@azure/msal-browser 5.6.1 → 5.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (396) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  4. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  7. package/dist/cache/AccountManager.mjs +1 -1
  8. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  9. package/dist/cache/BrowserCacheManager.mjs +1 -1
  10. package/dist/cache/CacheHelpers.mjs +1 -1
  11. package/dist/cache/CacheKeys.mjs +1 -1
  12. package/dist/cache/CookieStorage.mjs +1 -1
  13. package/dist/cache/DatabaseStorage.mjs +1 -1
  14. package/dist/cache/EncryptedData.mjs +1 -1
  15. package/dist/cache/LocalStorage.mjs +1 -1
  16. package/dist/cache/MemoryStorage.mjs +1 -1
  17. package/dist/cache/SessionStorage.mjs +1 -1
  18. package/dist/cache/TokenCache.d.ts.map +1 -1
  19. package/dist/cache/TokenCache.mjs +9 -9
  20. package/dist/cache/TokenCache.mjs.map +1 -1
  21. package/dist/config/Configuration.d.ts +13 -1
  22. package/dist/config/Configuration.d.ts.map +1 -1
  23. package/dist/config/Configuration.mjs +9 -2
  24. package/dist/config/Configuration.mjs.map +1 -1
  25. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  26. package/dist/controllers/StandardController.d.ts +4 -2
  27. package/dist/controllers/StandardController.d.ts.map +1 -1
  28. package/dist/controllers/StandardController.mjs +56 -19
  29. package/dist/controllers/StandardController.mjs.map +1 -1
  30. package/dist/crypto/BrowserCrypto.mjs +1 -1
  31. package/dist/crypto/CryptoOps.mjs +1 -1
  32. package/dist/crypto/PkceGenerator.mjs +1 -1
  33. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  34. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  35. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  36. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  37. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  38. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
  39. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  40. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  41. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
  42. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  43. package/dist/custom-auth-path/cache/CacheKeys.mjs +1 -1
  44. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  45. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  46. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  47. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  48. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  49. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  50. package/dist/custom-auth-path/cache/TokenCache.d.ts.map +1 -1
  51. package/dist/custom-auth-path/config/Configuration.d.ts +13 -1
  52. package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
  53. package/dist/custom-auth-path/config/Configuration.mjs +9 -2
  54. package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
  55. package/dist/custom-auth-path/controllers/StandardController.d.ts +4 -2
  56. package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
  57. package/dist/custom-auth-path/controllers/StandardController.mjs +56 -19
  58. package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
  59. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  60. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  61. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  62. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  63. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  64. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  65. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  66. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  67. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  68. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  69. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  70. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  71. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  72. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  74. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  158. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  159. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  160. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  169. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  170. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  171. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  172. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  173. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  174. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  175. package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
  176. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  177. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  178. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  179. package/dist/custom-auth-path/index.d.ts +1 -1
  180. package/dist/custom-auth-path/index.d.ts.map +1 -1
  181. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  182. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  183. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  184. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  185. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +8 -8
  186. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  187. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +1 -1
  188. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
  189. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  190. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  191. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
  192. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +21 -8
  193. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
  194. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  195. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
  196. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  197. package/dist/custom-auth-path/interaction_handler/SilentHandler.d.ts +6 -0
  198. package/dist/custom-auth-path/interaction_handler/SilentHandler.d.ts.map +1 -1
  199. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +12 -2
  200. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs.map +1 -1
  201. package/dist/custom-auth-path/log-strings-mapping.json +23 -3
  202. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  203. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  204. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  205. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  206. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  207. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  208. package/dist/custom-auth-path/protocol/Authorize.mjs +1 -1
  209. package/dist/custom-auth-path/redirect_bridge/index.d.ts.map +1 -1
  210. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  211. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  212. package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts +1 -0
  213. package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  214. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts +5 -0
  215. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  216. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +9 -3
  217. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
  218. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  219. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  220. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  221. package/dist/custom-auth-path/utils/BrowserUtils.d.ts +2 -2
  222. package/dist/custom-auth-path/utils/BrowserUtils.d.ts.map +1 -1
  223. package/dist/custom-auth-path/utils/BrowserUtils.mjs +27 -3
  224. package/dist/custom-auth-path/utils/BrowserUtils.mjs.map +1 -1
  225. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  226. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
  227. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  228. package/dist/encode/Base64Decode.mjs +1 -1
  229. package/dist/encode/Base64Encode.mjs +1 -1
  230. package/dist/error/BrowserAuthError.mjs +1 -1
  231. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  232. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  233. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  234. package/dist/error/NativeAuthError.mjs +1 -1
  235. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  236. package/dist/error/NestedAppAuthError.mjs +1 -1
  237. package/dist/event/EventHandler.mjs +1 -1
  238. package/dist/event/EventMessage.mjs +1 -1
  239. package/dist/event/EventType.mjs +1 -1
  240. package/dist/index.d.ts +1 -1
  241. package/dist/index.d.ts.map +1 -1
  242. package/dist/index.mjs +1 -1
  243. package/dist/index.mjs.map +1 -1
  244. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  245. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  246. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  247. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  248. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +8 -8
  249. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  250. package/dist/interaction_client/PopupClient.mjs +1 -1
  251. package/dist/interaction_client/RedirectClient.mjs +1 -1
  252. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  253. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  254. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  255. package/dist/interaction_client/SilentIframeClient.mjs +21 -8
  256. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  257. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  258. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  259. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  260. package/dist/interaction_handler/SilentHandler.d.ts +6 -0
  261. package/dist/interaction_handler/SilentHandler.d.ts.map +1 -1
  262. package/dist/interaction_handler/SilentHandler.mjs +12 -2
  263. package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
  264. package/dist/log-strings-mapping.json +31 -11
  265. package/dist/naa/BridgeError.mjs +1 -1
  266. package/dist/naa/BridgeProxy.mjs +1 -1
  267. package/dist/naa/BridgeStatusCode.mjs +1 -1
  268. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  269. package/dist/navigation/NavigationClient.mjs +1 -1
  270. package/dist/network/FetchClient.mjs +1 -1
  271. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  272. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  273. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  274. package/dist/packageMetadata.d.ts +1 -1
  275. package/dist/packageMetadata.mjs +2 -2
  276. package/dist/protocol/Authorize.mjs +1 -1
  277. package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
  278. package/dist/redirect-bridge/cache/TokenCache.d.ts.map +1 -1
  279. package/dist/redirect-bridge/config/Configuration.d.ts +13 -1
  280. package/dist/redirect-bridge/config/Configuration.d.ts.map +1 -1
  281. package/dist/redirect-bridge/config/Configuration.mjs +1 -1
  282. package/dist/redirect-bridge/controllers/StandardController.d.ts +4 -2
  283. package/dist/redirect-bridge/controllers/StandardController.d.ts.map +1 -1
  284. package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
  285. package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
  286. package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
  287. package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
  288. package/dist/redirect-bridge/index.d.ts +1 -1
  289. package/dist/redirect-bridge/index.d.ts.map +1 -1
  290. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  291. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  292. package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts.map +1 -1
  293. package/dist/redirect-bridge/interaction_handler/SilentHandler.d.ts +6 -0
  294. package/dist/redirect-bridge/interaction_handler/SilentHandler.d.ts.map +1 -1
  295. package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
  296. package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
  297. package/dist/redirect-bridge/redirect_bridge/index.d.ts.map +1 -1
  298. package/dist/redirect-bridge/redirect_bridge/index.mjs +43 -24
  299. package/dist/redirect-bridge/redirect_bridge/index.mjs.map +1 -1
  300. package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts +1 -0
  301. package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  302. package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts +5 -0
  303. package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  304. package/dist/redirect-bridge/utils/BrowserConstants.mjs +1 -1
  305. package/dist/redirect-bridge/utils/BrowserUtils.d.ts +2 -2
  306. package/dist/redirect-bridge/utils/BrowserUtils.d.ts.map +1 -1
  307. package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
  308. package/dist/redirect-bridge/utils/BrowserUtils.mjs.map +1 -1
  309. package/dist/redirect_bridge/index.d.ts.map +1 -1
  310. package/dist/request/RequestHelpers.mjs +1 -1
  311. package/dist/response/ResponseHandler.mjs +1 -1
  312. package/dist/telemetry/BrowserPerformanceClient.d.ts +1 -0
  313. package/dist/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  314. package/dist/telemetry/BrowserPerformanceClient.mjs +6 -1
  315. package/dist/telemetry/BrowserPerformanceClient.mjs.map +1 -1
  316. package/dist/telemetry/BrowserPerformanceEvents.d.ts +5 -0
  317. package/dist/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  318. package/dist/telemetry/BrowserPerformanceEvents.mjs +9 -3
  319. package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
  320. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  321. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  322. package/dist/utils/BrowserConstants.mjs +1 -1
  323. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  324. package/dist/utils/BrowserUtils.d.ts +2 -2
  325. package/dist/utils/BrowserUtils.d.ts.map +1 -1
  326. package/dist/utils/BrowserUtils.mjs +27 -3
  327. package/dist/utils/BrowserUtils.mjs.map +1 -1
  328. package/dist/utils/Helpers.mjs +1 -1
  329. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  330. package/lib/custom-auth-path/log-strings-mapping.json +23 -3
  331. package/lib/custom-auth-path/msal-custom-auth.cjs +649 -546
  332. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  333. package/lib/custom-auth-path/types/cache/TokenCache.d.ts.map +1 -1
  334. package/lib/custom-auth-path/types/config/Configuration.d.ts +13 -1
  335. package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
  336. package/lib/custom-auth-path/types/controllers/StandardController.d.ts +4 -2
  337. package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
  338. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  339. package/lib/custom-auth-path/types/index.d.ts +1 -1
  340. package/lib/custom-auth-path/types/index.d.ts.map +1 -1
  341. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  342. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  343. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  344. package/lib/custom-auth-path/types/interaction_handler/SilentHandler.d.ts +6 -0
  345. package/lib/custom-auth-path/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  346. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  347. package/lib/custom-auth-path/types/redirect_bridge/index.d.ts.map +1 -1
  348. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts +1 -0
  349. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  350. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts +5 -0
  351. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  352. package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts +2 -2
  353. package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts.map +1 -1
  354. package/lib/log-strings-mapping.json +31 -11
  355. package/lib/msal-browser.cjs +794 -685
  356. package/lib/msal-browser.cjs.map +1 -1
  357. package/lib/msal-browser.js +794 -685
  358. package/lib/msal-browser.js.map +1 -1
  359. package/lib/msal-browser.min.js +2 -2
  360. package/lib/redirect-bridge/msal-redirect-bridge.js +52 -33
  361. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  362. package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
  363. package/lib/types/cache/TokenCache.d.ts.map +1 -1
  364. package/lib/types/config/Configuration.d.ts +13 -1
  365. package/lib/types/config/Configuration.d.ts.map +1 -1
  366. package/lib/types/controllers/StandardController.d.ts +4 -2
  367. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  368. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  369. package/lib/types/index.d.ts +1 -1
  370. package/lib/types/index.d.ts.map +1 -1
  371. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts +10 -10
  372. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  373. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  374. package/lib/types/interaction_handler/SilentHandler.d.ts +6 -0
  375. package/lib/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  376. package/lib/types/packageMetadata.d.ts +1 -1
  377. package/lib/types/redirect_bridge/index.d.ts.map +1 -1
  378. package/lib/types/telemetry/BrowserPerformanceClient.d.ts +1 -0
  379. package/lib/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  380. package/lib/types/telemetry/BrowserPerformanceEvents.d.ts +5 -0
  381. package/lib/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  382. package/lib/types/utils/BrowserUtils.d.ts +2 -2
  383. package/lib/types/utils/BrowserUtils.d.ts.map +1 -1
  384. package/package.json +2 -2
  385. package/src/cache/TokenCache.ts +27 -24
  386. package/src/config/Configuration.ts +22 -0
  387. package/src/controllers/StandardController.ts +84 -35
  388. package/src/index.ts +1 -0
  389. package/src/interaction_client/PlatformAuthInteractionClient.ts +55 -53
  390. package/src/interaction_client/SilentIframeClient.ts +55 -29
  391. package/src/interaction_handler/SilentHandler.ts +11 -0
  392. package/src/packageMetadata.ts +1 -1
  393. package/src/redirect_bridge/index.ts +47 -25
  394. package/src/telemetry/BrowserPerformanceClient.ts +6 -0
  395. package/src/telemetry/BrowserPerformanceEvents.ts +6 -0
  396. package/src/utils/BrowserUtils.ts +36 -4
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v5.6.1 2026-03-19 */
1
+ /*! @azure/msal-browser v5.6.3 2026-04-01 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v16.4.0 2026-03-19 */
5
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -234,7 +234,7 @@ const JsonWebTokenTypes$1 = {
234
234
  // Token renewal offset default in seconds
235
235
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
236
236
 
237
- /*! @azure/msal-common v16.4.0 2026-03-19 */
237
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
238
238
  /*
239
239
  * Copyright (c) Microsoft Corporation. All rights reserved.
240
240
  * Licensed under the MIT License.
@@ -286,7 +286,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
286
286
  const RESOURCE = "resource";
287
287
  const CLI_DATA = "clidata";
288
288
 
289
- /*! @azure/msal-common v16.4.0 2026-03-19 */
289
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
290
290
  /*
291
291
  * Copyright (c) Microsoft Corporation. All rights reserved.
292
292
  * Licensed under the MIT License.
@@ -317,7 +317,7 @@ function createAuthError(code, additionalMessage) {
317
317
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
318
318
  }
319
319
 
320
- /*! @azure/msal-common v16.4.0 2026-03-19 */
320
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
321
321
 
322
322
  /*
323
323
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -337,7 +337,7 @@ function createClientConfigurationError(errorCode) {
337
337
  return new ClientConfigurationError(errorCode);
338
338
  }
339
339
 
340
- /*! @azure/msal-common v16.4.0 2026-03-19 */
340
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
341
341
  /*
342
342
  * Copyright (c) Microsoft Corporation. All rights reserved.
343
343
  * Licensed under the MIT License.
@@ -417,7 +417,7 @@ class StringUtils {
417
417
  }
418
418
  }
419
419
 
420
- /*! @azure/msal-common v16.4.0 2026-03-19 */
420
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
421
421
 
422
422
  /*
423
423
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -440,7 +440,7 @@ function createClientAuthError(errorCode, additionalMessage) {
440
440
  return new ClientAuthError(errorCode, additionalMessage);
441
441
  }
442
442
 
443
- /*! @azure/msal-common v16.4.0 2026-03-19 */
443
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
444
444
  /*
445
445
  * Copyright (c) Microsoft Corporation. All rights reserved.
446
446
  * Licensed under the MIT License.
@@ -494,7 +494,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
494
494
  urlParseError: urlParseError
495
495
  });
496
496
 
497
- /*! @azure/msal-common v16.4.0 2026-03-19 */
497
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
498
498
  /*
499
499
  * Copyright (c) Microsoft Corporation. All rights reserved.
500
500
  * Licensed under the MIT License.
@@ -582,7 +582,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
582
582
  userCanceled: userCanceled
583
583
  });
584
584
 
585
- /*! @azure/msal-common v16.4.0 2026-03-19 */
585
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
586
586
 
587
587
  /*
588
588
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -777,7 +777,7 @@ class ScopeSet {
777
777
  }
778
778
  }
779
779
 
780
- /*! @azure/msal-common v16.4.0 2026-03-19 */
780
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
781
781
 
782
782
  /*
783
783
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1155,7 +1155,7 @@ function addResource(parameters, resource) {
1155
1155
  }
1156
1156
  }
1157
1157
 
1158
- /*! @azure/msal-common v16.4.0 2026-03-19 */
1158
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
1159
1159
 
1160
1160
  /*
1161
1161
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1264,7 +1264,7 @@ function normalizeUrlForComparison(url) {
1264
1264
  }
1265
1265
  }
1266
1266
 
1267
- /*! @azure/msal-common v16.4.0 2026-03-19 */
1267
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
1268
1268
 
1269
1269
  /*
1270
1270
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1303,7 +1303,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
1303
1303
  },
1304
1304
  };
1305
1305
 
1306
- /*! @azure/msal-common v16.4.0 2026-03-19 */
1306
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
1307
1307
  /*
1308
1308
  * Copyright (c) Microsoft Corporation. All rights reserved.
1309
1309
  * Licensed under the MIT License.
@@ -1578,12 +1578,12 @@ class Logger {
1578
1578
  }
1579
1579
  }
1580
1580
 
1581
- /*! @azure/msal-common v16.4.0 2026-03-19 */
1581
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
1582
1582
  /* eslint-disable header/header */
1583
1583
  const name$1 = "@azure/msal-common";
1584
- const version$1 = "16.4.0";
1584
+ const version$1 = "16.4.1";
1585
1585
 
1586
- /*! @azure/msal-common v16.4.0 2026-03-19 */
1586
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
1587
1587
  /*
1588
1588
  * Copyright (c) Microsoft Corporation. All rights reserved.
1589
1589
  * Licensed under the MIT License.
@@ -1603,7 +1603,7 @@ const AzureCloudInstance = {
1603
1603
  AzureUsGovernment: "https://login.microsoftonline.us",
1604
1604
  };
1605
1605
 
1606
- /*! @azure/msal-common v16.4.0 2026-03-19 */
1606
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
1607
1607
  /*
1608
1608
  * Copyright (c) Microsoft Corporation. All rights reserved.
1609
1609
  * Licensed under the MIT License.
@@ -1685,7 +1685,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1685
1685
  return updatedAccountInfo;
1686
1686
  }
1687
1687
 
1688
- /*! @azure/msal-common v16.4.0 2026-03-19 */
1688
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
1689
1689
 
1690
1690
  /*
1691
1691
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1765,7 +1765,7 @@ function checkMaxAge(authTime, maxAge) {
1765
1765
  }
1766
1766
  }
1767
1767
 
1768
- /*! @azure/msal-common v16.4.0 2026-03-19 */
1768
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
1769
1769
 
1770
1770
  /*
1771
1771
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1922,7 +1922,7 @@ class UrlString {
1922
1922
  }
1923
1923
  }
1924
1924
 
1925
- /*! @azure/msal-common v16.4.0 2026-03-19 */
1925
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
1926
1926
 
1927
1927
  /*
1928
1928
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2079,7 +2079,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2079
2079
  return null;
2080
2080
  }
2081
2081
 
2082
- /*! @azure/msal-common v16.4.0 2026-03-19 */
2082
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
2083
2083
  /*
2084
2084
  * Copyright (c) Microsoft Corporation. All rights reserved.
2085
2085
  * Licensed under the MIT License.
@@ -2087,7 +2087,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2087
2087
  const cacheQuotaExceeded = "cache_quota_exceeded";
2088
2088
  const cacheErrorUnknown = "cache_error_unknown";
2089
2089
 
2090
- /*! @azure/msal-common v16.4.0 2026-03-19 */
2090
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
2091
2091
 
2092
2092
  /*
2093
2093
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2125,7 +2125,7 @@ function createCacheError(e) {
2125
2125
  }
2126
2126
  }
2127
2127
 
2128
- /*! @azure/msal-common v16.4.0 2026-03-19 */
2128
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
2129
2129
 
2130
2130
  /*
2131
2131
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2163,7 +2163,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
2163
2163
  };
2164
2164
  }
2165
2165
 
2166
- /*! @azure/msal-common v16.4.0 2026-03-19 */
2166
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
2167
2167
  /*
2168
2168
  * Copyright (c) Microsoft Corporation. All rights reserved.
2169
2169
  * Licensed under the MIT License.
@@ -2178,7 +2178,7 @@ const AuthorityType = {
2178
2178
  Ciam: 3,
2179
2179
  };
2180
2180
 
2181
- /*! @azure/msal-common v16.4.0 2026-03-19 */
2181
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
2182
2182
  /*
2183
2183
  * Copyright (c) Microsoft Corporation. All rights reserved.
2184
2184
  * Licensed under the MIT License.
@@ -2200,7 +2200,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
2200
2200
  return null;
2201
2201
  }
2202
2202
 
2203
- /*! @azure/msal-common v16.4.0 2026-03-19 */
2203
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
2204
2204
  /*
2205
2205
  * Copyright (c) Microsoft Corporation. All rights reserved.
2206
2206
  * Licensed under the MIT License.
@@ -2224,7 +2224,7 @@ const ProtocolMode = {
2224
2224
  EAR: "EAR",
2225
2225
  };
2226
2226
 
2227
- /*! @azure/msal-common v16.4.0 2026-03-19 */
2227
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
2228
2228
  /**
2229
2229
  * Returns the AccountInfo interface for this account.
2230
2230
  */
@@ -2399,7 +2399,7 @@ function isAccountEntity(entity) {
2399
2399
  entity.hasOwnProperty("authorityType"));
2400
2400
  }
2401
2401
 
2402
- /*! @azure/msal-common v16.4.0 2026-03-19 */
2402
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
2403
2403
 
2404
2404
  /*
2405
2405
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3501,7 +3501,7 @@ class DefaultStorageClass extends CacheManager {
3501
3501
  }
3502
3502
  }
3503
3503
 
3504
- /*! @azure/msal-common v16.4.0 2026-03-19 */
3504
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
3505
3505
  /*
3506
3506
  * Copyright (c) Microsoft Corporation. All rights reserved.
3507
3507
  * Licensed under the MIT License.
@@ -3546,12 +3546,13 @@ const IntFields = new Set([
3546
3546
  "currRefreshCount",
3547
3547
  "expiredCacheRemovedCount",
3548
3548
  "upgradedCacheCount",
3549
+ "cacheMatchedAccounts",
3549
3550
  "networkRtt",
3550
3551
  "redirectBridgeTimeoutMs",
3551
3552
  "redirectBridgeMessageVersion",
3552
3553
  ]);
3553
3554
 
3554
- /*! @azure/msal-common v16.4.0 2026-03-19 */
3555
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
3555
3556
 
3556
3557
  /*
3557
3558
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3606,7 +3607,7 @@ class StubPerformanceClient {
3606
3607
  }
3607
3608
  }
3608
3609
 
3609
- /*! @azure/msal-common v16.4.0 2026-03-19 */
3610
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
3610
3611
 
3611
3612
  /*
3612
3613
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3701,291 +3702,358 @@ function isOidcProtocolMode(config) {
3701
3702
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3702
3703
  }
3703
3704
 
3704
- /*! @azure/msal-common v16.4.0 2026-03-19 */
3705
-
3705
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
3706
3706
  /*
3707
3707
  * Copyright (c) Microsoft Corporation. All rights reserved.
3708
3708
  * Licensed under the MIT License.
3709
3709
  */
3710
3710
  /**
3711
- * Error thrown when there is an error with the server code, for example, unavailability.
3712
- */
3713
- class ServerError extends AuthError {
3714
- constructor(errorCode, errorMessage, subError, errorNo, status) {
3715
- super(errorCode, errorMessage, subError);
3716
- this.name = "ServerError";
3717
- this.errorNo = errorNo;
3718
- this.status = status;
3719
- Object.setPrototypeOf(this, ServerError.prototype);
3711
+ * This class instance helps track the memory changes facilitating
3712
+ * decisions to read from and write to the persistent cache
3713
+ */ class TokenCacheContext {
3714
+ constructor(tokenCache, hasChanged) {
3715
+ this.cache = tokenCache;
3716
+ this.hasChanged = hasChanged;
3717
+ }
3718
+ /**
3719
+ * boolean which indicates the changes in cache
3720
+ */
3721
+ get cacheHasChanged() {
3722
+ return this.hasChanged;
3723
+ }
3724
+ /**
3725
+ * function to retrieve the token cache
3726
+ */
3727
+ get tokenCache() {
3728
+ return this.cache;
3720
3729
  }
3721
3730
  }
3722
3731
 
3723
- /*! @azure/msal-common v16.4.0 2026-03-19 */
3732
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
3724
3733
  /*
3725
3734
  * Copyright (c) Microsoft Corporation. All rights reserved.
3726
3735
  * Licensed under the MIT License.
3727
3736
  */
3728
3737
  /**
3729
- * MSAL-defined interaction required error code indicating no tokens are found in cache.
3730
- * @public
3731
- */
3732
- const noTokensFound = "no_tokens_found";
3733
- /**
3734
- * MSAL-defined error code indicating a native account is unavailable on the platform.
3735
- * @public
3736
- */
3737
- const nativeAccountUnavailable = "native_account_unavailable";
3738
- /**
3739
- * MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
3740
- * @public
3741
- */
3742
- const refreshTokenExpired = "refresh_token_expired";
3743
- /**
3744
- * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
3745
- * @public
3746
- */
3747
- const uxNotAllowed = "ux_not_allowed";
3748
- /**
3749
- * Server-originated error code indicating interaction is required to complete the request.
3750
- * @public
3751
- */
3752
- const interactionRequired = "interaction_required";
3753
- /**
3754
- * Server-originated error code indicating user consent is required.
3755
- * @public
3756
- */
3757
- const consentRequired = "consent_required";
3758
- /**
3759
- * Server-originated error code indicating user login is required.
3760
- * @public
3738
+ * Utility functions for managing date and time operations.
3761
3739
  */
3762
- const loginRequired = "login_required";
3763
3740
  /**
3764
- * Server-originated error code indicating the token is invalid or corrupted.
3765
- * @public
3741
+ * return the current time in Unix time (seconds).
3766
3742
  */
3767
- const badToken = "bad_token";
3743
+ function nowSeconds() {
3744
+ // Date.getTime() returns in milliseconds.
3745
+ return Math.round(new Date().getTime() / 1000.0);
3746
+ }
3768
3747
  /**
3769
- * Server-originated error code indicating the user is in an interrupted state and interaction is required.
3770
- * @public
3771
- */
3772
- const interruptedUser = "interrupted_user";
3773
-
3774
- var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
3775
- __proto__: null,
3776
- badToken: badToken,
3777
- consentRequired: consentRequired,
3778
- interactionRequired: interactionRequired,
3779
- interruptedUser: interruptedUser,
3780
- loginRequired: loginRequired,
3781
- nativeAccountUnavailable: nativeAccountUnavailable,
3782
- noTokensFound: noTokensFound,
3783
- refreshTokenExpired: refreshTokenExpired,
3784
- uxNotAllowed: uxNotAllowed
3785
- });
3786
-
3787
- /*! @azure/msal-common v16.4.0 2026-03-19 */
3788
-
3789
- /*
3790
- * Copyright (c) Microsoft Corporation. All rights reserved.
3791
- * Licensed under the MIT License.
3748
+ * Converts JS Date object to seconds
3749
+ * @param date Date
3792
3750
  */
3751
+ function toSecondsFromDate(date) {
3752
+ // Convert date to seconds
3753
+ return date.getTime() / 1000;
3754
+ }
3793
3755
  /**
3794
- * InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required
3756
+ * Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
3757
+ * @param seconds
3795
3758
  */
3796
- const InteractionRequiredServerErrorMessage = [
3797
- interactionRequired,
3798
- consentRequired,
3799
- loginRequired,
3800
- badToken,
3801
- uxNotAllowed,
3802
- interruptedUser,
3803
- ];
3804
- const InteractionRequiredAuthSubErrorMessage = [
3805
- "message_only",
3806
- "additional_action",
3807
- "basic_action",
3808
- "user_password_expired",
3809
- "consent_required",
3810
- "bad_token",
3811
- "ux_not_allowed",
3812
- "interrupted_user",
3813
- ];
3759
+ function toDateFromSeconds(seconds) {
3760
+ if (seconds) {
3761
+ return new Date(Number(seconds) * 1000);
3762
+ }
3763
+ return new Date();
3764
+ }
3814
3765
  /**
3815
- * Error thrown when user interaction is required.
3766
+ * check if a token is expired based on given UTC time in seconds.
3767
+ * @param expiresOn
3816
3768
  */
3817
- class InteractionRequiredAuthError extends AuthError {
3818
- constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
3819
- super(errorCode, errorMessage, subError);
3820
- Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
3821
- this.timestamp = timestamp || "";
3822
- this.traceId = traceId || "";
3823
- this.correlationId = correlationId || "";
3824
- this.claims = claims || "";
3825
- this.name = "InteractionRequiredAuthError";
3826
- this.errorNo = errorNo;
3827
- }
3769
+ function isTokenExpired(expiresOn, offset) {
3770
+ // check for access token expiry
3771
+ const expirationSec = Number(expiresOn) || 0;
3772
+ const offsetCurrentTimeSec = nowSeconds() + offset;
3773
+ // If current time + offset is greater than token expiration time, then token is expired.
3774
+ return offsetCurrentTimeSec > expirationSec;
3828
3775
  }
3829
3776
  /**
3830
- * Helper function used to determine if an error thrown by the server requires interaction to resolve
3831
- * @param errorCode
3832
- * @param errorString
3833
- * @param subError
3777
+ * Checks if a cache entry is expired based on the last updated time and cache retention days.
3778
+ * @param lastUpdatedAt
3779
+ * @param cacheRetentionDays
3780
+ * @returns
3834
3781
  */
3835
- function isInteractionRequiredError(errorCode, errorString, subError) {
3836
- const isInteractionRequiredErrorCode = !!errorCode &&
3837
- InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;
3838
- const isInteractionRequiredSubError = !!subError &&
3839
- InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
3840
- const isInteractionRequiredErrorDesc = !!errorString &&
3841
- InteractionRequiredServerErrorMessage.some((irErrorCode) => {
3842
- return errorString.indexOf(irErrorCode) > -1;
3843
- });
3844
- return (isInteractionRequiredErrorCode ||
3845
- isInteractionRequiredErrorDesc ||
3846
- isInteractionRequiredSubError);
3782
+ function isCacheExpired(lastUpdatedAt, cacheRetentionDays) {
3783
+ const cacheExpirationTimestamp = Number(lastUpdatedAt) + cacheRetentionDays * 24 * 60 * 60 * 1000;
3784
+ return Date.now() > cacheExpirationTimestamp;
3847
3785
  }
3848
3786
  /**
3849
- * Creates an InteractionRequiredAuthError
3787
+ * If the current time is earlier than the time that a token was cached at, we must discard the token
3788
+ * i.e. The system clock was turned back after acquiring the cached token
3789
+ * @param cachedAt
3790
+ * @param offset
3850
3791
  */
3851
- function createInteractionRequiredAuthError(errorCode, errorMessage) {
3852
- return new InteractionRequiredAuthError(errorCode, errorMessage);
3792
+ function wasClockTurnedBack(cachedAt) {
3793
+ const cachedAtSec = Number(cachedAt);
3794
+ return cachedAtSec > nowSeconds();
3853
3795
  }
3854
3796
 
3855
- /*! @azure/msal-common v16.4.0 2026-03-19 */
3797
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
3856
3798
 
3857
3799
  /*
3858
3800
  * Copyright (c) Microsoft Corporation. All rights reserved.
3859
3801
  * Licensed under the MIT License.
3860
3802
  */
3861
3803
  /**
3862
- * Appends user state with random guid, or returns random guid.
3863
- * @param cryptoObj
3864
- * @param userState
3865
- * @param meta
3804
+ * Create IdTokenEntity
3805
+ * @param homeAccountId
3806
+ * @param authenticationResult
3807
+ * @param clientId
3808
+ * @param authority
3866
3809
  */
3867
- function setRequestState(cryptoObj, userState, meta) {
3868
- const libraryState = generateLibraryState(cryptoObj, meta);
3869
- return userState
3870
- ? `${libraryState}${RESOURCE_DELIM}${userState}`
3871
- : libraryState;
3810
+ function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
3811
+ const idTokenEntity = {
3812
+ credentialType: CredentialType.ID_TOKEN,
3813
+ homeAccountId: homeAccountId,
3814
+ environment: environment,
3815
+ clientId: clientId,
3816
+ secret: idToken,
3817
+ realm: tenantId,
3818
+ lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
3819
+ };
3820
+ return idTokenEntity;
3872
3821
  }
3873
3822
  /**
3874
- * Generates the state value used by the common library.
3875
- * @param cryptoObj
3876
- * @param meta
3823
+ * Create AccessTokenEntity
3824
+ * @param homeAccountId
3825
+ * @param environment
3826
+ * @param accessToken
3827
+ * @param clientId
3828
+ * @param tenantId
3829
+ * @param scopes
3830
+ * @param expiresOn
3831
+ * @param extExpiresOn
3877
3832
  */
3878
- function generateLibraryState(cryptoObj, meta) {
3879
- if (!cryptoObj) {
3880
- throw createClientAuthError(noCryptoObject);
3881
- }
3882
- // Create a state object containing a unique id and the timestamp of the request creation
3883
- const stateObj = {
3884
- id: cryptoObj.createNewGuid(),
3833
+ function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId) {
3834
+ const atEntity = {
3835
+ homeAccountId: homeAccountId,
3836
+ credentialType: CredentialType.ACCESS_TOKEN,
3837
+ secret: accessToken,
3838
+ cachedAt: nowSeconds().toString(),
3839
+ expiresOn: expiresOn.toString(),
3840
+ extendedExpiresOn: extExpiresOn.toString(),
3841
+ environment: environment,
3842
+ clientId: clientId,
3843
+ realm: tenantId,
3844
+ target: scopes,
3845
+ tokenType: tokenType || AuthenticationScheme$1.BEARER,
3846
+ lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
3885
3847
  };
3886
- if (meta) {
3887
- stateObj.meta = meta;
3848
+ if (userAssertionHash) {
3849
+ atEntity.userAssertionHash = userAssertionHash;
3888
3850
  }
3889
- const stateString = JSON.stringify(stateObj);
3890
- return cryptoObj.base64Encode(stateString);
3851
+ if (refreshOn) {
3852
+ atEntity.refreshOn = refreshOn.toString();
3853
+ }
3854
+ /*
3855
+ * Create Access Token With Auth Scheme instead of regular access token
3856
+ * Cast to lower to handle "bearer" from ADFS
3857
+ */
3858
+ if (atEntity.tokenType?.toLowerCase() !==
3859
+ AuthenticationScheme$1.BEARER.toLowerCase()) {
3860
+ atEntity.credentialType =
3861
+ CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
3862
+ switch (atEntity.tokenType) {
3863
+ case AuthenticationScheme$1.POP:
3864
+ // Make sure keyId is present and add it to credential
3865
+ const tokenClaims = extractTokenClaims(accessToken, base64Decode);
3866
+ if (!tokenClaims?.cnf?.kid) {
3867
+ throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
3868
+ }
3869
+ atEntity.keyId = tokenClaims.cnf.kid;
3870
+ break;
3871
+ case AuthenticationScheme$1.SSH:
3872
+ atEntity.keyId = keyId;
3873
+ }
3874
+ }
3875
+ return atEntity;
3891
3876
  }
3892
3877
  /**
3893
- * Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.
3894
- * @param base64Decode
3895
- * @param state
3878
+ * Create RefreshTokenEntity
3879
+ * @param homeAccountId
3880
+ * @param authenticationResult
3881
+ * @param clientId
3882
+ * @param authority
3896
3883
  */
3897
- function parseRequestState(base64Decode, state) {
3898
- if (!base64Decode) {
3899
- throw createClientAuthError(noCryptoObject);
3884
+ function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
3885
+ const rtEntity = {
3886
+ credentialType: CredentialType.REFRESH_TOKEN,
3887
+ homeAccountId: homeAccountId,
3888
+ environment: environment,
3889
+ clientId: clientId,
3890
+ secret: refreshToken,
3891
+ lastUpdatedAt: Date.now().toString(),
3892
+ };
3893
+ if (userAssertionHash) {
3894
+ rtEntity.userAssertionHash = userAssertionHash;
3900
3895
  }
3901
- if (!state) {
3902
- throw createClientAuthError(invalidState);
3896
+ if (familyId) {
3897
+ rtEntity.familyId = familyId;
3903
3898
  }
3904
- try {
3905
- // Split the state between library state and user passed state and decode them separately
3906
- const splitState = state.split(RESOURCE_DELIM);
3907
- const libraryState = splitState[0];
3908
- const userState = splitState.length > 1
3909
- ? splitState.slice(1).join(RESOURCE_DELIM)
3910
- : "";
3911
- const libraryStateString = base64Decode(libraryState);
3912
- const libraryStateObj = JSON.parse(libraryStateString);
3913
- return {
3914
- userRequestState: userState || "",
3915
- libraryState: libraryStateObj,
3916
- };
3899
+ if (expiresOn) {
3900
+ rtEntity.expiresOn = expiresOn.toString();
3917
3901
  }
3918
- catch (e) {
3919
- throw createClientAuthError(invalidState);
3902
+ return rtEntity;
3903
+ }
3904
+ function isCredentialEntity(entity) {
3905
+ return (entity.hasOwnProperty("homeAccountId") &&
3906
+ entity.hasOwnProperty("environment") &&
3907
+ entity.hasOwnProperty("credentialType") &&
3908
+ entity.hasOwnProperty("clientId") &&
3909
+ entity.hasOwnProperty("secret"));
3910
+ }
3911
+ /**
3912
+ * Validates an entity: checks for all expected params
3913
+ * @param entity
3914
+ */
3915
+ function isAccessTokenEntity(entity) {
3916
+ if (!entity) {
3917
+ return false;
3920
3918
  }
3921
- }
3922
-
3923
- /*! @azure/msal-common v16.4.0 2026-03-19 */
3924
- /*
3925
- * Copyright (c) Microsoft Corporation. All rights reserved.
3926
- * Licensed under the MIT License.
3919
+ return (isCredentialEntity(entity) &&
3920
+ entity.hasOwnProperty("realm") &&
3921
+ entity.hasOwnProperty("target") &&
3922
+ (entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
3923
+ entity["credentialType"] ===
3924
+ CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
3925
+ }
3926
+ /**
3927
+ * Validates an entity: checks for all expected params
3928
+ * @param entity
3927
3929
  */
3930
+ function isIdTokenEntity(entity) {
3931
+ if (!entity) {
3932
+ return false;
3933
+ }
3934
+ return (isCredentialEntity(entity) &&
3935
+ entity.hasOwnProperty("realm") &&
3936
+ entity["credentialType"] === CredentialType.ID_TOKEN);
3937
+ }
3928
3938
  /**
3929
- * Utility functions for managing date and time operations.
3939
+ * Validates an entity: checks for all expected params
3940
+ * @param entity
3930
3941
  */
3942
+ function isRefreshTokenEntity(entity) {
3943
+ if (!entity) {
3944
+ return false;
3945
+ }
3946
+ return (isCredentialEntity(entity) &&
3947
+ entity["credentialType"] === CredentialType.REFRESH_TOKEN);
3948
+ }
3931
3949
  /**
3932
- * return the current time in Unix time (seconds).
3950
+ * validates if a given cache entry is "Telemetry", parses <key,value>
3951
+ * @param key
3952
+ * @param entity
3933
3953
  */
3934
- function nowSeconds() {
3935
- // Date.getTime() returns in milliseconds.
3936
- return Math.round(new Date().getTime() / 1000.0);
3954
+ function isServerTelemetryEntity(key, entity) {
3955
+ const validateKey = key.indexOf(SERVER_TELEM_CACHE_KEY) === 0;
3956
+ let validateEntity = true;
3957
+ if (entity) {
3958
+ validateEntity =
3959
+ entity.hasOwnProperty("failedRequests") &&
3960
+ entity.hasOwnProperty("errors") &&
3961
+ entity.hasOwnProperty("cacheHits");
3962
+ }
3963
+ return validateKey && validateEntity;
3937
3964
  }
3938
3965
  /**
3939
- * Converts JS Date object to seconds
3940
- * @param date Date
3966
+ * validates if a given cache entry is "Throttling", parses <key,value>
3967
+ * @param key
3968
+ * @param entity
3941
3969
  */
3942
- function toSecondsFromDate(date) {
3943
- // Convert date to seconds
3944
- return date.getTime() / 1000;
3970
+ function isThrottlingEntity(key, entity) {
3971
+ let validateKey = false;
3972
+ if (key) {
3973
+ validateKey = key.indexOf(THROTTLING_PREFIX) === 0;
3974
+ }
3975
+ let validateEntity = true;
3976
+ if (entity) {
3977
+ validateEntity = entity.hasOwnProperty("throttleTime");
3978
+ }
3979
+ return validateKey && validateEntity;
3945
3980
  }
3946
3981
  /**
3947
- * Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
3948
- * @param seconds
3982
+ * Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
3949
3983
  */
3950
- function toDateFromSeconds(seconds) {
3951
- if (seconds) {
3952
- return new Date(Number(seconds) * 1000);
3984
+ function generateAppMetadataKey({ environment, clientId, }) {
3985
+ const appMetaDataKeyArray = [
3986
+ APP_METADATA,
3987
+ environment,
3988
+ clientId,
3989
+ ];
3990
+ return appMetaDataKeyArray
3991
+ .join(CACHE_KEY_SEPARATOR$1)
3992
+ .toLowerCase();
3993
+ }
3994
+ /*
3995
+ * Validates an entity: checks for all expected params
3996
+ * @param entity
3997
+ */
3998
+ function isAppMetadataEntity(key, entity) {
3999
+ if (!entity) {
4000
+ return false;
3953
4001
  }
3954
- return new Date();
4002
+ return (key.indexOf(APP_METADATA) === 0 &&
4003
+ entity.hasOwnProperty("clientId") &&
4004
+ entity.hasOwnProperty("environment"));
3955
4005
  }
3956
4006
  /**
3957
- * check if a token is expired based on given UTC time in seconds.
3958
- * @param expiresOn
4007
+ * Validates an entity: checks for all expected params
4008
+ * @param entity
3959
4009
  */
3960
- function isTokenExpired(expiresOn, offset) {
3961
- // check for access token expiry
3962
- const expirationSec = Number(expiresOn) || 0;
3963
- const offsetCurrentTimeSec = nowSeconds() + offset;
3964
- // If current time + offset is greater than token expiration time, then token is expired.
3965
- return offsetCurrentTimeSec > expirationSec;
4010
+ function isAuthorityMetadataEntity(key, entity) {
4011
+ if (!entity) {
4012
+ return false;
4013
+ }
4014
+ return (key.indexOf(AUTHORITY_METADATA_CACHE_KEY) === 0 &&
4015
+ entity.hasOwnProperty("aliases") &&
4016
+ entity.hasOwnProperty("preferred_cache") &&
4017
+ entity.hasOwnProperty("preferred_network") &&
4018
+ entity.hasOwnProperty("canonical_authority") &&
4019
+ entity.hasOwnProperty("authorization_endpoint") &&
4020
+ entity.hasOwnProperty("token_endpoint") &&
4021
+ entity.hasOwnProperty("issuer") &&
4022
+ entity.hasOwnProperty("aliasesFromNetwork") &&
4023
+ entity.hasOwnProperty("endpointsFromNetwork") &&
4024
+ entity.hasOwnProperty("expiresAt") &&
4025
+ entity.hasOwnProperty("jwks_uri"));
3966
4026
  }
3967
4027
  /**
3968
- * Checks if a cache entry is expired based on the last updated time and cache retention days.
3969
- * @param lastUpdatedAt
3970
- * @param cacheRetentionDays
3971
- * @returns
4028
+ * Reset the exiresAt value
3972
4029
  */
3973
- function isCacheExpired(lastUpdatedAt, cacheRetentionDays) {
3974
- const cacheExpirationTimestamp = Number(lastUpdatedAt) + cacheRetentionDays * 24 * 60 * 60 * 1000;
3975
- return Date.now() > cacheExpirationTimestamp;
4030
+ function generateAuthorityMetadataExpiresAt() {
4031
+ return (nowSeconds() +
4032
+ AUTHORITY_METADATA_REFRESH_TIME_SECONDS);
4033
+ }
4034
+ function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
4035
+ authorityMetadata.authorization_endpoint =
4036
+ updatedValues.authorization_endpoint;
4037
+ authorityMetadata.token_endpoint = updatedValues.token_endpoint;
4038
+ authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
4039
+ authorityMetadata.issuer = updatedValues.issuer;
4040
+ authorityMetadata.endpointsFromNetwork = fromNetwork;
4041
+ authorityMetadata.jwks_uri = updatedValues.jwks_uri;
4042
+ }
4043
+ function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
4044
+ authorityMetadata.aliases = updatedValues.aliases;
4045
+ authorityMetadata.preferred_cache = updatedValues.preferred_cache;
4046
+ authorityMetadata.preferred_network = updatedValues.preferred_network;
4047
+ authorityMetadata.aliasesFromNetwork = fromNetwork;
3976
4048
  }
3977
4049
  /**
3978
- * If the current time is earlier than the time that a token was cached at, we must discard the token
3979
- * i.e. The system clock was turned back after acquiring the cached token
3980
- * @param cachedAt
3981
- * @param offset
4050
+ * Returns whether or not the data needs to be refreshed
3982
4051
  */
3983
- function wasClockTurnedBack(cachedAt) {
3984
- const cachedAtSec = Number(cachedAt);
3985
- return cachedAtSec > nowSeconds();
4052
+ function isAuthorityMetadataExpired(metadata) {
4053
+ return metadata.expiresAt <= nowSeconds();
3986
4054
  }
3987
4055
 
3988
- /*! @azure/msal-common v16.4.0 2026-03-19 */
4056
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
3989
4057
  /*
3990
4058
  * Copyright (c) Microsoft Corporation. All rights reserved.
3991
4059
  * Licensed under the MIT License.
@@ -4056,7 +4124,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
4056
4124
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4057
4125
  const SetUserData = "setUserData";
4058
4126
 
4059
- /*! @azure/msal-common v16.4.0 2026-03-19 */
4127
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4060
4128
  /*
4061
4129
  * Copyright (c) Microsoft Corporation. All rights reserved.
4062
4130
  * Licensed under the MIT License.
@@ -4149,7 +4217,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
4149
4217
  };
4150
4218
  };
4151
4219
 
4152
- /*! @azure/msal-common v16.4.0 2026-03-19 */
4220
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4153
4221
 
4154
4222
  /*
4155
4223
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4229,293 +4297,226 @@ class PopTokenGenerator {
4229
4297
  }
4230
4298
  }
4231
4299
 
4232
- /*! @azure/msal-common v16.4.0 2026-03-19 */
4300
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4233
4301
  /*
4234
4302
  * Copyright (c) Microsoft Corporation. All rights reserved.
4235
4303
  * Licensed under the MIT License.
4236
4304
  */
4237
4305
  /**
4238
- * This class instance helps track the memory changes facilitating
4239
- * decisions to read from and write to the persistent cache
4240
- */ class TokenCacheContext {
4241
- constructor(tokenCache, hasChanged) {
4242
- this.cache = tokenCache;
4243
- this.hasChanged = hasChanged;
4244
- }
4245
- /**
4246
- * boolean which indicates the changes in cache
4247
- */
4248
- get cacheHasChanged() {
4249
- return this.hasChanged;
4250
- }
4251
- /**
4252
- * function to retrieve the token cache
4253
- */
4254
- get tokenCache() {
4255
- return this.cache;
4256
- }
4257
- }
4258
-
4259
- /*! @azure/msal-common v16.4.0 2026-03-19 */
4260
-
4261
- /*
4262
- * Copyright (c) Microsoft Corporation. All rights reserved.
4263
- * Licensed under the MIT License.
4306
+ * MSAL-defined interaction required error code indicating no tokens are found in cache.
4307
+ * @public
4264
4308
  */
4309
+ const noTokensFound = "no_tokens_found";
4265
4310
  /**
4266
- * Create IdTokenEntity
4267
- * @param homeAccountId
4268
- * @param authenticationResult
4269
- * @param clientId
4270
- * @param authority
4311
+ * MSAL-defined error code indicating a native account is unavailable on the platform.
4312
+ * @public
4271
4313
  */
4272
- function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
4273
- const idTokenEntity = {
4274
- credentialType: CredentialType.ID_TOKEN,
4275
- homeAccountId: homeAccountId,
4276
- environment: environment,
4277
- clientId: clientId,
4278
- secret: idToken,
4279
- realm: tenantId,
4280
- lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
4281
- };
4282
- return idTokenEntity;
4283
- }
4314
+ const nativeAccountUnavailable = "native_account_unavailable";
4284
4315
  /**
4285
- * Create AccessTokenEntity
4286
- * @param homeAccountId
4287
- * @param environment
4288
- * @param accessToken
4289
- * @param clientId
4290
- * @param tenantId
4291
- * @param scopes
4292
- * @param expiresOn
4293
- * @param extExpiresOn
4316
+ * MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
4317
+ * @public
4294
4318
  */
4295
- function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId) {
4296
- const atEntity = {
4297
- homeAccountId: homeAccountId,
4298
- credentialType: CredentialType.ACCESS_TOKEN,
4299
- secret: accessToken,
4300
- cachedAt: nowSeconds().toString(),
4301
- expiresOn: expiresOn.toString(),
4302
- extendedExpiresOn: extExpiresOn.toString(),
4303
- environment: environment,
4304
- clientId: clientId,
4305
- realm: tenantId,
4306
- target: scopes,
4307
- tokenType: tokenType || AuthenticationScheme$1.BEARER,
4308
- lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
4309
- };
4310
- if (userAssertionHash) {
4311
- atEntity.userAssertionHash = userAssertionHash;
4312
- }
4313
- if (refreshOn) {
4314
- atEntity.refreshOn = refreshOn.toString();
4315
- }
4316
- /*
4317
- * Create Access Token With Auth Scheme instead of regular access token
4318
- * Cast to lower to handle "bearer" from ADFS
4319
- */
4320
- if (atEntity.tokenType?.toLowerCase() !==
4321
- AuthenticationScheme$1.BEARER.toLowerCase()) {
4322
- atEntity.credentialType =
4323
- CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
4324
- switch (atEntity.tokenType) {
4325
- case AuthenticationScheme$1.POP:
4326
- // Make sure keyId is present and add it to credential
4327
- const tokenClaims = extractTokenClaims(accessToken, base64Decode);
4328
- if (!tokenClaims?.cnf?.kid) {
4329
- throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
4330
- }
4331
- atEntity.keyId = tokenClaims.cnf.kid;
4332
- break;
4333
- case AuthenticationScheme$1.SSH:
4334
- atEntity.keyId = keyId;
4335
- }
4336
- }
4337
- return atEntity;
4338
- }
4319
+ const refreshTokenExpired = "refresh_token_expired";
4339
4320
  /**
4340
- * Create RefreshTokenEntity
4341
- * @param homeAccountId
4342
- * @param authenticationResult
4343
- * @param clientId
4344
- * @param authority
4321
+ * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
4322
+ * @public
4345
4323
  */
4346
- function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
4347
- const rtEntity = {
4348
- credentialType: CredentialType.REFRESH_TOKEN,
4349
- homeAccountId: homeAccountId,
4350
- environment: environment,
4351
- clientId: clientId,
4352
- secret: refreshToken,
4353
- lastUpdatedAt: Date.now().toString(),
4354
- };
4355
- if (userAssertionHash) {
4356
- rtEntity.userAssertionHash = userAssertionHash;
4357
- }
4358
- if (familyId) {
4359
- rtEntity.familyId = familyId;
4360
- }
4361
- if (expiresOn) {
4362
- rtEntity.expiresOn = expiresOn.toString();
4363
- }
4364
- return rtEntity;
4365
- }
4366
- function isCredentialEntity(entity) {
4367
- return (entity.hasOwnProperty("homeAccountId") &&
4368
- entity.hasOwnProperty("environment") &&
4369
- entity.hasOwnProperty("credentialType") &&
4370
- entity.hasOwnProperty("clientId") &&
4371
- entity.hasOwnProperty("secret"));
4372
- }
4324
+ const uxNotAllowed = "ux_not_allowed";
4373
4325
  /**
4374
- * Validates an entity: checks for all expected params
4375
- * @param entity
4326
+ * Server-originated error code indicating interaction is required to complete the request.
4327
+ * @public
4376
4328
  */
4377
- function isAccessTokenEntity(entity) {
4378
- if (!entity) {
4379
- return false;
4380
- }
4381
- return (isCredentialEntity(entity) &&
4382
- entity.hasOwnProperty("realm") &&
4383
- entity.hasOwnProperty("target") &&
4384
- (entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
4385
- entity["credentialType"] ===
4386
- CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
4387
- }
4329
+ const interactionRequired = "interaction_required";
4388
4330
  /**
4389
- * Validates an entity: checks for all expected params
4390
- * @param entity
4331
+ * Server-originated error code indicating user consent is required.
4332
+ * @public
4333
+ */
4334
+ const consentRequired = "consent_required";
4335
+ /**
4336
+ * Server-originated error code indicating user login is required.
4337
+ * @public
4338
+ */
4339
+ const loginRequired = "login_required";
4340
+ /**
4341
+ * Server-originated error code indicating the token is invalid or corrupted.
4342
+ * @public
4343
+ */
4344
+ const badToken = "bad_token";
4345
+ /**
4346
+ * Server-originated error code indicating the user is in an interrupted state and interaction is required.
4347
+ * @public
4348
+ */
4349
+ const interruptedUser = "interrupted_user";
4350
+
4351
+ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
4352
+ __proto__: null,
4353
+ badToken: badToken,
4354
+ consentRequired: consentRequired,
4355
+ interactionRequired: interactionRequired,
4356
+ interruptedUser: interruptedUser,
4357
+ loginRequired: loginRequired,
4358
+ nativeAccountUnavailable: nativeAccountUnavailable,
4359
+ noTokensFound: noTokensFound,
4360
+ refreshTokenExpired: refreshTokenExpired,
4361
+ uxNotAllowed: uxNotAllowed
4362
+ });
4363
+
4364
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4365
+
4366
+ /*
4367
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4368
+ * Licensed under the MIT License.
4391
4369
  */
4392
- function isIdTokenEntity(entity) {
4393
- if (!entity) {
4394
- return false;
4395
- }
4396
- return (isCredentialEntity(entity) &&
4397
- entity.hasOwnProperty("realm") &&
4398
- entity["credentialType"] === CredentialType.ID_TOKEN);
4399
- }
4400
4370
  /**
4401
- * Validates an entity: checks for all expected params
4402
- * @param entity
4371
+ * InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required
4403
4372
  */
4404
- function isRefreshTokenEntity(entity) {
4405
- if (!entity) {
4406
- return false;
4407
- }
4408
- return (isCredentialEntity(entity) &&
4409
- entity["credentialType"] === CredentialType.REFRESH_TOKEN);
4410
- }
4373
+ const InteractionRequiredServerErrorMessage = [
4374
+ interactionRequired,
4375
+ consentRequired,
4376
+ loginRequired,
4377
+ badToken,
4378
+ uxNotAllowed,
4379
+ interruptedUser,
4380
+ ];
4381
+ const InteractionRequiredAuthSubErrorMessage = [
4382
+ "message_only",
4383
+ "additional_action",
4384
+ "basic_action",
4385
+ "user_password_expired",
4386
+ "consent_required",
4387
+ "bad_token",
4388
+ "ux_not_allowed",
4389
+ "interrupted_user",
4390
+ ];
4411
4391
  /**
4412
- * validates if a given cache entry is "Telemetry", parses <key,value>
4413
- * @param key
4414
- * @param entity
4392
+ * Error thrown when user interaction is required.
4415
4393
  */
4416
- function isServerTelemetryEntity(key, entity) {
4417
- const validateKey = key.indexOf(SERVER_TELEM_CACHE_KEY) === 0;
4418
- let validateEntity = true;
4419
- if (entity) {
4420
- validateEntity =
4421
- entity.hasOwnProperty("failedRequests") &&
4422
- entity.hasOwnProperty("errors") &&
4423
- entity.hasOwnProperty("cacheHits");
4394
+ class InteractionRequiredAuthError extends AuthError {
4395
+ constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
4396
+ super(errorCode, errorMessage, subError);
4397
+ Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
4398
+ this.timestamp = timestamp || "";
4399
+ this.traceId = traceId || "";
4400
+ this.correlationId = correlationId || "";
4401
+ this.claims = claims || "";
4402
+ this.name = "InteractionRequiredAuthError";
4403
+ this.errorNo = errorNo;
4424
4404
  }
4425
- return validateKey && validateEntity;
4426
4405
  }
4427
4406
  /**
4428
- * validates if a given cache entry is "Throttling", parses <key,value>
4429
- * @param key
4430
- * @param entity
4407
+ * Helper function used to determine if an error thrown by the server requires interaction to resolve
4408
+ * @param errorCode
4409
+ * @param errorString
4410
+ * @param subError
4431
4411
  */
4432
- function isThrottlingEntity(key, entity) {
4433
- let validateKey = false;
4434
- if (key) {
4435
- validateKey = key.indexOf(THROTTLING_PREFIX) === 0;
4436
- }
4437
- let validateEntity = true;
4438
- if (entity) {
4439
- validateEntity = entity.hasOwnProperty("throttleTime");
4440
- }
4441
- return validateKey && validateEntity;
4412
+ function isInteractionRequiredError(errorCode, errorString, subError) {
4413
+ const isInteractionRequiredErrorCode = !!errorCode &&
4414
+ InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;
4415
+ const isInteractionRequiredSubError = !!subError &&
4416
+ InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
4417
+ const isInteractionRequiredErrorDesc = !!errorString &&
4418
+ InteractionRequiredServerErrorMessage.some((irErrorCode) => {
4419
+ return errorString.indexOf(irErrorCode) > -1;
4420
+ });
4421
+ return (isInteractionRequiredErrorCode ||
4422
+ isInteractionRequiredErrorDesc ||
4423
+ isInteractionRequiredSubError);
4442
4424
  }
4443
4425
  /**
4444
- * Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
4426
+ * Creates an InteractionRequiredAuthError
4445
4427
  */
4446
- function generateAppMetadataKey({ environment, clientId, }) {
4447
- const appMetaDataKeyArray = [
4448
- APP_METADATA,
4449
- environment,
4450
- clientId,
4451
- ];
4452
- return appMetaDataKeyArray
4453
- .join(CACHE_KEY_SEPARATOR$1)
4454
- .toLowerCase();
4455
- }
4428
+ function createInteractionRequiredAuthError(errorCode, errorMessage) {
4429
+ return new InteractionRequiredAuthError(errorCode, errorMessage);
4430
+ }
4431
+
4432
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4433
+
4456
4434
  /*
4457
- * Validates an entity: checks for all expected params
4458
- * @param entity
4435
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4436
+ * Licensed under the MIT License.
4459
4437
  */
4460
- function isAppMetadataEntity(key, entity) {
4461
- if (!entity) {
4462
- return false;
4463
- }
4464
- return (key.indexOf(APP_METADATA) === 0 &&
4465
- entity.hasOwnProperty("clientId") &&
4466
- entity.hasOwnProperty("environment"));
4467
- }
4468
4438
  /**
4469
- * Validates an entity: checks for all expected params
4470
- * @param entity
4439
+ * Error thrown when there is an error with the server code, for example, unavailability.
4471
4440
  */
4472
- function isAuthorityMetadataEntity(key, entity) {
4473
- if (!entity) {
4474
- return false;
4441
+ class ServerError extends AuthError {
4442
+ constructor(errorCode, errorMessage, subError, errorNo, status) {
4443
+ super(errorCode, errorMessage, subError);
4444
+ this.name = "ServerError";
4445
+ this.errorNo = errorNo;
4446
+ this.status = status;
4447
+ Object.setPrototypeOf(this, ServerError.prototype);
4475
4448
  }
4476
- return (key.indexOf(AUTHORITY_METADATA_CACHE_KEY) === 0 &&
4477
- entity.hasOwnProperty("aliases") &&
4478
- entity.hasOwnProperty("preferred_cache") &&
4479
- entity.hasOwnProperty("preferred_network") &&
4480
- entity.hasOwnProperty("canonical_authority") &&
4481
- entity.hasOwnProperty("authorization_endpoint") &&
4482
- entity.hasOwnProperty("token_endpoint") &&
4483
- entity.hasOwnProperty("issuer") &&
4484
- entity.hasOwnProperty("aliasesFromNetwork") &&
4485
- entity.hasOwnProperty("endpointsFromNetwork") &&
4486
- entity.hasOwnProperty("expiresAt") &&
4487
- entity.hasOwnProperty("jwks_uri"));
4488
- }
4449
+ }
4450
+
4451
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4452
+
4453
+ /*
4454
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4455
+ * Licensed under the MIT License.
4456
+ */
4489
4457
  /**
4490
- * Reset the exiresAt value
4458
+ * Appends user state with random guid, or returns random guid.
4459
+ * @param cryptoObj
4460
+ * @param userState
4461
+ * @param meta
4491
4462
  */
4492
- function generateAuthorityMetadataExpiresAt() {
4493
- return (nowSeconds() +
4494
- AUTHORITY_METADATA_REFRESH_TIME_SECONDS);
4495
- }
4496
- function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
4497
- authorityMetadata.authorization_endpoint =
4498
- updatedValues.authorization_endpoint;
4499
- authorityMetadata.token_endpoint = updatedValues.token_endpoint;
4500
- authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
4501
- authorityMetadata.issuer = updatedValues.issuer;
4502
- authorityMetadata.endpointsFromNetwork = fromNetwork;
4503
- authorityMetadata.jwks_uri = updatedValues.jwks_uri;
4463
+ function setRequestState(cryptoObj, userState, meta) {
4464
+ const libraryState = generateLibraryState(cryptoObj, meta);
4465
+ return userState
4466
+ ? `${libraryState}${RESOURCE_DELIM}${userState}`
4467
+ : libraryState;
4504
4468
  }
4505
- function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
4506
- authorityMetadata.aliases = updatedValues.aliases;
4507
- authorityMetadata.preferred_cache = updatedValues.preferred_cache;
4508
- authorityMetadata.preferred_network = updatedValues.preferred_network;
4509
- authorityMetadata.aliasesFromNetwork = fromNetwork;
4469
+ /**
4470
+ * Generates the state value used by the common library.
4471
+ * @param cryptoObj
4472
+ * @param meta
4473
+ */
4474
+ function generateLibraryState(cryptoObj, meta) {
4475
+ if (!cryptoObj) {
4476
+ throw createClientAuthError(noCryptoObject);
4477
+ }
4478
+ // Create a state object containing a unique id and the timestamp of the request creation
4479
+ const stateObj = {
4480
+ id: cryptoObj.createNewGuid(),
4481
+ };
4482
+ if (meta) {
4483
+ stateObj.meta = meta;
4484
+ }
4485
+ const stateString = JSON.stringify(stateObj);
4486
+ return cryptoObj.base64Encode(stateString);
4510
4487
  }
4511
4488
  /**
4512
- * Returns whether or not the data needs to be refreshed
4489
+ * Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.
4490
+ * @param base64Decode
4491
+ * @param state
4513
4492
  */
4514
- function isAuthorityMetadataExpired(metadata) {
4515
- return metadata.expiresAt <= nowSeconds();
4493
+ function parseRequestState(base64Decode, state) {
4494
+ if (!base64Decode) {
4495
+ throw createClientAuthError(noCryptoObject);
4496
+ }
4497
+ if (!state) {
4498
+ throw createClientAuthError(invalidState);
4499
+ }
4500
+ try {
4501
+ // Split the state between library state and user passed state and decode them separately
4502
+ const splitState = state.split(RESOURCE_DELIM);
4503
+ const libraryState = splitState[0];
4504
+ const userState = splitState.length > 1
4505
+ ? splitState.slice(1).join(RESOURCE_DELIM)
4506
+ : "";
4507
+ const libraryStateString = base64Decode(libraryState);
4508
+ const libraryStateObj = JSON.parse(libraryStateString);
4509
+ return {
4510
+ userRequestState: userState || "",
4511
+ libraryState: libraryStateObj,
4512
+ };
4513
+ }
4514
+ catch (e) {
4515
+ throw createClientAuthError(invalidState);
4516
+ }
4516
4517
  }
4517
4518
 
4518
- /*! @azure/msal-common v16.4.0 2026-03-19 */
4519
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4519
4520
 
4520
4521
  /*
4521
4522
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4671,7 +4672,7 @@ class ResponseHandler {
4671
4672
  if (serverTokenResponse.id_token && !!idTokenClaims) {
4672
4673
  cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || "");
4673
4674
  cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, request.correlationId, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
4674
- this.logger);
4675
+ this.logger, this.performanceClient);
4675
4676
  }
4676
4677
  // AccessToken
4677
4678
  let cachedAccessToken = null;
@@ -4822,17 +4823,24 @@ class ResponseHandler {
4822
4823
  };
4823
4824
  }
4824
4825
  }
4825
- function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
4826
+ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger, performanceClient) {
4826
4827
  logger?.verbose("09jz0t", correlationId);
4827
- // Check if base account is already cached
4828
- const accountKeys = cacheStorage.getAccountKeys();
4829
- const baseAccountKey = accountKeys.find((accountKey) => {
4830
- return accountKey.startsWith(homeAccountId);
4831
- });
4832
- let cachedAccount = null;
4833
- if (baseAccountKey) {
4834
- cachedAccount = cacheStorage.getAccount(baseAccountKey, correlationId);
4828
+ /*
4829
+ * Check if base account is already cached. Filter by homeAccountId (identifies
4830
+ * the user's home identity) and environment (identifies the cloud) the two
4831
+ * tenant-agnostic properties that uniquely locate a base AccountEntity.
4832
+ */
4833
+ const accountEnvironment = environment || authority.getPreferredCache();
4834
+ const matchedAccounts = cacheStorage.getAccountsFilteredBy({ homeAccountId, environment: accountEnvironment }, correlationId);
4835
+ performanceClient?.addFields({ cacheMatchedAccounts: matchedAccounts.length }, correlationId);
4836
+ if (matchedAccounts.length > 1) {
4837
+ /*
4838
+ * Base accounts are expected to be unique for a given homeAccountId in normal cache usage.
4839
+ * If multiple matches exist, ignore the cache hit rather than arbitrarily choosing one.
4840
+ */
4841
+ logger?.warning("0x7ad1", correlationId);
4835
4842
  }
4843
+ const cachedAccount = matchedAccounts.length === 1 ? matchedAccounts[0] : null;
4836
4844
  const baseAccount = cachedAccount ||
4837
4845
  createAccountEntity({
4838
4846
  homeAccountId,
@@ -4856,7 +4864,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
4856
4864
  return baseAccount;
4857
4865
  }
4858
4866
 
4859
- /*! @azure/msal-common v16.4.0 2026-03-19 */
4867
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4860
4868
  /*
4861
4869
  * Copyright (c) Microsoft Corporation. All rights reserved.
4862
4870
  * Licensed under the MIT License.
@@ -4866,7 +4874,7 @@ const CcsCredentialType = {
4866
4874
  UPN: "UPN",
4867
4875
  };
4868
4876
 
4869
- /*! @azure/msal-common v16.4.0 2026-03-19 */
4877
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4870
4878
  /*
4871
4879
  * Copyright (c) Microsoft Corporation. All rights reserved.
4872
4880
  * Licensed under the MIT License.
@@ -4884,7 +4892,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
4884
4892
  }
4885
4893
  }
4886
4894
 
4887
- /*! @azure/msal-common v16.4.0 2026-03-19 */
4895
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4888
4896
  /*
4889
4897
  * Copyright (c) Microsoft Corporation. All rights reserved.
4890
4898
  * Licensed under the MIT License.
@@ -4905,7 +4913,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
4905
4913
  };
4906
4914
  }
4907
4915
 
4908
- /*! @azure/msal-common v16.4.0 2026-03-19 */
4916
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4909
4917
 
4910
4918
  /*
4911
4919
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4991,7 +4999,7 @@ class ThrottlingUtils {
4991
4999
  }
4992
5000
  }
4993
5001
 
4994
- /*! @azure/msal-common v16.4.0 2026-03-19 */
5002
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
4995
5003
 
4996
5004
  /*
4997
5005
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5022,7 +5030,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
5022
5030
  return new NetworkError(error, httpStatus, responseHeaders);
5023
5031
  }
5024
5032
 
5025
- /*! @azure/msal-common v16.4.0 2026-03-19 */
5033
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
5026
5034
 
5027
5035
  /*
5028
5036
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5136,7 +5144,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
5136
5144
  return response;
5137
5145
  }
5138
5146
 
5139
- /*! @azure/msal-common v16.4.0 2026-03-19 */
5147
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
5140
5148
  /*
5141
5149
  * Copyright (c) Microsoft Corporation. All rights reserved.
5142
5150
  * Licensed under the MIT License.
@@ -5148,7 +5156,7 @@ function isOpenIdConfigResponse(response) {
5148
5156
  response.hasOwnProperty("jwks_uri"));
5149
5157
  }
5150
5158
 
5151
- /*! @azure/msal-common v16.4.0 2026-03-19 */
5159
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
5152
5160
  /*
5153
5161
  * Copyright (c) Microsoft Corporation. All rights reserved.
5154
5162
  * Licensed under the MIT License.
@@ -5158,7 +5166,7 @@ function isCloudInstanceDiscoveryResponse(response) {
5158
5166
  response.hasOwnProperty("metadata"));
5159
5167
  }
5160
5168
 
5161
- /*! @azure/msal-common v16.4.0 2026-03-19 */
5169
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
5162
5170
  /*
5163
5171
  * Copyright (c) Microsoft Corporation. All rights reserved.
5164
5172
  * Licensed under the MIT License.
@@ -5168,7 +5176,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
5168
5176
  response.hasOwnProperty("error_description"));
5169
5177
  }
5170
5178
 
5171
- /*! @azure/msal-common v16.4.0 2026-03-19 */
5179
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
5172
5180
 
5173
5181
  /*
5174
5182
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5273,7 +5281,7 @@ RegionDiscovery.IMDS_OPTIONS = {
5273
5281
  },
5274
5282
  };
5275
5283
 
5276
- /*! @azure/msal-common v16.4.0 2026-03-19 */
5284
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
5277
5285
 
5278
5286
  /*
5279
5287
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6093,7 +6101,7 @@ function buildStaticAuthorityOptions(authOptions) {
6093
6101
  };
6094
6102
  }
6095
6103
 
6096
- /*! @azure/msal-common v16.4.0 2026-03-19 */
6104
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
6097
6105
 
6098
6106
  /*
6099
6107
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6127,7 +6135,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
6127
6135
  }
6128
6136
  }
6129
6137
 
6130
- /*! @azure/msal-common v16.4.0 2026-03-19 */
6138
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
6131
6139
 
6132
6140
  /*
6133
6141
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6388,7 +6396,7 @@ class AuthorizationCodeClient {
6388
6396
  }
6389
6397
  }
6390
6398
 
6391
- /*! @azure/msal-common v16.4.0 2026-03-19 */
6399
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
6392
6400
 
6393
6401
  /*
6394
6402
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6613,7 +6621,7 @@ class RefreshTokenClient {
6613
6621
  }
6614
6622
  }
6615
6623
 
6616
- /*! @azure/msal-common v16.4.0 2026-03-19 */
6624
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
6617
6625
 
6618
6626
  /*
6619
6627
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6729,7 +6737,7 @@ class SilentFlowClient {
6729
6737
  }
6730
6738
  }
6731
6739
 
6732
- /*! @azure/msal-common v16.4.0 2026-03-19 */
6740
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
6733
6741
 
6734
6742
  /*
6735
6743
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6744,7 +6752,7 @@ const StubbedNetworkModule = {
6744
6752
  },
6745
6753
  };
6746
6754
 
6747
- /*! @azure/msal-common v16.4.0 2026-03-19 */
6755
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
6748
6756
 
6749
6757
  /*
6750
6758
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6971,7 +6979,7 @@ function extractLoginHint(account) {
6971
6979
  return account.loginHint || account.idTokenClaims?.login_hint || null;
6972
6980
  }
6973
6981
 
6974
- /*! @azure/msal-common v16.4.0 2026-03-19 */
6982
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
6975
6983
 
6976
6984
  /*
6977
6985
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7004,7 +7012,7 @@ function containsResourceParam(params) {
7004
7012
  return Object.prototype.hasOwnProperty.call(params, "resource");
7005
7013
  }
7006
7014
 
7007
- /*! @azure/msal-common v16.4.0 2026-03-19 */
7015
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
7008
7016
 
7009
7017
  /*
7010
7018
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7062,7 +7070,7 @@ class AuthenticationHeaderParser {
7062
7070
  }
7063
7071
  }
7064
7072
 
7065
- /*! @azure/msal-common v16.4.0 2026-03-19 */
7073
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
7066
7074
  /*
7067
7075
  * Copyright (c) Microsoft Corporation. All rights reserved.
7068
7076
  * Licensed under the MIT License.
@@ -7079,7 +7087,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
7079
7087
  unexpectedError: unexpectedError
7080
7088
  });
7081
7089
 
7082
- /*! @azure/msal-common v16.4.0 2026-03-19 */
7090
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
7083
7091
 
7084
7092
  /*
7085
7093
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7340,7 +7348,7 @@ class ServerTelemetryManager {
7340
7348
  }
7341
7349
  }
7342
7350
 
7343
- /*! @azure/msal-common v16.4.0 2026-03-19 */
7351
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
7344
7352
 
7345
7353
  /*
7346
7354
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7361,7 +7369,7 @@ function createJoseHeaderError(code) {
7361
7369
  return new JoseHeaderError(code);
7362
7370
  }
7363
7371
 
7364
- /*! @azure/msal-common v16.4.0 2026-03-19 */
7372
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
7365
7373
  /*
7366
7374
  * Copyright (c) Microsoft Corporation. All rights reserved.
7367
7375
  * Licensed under the MIT License.
@@ -7369,7 +7377,7 @@ function createJoseHeaderError(code) {
7369
7377
  const missingKidError = "missing_kid_error";
7370
7378
  const missingAlgError = "missing_alg_error";
7371
7379
 
7372
- /*! @azure/msal-common v16.4.0 2026-03-19 */
7380
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
7373
7381
 
7374
7382
  /*
7375
7383
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7409,7 +7417,7 @@ class JoseHeader {
7409
7417
  }
7410
7418
  }
7411
7419
 
7412
- /*! @azure/msal-common v16.4.0 2026-03-19 */
7420
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
7413
7421
 
7414
7422
  /*
7415
7423
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7939,6 +7947,136 @@ class PerformanceClient {
7939
7947
  }
7940
7948
  }
7941
7949
 
7950
+ /*
7951
+ * Copyright (c) Microsoft Corporation. All rights reserved.
7952
+ * Licensed under the MIT License.
7953
+ */
7954
+ /**
7955
+ * acquireTokenFromCache (msal-browser).
7956
+ * Internal API for acquiring token from cache
7957
+ */
7958
+ const AcquireTokenFromCache = "acquireTokenFromCache";
7959
+ /**
7960
+ * acquireTokenByRefreshToken API (msal-browser and msal-node).
7961
+ * Used to renew an access token using a refresh token against the token endpoint.
7962
+ */
7963
+ const AcquireTokenByRefreshToken = "acquireTokenByRefreshToken";
7964
+ /**
7965
+ * acquireTokenSilentAsync (msal-browser).
7966
+ * Internal API for acquireTokenSilent.
7967
+ */
7968
+ const AcquireTokenSilentAsync = "acquireTokenSilentAsync";
7969
+ /**
7970
+ * getPublicKeyThumbprint API in CryptoOpts class (msal-browser).
7971
+ * Used to generate a public/private keypair and generate a public key thumbprint for pop requests.
7972
+ */
7973
+ const CryptoOptsGetPublicKeyThumbprint = "cryptoOptsGetPublicKeyThumbprint";
7974
+ /**
7975
+ * signJwt API in CryptoOpts class (msal-browser).
7976
+ * Used to signed a pop token.
7977
+ */
7978
+ const CryptoOptsSignJwt = "cryptoOptsSignJwt";
7979
+ /**
7980
+ * acquireToken API in the SilentCacheClient class (msal-browser).
7981
+ * Used to read access tokens from the cache.
7982
+ */
7983
+ const SilentCacheClientAcquireToken = "silentCacheClientAcquireToken";
7984
+ /**
7985
+ * acquireToken API in the SilentIframeClient class (msal-browser).
7986
+ * Used to acquire a new set of tokens from the authorize endpoint in a hidden iframe.
7987
+ */
7988
+ const SilentIframeClientAcquireToken = "silentIframeClientAcquireToken";
7989
+ const AwaitConcurrentIframe = "awaitConcurrentIframe"; // Time spent waiting for a concurrent iframe to complete
7990
+ /**
7991
+ * acquireToken API in SilentRereshClient (msal-browser).
7992
+ * Used to acquire a new set of tokens from the token endpoint using a refresh token.
7993
+ */
7994
+ const SilentRefreshClientAcquireToken = "silentRefreshClientAcquireToken";
7995
+ /**
7996
+ * getDiscoveredAuthority API in StandardInteractionClient class (msal-browser).
7997
+ * Used to load authority metadata for a request.
7998
+ */
7999
+ const StandardInteractionClientGetDiscoveredAuthority = "standardInteractionClientGetDiscoveredAuthority";
8000
+ /**
8001
+ * acquireToken API in NativeInteractionClient class (msal-browser).
8002
+ * Used to acquire a token from Native component when native brokering is enabled.
8003
+ */
8004
+ const NativeInteractionClientAcquireToken = "nativeInteractionClientAcquireToken";
8005
+ /**
8006
+ * acquireTokenByRefreshToken API in RefreshTokenClient (msal-common).
8007
+ */
8008
+ const RefreshTokenClientAcquireTokenByRefreshToken = "refreshTokenClientAcquireTokenByRefreshToken";
8009
+ /**
8010
+ * acquireTokenBySilentIframe (msal-browser).
8011
+ * Internal API for acquiring token by silent Iframe
8012
+ */
8013
+ const AcquireTokenBySilentIframe = "acquireTokenBySilentIframe";
8014
+ /**
8015
+ * Internal API for initializing base request in BaseInteractionClient (msal-browser)
8016
+ */
8017
+ const InitializeBaseRequest = "initializeBaseRequest";
8018
+ /**
8019
+ * Internal API for initializing silent request in SilentCacheClient (msal-browser)
8020
+ */
8021
+ const InitializeSilentRequest = "initializeSilentRequest";
8022
+ const InitializeCache = "initializeCache";
8023
+ /**
8024
+ * Helper function in SilentIframeClient class (msal-browser).
8025
+ */
8026
+ const SilentIframeClientTokenHelper = "silentIframeClientTokenHelper";
8027
+ /**
8028
+ * SilentHandler
8029
+ */
8030
+ const SilentHandlerInitiateAuthRequest = "silentHandlerInitiateAuthRequest";
8031
+ const SilentHandlerMonitorIframeForHash = "silentHandlerMonitorIframeForHash";
8032
+ const SilentHandlerLoadFrameSync = "silentHandlerLoadFrameSync";
8033
+ /**
8034
+ * Helper functions in StandardInteractionClient class (msal-browser)
8035
+ */
8036
+ const StandardInteractionClientCreateAuthCodeClient = "standardInteractionClientCreateAuthCodeClient";
8037
+ const StandardInteractionClientGetClientConfiguration = "standardInteractionClientGetClientConfiguration";
8038
+ const StandardInteractionClientInitializeAuthorizationRequest = "standardInteractionClientInitializeAuthorizationRequest";
8039
+ const SilentFlowClientAcquireCachedToken = "silentFlowClientAcquireCachedToken";
8040
+ const GetStandardParams = "getStandardParams";
8041
+ const HandleCodeResponse = "handleCodeResponse";
8042
+ const HandleResponseEar = "handleResponseEar";
8043
+ const HandleResponsePlatformBroker = "handleResponsePlatformBroker";
8044
+ const HandleResponseCode = "handleResponseCode";
8045
+ const AuthClientAcquireToken = "authClientAcquireToken";
8046
+ const DeserializeResponse = "deserializeResponse";
8047
+ const AuthorityFactoryCreateDiscoveredInstance = "authorityFactoryCreateDiscoveredInstance";
8048
+ const AcquireTokenByCodeAsync = "acquireTokenByCodeAsync";
8049
+ const HandleRedirectPromiseMeasurement = "handleRedirectPromise";
8050
+ const HandleNativeRedirectPromiseMeasurement = "handleNativeRedirectPromise";
8051
+ const NativeMessageHandlerHandshake = "nativeMessageHandlerHandshake";
8052
+ const RemoveHiddenIframe = "removeHiddenIframe";
8053
+ const ImportExistingCache = "importExistingCache";
8054
+ /**
8055
+ * Crypto Operations
8056
+ */
8057
+ const GeneratePkceCodes = "generatePkceCodes";
8058
+ const GenerateCodeVerifier = "generateCodeVerifier";
8059
+ const GenerateCodeChallengeFromVerifier = "generateCodeChallengeFromVerifier";
8060
+ const Sha256Digest = "sha256Digest";
8061
+ const GetRandomValues = "getRandomValues";
8062
+ const GenerateHKDF = "generateHKDF";
8063
+ const GenerateBaseKey = "generateBaseKey";
8064
+ const Base64Decode = "base64Decode";
8065
+ const UrlEncodeArr = "urlEncodeArr";
8066
+ const Encrypt = "encrypt";
8067
+ const Decrypt = "decrypt";
8068
+ const GenerateEarKey = "generateEarKey";
8069
+ const DecryptEarResponse = "decryptEarResponse";
8070
+ const LoadAccount = "loadAccount";
8071
+ const LoadIdToken = "loadIdToken";
8072
+ const LoadAccessToken = "loadAccessToken";
8073
+ const LoadRefreshToken = "loadRefreshToken";
8074
+ /**
8075
+ * Background telemetry measurement that tracks whether a late bridge response
8076
+ * arrives after the iframe timeout has already fired.
8077
+ */
8078
+ const WaitForBridgeLateResponse = "waitForBridgeLateResponse";
8079
+
7942
8080
  /*
7943
8081
  * Copyright (c) Microsoft Corporation. All rights reserved.
7944
8082
  * Licensed under the MIT License.
@@ -8845,20 +8983,35 @@ function cancelPendingBridgeResponse(logger, correlationId) {
8845
8983
  activeBridgeMonitor = null;
8846
8984
  }
8847
8985
  }
8848
- async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient) {
8986
+ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient, experimentalConfig) {
8849
8987
  return new Promise((resolve, reject) => {
8850
8988
  logger.verbose("1rf6em", request.correlationId);
8851
8989
  const correlationId = request.correlationId;
8852
8990
  performanceClient.addFields({
8853
8991
  redirectBridgeTimeoutMs: timeoutMs,
8992
+ lateResponseExperimentEnabled: experimentalConfig?.iframeTimeoutTelemetry || false,
8854
8993
  }, correlationId);
8855
8994
  const { libraryState } = parseRequestState(browserCrypto.base64Decode, request.state || "");
8856
8995
  const channel = new BroadcastChannel(libraryState.id);
8857
8996
  let responseString = undefined;
8997
+ let timedOut$1 = false;
8998
+ let lateTimeoutId;
8999
+ let lateMeasurement;
8858
9000
  const timeoutId = window.setTimeout(() => {
8859
9001
  // Clear the active monitor
8860
9002
  activeBridgeMonitor = null;
8861
- channel.close();
9003
+ if (experimentalConfig?.iframeTimeoutTelemetry) {
9004
+ lateMeasurement = performanceClient.startMeasurement(WaitForBridgeLateResponse, correlationId);
9005
+ timedOut$1 = true;
9006
+ lateTimeoutId = window.setTimeout(() => {
9007
+ lateMeasurement?.end({ success: false });
9008
+ clearTimeout(lateTimeoutId);
9009
+ channel.close();
9010
+ }, 60000); // 60s late response timeout to allow for telemetry of late responses
9011
+ }
9012
+ else {
9013
+ channel.close();
9014
+ }
8862
9015
  reject(createBrowserAuthError(timedOut, "redirect_bridge_timeout"));
8863
9016
  }, timeoutMs);
8864
9017
  // Track this monitor so it can be cancelled if needed
@@ -8872,6 +9025,14 @@ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request,
8872
9025
  const messageVersion = event?.data && typeof event.data.v === "number"
8873
9026
  ? event.data.v
8874
9027
  : undefined;
9028
+ if (timedOut$1) {
9029
+ lateMeasurement?.end({
9030
+ success: responseString ? true : false,
9031
+ });
9032
+ clearTimeout(lateTimeoutId);
9033
+ channel.close();
9034
+ return;
9035
+ }
8875
9036
  performanceClient.addFields({
8876
9037
  redirectBridgeMessageVersion: messageVersion,
8877
9038
  }, correlationId);
@@ -9034,130 +9195,6 @@ var BrowserUtils = /*#__PURE__*/Object.freeze({
9034
9195
  waitForBridgeResponse: waitForBridgeResponse
9035
9196
  });
9036
9197
 
9037
- /*
9038
- * Copyright (c) Microsoft Corporation. All rights reserved.
9039
- * Licensed under the MIT License.
9040
- */
9041
- /**
9042
- * acquireTokenFromCache (msal-browser).
9043
- * Internal API for acquiring token from cache
9044
- */
9045
- const AcquireTokenFromCache = "acquireTokenFromCache";
9046
- /**
9047
- * acquireTokenByRefreshToken API (msal-browser and msal-node).
9048
- * Used to renew an access token using a refresh token against the token endpoint.
9049
- */
9050
- const AcquireTokenByRefreshToken = "acquireTokenByRefreshToken";
9051
- /**
9052
- * acquireTokenSilentAsync (msal-browser).
9053
- * Internal API for acquireTokenSilent.
9054
- */
9055
- const AcquireTokenSilentAsync = "acquireTokenSilentAsync";
9056
- /**
9057
- * getPublicKeyThumbprint API in CryptoOpts class (msal-browser).
9058
- * Used to generate a public/private keypair and generate a public key thumbprint for pop requests.
9059
- */
9060
- const CryptoOptsGetPublicKeyThumbprint = "cryptoOptsGetPublicKeyThumbprint";
9061
- /**
9062
- * signJwt API in CryptoOpts class (msal-browser).
9063
- * Used to signed a pop token.
9064
- */
9065
- const CryptoOptsSignJwt = "cryptoOptsSignJwt";
9066
- /**
9067
- * acquireToken API in the SilentCacheClient class (msal-browser).
9068
- * Used to read access tokens from the cache.
9069
- */
9070
- const SilentCacheClientAcquireToken = "silentCacheClientAcquireToken";
9071
- /**
9072
- * acquireToken API in the SilentIframeClient class (msal-browser).
9073
- * Used to acquire a new set of tokens from the authorize endpoint in a hidden iframe.
9074
- */
9075
- const SilentIframeClientAcquireToken = "silentIframeClientAcquireToken";
9076
- const AwaitConcurrentIframe = "awaitConcurrentIframe"; // Time spent waiting for a concurrent iframe to complete
9077
- /**
9078
- * acquireToken API in SilentRereshClient (msal-browser).
9079
- * Used to acquire a new set of tokens from the token endpoint using a refresh token.
9080
- */
9081
- const SilentRefreshClientAcquireToken = "silentRefreshClientAcquireToken";
9082
- /**
9083
- * getDiscoveredAuthority API in StandardInteractionClient class (msal-browser).
9084
- * Used to load authority metadata for a request.
9085
- */
9086
- const StandardInteractionClientGetDiscoveredAuthority = "standardInteractionClientGetDiscoveredAuthority";
9087
- /**
9088
- * acquireToken API in NativeInteractionClient class (msal-browser).
9089
- * Used to acquire a token from Native component when native brokering is enabled.
9090
- */
9091
- const NativeInteractionClientAcquireToken = "nativeInteractionClientAcquireToken";
9092
- /**
9093
- * acquireTokenByRefreshToken API in RefreshTokenClient (msal-common).
9094
- */
9095
- const RefreshTokenClientAcquireTokenByRefreshToken = "refreshTokenClientAcquireTokenByRefreshToken";
9096
- /**
9097
- * acquireTokenBySilentIframe (msal-browser).
9098
- * Internal API for acquiring token by silent Iframe
9099
- */
9100
- const AcquireTokenBySilentIframe = "acquireTokenBySilentIframe";
9101
- /**
9102
- * Internal API for initializing base request in BaseInteractionClient (msal-browser)
9103
- */
9104
- const InitializeBaseRequest = "initializeBaseRequest";
9105
- /**
9106
- * Internal API for initializing silent request in SilentCacheClient (msal-browser)
9107
- */
9108
- const InitializeSilentRequest = "initializeSilentRequest";
9109
- const InitializeCache = "initializeCache";
9110
- /**
9111
- * Helper function in SilentIframeClient class (msal-browser).
9112
- */
9113
- const SilentIframeClientTokenHelper = "silentIframeClientTokenHelper";
9114
- /**
9115
- * SilentHandler
9116
- */
9117
- const SilentHandlerInitiateAuthRequest = "silentHandlerInitiateAuthRequest";
9118
- const SilentHandlerMonitorIframeForHash = "silentHandlerMonitorIframeForHash";
9119
- const SilentHandlerLoadFrameSync = "silentHandlerLoadFrameSync";
9120
- /**
9121
- * Helper functions in StandardInteractionClient class (msal-browser)
9122
- */
9123
- const StandardInteractionClientCreateAuthCodeClient = "standardInteractionClientCreateAuthCodeClient";
9124
- const StandardInteractionClientGetClientConfiguration = "standardInteractionClientGetClientConfiguration";
9125
- const StandardInteractionClientInitializeAuthorizationRequest = "standardInteractionClientInitializeAuthorizationRequest";
9126
- const SilentFlowClientAcquireCachedToken = "silentFlowClientAcquireCachedToken";
9127
- const GetStandardParams = "getStandardParams";
9128
- const HandleCodeResponse = "handleCodeResponse";
9129
- const HandleResponseEar = "handleResponseEar";
9130
- const HandleResponsePlatformBroker = "handleResponsePlatformBroker";
9131
- const HandleResponseCode = "handleResponseCode";
9132
- const AuthClientAcquireToken = "authClientAcquireToken";
9133
- const DeserializeResponse = "deserializeResponse";
9134
- const AuthorityFactoryCreateDiscoveredInstance = "authorityFactoryCreateDiscoveredInstance";
9135
- const AcquireTokenByCodeAsync = "acquireTokenByCodeAsync";
9136
- const HandleRedirectPromiseMeasurement = "handleRedirectPromise";
9137
- const HandleNativeRedirectPromiseMeasurement = "handleNativeRedirectPromise";
9138
- const NativeMessageHandlerHandshake = "nativeMessageHandlerHandshake";
9139
- const ImportExistingCache = "importExistingCache";
9140
- /**
9141
- * Crypto Operations
9142
- */
9143
- const GeneratePkceCodes = "generatePkceCodes";
9144
- const GenerateCodeVerifier = "generateCodeVerifier";
9145
- const GenerateCodeChallengeFromVerifier = "generateCodeChallengeFromVerifier";
9146
- const Sha256Digest = "sha256Digest";
9147
- const GetRandomValues = "getRandomValues";
9148
- const GenerateHKDF = "generateHKDF";
9149
- const GenerateBaseKey = "generateBaseKey";
9150
- const Base64Decode = "base64Decode";
9151
- const UrlEncodeArr = "urlEncodeArr";
9152
- const Encrypt = "encrypt";
9153
- const Decrypt = "decrypt";
9154
- const GenerateEarKey = "generateEarKey";
9155
- const DecryptEarResponse = "decryptEarResponse";
9156
- const LoadAccount = "loadAccount";
9157
- const LoadIdToken = "loadIdToken";
9158
- const LoadAccessToken = "loadAccessToken";
9159
- const LoadRefreshToken = "loadRefreshToken";
9160
-
9161
9198
  /*
9162
9199
  * Copyright (c) Microsoft Corporation. All rights reserved.
9163
9200
  * Licensed under the MIT License.
@@ -10294,7 +10331,7 @@ const EventType = {
10294
10331
 
10295
10332
  /* eslint-disable header/header */
10296
10333
  const name = "@azure/msal-browser";
10297
- const version = "5.6.1";
10334
+ const version = "5.6.3";
10298
10335
 
10299
10336
  /*
10300
10337
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -12758,9 +12795,9 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
12758
12795
  }
12759
12796
  // Get the preferred_cache domain for the given authority
12760
12797
  const authority = await getDiscoveredAuthority(this.config, this.correlationId, this.performanceClient, this.browserStorage, this.logger, request.authority);
12761
- const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info, undefined, // environment
12798
+ const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info, authority.getPreferredCache(), // environment
12762
12799
  idTokenClaims.tid, undefined, // auth code payload
12763
- response.account.id);
12800
+ response.account.id, this.logger, this.performanceClient);
12764
12801
  // Ensure expires_in is in number format
12765
12802
  response.expires_in = Number(response.expires_in);
12766
12803
  // generate authenticationResult
@@ -13645,7 +13682,7 @@ const DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS = 2000;
13645
13682
  *
13646
13683
  * @returns Configuration object
13647
13684
  */
13648
- function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system: userInputSystem, telemetry: userInputTelemetry, }, isBrowserEnvironment) {
13685
+ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system: userInputSystem, experimental: userInputExperimental, telemetry: userInputTelemetry, }, isBrowserEnvironment) {
13649
13686
  // Default auth options for browser
13650
13687
  const DEFAULT_AUTH_OPTIONS = {
13651
13688
  clientId: "",
@@ -13717,6 +13754,9 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
13717
13754
  },
13718
13755
  client: new StubPerformanceClient(),
13719
13756
  };
13757
+ const DEFAULT_EXPERIMENTAL_OPTIONS = {
13758
+ iframeTimeoutTelemetry: false,
13759
+ };
13720
13760
  // Throw an error if user has set OIDCOptions without being in OIDC protocol mode
13721
13761
  if (userInputSystem?.protocolMode !== ProtocolMode.OIDC &&
13722
13762
  userInputAuth?.OIDCOptions) {
@@ -13740,6 +13780,10 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
13740
13780
  },
13741
13781
  cache: { ...DEFAULT_CACHE_OPTIONS, ...userInputCache },
13742
13782
  system: providedSystemOptions,
13783
+ experimental: {
13784
+ ...DEFAULT_EXPERIMENTAL_OPTIONS,
13785
+ ...userInputExperimental,
13786
+ },
13743
13787
  telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...userInputTelemetry },
13744
13788
  };
13745
13789
  return overlayedConfig;
@@ -15156,6 +15200,16 @@ function createHiddenIframe() {
15156
15200
  authFrame.setAttribute("allow", "local-network-access *");
15157
15201
  document.body.appendChild(authFrame);
15158
15202
  return authFrame;
15203
+ }
15204
+ /**
15205
+ * @hidden
15206
+ * Removes a hidden iframe from `document.body` if it is a direct child.
15207
+ * @param iframe - The iframe element to remove.
15208
+ */
15209
+ function removeHiddenIframe(iframe) {
15210
+ if (document.body === iframe.parentNode) {
15211
+ document.body.removeChild(iframe);
15212
+ }
15159
15213
  }
15160
15214
 
15161
15215
  /*
@@ -15251,9 +15305,15 @@ class SilentIframeClient extends StandardInteractionClient {
15251
15305
  earJwk: earJwk,
15252
15306
  codeChallenge: pkceCodes.challenge,
15253
15307
  };
15254
- await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
15308
+ const iframe = await invokeAsync(initiateEarRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, discoveredAuthority, silentRequest, this.logger, this.performanceClient);
15255
15309
  const responseType = this.config.auth.OIDCOptions.responseMode;
15256
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
15310
+ let responseString;
15311
+ try {
15312
+ responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
15313
+ }
15314
+ finally {
15315
+ invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
15316
+ }
15257
15317
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
15258
15318
  if (!serverParams.ear_jwe && serverParams.code) {
15259
15319
  // If server doesn't support EAR, they may fallback to auth code flow instead
@@ -15291,18 +15351,25 @@ class SilentIframeClient extends StandardInteractionClient {
15291
15351
  ...request,
15292
15352
  codeChallenge: pkceCodes.challenge,
15293
15353
  };
15354
+ let iframe;
15294
15355
  if (request.httpMethod === HttpMethod.POST) {
15295
- await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
15356
+ iframe = await invokeAsync(initiateCodeFlowWithPost, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
15296
15357
  }
15297
15358
  else {
15298
15359
  // Create authorize request url
15299
15360
  const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, silentRequest, this.logger, this.performanceClient);
15300
15361
  // Get the frame handle for the silent request
15301
- await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId);
15362
+ iframe = await invokeAsync(initiateCodeRequest, SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId);
15302
15363
  }
15303
15364
  const responseType = this.config.auth.OIDCOptions.responseMode;
15304
15365
  // Wait for response from the redirect bridge.
15305
- const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
15366
+ let responseString;
15367
+ try {
15368
+ responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
15369
+ }
15370
+ finally {
15371
+ invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
15372
+ }
15306
15373
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
15307
15374
  return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
15308
15375
  }
@@ -15558,22 +15625,32 @@ class StandardController {
15558
15625
  this.nativeInternalStorage = new BrowserCacheManager(this.config.auth.clientId, nativeCacheOptions, this.browserCrypto, this.logger, this.performanceClient, this.eventHandler);
15559
15626
  this.activeSilentTokenRequests = new Map();
15560
15627
  // Register listener functions
15561
- this.trackPageVisibility = this.trackPageVisibility.bind(this);
15628
+ this.trackStateChange = this.trackStateChange.bind(this);
15562
15629
  // Register listener functions
15563
- this.trackPageVisibilityWithMeasurement =
15564
- this.trackPageVisibilityWithMeasurement.bind(this);
15630
+ this.trackStateChangeWithMeasurement =
15631
+ this.trackStateChangeWithMeasurement.bind(this);
15565
15632
  }
15566
15633
  static async createController(operatingContext, request) {
15567
15634
  const controller = new StandardController(operatingContext);
15568
15635
  await controller.initialize(request);
15569
15636
  return controller;
15570
15637
  }
15571
- trackPageVisibility(correlationId) {
15638
+ trackStateChange(correlationId, event) {
15572
15639
  if (!correlationId) {
15573
15640
  return;
15574
15641
  }
15575
- this.logger.info("16v6hv", correlationId);
15576
- this.performanceClient.incrementFields({ visibilityChangeCount: 1 }, correlationId);
15642
+ if (event.type === "visibilitychange") {
15643
+ this.logger.info("16v6hv", correlationId);
15644
+ this.performanceClient.incrementFields({ visibilityChangeCount: 1 }, correlationId);
15645
+ }
15646
+ else if (event.type === "online") {
15647
+ this.logger.info("0zirfd", correlationId);
15648
+ this.performanceClient.incrementFields({ onlineStatusChangeCount: 1 }, correlationId);
15649
+ }
15650
+ else if (event.type === "offline") {
15651
+ this.logger.info("1xk9ef", correlationId);
15652
+ this.performanceClient.incrementFields({ onlineStatusChangeCount: 1 }, correlationId);
15653
+ }
15577
15654
  }
15578
15655
  /**
15579
15656
  * Initializer function to perform async startup tasks such as connecting to WAM extension
@@ -15915,15 +15992,40 @@ class StandardController {
15915
15992
  }
15916
15993
  });
15917
15994
  }
15918
- trackPageVisibilityWithMeasurement() {
15995
+ trackStateChangeWithMeasurement(event) {
15919
15996
  const measurement = this.ssoSilentMeasurement ||
15920
15997
  this.acquireTokenByCodeAsyncMeasurement;
15921
15998
  if (!measurement) {
15922
15999
  return;
15923
16000
  }
15924
- measurement.increment({
15925
- visibilityChangeCount: 1,
15926
- });
16001
+ if (event.type === "visibilitychange") {
16002
+ this.logger.info("0yzimq", measurement.event.correlationId);
16003
+ measurement.increment({
16004
+ visibilityChangeCount: 1,
16005
+ });
16006
+ }
16007
+ else if (event.type === "online") {
16008
+ this.logger.info("1caf53", measurement.event.correlationId);
16009
+ measurement.increment({
16010
+ onlineStatusChangeCount: 1,
16011
+ });
16012
+ }
16013
+ else if (event.type === "offline") {
16014
+ this.logger.info("0fdyk7", measurement.event.correlationId);
16015
+ measurement.increment({
16016
+ onlineStatusChangeCount: 1,
16017
+ });
16018
+ }
16019
+ }
16020
+ addStateChangeListeners(listener) {
16021
+ document.addEventListener("visibilitychange", listener);
16022
+ window.addEventListener("online", listener);
16023
+ window.addEventListener("offline", listener);
16024
+ }
16025
+ removeStateChangeListeners(listener) {
16026
+ document.removeEventListener("visibilitychange", listener);
16027
+ window.removeEventListener("online", listener);
16028
+ window.removeEventListener("offline", listener);
15927
16029
  }
15928
16030
  // #endregion
15929
16031
  // #region Silent Flow
@@ -15957,8 +16059,9 @@ class StandardController {
15957
16059
  preflightCheck(this.initialized, this.ssoSilentMeasurement, this.config, validRequest);
15958
16060
  this.ssoSilentMeasurement?.increment({
15959
16061
  visibilityChangeCount: 0,
16062
+ onlineStatusChangeCount: 0,
15960
16063
  });
15961
- document.addEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
16064
+ this.addStateChangeListeners(this.trackStateChangeWithMeasurement);
15962
16065
  const loggedInAccounts = this.getAllAccounts();
15963
16066
  this.logger.verbose("0w1b45", correlationId);
15964
16067
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Silent, validRequest);
@@ -16001,7 +16104,7 @@ class StandardController {
16001
16104
  throw e;
16002
16105
  })
16003
16106
  .finally(() => {
16004
- document.removeEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
16107
+ this.removeStateChangeListeners(this.trackStateChangeWithMeasurement);
16005
16108
  });
16006
16109
  }
16007
16110
  /**
@@ -16108,8 +16211,9 @@ class StandardController {
16108
16211
  this.performanceClient.startMeasurement(AcquireTokenByCodeAsync, correlationId);
16109
16212
  this.acquireTokenByCodeAsyncMeasurement?.increment({
16110
16213
  visibilityChangeCount: 0,
16214
+ onlineStatusChangeCount: 0,
16111
16215
  });
16112
- document.addEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
16216
+ this.addStateChangeListeners(this.trackStateChangeWithMeasurement);
16113
16217
  const silentAuthCodeClient = this.createSilentAuthCodeClient(correlationId);
16114
16218
  const silentTokenResult = await silentAuthCodeClient
16115
16219
  .acquireToken(request)
@@ -16128,7 +16232,7 @@ class StandardController {
16128
16232
  throw tokenRenewalError;
16129
16233
  })
16130
16234
  .finally(() => {
16131
- document.removeEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
16235
+ this.removeStateChangeListeners(this.trackStateChangeWithMeasurement);
16132
16236
  });
16133
16237
  return silentTokenResult;
16134
16238
  }
@@ -16590,12 +16694,12 @@ class StandardController {
16590
16694
  * @returns {Promise.<AuthenticationResult>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse}
16591
16695
  */
16592
16696
  async acquireTokenSilentAsync(request, account) {
16593
- const trackPageVisibility = () => this.trackPageVisibility(request.correlationId);
16697
+ const trackStateChange = (event) => this.trackStateChange(request.correlationId, event);
16594
16698
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, request.correlationId, exports.InteractionType.Silent, request);
16595
16699
  if (request.correlationId) {
16596
- this.performanceClient.incrementFields({ visibilityChangeCount: 0 }, request.correlationId);
16700
+ this.performanceClient.incrementFields({ visibilityChangeCount: 0, onlineStatusChangeCount: 0 }, request.correlationId);
16597
16701
  }
16598
- document.addEventListener("visibilitychange", trackPageVisibility);
16702
+ this.addStateChangeListeners(trackStateChange);
16599
16703
  const silentRequest = await invokeAsync(initializeSilentRequest, InitializeSilentRequest, this.logger, this.performanceClient, request.correlationId)(request, account, this.config, this.performanceClient, this.logger);
16600
16704
  const cacheLookupPolicy = request.cacheLookupPolicy || CacheLookupPolicy.Default;
16601
16705
  const result = this.acquireTokenSilentNoIframe(silentRequest, cacheLookupPolicy).catch(async (refreshTokenError) => {
@@ -16677,7 +16781,7 @@ class StandardController {
16677
16781
  throw tokenRenewalError;
16678
16782
  })
16679
16783
  .finally(() => {
16680
- document.removeEventListener("visibilitychange", trackPageVisibility);
16784
+ this.removeStateChangeListeners(trackStateChange);
16681
16785
  });
16682
16786
  }
16683
16787
  /**
@@ -18277,7 +18381,7 @@ async function loadExternalTokens(config, request, response, options, performanc
18277
18381
  const storage = new BrowserCacheManager(browserConfig.auth.clientId, browserConfig.cache, cryptoOps, logger, browserConfig.telemetry.client, new EventHandler(logger), buildStaticAuthorityOptions(browserConfig.auth));
18278
18382
  const authorityString = request.authority || browserConfig.auth.authority;
18279
18383
  const authority = await createDiscoveredInstance(Authority.generateAuthority(authorityString, request.azureCloudOptions), browserConfig.system.networkClient, storage, authorityOptions, logger, correlationId, performanceClient);
18280
- const cacheRecordAccount = await invokeAsync(loadAccount, LoadAccount, logger, performanceClient, correlationId)(request, options.clientInfo || response.client_info || "", correlationId, storage, logger, cryptoOps, authority, idTokenClaims);
18384
+ const cacheRecordAccount = await invokeAsync(loadAccount, LoadAccount, logger, performanceClient, correlationId)(request, options.clientInfo || response.client_info || "", correlationId, storage, logger, cryptoOps, authority, idTokenClaims, performanceClient);
18281
18385
  const idToken = await invokeAsync(loadIdToken, LoadIdToken, logger, performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, kmsi, correlationId, storage, logger, config.auth.clientId);
18282
18386
  const accessToken = await invokeAsync(loadAccessToken, LoadAccessToken, logger, performanceClient, correlationId)(request, response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, kmsi, options, correlationId, storage, logger, config.auth.clientId);
18283
18387
  const refreshToken = await invokeAsync(loadRefreshToken, LoadRefreshToken, logger, performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, kmsi, correlationId, storage, logger, config.auth.clientId, performanceClient);
@@ -18303,7 +18407,7 @@ async function loadExternalTokens(config, request, response, options, performanc
18303
18407
  * @param requestHomeAccountId
18304
18408
  * @returns `AccountEntity`
18305
18409
  */
18306
- async function loadAccount(request, clientInfo, correlationId, storage, logger, cryptoObj, authority, idTokenClaims) {
18410
+ async function loadAccount(request, clientInfo, correlationId, storage, logger, cryptoObj, authority, idTokenClaims, performanceClient) {
18307
18411
  logger.verbose("0ke46k", correlationId);
18308
18412
  if (request.account) {
18309
18413
  const accountEntity = createAccountEntityFromAccountInfo(request.account);
@@ -18318,7 +18422,7 @@ async function loadAccount(request, clientInfo, correlationId, storage, logger,
18318
18422
  const claimsTenantId = idTokenClaims?.tid;
18319
18423
  const cachedAccount = buildAccountToCache(storage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, authority.getPreferredCache(), claimsTenantId, undefined, // authCodePayload
18320
18424
  undefined, // nativeAccountId
18321
- logger);
18425
+ logger, performanceClient);
18322
18426
  await storage.setAccount(cachedAccount, correlationId, isKmsi(idTokenClaims || {}), ApiId.loadExternalTokens);
18323
18427
  return cachedAccount;
18324
18428
  }
@@ -18590,6 +18694,9 @@ class BrowserPerformanceClient extends PerformanceClient {
18590
18694
  getPageVisibility() {
18591
18695
  return document.visibilityState?.toString() || null;
18592
18696
  }
18697
+ getOnlineStatus() {
18698
+ return typeof navigator !== "undefined" ? navigator.onLine : null;
18699
+ }
18593
18700
  deleteIncompleteSubMeasurements(inProgressEvent) {
18594
18701
  void getPerfMeasurementModule()?.then((module) => {
18595
18702
  const rootEvent = this.eventsByCorrelationId.get(inProgressEvent.event.correlationId);
@@ -18616,6 +18723,7 @@ class BrowserPerformanceClient extends PerformanceClient {
18616
18723
  startMeasurement(measureName, correlationId) {
18617
18724
  // Capture page visibilityState and then invoke start/end measurement
18618
18725
  const startPageVisibility = this.getPageVisibility();
18726
+ const startOnlineStatus = this.getOnlineStatus();
18619
18727
  const inProgressEvent = super.startMeasurement(measureName, correlationId);
18620
18728
  const startTime = supportsBrowserPerformanceNow()
18621
18729
  ? window.performance.now()
@@ -18631,6 +18739,7 @@ class BrowserPerformanceClient extends PerformanceClient {
18631
18739
  const res = inProgressEvent.end({
18632
18740
  ...event,
18633
18741
  startPageVisibility,
18742
+ startOnlineStatus,
18634
18743
  endPageVisibility: this.getPageVisibility(),
18635
18744
  durationMs: getPerfDurationMs(startTime),
18636
18745
  networkEffectiveType: networkInfo.effectiveType,