", trackPageVisibility);
20711
+ this.removeStateChangeListeners(trackStateChange);
20609
20712
  });
20610
20713
  }
20611
20714
  /**