@azure/msal-browser 5.6.2 → 5.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +0 -1
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +2 -3
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs.map +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +2 -2
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.d.ts +1 -0
- package/dist/cache/CacheKeys.d.ts.map +1 -1
- package/dist/cache/CacheKeys.mjs +3 -2
- package/dist/cache/CacheKeys.mjs.map +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.d.ts.map +1 -1
- package/dist/cache/TokenCache.mjs +9 -9
- package/dist/cache/TokenCache.mjs.map +1 -1
- package/dist/config/Configuration.d.ts +20 -1
- package/dist/config/Configuration.d.ts.map +1 -1
- package/dist/config/Configuration.mjs +10 -2
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.d.ts +20 -2
- package/dist/controllers/StandardController.d.ts.map +1 -1
- package/dist/controllers/StandardController.mjs +204 -37
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +2 -3
- package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs.map +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +2 -2
- package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
- package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
- package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
- package/dist/custom-auth-path/cache/CacheKeys.d.ts +1 -0
- package/dist/custom-auth-path/cache/CacheKeys.d.ts.map +1 -1
- package/dist/custom-auth-path/cache/CacheKeys.mjs +3 -2
- package/dist/custom-auth-path/cache/CacheKeys.mjs.map +1 -1
- package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
- package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/TokenCache.d.ts.map +1 -1
- package/dist/custom-auth-path/config/Configuration.d.ts +20 -1
- package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
- package/dist/custom-auth-path/config/Configuration.mjs +10 -2
- package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
- package/dist/custom-auth-path/controllers/StandardController.d.ts +20 -2
- package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
- package/dist/custom-auth-path/controllers/StandardController.mjs +204 -37
- package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
- package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
- package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
- package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
- package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/error/NativeAuthError.d.ts.map +1 -1
- package/dist/custom-auth-path/error/NativeAuthError.mjs +3 -4
- package/dist/custom-auth-path/error/NativeAuthError.mjs.map +1 -1
- package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
- package/dist/custom-auth-path/event/EventType.mjs +1 -1
- package/dist/custom-auth-path/index.d.ts +1 -1
- package/dist/custom-auth-path/index.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts +12 -12
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +39 -26
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/PopupClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/PopupClient.mjs +6 -2
- package/dist/custom-auth-path/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/RedirectClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +6 -2
- package/dist/custom-auth-path/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts +14 -0
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +47 -5
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/custom-auth-path/log-strings-mapping.json +67 -15
- package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
- package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
- package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
- package/dist/custom-auth-path/packageMetadata.mjs +2 -2
- package/dist/custom-auth-path/protocol/Authorize.d.ts.map +1 -1
- package/dist/custom-auth-path/protocol/Authorize.mjs +5 -1
- package/dist/custom-auth-path/protocol/Authorize.mjs.map +1 -1
- package/dist/custom-auth-path/redirect_bridge/index.d.ts.map +1 -1
- package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
- package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
- package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts +6 -0
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +9 -3
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
- package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
- package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
- package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +8 -3
- package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs.map +1 -1
- package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserUtils.d.ts +2 -2
- package/dist/custom-auth-path/utils/BrowserUtils.d.ts.map +1 -1
- package/dist/custom-auth-path/utils/BrowserUtils.mjs +27 -3
- package/dist/custom-auth-path/utils/BrowserUtils.mjs.map +1 -1
- package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
- package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.d.ts.map +1 -1
- package/dist/error/NativeAuthError.mjs +3 -4
- package/dist/error/NativeAuthError.mjs.map +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.mjs +1 -1
- package/dist/index.mjs.map +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.d.ts +12 -12
- package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +39 -26
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.d.ts.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +6 -2
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +6 -2
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.d.ts +14 -0
- package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +47 -5
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/log-strings-mapping.json +75 -23
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.d.ts.map +1 -1
- package/dist/protocol/Authorize.mjs +5 -1
- package/dist/protocol/Authorize.mjs.map +1 -1
- package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
- package/dist/redirect-bridge/cache/CacheKeys.d.ts +1 -0
- package/dist/redirect-bridge/cache/CacheKeys.d.ts.map +1 -1
- package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
- package/dist/redirect-bridge/cache/TokenCache.d.ts.map +1 -1
- package/dist/redirect-bridge/config/Configuration.d.ts +20 -1
- package/dist/redirect-bridge/config/Configuration.d.ts.map +1 -1
- package/dist/redirect-bridge/config/Configuration.mjs +1 -1
- package/dist/redirect-bridge/controllers/StandardController.d.ts +20 -2
- package/dist/redirect-bridge/controllers/StandardController.d.ts.map +1 -1
- package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
- package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
- package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/redirect-bridge/error/NativeAuthError.d.ts.map +1 -1
- package/dist/redirect-bridge/index.d.ts +1 -1
- package/dist/redirect-bridge/index.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts +12 -12
- package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/PopupClient.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/RedirectClient.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts +14 -0
- package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
- package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
- package/dist/redirect-bridge/protocol/Authorize.d.ts.map +1 -1
- package/dist/redirect-bridge/redirect_bridge/index.d.ts.map +1 -1
- package/dist/redirect-bridge/redirect_bridge/index.mjs +11 -7
- package/dist/redirect-bridge/redirect_bridge/index.mjs.map +1 -1
- package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts +6 -0
- package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/dist/redirect-bridge/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
- package/dist/redirect-bridge/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
- package/dist/redirect-bridge/utils/BrowserConstants.mjs +7 -3
- package/dist/redirect-bridge/utils/BrowserConstants.mjs.map +1 -1
- package/dist/redirect-bridge/utils/BrowserUtils.d.ts +2 -2
- package/dist/redirect-bridge/utils/BrowserUtils.d.ts.map +1 -1
- package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
- package/dist/redirect-bridge/utils/BrowserUtils.mjs.map +1 -1
- package/dist/redirect_bridge/index.d.ts.map +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/dist/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +6 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.d.ts +6 -0
- package/dist/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +9 -3
- package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
- package/dist/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +10 -3
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs.map +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.d.ts +2 -2
- package/dist/utils/BrowserUtils.d.ts.map +1 -1
- package/dist/utils/BrowserUtils.mjs +27 -3
- package/dist/utils/BrowserUtils.mjs.map +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +67 -15
- package/lib/custom-auth-path/msal-custom-auth.cjs +897 -617
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
- package/lib/custom-auth-path/types/cache/CacheKeys.d.ts +1 -0
- package/lib/custom-auth-path/types/cache/CacheKeys.d.ts.map +1 -1
- package/lib/custom-auth-path/types/cache/TokenCache.d.ts.map +1 -1
- package/lib/custom-auth-path/types/config/Configuration.d.ts +20 -1
- package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
- package/lib/custom-auth-path/types/controllers/StandardController.d.ts +20 -2
- package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/lib/custom-auth-path/types/error/NativeAuthError.d.ts.map +1 -1
- package/lib/custom-auth-path/types/index.d.ts +1 -1
- package/lib/custom-auth-path/types/index.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts +12 -12
- package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts +14 -0
- package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
- package/lib/custom-auth-path/types/protocol/Authorize.d.ts.map +1 -1
- package/lib/custom-auth-path/types/redirect_bridge/index.d.ts.map +1 -1
- package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts +6 -0
- package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/lib/custom-auth-path/types/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
- package/lib/custom-auth-path/types/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
- package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts +2 -2
- package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts.map +1 -1
- package/lib/log-strings-mapping.json +75 -23
- package/lib/msal-browser.cjs +1045 -755
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +1045 -755
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.js +24 -16
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
- package/lib/types/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
- package/lib/types/cache/CacheKeys.d.ts +1 -0
- package/lib/types/cache/CacheKeys.d.ts.map +1 -1
- package/lib/types/cache/TokenCache.d.ts.map +1 -1
- package/lib/types/config/Configuration.d.ts +20 -1
- package/lib/types/config/Configuration.d.ts.map +1 -1
- package/lib/types/controllers/StandardController.d.ts +20 -2
- package/lib/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/lib/types/error/NativeAuthError.d.ts.map +1 -1
- package/lib/types/index.d.ts +1 -1
- package/lib/types/index.d.ts.map +1 -1
- package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts +12 -12
- package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/lib/types/interaction_client/SilentIframeClient.d.ts +14 -0
- package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/protocol/Authorize.d.ts.map +1 -1
- package/lib/types/redirect_bridge/index.d.ts.map +1 -1
- package/lib/types/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/lib/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/lib/types/telemetry/BrowserPerformanceEvents.d.ts +6 -0
- package/lib/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/lib/types/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
- package/lib/types/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
- package/lib/types/utils/BrowserUtils.d.ts +2 -2
- package/lib/types/utils/BrowserUtils.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/broker/nativeBroker/PlatformAuthProvider.ts +1 -1
- package/src/cache/CacheKeys.ts +1 -0
- package/src/cache/TokenCache.ts +27 -24
- package/src/config/Configuration.ts +30 -0
- package/src/controllers/StandardController.ts +316 -69
- package/src/error/NativeAuthError.ts +1 -2
- package/src/index.ts +1 -0
- package/src/interaction_client/PlatformAuthInteractionClient.ts +99 -76
- package/src/interaction_client/PopupClient.ts +10 -0
- package/src/interaction_client/RedirectClient.ts +10 -0
- package/src/interaction_client/SilentIframeClient.ts +127 -22
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +8 -0
- package/src/redirect_bridge/index.ts +12 -5
- package/src/telemetry/BrowserPerformanceClient.ts +6 -0
- package/src/telemetry/BrowserPerformanceEvents.ts +9 -0
- package/src/telemetry/BrowserRootPerformanceEvents.ts +7 -0
- package/src/utils/BrowserUtils.ts +36 -4
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.
|
|
1
|
+
/*! @azure/msal-browser v5.7.0 2026-04-16 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
5
|
-
/*! @azure/msal-common v16.
|
|
5
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6
6
|
/*
|
|
7
7
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8
8
|
* Licensed under the MIT License.
|
|
@@ -229,7 +229,7 @@ const JsonWebTokenTypes = {
|
|
|
229
229
|
// Token renewal offset default in seconds
|
|
230
230
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
231
231
|
|
|
232
|
-
/*! @azure/msal-common v16.
|
|
232
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
233
233
|
/*
|
|
234
234
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
235
235
|
* Licensed under the MIT License.
|
|
@@ -281,7 +281,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
|
|
|
281
281
|
const RESOURCE = "resource";
|
|
282
282
|
const CLI_DATA = "clidata";
|
|
283
283
|
|
|
284
|
-
/*! @azure/msal-common v16.
|
|
284
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
285
285
|
/*
|
|
286
286
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
287
287
|
* Licensed under the MIT License.
|
|
@@ -312,7 +312,7 @@ function createAuthError(code, additionalMessage) {
|
|
|
312
312
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
313
313
|
}
|
|
314
314
|
|
|
315
|
-
/*! @azure/msal-common v16.
|
|
315
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
316
316
|
|
|
317
317
|
/*
|
|
318
318
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -332,7 +332,7 @@ function createClientConfigurationError(errorCode) {
|
|
|
332
332
|
return new ClientConfigurationError(errorCode);
|
|
333
333
|
}
|
|
334
334
|
|
|
335
|
-
/*! @azure/msal-common v16.
|
|
335
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
336
336
|
/*
|
|
337
337
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
338
338
|
* Licensed under the MIT License.
|
|
@@ -412,7 +412,7 @@ class StringUtils {
|
|
|
412
412
|
}
|
|
413
413
|
}
|
|
414
414
|
|
|
415
|
-
/*! @azure/msal-common v16.
|
|
415
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
416
416
|
|
|
417
417
|
/*
|
|
418
418
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -435,7 +435,7 @@ function createClientAuthError(errorCode, additionalMessage) {
|
|
|
435
435
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
436
436
|
}
|
|
437
437
|
|
|
438
|
-
/*! @azure/msal-common v16.
|
|
438
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
439
439
|
/*
|
|
440
440
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
441
441
|
* Licensed under the MIT License.
|
|
@@ -459,7 +459,7 @@ const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
|
|
|
459
459
|
const authorityMismatch = "authority_mismatch";
|
|
460
460
|
const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
|
|
461
461
|
|
|
462
|
-
/*! @azure/msal-common v16.
|
|
462
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
463
463
|
/*
|
|
464
464
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
465
465
|
* Licensed under the MIT License.
|
|
@@ -498,7 +498,7 @@ const methodNotImplemented = "method_not_implemented";
|
|
|
498
498
|
const resourceParameterRequired = "resource_parameter_required";
|
|
499
499
|
const misplacedResourceParam = "misplaced_resource_parameter";
|
|
500
500
|
|
|
501
|
-
/*! @azure/msal-common v16.
|
|
501
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
502
502
|
|
|
503
503
|
/*
|
|
504
504
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -693,7 +693,7 @@ class ScopeSet {
|
|
|
693
693
|
}
|
|
694
694
|
}
|
|
695
695
|
|
|
696
|
-
/*! @azure/msal-common v16.
|
|
696
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
697
697
|
|
|
698
698
|
/*
|
|
699
699
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -814,18 +814,29 @@ function addSid(parameters, sid) {
|
|
|
814
814
|
parameters.set(SID, sid);
|
|
815
815
|
}
|
|
816
816
|
/**
|
|
817
|
-
*
|
|
818
|
-
*
|
|
819
|
-
|
|
820
|
-
|
|
821
|
-
|
|
822
|
-
|
|
823
|
-
|
|
824
|
-
|
|
825
|
-
|
|
826
|
-
|
|
817
|
+
* Adds claims to request parameters, conditionally excluding clientCapabilities
|
|
818
|
+
* when skipBrokerClaims is true and a brokered flow is in effect.
|
|
819
|
+
* @param parameters - The request parameters map
|
|
820
|
+
* @param claims - The claims string from the request
|
|
821
|
+
* @param clientCapabilities - The client capabilities from configuration
|
|
822
|
+
* @param skipBrokerClaims - When true and BROKER_CLIENT_ID is present, excludes clientCapabilities from claims
|
|
823
|
+
*/
|
|
824
|
+
function addClaims(parameters, claims, clientCapabilities, skipBrokerClaims) {
|
|
825
|
+
// Skip clientCapabilities if skipBrokerClaims is set to true and this is a brokered authentication flow
|
|
826
|
+
const configClaims = skipBrokerClaims && parameters.has(BROKER_CLIENT_ID)
|
|
827
|
+
? undefined
|
|
828
|
+
: clientCapabilities;
|
|
829
|
+
if (!StringUtils.isEmptyObj(claims) ||
|
|
830
|
+
(configClaims && configClaims.length > 0)) {
|
|
831
|
+
const mergedClaims = addClientCapabilitiesToClaims(claims, configClaims);
|
|
832
|
+
try {
|
|
833
|
+
JSON.parse(mergedClaims);
|
|
834
|
+
}
|
|
835
|
+
catch (e) {
|
|
836
|
+
throw createClientConfigurationError(invalidClaims);
|
|
837
|
+
}
|
|
838
|
+
parameters.set(CLAIMS, mergedClaims);
|
|
827
839
|
}
|
|
828
|
-
parameters.set(CLAIMS, mergedClaims);
|
|
829
840
|
}
|
|
830
841
|
/**
|
|
831
842
|
* add correlationId
|
|
@@ -1071,7 +1082,7 @@ function addResource(parameters, resource) {
|
|
|
1071
1082
|
}
|
|
1072
1083
|
}
|
|
1073
1084
|
|
|
1074
|
-
/*! @azure/msal-common v16.
|
|
1085
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1075
1086
|
|
|
1076
1087
|
/*
|
|
1077
1088
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1180,7 +1191,7 @@ function normalizeUrlForComparison(url) {
|
|
|
1180
1191
|
}
|
|
1181
1192
|
}
|
|
1182
1193
|
|
|
1183
|
-
/*! @azure/msal-common v16.
|
|
1194
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1184
1195
|
|
|
1185
1196
|
/*
|
|
1186
1197
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1219,7 +1230,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
|
|
|
1219
1230
|
},
|
|
1220
1231
|
};
|
|
1221
1232
|
|
|
1222
|
-
/*! @azure/msal-common v16.
|
|
1233
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1223
1234
|
/*
|
|
1224
1235
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1225
1236
|
* Licensed under the MIT License.
|
|
@@ -1480,12 +1491,12 @@ class Logger {
|
|
|
1480
1491
|
}
|
|
1481
1492
|
}
|
|
1482
1493
|
|
|
1483
|
-
/*! @azure/msal-common v16.
|
|
1494
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1484
1495
|
/* eslint-disable header/header */
|
|
1485
1496
|
const name$1 = "@azure/msal-common";
|
|
1486
|
-
const version$1 = "16.
|
|
1497
|
+
const version$1 = "16.5.0";
|
|
1487
1498
|
|
|
1488
|
-
/*! @azure/msal-common v16.
|
|
1499
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1489
1500
|
/*
|
|
1490
1501
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1491
1502
|
* Licensed under the MIT License.
|
|
@@ -1494,7 +1505,7 @@ const AzureCloudInstance = {
|
|
|
1494
1505
|
// AzureCloudInstance is not specified.
|
|
1495
1506
|
None: "none"};
|
|
1496
1507
|
|
|
1497
|
-
/*! @azure/msal-common v16.
|
|
1508
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1498
1509
|
/*
|
|
1499
1510
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1500
1511
|
* Licensed under the MIT License.
|
|
@@ -1576,7 +1587,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
|
|
|
1576
1587
|
return updatedAccountInfo;
|
|
1577
1588
|
}
|
|
1578
1589
|
|
|
1579
|
-
/*! @azure/msal-common v16.
|
|
1590
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1580
1591
|
|
|
1581
1592
|
/*
|
|
1582
1593
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1656,7 +1667,7 @@ function checkMaxAge(authTime, maxAge) {
|
|
|
1656
1667
|
}
|
|
1657
1668
|
}
|
|
1658
1669
|
|
|
1659
|
-
/*! @azure/msal-common v16.
|
|
1670
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1660
1671
|
|
|
1661
1672
|
/*
|
|
1662
1673
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1813,7 +1824,7 @@ class UrlString {
|
|
|
1813
1824
|
}
|
|
1814
1825
|
}
|
|
1815
1826
|
|
|
1816
|
-
/*! @azure/msal-common v16.
|
|
1827
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1817
1828
|
|
|
1818
1829
|
/*
|
|
1819
1830
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1970,7 +1981,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
1970
1981
|
return null;
|
|
1971
1982
|
}
|
|
1972
1983
|
|
|
1973
|
-
/*! @azure/msal-common v16.
|
|
1984
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1974
1985
|
/*
|
|
1975
1986
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1976
1987
|
* Licensed under the MIT License.
|
|
@@ -1978,7 +1989,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
1978
1989
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
1979
1990
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
1980
1991
|
|
|
1981
|
-
/*! @azure/msal-common v16.
|
|
1992
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1982
1993
|
|
|
1983
1994
|
/*
|
|
1984
1995
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2016,7 +2027,7 @@ function createCacheError(e) {
|
|
|
2016
2027
|
}
|
|
2017
2028
|
}
|
|
2018
2029
|
|
|
2019
|
-
/*! @azure/msal-common v16.
|
|
2030
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2020
2031
|
|
|
2021
2032
|
/*
|
|
2022
2033
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2054,7 +2065,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
|
|
|
2054
2065
|
};
|
|
2055
2066
|
}
|
|
2056
2067
|
|
|
2057
|
-
/*! @azure/msal-common v16.
|
|
2068
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2058
2069
|
/*
|
|
2059
2070
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2060
2071
|
* Licensed under the MIT License.
|
|
@@ -2069,7 +2080,7 @@ const AuthorityType = {
|
|
|
2069
2080
|
Ciam: 3,
|
|
2070
2081
|
};
|
|
2071
2082
|
|
|
2072
|
-
/*! @azure/msal-common v16.
|
|
2083
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2073
2084
|
/*
|
|
2074
2085
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2075
2086
|
* Licensed under the MIT License.
|
|
@@ -2091,7 +2102,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
|
|
|
2091
2102
|
return null;
|
|
2092
2103
|
}
|
|
2093
2104
|
|
|
2094
|
-
/*! @azure/msal-common v16.
|
|
2105
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2095
2106
|
/*
|
|
2096
2107
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2097
2108
|
* Licensed under the MIT License.
|
|
@@ -2115,7 +2126,7 @@ const ProtocolMode = {
|
|
|
2115
2126
|
EAR: "EAR",
|
|
2116
2127
|
};
|
|
2117
2128
|
|
|
2118
|
-
/*! @azure/msal-common v16.
|
|
2129
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2119
2130
|
/**
|
|
2120
2131
|
* Returns the AccountInfo interface for this account.
|
|
2121
2132
|
*/
|
|
@@ -2290,7 +2301,7 @@ function isAccountEntity(entity) {
|
|
|
2290
2301
|
entity.hasOwnProperty("authorityType"));
|
|
2291
2302
|
}
|
|
2292
2303
|
|
|
2293
|
-
/*! @azure/msal-common v16.
|
|
2304
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2294
2305
|
|
|
2295
2306
|
/*
|
|
2296
2307
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3391,7 +3402,7 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3391
3402
|
}
|
|
3392
3403
|
}
|
|
3393
3404
|
|
|
3394
|
-
/*! @azure/msal-common v16.
|
|
3405
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3395
3406
|
/*
|
|
3396
3407
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3397
3408
|
* Licensed under the MIT License.
|
|
@@ -3405,7 +3416,7 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3405
3416
|
const PerformanceEventStatus = {
|
|
3406
3417
|
InProgress: 1};
|
|
3407
3418
|
|
|
3408
|
-
/*! @azure/msal-common v16.
|
|
3419
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3409
3420
|
|
|
3410
3421
|
/*
|
|
3411
3422
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3460,7 +3471,7 @@ class StubPerformanceClient {
|
|
|
3460
3471
|
}
|
|
3461
3472
|
}
|
|
3462
3473
|
|
|
3463
|
-
/*! @azure/msal-common v16.
|
|
3474
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3464
3475
|
|
|
3465
3476
|
/*
|
|
3466
3477
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3555,213 +3566,34 @@ function isOidcProtocolMode(config) {
|
|
|
3555
3566
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3556
3567
|
}
|
|
3557
3568
|
|
|
3558
|
-
/*! @azure/msal-common v16.
|
|
3559
|
-
|
|
3560
|
-
/*
|
|
3561
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3562
|
-
* Licensed under the MIT License.
|
|
3563
|
-
*/
|
|
3564
|
-
/**
|
|
3565
|
-
* Error thrown when there is an error with the server code, for example, unavailability.
|
|
3566
|
-
*/
|
|
3567
|
-
class ServerError extends AuthError {
|
|
3568
|
-
constructor(errorCode, errorMessage, subError, errorNo, status) {
|
|
3569
|
-
super(errorCode, errorMessage, subError);
|
|
3570
|
-
this.name = "ServerError";
|
|
3571
|
-
this.errorNo = errorNo;
|
|
3572
|
-
this.status = status;
|
|
3573
|
-
Object.setPrototypeOf(this, ServerError.prototype);
|
|
3574
|
-
}
|
|
3575
|
-
}
|
|
3576
|
-
|
|
3577
|
-
/*! @azure/msal-common v16.4.0 2026-03-27 */
|
|
3578
|
-
/*
|
|
3579
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3580
|
-
* Licensed under the MIT License.
|
|
3581
|
-
*/
|
|
3582
|
-
/**
|
|
3583
|
-
* MSAL-defined interaction required error code indicating no tokens are found in cache.
|
|
3584
|
-
* @public
|
|
3585
|
-
*/
|
|
3586
|
-
const noTokensFound = "no_tokens_found";
|
|
3587
|
-
/**
|
|
3588
|
-
* MSAL-defined error code indicating a native account is unavailable on the platform.
|
|
3589
|
-
* @public
|
|
3590
|
-
*/
|
|
3591
|
-
const nativeAccountUnavailable = "native_account_unavailable";
|
|
3592
|
-
/**
|
|
3593
|
-
* MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
|
|
3594
|
-
* @public
|
|
3595
|
-
*/
|
|
3596
|
-
const refreshTokenExpired = "refresh_token_expired";
|
|
3597
|
-
/**
|
|
3598
|
-
* MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
|
|
3599
|
-
* @public
|
|
3600
|
-
*/
|
|
3601
|
-
const uxNotAllowed = "ux_not_allowed";
|
|
3602
|
-
/**
|
|
3603
|
-
* Server-originated error code indicating interaction is required to complete the request.
|
|
3604
|
-
* @public
|
|
3605
|
-
*/
|
|
3606
|
-
const interactionRequired = "interaction_required";
|
|
3607
|
-
/**
|
|
3608
|
-
* Server-originated error code indicating user consent is required.
|
|
3609
|
-
* @public
|
|
3610
|
-
*/
|
|
3611
|
-
const consentRequired = "consent_required";
|
|
3612
|
-
/**
|
|
3613
|
-
* Server-originated error code indicating user login is required.
|
|
3614
|
-
* @public
|
|
3615
|
-
*/
|
|
3616
|
-
const loginRequired = "login_required";
|
|
3617
|
-
/**
|
|
3618
|
-
* Server-originated error code indicating the token is invalid or corrupted.
|
|
3619
|
-
* @public
|
|
3620
|
-
*/
|
|
3621
|
-
const badToken = "bad_token";
|
|
3622
|
-
/**
|
|
3623
|
-
* Server-originated error code indicating the user is in an interrupted state and interaction is required.
|
|
3624
|
-
* @public
|
|
3625
|
-
*/
|
|
3626
|
-
const interruptedUser = "interrupted_user";
|
|
3627
|
-
|
|
3628
|
-
/*! @azure/msal-common v16.4.0 2026-03-27 */
|
|
3629
|
-
|
|
3630
|
-
/*
|
|
3631
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3632
|
-
* Licensed under the MIT License.
|
|
3633
|
-
*/
|
|
3634
|
-
/**
|
|
3635
|
-
* InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required
|
|
3636
|
-
*/
|
|
3637
|
-
const InteractionRequiredServerErrorMessage = [
|
|
3638
|
-
interactionRequired,
|
|
3639
|
-
consentRequired,
|
|
3640
|
-
loginRequired,
|
|
3641
|
-
badToken,
|
|
3642
|
-
uxNotAllowed,
|
|
3643
|
-
interruptedUser,
|
|
3644
|
-
];
|
|
3645
|
-
const InteractionRequiredAuthSubErrorMessage = [
|
|
3646
|
-
"message_only",
|
|
3647
|
-
"additional_action",
|
|
3648
|
-
"basic_action",
|
|
3649
|
-
"user_password_expired",
|
|
3650
|
-
"consent_required",
|
|
3651
|
-
"bad_token",
|
|
3652
|
-
"ux_not_allowed",
|
|
3653
|
-
"interrupted_user",
|
|
3654
|
-
];
|
|
3655
|
-
/**
|
|
3656
|
-
* Error thrown when user interaction is required.
|
|
3657
|
-
*/
|
|
3658
|
-
class InteractionRequiredAuthError extends AuthError {
|
|
3659
|
-
constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
|
|
3660
|
-
super(errorCode, errorMessage, subError);
|
|
3661
|
-
Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
|
|
3662
|
-
this.timestamp = timestamp || "";
|
|
3663
|
-
this.traceId = traceId || "";
|
|
3664
|
-
this.correlationId = correlationId || "";
|
|
3665
|
-
this.claims = claims || "";
|
|
3666
|
-
this.name = "InteractionRequiredAuthError";
|
|
3667
|
-
this.errorNo = errorNo;
|
|
3668
|
-
}
|
|
3669
|
-
}
|
|
3670
|
-
/**
|
|
3671
|
-
* Helper function used to determine if an error thrown by the server requires interaction to resolve
|
|
3672
|
-
* @param errorCode
|
|
3673
|
-
* @param errorString
|
|
3674
|
-
* @param subError
|
|
3675
|
-
*/
|
|
3676
|
-
function isInteractionRequiredError(errorCode, errorString, subError) {
|
|
3677
|
-
const isInteractionRequiredErrorCode = !!errorCode &&
|
|
3678
|
-
InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;
|
|
3679
|
-
const isInteractionRequiredSubError = !!subError &&
|
|
3680
|
-
InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
|
|
3681
|
-
const isInteractionRequiredErrorDesc = !!errorString &&
|
|
3682
|
-
InteractionRequiredServerErrorMessage.some((irErrorCode) => {
|
|
3683
|
-
return errorString.indexOf(irErrorCode) > -1;
|
|
3684
|
-
});
|
|
3685
|
-
return (isInteractionRequiredErrorCode ||
|
|
3686
|
-
isInteractionRequiredErrorDesc ||
|
|
3687
|
-
isInteractionRequiredSubError);
|
|
3688
|
-
}
|
|
3689
|
-
/**
|
|
3690
|
-
* Creates an InteractionRequiredAuthError
|
|
3691
|
-
*/
|
|
3692
|
-
function createInteractionRequiredAuthError(errorCode, errorMessage) {
|
|
3693
|
-
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
3694
|
-
}
|
|
3695
|
-
|
|
3696
|
-
/*! @azure/msal-common v16.4.0 2026-03-27 */
|
|
3697
|
-
|
|
3569
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3698
3570
|
/*
|
|
3699
3571
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3700
3572
|
* Licensed under the MIT License.
|
|
3701
3573
|
*/
|
|
3702
3574
|
/**
|
|
3703
|
-
*
|
|
3704
|
-
*
|
|
3705
|
-
|
|
3706
|
-
|
|
3707
|
-
|
|
3708
|
-
|
|
3709
|
-
const libraryState = generateLibraryState(cryptoObj, meta);
|
|
3710
|
-
return userState
|
|
3711
|
-
? `${libraryState}${RESOURCE_DELIM}${userState}`
|
|
3712
|
-
: libraryState;
|
|
3713
|
-
}
|
|
3714
|
-
/**
|
|
3715
|
-
* Generates the state value used by the common library.
|
|
3716
|
-
* @param cryptoObj
|
|
3717
|
-
* @param meta
|
|
3718
|
-
*/
|
|
3719
|
-
function generateLibraryState(cryptoObj, meta) {
|
|
3720
|
-
if (!cryptoObj) {
|
|
3721
|
-
throw createClientAuthError(noCryptoObject);
|
|
3722
|
-
}
|
|
3723
|
-
// Create a state object containing a unique id and the timestamp of the request creation
|
|
3724
|
-
const stateObj = {
|
|
3725
|
-
id: cryptoObj.createNewGuid(),
|
|
3726
|
-
};
|
|
3727
|
-
if (meta) {
|
|
3728
|
-
stateObj.meta = meta;
|
|
3729
|
-
}
|
|
3730
|
-
const stateString = JSON.stringify(stateObj);
|
|
3731
|
-
return cryptoObj.base64Encode(stateString);
|
|
3732
|
-
}
|
|
3733
|
-
/**
|
|
3734
|
-
* Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.
|
|
3735
|
-
* @param base64Decode
|
|
3736
|
-
* @param state
|
|
3737
|
-
*/
|
|
3738
|
-
function parseRequestState(base64Decode, state) {
|
|
3739
|
-
if (!base64Decode) {
|
|
3740
|
-
throw createClientAuthError(noCryptoObject);
|
|
3741
|
-
}
|
|
3742
|
-
if (!state) {
|
|
3743
|
-
throw createClientAuthError(invalidState);
|
|
3575
|
+
* This class instance helps track the memory changes facilitating
|
|
3576
|
+
* decisions to read from and write to the persistent cache
|
|
3577
|
+
*/ class TokenCacheContext {
|
|
3578
|
+
constructor(tokenCache, hasChanged) {
|
|
3579
|
+
this.cache = tokenCache;
|
|
3580
|
+
this.hasChanged = hasChanged;
|
|
3744
3581
|
}
|
|
3745
|
-
|
|
3746
|
-
|
|
3747
|
-
|
|
3748
|
-
|
|
3749
|
-
|
|
3750
|
-
? splitState.slice(1).join(RESOURCE_DELIM)
|
|
3751
|
-
: "";
|
|
3752
|
-
const libraryStateString = base64Decode(libraryState);
|
|
3753
|
-
const libraryStateObj = JSON.parse(libraryStateString);
|
|
3754
|
-
return {
|
|
3755
|
-
userRequestState: userState || "",
|
|
3756
|
-
libraryState: libraryStateObj,
|
|
3757
|
-
};
|
|
3582
|
+
/**
|
|
3583
|
+
* boolean which indicates the changes in cache
|
|
3584
|
+
*/
|
|
3585
|
+
get cacheHasChanged() {
|
|
3586
|
+
return this.hasChanged;
|
|
3758
3587
|
}
|
|
3759
|
-
|
|
3760
|
-
|
|
3588
|
+
/**
|
|
3589
|
+
* function to retrieve the token cache
|
|
3590
|
+
*/
|
|
3591
|
+
get tokenCache() {
|
|
3592
|
+
return this.cache;
|
|
3761
3593
|
}
|
|
3762
3594
|
}
|
|
3763
3595
|
|
|
3764
|
-
/*! @azure/msal-common v16.
|
|
3596
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3765
3597
|
/*
|
|
3766
3598
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3767
3599
|
* Licensed under the MIT License.
|
|
@@ -3826,27 +3658,286 @@ function wasClockTurnedBack(cachedAt) {
|
|
|
3826
3658
|
return cachedAtSec > nowSeconds();
|
|
3827
3659
|
}
|
|
3828
3660
|
|
|
3829
|
-
/*! @azure/msal-common v16.
|
|
3661
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3662
|
+
|
|
3830
3663
|
/*
|
|
3831
3664
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3832
3665
|
* Licensed under the MIT License.
|
|
3833
3666
|
*/
|
|
3834
3667
|
/**
|
|
3835
|
-
*
|
|
3836
|
-
|
|
3837
|
-
|
|
3838
|
-
|
|
3839
|
-
|
|
3840
|
-
/**
|
|
3841
|
-
* Time spent on the network for refresh token acquisition
|
|
3668
|
+
* Create IdTokenEntity
|
|
3669
|
+
* @param homeAccountId
|
|
3670
|
+
* @param authenticationResult
|
|
3671
|
+
* @param clientId
|
|
3672
|
+
* @param authority
|
|
3842
3673
|
*/
|
|
3843
|
-
|
|
3674
|
+
function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
|
|
3675
|
+
const idTokenEntity = {
|
|
3676
|
+
credentialType: CredentialType.ID_TOKEN,
|
|
3677
|
+
homeAccountId: homeAccountId,
|
|
3678
|
+
environment: environment,
|
|
3679
|
+
clientId: clientId,
|
|
3680
|
+
secret: idToken,
|
|
3681
|
+
realm: tenantId,
|
|
3682
|
+
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
3683
|
+
};
|
|
3684
|
+
return idTokenEntity;
|
|
3685
|
+
}
|
|
3844
3686
|
/**
|
|
3845
|
-
*
|
|
3687
|
+
* Create AccessTokenEntity
|
|
3688
|
+
* @param homeAccountId
|
|
3689
|
+
* @param environment
|
|
3690
|
+
* @param accessToken
|
|
3691
|
+
* @param clientId
|
|
3692
|
+
* @param tenantId
|
|
3693
|
+
* @param scopes
|
|
3694
|
+
* @param expiresOn
|
|
3695
|
+
* @param extExpiresOn
|
|
3846
3696
|
*/
|
|
3847
|
-
|
|
3848
|
-
|
|
3849
|
-
|
|
3697
|
+
function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId) {
|
|
3698
|
+
const atEntity = {
|
|
3699
|
+
homeAccountId: homeAccountId,
|
|
3700
|
+
credentialType: CredentialType.ACCESS_TOKEN,
|
|
3701
|
+
secret: accessToken,
|
|
3702
|
+
cachedAt: nowSeconds().toString(),
|
|
3703
|
+
expiresOn: expiresOn.toString(),
|
|
3704
|
+
extendedExpiresOn: extExpiresOn.toString(),
|
|
3705
|
+
environment: environment,
|
|
3706
|
+
clientId: clientId,
|
|
3707
|
+
realm: tenantId,
|
|
3708
|
+
target: scopes,
|
|
3709
|
+
tokenType: tokenType || AuthenticationScheme.BEARER,
|
|
3710
|
+
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
3711
|
+
};
|
|
3712
|
+
if (userAssertionHash) {
|
|
3713
|
+
atEntity.userAssertionHash = userAssertionHash;
|
|
3714
|
+
}
|
|
3715
|
+
if (refreshOn) {
|
|
3716
|
+
atEntity.refreshOn = refreshOn.toString();
|
|
3717
|
+
}
|
|
3718
|
+
/*
|
|
3719
|
+
* Create Access Token With Auth Scheme instead of regular access token
|
|
3720
|
+
* Cast to lower to handle "bearer" from ADFS
|
|
3721
|
+
*/
|
|
3722
|
+
if (atEntity.tokenType?.toLowerCase() !==
|
|
3723
|
+
AuthenticationScheme.BEARER.toLowerCase()) {
|
|
3724
|
+
atEntity.credentialType =
|
|
3725
|
+
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
|
|
3726
|
+
switch (atEntity.tokenType) {
|
|
3727
|
+
case AuthenticationScheme.POP:
|
|
3728
|
+
// Make sure keyId is present and add it to credential
|
|
3729
|
+
const tokenClaims = extractTokenClaims(accessToken, base64Decode);
|
|
3730
|
+
if (!tokenClaims?.cnf?.kid) {
|
|
3731
|
+
throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
|
|
3732
|
+
}
|
|
3733
|
+
atEntity.keyId = tokenClaims.cnf.kid;
|
|
3734
|
+
break;
|
|
3735
|
+
case AuthenticationScheme.SSH:
|
|
3736
|
+
atEntity.keyId = keyId;
|
|
3737
|
+
}
|
|
3738
|
+
}
|
|
3739
|
+
return atEntity;
|
|
3740
|
+
}
|
|
3741
|
+
/**
|
|
3742
|
+
* Create RefreshTokenEntity
|
|
3743
|
+
* @param homeAccountId
|
|
3744
|
+
* @param authenticationResult
|
|
3745
|
+
* @param clientId
|
|
3746
|
+
* @param authority
|
|
3747
|
+
*/
|
|
3748
|
+
function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
|
|
3749
|
+
const rtEntity = {
|
|
3750
|
+
credentialType: CredentialType.REFRESH_TOKEN,
|
|
3751
|
+
homeAccountId: homeAccountId,
|
|
3752
|
+
environment: environment,
|
|
3753
|
+
clientId: clientId,
|
|
3754
|
+
secret: refreshToken,
|
|
3755
|
+
lastUpdatedAt: Date.now().toString(),
|
|
3756
|
+
};
|
|
3757
|
+
if (userAssertionHash) {
|
|
3758
|
+
rtEntity.userAssertionHash = userAssertionHash;
|
|
3759
|
+
}
|
|
3760
|
+
if (familyId) {
|
|
3761
|
+
rtEntity.familyId = familyId;
|
|
3762
|
+
}
|
|
3763
|
+
if (expiresOn) {
|
|
3764
|
+
rtEntity.expiresOn = expiresOn.toString();
|
|
3765
|
+
}
|
|
3766
|
+
return rtEntity;
|
|
3767
|
+
}
|
|
3768
|
+
function isCredentialEntity(entity) {
|
|
3769
|
+
return (entity.hasOwnProperty("homeAccountId") &&
|
|
3770
|
+
entity.hasOwnProperty("environment") &&
|
|
3771
|
+
entity.hasOwnProperty("credentialType") &&
|
|
3772
|
+
entity.hasOwnProperty("clientId") &&
|
|
3773
|
+
entity.hasOwnProperty("secret"));
|
|
3774
|
+
}
|
|
3775
|
+
/**
|
|
3776
|
+
* Validates an entity: checks for all expected params
|
|
3777
|
+
* @param entity
|
|
3778
|
+
*/
|
|
3779
|
+
function isAccessTokenEntity(entity) {
|
|
3780
|
+
if (!entity) {
|
|
3781
|
+
return false;
|
|
3782
|
+
}
|
|
3783
|
+
return (isCredentialEntity(entity) &&
|
|
3784
|
+
entity.hasOwnProperty("realm") &&
|
|
3785
|
+
entity.hasOwnProperty("target") &&
|
|
3786
|
+
(entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
|
|
3787
|
+
entity["credentialType"] ===
|
|
3788
|
+
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
|
|
3789
|
+
}
|
|
3790
|
+
/**
|
|
3791
|
+
* Validates an entity: checks for all expected params
|
|
3792
|
+
* @param entity
|
|
3793
|
+
*/
|
|
3794
|
+
function isIdTokenEntity(entity) {
|
|
3795
|
+
if (!entity) {
|
|
3796
|
+
return false;
|
|
3797
|
+
}
|
|
3798
|
+
return (isCredentialEntity(entity) &&
|
|
3799
|
+
entity.hasOwnProperty("realm") &&
|
|
3800
|
+
entity["credentialType"] === CredentialType.ID_TOKEN);
|
|
3801
|
+
}
|
|
3802
|
+
/**
|
|
3803
|
+
* Validates an entity: checks for all expected params
|
|
3804
|
+
* @param entity
|
|
3805
|
+
*/
|
|
3806
|
+
function isRefreshTokenEntity(entity) {
|
|
3807
|
+
if (!entity) {
|
|
3808
|
+
return false;
|
|
3809
|
+
}
|
|
3810
|
+
return (isCredentialEntity(entity) &&
|
|
3811
|
+
entity["credentialType"] === CredentialType.REFRESH_TOKEN);
|
|
3812
|
+
}
|
|
3813
|
+
/**
|
|
3814
|
+
* validates if a given cache entry is "Telemetry", parses <key,value>
|
|
3815
|
+
* @param key
|
|
3816
|
+
* @param entity
|
|
3817
|
+
*/
|
|
3818
|
+
function isServerTelemetryEntity(key, entity) {
|
|
3819
|
+
const validateKey = key.indexOf(SERVER_TELEM_CACHE_KEY) === 0;
|
|
3820
|
+
let validateEntity = true;
|
|
3821
|
+
if (entity) {
|
|
3822
|
+
validateEntity =
|
|
3823
|
+
entity.hasOwnProperty("failedRequests") &&
|
|
3824
|
+
entity.hasOwnProperty("errors") &&
|
|
3825
|
+
entity.hasOwnProperty("cacheHits");
|
|
3826
|
+
}
|
|
3827
|
+
return validateKey && validateEntity;
|
|
3828
|
+
}
|
|
3829
|
+
/**
|
|
3830
|
+
* validates if a given cache entry is "Throttling", parses <key,value>
|
|
3831
|
+
* @param key
|
|
3832
|
+
* @param entity
|
|
3833
|
+
*/
|
|
3834
|
+
function isThrottlingEntity(key, entity) {
|
|
3835
|
+
let validateKey = false;
|
|
3836
|
+
if (key) {
|
|
3837
|
+
validateKey = key.indexOf(THROTTLING_PREFIX) === 0;
|
|
3838
|
+
}
|
|
3839
|
+
let validateEntity = true;
|
|
3840
|
+
if (entity) {
|
|
3841
|
+
validateEntity = entity.hasOwnProperty("throttleTime");
|
|
3842
|
+
}
|
|
3843
|
+
return validateKey && validateEntity;
|
|
3844
|
+
}
|
|
3845
|
+
/**
|
|
3846
|
+
* Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
|
|
3847
|
+
*/
|
|
3848
|
+
function generateAppMetadataKey({ environment, clientId, }) {
|
|
3849
|
+
const appMetaDataKeyArray = [
|
|
3850
|
+
APP_METADATA,
|
|
3851
|
+
environment,
|
|
3852
|
+
clientId,
|
|
3853
|
+
];
|
|
3854
|
+
return appMetaDataKeyArray
|
|
3855
|
+
.join(CACHE_KEY_SEPARATOR$1)
|
|
3856
|
+
.toLowerCase();
|
|
3857
|
+
}
|
|
3858
|
+
/*
|
|
3859
|
+
* Validates an entity: checks for all expected params
|
|
3860
|
+
* @param entity
|
|
3861
|
+
*/
|
|
3862
|
+
function isAppMetadataEntity(key, entity) {
|
|
3863
|
+
if (!entity) {
|
|
3864
|
+
return false;
|
|
3865
|
+
}
|
|
3866
|
+
return (key.indexOf(APP_METADATA) === 0 &&
|
|
3867
|
+
entity.hasOwnProperty("clientId") &&
|
|
3868
|
+
entity.hasOwnProperty("environment"));
|
|
3869
|
+
}
|
|
3870
|
+
/**
|
|
3871
|
+
* Validates an entity: checks for all expected params
|
|
3872
|
+
* @param entity
|
|
3873
|
+
*/
|
|
3874
|
+
function isAuthorityMetadataEntity(key, entity) {
|
|
3875
|
+
if (!entity) {
|
|
3876
|
+
return false;
|
|
3877
|
+
}
|
|
3878
|
+
return (key.indexOf(AUTHORITY_METADATA_CACHE_KEY) === 0 &&
|
|
3879
|
+
entity.hasOwnProperty("aliases") &&
|
|
3880
|
+
entity.hasOwnProperty("preferred_cache") &&
|
|
3881
|
+
entity.hasOwnProperty("preferred_network") &&
|
|
3882
|
+
entity.hasOwnProperty("canonical_authority") &&
|
|
3883
|
+
entity.hasOwnProperty("authorization_endpoint") &&
|
|
3884
|
+
entity.hasOwnProperty("token_endpoint") &&
|
|
3885
|
+
entity.hasOwnProperty("issuer") &&
|
|
3886
|
+
entity.hasOwnProperty("aliasesFromNetwork") &&
|
|
3887
|
+
entity.hasOwnProperty("endpointsFromNetwork") &&
|
|
3888
|
+
entity.hasOwnProperty("expiresAt") &&
|
|
3889
|
+
entity.hasOwnProperty("jwks_uri"));
|
|
3890
|
+
}
|
|
3891
|
+
/**
|
|
3892
|
+
* Reset the exiresAt value
|
|
3893
|
+
*/
|
|
3894
|
+
function generateAuthorityMetadataExpiresAt() {
|
|
3895
|
+
return (nowSeconds() +
|
|
3896
|
+
AUTHORITY_METADATA_REFRESH_TIME_SECONDS);
|
|
3897
|
+
}
|
|
3898
|
+
function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
|
|
3899
|
+
authorityMetadata.authorization_endpoint =
|
|
3900
|
+
updatedValues.authorization_endpoint;
|
|
3901
|
+
authorityMetadata.token_endpoint = updatedValues.token_endpoint;
|
|
3902
|
+
authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
|
|
3903
|
+
authorityMetadata.issuer = updatedValues.issuer;
|
|
3904
|
+
authorityMetadata.endpointsFromNetwork = fromNetwork;
|
|
3905
|
+
authorityMetadata.jwks_uri = updatedValues.jwks_uri;
|
|
3906
|
+
}
|
|
3907
|
+
function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
|
|
3908
|
+
authorityMetadata.aliases = updatedValues.aliases;
|
|
3909
|
+
authorityMetadata.preferred_cache = updatedValues.preferred_cache;
|
|
3910
|
+
authorityMetadata.preferred_network = updatedValues.preferred_network;
|
|
3911
|
+
authorityMetadata.aliasesFromNetwork = fromNetwork;
|
|
3912
|
+
}
|
|
3913
|
+
/**
|
|
3914
|
+
* Returns whether or not the data needs to be refreshed
|
|
3915
|
+
*/
|
|
3916
|
+
function isAuthorityMetadataExpired(metadata) {
|
|
3917
|
+
return metadata.expiresAt <= nowSeconds();
|
|
3918
|
+
}
|
|
3919
|
+
|
|
3920
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3921
|
+
/*
|
|
3922
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3923
|
+
* Licensed under the MIT License.
|
|
3924
|
+
*/
|
|
3925
|
+
/**
|
|
3926
|
+
* Time spent sending/waiting for the response of a request to the token endpoint
|
|
3927
|
+
*/
|
|
3928
|
+
const NetworkClientSendPostRequestAsync = "networkClientSendPostRequestAsync";
|
|
3929
|
+
const RefreshTokenClientExecutePostToTokenEndpoint = "refreshTokenClientExecutePostToTokenEndpoint";
|
|
3930
|
+
const AuthorizationCodeClientExecutePostToTokenEndpoint = "authorizationCodeClientExecutePostToTokenEndpoint";
|
|
3931
|
+
/**
|
|
3932
|
+
* Time spent on the network for refresh token acquisition
|
|
3933
|
+
*/
|
|
3934
|
+
const RefreshTokenClientExecuteTokenRequest = "refreshTokenClientExecuteTokenRequest";
|
|
3935
|
+
/**
|
|
3936
|
+
* Time taken for acquiring refresh token , records RT size
|
|
3937
|
+
*/
|
|
3938
|
+
const RefreshTokenClientAcquireToken = "refreshTokenClientAcquireToken";
|
|
3939
|
+
/**
|
|
3940
|
+
* Time taken for acquiring cached refresh token
|
|
3850
3941
|
*/
|
|
3851
3942
|
const RefreshTokenClientAcquireTokenWithCachedRefreshToken = "refreshTokenClientAcquireTokenWithCachedRefreshToken";
|
|
3852
3943
|
/**
|
|
@@ -3897,7 +3988,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
|
|
|
3897
3988
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
3898
3989
|
const SetUserData = "setUserData";
|
|
3899
3990
|
|
|
3900
|
-
/*! @azure/msal-common v16.
|
|
3991
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3901
3992
|
/*
|
|
3902
3993
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3903
3994
|
* Licensed under the MIT License.
|
|
@@ -3990,7 +4081,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
|
|
|
3990
4081
|
};
|
|
3991
4082
|
};
|
|
3992
4083
|
|
|
3993
|
-
/*! @azure/msal-common v16.
|
|
4084
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3994
4085
|
|
|
3995
4086
|
/*
|
|
3996
4087
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4070,293 +4161,213 @@ class PopTokenGenerator {
|
|
|
4070
4161
|
}
|
|
4071
4162
|
}
|
|
4072
4163
|
|
|
4073
|
-
/*! @azure/msal-common v16.
|
|
4164
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4074
4165
|
/*
|
|
4075
4166
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4076
4167
|
* Licensed under the MIT License.
|
|
4077
4168
|
*/
|
|
4078
4169
|
/**
|
|
4079
|
-
*
|
|
4080
|
-
*
|
|
4081
|
-
*/ class TokenCacheContext {
|
|
4082
|
-
constructor(tokenCache, hasChanged) {
|
|
4083
|
-
this.cache = tokenCache;
|
|
4084
|
-
this.hasChanged = hasChanged;
|
|
4085
|
-
}
|
|
4086
|
-
/**
|
|
4087
|
-
* boolean which indicates the changes in cache
|
|
4088
|
-
*/
|
|
4089
|
-
get cacheHasChanged() {
|
|
4090
|
-
return this.hasChanged;
|
|
4091
|
-
}
|
|
4092
|
-
/**
|
|
4093
|
-
* function to retrieve the token cache
|
|
4094
|
-
*/
|
|
4095
|
-
get tokenCache() {
|
|
4096
|
-
return this.cache;
|
|
4097
|
-
}
|
|
4098
|
-
}
|
|
4099
|
-
|
|
4100
|
-
/*! @azure/msal-common v16.4.0 2026-03-27 */
|
|
4101
|
-
|
|
4102
|
-
/*
|
|
4103
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4104
|
-
* Licensed under the MIT License.
|
|
4170
|
+
* MSAL-defined interaction required error code indicating no tokens are found in cache.
|
|
4171
|
+
* @public
|
|
4105
4172
|
*/
|
|
4173
|
+
const noTokensFound = "no_tokens_found";
|
|
4106
4174
|
/**
|
|
4107
|
-
*
|
|
4108
|
-
* @
|
|
4109
|
-
* @param authenticationResult
|
|
4110
|
-
* @param clientId
|
|
4111
|
-
* @param authority
|
|
4175
|
+
* MSAL-defined error code indicating a native account is unavailable on the platform.
|
|
4176
|
+
* @public
|
|
4112
4177
|
*/
|
|
4113
|
-
|
|
4114
|
-
const idTokenEntity = {
|
|
4115
|
-
credentialType: CredentialType.ID_TOKEN,
|
|
4116
|
-
homeAccountId: homeAccountId,
|
|
4117
|
-
environment: environment,
|
|
4118
|
-
clientId: clientId,
|
|
4119
|
-
secret: idToken,
|
|
4120
|
-
realm: tenantId,
|
|
4121
|
-
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
4122
|
-
};
|
|
4123
|
-
return idTokenEntity;
|
|
4124
|
-
}
|
|
4178
|
+
const nativeAccountUnavailable = "native_account_unavailable";
|
|
4125
4179
|
/**
|
|
4126
|
-
*
|
|
4127
|
-
* @
|
|
4128
|
-
* @param environment
|
|
4129
|
-
* @param accessToken
|
|
4130
|
-
* @param clientId
|
|
4131
|
-
* @param tenantId
|
|
4132
|
-
* @param scopes
|
|
4133
|
-
* @param expiresOn
|
|
4134
|
-
* @param extExpiresOn
|
|
4180
|
+
* MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
|
|
4181
|
+
* @public
|
|
4135
4182
|
*/
|
|
4136
|
-
|
|
4137
|
-
const atEntity = {
|
|
4138
|
-
homeAccountId: homeAccountId,
|
|
4139
|
-
credentialType: CredentialType.ACCESS_TOKEN,
|
|
4140
|
-
secret: accessToken,
|
|
4141
|
-
cachedAt: nowSeconds().toString(),
|
|
4142
|
-
expiresOn: expiresOn.toString(),
|
|
4143
|
-
extendedExpiresOn: extExpiresOn.toString(),
|
|
4144
|
-
environment: environment,
|
|
4145
|
-
clientId: clientId,
|
|
4146
|
-
realm: tenantId,
|
|
4147
|
-
target: scopes,
|
|
4148
|
-
tokenType: tokenType || AuthenticationScheme.BEARER,
|
|
4149
|
-
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
4150
|
-
};
|
|
4151
|
-
if (userAssertionHash) {
|
|
4152
|
-
atEntity.userAssertionHash = userAssertionHash;
|
|
4153
|
-
}
|
|
4154
|
-
if (refreshOn) {
|
|
4155
|
-
atEntity.refreshOn = refreshOn.toString();
|
|
4156
|
-
}
|
|
4157
|
-
/*
|
|
4158
|
-
* Create Access Token With Auth Scheme instead of regular access token
|
|
4159
|
-
* Cast to lower to handle "bearer" from ADFS
|
|
4160
|
-
*/
|
|
4161
|
-
if (atEntity.tokenType?.toLowerCase() !==
|
|
4162
|
-
AuthenticationScheme.BEARER.toLowerCase()) {
|
|
4163
|
-
atEntity.credentialType =
|
|
4164
|
-
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
|
|
4165
|
-
switch (atEntity.tokenType) {
|
|
4166
|
-
case AuthenticationScheme.POP:
|
|
4167
|
-
// Make sure keyId is present and add it to credential
|
|
4168
|
-
const tokenClaims = extractTokenClaims(accessToken, base64Decode);
|
|
4169
|
-
if (!tokenClaims?.cnf?.kid) {
|
|
4170
|
-
throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
|
|
4171
|
-
}
|
|
4172
|
-
atEntity.keyId = tokenClaims.cnf.kid;
|
|
4173
|
-
break;
|
|
4174
|
-
case AuthenticationScheme.SSH:
|
|
4175
|
-
atEntity.keyId = keyId;
|
|
4176
|
-
}
|
|
4177
|
-
}
|
|
4178
|
-
return atEntity;
|
|
4179
|
-
}
|
|
4183
|
+
const refreshTokenExpired = "refresh_token_expired";
|
|
4180
4184
|
/**
|
|
4181
|
-
*
|
|
4182
|
-
* @
|
|
4183
|
-
* @param authenticationResult
|
|
4184
|
-
* @param clientId
|
|
4185
|
-
* @param authority
|
|
4185
|
+
* MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
|
|
4186
|
+
* @public
|
|
4186
4187
|
*/
|
|
4187
|
-
|
|
4188
|
-
const rtEntity = {
|
|
4189
|
-
credentialType: CredentialType.REFRESH_TOKEN,
|
|
4190
|
-
homeAccountId: homeAccountId,
|
|
4191
|
-
environment: environment,
|
|
4192
|
-
clientId: clientId,
|
|
4193
|
-
secret: refreshToken,
|
|
4194
|
-
lastUpdatedAt: Date.now().toString(),
|
|
4195
|
-
};
|
|
4196
|
-
if (userAssertionHash) {
|
|
4197
|
-
rtEntity.userAssertionHash = userAssertionHash;
|
|
4198
|
-
}
|
|
4199
|
-
if (familyId) {
|
|
4200
|
-
rtEntity.familyId = familyId;
|
|
4201
|
-
}
|
|
4202
|
-
if (expiresOn) {
|
|
4203
|
-
rtEntity.expiresOn = expiresOn.toString();
|
|
4204
|
-
}
|
|
4205
|
-
return rtEntity;
|
|
4206
|
-
}
|
|
4207
|
-
function isCredentialEntity(entity) {
|
|
4208
|
-
return (entity.hasOwnProperty("homeAccountId") &&
|
|
4209
|
-
entity.hasOwnProperty("environment") &&
|
|
4210
|
-
entity.hasOwnProperty("credentialType") &&
|
|
4211
|
-
entity.hasOwnProperty("clientId") &&
|
|
4212
|
-
entity.hasOwnProperty("secret"));
|
|
4213
|
-
}
|
|
4188
|
+
const uxNotAllowed = "ux_not_allowed";
|
|
4214
4189
|
/**
|
|
4215
|
-
*
|
|
4216
|
-
* @
|
|
4190
|
+
* Server-originated error code indicating interaction is required to complete the request.
|
|
4191
|
+
* @public
|
|
4217
4192
|
*/
|
|
4218
|
-
|
|
4219
|
-
if (!entity) {
|
|
4220
|
-
return false;
|
|
4221
|
-
}
|
|
4222
|
-
return (isCredentialEntity(entity) &&
|
|
4223
|
-
entity.hasOwnProperty("realm") &&
|
|
4224
|
-
entity.hasOwnProperty("target") &&
|
|
4225
|
-
(entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
|
|
4226
|
-
entity["credentialType"] ===
|
|
4227
|
-
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
|
|
4228
|
-
}
|
|
4193
|
+
const interactionRequired = "interaction_required";
|
|
4229
4194
|
/**
|
|
4230
|
-
*
|
|
4231
|
-
* @
|
|
4195
|
+
* Server-originated error code indicating user consent is required.
|
|
4196
|
+
* @public
|
|
4232
4197
|
*/
|
|
4233
|
-
|
|
4234
|
-
if (!entity) {
|
|
4235
|
-
return false;
|
|
4236
|
-
}
|
|
4237
|
-
return (isCredentialEntity(entity) &&
|
|
4238
|
-
entity.hasOwnProperty("realm") &&
|
|
4239
|
-
entity["credentialType"] === CredentialType.ID_TOKEN);
|
|
4240
|
-
}
|
|
4198
|
+
const consentRequired = "consent_required";
|
|
4241
4199
|
/**
|
|
4242
|
-
*
|
|
4243
|
-
* @
|
|
4200
|
+
* Server-originated error code indicating user login is required.
|
|
4201
|
+
* @public
|
|
4244
4202
|
*/
|
|
4245
|
-
|
|
4246
|
-
if (!entity) {
|
|
4247
|
-
return false;
|
|
4248
|
-
}
|
|
4249
|
-
return (isCredentialEntity(entity) &&
|
|
4250
|
-
entity["credentialType"] === CredentialType.REFRESH_TOKEN);
|
|
4251
|
-
}
|
|
4203
|
+
const loginRequired = "login_required";
|
|
4252
4204
|
/**
|
|
4253
|
-
*
|
|
4254
|
-
* @
|
|
4255
|
-
* @param entity
|
|
4205
|
+
* Server-originated error code indicating the token is invalid or corrupted.
|
|
4206
|
+
* @public
|
|
4256
4207
|
*/
|
|
4257
|
-
|
|
4258
|
-
const validateKey = key.indexOf(SERVER_TELEM_CACHE_KEY) === 0;
|
|
4259
|
-
let validateEntity = true;
|
|
4260
|
-
if (entity) {
|
|
4261
|
-
validateEntity =
|
|
4262
|
-
entity.hasOwnProperty("failedRequests") &&
|
|
4263
|
-
entity.hasOwnProperty("errors") &&
|
|
4264
|
-
entity.hasOwnProperty("cacheHits");
|
|
4265
|
-
}
|
|
4266
|
-
return validateKey && validateEntity;
|
|
4267
|
-
}
|
|
4208
|
+
const badToken = "bad_token";
|
|
4268
4209
|
/**
|
|
4269
|
-
*
|
|
4270
|
-
* @
|
|
4271
|
-
* @param entity
|
|
4210
|
+
* Server-originated error code indicating the user is in an interrupted state and interaction is required.
|
|
4211
|
+
* @public
|
|
4272
4212
|
*/
|
|
4273
|
-
|
|
4274
|
-
|
|
4275
|
-
|
|
4276
|
-
|
|
4277
|
-
|
|
4278
|
-
|
|
4279
|
-
|
|
4280
|
-
|
|
4213
|
+
const interruptedUser = "interrupted_user";
|
|
4214
|
+
|
|
4215
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4216
|
+
|
|
4217
|
+
/*
|
|
4218
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4219
|
+
* Licensed under the MIT License.
|
|
4220
|
+
*/
|
|
4221
|
+
/**
|
|
4222
|
+
* InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required
|
|
4223
|
+
*/
|
|
4224
|
+
const InteractionRequiredServerErrorMessage = [
|
|
4225
|
+
interactionRequired,
|
|
4226
|
+
consentRequired,
|
|
4227
|
+
loginRequired,
|
|
4228
|
+
badToken,
|
|
4229
|
+
uxNotAllowed,
|
|
4230
|
+
interruptedUser,
|
|
4231
|
+
];
|
|
4232
|
+
const InteractionRequiredAuthSubErrorMessage = [
|
|
4233
|
+
"message_only",
|
|
4234
|
+
"additional_action",
|
|
4235
|
+
"basic_action",
|
|
4236
|
+
"user_password_expired",
|
|
4237
|
+
"consent_required",
|
|
4238
|
+
"bad_token",
|
|
4239
|
+
"ux_not_allowed",
|
|
4240
|
+
"interrupted_user",
|
|
4241
|
+
];
|
|
4242
|
+
/**
|
|
4243
|
+
* Error thrown when user interaction is required.
|
|
4244
|
+
*/
|
|
4245
|
+
class InteractionRequiredAuthError extends AuthError {
|
|
4246
|
+
constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
|
|
4247
|
+
super(errorCode, errorMessage, subError);
|
|
4248
|
+
Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
|
|
4249
|
+
this.timestamp = timestamp || "";
|
|
4250
|
+
this.traceId = traceId || "";
|
|
4251
|
+
this.correlationId = correlationId || "";
|
|
4252
|
+
this.claims = claims || "";
|
|
4253
|
+
this.name = "InteractionRequiredAuthError";
|
|
4254
|
+
this.errorNo = errorNo;
|
|
4281
4255
|
}
|
|
4282
|
-
return validateKey && validateEntity;
|
|
4283
4256
|
}
|
|
4284
4257
|
/**
|
|
4285
|
-
*
|
|
4258
|
+
* Helper function used to determine if an error thrown by the server requires interaction to resolve
|
|
4259
|
+
* @param errorCode
|
|
4260
|
+
* @param errorString
|
|
4261
|
+
* @param subError
|
|
4262
|
+
*/
|
|
4263
|
+
function isInteractionRequiredError(errorCode, errorString, subError) {
|
|
4264
|
+
const isInteractionRequiredErrorCode = !!errorCode &&
|
|
4265
|
+
InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;
|
|
4266
|
+
const isInteractionRequiredSubError = !!subError &&
|
|
4267
|
+
InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
|
|
4268
|
+
const isInteractionRequiredErrorDesc = !!errorString &&
|
|
4269
|
+
InteractionRequiredServerErrorMessage.some((irErrorCode) => {
|
|
4270
|
+
return errorString.indexOf(irErrorCode) > -1;
|
|
4271
|
+
});
|
|
4272
|
+
return (isInteractionRequiredErrorCode ||
|
|
4273
|
+
isInteractionRequiredErrorDesc ||
|
|
4274
|
+
isInteractionRequiredSubError);
|
|
4275
|
+
}
|
|
4276
|
+
/**
|
|
4277
|
+
* Creates an InteractionRequiredAuthError
|
|
4286
4278
|
*/
|
|
4287
|
-
function
|
|
4288
|
-
|
|
4289
|
-
|
|
4290
|
-
|
|
4291
|
-
|
|
4292
|
-
|
|
4293
|
-
return appMetaDataKeyArray
|
|
4294
|
-
.join(CACHE_KEY_SEPARATOR$1)
|
|
4295
|
-
.toLowerCase();
|
|
4296
|
-
}
|
|
4279
|
+
function createInteractionRequiredAuthError(errorCode, errorMessage) {
|
|
4280
|
+
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4281
|
+
}
|
|
4282
|
+
|
|
4283
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4284
|
+
|
|
4297
4285
|
/*
|
|
4298
|
-
*
|
|
4299
|
-
*
|
|
4286
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4287
|
+
* Licensed under the MIT License.
|
|
4300
4288
|
*/
|
|
4301
|
-
function isAppMetadataEntity(key, entity) {
|
|
4302
|
-
if (!entity) {
|
|
4303
|
-
return false;
|
|
4304
|
-
}
|
|
4305
|
-
return (key.indexOf(APP_METADATA) === 0 &&
|
|
4306
|
-
entity.hasOwnProperty("clientId") &&
|
|
4307
|
-
entity.hasOwnProperty("environment"));
|
|
4308
|
-
}
|
|
4309
4289
|
/**
|
|
4310
|
-
*
|
|
4311
|
-
* @param entity
|
|
4290
|
+
* Error thrown when there is an error with the server code, for example, unavailability.
|
|
4312
4291
|
*/
|
|
4313
|
-
|
|
4314
|
-
|
|
4315
|
-
|
|
4292
|
+
class ServerError extends AuthError {
|
|
4293
|
+
constructor(errorCode, errorMessage, subError, errorNo, status) {
|
|
4294
|
+
super(errorCode, errorMessage, subError);
|
|
4295
|
+
this.name = "ServerError";
|
|
4296
|
+
this.errorNo = errorNo;
|
|
4297
|
+
this.status = status;
|
|
4298
|
+
Object.setPrototypeOf(this, ServerError.prototype);
|
|
4316
4299
|
}
|
|
4317
|
-
|
|
4318
|
-
|
|
4319
|
-
|
|
4320
|
-
|
|
4321
|
-
|
|
4322
|
-
|
|
4323
|
-
|
|
4324
|
-
|
|
4325
|
-
entity.hasOwnProperty("aliasesFromNetwork") &&
|
|
4326
|
-
entity.hasOwnProperty("endpointsFromNetwork") &&
|
|
4327
|
-
entity.hasOwnProperty("expiresAt") &&
|
|
4328
|
-
entity.hasOwnProperty("jwks_uri"));
|
|
4329
|
-
}
|
|
4300
|
+
}
|
|
4301
|
+
|
|
4302
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4303
|
+
|
|
4304
|
+
/*
|
|
4305
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4306
|
+
* Licensed under the MIT License.
|
|
4307
|
+
*/
|
|
4330
4308
|
/**
|
|
4331
|
-
*
|
|
4309
|
+
* Appends user state with random guid, or returns random guid.
|
|
4310
|
+
* @param cryptoObj
|
|
4311
|
+
* @param userState
|
|
4312
|
+
* @param meta
|
|
4332
4313
|
*/
|
|
4333
|
-
function
|
|
4334
|
-
|
|
4335
|
-
|
|
4336
|
-
}
|
|
4337
|
-
|
|
4338
|
-
authorityMetadata.authorization_endpoint =
|
|
4339
|
-
updatedValues.authorization_endpoint;
|
|
4340
|
-
authorityMetadata.token_endpoint = updatedValues.token_endpoint;
|
|
4341
|
-
authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
|
|
4342
|
-
authorityMetadata.issuer = updatedValues.issuer;
|
|
4343
|
-
authorityMetadata.endpointsFromNetwork = fromNetwork;
|
|
4344
|
-
authorityMetadata.jwks_uri = updatedValues.jwks_uri;
|
|
4314
|
+
function setRequestState(cryptoObj, userState, meta) {
|
|
4315
|
+
const libraryState = generateLibraryState(cryptoObj, meta);
|
|
4316
|
+
return userState
|
|
4317
|
+
? `${libraryState}${RESOURCE_DELIM}${userState}`
|
|
4318
|
+
: libraryState;
|
|
4345
4319
|
}
|
|
4346
|
-
|
|
4347
|
-
|
|
4348
|
-
|
|
4349
|
-
|
|
4350
|
-
|
|
4320
|
+
/**
|
|
4321
|
+
* Generates the state value used by the common library.
|
|
4322
|
+
* @param cryptoObj
|
|
4323
|
+
* @param meta
|
|
4324
|
+
*/
|
|
4325
|
+
function generateLibraryState(cryptoObj, meta) {
|
|
4326
|
+
if (!cryptoObj) {
|
|
4327
|
+
throw createClientAuthError(noCryptoObject);
|
|
4328
|
+
}
|
|
4329
|
+
// Create a state object containing a unique id and the timestamp of the request creation
|
|
4330
|
+
const stateObj = {
|
|
4331
|
+
id: cryptoObj.createNewGuid(),
|
|
4332
|
+
};
|
|
4333
|
+
if (meta) {
|
|
4334
|
+
stateObj.meta = meta;
|
|
4335
|
+
}
|
|
4336
|
+
const stateString = JSON.stringify(stateObj);
|
|
4337
|
+
return cryptoObj.base64Encode(stateString);
|
|
4351
4338
|
}
|
|
4352
4339
|
/**
|
|
4353
|
-
*
|
|
4340
|
+
* Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.
|
|
4341
|
+
* @param base64Decode
|
|
4342
|
+
* @param state
|
|
4354
4343
|
*/
|
|
4355
|
-
function
|
|
4356
|
-
|
|
4344
|
+
function parseRequestState(base64Decode, state) {
|
|
4345
|
+
if (!base64Decode) {
|
|
4346
|
+
throw createClientAuthError(noCryptoObject);
|
|
4347
|
+
}
|
|
4348
|
+
if (!state) {
|
|
4349
|
+
throw createClientAuthError(invalidState);
|
|
4350
|
+
}
|
|
4351
|
+
try {
|
|
4352
|
+
// Split the state between library state and user passed state and decode them separately
|
|
4353
|
+
const splitState = state.split(RESOURCE_DELIM);
|
|
4354
|
+
const libraryState = splitState[0];
|
|
4355
|
+
const userState = splitState.length > 1
|
|
4356
|
+
? splitState.slice(1).join(RESOURCE_DELIM)
|
|
4357
|
+
: "";
|
|
4358
|
+
const libraryStateString = base64Decode(libraryState);
|
|
4359
|
+
const libraryStateObj = JSON.parse(libraryStateString);
|
|
4360
|
+
return {
|
|
4361
|
+
userRequestState: userState || "",
|
|
4362
|
+
libraryState: libraryStateObj,
|
|
4363
|
+
};
|
|
4364
|
+
}
|
|
4365
|
+
catch (e) {
|
|
4366
|
+
throw createClientAuthError(invalidState);
|
|
4367
|
+
}
|
|
4357
4368
|
}
|
|
4358
4369
|
|
|
4359
|
-
/*! @azure/msal-common v16.
|
|
4370
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4360
4371
|
|
|
4361
4372
|
/*
|
|
4362
4373
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4512,7 +4523,7 @@ class ResponseHandler {
|
|
|
4512
4523
|
if (serverTokenResponse.id_token && !!idTokenClaims) {
|
|
4513
4524
|
cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || "");
|
|
4514
4525
|
cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, request.correlationId, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
|
|
4515
|
-
this.logger);
|
|
4526
|
+
this.logger, this.performanceClient);
|
|
4516
4527
|
}
|
|
4517
4528
|
// AccessToken
|
|
4518
4529
|
let cachedAccessToken = null;
|
|
@@ -4663,17 +4674,24 @@ class ResponseHandler {
|
|
|
4663
4674
|
};
|
|
4664
4675
|
}
|
|
4665
4676
|
}
|
|
4666
|
-
function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
|
|
4677
|
+
function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger, performanceClient) {
|
|
4667
4678
|
logger?.verbose("09jz0t", correlationId);
|
|
4668
|
-
|
|
4669
|
-
|
|
4670
|
-
|
|
4671
|
-
|
|
4672
|
-
|
|
4673
|
-
|
|
4674
|
-
|
|
4675
|
-
|
|
4679
|
+
/*
|
|
4680
|
+
* Check if base account is already cached. Filter by homeAccountId (identifies
|
|
4681
|
+
* the user's home identity) and environment (identifies the cloud) — the two
|
|
4682
|
+
* tenant-agnostic properties that uniquely locate a base AccountEntity.
|
|
4683
|
+
*/
|
|
4684
|
+
const accountEnvironment = environment || authority.getPreferredCache();
|
|
4685
|
+
const matchedAccounts = cacheStorage.getAccountsFilteredBy({ homeAccountId, environment: accountEnvironment }, correlationId);
|
|
4686
|
+
performanceClient?.addFields({ cacheMatchedAccounts: matchedAccounts.length }, correlationId);
|
|
4687
|
+
if (matchedAccounts.length > 1) {
|
|
4688
|
+
/*
|
|
4689
|
+
* Base accounts are expected to be unique for a given homeAccountId in normal cache usage.
|
|
4690
|
+
* If multiple matches exist, ignore the cache hit rather than arbitrarily choosing one.
|
|
4691
|
+
*/
|
|
4692
|
+
logger?.warning("0x7ad1", correlationId);
|
|
4676
4693
|
}
|
|
4694
|
+
const cachedAccount = matchedAccounts.length === 1 ? matchedAccounts[0] : null;
|
|
4677
4695
|
const baseAccount = cachedAccount ||
|
|
4678
4696
|
createAccountEntity({
|
|
4679
4697
|
homeAccountId,
|
|
@@ -4697,7 +4715,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
|
|
|
4697
4715
|
return baseAccount;
|
|
4698
4716
|
}
|
|
4699
4717
|
|
|
4700
|
-
/*! @azure/msal-common v16.
|
|
4718
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4701
4719
|
/*
|
|
4702
4720
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4703
4721
|
* Licensed under the MIT License.
|
|
@@ -4707,7 +4725,7 @@ const CcsCredentialType = {
|
|
|
4707
4725
|
UPN: "UPN",
|
|
4708
4726
|
};
|
|
4709
4727
|
|
|
4710
|
-
/*! @azure/msal-common v16.
|
|
4728
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4711
4729
|
/*
|
|
4712
4730
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4713
4731
|
* Licensed under the MIT License.
|
|
@@ -4725,7 +4743,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
|
|
|
4725
4743
|
}
|
|
4726
4744
|
}
|
|
4727
4745
|
|
|
4728
|
-
/*! @azure/msal-common v16.
|
|
4746
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4729
4747
|
/*
|
|
4730
4748
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4731
4749
|
* Licensed under the MIT License.
|
|
@@ -4746,7 +4764,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
|
|
|
4746
4764
|
};
|
|
4747
4765
|
}
|
|
4748
4766
|
|
|
4749
|
-
/*! @azure/msal-common v16.
|
|
4767
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4750
4768
|
|
|
4751
4769
|
/*
|
|
4752
4770
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4832,7 +4850,7 @@ class ThrottlingUtils {
|
|
|
4832
4850
|
}
|
|
4833
4851
|
}
|
|
4834
4852
|
|
|
4835
|
-
/*! @azure/msal-common v16.
|
|
4853
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4836
4854
|
|
|
4837
4855
|
/*
|
|
4838
4856
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4863,7 +4881,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
|
|
|
4863
4881
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
4864
4882
|
}
|
|
4865
4883
|
|
|
4866
|
-
/*! @azure/msal-common v16.
|
|
4884
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4867
4885
|
|
|
4868
4886
|
/*
|
|
4869
4887
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4977,7 +4995,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
|
|
|
4977
4995
|
return response;
|
|
4978
4996
|
}
|
|
4979
4997
|
|
|
4980
|
-
/*! @azure/msal-common v16.
|
|
4998
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4981
4999
|
/*
|
|
4982
5000
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4983
5001
|
* Licensed under the MIT License.
|
|
@@ -4989,7 +5007,7 @@ function isOpenIdConfigResponse(response) {
|
|
|
4989
5007
|
response.hasOwnProperty("jwks_uri"));
|
|
4990
5008
|
}
|
|
4991
5009
|
|
|
4992
|
-
/*! @azure/msal-common v16.
|
|
5010
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4993
5011
|
/*
|
|
4994
5012
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4995
5013
|
* Licensed under the MIT License.
|
|
@@ -4999,7 +5017,7 @@ function isCloudInstanceDiscoveryResponse(response) {
|
|
|
4999
5017
|
response.hasOwnProperty("metadata"));
|
|
5000
5018
|
}
|
|
5001
5019
|
|
|
5002
|
-
/*! @azure/msal-common v16.
|
|
5020
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5003
5021
|
/*
|
|
5004
5022
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5005
5023
|
* Licensed under the MIT License.
|
|
@@ -5009,7 +5027,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
|
|
|
5009
5027
|
response.hasOwnProperty("error_description"));
|
|
5010
5028
|
}
|
|
5011
5029
|
|
|
5012
|
-
/*! @azure/msal-common v16.
|
|
5030
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5013
5031
|
|
|
5014
5032
|
/*
|
|
5015
5033
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5114,7 +5132,7 @@ RegionDiscovery.IMDS_OPTIONS = {
|
|
|
5114
5132
|
},
|
|
5115
5133
|
};
|
|
5116
5134
|
|
|
5117
|
-
/*! @azure/msal-common v16.
|
|
5135
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5118
5136
|
|
|
5119
5137
|
/*
|
|
5120
5138
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5934,7 +5952,7 @@ function buildStaticAuthorityOptions(authOptions) {
|
|
|
5934
5952
|
};
|
|
5935
5953
|
}
|
|
5936
5954
|
|
|
5937
|
-
/*! @azure/msal-common v16.
|
|
5955
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5938
5956
|
|
|
5939
5957
|
/*
|
|
5940
5958
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5968,7 +5986,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
|
|
|
5968
5986
|
}
|
|
5969
5987
|
}
|
|
5970
5988
|
|
|
5971
|
-
/*! @azure/msal-common v16.
|
|
5989
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5972
5990
|
|
|
5973
5991
|
/*
|
|
5974
5992
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6133,11 +6151,6 @@ class AuthorizationCodeClient {
|
|
|
6133
6151
|
throw createClientConfigurationError(missingSshJwk);
|
|
6134
6152
|
}
|
|
6135
6153
|
}
|
|
6136
|
-
if (!StringUtils.isEmptyObj(request.claims) ||
|
|
6137
|
-
(this.config.authOptions.clientCapabilities &&
|
|
6138
|
-
this.config.authOptions.clientCapabilities.length > 0)) {
|
|
6139
|
-
addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
|
|
6140
|
-
}
|
|
6141
6154
|
let ccsCred = undefined;
|
|
6142
6155
|
if (request.clientInfo) {
|
|
6143
6156
|
try {
|
|
@@ -6186,6 +6199,7 @@ class AuthorizationCodeClient {
|
|
|
6186
6199
|
});
|
|
6187
6200
|
}
|
|
6188
6201
|
instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
|
|
6202
|
+
addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities, request.skipBrokerClaims);
|
|
6189
6203
|
return mapToQueryString(parameters);
|
|
6190
6204
|
}
|
|
6191
6205
|
/**
|
|
@@ -6229,7 +6243,7 @@ class AuthorizationCodeClient {
|
|
|
6229
6243
|
}
|
|
6230
6244
|
}
|
|
6231
6245
|
|
|
6232
|
-
/*! @azure/msal-common v16.
|
|
6246
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6233
6247
|
|
|
6234
6248
|
/*
|
|
6235
6249
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6419,11 +6433,6 @@ class RefreshTokenClient {
|
|
|
6419
6433
|
throw createClientConfigurationError(missingSshJwk);
|
|
6420
6434
|
}
|
|
6421
6435
|
}
|
|
6422
|
-
if (!StringUtils.isEmptyObj(request.claims) ||
|
|
6423
|
-
(this.config.authOptions.clientCapabilities &&
|
|
6424
|
-
this.config.authOptions.clientCapabilities.length > 0)) {
|
|
6425
|
-
addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
|
|
6426
|
-
}
|
|
6427
6436
|
if (this.config.systemOptions.preventCorsPreflight &&
|
|
6428
6437
|
request.ccsCredential) {
|
|
6429
6438
|
switch (request.ccsCredential.type) {
|
|
@@ -6450,11 +6459,12 @@ class RefreshTokenClient {
|
|
|
6450
6459
|
});
|
|
6451
6460
|
}
|
|
6452
6461
|
instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
|
|
6462
|
+
addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities, request.skipBrokerClaims);
|
|
6453
6463
|
return mapToQueryString(parameters);
|
|
6454
6464
|
}
|
|
6455
6465
|
}
|
|
6456
6466
|
|
|
6457
|
-
/*! @azure/msal-common v16.
|
|
6467
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6458
6468
|
|
|
6459
6469
|
/*
|
|
6460
6470
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6570,7 +6580,7 @@ class SilentFlowClient {
|
|
|
6570
6580
|
}
|
|
6571
6581
|
}
|
|
6572
6582
|
|
|
6573
|
-
/*! @azure/msal-common v16.
|
|
6583
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6574
6584
|
|
|
6575
6585
|
/*
|
|
6576
6586
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6585,7 +6595,7 @@ const StubbedNetworkModule = {
|
|
|
6585
6595
|
},
|
|
6586
6596
|
};
|
|
6587
6597
|
|
|
6588
|
-
/*! @azure/msal-common v16.
|
|
6598
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6589
6599
|
|
|
6590
6600
|
/*
|
|
6591
6601
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6709,14 +6719,10 @@ function getStandardAuthorizeRequestParameters(authOptions, request, logger, per
|
|
|
6709
6719
|
if (request.state) {
|
|
6710
6720
|
addState(parameters, request.state);
|
|
6711
6721
|
}
|
|
6712
|
-
if (request.claims ||
|
|
6713
|
-
(authOptions.clientCapabilities &&
|
|
6714
|
-
authOptions.clientCapabilities.length > 0)) {
|
|
6715
|
-
addClaims(parameters, request.claims, authOptions.clientCapabilities);
|
|
6716
|
-
}
|
|
6717
6722
|
if (request.embeddedClientId) {
|
|
6718
6723
|
addBrokerParameters(parameters, authOptions.clientId, authOptions.redirectUri);
|
|
6719
6724
|
}
|
|
6725
|
+
addClaims(parameters, request.claims, authOptions.clientCapabilities, request.skipBrokerClaims);
|
|
6720
6726
|
// If extraQueryParameters includes instance_aware its value will be added when extraQueryParameters are added
|
|
6721
6727
|
if (authOptions.instanceAware &&
|
|
6722
6728
|
(!request.extraQueryParameters ||
|
|
@@ -6812,7 +6818,7 @@ function extractLoginHint(account) {
|
|
|
6812
6818
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
6813
6819
|
}
|
|
6814
6820
|
|
|
6815
|
-
/*! @azure/msal-common v16.
|
|
6821
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6816
6822
|
|
|
6817
6823
|
/*
|
|
6818
6824
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6845,7 +6851,7 @@ function containsResourceParam(params) {
|
|
|
6845
6851
|
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
6846
6852
|
}
|
|
6847
6853
|
|
|
6848
|
-
/*! @azure/msal-common v16.
|
|
6854
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6849
6855
|
/*
|
|
6850
6856
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6851
6857
|
* Licensed under the MIT License.
|
|
@@ -6855,7 +6861,7 @@ function containsResourceParam(params) {
|
|
|
6855
6861
|
*/
|
|
6856
6862
|
const unexpectedError = "unexpected_error";
|
|
6857
6863
|
|
|
6858
|
-
/*! @azure/msal-common v16.
|
|
6864
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6859
6865
|
|
|
6860
6866
|
/*
|
|
6861
6867
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7116,7 +7122,7 @@ class ServerTelemetryManager {
|
|
|
7116
7122
|
}
|
|
7117
7123
|
}
|
|
7118
7124
|
|
|
7119
|
-
/*! @azure/msal-common v16.
|
|
7125
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7120
7126
|
|
|
7121
7127
|
/*
|
|
7122
7128
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7137,7 +7143,7 @@ function createJoseHeaderError(code) {
|
|
|
7137
7143
|
return new JoseHeaderError(code);
|
|
7138
7144
|
}
|
|
7139
7145
|
|
|
7140
|
-
/*! @azure/msal-common v16.
|
|
7146
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7141
7147
|
/*
|
|
7142
7148
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7143
7149
|
* Licensed under the MIT License.
|
|
@@ -7145,7 +7151,7 @@ function createJoseHeaderError(code) {
|
|
|
7145
7151
|
const missingKidError = "missing_kid_error";
|
|
7146
7152
|
const missingAlgError = "missing_alg_error";
|
|
7147
7153
|
|
|
7148
|
-
/*! @azure/msal-common v16.
|
|
7154
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7149
7155
|
|
|
7150
7156
|
/*
|
|
7151
7157
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7580,7 +7586,7 @@ function ensureArgumentIsJSONString(argName, argValue, correlationId) {
|
|
|
7580
7586
|
|
|
7581
7587
|
/* eslint-disable header/header */
|
|
7582
7588
|
const name = "@azure/msal-browser";
|
|
7583
|
-
const version = "5.
|
|
7589
|
+
const version = "5.7.0";
|
|
7584
7590
|
|
|
7585
7591
|
/*
|
|
7586
7592
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8136,6 +8142,7 @@ const StandardInteractionClientGetDiscoveredAuthority = "standardInteractionClie
|
|
|
8136
8142
|
* Used to acquire a token from Native component when native brokering is enabled.
|
|
8137
8143
|
*/
|
|
8138
8144
|
const NativeInteractionClientAcquireToken = "nativeInteractionClientAcquireToken";
|
|
8145
|
+
const NativeInteractionClientAcquireTokenRedirect = "nativeInteractionClientAcquireToken";
|
|
8139
8146
|
/**
|
|
8140
8147
|
* acquireTokenByRefreshToken API in RefreshTokenClient (msal-common).
|
|
8141
8148
|
*/
|
|
@@ -8200,7 +8207,12 @@ const UrlEncodeArr = "urlEncodeArr";
|
|
|
8200
8207
|
const Encrypt = "encrypt";
|
|
8201
8208
|
const Decrypt = "decrypt";
|
|
8202
8209
|
const GenerateEarKey = "generateEarKey";
|
|
8203
|
-
const DecryptEarResponse = "decryptEarResponse";
|
|
8210
|
+
const DecryptEarResponse = "decryptEarResponse";
|
|
8211
|
+
/**
|
|
8212
|
+
* Background telemetry measurement that tracks whether a late bridge response
|
|
8213
|
+
* arrives after the iframe timeout has already fired.
|
|
8214
|
+
*/
|
|
8215
|
+
const WaitForBridgeLateResponse = "waitForBridgeLateResponse";
|
|
8204
8216
|
|
|
8205
8217
|
/*
|
|
8206
8218
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -9008,20 +9020,35 @@ function cancelPendingBridgeResponse(logger, correlationId) {
|
|
|
9008
9020
|
activeBridgeMonitor = null;
|
|
9009
9021
|
}
|
|
9010
9022
|
}
|
|
9011
|
-
async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient) {
|
|
9023
|
+
async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient, experimentalConfig) {
|
|
9012
9024
|
return new Promise((resolve, reject) => {
|
|
9013
9025
|
logger.verbose("1rf6em", request.correlationId);
|
|
9014
9026
|
const correlationId = request.correlationId;
|
|
9015
9027
|
performanceClient.addFields({
|
|
9016
9028
|
redirectBridgeTimeoutMs: timeoutMs,
|
|
9029
|
+
lateResponseExperimentEnabled: experimentalConfig?.iframeTimeoutTelemetry || false,
|
|
9017
9030
|
}, correlationId);
|
|
9018
9031
|
const { libraryState } = parseRequestState(browserCrypto.base64Decode, request.state || "");
|
|
9019
9032
|
const channel = new BroadcastChannel(libraryState.id);
|
|
9020
9033
|
let responseString = undefined;
|
|
9034
|
+
let timedOut$1 = false;
|
|
9035
|
+
let lateTimeoutId;
|
|
9036
|
+
let lateMeasurement;
|
|
9021
9037
|
const timeoutId = window.setTimeout(() => {
|
|
9022
9038
|
// Clear the active monitor
|
|
9023
9039
|
activeBridgeMonitor = null;
|
|
9024
|
-
|
|
9040
|
+
if (experimentalConfig?.iframeTimeoutTelemetry) {
|
|
9041
|
+
lateMeasurement = performanceClient.startMeasurement(WaitForBridgeLateResponse, correlationId);
|
|
9042
|
+
timedOut$1 = true;
|
|
9043
|
+
lateTimeoutId = window.setTimeout(() => {
|
|
9044
|
+
lateMeasurement?.end({ success: false });
|
|
9045
|
+
clearTimeout(lateTimeoutId);
|
|
9046
|
+
channel.close();
|
|
9047
|
+
}, 60000); // 60s late response timeout to allow for telemetry of late responses
|
|
9048
|
+
}
|
|
9049
|
+
else {
|
|
9050
|
+
channel.close();
|
|
9051
|
+
}
|
|
9025
9052
|
reject(createBrowserAuthError(timedOut, "redirect_bridge_timeout"));
|
|
9026
9053
|
}, timeoutMs);
|
|
9027
9054
|
// Track this monitor so it can be cancelled if needed
|
|
@@ -9035,6 +9062,14 @@ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request,
|
|
|
9035
9062
|
const messageVersion = event?.data && typeof event.data.v === "number"
|
|
9036
9063
|
? event.data.v
|
|
9037
9064
|
: undefined;
|
|
9065
|
+
if (timedOut$1) {
|
|
9066
|
+
lateMeasurement?.end({
|
|
9067
|
+
success: responseString ? true : false,
|
|
9068
|
+
});
|
|
9069
|
+
clearTimeout(lateTimeoutId);
|
|
9070
|
+
channel.close();
|
|
9071
|
+
return;
|
|
9072
|
+
}
|
|
9038
9073
|
performanceClient.addFields({
|
|
9039
9074
|
redirectBridgeMessageVersion: messageVersion,
|
|
9040
9075
|
}, correlationId);
|
|
@@ -14154,7 +14189,12 @@ const SsoSilent = "ssoSilent";
|
|
|
14154
14189
|
// Initialize client application
|
|
14155
14190
|
const InitializeClientApplication = "initializeClientApplication";
|
|
14156
14191
|
// Update cache storage
|
|
14157
|
-
const LocalStorageUpdated = "localStorageUpdated";
|
|
14192
|
+
const LocalStorageUpdated = "localStorageUpdated";
|
|
14193
|
+
/**
|
|
14194
|
+
* SSO capability verification call (msal-browser).
|
|
14195
|
+
* Fire-and-forget SSO verification call made after interactive authentication completes.
|
|
14196
|
+
*/
|
|
14197
|
+
const SsoCapable = "ssoCapable";
|
|
14158
14198
|
|
|
14159
14199
|
/*
|
|
14160
14200
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -14171,6 +14211,7 @@ const PLATFORM_AUTH_DOM_SUPPORT = `${PREFIX}.${BROWSER_PREFIX}.platform.auth.dom
|
|
|
14171
14211
|
const VERSION_CACHE_KEY = `${PREFIX}.version`;
|
|
14172
14212
|
const ACCOUNT_KEYS = "account.keys";
|
|
14173
14213
|
const TOKEN_KEYS = "token.keys";
|
|
14214
|
+
const SSO_CAPABLE = `${PREFIX}.${BROWSER_PREFIX}.sso.capable`;
|
|
14174
14215
|
function getAccountKeysCacheKey(schema = ACCOUNT_SCHEMA_VERSION) {
|
|
14175
14216
|
if (schema < 1) {
|
|
14176
14217
|
return `${PREFIX}.${ACCOUNT_KEYS}`;
|
|
@@ -16356,7 +16397,6 @@ const userSwitch = "user_switch";
|
|
|
16356
16397
|
const USER_INTERACTION_REQUIRED = "USER_INTERACTION_REQUIRED";
|
|
16357
16398
|
const USER_CANCEL = "USER_CANCEL";
|
|
16358
16399
|
const NO_NETWORK = "NO_NETWORK";
|
|
16359
|
-
const PERSISTENT_ERROR = "PERSISTENT_ERROR";
|
|
16360
16400
|
const DISABLED = "DISABLED";
|
|
16361
16401
|
const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
|
|
16362
16402
|
const UX_NOT_ALLOWED = "UX_NOT_ALLOWED";
|
|
@@ -16380,8 +16420,7 @@ class NativeAuthError extends AuthError {
|
|
|
16380
16420
|
function isFatalNativeAuthError(error) {
|
|
16381
16421
|
if (error.ext &&
|
|
16382
16422
|
error.ext.status &&
|
|
16383
|
-
|
|
16384
|
-
error.ext.status === DISABLED)) {
|
|
16423
|
+
error.ext.status === DISABLED) {
|
|
16385
16424
|
return true;
|
|
16386
16425
|
}
|
|
16387
16426
|
if (error.ext &&
|
|
@@ -16507,12 +16546,12 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
16507
16546
|
async acquireToken(request, cacheLookupPolicy) {
|
|
16508
16547
|
this.logger.trace("03qeos", this.correlationId);
|
|
16509
16548
|
// start the perf measurement
|
|
16510
|
-
const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken,
|
|
16549
|
+
const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken, this.correlationId);
|
|
16511
16550
|
const reqTimestamp = nowSeconds();
|
|
16512
16551
|
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
16513
16552
|
try {
|
|
16514
16553
|
// initialize native request
|
|
16515
|
-
const nativeRequest = await this.
|
|
16554
|
+
const nativeRequest = await this.initializePlatformRequest(request);
|
|
16516
16555
|
// check if the tokens can be retrieved from internal cache
|
|
16517
16556
|
try {
|
|
16518
16557
|
const result = await this.acquireTokensFromCache(this.accountId, nativeRequest);
|
|
@@ -16526,6 +16565,10 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
16526
16565
|
catch (e) {
|
|
16527
16566
|
if (cacheLookupPolicy === CacheLookupPolicy.AccessToken) {
|
|
16528
16567
|
this.logger.info("0eitbc", this.correlationId);
|
|
16568
|
+
nativeATMeasurement.end({
|
|
16569
|
+
success: false,
|
|
16570
|
+
brokerErrorCode: "cache_request_failed",
|
|
16571
|
+
});
|
|
16529
16572
|
throw e;
|
|
16530
16573
|
}
|
|
16531
16574
|
// continue with a native call for any and all errors
|
|
@@ -16547,7 +16590,6 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
16547
16590
|
success: false,
|
|
16548
16591
|
errorCode: error.errorCode,
|
|
16549
16592
|
subErrorCode: error.subError,
|
|
16550
|
-
isNativeBroker: true,
|
|
16551
16593
|
});
|
|
16552
16594
|
throw error;
|
|
16553
16595
|
});
|
|
@@ -16556,6 +16598,9 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
16556
16598
|
if (e instanceof NativeAuthError) {
|
|
16557
16599
|
serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode);
|
|
16558
16600
|
}
|
|
16601
|
+
nativeATMeasurement.end({
|
|
16602
|
+
success: false,
|
|
16603
|
+
});
|
|
16559
16604
|
throw e;
|
|
16560
16605
|
}
|
|
16561
16606
|
}
|
|
@@ -16588,7 +16633,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
16588
16633
|
// fetch the account from browser cache
|
|
16589
16634
|
const account = this.browserStorage.getBaseAccountInfo({
|
|
16590
16635
|
nativeAccountId,
|
|
16591
|
-
},
|
|
16636
|
+
}, this.correlationId);
|
|
16592
16637
|
if (!account) {
|
|
16593
16638
|
throw createClientAuthError(noAccountFound);
|
|
16594
16639
|
}
|
|
@@ -16618,7 +16663,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
16618
16663
|
*/
|
|
16619
16664
|
async acquireTokenRedirect(request, rootMeasurement, options) {
|
|
16620
16665
|
this.logger.trace("0luikq", this.correlationId);
|
|
16621
|
-
const nativeRequest = await this.
|
|
16666
|
+
const nativeRequest = await this.initializePlatformRequest(request);
|
|
16622
16667
|
const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
|
|
16623
16668
|
try {
|
|
16624
16669
|
await this.platformAuthProvider.sendMessage(nativeRequest);
|
|
@@ -16650,7 +16695,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
16650
16695
|
* @param performanceClient {IPerformanceClient?}
|
|
16651
16696
|
* @param correlationId {string?} correlation identifier
|
|
16652
16697
|
*/
|
|
16653
|
-
async handleRedirectPromise(
|
|
16698
|
+
async handleRedirectPromise() {
|
|
16654
16699
|
this.logger.trace("1c5lhw", this.correlationId);
|
|
16655
16700
|
if (!this.browserStorage.isInteractionInProgress(true)) {
|
|
16656
16701
|
this.logger.info("0le6uv", this.correlationId);
|
|
@@ -16660,9 +16705,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
16660
16705
|
const cachedRequest = this.browserStorage.getCachedNativeRequest();
|
|
16661
16706
|
if (!cachedRequest) {
|
|
16662
16707
|
this.logger.verbose("0a6zjb", this.correlationId);
|
|
16663
|
-
|
|
16664
|
-
performanceClient?.addFields({ errorCode: "no_cached_request" }, correlationId);
|
|
16665
|
-
}
|
|
16708
|
+
this.performanceClient?.addFields({ errorCode: "no_cached_request" }, this.correlationId);
|
|
16666
16709
|
return null;
|
|
16667
16710
|
}
|
|
16668
16711
|
const { prompt, ...request } = cachedRequest;
|
|
@@ -16677,6 +16720,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
16677
16720
|
const authResult = await this.handleNativeResponse(response, request, reqTimestamp);
|
|
16678
16721
|
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
16679
16722
|
serverTelemetryManager.clearNativeBrokerErrorCode();
|
|
16723
|
+
this.performanceClient?.addFields({ isNativeBroker: true }, this.correlationId);
|
|
16680
16724
|
return authResult;
|
|
16681
16725
|
}
|
|
16682
16726
|
catch (e) {
|
|
@@ -16717,9 +16761,9 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
16717
16761
|
}
|
|
16718
16762
|
// Get the preferred_cache domain for the given authority
|
|
16719
16763
|
const authority = await getDiscoveredAuthority(this.config, this.correlationId, this.performanceClient, this.browserStorage, this.logger, request.authority);
|
|
16720
|
-
const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info,
|
|
16764
|
+
const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info, authority.getPreferredCache(), // environment
|
|
16721
16765
|
idTokenClaims.tid, undefined, // auth code payload
|
|
16722
|
-
response.account.id);
|
|
16766
|
+
response.account.id, this.logger, this.performanceClient);
|
|
16723
16767
|
// Ensure expires_in is in number format
|
|
16724
16768
|
response.expires_in = Number(response.expires_in);
|
|
16725
16769
|
// generate authenticationResult
|
|
@@ -16945,15 +16989,23 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
16945
16989
|
* Translates developer provided request object into NativeRequest object
|
|
16946
16990
|
* @param request
|
|
16947
16991
|
*/
|
|
16948
|
-
async
|
|
16949
|
-
this.logger.trace("
|
|
16992
|
+
async initializePlatformRequest(request) {
|
|
16993
|
+
this.logger.trace("1xdm2a", this.correlationId);
|
|
16950
16994
|
const canonicalAuthority = await this.getCanonicalAuthority(request);
|
|
16995
|
+
// ignore config claims if skipBrokerClaims is set to true and this is a brokered authentication flow
|
|
16996
|
+
const configClaims = request.skipBrokerClaims && !!request.embeddedClientId
|
|
16997
|
+
? undefined
|
|
16998
|
+
: this.config.auth.clientCapabilities;
|
|
16951
16999
|
// scopes are expected to be received by the native broker as "scope" and will be added to the request below. Other properties that should be dropped from the request to the native broker can be included in the object destructuring here.
|
|
16952
|
-
const { scopes, ...remainingProperties } = request;
|
|
17000
|
+
const { scopes, claims, ...remainingProperties } = request;
|
|
16953
17001
|
const scopeSet = new ScopeSet(scopes || []);
|
|
16954
17002
|
scopeSet.appendScopes(OIDC_DEFAULT_SCOPES);
|
|
17003
|
+
const mergedClaims = configClaims && configClaims.length
|
|
17004
|
+
? addClientCapabilitiesToClaims(claims, configClaims)
|
|
17005
|
+
: claims;
|
|
16955
17006
|
const validatedRequest = {
|
|
16956
17007
|
...remainingProperties,
|
|
17008
|
+
claims: mergedClaims,
|
|
16957
17009
|
accountId: this.accountId,
|
|
16958
17010
|
clientId: this.config.auth.clientId,
|
|
16959
17011
|
authority: canonicalAuthority.urlString,
|
|
@@ -17023,12 +17075,12 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
17023
17075
|
switch (this.apiId) {
|
|
17024
17076
|
case ApiId.ssoSilent:
|
|
17025
17077
|
case ApiId.acquireTokenSilent_silentFlow:
|
|
17026
|
-
this.logger.trace("
|
|
17078
|
+
this.logger.trace("12n1y2", this.correlationId);
|
|
17027
17079
|
return PromptValue.NONE;
|
|
17028
17080
|
}
|
|
17029
17081
|
// Prompt not provided, request may proceed and native broker decides if it needs to prompt
|
|
17030
17082
|
if (!prompt) {
|
|
17031
|
-
this.logger.trace("
|
|
17083
|
+
this.logger.trace("0uid1p", this.correlationId);
|
|
17032
17084
|
return undefined;
|
|
17033
17085
|
}
|
|
17034
17086
|
// If request is interactive, check if prompt provided is allowed to go directly to native broker
|
|
@@ -17036,10 +17088,10 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
17036
17088
|
case PromptValue.NONE:
|
|
17037
17089
|
case PromptValue.CONSENT:
|
|
17038
17090
|
case PromptValue.LOGIN:
|
|
17039
|
-
this.logger.trace("
|
|
17091
|
+
this.logger.trace("0i0hco", this.correlationId);
|
|
17040
17092
|
return prompt;
|
|
17041
17093
|
default:
|
|
17042
|
-
this.logger.trace("
|
|
17094
|
+
this.logger.trace("0w3tpw", this.correlationId);
|
|
17043
17095
|
throw createBrowserAuthError(nativePromptNotSupported);
|
|
17044
17096
|
}
|
|
17045
17097
|
}
|
|
@@ -17075,7 +17127,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
17075
17127
|
this.performanceClient?.addFields({
|
|
17076
17128
|
embeddedClientId: child_client_id,
|
|
17077
17129
|
embeddedRedirectUri: child_redirect_uri,
|
|
17078
|
-
},
|
|
17130
|
+
}, this.correlationId);
|
|
17079
17131
|
}
|
|
17080
17132
|
}
|
|
17081
17133
|
|
|
@@ -17162,6 +17214,10 @@ async function getStandardParameters(config, authority, request, logger, perform
|
|
|
17162
17214
|
if (request.platformBroker) {
|
|
17163
17215
|
// signal ests that this is a WAM call
|
|
17164
17216
|
addNativeBroker(parameters);
|
|
17217
|
+
// instrument JS-platform bridge specific fields
|
|
17218
|
+
performanceClient.addFields({
|
|
17219
|
+
isPlatformAuthorizeRequest: true,
|
|
17220
|
+
}, request.correlationId);
|
|
17165
17221
|
// pass the req_cnf for POP
|
|
17166
17222
|
if (request.authenticationScheme === AuthenticationScheme.POP) {
|
|
17167
17223
|
const cryptoOps = new CryptoOps(logger, performanceClient);
|
|
@@ -17604,7 +17660,7 @@ const DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS = 2000;
|
|
|
17604
17660
|
*
|
|
17605
17661
|
* @returns Configuration object
|
|
17606
17662
|
*/
|
|
17607
|
-
function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system: userInputSystem, telemetry: userInputTelemetry, }, isBrowserEnvironment) {
|
|
17663
|
+
function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system: userInputSystem, experimental: userInputExperimental, telemetry: userInputTelemetry, }, isBrowserEnvironment) {
|
|
17608
17664
|
// Default auth options for browser
|
|
17609
17665
|
const DEFAULT_AUTH_OPTIONS = {
|
|
17610
17666
|
clientId: "",
|
|
@@ -17631,6 +17687,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
|
|
|
17631
17687
|
},
|
|
17632
17688
|
instanceAware: false,
|
|
17633
17689
|
isMcp: false,
|
|
17690
|
+
verifySSO: false,
|
|
17634
17691
|
};
|
|
17635
17692
|
// Default cache options for browser
|
|
17636
17693
|
const DEFAULT_CACHE_OPTIONS = {
|
|
@@ -17676,6 +17733,9 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
|
|
|
17676
17733
|
},
|
|
17677
17734
|
client: new StubPerformanceClient(),
|
|
17678
17735
|
};
|
|
17736
|
+
const DEFAULT_EXPERIMENTAL_OPTIONS = {
|
|
17737
|
+
iframeTimeoutTelemetry: false,
|
|
17738
|
+
};
|
|
17679
17739
|
// Throw an error if user has set OIDCOptions without being in OIDC protocol mode
|
|
17680
17740
|
if (userInputSystem?.protocolMode !== ProtocolMode.OIDC &&
|
|
17681
17741
|
userInputAuth?.OIDCOptions) {
|
|
@@ -17699,6 +17759,10 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
|
|
|
17699
17759
|
},
|
|
17700
17760
|
cache: { ...DEFAULT_CACHE_OPTIONS, ...userInputCache },
|
|
17701
17761
|
system: providedSystemOptions,
|
|
17762
|
+
experimental: {
|
|
17763
|
+
...DEFAULT_EXPERIMENTAL_OPTIONS,
|
|
17764
|
+
...userInputExperimental,
|
|
17765
|
+
},
|
|
17702
17766
|
telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...userInputTelemetry },
|
|
17703
17767
|
};
|
|
17704
17768
|
return overlayedConfig;
|
|
@@ -18158,7 +18222,7 @@ function isDomEnabledForPlatformAuth() {
|
|
|
18158
18222
|
}
|
|
18159
18223
|
}
|
|
18160
18224
|
/**
|
|
18161
|
-
* Returns boolean indicating whether or not the request should attempt to use
|
|
18225
|
+
* Returns boolean indicating whether or not the request should attempt to use platform broker
|
|
18162
18226
|
* @param logger
|
|
18163
18227
|
* @param config
|
|
18164
18228
|
* @param correlationId
|
|
@@ -18440,6 +18504,10 @@ class PopupClient extends StandardInteractionClient {
|
|
|
18440
18504
|
return;
|
|
18441
18505
|
}
|
|
18442
18506
|
}
|
|
18507
|
+
// Redirect bridge requires "state" param to work properly
|
|
18508
|
+
validRequest.state = setRequestState(this.browserCrypto, validRequest.state || "", {
|
|
18509
|
+
interactionType: InteractionType.Popup,
|
|
18510
|
+
});
|
|
18443
18511
|
// Create logout string and navigate user window to logout.
|
|
18444
18512
|
const logoutUri = authClient.getLogoutUri(validRequest);
|
|
18445
18513
|
this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, validRequest.correlationId, InteractionType.Popup, validRequest);
|
|
@@ -18980,6 +19048,10 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
18980
19048
|
}
|
|
18981
19049
|
}
|
|
18982
19050
|
}
|
|
19051
|
+
// Redirect bridge requires "state" param to work properly
|
|
19052
|
+
validLogoutRequest.state = setRequestState(this.browserCrypto, validLogoutRequest.state || "", {
|
|
19053
|
+
interactionType: InteractionType.Redirect,
|
|
19054
|
+
});
|
|
18983
19055
|
// Create logout string and navigate user window to logout.
|
|
18984
19056
|
const logoutUri = authClient.getLogoutUri(validLogoutRequest);
|
|
18985
19057
|
if (validLogoutRequest.account?.homeAccountId) {
|
|
@@ -19206,7 +19278,7 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
19206
19278
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
19207
19279
|
let responseString;
|
|
19208
19280
|
try {
|
|
19209
|
-
responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
|
|
19281
|
+
responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
|
|
19210
19282
|
}
|
|
19211
19283
|
finally {
|
|
19212
19284
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
@@ -19228,6 +19300,38 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
19228
19300
|
return invokeAsync(handleResponseEAR, HandleResponseEar, this.logger, this.performanceClient, correlationId)(silentRequest, serverParams, this.apiId, this.config, discoveredAuthority, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
19229
19301
|
}
|
|
19230
19302
|
}
|
|
19303
|
+
/**
|
|
19304
|
+
* Verifies SSO capability by making an iframe request to /authorize without exchanging the code for tokens.
|
|
19305
|
+
* This is useful for verifying SSO capability in the background without the overhead of a full token exchange.
|
|
19306
|
+
* @param request - The SSO silent request
|
|
19307
|
+
* @returns true if SSO verification was successful with a valid authorization code, false otherwise
|
|
19308
|
+
*/
|
|
19309
|
+
async verifySso(request) {
|
|
19310
|
+
const inputRequest = { ...request };
|
|
19311
|
+
if (!inputRequest.prompt) {
|
|
19312
|
+
inputRequest.prompt = PromptValue.NONE;
|
|
19313
|
+
}
|
|
19314
|
+
// Create silent request
|
|
19315
|
+
const silentRequest = await invokeAsync(initializeAuthorizationRequest, StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(inputRequest, InteractionType.Silent, this.config, this.browserCrypto, this.browserStorage, this.logger, this.performanceClient, this.correlationId);
|
|
19316
|
+
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
|
|
19317
|
+
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger),
|
|
19318
|
+
requestAuthority: silentRequest.authority,
|
|
19319
|
+
requestAzureCloudOptions: silentRequest.azureCloudOptions,
|
|
19320
|
+
requestExtraQueryParameters: silentRequest.extraQueryParameters,
|
|
19321
|
+
account: silentRequest.account,
|
|
19322
|
+
});
|
|
19323
|
+
const { serverParams } = await this.silentAuthorizeHelper(authClient, silentRequest);
|
|
19324
|
+
const correlationId = silentRequest.correlationId;
|
|
19325
|
+
// Validate the response - this checks for errors and validates state
|
|
19326
|
+
validateAuthorizationResponse(serverParams, silentRequest.state);
|
|
19327
|
+
// Verify a valid authorization code is present
|
|
19328
|
+
if (!serverParams.code) {
|
|
19329
|
+
this.logger.warning("0y34ti", correlationId);
|
|
19330
|
+
return false;
|
|
19331
|
+
}
|
|
19332
|
+
this.logger.verbose("0kkkcj", correlationId);
|
|
19333
|
+
return true;
|
|
19334
|
+
}
|
|
19231
19335
|
/**
|
|
19232
19336
|
* Currently Unsupported
|
|
19233
19337
|
*/
|
|
@@ -19242,6 +19346,16 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
19242
19346
|
* @param userRequestScopes
|
|
19243
19347
|
*/
|
|
19244
19348
|
async silentTokenHelper(authClient, request) {
|
|
19349
|
+
const { serverParams, pkceCodes } = await this.silentAuthorizeHelper(authClient, request);
|
|
19350
|
+
return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, request.correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
19351
|
+
}
|
|
19352
|
+
/**
|
|
19353
|
+
* Shared helper that generates PKCE codes, builds the /authorize URL,
|
|
19354
|
+
* loads it in a hidden iframe, waits for the redirect-bridge response,
|
|
19355
|
+
* and returns the deserialized server parameters along with the PKCE codes
|
|
19356
|
+
* and the request that was sent.
|
|
19357
|
+
*/
|
|
19358
|
+
async silentAuthorizeHelper(authClient, request) {
|
|
19245
19359
|
const correlationId = request.correlationId;
|
|
19246
19360
|
const pkceCodes = await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
|
|
19247
19361
|
const silentRequest = {
|
|
@@ -19262,13 +19376,13 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
19262
19376
|
// Wait for response from the redirect bridge.
|
|
19263
19377
|
let responseString;
|
|
19264
19378
|
try {
|
|
19265
|
-
responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
|
|
19379
|
+
responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
|
|
19266
19380
|
}
|
|
19267
19381
|
finally {
|
|
19268
19382
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
19269
19383
|
}
|
|
19270
19384
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
|
|
19271
|
-
return
|
|
19385
|
+
return { serverParams, pkceCodes, silentRequest };
|
|
19272
19386
|
}
|
|
19273
19387
|
}
|
|
19274
19388
|
|
|
@@ -19510,22 +19624,32 @@ class StandardController {
|
|
|
19510
19624
|
this.nativeInternalStorage = new BrowserCacheManager(this.config.auth.clientId, nativeCacheOptions, this.browserCrypto, this.logger, this.performanceClient, this.eventHandler);
|
|
19511
19625
|
this.activeSilentTokenRequests = new Map();
|
|
19512
19626
|
// Register listener functions
|
|
19513
|
-
this.
|
|
19627
|
+
this.trackStateChange = this.trackStateChange.bind(this);
|
|
19514
19628
|
// Register listener functions
|
|
19515
|
-
this.
|
|
19516
|
-
this.
|
|
19629
|
+
this.trackStateChangeWithMeasurement =
|
|
19630
|
+
this.trackStateChangeWithMeasurement.bind(this);
|
|
19517
19631
|
}
|
|
19518
19632
|
static async createController(operatingContext, request) {
|
|
19519
19633
|
const controller = new StandardController(operatingContext);
|
|
19520
19634
|
await controller.initialize(request);
|
|
19521
19635
|
return controller;
|
|
19522
19636
|
}
|
|
19523
|
-
|
|
19637
|
+
trackStateChange(correlationId, event) {
|
|
19524
19638
|
if (!correlationId) {
|
|
19525
19639
|
return;
|
|
19526
19640
|
}
|
|
19527
|
-
|
|
19528
|
-
|
|
19641
|
+
if (event.type === "visibilitychange") {
|
|
19642
|
+
this.logger.info("16v6hv", correlationId);
|
|
19643
|
+
this.performanceClient.incrementFields({ visibilityChangeCount: 1 }, correlationId);
|
|
19644
|
+
}
|
|
19645
|
+
else if (event.type === "online") {
|
|
19646
|
+
this.logger.info("0zirfd", correlationId);
|
|
19647
|
+
this.performanceClient.incrementFields({ onlineStatusChangeCount: 1 }, correlationId);
|
|
19648
|
+
}
|
|
19649
|
+
else if (event.type === "offline") {
|
|
19650
|
+
this.logger.info("1xk9ef", correlationId);
|
|
19651
|
+
this.performanceClient.incrementFields({ onlineStatusChangeCount: 1 }, correlationId);
|
|
19652
|
+
}
|
|
19529
19653
|
}
|
|
19530
19654
|
/**
|
|
19531
19655
|
* Initializer function to perform async startup tasks such as connecting to WAM extension
|
|
@@ -19625,22 +19749,25 @@ class StandardController {
|
|
|
19625
19749
|
}
|
|
19626
19750
|
const loggedInAccounts = this.getAllAccounts();
|
|
19627
19751
|
const platformBrokerRequest = this.browserStorage.getCachedNativeRequest();
|
|
19628
|
-
const useNative = platformBrokerRequest &&
|
|
19629
|
-
this.platformAuthProvider &&
|
|
19630
|
-
!options?.hash;
|
|
19752
|
+
const useNative = platformBrokerRequest && !options?.hash;
|
|
19631
19753
|
let rootMeasurement;
|
|
19632
19754
|
let redirectResponse;
|
|
19755
|
+
let cachedRedirectRequest;
|
|
19633
19756
|
try {
|
|
19634
19757
|
if (useNative && this.platformAuthProvider) {
|
|
19635
19758
|
const correlationId = platformBrokerRequest?.correlationId || "";
|
|
19636
19759
|
this.eventHandler.emitEvent(EventType.HANDLE_REDIRECT_START, correlationId, InteractionType.Redirect);
|
|
19637
19760
|
rootMeasurement = this.performanceClient.startMeasurement(AcquireTokenRedirect, correlationId);
|
|
19638
19761
|
this.logger.trace("12v7is", correlationId);
|
|
19762
|
+
rootMeasurement.add({
|
|
19763
|
+
isPlatformBrokerRequest: true,
|
|
19764
|
+
});
|
|
19639
19765
|
const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.handleRedirectPromise, this.performanceClient, this.platformAuthProvider, platformBrokerRequest.accountId, this.nativeInternalStorage, platformBrokerRequest.correlationId);
|
|
19640
|
-
redirectResponse = invokeAsync(nativeClient.handleRedirectPromise.bind(nativeClient), HandleNativeRedirectPromiseMeasurement, this.logger, this.performanceClient, rootMeasurement.event.correlationId)(
|
|
19766
|
+
redirectResponse = invokeAsync(nativeClient.handleRedirectPromise.bind(nativeClient), HandleNativeRedirectPromiseMeasurement, this.logger, this.performanceClient, rootMeasurement.event.correlationId)();
|
|
19641
19767
|
}
|
|
19642
19768
|
else {
|
|
19643
19769
|
const [standardRequest, codeVerifier] = this.browserStorage.getCachedRequest("");
|
|
19770
|
+
cachedRedirectRequest = standardRequest;
|
|
19644
19771
|
const correlationId = standardRequest.correlationId;
|
|
19645
19772
|
this.eventHandler.emitEvent(EventType.HANDLE_REDIRECT_START, correlationId, InteractionType.Redirect);
|
|
19646
19773
|
// Reset rootMeasurement now that we have correlationId
|
|
@@ -19669,6 +19796,8 @@ class StandardController {
|
|
|
19669
19796
|
rootMeasurement.end({
|
|
19670
19797
|
success: true,
|
|
19671
19798
|
}, undefined, result.account);
|
|
19799
|
+
// Fire-and-forget SSO capability verification in background
|
|
19800
|
+
this.verifySsoCapability(cachedRedirectRequest, InteractionType.Redirect);
|
|
19672
19801
|
}
|
|
19673
19802
|
else {
|
|
19674
19803
|
/*
|
|
@@ -19734,12 +19863,14 @@ class StandardController {
|
|
|
19734
19863
|
if (this.platformAuthProvider &&
|
|
19735
19864
|
this.canUsePlatformBroker(request)) {
|
|
19736
19865
|
const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.acquireTokenRedirect, this.performanceClient, this.platformAuthProvider, this.getNativeAccountId(request), this.nativeInternalStorage, correlationId);
|
|
19737
|
-
result = nativeClient
|
|
19738
|
-
.
|
|
19739
|
-
|
|
19866
|
+
result = invokeAsync(nativeClient.acquireTokenRedirect.bind(nativeClient), NativeInteractionClientAcquireTokenRedirect, this.logger, this.performanceClient, correlationId)(request, atrMeasurement).catch((e) => {
|
|
19867
|
+
atrMeasurement.add({
|
|
19868
|
+
brokerErrorName: e.name,
|
|
19869
|
+
brokerErrorCode: e.errorCode,
|
|
19870
|
+
});
|
|
19740
19871
|
if (e instanceof NativeAuthError &&
|
|
19741
19872
|
isFatalNativeAuthError(e)) {
|
|
19742
|
-
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
|
|
19873
|
+
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
|
|
19743
19874
|
const redirectClient = this.createRedirectClient(correlationId);
|
|
19744
19875
|
return redirectClient.acquireToken(request);
|
|
19745
19876
|
}
|
|
@@ -19805,6 +19936,9 @@ class StandardController {
|
|
|
19805
19936
|
let result;
|
|
19806
19937
|
const pkce = this.getPreGeneratedPkceCodes(correlationId);
|
|
19807
19938
|
if (this.canUsePlatformBroker(request)) {
|
|
19939
|
+
atPopupMeasurement.add({
|
|
19940
|
+
isPlatformBrokerRequest: true,
|
|
19941
|
+
});
|
|
19808
19942
|
result = this.acquireTokenNative({
|
|
19809
19943
|
...request,
|
|
19810
19944
|
correlationId,
|
|
@@ -19817,9 +19951,13 @@ class StandardController {
|
|
|
19817
19951
|
return response;
|
|
19818
19952
|
})
|
|
19819
19953
|
.catch((e) => {
|
|
19954
|
+
atPopupMeasurement.add({
|
|
19955
|
+
brokerErrorName: e.name,
|
|
19956
|
+
brokerErrorCode: e.errorCode,
|
|
19957
|
+
});
|
|
19820
19958
|
if (e instanceof NativeAuthError &&
|
|
19821
19959
|
isFatalNativeAuthError(e)) {
|
|
19822
|
-
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
|
|
19960
|
+
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
|
|
19823
19961
|
const popupClient = this.createPopupClient(correlationId);
|
|
19824
19962
|
return popupClient.acquireToken(request, pkce);
|
|
19825
19963
|
}
|
|
@@ -19850,6 +19988,8 @@ class StandardController {
|
|
|
19850
19988
|
accessTokenSize: result.accessToken.length,
|
|
19851
19989
|
idTokenSize: result.idToken.length,
|
|
19852
19990
|
}, undefined, result.account);
|
|
19991
|
+
// SSO capability verification in background
|
|
19992
|
+
this.verifySsoCapability(request, InteractionType.Popup);
|
|
19853
19993
|
return result;
|
|
19854
19994
|
})
|
|
19855
19995
|
.catch((e) => {
|
|
@@ -19867,15 +20007,137 @@ class StandardController {
|
|
|
19867
20007
|
}
|
|
19868
20008
|
});
|
|
19869
20009
|
}
|
|
19870
|
-
|
|
20010
|
+
trackStateChangeWithMeasurement(event) {
|
|
19871
20011
|
const measurement = this.ssoSilentMeasurement ||
|
|
19872
20012
|
this.acquireTokenByCodeAsyncMeasurement;
|
|
19873
20013
|
if (!measurement) {
|
|
19874
20014
|
return;
|
|
19875
20015
|
}
|
|
19876
|
-
|
|
19877
|
-
|
|
20016
|
+
if (event.type === "visibilitychange") {
|
|
20017
|
+
this.logger.info("0yzimq", measurement.event.correlationId);
|
|
20018
|
+
measurement.increment({
|
|
20019
|
+
visibilityChangeCount: 1,
|
|
20020
|
+
});
|
|
20021
|
+
}
|
|
20022
|
+
else if (event.type === "online") {
|
|
20023
|
+
this.logger.info("1caf53", measurement.event.correlationId);
|
|
20024
|
+
measurement.increment({
|
|
20025
|
+
onlineStatusChangeCount: 1,
|
|
20026
|
+
});
|
|
20027
|
+
}
|
|
20028
|
+
else if (event.type === "offline") {
|
|
20029
|
+
this.logger.info("0fdyk7", measurement.event.correlationId);
|
|
20030
|
+
measurement.increment({
|
|
20031
|
+
onlineStatusChangeCount: 1,
|
|
20032
|
+
});
|
|
20033
|
+
}
|
|
20034
|
+
}
|
|
20035
|
+
addStateChangeListeners(listener) {
|
|
20036
|
+
document.addEventListener("visibilitychange", listener);
|
|
20037
|
+
window.addEventListener("online", listener);
|
|
20038
|
+
window.addEventListener("offline", listener);
|
|
20039
|
+
}
|
|
20040
|
+
removeStateChangeListeners(listener) {
|
|
20041
|
+
document.removeEventListener("visibilitychange", listener);
|
|
20042
|
+
window.removeEventListener("online", listener);
|
|
20043
|
+
window.removeEventListener("offline", listener);
|
|
20044
|
+
}
|
|
20045
|
+
/**
|
|
20046
|
+
* Reads the cached ssoCapable value from localStorage.
|
|
20047
|
+
* @returns The cached ssoCapable boolean value, or undefined if not cached or expired.
|
|
20048
|
+
*/
|
|
20049
|
+
getCachedSsoCapable() {
|
|
20050
|
+
try {
|
|
20051
|
+
const cachedValue = window.localStorage.getItem(SSO_CAPABLE);
|
|
20052
|
+
if (cachedValue) {
|
|
20053
|
+
const parsed = JSON.parse(cachedValue);
|
|
20054
|
+
if (parsed &&
|
|
20055
|
+
typeof parsed.ssoCapable === "boolean" &&
|
|
20056
|
+
parsed.expiresOn &&
|
|
20057
|
+
Date.now() < parsed.expiresOn) {
|
|
20058
|
+
return parsed.ssoCapable;
|
|
20059
|
+
}
|
|
20060
|
+
}
|
|
20061
|
+
}
|
|
20062
|
+
catch {
|
|
20063
|
+
// If parsing fails, return undefined
|
|
20064
|
+
}
|
|
20065
|
+
return undefined;
|
|
20066
|
+
}
|
|
20067
|
+
/**
|
|
20068
|
+
* SSO capability verification in the background.
|
|
20069
|
+
* This method makes an iframe request to /authorize to verify SSO capability without calling /token.
|
|
20070
|
+
* This method does not block the caller and tracks telemetry for success/failure.
|
|
20071
|
+
* This method only executes if verifySSO is set to true in the auth configuration.
|
|
20072
|
+
* The result is cached in localStorage with a 24-hour TTL; the SSO verification call
|
|
20073
|
+
* is only attempted when the cached value is absent or expired.
|
|
20074
|
+
* @param request - The original request used for the authentication flow
|
|
20075
|
+
* @param interactionType - The interactionType of the AT operation for logging purposes
|
|
20076
|
+
*/
|
|
20077
|
+
verifySsoCapability(request, interactionType) {
|
|
20078
|
+
// Check if SSO capability verification is enabled
|
|
20079
|
+
if (!this.config.auth.verifySSO) {
|
|
20080
|
+
return;
|
|
20081
|
+
}
|
|
20082
|
+
// Check TTL: derive ssoCapable state from localStorage and skip if not expired
|
|
20083
|
+
const ssoCacheKey = SSO_CAPABLE;
|
|
20084
|
+
const SSO_CAPABLE_TTL_MS = 24 * 60 * 60 * 1000; // 24 hours
|
|
20085
|
+
const cachedSsoCapable = this.getCachedSsoCapable();
|
|
20086
|
+
if (cachedSsoCapable !== undefined) {
|
|
20087
|
+
this.logger.verbose("13poou", "");
|
|
20088
|
+
return;
|
|
20089
|
+
}
|
|
20090
|
+
const correlationId = createNewGuid();
|
|
20091
|
+
const ssoCapableMeasurement = this.performanceClient.startMeasurement(SsoCapable, correlationId);
|
|
20092
|
+
ssoCapableMeasurement.add({
|
|
20093
|
+
"ext.interactionType": interactionType,
|
|
19878
20094
|
});
|
|
20095
|
+
this.logger.verbose("0pbr0i", correlationId);
|
|
20096
|
+
/*
|
|
20097
|
+
* Use setTimeout to ensure this runs in a separate macrotask after the current call stack completes
|
|
20098
|
+
* This ensures the result is returned to the caller before the SSO verification starts and doesn't affect performance
|
|
20099
|
+
*/
|
|
20100
|
+
setTimeout(() => {
|
|
20101
|
+
const ssoVerificationRequest = {
|
|
20102
|
+
...request,
|
|
20103
|
+
correlationId: correlationId,
|
|
20104
|
+
};
|
|
20105
|
+
const silentIframeClient = this.createSilentIframeClient(correlationId);
|
|
20106
|
+
silentIframeClient
|
|
20107
|
+
.verifySso(ssoVerificationRequest)
|
|
20108
|
+
.then((result) => {
|
|
20109
|
+
this.logger.verbose("1gd1iv", correlationId);
|
|
20110
|
+
// TBD to add profileTelemetry later in localStorage with 24h TTL
|
|
20111
|
+
try {
|
|
20112
|
+
const cacheEntry = JSON.stringify({
|
|
20113
|
+
ssoCapable: result,
|
|
20114
|
+
expiresOn: Date.now() + SSO_CAPABLE_TTL_MS,
|
|
20115
|
+
});
|
|
20116
|
+
window.localStorage.setItem(ssoCacheKey, cacheEntry);
|
|
20117
|
+
}
|
|
20118
|
+
catch {
|
|
20119
|
+
this.logger.warning("18lmoj", correlationId);
|
|
20120
|
+
}
|
|
20121
|
+
ssoCapableMeasurement.end({
|
|
20122
|
+
fromCache: false,
|
|
20123
|
+
success: result,
|
|
20124
|
+
}, undefined);
|
|
20125
|
+
})
|
|
20126
|
+
.catch((error) => {
|
|
20127
|
+
this.logger.warning("05g83w", correlationId);
|
|
20128
|
+
// reset the cache
|
|
20129
|
+
try {
|
|
20130
|
+
window.localStorage.removeItem(ssoCacheKey);
|
|
20131
|
+
}
|
|
20132
|
+
catch {
|
|
20133
|
+
this.logger.warning("0nlf9q", correlationId);
|
|
20134
|
+
}
|
|
20135
|
+
ssoCapableMeasurement.end({
|
|
20136
|
+
fromCache: false,
|
|
20137
|
+
success: false,
|
|
20138
|
+
}, error);
|
|
20139
|
+
});
|
|
20140
|
+
}, 0);
|
|
19879
20141
|
}
|
|
19880
20142
|
// #endregion
|
|
19881
20143
|
// #region Silent Flow
|
|
@@ -19898,28 +20160,35 @@ class StandardController {
|
|
|
19898
20160
|
const correlationId = this.getRequestCorrelationId(request);
|
|
19899
20161
|
const validRequest = {
|
|
19900
20162
|
...request,
|
|
19901
|
-
// will be PromptValue.NONE or PromptValue.NO_SESSION
|
|
19902
|
-
prompt: request.prompt,
|
|
19903
20163
|
correlationId: correlationId,
|
|
19904
20164
|
};
|
|
19905
20165
|
this.ssoSilentMeasurement = this.performanceClient.startMeasurement(SsoSilent, correlationId);
|
|
19906
20166
|
this.ssoSilentMeasurement?.add({
|
|
19907
20167
|
scenarioId: request.scenarioId,
|
|
20168
|
+
ssoCapable: this.getCachedSsoCapable(),
|
|
19908
20169
|
});
|
|
19909
20170
|
preflightCheck(this.initialized, this.ssoSilentMeasurement, this.config, validRequest);
|
|
19910
20171
|
this.ssoSilentMeasurement?.increment({
|
|
19911
20172
|
visibilityChangeCount: 0,
|
|
20173
|
+
onlineStatusChangeCount: 0,
|
|
19912
20174
|
});
|
|
19913
|
-
|
|
20175
|
+
this.addStateChangeListeners(this.trackStateChangeWithMeasurement);
|
|
19914
20176
|
const loggedInAccounts = this.getAllAccounts();
|
|
19915
20177
|
this.logger.verbose("0w1b45", correlationId);
|
|
19916
20178
|
this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, InteractionType.Silent, validRequest);
|
|
19917
20179
|
let result;
|
|
19918
20180
|
if (this.canUsePlatformBroker(validRequest)) {
|
|
20181
|
+
this.ssoSilentMeasurement?.add({
|
|
20182
|
+
isPlatformBrokerRequest: true,
|
|
20183
|
+
});
|
|
19919
20184
|
result = this.acquireTokenNative(validRequest, ApiId.ssoSilent).catch((e) => {
|
|
20185
|
+
this.ssoSilentMeasurement?.add({
|
|
20186
|
+
brokerErrorName: e.name,
|
|
20187
|
+
brokerErrorCode: e.errorCode,
|
|
20188
|
+
});
|
|
19920
20189
|
// If native token acquisition fails for availability reasons fallback to standard flow
|
|
19921
20190
|
if (e instanceof NativeAuthError && isFatalNativeAuthError(e)) {
|
|
19922
|
-
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
|
|
20191
|
+
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
|
|
19923
20192
|
const silentIframeClient = this.createSilentIframeClient(validRequest.correlationId);
|
|
19924
20193
|
return silentIframeClient.acquireToken(validRequest);
|
|
19925
20194
|
}
|
|
@@ -19953,7 +20222,7 @@ class StandardController {
|
|
|
19953
20222
|
throw e;
|
|
19954
20223
|
})
|
|
19955
20224
|
.finally(() => {
|
|
19956
|
-
|
|
20225
|
+
this.removeStateChangeListeners(this.trackStateChangeWithMeasurement);
|
|
19957
20226
|
});
|
|
19958
20227
|
}
|
|
19959
20228
|
/**
|
|
@@ -19992,7 +20261,6 @@ class StandardController {
|
|
|
19992
20261
|
this.hybridAuthCodeResponses.delete(hybridAuthCode);
|
|
19993
20262
|
atbcMeasurement.end({
|
|
19994
20263
|
success: true,
|
|
19995
|
-
isNativeBroker: result.fromPlatformBroker,
|
|
19996
20264
|
accessTokenSize: result.accessToken.length,
|
|
19997
20265
|
idTokenSize: result.idToken.length,
|
|
19998
20266
|
}, undefined, result.account);
|
|
@@ -20016,10 +20284,17 @@ class StandardController {
|
|
|
20016
20284
|
}
|
|
20017
20285
|
else if (request.nativeAccountId) {
|
|
20018
20286
|
if (this.canUsePlatformBroker(request, request.nativeAccountId)) {
|
|
20287
|
+
atbcMeasurement.add({
|
|
20288
|
+
isPlatformBrokerRequest: true,
|
|
20289
|
+
});
|
|
20019
20290
|
const result = await this.acquireTokenNative({
|
|
20020
20291
|
...request,
|
|
20021
20292
|
correlationId,
|
|
20022
20293
|
}, ApiId.acquireTokenByCode, request.nativeAccountId).catch((e) => {
|
|
20294
|
+
atbcMeasurement.add({
|
|
20295
|
+
brokerErrorName: e.name,
|
|
20296
|
+
brokerErrorCode: e.errorCode,
|
|
20297
|
+
});
|
|
20023
20298
|
// If native token acquisition fails for availability reasons fallback to standard flow
|
|
20024
20299
|
if (e instanceof NativeAuthError &&
|
|
20025
20300
|
isFatalNativeAuthError(e)) {
|
|
@@ -20060,8 +20335,9 @@ class StandardController {
|
|
|
20060
20335
|
this.performanceClient.startMeasurement(AcquireTokenByCodeAsync, correlationId);
|
|
20061
20336
|
this.acquireTokenByCodeAsyncMeasurement?.increment({
|
|
20062
20337
|
visibilityChangeCount: 0,
|
|
20338
|
+
onlineStatusChangeCount: 0,
|
|
20063
20339
|
});
|
|
20064
|
-
|
|
20340
|
+
this.addStateChangeListeners(this.trackStateChangeWithMeasurement);
|
|
20065
20341
|
const silentAuthCodeClient = this.createSilentAuthCodeClient(correlationId);
|
|
20066
20342
|
const silentTokenResult = await silentAuthCodeClient
|
|
20067
20343
|
.acquireToken(request)
|
|
@@ -20069,7 +20345,6 @@ class StandardController {
|
|
|
20069
20345
|
this.acquireTokenByCodeAsyncMeasurement?.end({
|
|
20070
20346
|
success: true,
|
|
20071
20347
|
fromCache: response.fromCache,
|
|
20072
|
-
isNativeBroker: response.fromPlatformBroker,
|
|
20073
20348
|
});
|
|
20074
20349
|
return response;
|
|
20075
20350
|
})
|
|
@@ -20080,7 +20355,7 @@ class StandardController {
|
|
|
20080
20355
|
throw tokenRenewalError;
|
|
20081
20356
|
})
|
|
20082
20357
|
.finally(() => {
|
|
20083
|
-
|
|
20358
|
+
this.removeStateChangeListeners(this.trackStateChangeWithMeasurement);
|
|
20084
20359
|
});
|
|
20085
20360
|
return silentTokenResult;
|
|
20086
20361
|
}
|
|
@@ -20238,7 +20513,7 @@ class StandardController {
|
|
|
20238
20513
|
throw createBrowserAuthError(nativeConnectionNotEstablished);
|
|
20239
20514
|
}
|
|
20240
20515
|
const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, apiId, this.performanceClient, this.platformAuthProvider, accountId || this.getNativeAccountId(request), this.nativeInternalStorage, correlationId);
|
|
20241
|
-
return nativeClient.acquireToken(request, cacheLookupPolicy);
|
|
20516
|
+
return invokeAsync(nativeClient.acquireToken.bind(nativeClient), NativeInteractionClientAcquireToken, this.logger, this.performanceClient, correlationId)(request, cacheLookupPolicy);
|
|
20242
20517
|
}
|
|
20243
20518
|
/**
|
|
20244
20519
|
* Returns boolean indicating if this request can use the platform broker
|
|
@@ -20252,7 +20527,7 @@ class StandardController {
|
|
|
20252
20527
|
return false;
|
|
20253
20528
|
}
|
|
20254
20529
|
if (!isPlatformAuthAllowed(this.config, this.logger, correlationId, this.platformAuthProvider, request.authenticationScheme)) {
|
|
20255
|
-
this.logger.trace("
|
|
20530
|
+
this.logger.trace("0yoy1g", correlationId);
|
|
20256
20531
|
return false;
|
|
20257
20532
|
}
|
|
20258
20533
|
if (request.prompt) {
|
|
@@ -20471,6 +20746,7 @@ class StandardController {
|
|
|
20471
20746
|
atsMeasurement.add({
|
|
20472
20747
|
cacheLookupPolicy: request.cacheLookupPolicy,
|
|
20473
20748
|
scenarioId: request.scenarioId,
|
|
20749
|
+
ssoCapable: this.getCachedSsoCapable(),
|
|
20474
20750
|
});
|
|
20475
20751
|
preflightCheck(this.initialized, atsMeasurement, this.config, request);
|
|
20476
20752
|
this.logger.verbose("0x1c4s", correlationId);
|
|
@@ -20483,7 +20759,6 @@ class StandardController {
|
|
|
20483
20759
|
atsMeasurement.end({
|
|
20484
20760
|
success: true,
|
|
20485
20761
|
fromCache: result.fromCache,
|
|
20486
|
-
isNativeBroker: result.fromPlatformBroker,
|
|
20487
20762
|
accessTokenSize: result.accessToken.length,
|
|
20488
20763
|
idTokenSize: result.idToken.length,
|
|
20489
20764
|
}, undefined, result.account);
|
|
@@ -20542,12 +20817,12 @@ class StandardController {
|
|
|
20542
20817
|
* @returns {Promise.<AuthenticationResult>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse}
|
|
20543
20818
|
*/
|
|
20544
20819
|
async acquireTokenSilentAsync(request, account) {
|
|
20545
|
-
const
|
|
20820
|
+
const trackStateChange = (event) => this.trackStateChange(request.correlationId, event);
|
|
20546
20821
|
this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, request.correlationId, InteractionType.Silent, request);
|
|
20547
20822
|
if (request.correlationId) {
|
|
20548
|
-
this.performanceClient.incrementFields({ visibilityChangeCount: 0 }, request.correlationId);
|
|
20823
|
+
this.performanceClient.incrementFields({ visibilityChangeCount: 0, onlineStatusChangeCount: 0 }, request.correlationId);
|
|
20549
20824
|
}
|
|
20550
|
-
|
|
20825
|
+
this.addStateChangeListeners(trackStateChange);
|
|
20551
20826
|
const silentRequest = await invokeAsync(initializeSilentRequest, InitializeSilentRequest, this.logger, this.performanceClient, request.correlationId)(request, account, this.config, this.performanceClient, this.logger);
|
|
20552
20827
|
const cacheLookupPolicy = request.cacheLookupPolicy || CacheLookupPolicy.Default;
|
|
20553
20828
|
const result = this.acquireTokenSilentNoIframe(silentRequest, cacheLookupPolicy).catch(async (refreshTokenError) => {
|
|
@@ -20629,7 +20904,7 @@ class StandardController {
|
|
|
20629
20904
|
throw tokenRenewalError;
|
|
20630
20905
|
})
|
|
20631
20906
|
.finally(() => {
|
|
20632
|
-
|
|
20907
|
+
this.removeStateChangeListeners(trackStateChange);
|
|
20633
20908
|
});
|
|
20634
20909
|
}
|
|
20635
20910
|
/**
|
|
@@ -20643,7 +20918,12 @@ class StandardController {
|
|
|
20643
20918
|
if (isPlatformAuthAllowed(this.config, this.logger, silentRequest.correlationId, this.platformAuthProvider, silentRequest.authenticationScheme) &&
|
|
20644
20919
|
silentRequest.account.nativeAccountId) {
|
|
20645
20920
|
this.logger.verbose("0sczo4", silentRequest.correlationId);
|
|
20921
|
+
this.performanceClient.addFields({ isPlatformBrokerRequest: true }, silentRequest.correlationId);
|
|
20646
20922
|
return this.acquireTokenNative(silentRequest, ApiId.acquireTokenSilent_silentFlow, silentRequest.account.nativeAccountId, cacheLookupPolicy).catch(async (e) => {
|
|
20923
|
+
this.performanceClient.addFields({
|
|
20924
|
+
brokerErrorName: e.name,
|
|
20925
|
+
brokerErrorCode: e.errorCode,
|
|
20926
|
+
}, silentRequest.correlationId);
|
|
20647
20927
|
// If native token acquisition fails for availability reasons fallback to web flow
|
|
20648
20928
|
if (e instanceof NativeAuthError && isFatalNativeAuthError(e)) {
|
|
20649
20929
|
this.logger.verbose("07rkmb", silentRequest.correlationId);
|