@azure/msal-browser 5.6.1 → 5.6.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.mjs +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.d.ts.map +1 -1
- package/dist/cache/TokenCache.mjs +9 -9
- package/dist/cache/TokenCache.mjs.map +1 -1
- package/dist/config/Configuration.d.ts +13 -1
- package/dist/config/Configuration.d.ts.map +1 -1
- package/dist/config/Configuration.mjs +9 -2
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.d.ts +4 -2
- package/dist/controllers/StandardController.d.ts.map +1 -1
- package/dist/controllers/StandardController.mjs +56 -19
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
- package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
- package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
- package/dist/custom-auth-path/cache/CacheKeys.mjs +1 -1
- package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
- package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/TokenCache.d.ts.map +1 -1
- package/dist/custom-auth-path/config/Configuration.d.ts +13 -1
- package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
- package/dist/custom-auth-path/config/Configuration.mjs +9 -2
- package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
- package/dist/custom-auth-path/controllers/StandardController.d.ts +4 -2
- package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
- package/dist/custom-auth-path/controllers/StandardController.mjs +56 -19
- package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
- package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
- package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
- package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
- package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
- package/dist/custom-auth-path/event/EventType.mjs +1 -1
- package/dist/custom-auth-path/index.d.ts +1 -1
- package/dist/custom-auth-path/index.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +8 -8
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/PopupClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +21 -8
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/custom-auth-path/interaction_handler/SilentHandler.d.ts +6 -0
- package/dist/custom-auth-path/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +12 -2
- package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs.map +1 -1
- package/dist/custom-auth-path/log-strings-mapping.json +23 -3
- package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
- package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
- package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
- package/dist/custom-auth-path/packageMetadata.mjs +2 -2
- package/dist/custom-auth-path/protocol/Authorize.mjs +1 -1
- package/dist/custom-auth-path/redirect_bridge/index.d.ts.map +1 -1
- package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
- package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
- package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts +5 -0
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +9 -3
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
- package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserUtils.d.ts +2 -2
- package/dist/custom-auth-path/utils/BrowserUtils.d.ts.map +1 -1
- package/dist/custom-auth-path/utils/BrowserUtils.mjs +27 -3
- package/dist/custom-auth-path/utils/BrowserUtils.mjs.map +1 -1
- package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
- package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.mjs +1 -1
- package/dist/index.mjs.map +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
- package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +8 -8
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +1 -1
- package/dist/interaction_client/RedirectClient.mjs +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +21 -8
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.d.ts +6 -0
- package/dist/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +12 -2
- package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
- package/dist/log-strings-mapping.json +31 -11
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
- package/dist/redirect-bridge/cache/TokenCache.d.ts.map +1 -1
- package/dist/redirect-bridge/config/Configuration.d.ts +13 -1
- package/dist/redirect-bridge/config/Configuration.d.ts.map +1 -1
- package/dist/redirect-bridge/config/Configuration.mjs +1 -1
- package/dist/redirect-bridge/controllers/StandardController.d.ts +4 -2
- package/dist/redirect-bridge/controllers/StandardController.d.ts.map +1 -1
- package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
- package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
- package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/redirect-bridge/index.d.ts +1 -1
- package/dist/redirect-bridge/index.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
- package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_handler/SilentHandler.d.ts +6 -0
- package/dist/redirect-bridge/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
- package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
- package/dist/redirect-bridge/redirect_bridge/index.d.ts.map +1 -1
- package/dist/redirect-bridge/redirect_bridge/index.mjs +43 -24
- package/dist/redirect-bridge/redirect_bridge/index.mjs.map +1 -1
- package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts +5 -0
- package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/dist/redirect-bridge/utils/BrowserConstants.mjs +1 -1
- package/dist/redirect-bridge/utils/BrowserUtils.d.ts +2 -2
- package/dist/redirect-bridge/utils/BrowserUtils.d.ts.map +1 -1
- package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
- package/dist/redirect-bridge/utils/BrowserUtils.mjs.map +1 -1
- package/dist/redirect_bridge/index.d.ts.map +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/dist/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +6 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.d.ts +5 -0
- package/dist/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +9 -3
- package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.d.ts +2 -2
- package/dist/utils/BrowserUtils.d.ts.map +1 -1
- package/dist/utils/BrowserUtils.mjs +27 -3
- package/dist/utils/BrowserUtils.mjs.map +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +23 -3
- package/lib/custom-auth-path/msal-custom-auth.cjs +649 -546
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/types/cache/TokenCache.d.ts.map +1 -1
- package/lib/custom-auth-path/types/config/Configuration.d.ts +13 -1
- package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
- package/lib/custom-auth-path/types/controllers/StandardController.d.ts +4 -2
- package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/lib/custom-auth-path/types/index.d.ts +1 -1
- package/lib/custom-auth-path/types/index.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
- package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_handler/SilentHandler.d.ts +6 -0
- package/lib/custom-auth-path/types/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
- package/lib/custom-auth-path/types/redirect_bridge/index.d.ts.map +1 -1
- package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts +5 -0
- package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts +2 -2
- package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts.map +1 -1
- package/lib/log-strings-mapping.json +31 -11
- package/lib/msal-browser.cjs +794 -685
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +794 -685
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.js +52 -33
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
- package/lib/types/cache/TokenCache.d.ts.map +1 -1
- package/lib/types/config/Configuration.d.ts +13 -1
- package/lib/types/config/Configuration.d.ts.map +1 -1
- package/lib/types/controllers/StandardController.d.ts +4 -2
- package/lib/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/lib/types/index.d.ts +1 -1
- package/lib/types/index.d.ts.map +1 -1
- package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
- package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/lib/types/interaction_handler/SilentHandler.d.ts +6 -0
- package/lib/types/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/redirect_bridge/index.d.ts.map +1 -1
- package/lib/types/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/lib/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/lib/types/telemetry/BrowserPerformanceEvents.d.ts +5 -0
- package/lib/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/lib/types/utils/BrowserUtils.d.ts +2 -2
- package/lib/types/utils/BrowserUtils.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/cache/TokenCache.ts +27 -24
- package/src/config/Configuration.ts +22 -0
- package/src/controllers/StandardController.ts +84 -35
- package/src/index.ts +1 -0
- package/src/interaction_client/PlatformAuthInteractionClient.ts +55 -53
- package/src/interaction_client/SilentIframeClient.ts +55 -29
- package/src/interaction_handler/SilentHandler.ts +11 -0
- package/src/packageMetadata.ts +1 -1
- package/src/redirect_bridge/index.ts +47 -25
- package/src/telemetry/BrowserPerformanceClient.ts +6 -0
- package/src/telemetry/BrowserPerformanceEvents.ts +6 -0
- package/src/utils/BrowserUtils.ts +36 -4
package/lib/msal-browser.cjs
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.6.
|
|
1
|
+
/*! @azure/msal-browser v5.6.3 2026-04-01 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
5
|
-
/*! @azure/msal-common v16.4.
|
|
5
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
6
6
|
/*
|
|
7
7
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8
8
|
* Licensed under the MIT License.
|
|
@@ -234,7 +234,7 @@ const JsonWebTokenTypes$1 = {
|
|
|
234
234
|
// Token renewal offset default in seconds
|
|
235
235
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
236
236
|
|
|
237
|
-
/*! @azure/msal-common v16.4.
|
|
237
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
238
238
|
/*
|
|
239
239
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
240
240
|
* Licensed under the MIT License.
|
|
@@ -286,7 +286,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
|
|
|
286
286
|
const RESOURCE = "resource";
|
|
287
287
|
const CLI_DATA = "clidata";
|
|
288
288
|
|
|
289
|
-
/*! @azure/msal-common v16.4.
|
|
289
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
290
290
|
/*
|
|
291
291
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
292
292
|
* Licensed under the MIT License.
|
|
@@ -317,7 +317,7 @@ function createAuthError(code, additionalMessage) {
|
|
|
317
317
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
318
318
|
}
|
|
319
319
|
|
|
320
|
-
/*! @azure/msal-common v16.4.
|
|
320
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
321
321
|
|
|
322
322
|
/*
|
|
323
323
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -337,7 +337,7 @@ function createClientConfigurationError(errorCode) {
|
|
|
337
337
|
return new ClientConfigurationError(errorCode);
|
|
338
338
|
}
|
|
339
339
|
|
|
340
|
-
/*! @azure/msal-common v16.4.
|
|
340
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
341
341
|
/*
|
|
342
342
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
343
343
|
* Licensed under the MIT License.
|
|
@@ -417,7 +417,7 @@ class StringUtils {
|
|
|
417
417
|
}
|
|
418
418
|
}
|
|
419
419
|
|
|
420
|
-
/*! @azure/msal-common v16.4.
|
|
420
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
421
421
|
|
|
422
422
|
/*
|
|
423
423
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -440,7 +440,7 @@ function createClientAuthError(errorCode, additionalMessage) {
|
|
|
440
440
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
441
441
|
}
|
|
442
442
|
|
|
443
|
-
/*! @azure/msal-common v16.4.
|
|
443
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
444
444
|
/*
|
|
445
445
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
446
446
|
* Licensed under the MIT License.
|
|
@@ -494,7 +494,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
494
494
|
urlParseError: urlParseError
|
|
495
495
|
});
|
|
496
496
|
|
|
497
|
-
/*! @azure/msal-common v16.4.
|
|
497
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
498
498
|
/*
|
|
499
499
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
500
500
|
* Licensed under the MIT License.
|
|
@@ -582,7 +582,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
582
582
|
userCanceled: userCanceled
|
|
583
583
|
});
|
|
584
584
|
|
|
585
|
-
/*! @azure/msal-common v16.4.
|
|
585
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
586
586
|
|
|
587
587
|
/*
|
|
588
588
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -777,7 +777,7 @@ class ScopeSet {
|
|
|
777
777
|
}
|
|
778
778
|
}
|
|
779
779
|
|
|
780
|
-
/*! @azure/msal-common v16.4.
|
|
780
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
781
781
|
|
|
782
782
|
/*
|
|
783
783
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1155,7 +1155,7 @@ function addResource(parameters, resource) {
|
|
|
1155
1155
|
}
|
|
1156
1156
|
}
|
|
1157
1157
|
|
|
1158
|
-
/*! @azure/msal-common v16.4.
|
|
1158
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
1159
1159
|
|
|
1160
1160
|
/*
|
|
1161
1161
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1264,7 +1264,7 @@ function normalizeUrlForComparison(url) {
|
|
|
1264
1264
|
}
|
|
1265
1265
|
}
|
|
1266
1266
|
|
|
1267
|
-
/*! @azure/msal-common v16.4.
|
|
1267
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
1268
1268
|
|
|
1269
1269
|
/*
|
|
1270
1270
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1303,7 +1303,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
|
|
|
1303
1303
|
},
|
|
1304
1304
|
};
|
|
1305
1305
|
|
|
1306
|
-
/*! @azure/msal-common v16.4.
|
|
1306
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
1307
1307
|
/*
|
|
1308
1308
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1309
1309
|
* Licensed under the MIT License.
|
|
@@ -1578,12 +1578,12 @@ class Logger {
|
|
|
1578
1578
|
}
|
|
1579
1579
|
}
|
|
1580
1580
|
|
|
1581
|
-
/*! @azure/msal-common v16.4.
|
|
1581
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
1582
1582
|
/* eslint-disable header/header */
|
|
1583
1583
|
const name$1 = "@azure/msal-common";
|
|
1584
|
-
const version$1 = "16.4.
|
|
1584
|
+
const version$1 = "16.4.1";
|
|
1585
1585
|
|
|
1586
|
-
/*! @azure/msal-common v16.4.
|
|
1586
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
1587
1587
|
/*
|
|
1588
1588
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1589
1589
|
* Licensed under the MIT License.
|
|
@@ -1603,7 +1603,7 @@ const AzureCloudInstance = {
|
|
|
1603
1603
|
AzureUsGovernment: "https://login.microsoftonline.us",
|
|
1604
1604
|
};
|
|
1605
1605
|
|
|
1606
|
-
/*! @azure/msal-common v16.4.
|
|
1606
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
1607
1607
|
/*
|
|
1608
1608
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1609
1609
|
* Licensed under the MIT License.
|
|
@@ -1685,7 +1685,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
|
|
|
1685
1685
|
return updatedAccountInfo;
|
|
1686
1686
|
}
|
|
1687
1687
|
|
|
1688
|
-
/*! @azure/msal-common v16.4.
|
|
1688
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
1689
1689
|
|
|
1690
1690
|
/*
|
|
1691
1691
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1765,7 +1765,7 @@ function checkMaxAge(authTime, maxAge) {
|
|
|
1765
1765
|
}
|
|
1766
1766
|
}
|
|
1767
1767
|
|
|
1768
|
-
/*! @azure/msal-common v16.4.
|
|
1768
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
1769
1769
|
|
|
1770
1770
|
/*
|
|
1771
1771
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1922,7 +1922,7 @@ class UrlString {
|
|
|
1922
1922
|
}
|
|
1923
1923
|
}
|
|
1924
1924
|
|
|
1925
|
-
/*! @azure/msal-common v16.4.
|
|
1925
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
1926
1926
|
|
|
1927
1927
|
/*
|
|
1928
1928
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2079,7 +2079,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
2079
2079
|
return null;
|
|
2080
2080
|
}
|
|
2081
2081
|
|
|
2082
|
-
/*! @azure/msal-common v16.4.
|
|
2082
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
2083
2083
|
/*
|
|
2084
2084
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2085
2085
|
* Licensed under the MIT License.
|
|
@@ -2087,7 +2087,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
2087
2087
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
2088
2088
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
2089
2089
|
|
|
2090
|
-
/*! @azure/msal-common v16.4.
|
|
2090
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
2091
2091
|
|
|
2092
2092
|
/*
|
|
2093
2093
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2125,7 +2125,7 @@ function createCacheError(e) {
|
|
|
2125
2125
|
}
|
|
2126
2126
|
}
|
|
2127
2127
|
|
|
2128
|
-
/*! @azure/msal-common v16.4.
|
|
2128
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
2129
2129
|
|
|
2130
2130
|
/*
|
|
2131
2131
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2163,7 +2163,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
|
|
|
2163
2163
|
};
|
|
2164
2164
|
}
|
|
2165
2165
|
|
|
2166
|
-
/*! @azure/msal-common v16.4.
|
|
2166
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
2167
2167
|
/*
|
|
2168
2168
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2169
2169
|
* Licensed under the MIT License.
|
|
@@ -2178,7 +2178,7 @@ const AuthorityType = {
|
|
|
2178
2178
|
Ciam: 3,
|
|
2179
2179
|
};
|
|
2180
2180
|
|
|
2181
|
-
/*! @azure/msal-common v16.4.
|
|
2181
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
2182
2182
|
/*
|
|
2183
2183
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2184
2184
|
* Licensed under the MIT License.
|
|
@@ -2200,7 +2200,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
|
|
|
2200
2200
|
return null;
|
|
2201
2201
|
}
|
|
2202
2202
|
|
|
2203
|
-
/*! @azure/msal-common v16.4.
|
|
2203
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
2204
2204
|
/*
|
|
2205
2205
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2206
2206
|
* Licensed under the MIT License.
|
|
@@ -2224,7 +2224,7 @@ const ProtocolMode = {
|
|
|
2224
2224
|
EAR: "EAR",
|
|
2225
2225
|
};
|
|
2226
2226
|
|
|
2227
|
-
/*! @azure/msal-common v16.4.
|
|
2227
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
2228
2228
|
/**
|
|
2229
2229
|
* Returns the AccountInfo interface for this account.
|
|
2230
2230
|
*/
|
|
@@ -2399,7 +2399,7 @@ function isAccountEntity(entity) {
|
|
|
2399
2399
|
entity.hasOwnProperty("authorityType"));
|
|
2400
2400
|
}
|
|
2401
2401
|
|
|
2402
|
-
/*! @azure/msal-common v16.4.
|
|
2402
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
2403
2403
|
|
|
2404
2404
|
/*
|
|
2405
2405
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3501,7 +3501,7 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3501
3501
|
}
|
|
3502
3502
|
}
|
|
3503
3503
|
|
|
3504
|
-
/*! @azure/msal-common v16.4.
|
|
3504
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
3505
3505
|
/*
|
|
3506
3506
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3507
3507
|
* Licensed under the MIT License.
|
|
@@ -3546,12 +3546,13 @@ const IntFields = new Set([
|
|
|
3546
3546
|
"currRefreshCount",
|
|
3547
3547
|
"expiredCacheRemovedCount",
|
|
3548
3548
|
"upgradedCacheCount",
|
|
3549
|
+
"cacheMatchedAccounts",
|
|
3549
3550
|
"networkRtt",
|
|
3550
3551
|
"redirectBridgeTimeoutMs",
|
|
3551
3552
|
"redirectBridgeMessageVersion",
|
|
3552
3553
|
]);
|
|
3553
3554
|
|
|
3554
|
-
/*! @azure/msal-common v16.4.
|
|
3555
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
3555
3556
|
|
|
3556
3557
|
/*
|
|
3557
3558
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3606,7 +3607,7 @@ class StubPerformanceClient {
|
|
|
3606
3607
|
}
|
|
3607
3608
|
}
|
|
3608
3609
|
|
|
3609
|
-
/*! @azure/msal-common v16.4.
|
|
3610
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
3610
3611
|
|
|
3611
3612
|
/*
|
|
3612
3613
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3701,291 +3702,358 @@ function isOidcProtocolMode(config) {
|
|
|
3701
3702
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3702
3703
|
}
|
|
3703
3704
|
|
|
3704
|
-
/*! @azure/msal-common v16.4.
|
|
3705
|
-
|
|
3705
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
3706
3706
|
/*
|
|
3707
3707
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3708
3708
|
* Licensed under the MIT License.
|
|
3709
3709
|
*/
|
|
3710
3710
|
/**
|
|
3711
|
-
*
|
|
3712
|
-
|
|
3713
|
-
|
|
3714
|
-
constructor(
|
|
3715
|
-
|
|
3716
|
-
this.
|
|
3717
|
-
|
|
3718
|
-
|
|
3719
|
-
|
|
3711
|
+
* This class instance helps track the memory changes facilitating
|
|
3712
|
+
* decisions to read from and write to the persistent cache
|
|
3713
|
+
*/ class TokenCacheContext {
|
|
3714
|
+
constructor(tokenCache, hasChanged) {
|
|
3715
|
+
this.cache = tokenCache;
|
|
3716
|
+
this.hasChanged = hasChanged;
|
|
3717
|
+
}
|
|
3718
|
+
/**
|
|
3719
|
+
* boolean which indicates the changes in cache
|
|
3720
|
+
*/
|
|
3721
|
+
get cacheHasChanged() {
|
|
3722
|
+
return this.hasChanged;
|
|
3723
|
+
}
|
|
3724
|
+
/**
|
|
3725
|
+
* function to retrieve the token cache
|
|
3726
|
+
*/
|
|
3727
|
+
get tokenCache() {
|
|
3728
|
+
return this.cache;
|
|
3720
3729
|
}
|
|
3721
3730
|
}
|
|
3722
3731
|
|
|
3723
|
-
/*! @azure/msal-common v16.4.
|
|
3732
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
3724
3733
|
/*
|
|
3725
3734
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3726
3735
|
* Licensed under the MIT License.
|
|
3727
3736
|
*/
|
|
3728
3737
|
/**
|
|
3729
|
-
*
|
|
3730
|
-
* @public
|
|
3731
|
-
*/
|
|
3732
|
-
const noTokensFound = "no_tokens_found";
|
|
3733
|
-
/**
|
|
3734
|
-
* MSAL-defined error code indicating a native account is unavailable on the platform.
|
|
3735
|
-
* @public
|
|
3736
|
-
*/
|
|
3737
|
-
const nativeAccountUnavailable = "native_account_unavailable";
|
|
3738
|
-
/**
|
|
3739
|
-
* MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
|
|
3740
|
-
* @public
|
|
3741
|
-
*/
|
|
3742
|
-
const refreshTokenExpired = "refresh_token_expired";
|
|
3743
|
-
/**
|
|
3744
|
-
* MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
|
|
3745
|
-
* @public
|
|
3746
|
-
*/
|
|
3747
|
-
const uxNotAllowed = "ux_not_allowed";
|
|
3748
|
-
/**
|
|
3749
|
-
* Server-originated error code indicating interaction is required to complete the request.
|
|
3750
|
-
* @public
|
|
3751
|
-
*/
|
|
3752
|
-
const interactionRequired = "interaction_required";
|
|
3753
|
-
/**
|
|
3754
|
-
* Server-originated error code indicating user consent is required.
|
|
3755
|
-
* @public
|
|
3756
|
-
*/
|
|
3757
|
-
const consentRequired = "consent_required";
|
|
3758
|
-
/**
|
|
3759
|
-
* Server-originated error code indicating user login is required.
|
|
3760
|
-
* @public
|
|
3738
|
+
* Utility functions for managing date and time operations.
|
|
3761
3739
|
*/
|
|
3762
|
-
const loginRequired = "login_required";
|
|
3763
3740
|
/**
|
|
3764
|
-
*
|
|
3765
|
-
* @public
|
|
3741
|
+
* return the current time in Unix time (seconds).
|
|
3766
3742
|
*/
|
|
3767
|
-
|
|
3743
|
+
function nowSeconds() {
|
|
3744
|
+
// Date.getTime() returns in milliseconds.
|
|
3745
|
+
return Math.round(new Date().getTime() / 1000.0);
|
|
3746
|
+
}
|
|
3768
3747
|
/**
|
|
3769
|
-
*
|
|
3770
|
-
* @
|
|
3771
|
-
*/
|
|
3772
|
-
const interruptedUser = "interrupted_user";
|
|
3773
|
-
|
|
3774
|
-
var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
3775
|
-
__proto__: null,
|
|
3776
|
-
badToken: badToken,
|
|
3777
|
-
consentRequired: consentRequired,
|
|
3778
|
-
interactionRequired: interactionRequired,
|
|
3779
|
-
interruptedUser: interruptedUser,
|
|
3780
|
-
loginRequired: loginRequired,
|
|
3781
|
-
nativeAccountUnavailable: nativeAccountUnavailable,
|
|
3782
|
-
noTokensFound: noTokensFound,
|
|
3783
|
-
refreshTokenExpired: refreshTokenExpired,
|
|
3784
|
-
uxNotAllowed: uxNotAllowed
|
|
3785
|
-
});
|
|
3786
|
-
|
|
3787
|
-
/*! @azure/msal-common v16.4.0 2026-03-19 */
|
|
3788
|
-
|
|
3789
|
-
/*
|
|
3790
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3791
|
-
* Licensed under the MIT License.
|
|
3748
|
+
* Converts JS Date object to seconds
|
|
3749
|
+
* @param date Date
|
|
3792
3750
|
*/
|
|
3751
|
+
function toSecondsFromDate(date) {
|
|
3752
|
+
// Convert date to seconds
|
|
3753
|
+
return date.getTime() / 1000;
|
|
3754
|
+
}
|
|
3793
3755
|
/**
|
|
3794
|
-
*
|
|
3756
|
+
* Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
|
|
3757
|
+
* @param seconds
|
|
3795
3758
|
*/
|
|
3796
|
-
|
|
3797
|
-
|
|
3798
|
-
|
|
3799
|
-
|
|
3800
|
-
|
|
3801
|
-
|
|
3802
|
-
interruptedUser,
|
|
3803
|
-
];
|
|
3804
|
-
const InteractionRequiredAuthSubErrorMessage = [
|
|
3805
|
-
"message_only",
|
|
3806
|
-
"additional_action",
|
|
3807
|
-
"basic_action",
|
|
3808
|
-
"user_password_expired",
|
|
3809
|
-
"consent_required",
|
|
3810
|
-
"bad_token",
|
|
3811
|
-
"ux_not_allowed",
|
|
3812
|
-
"interrupted_user",
|
|
3813
|
-
];
|
|
3759
|
+
function toDateFromSeconds(seconds) {
|
|
3760
|
+
if (seconds) {
|
|
3761
|
+
return new Date(Number(seconds) * 1000);
|
|
3762
|
+
}
|
|
3763
|
+
return new Date();
|
|
3764
|
+
}
|
|
3814
3765
|
/**
|
|
3815
|
-
*
|
|
3766
|
+
* check if a token is expired based on given UTC time in seconds.
|
|
3767
|
+
* @param expiresOn
|
|
3816
3768
|
*/
|
|
3817
|
-
|
|
3818
|
-
|
|
3819
|
-
|
|
3820
|
-
|
|
3821
|
-
|
|
3822
|
-
|
|
3823
|
-
this.correlationId = correlationId || "";
|
|
3824
|
-
this.claims = claims || "";
|
|
3825
|
-
this.name = "InteractionRequiredAuthError";
|
|
3826
|
-
this.errorNo = errorNo;
|
|
3827
|
-
}
|
|
3769
|
+
function isTokenExpired(expiresOn, offset) {
|
|
3770
|
+
// check for access token expiry
|
|
3771
|
+
const expirationSec = Number(expiresOn) || 0;
|
|
3772
|
+
const offsetCurrentTimeSec = nowSeconds() + offset;
|
|
3773
|
+
// If current time + offset is greater than token expiration time, then token is expired.
|
|
3774
|
+
return offsetCurrentTimeSec > expirationSec;
|
|
3828
3775
|
}
|
|
3829
3776
|
/**
|
|
3830
|
-
*
|
|
3831
|
-
* @param
|
|
3832
|
-
* @param
|
|
3833
|
-
* @
|
|
3777
|
+
* Checks if a cache entry is expired based on the last updated time and cache retention days.
|
|
3778
|
+
* @param lastUpdatedAt
|
|
3779
|
+
* @param cacheRetentionDays
|
|
3780
|
+
* @returns
|
|
3834
3781
|
*/
|
|
3835
|
-
function
|
|
3836
|
-
const
|
|
3837
|
-
|
|
3838
|
-
const isInteractionRequiredSubError = !!subError &&
|
|
3839
|
-
InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
|
|
3840
|
-
const isInteractionRequiredErrorDesc = !!errorString &&
|
|
3841
|
-
InteractionRequiredServerErrorMessage.some((irErrorCode) => {
|
|
3842
|
-
return errorString.indexOf(irErrorCode) > -1;
|
|
3843
|
-
});
|
|
3844
|
-
return (isInteractionRequiredErrorCode ||
|
|
3845
|
-
isInteractionRequiredErrorDesc ||
|
|
3846
|
-
isInteractionRequiredSubError);
|
|
3782
|
+
function isCacheExpired(lastUpdatedAt, cacheRetentionDays) {
|
|
3783
|
+
const cacheExpirationTimestamp = Number(lastUpdatedAt) + cacheRetentionDays * 24 * 60 * 60 * 1000;
|
|
3784
|
+
return Date.now() > cacheExpirationTimestamp;
|
|
3847
3785
|
}
|
|
3848
3786
|
/**
|
|
3849
|
-
*
|
|
3787
|
+
* If the current time is earlier than the time that a token was cached at, we must discard the token
|
|
3788
|
+
* i.e. The system clock was turned back after acquiring the cached token
|
|
3789
|
+
* @param cachedAt
|
|
3790
|
+
* @param offset
|
|
3850
3791
|
*/
|
|
3851
|
-
function
|
|
3852
|
-
|
|
3792
|
+
function wasClockTurnedBack(cachedAt) {
|
|
3793
|
+
const cachedAtSec = Number(cachedAt);
|
|
3794
|
+
return cachedAtSec > nowSeconds();
|
|
3853
3795
|
}
|
|
3854
3796
|
|
|
3855
|
-
/*! @azure/msal-common v16.4.
|
|
3797
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
3856
3798
|
|
|
3857
3799
|
/*
|
|
3858
3800
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3859
3801
|
* Licensed under the MIT License.
|
|
3860
3802
|
*/
|
|
3861
3803
|
/**
|
|
3862
|
-
*
|
|
3863
|
-
* @param
|
|
3864
|
-
* @param
|
|
3865
|
-
* @param
|
|
3804
|
+
* Create IdTokenEntity
|
|
3805
|
+
* @param homeAccountId
|
|
3806
|
+
* @param authenticationResult
|
|
3807
|
+
* @param clientId
|
|
3808
|
+
* @param authority
|
|
3866
3809
|
*/
|
|
3867
|
-
function
|
|
3868
|
-
const
|
|
3869
|
-
|
|
3870
|
-
|
|
3871
|
-
:
|
|
3810
|
+
function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
|
|
3811
|
+
const idTokenEntity = {
|
|
3812
|
+
credentialType: CredentialType.ID_TOKEN,
|
|
3813
|
+
homeAccountId: homeAccountId,
|
|
3814
|
+
environment: environment,
|
|
3815
|
+
clientId: clientId,
|
|
3816
|
+
secret: idToken,
|
|
3817
|
+
realm: tenantId,
|
|
3818
|
+
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
3819
|
+
};
|
|
3820
|
+
return idTokenEntity;
|
|
3872
3821
|
}
|
|
3873
3822
|
/**
|
|
3874
|
-
*
|
|
3875
|
-
* @param
|
|
3876
|
-
* @param
|
|
3823
|
+
* Create AccessTokenEntity
|
|
3824
|
+
* @param homeAccountId
|
|
3825
|
+
* @param environment
|
|
3826
|
+
* @param accessToken
|
|
3827
|
+
* @param clientId
|
|
3828
|
+
* @param tenantId
|
|
3829
|
+
* @param scopes
|
|
3830
|
+
* @param expiresOn
|
|
3831
|
+
* @param extExpiresOn
|
|
3877
3832
|
*/
|
|
3878
|
-
function
|
|
3879
|
-
|
|
3880
|
-
|
|
3881
|
-
|
|
3882
|
-
|
|
3883
|
-
|
|
3884
|
-
|
|
3833
|
+
function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId) {
|
|
3834
|
+
const atEntity = {
|
|
3835
|
+
homeAccountId: homeAccountId,
|
|
3836
|
+
credentialType: CredentialType.ACCESS_TOKEN,
|
|
3837
|
+
secret: accessToken,
|
|
3838
|
+
cachedAt: nowSeconds().toString(),
|
|
3839
|
+
expiresOn: expiresOn.toString(),
|
|
3840
|
+
extendedExpiresOn: extExpiresOn.toString(),
|
|
3841
|
+
environment: environment,
|
|
3842
|
+
clientId: clientId,
|
|
3843
|
+
realm: tenantId,
|
|
3844
|
+
target: scopes,
|
|
3845
|
+
tokenType: tokenType || AuthenticationScheme$1.BEARER,
|
|
3846
|
+
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
3885
3847
|
};
|
|
3886
|
-
if (
|
|
3887
|
-
|
|
3848
|
+
if (userAssertionHash) {
|
|
3849
|
+
atEntity.userAssertionHash = userAssertionHash;
|
|
3888
3850
|
}
|
|
3889
|
-
|
|
3890
|
-
|
|
3851
|
+
if (refreshOn) {
|
|
3852
|
+
atEntity.refreshOn = refreshOn.toString();
|
|
3853
|
+
}
|
|
3854
|
+
/*
|
|
3855
|
+
* Create Access Token With Auth Scheme instead of regular access token
|
|
3856
|
+
* Cast to lower to handle "bearer" from ADFS
|
|
3857
|
+
*/
|
|
3858
|
+
if (atEntity.tokenType?.toLowerCase() !==
|
|
3859
|
+
AuthenticationScheme$1.BEARER.toLowerCase()) {
|
|
3860
|
+
atEntity.credentialType =
|
|
3861
|
+
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
|
|
3862
|
+
switch (atEntity.tokenType) {
|
|
3863
|
+
case AuthenticationScheme$1.POP:
|
|
3864
|
+
// Make sure keyId is present and add it to credential
|
|
3865
|
+
const tokenClaims = extractTokenClaims(accessToken, base64Decode);
|
|
3866
|
+
if (!tokenClaims?.cnf?.kid) {
|
|
3867
|
+
throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
|
|
3868
|
+
}
|
|
3869
|
+
atEntity.keyId = tokenClaims.cnf.kid;
|
|
3870
|
+
break;
|
|
3871
|
+
case AuthenticationScheme$1.SSH:
|
|
3872
|
+
atEntity.keyId = keyId;
|
|
3873
|
+
}
|
|
3874
|
+
}
|
|
3875
|
+
return atEntity;
|
|
3891
3876
|
}
|
|
3892
3877
|
/**
|
|
3893
|
-
*
|
|
3894
|
-
* @param
|
|
3895
|
-
* @param
|
|
3878
|
+
* Create RefreshTokenEntity
|
|
3879
|
+
* @param homeAccountId
|
|
3880
|
+
* @param authenticationResult
|
|
3881
|
+
* @param clientId
|
|
3882
|
+
* @param authority
|
|
3896
3883
|
*/
|
|
3897
|
-
function
|
|
3898
|
-
|
|
3899
|
-
|
|
3884
|
+
function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
|
|
3885
|
+
const rtEntity = {
|
|
3886
|
+
credentialType: CredentialType.REFRESH_TOKEN,
|
|
3887
|
+
homeAccountId: homeAccountId,
|
|
3888
|
+
environment: environment,
|
|
3889
|
+
clientId: clientId,
|
|
3890
|
+
secret: refreshToken,
|
|
3891
|
+
lastUpdatedAt: Date.now().toString(),
|
|
3892
|
+
};
|
|
3893
|
+
if (userAssertionHash) {
|
|
3894
|
+
rtEntity.userAssertionHash = userAssertionHash;
|
|
3900
3895
|
}
|
|
3901
|
-
if (
|
|
3902
|
-
|
|
3896
|
+
if (familyId) {
|
|
3897
|
+
rtEntity.familyId = familyId;
|
|
3903
3898
|
}
|
|
3904
|
-
|
|
3905
|
-
|
|
3906
|
-
const splitState = state.split(RESOURCE_DELIM);
|
|
3907
|
-
const libraryState = splitState[0];
|
|
3908
|
-
const userState = splitState.length > 1
|
|
3909
|
-
? splitState.slice(1).join(RESOURCE_DELIM)
|
|
3910
|
-
: "";
|
|
3911
|
-
const libraryStateString = base64Decode(libraryState);
|
|
3912
|
-
const libraryStateObj = JSON.parse(libraryStateString);
|
|
3913
|
-
return {
|
|
3914
|
-
userRequestState: userState || "",
|
|
3915
|
-
libraryState: libraryStateObj,
|
|
3916
|
-
};
|
|
3899
|
+
if (expiresOn) {
|
|
3900
|
+
rtEntity.expiresOn = expiresOn.toString();
|
|
3917
3901
|
}
|
|
3918
|
-
|
|
3919
|
-
|
|
3902
|
+
return rtEntity;
|
|
3903
|
+
}
|
|
3904
|
+
function isCredentialEntity(entity) {
|
|
3905
|
+
return (entity.hasOwnProperty("homeAccountId") &&
|
|
3906
|
+
entity.hasOwnProperty("environment") &&
|
|
3907
|
+
entity.hasOwnProperty("credentialType") &&
|
|
3908
|
+
entity.hasOwnProperty("clientId") &&
|
|
3909
|
+
entity.hasOwnProperty("secret"));
|
|
3910
|
+
}
|
|
3911
|
+
/**
|
|
3912
|
+
* Validates an entity: checks for all expected params
|
|
3913
|
+
* @param entity
|
|
3914
|
+
*/
|
|
3915
|
+
function isAccessTokenEntity(entity) {
|
|
3916
|
+
if (!entity) {
|
|
3917
|
+
return false;
|
|
3920
3918
|
}
|
|
3921
|
-
|
|
3922
|
-
|
|
3923
|
-
|
|
3924
|
-
|
|
3925
|
-
|
|
3926
|
-
|
|
3919
|
+
return (isCredentialEntity(entity) &&
|
|
3920
|
+
entity.hasOwnProperty("realm") &&
|
|
3921
|
+
entity.hasOwnProperty("target") &&
|
|
3922
|
+
(entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
|
|
3923
|
+
entity["credentialType"] ===
|
|
3924
|
+
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
|
|
3925
|
+
}
|
|
3926
|
+
/**
|
|
3927
|
+
* Validates an entity: checks for all expected params
|
|
3928
|
+
* @param entity
|
|
3927
3929
|
*/
|
|
3930
|
+
function isIdTokenEntity(entity) {
|
|
3931
|
+
if (!entity) {
|
|
3932
|
+
return false;
|
|
3933
|
+
}
|
|
3934
|
+
return (isCredentialEntity(entity) &&
|
|
3935
|
+
entity.hasOwnProperty("realm") &&
|
|
3936
|
+
entity["credentialType"] === CredentialType.ID_TOKEN);
|
|
3937
|
+
}
|
|
3928
3938
|
/**
|
|
3929
|
-
*
|
|
3939
|
+
* Validates an entity: checks for all expected params
|
|
3940
|
+
* @param entity
|
|
3930
3941
|
*/
|
|
3942
|
+
function isRefreshTokenEntity(entity) {
|
|
3943
|
+
if (!entity) {
|
|
3944
|
+
return false;
|
|
3945
|
+
}
|
|
3946
|
+
return (isCredentialEntity(entity) &&
|
|
3947
|
+
entity["credentialType"] === CredentialType.REFRESH_TOKEN);
|
|
3948
|
+
}
|
|
3931
3949
|
/**
|
|
3932
|
-
*
|
|
3950
|
+
* validates if a given cache entry is "Telemetry", parses <key,value>
|
|
3951
|
+
* @param key
|
|
3952
|
+
* @param entity
|
|
3933
3953
|
*/
|
|
3934
|
-
function
|
|
3935
|
-
|
|
3936
|
-
|
|
3954
|
+
function isServerTelemetryEntity(key, entity) {
|
|
3955
|
+
const validateKey = key.indexOf(SERVER_TELEM_CACHE_KEY) === 0;
|
|
3956
|
+
let validateEntity = true;
|
|
3957
|
+
if (entity) {
|
|
3958
|
+
validateEntity =
|
|
3959
|
+
entity.hasOwnProperty("failedRequests") &&
|
|
3960
|
+
entity.hasOwnProperty("errors") &&
|
|
3961
|
+
entity.hasOwnProperty("cacheHits");
|
|
3962
|
+
}
|
|
3963
|
+
return validateKey && validateEntity;
|
|
3937
3964
|
}
|
|
3938
3965
|
/**
|
|
3939
|
-
*
|
|
3940
|
-
* @param
|
|
3966
|
+
* validates if a given cache entry is "Throttling", parses <key,value>
|
|
3967
|
+
* @param key
|
|
3968
|
+
* @param entity
|
|
3941
3969
|
*/
|
|
3942
|
-
function
|
|
3943
|
-
|
|
3944
|
-
|
|
3970
|
+
function isThrottlingEntity(key, entity) {
|
|
3971
|
+
let validateKey = false;
|
|
3972
|
+
if (key) {
|
|
3973
|
+
validateKey = key.indexOf(THROTTLING_PREFIX) === 0;
|
|
3974
|
+
}
|
|
3975
|
+
let validateEntity = true;
|
|
3976
|
+
if (entity) {
|
|
3977
|
+
validateEntity = entity.hasOwnProperty("throttleTime");
|
|
3978
|
+
}
|
|
3979
|
+
return validateKey && validateEntity;
|
|
3945
3980
|
}
|
|
3946
3981
|
/**
|
|
3947
|
-
*
|
|
3948
|
-
* @param seconds
|
|
3982
|
+
* Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
|
|
3949
3983
|
*/
|
|
3950
|
-
function
|
|
3951
|
-
|
|
3952
|
-
|
|
3984
|
+
function generateAppMetadataKey({ environment, clientId, }) {
|
|
3985
|
+
const appMetaDataKeyArray = [
|
|
3986
|
+
APP_METADATA,
|
|
3987
|
+
environment,
|
|
3988
|
+
clientId,
|
|
3989
|
+
];
|
|
3990
|
+
return appMetaDataKeyArray
|
|
3991
|
+
.join(CACHE_KEY_SEPARATOR$1)
|
|
3992
|
+
.toLowerCase();
|
|
3993
|
+
}
|
|
3994
|
+
/*
|
|
3995
|
+
* Validates an entity: checks for all expected params
|
|
3996
|
+
* @param entity
|
|
3997
|
+
*/
|
|
3998
|
+
function isAppMetadataEntity(key, entity) {
|
|
3999
|
+
if (!entity) {
|
|
4000
|
+
return false;
|
|
3953
4001
|
}
|
|
3954
|
-
return
|
|
4002
|
+
return (key.indexOf(APP_METADATA) === 0 &&
|
|
4003
|
+
entity.hasOwnProperty("clientId") &&
|
|
4004
|
+
entity.hasOwnProperty("environment"));
|
|
3955
4005
|
}
|
|
3956
4006
|
/**
|
|
3957
|
-
*
|
|
3958
|
-
* @param
|
|
4007
|
+
* Validates an entity: checks for all expected params
|
|
4008
|
+
* @param entity
|
|
3959
4009
|
*/
|
|
3960
|
-
function
|
|
3961
|
-
|
|
3962
|
-
|
|
3963
|
-
|
|
3964
|
-
|
|
3965
|
-
|
|
4010
|
+
function isAuthorityMetadataEntity(key, entity) {
|
|
4011
|
+
if (!entity) {
|
|
4012
|
+
return false;
|
|
4013
|
+
}
|
|
4014
|
+
return (key.indexOf(AUTHORITY_METADATA_CACHE_KEY) === 0 &&
|
|
4015
|
+
entity.hasOwnProperty("aliases") &&
|
|
4016
|
+
entity.hasOwnProperty("preferred_cache") &&
|
|
4017
|
+
entity.hasOwnProperty("preferred_network") &&
|
|
4018
|
+
entity.hasOwnProperty("canonical_authority") &&
|
|
4019
|
+
entity.hasOwnProperty("authorization_endpoint") &&
|
|
4020
|
+
entity.hasOwnProperty("token_endpoint") &&
|
|
4021
|
+
entity.hasOwnProperty("issuer") &&
|
|
4022
|
+
entity.hasOwnProperty("aliasesFromNetwork") &&
|
|
4023
|
+
entity.hasOwnProperty("endpointsFromNetwork") &&
|
|
4024
|
+
entity.hasOwnProperty("expiresAt") &&
|
|
4025
|
+
entity.hasOwnProperty("jwks_uri"));
|
|
3966
4026
|
}
|
|
3967
4027
|
/**
|
|
3968
|
-
*
|
|
3969
|
-
* @param lastUpdatedAt
|
|
3970
|
-
* @param cacheRetentionDays
|
|
3971
|
-
* @returns
|
|
4028
|
+
* Reset the exiresAt value
|
|
3972
4029
|
*/
|
|
3973
|
-
function
|
|
3974
|
-
|
|
3975
|
-
|
|
4030
|
+
function generateAuthorityMetadataExpiresAt() {
|
|
4031
|
+
return (nowSeconds() +
|
|
4032
|
+
AUTHORITY_METADATA_REFRESH_TIME_SECONDS);
|
|
4033
|
+
}
|
|
4034
|
+
function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
|
|
4035
|
+
authorityMetadata.authorization_endpoint =
|
|
4036
|
+
updatedValues.authorization_endpoint;
|
|
4037
|
+
authorityMetadata.token_endpoint = updatedValues.token_endpoint;
|
|
4038
|
+
authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
|
|
4039
|
+
authorityMetadata.issuer = updatedValues.issuer;
|
|
4040
|
+
authorityMetadata.endpointsFromNetwork = fromNetwork;
|
|
4041
|
+
authorityMetadata.jwks_uri = updatedValues.jwks_uri;
|
|
4042
|
+
}
|
|
4043
|
+
function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
|
|
4044
|
+
authorityMetadata.aliases = updatedValues.aliases;
|
|
4045
|
+
authorityMetadata.preferred_cache = updatedValues.preferred_cache;
|
|
4046
|
+
authorityMetadata.preferred_network = updatedValues.preferred_network;
|
|
4047
|
+
authorityMetadata.aliasesFromNetwork = fromNetwork;
|
|
3976
4048
|
}
|
|
3977
4049
|
/**
|
|
3978
|
-
*
|
|
3979
|
-
* i.e. The system clock was turned back after acquiring the cached token
|
|
3980
|
-
* @param cachedAt
|
|
3981
|
-
* @param offset
|
|
4050
|
+
* Returns whether or not the data needs to be refreshed
|
|
3982
4051
|
*/
|
|
3983
|
-
function
|
|
3984
|
-
|
|
3985
|
-
return cachedAtSec > nowSeconds();
|
|
4052
|
+
function isAuthorityMetadataExpired(metadata) {
|
|
4053
|
+
return metadata.expiresAt <= nowSeconds();
|
|
3986
4054
|
}
|
|
3987
4055
|
|
|
3988
|
-
/*! @azure/msal-common v16.4.
|
|
4056
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
3989
4057
|
/*
|
|
3990
4058
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3991
4059
|
* Licensed under the MIT License.
|
|
@@ -4056,7 +4124,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
|
|
|
4056
4124
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
4057
4125
|
const SetUserData = "setUserData";
|
|
4058
4126
|
|
|
4059
|
-
/*! @azure/msal-common v16.4.
|
|
4127
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4060
4128
|
/*
|
|
4061
4129
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4062
4130
|
* Licensed under the MIT License.
|
|
@@ -4149,7 +4217,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
|
|
|
4149
4217
|
};
|
|
4150
4218
|
};
|
|
4151
4219
|
|
|
4152
|
-
/*! @azure/msal-common v16.4.
|
|
4220
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4153
4221
|
|
|
4154
4222
|
/*
|
|
4155
4223
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4229,293 +4297,226 @@ class PopTokenGenerator {
|
|
|
4229
4297
|
}
|
|
4230
4298
|
}
|
|
4231
4299
|
|
|
4232
|
-
/*! @azure/msal-common v16.4.
|
|
4300
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4233
4301
|
/*
|
|
4234
4302
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4235
4303
|
* Licensed under the MIT License.
|
|
4236
4304
|
*/
|
|
4237
4305
|
/**
|
|
4238
|
-
*
|
|
4239
|
-
*
|
|
4240
|
-
*/ class TokenCacheContext {
|
|
4241
|
-
constructor(tokenCache, hasChanged) {
|
|
4242
|
-
this.cache = tokenCache;
|
|
4243
|
-
this.hasChanged = hasChanged;
|
|
4244
|
-
}
|
|
4245
|
-
/**
|
|
4246
|
-
* boolean which indicates the changes in cache
|
|
4247
|
-
*/
|
|
4248
|
-
get cacheHasChanged() {
|
|
4249
|
-
return this.hasChanged;
|
|
4250
|
-
}
|
|
4251
|
-
/**
|
|
4252
|
-
* function to retrieve the token cache
|
|
4253
|
-
*/
|
|
4254
|
-
get tokenCache() {
|
|
4255
|
-
return this.cache;
|
|
4256
|
-
}
|
|
4257
|
-
}
|
|
4258
|
-
|
|
4259
|
-
/*! @azure/msal-common v16.4.0 2026-03-19 */
|
|
4260
|
-
|
|
4261
|
-
/*
|
|
4262
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4263
|
-
* Licensed under the MIT License.
|
|
4306
|
+
* MSAL-defined interaction required error code indicating no tokens are found in cache.
|
|
4307
|
+
* @public
|
|
4264
4308
|
*/
|
|
4309
|
+
const noTokensFound = "no_tokens_found";
|
|
4265
4310
|
/**
|
|
4266
|
-
*
|
|
4267
|
-
* @
|
|
4268
|
-
* @param authenticationResult
|
|
4269
|
-
* @param clientId
|
|
4270
|
-
* @param authority
|
|
4311
|
+
* MSAL-defined error code indicating a native account is unavailable on the platform.
|
|
4312
|
+
* @public
|
|
4271
4313
|
*/
|
|
4272
|
-
|
|
4273
|
-
const idTokenEntity = {
|
|
4274
|
-
credentialType: CredentialType.ID_TOKEN,
|
|
4275
|
-
homeAccountId: homeAccountId,
|
|
4276
|
-
environment: environment,
|
|
4277
|
-
clientId: clientId,
|
|
4278
|
-
secret: idToken,
|
|
4279
|
-
realm: tenantId,
|
|
4280
|
-
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
4281
|
-
};
|
|
4282
|
-
return idTokenEntity;
|
|
4283
|
-
}
|
|
4314
|
+
const nativeAccountUnavailable = "native_account_unavailable";
|
|
4284
4315
|
/**
|
|
4285
|
-
*
|
|
4286
|
-
* @
|
|
4287
|
-
* @param environment
|
|
4288
|
-
* @param accessToken
|
|
4289
|
-
* @param clientId
|
|
4290
|
-
* @param tenantId
|
|
4291
|
-
* @param scopes
|
|
4292
|
-
* @param expiresOn
|
|
4293
|
-
* @param extExpiresOn
|
|
4316
|
+
* MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
|
|
4317
|
+
* @public
|
|
4294
4318
|
*/
|
|
4295
|
-
|
|
4296
|
-
const atEntity = {
|
|
4297
|
-
homeAccountId: homeAccountId,
|
|
4298
|
-
credentialType: CredentialType.ACCESS_TOKEN,
|
|
4299
|
-
secret: accessToken,
|
|
4300
|
-
cachedAt: nowSeconds().toString(),
|
|
4301
|
-
expiresOn: expiresOn.toString(),
|
|
4302
|
-
extendedExpiresOn: extExpiresOn.toString(),
|
|
4303
|
-
environment: environment,
|
|
4304
|
-
clientId: clientId,
|
|
4305
|
-
realm: tenantId,
|
|
4306
|
-
target: scopes,
|
|
4307
|
-
tokenType: tokenType || AuthenticationScheme$1.BEARER,
|
|
4308
|
-
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
4309
|
-
};
|
|
4310
|
-
if (userAssertionHash) {
|
|
4311
|
-
atEntity.userAssertionHash = userAssertionHash;
|
|
4312
|
-
}
|
|
4313
|
-
if (refreshOn) {
|
|
4314
|
-
atEntity.refreshOn = refreshOn.toString();
|
|
4315
|
-
}
|
|
4316
|
-
/*
|
|
4317
|
-
* Create Access Token With Auth Scheme instead of regular access token
|
|
4318
|
-
* Cast to lower to handle "bearer" from ADFS
|
|
4319
|
-
*/
|
|
4320
|
-
if (atEntity.tokenType?.toLowerCase() !==
|
|
4321
|
-
AuthenticationScheme$1.BEARER.toLowerCase()) {
|
|
4322
|
-
atEntity.credentialType =
|
|
4323
|
-
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
|
|
4324
|
-
switch (atEntity.tokenType) {
|
|
4325
|
-
case AuthenticationScheme$1.POP:
|
|
4326
|
-
// Make sure keyId is present and add it to credential
|
|
4327
|
-
const tokenClaims = extractTokenClaims(accessToken, base64Decode);
|
|
4328
|
-
if (!tokenClaims?.cnf?.kid) {
|
|
4329
|
-
throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
|
|
4330
|
-
}
|
|
4331
|
-
atEntity.keyId = tokenClaims.cnf.kid;
|
|
4332
|
-
break;
|
|
4333
|
-
case AuthenticationScheme$1.SSH:
|
|
4334
|
-
atEntity.keyId = keyId;
|
|
4335
|
-
}
|
|
4336
|
-
}
|
|
4337
|
-
return atEntity;
|
|
4338
|
-
}
|
|
4319
|
+
const refreshTokenExpired = "refresh_token_expired";
|
|
4339
4320
|
/**
|
|
4340
|
-
*
|
|
4341
|
-
* @
|
|
4342
|
-
* @param authenticationResult
|
|
4343
|
-
* @param clientId
|
|
4344
|
-
* @param authority
|
|
4321
|
+
* MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
|
|
4322
|
+
* @public
|
|
4345
4323
|
*/
|
|
4346
|
-
|
|
4347
|
-
const rtEntity = {
|
|
4348
|
-
credentialType: CredentialType.REFRESH_TOKEN,
|
|
4349
|
-
homeAccountId: homeAccountId,
|
|
4350
|
-
environment: environment,
|
|
4351
|
-
clientId: clientId,
|
|
4352
|
-
secret: refreshToken,
|
|
4353
|
-
lastUpdatedAt: Date.now().toString(),
|
|
4354
|
-
};
|
|
4355
|
-
if (userAssertionHash) {
|
|
4356
|
-
rtEntity.userAssertionHash = userAssertionHash;
|
|
4357
|
-
}
|
|
4358
|
-
if (familyId) {
|
|
4359
|
-
rtEntity.familyId = familyId;
|
|
4360
|
-
}
|
|
4361
|
-
if (expiresOn) {
|
|
4362
|
-
rtEntity.expiresOn = expiresOn.toString();
|
|
4363
|
-
}
|
|
4364
|
-
return rtEntity;
|
|
4365
|
-
}
|
|
4366
|
-
function isCredentialEntity(entity) {
|
|
4367
|
-
return (entity.hasOwnProperty("homeAccountId") &&
|
|
4368
|
-
entity.hasOwnProperty("environment") &&
|
|
4369
|
-
entity.hasOwnProperty("credentialType") &&
|
|
4370
|
-
entity.hasOwnProperty("clientId") &&
|
|
4371
|
-
entity.hasOwnProperty("secret"));
|
|
4372
|
-
}
|
|
4324
|
+
const uxNotAllowed = "ux_not_allowed";
|
|
4373
4325
|
/**
|
|
4374
|
-
*
|
|
4375
|
-
* @
|
|
4326
|
+
* Server-originated error code indicating interaction is required to complete the request.
|
|
4327
|
+
* @public
|
|
4376
4328
|
*/
|
|
4377
|
-
|
|
4378
|
-
if (!entity) {
|
|
4379
|
-
return false;
|
|
4380
|
-
}
|
|
4381
|
-
return (isCredentialEntity(entity) &&
|
|
4382
|
-
entity.hasOwnProperty("realm") &&
|
|
4383
|
-
entity.hasOwnProperty("target") &&
|
|
4384
|
-
(entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
|
|
4385
|
-
entity["credentialType"] ===
|
|
4386
|
-
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
|
|
4387
|
-
}
|
|
4329
|
+
const interactionRequired = "interaction_required";
|
|
4388
4330
|
/**
|
|
4389
|
-
*
|
|
4390
|
-
* @
|
|
4331
|
+
* Server-originated error code indicating user consent is required.
|
|
4332
|
+
* @public
|
|
4333
|
+
*/
|
|
4334
|
+
const consentRequired = "consent_required";
|
|
4335
|
+
/**
|
|
4336
|
+
* Server-originated error code indicating user login is required.
|
|
4337
|
+
* @public
|
|
4338
|
+
*/
|
|
4339
|
+
const loginRequired = "login_required";
|
|
4340
|
+
/**
|
|
4341
|
+
* Server-originated error code indicating the token is invalid or corrupted.
|
|
4342
|
+
* @public
|
|
4343
|
+
*/
|
|
4344
|
+
const badToken = "bad_token";
|
|
4345
|
+
/**
|
|
4346
|
+
* Server-originated error code indicating the user is in an interrupted state and interaction is required.
|
|
4347
|
+
* @public
|
|
4348
|
+
*/
|
|
4349
|
+
const interruptedUser = "interrupted_user";
|
|
4350
|
+
|
|
4351
|
+
var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
4352
|
+
__proto__: null,
|
|
4353
|
+
badToken: badToken,
|
|
4354
|
+
consentRequired: consentRequired,
|
|
4355
|
+
interactionRequired: interactionRequired,
|
|
4356
|
+
interruptedUser: interruptedUser,
|
|
4357
|
+
loginRequired: loginRequired,
|
|
4358
|
+
nativeAccountUnavailable: nativeAccountUnavailable,
|
|
4359
|
+
noTokensFound: noTokensFound,
|
|
4360
|
+
refreshTokenExpired: refreshTokenExpired,
|
|
4361
|
+
uxNotAllowed: uxNotAllowed
|
|
4362
|
+
});
|
|
4363
|
+
|
|
4364
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4365
|
+
|
|
4366
|
+
/*
|
|
4367
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4368
|
+
* Licensed under the MIT License.
|
|
4391
4369
|
*/
|
|
4392
|
-
function isIdTokenEntity(entity) {
|
|
4393
|
-
if (!entity) {
|
|
4394
|
-
return false;
|
|
4395
|
-
}
|
|
4396
|
-
return (isCredentialEntity(entity) &&
|
|
4397
|
-
entity.hasOwnProperty("realm") &&
|
|
4398
|
-
entity["credentialType"] === CredentialType.ID_TOKEN);
|
|
4399
|
-
}
|
|
4400
4370
|
/**
|
|
4401
|
-
*
|
|
4402
|
-
* @param entity
|
|
4371
|
+
* InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required
|
|
4403
4372
|
*/
|
|
4404
|
-
|
|
4405
|
-
|
|
4406
|
-
|
|
4407
|
-
|
|
4408
|
-
|
|
4409
|
-
|
|
4410
|
-
|
|
4373
|
+
const InteractionRequiredServerErrorMessage = [
|
|
4374
|
+
interactionRequired,
|
|
4375
|
+
consentRequired,
|
|
4376
|
+
loginRequired,
|
|
4377
|
+
badToken,
|
|
4378
|
+
uxNotAllowed,
|
|
4379
|
+
interruptedUser,
|
|
4380
|
+
];
|
|
4381
|
+
const InteractionRequiredAuthSubErrorMessage = [
|
|
4382
|
+
"message_only",
|
|
4383
|
+
"additional_action",
|
|
4384
|
+
"basic_action",
|
|
4385
|
+
"user_password_expired",
|
|
4386
|
+
"consent_required",
|
|
4387
|
+
"bad_token",
|
|
4388
|
+
"ux_not_allowed",
|
|
4389
|
+
"interrupted_user",
|
|
4390
|
+
];
|
|
4411
4391
|
/**
|
|
4412
|
-
*
|
|
4413
|
-
* @param key
|
|
4414
|
-
* @param entity
|
|
4392
|
+
* Error thrown when user interaction is required.
|
|
4415
4393
|
*/
|
|
4416
|
-
|
|
4417
|
-
|
|
4418
|
-
|
|
4419
|
-
|
|
4420
|
-
|
|
4421
|
-
|
|
4422
|
-
|
|
4423
|
-
|
|
4394
|
+
class InteractionRequiredAuthError extends AuthError {
|
|
4395
|
+
constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
|
|
4396
|
+
super(errorCode, errorMessage, subError);
|
|
4397
|
+
Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
|
|
4398
|
+
this.timestamp = timestamp || "";
|
|
4399
|
+
this.traceId = traceId || "";
|
|
4400
|
+
this.correlationId = correlationId || "";
|
|
4401
|
+
this.claims = claims || "";
|
|
4402
|
+
this.name = "InteractionRequiredAuthError";
|
|
4403
|
+
this.errorNo = errorNo;
|
|
4424
4404
|
}
|
|
4425
|
-
return validateKey && validateEntity;
|
|
4426
4405
|
}
|
|
4427
4406
|
/**
|
|
4428
|
-
*
|
|
4429
|
-
* @param
|
|
4430
|
-
* @param
|
|
4407
|
+
* Helper function used to determine if an error thrown by the server requires interaction to resolve
|
|
4408
|
+
* @param errorCode
|
|
4409
|
+
* @param errorString
|
|
4410
|
+
* @param subError
|
|
4431
4411
|
*/
|
|
4432
|
-
function
|
|
4433
|
-
|
|
4434
|
-
|
|
4435
|
-
|
|
4436
|
-
|
|
4437
|
-
|
|
4438
|
-
|
|
4439
|
-
|
|
4440
|
-
|
|
4441
|
-
return
|
|
4412
|
+
function isInteractionRequiredError(errorCode, errorString, subError) {
|
|
4413
|
+
const isInteractionRequiredErrorCode = !!errorCode &&
|
|
4414
|
+
InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;
|
|
4415
|
+
const isInteractionRequiredSubError = !!subError &&
|
|
4416
|
+
InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
|
|
4417
|
+
const isInteractionRequiredErrorDesc = !!errorString &&
|
|
4418
|
+
InteractionRequiredServerErrorMessage.some((irErrorCode) => {
|
|
4419
|
+
return errorString.indexOf(irErrorCode) > -1;
|
|
4420
|
+
});
|
|
4421
|
+
return (isInteractionRequiredErrorCode ||
|
|
4422
|
+
isInteractionRequiredErrorDesc ||
|
|
4423
|
+
isInteractionRequiredSubError);
|
|
4442
4424
|
}
|
|
4443
4425
|
/**
|
|
4444
|
-
*
|
|
4426
|
+
* Creates an InteractionRequiredAuthError
|
|
4445
4427
|
*/
|
|
4446
|
-
function
|
|
4447
|
-
|
|
4448
|
-
|
|
4449
|
-
|
|
4450
|
-
|
|
4451
|
-
|
|
4452
|
-
return appMetaDataKeyArray
|
|
4453
|
-
.join(CACHE_KEY_SEPARATOR$1)
|
|
4454
|
-
.toLowerCase();
|
|
4455
|
-
}
|
|
4428
|
+
function createInteractionRequiredAuthError(errorCode, errorMessage) {
|
|
4429
|
+
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4430
|
+
}
|
|
4431
|
+
|
|
4432
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4433
|
+
|
|
4456
4434
|
/*
|
|
4457
|
-
*
|
|
4458
|
-
*
|
|
4435
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4436
|
+
* Licensed under the MIT License.
|
|
4459
4437
|
*/
|
|
4460
|
-
function isAppMetadataEntity(key, entity) {
|
|
4461
|
-
if (!entity) {
|
|
4462
|
-
return false;
|
|
4463
|
-
}
|
|
4464
|
-
return (key.indexOf(APP_METADATA) === 0 &&
|
|
4465
|
-
entity.hasOwnProperty("clientId") &&
|
|
4466
|
-
entity.hasOwnProperty("environment"));
|
|
4467
|
-
}
|
|
4468
4438
|
/**
|
|
4469
|
-
*
|
|
4470
|
-
* @param entity
|
|
4439
|
+
* Error thrown when there is an error with the server code, for example, unavailability.
|
|
4471
4440
|
*/
|
|
4472
|
-
|
|
4473
|
-
|
|
4474
|
-
|
|
4441
|
+
class ServerError extends AuthError {
|
|
4442
|
+
constructor(errorCode, errorMessage, subError, errorNo, status) {
|
|
4443
|
+
super(errorCode, errorMessage, subError);
|
|
4444
|
+
this.name = "ServerError";
|
|
4445
|
+
this.errorNo = errorNo;
|
|
4446
|
+
this.status = status;
|
|
4447
|
+
Object.setPrototypeOf(this, ServerError.prototype);
|
|
4475
4448
|
}
|
|
4476
|
-
|
|
4477
|
-
|
|
4478
|
-
|
|
4479
|
-
|
|
4480
|
-
|
|
4481
|
-
|
|
4482
|
-
|
|
4483
|
-
|
|
4484
|
-
entity.hasOwnProperty("aliasesFromNetwork") &&
|
|
4485
|
-
entity.hasOwnProperty("endpointsFromNetwork") &&
|
|
4486
|
-
entity.hasOwnProperty("expiresAt") &&
|
|
4487
|
-
entity.hasOwnProperty("jwks_uri"));
|
|
4488
|
-
}
|
|
4449
|
+
}
|
|
4450
|
+
|
|
4451
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4452
|
+
|
|
4453
|
+
/*
|
|
4454
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4455
|
+
* Licensed under the MIT License.
|
|
4456
|
+
*/
|
|
4489
4457
|
/**
|
|
4490
|
-
*
|
|
4458
|
+
* Appends user state with random guid, or returns random guid.
|
|
4459
|
+
* @param cryptoObj
|
|
4460
|
+
* @param userState
|
|
4461
|
+
* @param meta
|
|
4491
4462
|
*/
|
|
4492
|
-
function
|
|
4493
|
-
|
|
4494
|
-
|
|
4495
|
-
}
|
|
4496
|
-
|
|
4497
|
-
authorityMetadata.authorization_endpoint =
|
|
4498
|
-
updatedValues.authorization_endpoint;
|
|
4499
|
-
authorityMetadata.token_endpoint = updatedValues.token_endpoint;
|
|
4500
|
-
authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
|
|
4501
|
-
authorityMetadata.issuer = updatedValues.issuer;
|
|
4502
|
-
authorityMetadata.endpointsFromNetwork = fromNetwork;
|
|
4503
|
-
authorityMetadata.jwks_uri = updatedValues.jwks_uri;
|
|
4463
|
+
function setRequestState(cryptoObj, userState, meta) {
|
|
4464
|
+
const libraryState = generateLibraryState(cryptoObj, meta);
|
|
4465
|
+
return userState
|
|
4466
|
+
? `${libraryState}${RESOURCE_DELIM}${userState}`
|
|
4467
|
+
: libraryState;
|
|
4504
4468
|
}
|
|
4505
|
-
|
|
4506
|
-
|
|
4507
|
-
|
|
4508
|
-
|
|
4509
|
-
|
|
4469
|
+
/**
|
|
4470
|
+
* Generates the state value used by the common library.
|
|
4471
|
+
* @param cryptoObj
|
|
4472
|
+
* @param meta
|
|
4473
|
+
*/
|
|
4474
|
+
function generateLibraryState(cryptoObj, meta) {
|
|
4475
|
+
if (!cryptoObj) {
|
|
4476
|
+
throw createClientAuthError(noCryptoObject);
|
|
4477
|
+
}
|
|
4478
|
+
// Create a state object containing a unique id and the timestamp of the request creation
|
|
4479
|
+
const stateObj = {
|
|
4480
|
+
id: cryptoObj.createNewGuid(),
|
|
4481
|
+
};
|
|
4482
|
+
if (meta) {
|
|
4483
|
+
stateObj.meta = meta;
|
|
4484
|
+
}
|
|
4485
|
+
const stateString = JSON.stringify(stateObj);
|
|
4486
|
+
return cryptoObj.base64Encode(stateString);
|
|
4510
4487
|
}
|
|
4511
4488
|
/**
|
|
4512
|
-
*
|
|
4489
|
+
* Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.
|
|
4490
|
+
* @param base64Decode
|
|
4491
|
+
* @param state
|
|
4513
4492
|
*/
|
|
4514
|
-
function
|
|
4515
|
-
|
|
4493
|
+
function parseRequestState(base64Decode, state) {
|
|
4494
|
+
if (!base64Decode) {
|
|
4495
|
+
throw createClientAuthError(noCryptoObject);
|
|
4496
|
+
}
|
|
4497
|
+
if (!state) {
|
|
4498
|
+
throw createClientAuthError(invalidState);
|
|
4499
|
+
}
|
|
4500
|
+
try {
|
|
4501
|
+
// Split the state between library state and user passed state and decode them separately
|
|
4502
|
+
const splitState = state.split(RESOURCE_DELIM);
|
|
4503
|
+
const libraryState = splitState[0];
|
|
4504
|
+
const userState = splitState.length > 1
|
|
4505
|
+
? splitState.slice(1).join(RESOURCE_DELIM)
|
|
4506
|
+
: "";
|
|
4507
|
+
const libraryStateString = base64Decode(libraryState);
|
|
4508
|
+
const libraryStateObj = JSON.parse(libraryStateString);
|
|
4509
|
+
return {
|
|
4510
|
+
userRequestState: userState || "",
|
|
4511
|
+
libraryState: libraryStateObj,
|
|
4512
|
+
};
|
|
4513
|
+
}
|
|
4514
|
+
catch (e) {
|
|
4515
|
+
throw createClientAuthError(invalidState);
|
|
4516
|
+
}
|
|
4516
4517
|
}
|
|
4517
4518
|
|
|
4518
|
-
/*! @azure/msal-common v16.4.
|
|
4519
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4519
4520
|
|
|
4520
4521
|
/*
|
|
4521
4522
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4671,7 +4672,7 @@ class ResponseHandler {
|
|
|
4671
4672
|
if (serverTokenResponse.id_token && !!idTokenClaims) {
|
|
4672
4673
|
cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || "");
|
|
4673
4674
|
cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, request.correlationId, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
|
|
4674
|
-
this.logger);
|
|
4675
|
+
this.logger, this.performanceClient);
|
|
4675
4676
|
}
|
|
4676
4677
|
// AccessToken
|
|
4677
4678
|
let cachedAccessToken = null;
|
|
@@ -4822,17 +4823,24 @@ class ResponseHandler {
|
|
|
4822
4823
|
};
|
|
4823
4824
|
}
|
|
4824
4825
|
}
|
|
4825
|
-
function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
|
|
4826
|
+
function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger, performanceClient) {
|
|
4826
4827
|
logger?.verbose("09jz0t", correlationId);
|
|
4827
|
-
|
|
4828
|
-
|
|
4829
|
-
|
|
4830
|
-
|
|
4831
|
-
|
|
4832
|
-
|
|
4833
|
-
|
|
4834
|
-
|
|
4828
|
+
/*
|
|
4829
|
+
* Check if base account is already cached. Filter by homeAccountId (identifies
|
|
4830
|
+
* the user's home identity) and environment (identifies the cloud) — the two
|
|
4831
|
+
* tenant-agnostic properties that uniquely locate a base AccountEntity.
|
|
4832
|
+
*/
|
|
4833
|
+
const accountEnvironment = environment || authority.getPreferredCache();
|
|
4834
|
+
const matchedAccounts = cacheStorage.getAccountsFilteredBy({ homeAccountId, environment: accountEnvironment }, correlationId);
|
|
4835
|
+
performanceClient?.addFields({ cacheMatchedAccounts: matchedAccounts.length }, correlationId);
|
|
4836
|
+
if (matchedAccounts.length > 1) {
|
|
4837
|
+
/*
|
|
4838
|
+
* Base accounts are expected to be unique for a given homeAccountId in normal cache usage.
|
|
4839
|
+
* If multiple matches exist, ignore the cache hit rather than arbitrarily choosing one.
|
|
4840
|
+
*/
|
|
4841
|
+
logger?.warning("0x7ad1", correlationId);
|
|
4835
4842
|
}
|
|
4843
|
+
const cachedAccount = matchedAccounts.length === 1 ? matchedAccounts[0] : null;
|
|
4836
4844
|
const baseAccount = cachedAccount ||
|
|
4837
4845
|
createAccountEntity({
|
|
4838
4846
|
homeAccountId,
|
|
@@ -4856,7 +4864,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
|
|
|
4856
4864
|
return baseAccount;
|
|
4857
4865
|
}
|
|
4858
4866
|
|
|
4859
|
-
/*! @azure/msal-common v16.4.
|
|
4867
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4860
4868
|
/*
|
|
4861
4869
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4862
4870
|
* Licensed under the MIT License.
|
|
@@ -4866,7 +4874,7 @@ const CcsCredentialType = {
|
|
|
4866
4874
|
UPN: "UPN",
|
|
4867
4875
|
};
|
|
4868
4876
|
|
|
4869
|
-
/*! @azure/msal-common v16.4.
|
|
4877
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4870
4878
|
/*
|
|
4871
4879
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4872
4880
|
* Licensed under the MIT License.
|
|
@@ -4884,7 +4892,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
|
|
|
4884
4892
|
}
|
|
4885
4893
|
}
|
|
4886
4894
|
|
|
4887
|
-
/*! @azure/msal-common v16.4.
|
|
4895
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4888
4896
|
/*
|
|
4889
4897
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4890
4898
|
* Licensed under the MIT License.
|
|
@@ -4905,7 +4913,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
|
|
|
4905
4913
|
};
|
|
4906
4914
|
}
|
|
4907
4915
|
|
|
4908
|
-
/*! @azure/msal-common v16.4.
|
|
4916
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4909
4917
|
|
|
4910
4918
|
/*
|
|
4911
4919
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4991,7 +4999,7 @@ class ThrottlingUtils {
|
|
|
4991
4999
|
}
|
|
4992
5000
|
}
|
|
4993
5001
|
|
|
4994
|
-
/*! @azure/msal-common v16.4.
|
|
5002
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
4995
5003
|
|
|
4996
5004
|
/*
|
|
4997
5005
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5022,7 +5030,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
|
|
|
5022
5030
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
5023
5031
|
}
|
|
5024
5032
|
|
|
5025
|
-
/*! @azure/msal-common v16.4.
|
|
5033
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
5026
5034
|
|
|
5027
5035
|
/*
|
|
5028
5036
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5136,7 +5144,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
|
|
|
5136
5144
|
return response;
|
|
5137
5145
|
}
|
|
5138
5146
|
|
|
5139
|
-
/*! @azure/msal-common v16.4.
|
|
5147
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
5140
5148
|
/*
|
|
5141
5149
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5142
5150
|
* Licensed under the MIT License.
|
|
@@ -5148,7 +5156,7 @@ function isOpenIdConfigResponse(response) {
|
|
|
5148
5156
|
response.hasOwnProperty("jwks_uri"));
|
|
5149
5157
|
}
|
|
5150
5158
|
|
|
5151
|
-
/*! @azure/msal-common v16.4.
|
|
5159
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
5152
5160
|
/*
|
|
5153
5161
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5154
5162
|
* Licensed under the MIT License.
|
|
@@ -5158,7 +5166,7 @@ function isCloudInstanceDiscoveryResponse(response) {
|
|
|
5158
5166
|
response.hasOwnProperty("metadata"));
|
|
5159
5167
|
}
|
|
5160
5168
|
|
|
5161
|
-
/*! @azure/msal-common v16.4.
|
|
5169
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
5162
5170
|
/*
|
|
5163
5171
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5164
5172
|
* Licensed under the MIT License.
|
|
@@ -5168,7 +5176,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
|
|
|
5168
5176
|
response.hasOwnProperty("error_description"));
|
|
5169
5177
|
}
|
|
5170
5178
|
|
|
5171
|
-
/*! @azure/msal-common v16.4.
|
|
5179
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
5172
5180
|
|
|
5173
5181
|
/*
|
|
5174
5182
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5273,7 +5281,7 @@ RegionDiscovery.IMDS_OPTIONS = {
|
|
|
5273
5281
|
},
|
|
5274
5282
|
};
|
|
5275
5283
|
|
|
5276
|
-
/*! @azure/msal-common v16.4.
|
|
5284
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
5277
5285
|
|
|
5278
5286
|
/*
|
|
5279
5287
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6093,7 +6101,7 @@ function buildStaticAuthorityOptions(authOptions) {
|
|
|
6093
6101
|
};
|
|
6094
6102
|
}
|
|
6095
6103
|
|
|
6096
|
-
/*! @azure/msal-common v16.4.
|
|
6104
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
6097
6105
|
|
|
6098
6106
|
/*
|
|
6099
6107
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6127,7 +6135,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
|
|
|
6127
6135
|
}
|
|
6128
6136
|
}
|
|
6129
6137
|
|
|
6130
|
-
/*! @azure/msal-common v16.4.
|
|
6138
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
6131
6139
|
|
|
6132
6140
|
/*
|
|
6133
6141
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6388,7 +6396,7 @@ class AuthorizationCodeClient {
|
|
|
6388
6396
|
}
|
|
6389
6397
|
}
|
|
6390
6398
|
|
|
6391
|
-
/*! @azure/msal-common v16.4.
|
|
6399
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
6392
6400
|
|
|
6393
6401
|
/*
|
|
6394
6402
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6613,7 +6621,7 @@ class RefreshTokenClient {
|
|
|
6613
6621
|
}
|
|
6614
6622
|
}
|
|
6615
6623
|
|
|
6616
|
-
/*! @azure/msal-common v16.4.
|
|
6624
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
6617
6625
|
|
|
6618
6626
|
/*
|
|
6619
6627
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6729,7 +6737,7 @@ class SilentFlowClient {
|
|
|
6729
6737
|
}
|
|
6730
6738
|
}
|
|
6731
6739
|
|
|
6732
|
-
/*! @azure/msal-common v16.4.
|
|
6740
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
6733
6741
|
|
|
6734
6742
|
/*
|
|
6735
6743
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6744,7 +6752,7 @@ const StubbedNetworkModule = {
|
|
|
6744
6752
|
},
|
|
6745
6753
|
};
|
|
6746
6754
|
|
|
6747
|
-
/*! @azure/msal-common v16.4.
|
|
6755
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
6748
6756
|
|
|
6749
6757
|
/*
|
|
6750
6758
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6971,7 +6979,7 @@ function extractLoginHint(account) {
|
|
|
6971
6979
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
6972
6980
|
}
|
|
6973
6981
|
|
|
6974
|
-
/*! @azure/msal-common v16.4.
|
|
6982
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
6975
6983
|
|
|
6976
6984
|
/*
|
|
6977
6985
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7004,7 +7012,7 @@ function containsResourceParam(params) {
|
|
|
7004
7012
|
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
7005
7013
|
}
|
|
7006
7014
|
|
|
7007
|
-
/*! @azure/msal-common v16.4.
|
|
7015
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
7008
7016
|
|
|
7009
7017
|
/*
|
|
7010
7018
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7062,7 +7070,7 @@ class AuthenticationHeaderParser {
|
|
|
7062
7070
|
}
|
|
7063
7071
|
}
|
|
7064
7072
|
|
|
7065
|
-
/*! @azure/msal-common v16.4.
|
|
7073
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
7066
7074
|
/*
|
|
7067
7075
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7068
7076
|
* Licensed under the MIT License.
|
|
@@ -7079,7 +7087,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
7079
7087
|
unexpectedError: unexpectedError
|
|
7080
7088
|
});
|
|
7081
7089
|
|
|
7082
|
-
/*! @azure/msal-common v16.4.
|
|
7090
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
7083
7091
|
|
|
7084
7092
|
/*
|
|
7085
7093
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7340,7 +7348,7 @@ class ServerTelemetryManager {
|
|
|
7340
7348
|
}
|
|
7341
7349
|
}
|
|
7342
7350
|
|
|
7343
|
-
/*! @azure/msal-common v16.4.
|
|
7351
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
7344
7352
|
|
|
7345
7353
|
/*
|
|
7346
7354
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7361,7 +7369,7 @@ function createJoseHeaderError(code) {
|
|
|
7361
7369
|
return new JoseHeaderError(code);
|
|
7362
7370
|
}
|
|
7363
7371
|
|
|
7364
|
-
/*! @azure/msal-common v16.4.
|
|
7372
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
7365
7373
|
/*
|
|
7366
7374
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7367
7375
|
* Licensed under the MIT License.
|
|
@@ -7369,7 +7377,7 @@ function createJoseHeaderError(code) {
|
|
|
7369
7377
|
const missingKidError = "missing_kid_error";
|
|
7370
7378
|
const missingAlgError = "missing_alg_error";
|
|
7371
7379
|
|
|
7372
|
-
/*! @azure/msal-common v16.4.
|
|
7380
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
7373
7381
|
|
|
7374
7382
|
/*
|
|
7375
7383
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7409,7 +7417,7 @@ class JoseHeader {
|
|
|
7409
7417
|
}
|
|
7410
7418
|
}
|
|
7411
7419
|
|
|
7412
|
-
/*! @azure/msal-common v16.4.
|
|
7420
|
+
/*! @azure/msal-common v16.4.1 2026-04-01 */
|
|
7413
7421
|
|
|
7414
7422
|
/*
|
|
7415
7423
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7939,6 +7947,136 @@ class PerformanceClient {
|
|
|
7939
7947
|
}
|
|
7940
7948
|
}
|
|
7941
7949
|
|
|
7950
|
+
/*
|
|
7951
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7952
|
+
* Licensed under the MIT License.
|
|
7953
|
+
*/
|
|
7954
|
+
/**
|
|
7955
|
+
* acquireTokenFromCache (msal-browser).
|
|
7956
|
+
* Internal API for acquiring token from cache
|
|
7957
|
+
*/
|
|
7958
|
+
const AcquireTokenFromCache = "acquireTokenFromCache";
|
|
7959
|
+
/**
|
|
7960
|
+
* acquireTokenByRefreshToken API (msal-browser and msal-node).
|
|
7961
|
+
* Used to renew an access token using a refresh token against the token endpoint.
|
|
7962
|
+
*/
|
|
7963
|
+
const AcquireTokenByRefreshToken = "acquireTokenByRefreshToken";
|
|
7964
|
+
/**
|
|
7965
|
+
* acquireTokenSilentAsync (msal-browser).
|
|
7966
|
+
* Internal API for acquireTokenSilent.
|
|
7967
|
+
*/
|
|
7968
|
+
const AcquireTokenSilentAsync = "acquireTokenSilentAsync";
|
|
7969
|
+
/**
|
|
7970
|
+
* getPublicKeyThumbprint API in CryptoOpts class (msal-browser).
|
|
7971
|
+
* Used to generate a public/private keypair and generate a public key thumbprint for pop requests.
|
|
7972
|
+
*/
|
|
7973
|
+
const CryptoOptsGetPublicKeyThumbprint = "cryptoOptsGetPublicKeyThumbprint";
|
|
7974
|
+
/**
|
|
7975
|
+
* signJwt API in CryptoOpts class (msal-browser).
|
|
7976
|
+
* Used to signed a pop token.
|
|
7977
|
+
*/
|
|
7978
|
+
const CryptoOptsSignJwt = "cryptoOptsSignJwt";
|
|
7979
|
+
/**
|
|
7980
|
+
* acquireToken API in the SilentCacheClient class (msal-browser).
|
|
7981
|
+
* Used to read access tokens from the cache.
|
|
7982
|
+
*/
|
|
7983
|
+
const SilentCacheClientAcquireToken = "silentCacheClientAcquireToken";
|
|
7984
|
+
/**
|
|
7985
|
+
* acquireToken API in the SilentIframeClient class (msal-browser).
|
|
7986
|
+
* Used to acquire a new set of tokens from the authorize endpoint in a hidden iframe.
|
|
7987
|
+
*/
|
|
7988
|
+
const SilentIframeClientAcquireToken = "silentIframeClientAcquireToken";
|
|
7989
|
+
const AwaitConcurrentIframe = "awaitConcurrentIframe"; // Time spent waiting for a concurrent iframe to complete
|
|
7990
|
+
/**
|
|
7991
|
+
* acquireToken API in SilentRereshClient (msal-browser).
|
|
7992
|
+
* Used to acquire a new set of tokens from the token endpoint using a refresh token.
|
|
7993
|
+
*/
|
|
7994
|
+
const SilentRefreshClientAcquireToken = "silentRefreshClientAcquireToken";
|
|
7995
|
+
/**
|
|
7996
|
+
* getDiscoveredAuthority API in StandardInteractionClient class (msal-browser).
|
|
7997
|
+
* Used to load authority metadata for a request.
|
|
7998
|
+
*/
|
|
7999
|
+
const StandardInteractionClientGetDiscoveredAuthority = "standardInteractionClientGetDiscoveredAuthority";
|
|
8000
|
+
/**
|
|
8001
|
+
* acquireToken API in NativeInteractionClient class (msal-browser).
|
|
8002
|
+
* Used to acquire a token from Native component when native brokering is enabled.
|
|
8003
|
+
*/
|
|
8004
|
+
const NativeInteractionClientAcquireToken = "nativeInteractionClientAcquireToken";
|
|
8005
|
+
/**
|
|
8006
|
+
* acquireTokenByRefreshToken API in RefreshTokenClient (msal-common).
|
|
8007
|
+
*/
|
|
8008
|
+
const RefreshTokenClientAcquireTokenByRefreshToken = "refreshTokenClientAcquireTokenByRefreshToken";
|
|
8009
|
+
/**
|
|
8010
|
+
* acquireTokenBySilentIframe (msal-browser).
|
|
8011
|
+
* Internal API for acquiring token by silent Iframe
|
|
8012
|
+
*/
|
|
8013
|
+
const AcquireTokenBySilentIframe = "acquireTokenBySilentIframe";
|
|
8014
|
+
/**
|
|
8015
|
+
* Internal API for initializing base request in BaseInteractionClient (msal-browser)
|
|
8016
|
+
*/
|
|
8017
|
+
const InitializeBaseRequest = "initializeBaseRequest";
|
|
8018
|
+
/**
|
|
8019
|
+
* Internal API for initializing silent request in SilentCacheClient (msal-browser)
|
|
8020
|
+
*/
|
|
8021
|
+
const InitializeSilentRequest = "initializeSilentRequest";
|
|
8022
|
+
const InitializeCache = "initializeCache";
|
|
8023
|
+
/**
|
|
8024
|
+
* Helper function in SilentIframeClient class (msal-browser).
|
|
8025
|
+
*/
|
|
8026
|
+
const SilentIframeClientTokenHelper = "silentIframeClientTokenHelper";
|
|
8027
|
+
/**
|
|
8028
|
+
* SilentHandler
|
|
8029
|
+
*/
|
|
8030
|
+
const SilentHandlerInitiateAuthRequest = "silentHandlerInitiateAuthRequest";
|
|
8031
|
+
const SilentHandlerMonitorIframeForHash = "silentHandlerMonitorIframeForHash";
|
|
8032
|
+
const SilentHandlerLoadFrameSync = "silentHandlerLoadFrameSync";
|
|
8033
|
+
/**
|
|
8034
|
+
* Helper functions in StandardInteractionClient class (msal-browser)
|
|
8035
|
+
*/
|
|
8036
|
+
const StandardInteractionClientCreateAuthCodeClient = "standardInteractionClientCreateAuthCodeClient";
|
|
8037
|
+
const StandardInteractionClientGetClientConfiguration = "standardInteractionClientGetClientConfiguration";
|
|
8038
|
+
const StandardInteractionClientInitializeAuthorizationRequest = "standardInteractionClientInitializeAuthorizationRequest";
|
|
8039
|
+
const SilentFlowClientAcquireCachedToken = "silentFlowClientAcquireCachedToken";
|
|
8040
|
+
const GetStandardParams = "getStandardParams";
|
|
8041
|
+
const HandleCodeResponse = "handleCodeResponse";
|
|
8042
|
+
const HandleResponseEar = "handleResponseEar";
|
|
8043
|
+
const HandleResponsePlatformBroker = "handleResponsePlatformBroker";
|
|
8044
|
+
const HandleResponseCode = "handleResponseCode";
|
|
8045
|
+
const AuthClientAcquireToken = "authClientAcquireToken";
|
|
8046
|
+
const DeserializeResponse = "deserializeResponse";
|
|
8047
|
+
const AuthorityFactoryCreateDiscoveredInstance = "authorityFactoryCreateDiscoveredInstance";
|
|
8048
|
+
const AcquireTokenByCodeAsync = "acquireTokenByCodeAsync";
|
|
8049
|
+
const HandleRedirectPromiseMeasurement = "handleRedirectPromise";
|
|
8050
|
+
const HandleNativeRedirectPromiseMeasurement = "handleNativeRedirectPromise";
|
|
8051
|
+
const NativeMessageHandlerHandshake = "nativeMessageHandlerHandshake";
|
|
8052
|
+
const RemoveHiddenIframe = "removeHiddenIframe";
|
|
8053
|
+
const ImportExistingCache = "importExistingCache";
|
|
8054
|
+
/**
|
|
8055
|
+
* Crypto Operations
|
|
8056
|
+
*/
|
|
8057
|
+
const GeneratePkceCodes = "generatePkceCodes";
|
|
8058
|
+
const GenerateCodeVerifier = "generateCodeVerifier";
|
|
8059
|
+
const GenerateCodeChallengeFromVerifier = "generateCodeChallengeFromVerifier";
|
|
8060
|
+
const Sha256Digest = "sha256Digest";
|
|
8061
|
+
const GetRandomValues = "getRandomValues";
|
|
8062
|
+
const GenerateHKDF = "generateHKDF";
|
|
8063
|
+
const GenerateBaseKey = "generateBaseKey";
|
|
8064
|
+
const Base64Decode = "base64Decode";
|
|
8065
|
+
const UrlEncodeArr = "urlEncodeArr";
|
|
8066
|
+
const Encrypt = "encrypt";
|
|
8067
|
+
const Decrypt = "decrypt";
|
|
8068
|
+
const GenerateEarKey = "generateEarKey";
|
|
8069
|
+
const DecryptEarResponse = "decryptEarResponse";
|
|
8070
|
+
const LoadAccount = "loadAccount";
|
|
8071
|
+
const LoadIdToken = "loadIdToken";
|
|
8072
|
+
const LoadAccessToken = "loadAccessToken";
|
|
8073
|
+
const LoadRefreshToken = "loadRefreshToken";
|
|
8074
|
+
/**
|
|
8075
|
+
* Background telemetry measurement that tracks whether a late bridge response
|
|
8076
|
+
* arrives after the iframe timeout has already fired.
|
|
8077
|
+
*/
|
|
8078
|
+
const WaitForBridgeLateResponse = "waitForBridgeLateResponse";
|
|
8079
|
+
|
|
7942
8080
|
/*
|
|
7943
8081
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7944
8082
|
* Licensed under the MIT License.
|
|
@@ -8845,20 +8983,35 @@ function cancelPendingBridgeResponse(logger, correlationId) {
|
|
|
8845
8983
|
activeBridgeMonitor = null;
|
|
8846
8984
|
}
|
|
8847
8985
|
}
|
|
8848
|
-
async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient) {
|
|
8986
|
+
async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient, experimentalConfig) {
|
|
8849
8987
|
return new Promise((resolve, reject) => {
|
|
8850
8988
|
logger.verbose("1rf6em", request.correlationId);
|
|
8851
8989
|
const correlationId = request.correlationId;
|
|
8852
8990
|
performanceClient.addFields({
|
|
8853
8991
|
redirectBridgeTimeoutMs: timeoutMs,
|
|
8992
|
+
lateResponseExperimentEnabled: experimentalConfig?.iframeTimeoutTelemetry || false,
|
|
8854
8993
|
}, correlationId);
|
|
8855
8994
|
const { libraryState } = parseRequestState(browserCrypto.base64Decode, request.state || "");
|
|
8856
8995
|
const channel = new BroadcastChannel(libraryState.id);
|
|
8857
8996
|
let responseString = undefined;
|
|
8997
|
+
let timedOut$1 = false;
|
|
8998
|
+
let lateTimeoutId;
|
|
8999
|
+
let lateMeasurement;
|
|
8858
9000
|
const timeoutId = window.setTimeout(() => {
|
|
8859
9001
|
// Clear the active monitor
|
|
8860
9002
|
activeBridgeMonitor = null;
|
|
8861
|
-
|
|
9003
|
+
if (experimentalConfig?.iframeTimeoutTelemetry) {
|
|
9004
|
+
lateMeasurement = performanceClient.startMeasurement(WaitForBridgeLateResponse, correlationId);
|
|
9005
|
+
timedOut$1 = true;
|
|
9006
|
+
lateTimeoutId = window.setTimeout(() => {
|
|
9007
|
+
lateMeasurement?.end({ success: false });
|
|
9008
|
+
clearTimeout(lateTimeoutId);
|
|
9009
|
+
channel.close();
|
|
9010
|
+
}, 60000); // 60s late response timeout to allow for telemetry of late responses
|
|
9011
|
+
}
|
|
9012
|
+
else {
|
|
9013
|
+
channel.close();
|
|
9014
|
+
}
|
|
8862
9015
|
reject(createBrowserAuthError(timedOut, "redirect_bridge_timeout"));
|
|
8863
9016
|
}, timeoutMs);
|
|
8864
9017
|
// Track this monitor so it can be cancelled if needed
|
|
@@ -8872,6 +9025,14 @@ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request,
|
|
|
8872
9025
|
const messageVersion = event?.data && typeof event.data.v === "number"
|
|
8873
9026
|
? event.data.v
|
|
8874
9027
|
: undefined;
|
|
9028
|
+
if (timedOut$1) {
|
|
9029
|
+
lateMeasurement?.end({
|
|
9030
|
+
success: responseString ? true : false,
|
|
9031
|
+
});
|
|
9032
|
+
clearTimeout(lateTimeoutId);
|
|
9033
|
+
channel.close();
|
|
9034
|
+
return;
|
|
9035
|
+
}
|
|
8875
9036
|
performanceClient.addFields({
|
|
8876
9037
|
redirectBridgeMessageVersion: messageVersion,
|
|
8877
9038
|
}, correlationId);
|
|
@@ -9034,130 +9195,6 @@ var BrowserUtils = /*#__PURE__*/Object.freeze({
|
|
|
9034
9195
|
waitForBridgeResponse: waitForBridgeResponse
|
|
9035
9196
|
});
|
|
9036
9197
|
|
|
9037
|
-
/*
|
|
9038
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
9039
|
-
* Licensed under the MIT License.
|
|
9040
|
-
*/
|
|
9041
|
-
/**
|
|
9042
|
-
* acquireTokenFromCache (msal-browser).
|
|
9043
|
-
* Internal API for acquiring token from cache
|
|
9044
|
-
*/
|
|
9045
|
-
const AcquireTokenFromCache = "acquireTokenFromCache";
|
|
9046
|
-
/**
|
|
9047
|
-
* acquireTokenByRefreshToken API (msal-browser and msal-node).
|
|
9048
|
-
* Used to renew an access token using a refresh token against the token endpoint.
|
|
9049
|
-
*/
|
|
9050
|
-
const AcquireTokenByRefreshToken = "acquireTokenByRefreshToken";
|
|
9051
|
-
/**
|
|
9052
|
-
* acquireTokenSilentAsync (msal-browser).
|
|
9053
|
-
* Internal API for acquireTokenSilent.
|
|
9054
|
-
*/
|
|
9055
|
-
const AcquireTokenSilentAsync = "acquireTokenSilentAsync";
|
|
9056
|
-
/**
|
|
9057
|
-
* getPublicKeyThumbprint API in CryptoOpts class (msal-browser).
|
|
9058
|
-
* Used to generate a public/private keypair and generate a public key thumbprint for pop requests.
|
|
9059
|
-
*/
|
|
9060
|
-
const CryptoOptsGetPublicKeyThumbprint = "cryptoOptsGetPublicKeyThumbprint";
|
|
9061
|
-
/**
|
|
9062
|
-
* signJwt API in CryptoOpts class (msal-browser).
|
|
9063
|
-
* Used to signed a pop token.
|
|
9064
|
-
*/
|
|
9065
|
-
const CryptoOptsSignJwt = "cryptoOptsSignJwt";
|
|
9066
|
-
/**
|
|
9067
|
-
* acquireToken API in the SilentCacheClient class (msal-browser).
|
|
9068
|
-
* Used to read access tokens from the cache.
|
|
9069
|
-
*/
|
|
9070
|
-
const SilentCacheClientAcquireToken = "silentCacheClientAcquireToken";
|
|
9071
|
-
/**
|
|
9072
|
-
* acquireToken API in the SilentIframeClient class (msal-browser).
|
|
9073
|
-
* Used to acquire a new set of tokens from the authorize endpoint in a hidden iframe.
|
|
9074
|
-
*/
|
|
9075
|
-
const SilentIframeClientAcquireToken = "silentIframeClientAcquireToken";
|
|
9076
|
-
const AwaitConcurrentIframe = "awaitConcurrentIframe"; // Time spent waiting for a concurrent iframe to complete
|
|
9077
|
-
/**
|
|
9078
|
-
* acquireToken API in SilentRereshClient (msal-browser).
|
|
9079
|
-
* Used to acquire a new set of tokens from the token endpoint using a refresh token.
|
|
9080
|
-
*/
|
|
9081
|
-
const SilentRefreshClientAcquireToken = "silentRefreshClientAcquireToken";
|
|
9082
|
-
/**
|
|
9083
|
-
* getDiscoveredAuthority API in StandardInteractionClient class (msal-browser).
|
|
9084
|
-
* Used to load authority metadata for a request.
|
|
9085
|
-
*/
|
|
9086
|
-
const StandardInteractionClientGetDiscoveredAuthority = "standardInteractionClientGetDiscoveredAuthority";
|
|
9087
|
-
/**
|
|
9088
|
-
* acquireToken API in NativeInteractionClient class (msal-browser).
|
|
9089
|
-
* Used to acquire a token from Native component when native brokering is enabled.
|
|
9090
|
-
*/
|
|
9091
|
-
const NativeInteractionClientAcquireToken = "nativeInteractionClientAcquireToken";
|
|
9092
|
-
/**
|
|
9093
|
-
* acquireTokenByRefreshToken API in RefreshTokenClient (msal-common).
|
|
9094
|
-
*/
|
|
9095
|
-
const RefreshTokenClientAcquireTokenByRefreshToken = "refreshTokenClientAcquireTokenByRefreshToken";
|
|
9096
|
-
/**
|
|
9097
|
-
* acquireTokenBySilentIframe (msal-browser).
|
|
9098
|
-
* Internal API for acquiring token by silent Iframe
|
|
9099
|
-
*/
|
|
9100
|
-
const AcquireTokenBySilentIframe = "acquireTokenBySilentIframe";
|
|
9101
|
-
/**
|
|
9102
|
-
* Internal API for initializing base request in BaseInteractionClient (msal-browser)
|
|
9103
|
-
*/
|
|
9104
|
-
const InitializeBaseRequest = "initializeBaseRequest";
|
|
9105
|
-
/**
|
|
9106
|
-
* Internal API for initializing silent request in SilentCacheClient (msal-browser)
|
|
9107
|
-
*/
|
|
9108
|
-
const InitializeSilentRequest = "initializeSilentRequest";
|
|
9109
|
-
const InitializeCache = "initializeCache";
|
|
9110
|
-
/**
|
|
9111
|
-
* Helper function in SilentIframeClient class (msal-browser).
|
|
9112
|
-
*/
|
|
9113
|
-
const SilentIframeClientTokenHelper = "silentIframeClientTokenHelper";
|
|
9114
|
-
/**
|
|
9115
|
-
* SilentHandler
|
|
9116
|
-
*/
|
|
9117
|
-
const SilentHandlerInitiateAuthRequest = "silentHandlerInitiateAuthRequest";
|
|
9118
|
-
const SilentHandlerMonitorIframeForHash = "silentHandlerMonitorIframeForHash";
|
|
9119
|
-
const SilentHandlerLoadFrameSync = "silentHandlerLoadFrameSync";
|
|
9120
|
-
/**
|
|
9121
|
-
* Helper functions in StandardInteractionClient class (msal-browser)
|
|
9122
|
-
*/
|
|
9123
|
-
const StandardInteractionClientCreateAuthCodeClient = "standardInteractionClientCreateAuthCodeClient";
|
|
9124
|
-
const StandardInteractionClientGetClientConfiguration = "standardInteractionClientGetClientConfiguration";
|
|
9125
|
-
const StandardInteractionClientInitializeAuthorizationRequest = "standardInteractionClientInitializeAuthorizationRequest";
|
|
9126
|
-
const SilentFlowClientAcquireCachedToken = "silentFlowClientAcquireCachedToken";
|
|
9127
|
-
const GetStandardParams = "getStandardParams";
|
|
9128
|
-
const HandleCodeResponse = "handleCodeResponse";
|
|
9129
|
-
const HandleResponseEar = "handleResponseEar";
|
|
9130
|
-
const HandleResponsePlatformBroker = "handleResponsePlatformBroker";
|
|
9131
|
-
const HandleResponseCode = "handleResponseCode";
|
|
9132
|
-
const AuthClientAcquireToken = "authClientAcquireToken";
|
|
9133
|
-
const DeserializeResponse = "deserializeResponse";
|
|
9134
|
-
const AuthorityFactoryCreateDiscoveredInstance = "authorityFactoryCreateDiscoveredInstance";
|
|
9135
|
-
const AcquireTokenByCodeAsync = "acquireTokenByCodeAsync";
|
|
9136
|
-
const HandleRedirectPromiseMeasurement = "handleRedirectPromise";
|
|
9137
|
-
const HandleNativeRedirectPromiseMeasurement = "handleNativeRedirectPromise";
|
|
9138
|
-
const NativeMessageHandlerHandshake = "nativeMessageHandlerHandshake";
|
|
9139
|
-
const ImportExistingCache = "importExistingCache";
|
|
9140
|
-
/**
|
|
9141
|
-
* Crypto Operations
|
|
9142
|
-
*/
|
|
9143
|
-
const GeneratePkceCodes = "generatePkceCodes";
|
|
9144
|
-
const GenerateCodeVerifier = "generateCodeVerifier";
|
|
9145
|
-
const GenerateCodeChallengeFromVerifier = "generateCodeChallengeFromVerifier";
|
|
9146
|
-
const Sha256Digest = "sha256Digest";
|
|
9147
|
-
const GetRandomValues = "getRandomValues";
|
|
9148
|
-
const GenerateHKDF = "generateHKDF";
|
|
9149
|
-
const GenerateBaseKey = "generateBaseKey";
|
|
9150
|
-
const Base64Decode = "base64Decode";
|
|
9151
|
-
const UrlEncodeArr = "urlEncodeArr";
|
|
9152
|
-
const Encrypt = "encrypt";
|
|
9153
|
-
const Decrypt = "decrypt";
|
|
9154
|
-
const GenerateEarKey = "generateEarKey";
|
|
9155
|
-
const DecryptEarResponse = "decryptEarResponse";
|
|
9156
|
-
const LoadAccount = "loadAccount";
|
|
9157
|
-
const LoadIdToken = "loadIdToken";
|
|
9158
|
-
const LoadAccessToken = "loadAccessToken";
|
|
9159
|
-
const LoadRefreshToken = "loadRefreshToken";
|
|
9160
|
-
|
|
9161
9198
|
/*
|
|
9162
9199
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
9163
9200
|
* Licensed under the MIT License.
|
|
@@ -10294,7 +10331,7 @@ const EventType = {
|
|
|
10294
10331
|
|
|
10295
10332
|
/* eslint-disable header/header */
|
|
10296
10333
|
const name = "@azure/msal-browser";
|
|
10297
|
-
const version = "5.6.
|
|
10334
|
+
const version = "5.6.3";
|
|
10298
10335
|
|
|
10299
10336
|
/*
|
|
10300
10337
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -12758,9 +12795,9 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
12758
12795
|
}
|
|
12759
12796
|
// Get the preferred_cache domain for the given authority
|
|
12760
12797
|
const authority = await getDiscoveredAuthority(this.config, this.correlationId, this.performanceClient, this.browserStorage, this.logger, request.authority);
|
|
12761
|
-
const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info,
|
|
12798
|
+
const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info, authority.getPreferredCache(), // environment
|
|
12762
12799
|
idTokenClaims.tid, undefined, // auth code payload
|
|
12763
|
-
response.account.id);
|
|
12800
|
+
response.account.id, this.logger, this.performanceClient);
|
|
12764
12801
|
// Ensure expires_in is in number format
|
|
12765
12802
|
response.expires_in = Number(response.expires_in);
|
|
12766
12803
|
// generate authenticationResult
|
|
@@ -13645,7 +13682,7 @@ const DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS = 2000;
|
|
|
13645
13682
|
*
|
|
13646
13683
|
* @returns Configuration object
|
|
13647
13684
|
*/
|
|
13648
|
-
function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system: userInputSystem, telemetry: userInputTelemetry, }, isBrowserEnvironment) {
|
|
13685
|
+
function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system: userInputSystem, experimental: userInputExperimental, telemetry: userInputTelemetry, }, isBrowserEnvironment) {
|
|
13649
13686
|
// Default auth options for browser
|
|
13650
13687
|
const DEFAULT_AUTH_OPTIONS = {
|
|
13651
13688
|
clientId: "",
|
|
@@ -13717,6 +13754,9 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
|
|
|
13717
13754
|
},
|
|
13718
13755
|
client: new StubPerformanceClient(),
|
|
13719
13756
|
};
|
|
13757
|
+
const DEFAULT_EXPERIMENTAL_OPTIONS = {
|
|
13758
|
+
iframeTimeoutTelemetry: false,
|
|
13759
|
+
};
|
|
13720
13760
|
// Throw an error if user has set OIDCOptions without being in OIDC protocol mode
|
|
13721
13761
|
if (userInputSystem?.protocolMode !== ProtocolMode.OIDC &&
|
|
13722
13762
|
userInputAuth?.OIDCOptions) {
|
|
@@ -13740,6 +13780,10 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
|
|
|
13740
13780
|
},
|
|
13741
13781
|
cache: { ...DEFAULT_CACHE_OPTIONS, ...userInputCache },
|
|
13742
13782
|
system: providedSystemOptions,
|
|
13783
|
+
experimental: {
|
|
13784
|
+
...DEFAULT_EXPERIMENTAL_OPTIONS,
|
|
13785
|
+
...userInputExperimental,
|
|
13786
|
+
},
|
|
13743
13787
|
telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...userInputTelemetry },
|
|
13744
13788
|
};
|
|
13745
13789
|
return overlayedConfig;
|
|
@@ -15156,6 +15200,16 @@ function createHiddenIframe() {
|
|
|
15156
15200
|
authFrame.setAttribute("allow", "local-network-access *");
|
|
15157
15201
|
document.body.appendChild(authFrame);
|
|
15158
15202
|
return authFrame;
|
|
15203
|
+
}
|
|
15204
|
+
/**
|
|
15205
|
+
* @hidden
|
|
15206
|
+
* Removes a hidden iframe from `document.body` if it is a direct child.
|
|
15207
|
+
* @param iframe - The iframe element to remove.
|
|
15208
|
+
*/
|
|
15209
|
+
function removeHiddenIframe(iframe) {
|
|
15210
|
+
if (document.body === iframe.parentNode) {
|
|
15211
|
+
document.body.removeChild(iframe);
|
|
15212
|
+
}
|
|
15159
15213
|
}
|
|
15160
15214
|
|
|
15161
15215
|
/*
|
|
@@ -15251,9 +15305,15 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
15251
15305
|
earJwk: earJwk,
|
|
15252
15306
|
codeChallenge: pkceCodes.challenge,
|
|
15253
15307
|
};
|
|
15254
|
-
await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
|
|
15308
|
+
const iframe = await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
|
|
15255
15309
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
15256
|
-
|
|
15310
|
+
let responseString;
|
|
15311
|
+
try {
|
|
15312
|
+
responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
|
|
15313
|
+
}
|
|
15314
|
+
finally {
|
|
15315
|
+
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
15316
|
+
}
|
|
15257
15317
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
|
|
15258
15318
|
if (!serverParams.ear_jwe && serverParams.code) {
|
|
15259
15319
|
// If server doesn't support EAR, they may fallback to auth code flow instead
|
|
@@ -15291,18 +15351,25 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
15291
15351
|
...request,
|
|
15292
15352
|
codeChallenge: pkceCodes.challenge,
|
|
15293
15353
|
};
|
|
15354
|
+
let iframe;
|
|
15294
15355
|
if (request.httpMethod === HttpMethod.POST) {
|
|
15295
|
-
await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
15356
|
+
iframe = await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
15296
15357
|
}
|
|
15297
15358
|
else {
|
|
15298
15359
|
// Create authorize request url
|
|
15299
15360
|
const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
|
|
15300
15361
|
// Get the frame handle for the silent request
|
|
15301
|
-
await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId);
|
|
15362
|
+
iframe = await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId);
|
|
15302
15363
|
}
|
|
15303
15364
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
15304
15365
|
// Wait for response from the redirect bridge.
|
|
15305
|
-
|
|
15366
|
+
let responseString;
|
|
15367
|
+
try {
|
|
15368
|
+
responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
|
|
15369
|
+
}
|
|
15370
|
+
finally {
|
|
15371
|
+
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
15372
|
+
}
|
|
15306
15373
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
|
|
15307
15374
|
return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
15308
15375
|
}
|
|
@@ -15558,22 +15625,32 @@ class StandardController {
|
|
|
15558
15625
|
this.nativeInternalStorage = new BrowserCacheManager(this.config.auth.clientId, nativeCacheOptions, this.browserCrypto, this.logger, this.performanceClient, this.eventHandler);
|
|
15559
15626
|
this.activeSilentTokenRequests = new Map();
|
|
15560
15627
|
// Register listener functions
|
|
15561
|
-
this.
|
|
15628
|
+
this.trackStateChange = this.trackStateChange.bind(this);
|
|
15562
15629
|
// Register listener functions
|
|
15563
|
-
this.
|
|
15564
|
-
this.
|
|
15630
|
+
this.trackStateChangeWithMeasurement =
|
|
15631
|
+
this.trackStateChangeWithMeasurement.bind(this);
|
|
15565
15632
|
}
|
|
15566
15633
|
static async createController(operatingContext, request) {
|
|
15567
15634
|
const controller = new StandardController(operatingContext);
|
|
15568
15635
|
await controller.initialize(request);
|
|
15569
15636
|
return controller;
|
|
15570
15637
|
}
|
|
15571
|
-
|
|
15638
|
+
trackStateChange(correlationId, event) {
|
|
15572
15639
|
if (!correlationId) {
|
|
15573
15640
|
return;
|
|
15574
15641
|
}
|
|
15575
|
-
|
|
15576
|
-
|
|
15642
|
+
if (event.type === "visibilitychange") {
|
|
15643
|
+
this.logger.info("16v6hv", correlationId);
|
|
15644
|
+
this.performanceClient.incrementFields({ visibilityChangeCount: 1 }, correlationId);
|
|
15645
|
+
}
|
|
15646
|
+
else if (event.type === "online") {
|
|
15647
|
+
this.logger.info("0zirfd", correlationId);
|
|
15648
|
+
this.performanceClient.incrementFields({ onlineStatusChangeCount: 1 }, correlationId);
|
|
15649
|
+
}
|
|
15650
|
+
else if (event.type === "offline") {
|
|
15651
|
+
this.logger.info("1xk9ef", correlationId);
|
|
15652
|
+
this.performanceClient.incrementFields({ onlineStatusChangeCount: 1 }, correlationId);
|
|
15653
|
+
}
|
|
15577
15654
|
}
|
|
15578
15655
|
/**
|
|
15579
15656
|
* Initializer function to perform async startup tasks such as connecting to WAM extension
|
|
@@ -15915,15 +15992,40 @@ class StandardController {
|
|
|
15915
15992
|
}
|
|
15916
15993
|
});
|
|
15917
15994
|
}
|
|
15918
|
-
|
|
15995
|
+
trackStateChangeWithMeasurement(event) {
|
|
15919
15996
|
const measurement = this.ssoSilentMeasurement ||
|
|
15920
15997
|
this.acquireTokenByCodeAsyncMeasurement;
|
|
15921
15998
|
if (!measurement) {
|
|
15922
15999
|
return;
|
|
15923
16000
|
}
|
|
15924
|
-
|
|
15925
|
-
|
|
15926
|
-
|
|
16001
|
+
if (event.type === "visibilitychange") {
|
|
16002
|
+
this.logger.info("0yzimq", measurement.event.correlationId);
|
|
16003
|
+
measurement.increment({
|
|
16004
|
+
visibilityChangeCount: 1,
|
|
16005
|
+
});
|
|
16006
|
+
}
|
|
16007
|
+
else if (event.type === "online") {
|
|
16008
|
+
this.logger.info("1caf53", measurement.event.correlationId);
|
|
16009
|
+
measurement.increment({
|
|
16010
|
+
onlineStatusChangeCount: 1,
|
|
16011
|
+
});
|
|
16012
|
+
}
|
|
16013
|
+
else if (event.type === "offline") {
|
|
16014
|
+
this.logger.info("0fdyk7", measurement.event.correlationId);
|
|
16015
|
+
measurement.increment({
|
|
16016
|
+
onlineStatusChangeCount: 1,
|
|
16017
|
+
});
|
|
16018
|
+
}
|
|
16019
|
+
}
|
|
16020
|
+
addStateChangeListeners(listener) {
|
|
16021
|
+
document.addEventListener("visibilitychange", listener);
|
|
16022
|
+
window.addEventListener("online", listener);
|
|
16023
|
+
window.addEventListener("offline", listener);
|
|
16024
|
+
}
|
|
16025
|
+
removeStateChangeListeners(listener) {
|
|
16026
|
+
document.removeEventListener("visibilitychange", listener);
|
|
16027
|
+
window.removeEventListener("online", listener);
|
|
16028
|
+
window.removeEventListener("offline", listener);
|
|
15927
16029
|
}
|
|
15928
16030
|
// #endregion
|
|
15929
16031
|
// #region Silent Flow
|
|
@@ -15957,8 +16059,9 @@ class StandardController {
|
|
|
15957
16059
|
preflightCheck(this.initialized, this.ssoSilentMeasurement, this.config, validRequest);
|
|
15958
16060
|
this.ssoSilentMeasurement?.increment({
|
|
15959
16061
|
visibilityChangeCount: 0,
|
|
16062
|
+
onlineStatusChangeCount: 0,
|
|
15960
16063
|
});
|
|
15961
|
-
|
|
16064
|
+
this.addStateChangeListeners(this.trackStateChangeWithMeasurement);
|
|
15962
16065
|
const loggedInAccounts = this.getAllAccounts();
|
|
15963
16066
|
this.logger.verbose("0w1b45", correlationId);
|
|
15964
16067
|
this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Silent, validRequest);
|
|
@@ -16001,7 +16104,7 @@ class StandardController {
|
|
|
16001
16104
|
throw e;
|
|
16002
16105
|
})
|
|
16003
16106
|
.finally(() => {
|
|
16004
|
-
|
|
16107
|
+
this.removeStateChangeListeners(this.trackStateChangeWithMeasurement);
|
|
16005
16108
|
});
|
|
16006
16109
|
}
|
|
16007
16110
|
/**
|
|
@@ -16108,8 +16211,9 @@ class StandardController {
|
|
|
16108
16211
|
this.performanceClient.startMeasurement(AcquireTokenByCodeAsync, correlationId);
|
|
16109
16212
|
this.acquireTokenByCodeAsyncMeasurement?.increment({
|
|
16110
16213
|
visibilityChangeCount: 0,
|
|
16214
|
+
onlineStatusChangeCount: 0,
|
|
16111
16215
|
});
|
|
16112
|
-
|
|
16216
|
+
this.addStateChangeListeners(this.trackStateChangeWithMeasurement);
|
|
16113
16217
|
const silentAuthCodeClient = this.createSilentAuthCodeClient(correlationId);
|
|
16114
16218
|
const silentTokenResult = await silentAuthCodeClient
|
|
16115
16219
|
.acquireToken(request)
|
|
@@ -16128,7 +16232,7 @@ class StandardController {
|
|
|
16128
16232
|
throw tokenRenewalError;
|
|
16129
16233
|
})
|
|
16130
16234
|
.finally(() => {
|
|
16131
|
-
|
|
16235
|
+
this.removeStateChangeListeners(this.trackStateChangeWithMeasurement);
|
|
16132
16236
|
});
|
|
16133
16237
|
return silentTokenResult;
|
|
16134
16238
|
}
|
|
@@ -16590,12 +16694,12 @@ class StandardController {
|
|
|
16590
16694
|
* @returns {Promise.<AuthenticationResult>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse}
|
|
16591
16695
|
*/
|
|
16592
16696
|
async acquireTokenSilentAsync(request, account) {
|
|
16593
|
-
const
|
|
16697
|
+
const trackStateChange = (event) => this.trackStateChange(request.correlationId, event);
|
|
16594
16698
|
this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, request.correlationId, exports.InteractionType.Silent, request);
|
|
16595
16699
|
if (request.correlationId) {
|
|
16596
|
-
this.performanceClient.incrementFields({ visibilityChangeCount: 0 }, request.correlationId);
|
|
16700
|
+
this.performanceClient.incrementFields({ visibilityChangeCount: 0, onlineStatusChangeCount: 0 }, request.correlationId);
|
|
16597
16701
|
}
|
|
16598
|
-
|
|
16702
|
+
this.addStateChangeListeners(trackStateChange);
|
|
16599
16703
|
const silentRequest = await invokeAsync(initializeSilentRequest, InitializeSilentRequest, this.logger, this.performanceClient, request.correlationId)(request, account, this.config, this.performanceClient, this.logger);
|
|
16600
16704
|
const cacheLookupPolicy = request.cacheLookupPolicy || CacheLookupPolicy.Default;
|
|
16601
16705
|
const result = this.acquireTokenSilentNoIframe(silentRequest, cacheLookupPolicy).catch(async (refreshTokenError) => {
|
|
@@ -16677,7 +16781,7 @@ class StandardController {
|
|
|
16677
16781
|
throw tokenRenewalError;
|
|
16678
16782
|
})
|
|
16679
16783
|
.finally(() => {
|
|
16680
|
-
|
|
16784
|
+
this.removeStateChangeListeners(trackStateChange);
|
|
16681
16785
|
});
|
|
16682
16786
|
}
|
|
16683
16787
|
/**
|
|
@@ -18277,7 +18381,7 @@ async function loadExternalTokens(config, request, response, options, performanc
|
|
|
18277
18381
|
const storage = new BrowserCacheManager(browserConfig.auth.clientId, browserConfig.cache, cryptoOps, logger, browserConfig.telemetry.client, new EventHandler(logger), buildStaticAuthorityOptions(browserConfig.auth));
|
|
18278
18382
|
const authorityString = request.authority || browserConfig.auth.authority;
|
|
18279
18383
|
const authority = await createDiscoveredInstance(Authority.generateAuthority(authorityString, request.azureCloudOptions), browserConfig.system.networkClient, storage, authorityOptions, logger, correlationId, performanceClient);
|
|
18280
|
-
const cacheRecordAccount = await invokeAsync(loadAccount, LoadAccount, logger, performanceClient, correlationId)(request, options.clientInfo || response.client_info || "", correlationId, storage, logger, cryptoOps, authority, idTokenClaims);
|
|
18384
|
+
const cacheRecordAccount = await invokeAsync(loadAccount, LoadAccount, logger, performanceClient, correlationId)(request, options.clientInfo || response.client_info || "", correlationId, storage, logger, cryptoOps, authority, idTokenClaims, performanceClient);
|
|
18281
18385
|
const idToken = await invokeAsync(loadIdToken, LoadIdToken, logger, performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, kmsi, correlationId, storage, logger, config.auth.clientId);
|
|
18282
18386
|
const accessToken = await invokeAsync(loadAccessToken, LoadAccessToken, logger, performanceClient, correlationId)(request, response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, kmsi, options, correlationId, storage, logger, config.auth.clientId);
|
|
18283
18387
|
const refreshToken = await invokeAsync(loadRefreshToken, LoadRefreshToken, logger, performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, kmsi, correlationId, storage, logger, config.auth.clientId, performanceClient);
|
|
@@ -18303,7 +18407,7 @@ async function loadExternalTokens(config, request, response, options, performanc
|
|
|
18303
18407
|
* @param requestHomeAccountId
|
|
18304
18408
|
* @returns `AccountEntity`
|
|
18305
18409
|
*/
|
|
18306
|
-
async function loadAccount(request, clientInfo, correlationId, storage, logger, cryptoObj, authority, idTokenClaims) {
|
|
18410
|
+
async function loadAccount(request, clientInfo, correlationId, storage, logger, cryptoObj, authority, idTokenClaims, performanceClient) {
|
|
18307
18411
|
logger.verbose("0ke46k", correlationId);
|
|
18308
18412
|
if (request.account) {
|
|
18309
18413
|
const accountEntity = createAccountEntityFromAccountInfo(request.account);
|
|
@@ -18318,7 +18422,7 @@ async function loadAccount(request, clientInfo, correlationId, storage, logger,
|
|
|
18318
18422
|
const claimsTenantId = idTokenClaims?.tid;
|
|
18319
18423
|
const cachedAccount = buildAccountToCache(storage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, authority.getPreferredCache(), claimsTenantId, undefined, // authCodePayload
|
|
18320
18424
|
undefined, // nativeAccountId
|
|
18321
|
-
logger);
|
|
18425
|
+
logger, performanceClient);
|
|
18322
18426
|
await storage.setAccount(cachedAccount, correlationId, isKmsi(idTokenClaims || {}), ApiId.loadExternalTokens);
|
|
18323
18427
|
return cachedAccount;
|
|
18324
18428
|
}
|
|
@@ -18590,6 +18694,9 @@ class BrowserPerformanceClient extends PerformanceClient {
|
|
|
18590
18694
|
getPageVisibility() {
|
|
18591
18695
|
return document.visibilityState?.toString() || null;
|
|
18592
18696
|
}
|
|
18697
|
+
getOnlineStatus() {
|
|
18698
|
+
return typeof navigator !== "undefined" ? navigator.onLine : null;
|
|
18699
|
+
}
|
|
18593
18700
|
deleteIncompleteSubMeasurements(inProgressEvent) {
|
|
18594
18701
|
void getPerfMeasurementModule()?.then((module) => {
|
|
18595
18702
|
const rootEvent = this.eventsByCorrelationId.get(inProgressEvent.event.correlationId);
|
|
@@ -18616,6 +18723,7 @@ class BrowserPerformanceClient extends PerformanceClient {
|
|
|
18616
18723
|
startMeasurement(measureName, correlationId) {
|
|
18617
18724
|
// Capture page visibilityState and then invoke start/end measurement
|
|
18618
18725
|
const startPageVisibility = this.getPageVisibility();
|
|
18726
|
+
const startOnlineStatus = this.getOnlineStatus();
|
|
18619
18727
|
const inProgressEvent = super.startMeasurement(measureName, correlationId);
|
|
18620
18728
|
const startTime = supportsBrowserPerformanceNow()
|
|
18621
18729
|
? window.performance.now()
|
|
@@ -18631,6 +18739,7 @@ class BrowserPerformanceClient extends PerformanceClient {
|
|
|
18631
18739
|
const res = inProgressEvent.end({
|
|
18632
18740
|
...event,
|
|
18633
18741
|
startPageVisibility,
|
|
18742
|
+
startOnlineStatus,
|
|
18634
18743
|
endPageVisibility: this.getPageVisibility(),
|
|
18635
18744
|
durationMs: getPerfDurationMs(startTime),
|
|
18636
18745
|
networkEffectiveType: networkInfo.effectiveType,
|