@azure/msal-browser 5.6.2 → 5.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +0 -1
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +2 -3
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs.map +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +2 -2
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.d.ts +1 -0
- package/dist/cache/CacheKeys.d.ts.map +1 -1
- package/dist/cache/CacheKeys.mjs +3 -2
- package/dist/cache/CacheKeys.mjs.map +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.d.ts.map +1 -1
- package/dist/cache/TokenCache.mjs +9 -9
- package/dist/cache/TokenCache.mjs.map +1 -1
- package/dist/config/Configuration.d.ts +20 -1
- package/dist/config/Configuration.d.ts.map +1 -1
- package/dist/config/Configuration.mjs +10 -2
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.d.ts +20 -2
- package/dist/controllers/StandardController.d.ts.map +1 -1
- package/dist/controllers/StandardController.mjs +204 -37
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +2 -3
- package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs.map +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +2 -2
- package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
- package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
- package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
- package/dist/custom-auth-path/cache/CacheKeys.d.ts +1 -0
- package/dist/custom-auth-path/cache/CacheKeys.d.ts.map +1 -1
- package/dist/custom-auth-path/cache/CacheKeys.mjs +3 -2
- package/dist/custom-auth-path/cache/CacheKeys.mjs.map +1 -1
- package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
- package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/TokenCache.d.ts.map +1 -1
- package/dist/custom-auth-path/config/Configuration.d.ts +20 -1
- package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
- package/dist/custom-auth-path/config/Configuration.mjs +10 -2
- package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
- package/dist/custom-auth-path/controllers/StandardController.d.ts +20 -2
- package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
- package/dist/custom-auth-path/controllers/StandardController.mjs +204 -37
- package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
- package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
- package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
- package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
- package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/error/NativeAuthError.d.ts.map +1 -1
- package/dist/custom-auth-path/error/NativeAuthError.mjs +3 -4
- package/dist/custom-auth-path/error/NativeAuthError.mjs.map +1 -1
- package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
- package/dist/custom-auth-path/event/EventType.mjs +1 -1
- package/dist/custom-auth-path/index.d.ts +1 -1
- package/dist/custom-auth-path/index.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts +12 -12
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +39 -26
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/PopupClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/PopupClient.mjs +6 -2
- package/dist/custom-auth-path/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/RedirectClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +6 -2
- package/dist/custom-auth-path/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts +14 -0
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +47 -5
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/custom-auth-path/log-strings-mapping.json +67 -15
- package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
- package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
- package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
- package/dist/custom-auth-path/packageMetadata.mjs +2 -2
- package/dist/custom-auth-path/protocol/Authorize.d.ts.map +1 -1
- package/dist/custom-auth-path/protocol/Authorize.mjs +5 -1
- package/dist/custom-auth-path/protocol/Authorize.mjs.map +1 -1
- package/dist/custom-auth-path/redirect_bridge/index.d.ts.map +1 -1
- package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
- package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
- package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts +6 -0
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +9 -3
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
- package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
- package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
- package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +8 -3
- package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs.map +1 -1
- package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserUtils.d.ts +2 -2
- package/dist/custom-auth-path/utils/BrowserUtils.d.ts.map +1 -1
- package/dist/custom-auth-path/utils/BrowserUtils.mjs +27 -3
- package/dist/custom-auth-path/utils/BrowserUtils.mjs.map +1 -1
- package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
- package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.d.ts.map +1 -1
- package/dist/error/NativeAuthError.mjs +3 -4
- package/dist/error/NativeAuthError.mjs.map +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.mjs +1 -1
- package/dist/index.mjs.map +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.d.ts +12 -12
- package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +39 -26
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.d.ts.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +6 -2
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +6 -2
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.d.ts +14 -0
- package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +47 -5
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/log-strings-mapping.json +75 -23
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.d.ts.map +1 -1
- package/dist/protocol/Authorize.mjs +5 -1
- package/dist/protocol/Authorize.mjs.map +1 -1
- package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
- package/dist/redirect-bridge/cache/CacheKeys.d.ts +1 -0
- package/dist/redirect-bridge/cache/CacheKeys.d.ts.map +1 -1
- package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
- package/dist/redirect-bridge/cache/TokenCache.d.ts.map +1 -1
- package/dist/redirect-bridge/config/Configuration.d.ts +20 -1
- package/dist/redirect-bridge/config/Configuration.d.ts.map +1 -1
- package/dist/redirect-bridge/config/Configuration.mjs +1 -1
- package/dist/redirect-bridge/controllers/StandardController.d.ts +20 -2
- package/dist/redirect-bridge/controllers/StandardController.d.ts.map +1 -1
- package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
- package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
- package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/redirect-bridge/error/NativeAuthError.d.ts.map +1 -1
- package/dist/redirect-bridge/index.d.ts +1 -1
- package/dist/redirect-bridge/index.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts +12 -12
- package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/PopupClient.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/RedirectClient.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts +14 -0
- package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
- package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
- package/dist/redirect-bridge/protocol/Authorize.d.ts.map +1 -1
- package/dist/redirect-bridge/redirect_bridge/index.d.ts.map +1 -1
- package/dist/redirect-bridge/redirect_bridge/index.mjs +11 -7
- package/dist/redirect-bridge/redirect_bridge/index.mjs.map +1 -1
- package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts +6 -0
- package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/dist/redirect-bridge/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
- package/dist/redirect-bridge/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
- package/dist/redirect-bridge/utils/BrowserConstants.mjs +7 -3
- package/dist/redirect-bridge/utils/BrowserConstants.mjs.map +1 -1
- package/dist/redirect-bridge/utils/BrowserUtils.d.ts +2 -2
- package/dist/redirect-bridge/utils/BrowserUtils.d.ts.map +1 -1
- package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
- package/dist/redirect-bridge/utils/BrowserUtils.mjs.map +1 -1
- package/dist/redirect_bridge/index.d.ts.map +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/dist/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +6 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.d.ts +6 -0
- package/dist/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +9 -3
- package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
- package/dist/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +10 -3
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs.map +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.d.ts +2 -2
- package/dist/utils/BrowserUtils.d.ts.map +1 -1
- package/dist/utils/BrowserUtils.mjs +27 -3
- package/dist/utils/BrowserUtils.mjs.map +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +67 -15
- package/lib/custom-auth-path/msal-custom-auth.cjs +897 -617
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
- package/lib/custom-auth-path/types/cache/CacheKeys.d.ts +1 -0
- package/lib/custom-auth-path/types/cache/CacheKeys.d.ts.map +1 -1
- package/lib/custom-auth-path/types/cache/TokenCache.d.ts.map +1 -1
- package/lib/custom-auth-path/types/config/Configuration.d.ts +20 -1
- package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
- package/lib/custom-auth-path/types/controllers/StandardController.d.ts +20 -2
- package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/lib/custom-auth-path/types/error/NativeAuthError.d.ts.map +1 -1
- package/lib/custom-auth-path/types/index.d.ts +1 -1
- package/lib/custom-auth-path/types/index.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts +12 -12
- package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts +14 -0
- package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
- package/lib/custom-auth-path/types/protocol/Authorize.d.ts.map +1 -1
- package/lib/custom-auth-path/types/redirect_bridge/index.d.ts.map +1 -1
- package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts +6 -0
- package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/lib/custom-auth-path/types/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
- package/lib/custom-auth-path/types/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
- package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts +2 -2
- package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts.map +1 -1
- package/lib/log-strings-mapping.json +75 -23
- package/lib/msal-browser.cjs +1045 -755
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +1045 -755
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.js +24 -16
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
- package/lib/types/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
- package/lib/types/cache/CacheKeys.d.ts +1 -0
- package/lib/types/cache/CacheKeys.d.ts.map +1 -1
- package/lib/types/cache/TokenCache.d.ts.map +1 -1
- package/lib/types/config/Configuration.d.ts +20 -1
- package/lib/types/config/Configuration.d.ts.map +1 -1
- package/lib/types/controllers/StandardController.d.ts +20 -2
- package/lib/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/lib/types/error/NativeAuthError.d.ts.map +1 -1
- package/lib/types/index.d.ts +1 -1
- package/lib/types/index.d.ts.map +1 -1
- package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts +12 -12
- package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/lib/types/interaction_client/SilentIframeClient.d.ts +14 -0
- package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/protocol/Authorize.d.ts.map +1 -1
- package/lib/types/redirect_bridge/index.d.ts.map +1 -1
- package/lib/types/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/lib/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/lib/types/telemetry/BrowserPerformanceEvents.d.ts +6 -0
- package/lib/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/lib/types/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
- package/lib/types/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
- package/lib/types/utils/BrowserUtils.d.ts +2 -2
- package/lib/types/utils/BrowserUtils.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/broker/nativeBroker/PlatformAuthProvider.ts +1 -1
- package/src/cache/CacheKeys.ts +1 -0
- package/src/cache/TokenCache.ts +27 -24
- package/src/config/Configuration.ts +30 -0
- package/src/controllers/StandardController.ts +316 -69
- package/src/error/NativeAuthError.ts +1 -2
- package/src/index.ts +1 -0
- package/src/interaction_client/PlatformAuthInteractionClient.ts +99 -76
- package/src/interaction_client/PopupClient.ts +10 -0
- package/src/interaction_client/RedirectClient.ts +10 -0
- package/src/interaction_client/SilentIframeClient.ts +127 -22
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +8 -0
- package/src/redirect_bridge/index.ts +12 -5
- package/src/telemetry/BrowserPerformanceClient.ts +6 -0
- package/src/telemetry/BrowserPerformanceEvents.ts +9 -0
- package/src/telemetry/BrowserRootPerformanceEvents.ts +7 -0
- package/src/utils/BrowserUtils.ts +36 -4
package/lib/msal-browser.cjs
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.
|
|
1
|
+
/*! @azure/msal-browser v5.7.0 2026-04-16 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
5
|
-
/*! @azure/msal-common v16.
|
|
5
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6
6
|
/*
|
|
7
7
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8
8
|
* Licensed under the MIT License.
|
|
@@ -234,7 +234,7 @@ const JsonWebTokenTypes$1 = {
|
|
|
234
234
|
// Token renewal offset default in seconds
|
|
235
235
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
236
236
|
|
|
237
|
-
/*! @azure/msal-common v16.
|
|
237
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
238
238
|
/*
|
|
239
239
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
240
240
|
* Licensed under the MIT License.
|
|
@@ -286,7 +286,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
|
|
|
286
286
|
const RESOURCE = "resource";
|
|
287
287
|
const CLI_DATA = "clidata";
|
|
288
288
|
|
|
289
|
-
/*! @azure/msal-common v16.
|
|
289
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
290
290
|
/*
|
|
291
291
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
292
292
|
* Licensed under the MIT License.
|
|
@@ -317,7 +317,7 @@ function createAuthError(code, additionalMessage) {
|
|
|
317
317
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
318
318
|
}
|
|
319
319
|
|
|
320
|
-
/*! @azure/msal-common v16.
|
|
320
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
321
321
|
|
|
322
322
|
/*
|
|
323
323
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -337,7 +337,7 @@ function createClientConfigurationError(errorCode) {
|
|
|
337
337
|
return new ClientConfigurationError(errorCode);
|
|
338
338
|
}
|
|
339
339
|
|
|
340
|
-
/*! @azure/msal-common v16.
|
|
340
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
341
341
|
/*
|
|
342
342
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
343
343
|
* Licensed under the MIT License.
|
|
@@ -417,7 +417,7 @@ class StringUtils {
|
|
|
417
417
|
}
|
|
418
418
|
}
|
|
419
419
|
|
|
420
|
-
/*! @azure/msal-common v16.
|
|
420
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
421
421
|
|
|
422
422
|
/*
|
|
423
423
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -440,7 +440,7 @@ function createClientAuthError(errorCode, additionalMessage) {
|
|
|
440
440
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
441
441
|
}
|
|
442
442
|
|
|
443
|
-
/*! @azure/msal-common v16.
|
|
443
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
444
444
|
/*
|
|
445
445
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
446
446
|
* Licensed under the MIT License.
|
|
@@ -494,7 +494,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
494
494
|
urlParseError: urlParseError
|
|
495
495
|
});
|
|
496
496
|
|
|
497
|
-
/*! @azure/msal-common v16.
|
|
497
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
498
498
|
/*
|
|
499
499
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
500
500
|
* Licensed under the MIT License.
|
|
@@ -582,7 +582,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
582
582
|
userCanceled: userCanceled
|
|
583
583
|
});
|
|
584
584
|
|
|
585
|
-
/*! @azure/msal-common v16.
|
|
585
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
586
586
|
|
|
587
587
|
/*
|
|
588
588
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -777,7 +777,7 @@ class ScopeSet {
|
|
|
777
777
|
}
|
|
778
778
|
}
|
|
779
779
|
|
|
780
|
-
/*! @azure/msal-common v16.
|
|
780
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
781
781
|
|
|
782
782
|
/*
|
|
783
783
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -898,18 +898,29 @@ function addSid(parameters, sid) {
|
|
|
898
898
|
parameters.set(SID, sid);
|
|
899
899
|
}
|
|
900
900
|
/**
|
|
901
|
-
*
|
|
902
|
-
*
|
|
903
|
-
|
|
904
|
-
|
|
905
|
-
|
|
906
|
-
|
|
907
|
-
|
|
908
|
-
|
|
909
|
-
|
|
910
|
-
|
|
901
|
+
* Adds claims to request parameters, conditionally excluding clientCapabilities
|
|
902
|
+
* when skipBrokerClaims is true and a brokered flow is in effect.
|
|
903
|
+
* @param parameters - The request parameters map
|
|
904
|
+
* @param claims - The claims string from the request
|
|
905
|
+
* @param clientCapabilities - The client capabilities from configuration
|
|
906
|
+
* @param skipBrokerClaims - When true and BROKER_CLIENT_ID is present, excludes clientCapabilities from claims
|
|
907
|
+
*/
|
|
908
|
+
function addClaims(parameters, claims, clientCapabilities, skipBrokerClaims) {
|
|
909
|
+
// Skip clientCapabilities if skipBrokerClaims is set to true and this is a brokered authentication flow
|
|
910
|
+
const configClaims = skipBrokerClaims && parameters.has(BROKER_CLIENT_ID)
|
|
911
|
+
? undefined
|
|
912
|
+
: clientCapabilities;
|
|
913
|
+
if (!StringUtils.isEmptyObj(claims) ||
|
|
914
|
+
(configClaims && configClaims.length > 0)) {
|
|
915
|
+
const mergedClaims = addClientCapabilitiesToClaims$1(claims, configClaims);
|
|
916
|
+
try {
|
|
917
|
+
JSON.parse(mergedClaims);
|
|
918
|
+
}
|
|
919
|
+
catch (e) {
|
|
920
|
+
throw createClientConfigurationError(invalidClaims);
|
|
921
|
+
}
|
|
922
|
+
parameters.set(CLAIMS, mergedClaims);
|
|
911
923
|
}
|
|
912
|
-
parameters.set(CLAIMS, mergedClaims);
|
|
913
924
|
}
|
|
914
925
|
/**
|
|
915
926
|
* add correlationId
|
|
@@ -1155,7 +1166,7 @@ function addResource(parameters, resource) {
|
|
|
1155
1166
|
}
|
|
1156
1167
|
}
|
|
1157
1168
|
|
|
1158
|
-
/*! @azure/msal-common v16.
|
|
1169
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1159
1170
|
|
|
1160
1171
|
/*
|
|
1161
1172
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1264,7 +1275,7 @@ function normalizeUrlForComparison(url) {
|
|
|
1264
1275
|
}
|
|
1265
1276
|
}
|
|
1266
1277
|
|
|
1267
|
-
/*! @azure/msal-common v16.
|
|
1278
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1268
1279
|
|
|
1269
1280
|
/*
|
|
1270
1281
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1303,7 +1314,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
|
|
|
1303
1314
|
},
|
|
1304
1315
|
};
|
|
1305
1316
|
|
|
1306
|
-
/*! @azure/msal-common v16.
|
|
1317
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1307
1318
|
/*
|
|
1308
1319
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1309
1320
|
* Licensed under the MIT License.
|
|
@@ -1578,12 +1589,12 @@ class Logger {
|
|
|
1578
1589
|
}
|
|
1579
1590
|
}
|
|
1580
1591
|
|
|
1581
|
-
/*! @azure/msal-common v16.
|
|
1592
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1582
1593
|
/* eslint-disable header/header */
|
|
1583
1594
|
const name$1 = "@azure/msal-common";
|
|
1584
|
-
const version$1 = "16.
|
|
1595
|
+
const version$1 = "16.5.0";
|
|
1585
1596
|
|
|
1586
|
-
/*! @azure/msal-common v16.
|
|
1597
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1587
1598
|
/*
|
|
1588
1599
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1589
1600
|
* Licensed under the MIT License.
|
|
@@ -1603,7 +1614,7 @@ const AzureCloudInstance = {
|
|
|
1603
1614
|
AzureUsGovernment: "https://login.microsoftonline.us",
|
|
1604
1615
|
};
|
|
1605
1616
|
|
|
1606
|
-
/*! @azure/msal-common v16.
|
|
1617
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1607
1618
|
/*
|
|
1608
1619
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1609
1620
|
* Licensed under the MIT License.
|
|
@@ -1685,7 +1696,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
|
|
|
1685
1696
|
return updatedAccountInfo;
|
|
1686
1697
|
}
|
|
1687
1698
|
|
|
1688
|
-
/*! @azure/msal-common v16.
|
|
1699
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1689
1700
|
|
|
1690
1701
|
/*
|
|
1691
1702
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1765,7 +1776,7 @@ function checkMaxAge(authTime, maxAge) {
|
|
|
1765
1776
|
}
|
|
1766
1777
|
}
|
|
1767
1778
|
|
|
1768
|
-
/*! @azure/msal-common v16.
|
|
1779
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1769
1780
|
|
|
1770
1781
|
/*
|
|
1771
1782
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1922,7 +1933,7 @@ class UrlString {
|
|
|
1922
1933
|
}
|
|
1923
1934
|
}
|
|
1924
1935
|
|
|
1925
|
-
/*! @azure/msal-common v16.
|
|
1936
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1926
1937
|
|
|
1927
1938
|
/*
|
|
1928
1939
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2079,7 +2090,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
2079
2090
|
return null;
|
|
2080
2091
|
}
|
|
2081
2092
|
|
|
2082
|
-
/*! @azure/msal-common v16.
|
|
2093
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2083
2094
|
/*
|
|
2084
2095
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2085
2096
|
* Licensed under the MIT License.
|
|
@@ -2087,7 +2098,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
2087
2098
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
2088
2099
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
2089
2100
|
|
|
2090
|
-
/*! @azure/msal-common v16.
|
|
2101
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2091
2102
|
|
|
2092
2103
|
/*
|
|
2093
2104
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2125,7 +2136,7 @@ function createCacheError(e) {
|
|
|
2125
2136
|
}
|
|
2126
2137
|
}
|
|
2127
2138
|
|
|
2128
|
-
/*! @azure/msal-common v16.
|
|
2139
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2129
2140
|
|
|
2130
2141
|
/*
|
|
2131
2142
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2163,7 +2174,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
|
|
|
2163
2174
|
};
|
|
2164
2175
|
}
|
|
2165
2176
|
|
|
2166
|
-
/*! @azure/msal-common v16.
|
|
2177
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2167
2178
|
/*
|
|
2168
2179
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2169
2180
|
* Licensed under the MIT License.
|
|
@@ -2178,7 +2189,7 @@ const AuthorityType = {
|
|
|
2178
2189
|
Ciam: 3,
|
|
2179
2190
|
};
|
|
2180
2191
|
|
|
2181
|
-
/*! @azure/msal-common v16.
|
|
2192
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2182
2193
|
/*
|
|
2183
2194
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2184
2195
|
* Licensed under the MIT License.
|
|
@@ -2200,7 +2211,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
|
|
|
2200
2211
|
return null;
|
|
2201
2212
|
}
|
|
2202
2213
|
|
|
2203
|
-
/*! @azure/msal-common v16.
|
|
2214
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2204
2215
|
/*
|
|
2205
2216
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2206
2217
|
* Licensed under the MIT License.
|
|
@@ -2224,7 +2235,7 @@ const ProtocolMode = {
|
|
|
2224
2235
|
EAR: "EAR",
|
|
2225
2236
|
};
|
|
2226
2237
|
|
|
2227
|
-
/*! @azure/msal-common v16.
|
|
2238
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2228
2239
|
/**
|
|
2229
2240
|
* Returns the AccountInfo interface for this account.
|
|
2230
2241
|
*/
|
|
@@ -2399,7 +2410,7 @@ function isAccountEntity(entity) {
|
|
|
2399
2410
|
entity.hasOwnProperty("authorityType"));
|
|
2400
2411
|
}
|
|
2401
2412
|
|
|
2402
|
-
/*! @azure/msal-common v16.
|
|
2413
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2403
2414
|
|
|
2404
2415
|
/*
|
|
2405
2416
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3501,7 +3512,7 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3501
3512
|
}
|
|
3502
3513
|
}
|
|
3503
3514
|
|
|
3504
|
-
/*! @azure/msal-common v16.
|
|
3515
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3505
3516
|
/*
|
|
3506
3517
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3507
3518
|
* Licensed under the MIT License.
|
|
@@ -3546,12 +3557,13 @@ const IntFields = new Set([
|
|
|
3546
3557
|
"currRefreshCount",
|
|
3547
3558
|
"expiredCacheRemovedCount",
|
|
3548
3559
|
"upgradedCacheCount",
|
|
3560
|
+
"cacheMatchedAccounts",
|
|
3549
3561
|
"networkRtt",
|
|
3550
3562
|
"redirectBridgeTimeoutMs",
|
|
3551
3563
|
"redirectBridgeMessageVersion",
|
|
3552
3564
|
]);
|
|
3553
3565
|
|
|
3554
|
-
/*! @azure/msal-common v16.
|
|
3566
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3555
3567
|
|
|
3556
3568
|
/*
|
|
3557
3569
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3606,7 +3618,7 @@ class StubPerformanceClient {
|
|
|
3606
3618
|
}
|
|
3607
3619
|
}
|
|
3608
3620
|
|
|
3609
|
-
/*! @azure/msal-common v16.
|
|
3621
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3610
3622
|
|
|
3611
3623
|
/*
|
|
3612
3624
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3701,226 +3713,34 @@ function isOidcProtocolMode(config) {
|
|
|
3701
3713
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3702
3714
|
}
|
|
3703
3715
|
|
|
3704
|
-
/*! @azure/msal-common v16.
|
|
3705
|
-
|
|
3706
|
-
/*
|
|
3707
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3708
|
-
* Licensed under the MIT License.
|
|
3709
|
-
*/
|
|
3710
|
-
/**
|
|
3711
|
-
* Error thrown when there is an error with the server code, for example, unavailability.
|
|
3712
|
-
*/
|
|
3713
|
-
class ServerError extends AuthError {
|
|
3714
|
-
constructor(errorCode, errorMessage, subError, errorNo, status) {
|
|
3715
|
-
super(errorCode, errorMessage, subError);
|
|
3716
|
-
this.name = "ServerError";
|
|
3717
|
-
this.errorNo = errorNo;
|
|
3718
|
-
this.status = status;
|
|
3719
|
-
Object.setPrototypeOf(this, ServerError.prototype);
|
|
3720
|
-
}
|
|
3721
|
-
}
|
|
3722
|
-
|
|
3723
|
-
/*! @azure/msal-common v16.4.0 2026-03-27 */
|
|
3724
|
-
/*
|
|
3725
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3726
|
-
* Licensed under the MIT License.
|
|
3727
|
-
*/
|
|
3728
|
-
/**
|
|
3729
|
-
* MSAL-defined interaction required error code indicating no tokens are found in cache.
|
|
3730
|
-
* @public
|
|
3731
|
-
*/
|
|
3732
|
-
const noTokensFound = "no_tokens_found";
|
|
3733
|
-
/**
|
|
3734
|
-
* MSAL-defined error code indicating a native account is unavailable on the platform.
|
|
3735
|
-
* @public
|
|
3736
|
-
*/
|
|
3737
|
-
const nativeAccountUnavailable = "native_account_unavailable";
|
|
3738
|
-
/**
|
|
3739
|
-
* MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
|
|
3740
|
-
* @public
|
|
3741
|
-
*/
|
|
3742
|
-
const refreshTokenExpired = "refresh_token_expired";
|
|
3743
|
-
/**
|
|
3744
|
-
* MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
|
|
3745
|
-
* @public
|
|
3746
|
-
*/
|
|
3747
|
-
const uxNotAllowed = "ux_not_allowed";
|
|
3748
|
-
/**
|
|
3749
|
-
* Server-originated error code indicating interaction is required to complete the request.
|
|
3750
|
-
* @public
|
|
3751
|
-
*/
|
|
3752
|
-
const interactionRequired = "interaction_required";
|
|
3753
|
-
/**
|
|
3754
|
-
* Server-originated error code indicating user consent is required.
|
|
3755
|
-
* @public
|
|
3756
|
-
*/
|
|
3757
|
-
const consentRequired = "consent_required";
|
|
3758
|
-
/**
|
|
3759
|
-
* Server-originated error code indicating user login is required.
|
|
3760
|
-
* @public
|
|
3761
|
-
*/
|
|
3762
|
-
const loginRequired = "login_required";
|
|
3763
|
-
/**
|
|
3764
|
-
* Server-originated error code indicating the token is invalid or corrupted.
|
|
3765
|
-
* @public
|
|
3766
|
-
*/
|
|
3767
|
-
const badToken = "bad_token";
|
|
3768
|
-
/**
|
|
3769
|
-
* Server-originated error code indicating the user is in an interrupted state and interaction is required.
|
|
3770
|
-
* @public
|
|
3771
|
-
*/
|
|
3772
|
-
const interruptedUser = "interrupted_user";
|
|
3773
|
-
|
|
3774
|
-
var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
3775
|
-
__proto__: null,
|
|
3776
|
-
badToken: badToken,
|
|
3777
|
-
consentRequired: consentRequired,
|
|
3778
|
-
interactionRequired: interactionRequired,
|
|
3779
|
-
interruptedUser: interruptedUser,
|
|
3780
|
-
loginRequired: loginRequired,
|
|
3781
|
-
nativeAccountUnavailable: nativeAccountUnavailable,
|
|
3782
|
-
noTokensFound: noTokensFound,
|
|
3783
|
-
refreshTokenExpired: refreshTokenExpired,
|
|
3784
|
-
uxNotAllowed: uxNotAllowed
|
|
3785
|
-
});
|
|
3786
|
-
|
|
3787
|
-
/*! @azure/msal-common v16.4.0 2026-03-27 */
|
|
3788
|
-
|
|
3789
|
-
/*
|
|
3790
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3791
|
-
* Licensed under the MIT License.
|
|
3792
|
-
*/
|
|
3793
|
-
/**
|
|
3794
|
-
* InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required
|
|
3795
|
-
*/
|
|
3796
|
-
const InteractionRequiredServerErrorMessage = [
|
|
3797
|
-
interactionRequired,
|
|
3798
|
-
consentRequired,
|
|
3799
|
-
loginRequired,
|
|
3800
|
-
badToken,
|
|
3801
|
-
uxNotAllowed,
|
|
3802
|
-
interruptedUser,
|
|
3803
|
-
];
|
|
3804
|
-
const InteractionRequiredAuthSubErrorMessage = [
|
|
3805
|
-
"message_only",
|
|
3806
|
-
"additional_action",
|
|
3807
|
-
"basic_action",
|
|
3808
|
-
"user_password_expired",
|
|
3809
|
-
"consent_required",
|
|
3810
|
-
"bad_token",
|
|
3811
|
-
"ux_not_allowed",
|
|
3812
|
-
"interrupted_user",
|
|
3813
|
-
];
|
|
3814
|
-
/**
|
|
3815
|
-
* Error thrown when user interaction is required.
|
|
3816
|
-
*/
|
|
3817
|
-
class InteractionRequiredAuthError extends AuthError {
|
|
3818
|
-
constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
|
|
3819
|
-
super(errorCode, errorMessage, subError);
|
|
3820
|
-
Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
|
|
3821
|
-
this.timestamp = timestamp || "";
|
|
3822
|
-
this.traceId = traceId || "";
|
|
3823
|
-
this.correlationId = correlationId || "";
|
|
3824
|
-
this.claims = claims || "";
|
|
3825
|
-
this.name = "InteractionRequiredAuthError";
|
|
3826
|
-
this.errorNo = errorNo;
|
|
3827
|
-
}
|
|
3828
|
-
}
|
|
3829
|
-
/**
|
|
3830
|
-
* Helper function used to determine if an error thrown by the server requires interaction to resolve
|
|
3831
|
-
* @param errorCode
|
|
3832
|
-
* @param errorString
|
|
3833
|
-
* @param subError
|
|
3834
|
-
*/
|
|
3835
|
-
function isInteractionRequiredError(errorCode, errorString, subError) {
|
|
3836
|
-
const isInteractionRequiredErrorCode = !!errorCode &&
|
|
3837
|
-
InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;
|
|
3838
|
-
const isInteractionRequiredSubError = !!subError &&
|
|
3839
|
-
InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
|
|
3840
|
-
const isInteractionRequiredErrorDesc = !!errorString &&
|
|
3841
|
-
InteractionRequiredServerErrorMessage.some((irErrorCode) => {
|
|
3842
|
-
return errorString.indexOf(irErrorCode) > -1;
|
|
3843
|
-
});
|
|
3844
|
-
return (isInteractionRequiredErrorCode ||
|
|
3845
|
-
isInteractionRequiredErrorDesc ||
|
|
3846
|
-
isInteractionRequiredSubError);
|
|
3847
|
-
}
|
|
3848
|
-
/**
|
|
3849
|
-
* Creates an InteractionRequiredAuthError
|
|
3850
|
-
*/
|
|
3851
|
-
function createInteractionRequiredAuthError(errorCode, errorMessage) {
|
|
3852
|
-
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
3853
|
-
}
|
|
3854
|
-
|
|
3855
|
-
/*! @azure/msal-common v16.4.0 2026-03-27 */
|
|
3856
|
-
|
|
3716
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3857
3717
|
/*
|
|
3858
3718
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3859
3719
|
* Licensed under the MIT License.
|
|
3860
3720
|
*/
|
|
3861
3721
|
/**
|
|
3862
|
-
*
|
|
3863
|
-
*
|
|
3864
|
-
|
|
3865
|
-
|
|
3866
|
-
|
|
3867
|
-
|
|
3868
|
-
const libraryState = generateLibraryState(cryptoObj, meta);
|
|
3869
|
-
return userState
|
|
3870
|
-
? `${libraryState}${RESOURCE_DELIM}${userState}`
|
|
3871
|
-
: libraryState;
|
|
3872
|
-
}
|
|
3873
|
-
/**
|
|
3874
|
-
* Generates the state value used by the common library.
|
|
3875
|
-
* @param cryptoObj
|
|
3876
|
-
* @param meta
|
|
3877
|
-
*/
|
|
3878
|
-
function generateLibraryState(cryptoObj, meta) {
|
|
3879
|
-
if (!cryptoObj) {
|
|
3880
|
-
throw createClientAuthError(noCryptoObject);
|
|
3881
|
-
}
|
|
3882
|
-
// Create a state object containing a unique id and the timestamp of the request creation
|
|
3883
|
-
const stateObj = {
|
|
3884
|
-
id: cryptoObj.createNewGuid(),
|
|
3885
|
-
};
|
|
3886
|
-
if (meta) {
|
|
3887
|
-
stateObj.meta = meta;
|
|
3888
|
-
}
|
|
3889
|
-
const stateString = JSON.stringify(stateObj);
|
|
3890
|
-
return cryptoObj.base64Encode(stateString);
|
|
3891
|
-
}
|
|
3892
|
-
/**
|
|
3893
|
-
* Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.
|
|
3894
|
-
* @param base64Decode
|
|
3895
|
-
* @param state
|
|
3896
|
-
*/
|
|
3897
|
-
function parseRequestState(base64Decode, state) {
|
|
3898
|
-
if (!base64Decode) {
|
|
3899
|
-
throw createClientAuthError(noCryptoObject);
|
|
3900
|
-
}
|
|
3901
|
-
if (!state) {
|
|
3902
|
-
throw createClientAuthError(invalidState);
|
|
3722
|
+
* This class instance helps track the memory changes facilitating
|
|
3723
|
+
* decisions to read from and write to the persistent cache
|
|
3724
|
+
*/ class TokenCacheContext {
|
|
3725
|
+
constructor(tokenCache, hasChanged) {
|
|
3726
|
+
this.cache = tokenCache;
|
|
3727
|
+
this.hasChanged = hasChanged;
|
|
3903
3728
|
}
|
|
3904
|
-
|
|
3905
|
-
|
|
3906
|
-
|
|
3907
|
-
|
|
3908
|
-
|
|
3909
|
-
? splitState.slice(1).join(RESOURCE_DELIM)
|
|
3910
|
-
: "";
|
|
3911
|
-
const libraryStateString = base64Decode(libraryState);
|
|
3912
|
-
const libraryStateObj = JSON.parse(libraryStateString);
|
|
3913
|
-
return {
|
|
3914
|
-
userRequestState: userState || "",
|
|
3915
|
-
libraryState: libraryStateObj,
|
|
3916
|
-
};
|
|
3729
|
+
/**
|
|
3730
|
+
* boolean which indicates the changes in cache
|
|
3731
|
+
*/
|
|
3732
|
+
get cacheHasChanged() {
|
|
3733
|
+
return this.hasChanged;
|
|
3917
3734
|
}
|
|
3918
|
-
|
|
3919
|
-
|
|
3735
|
+
/**
|
|
3736
|
+
* function to retrieve the token cache
|
|
3737
|
+
*/
|
|
3738
|
+
get tokenCache() {
|
|
3739
|
+
return this.cache;
|
|
3920
3740
|
}
|
|
3921
3741
|
}
|
|
3922
3742
|
|
|
3923
|
-
/*! @azure/msal-common v16.
|
|
3743
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3924
3744
|
/*
|
|
3925
3745
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3926
3746
|
* Licensed under the MIT License.
|
|
@@ -3985,21 +3805,280 @@ function wasClockTurnedBack(cachedAt) {
|
|
|
3985
3805
|
return cachedAtSec > nowSeconds();
|
|
3986
3806
|
}
|
|
3987
3807
|
|
|
3988
|
-
/*! @azure/msal-common v16.
|
|
3808
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3809
|
+
|
|
3989
3810
|
/*
|
|
3990
3811
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3991
3812
|
* Licensed under the MIT License.
|
|
3992
3813
|
*/
|
|
3993
3814
|
/**
|
|
3994
|
-
*
|
|
3995
|
-
|
|
3996
|
-
|
|
3997
|
-
|
|
3998
|
-
|
|
3999
|
-
/**
|
|
4000
|
-
* Time spent on the network for refresh token acquisition
|
|
3815
|
+
* Create IdTokenEntity
|
|
3816
|
+
* @param homeAccountId
|
|
3817
|
+
* @param authenticationResult
|
|
3818
|
+
* @param clientId
|
|
3819
|
+
* @param authority
|
|
4001
3820
|
*/
|
|
4002
|
-
|
|
3821
|
+
function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
|
|
3822
|
+
const idTokenEntity = {
|
|
3823
|
+
credentialType: CredentialType.ID_TOKEN,
|
|
3824
|
+
homeAccountId: homeAccountId,
|
|
3825
|
+
environment: environment,
|
|
3826
|
+
clientId: clientId,
|
|
3827
|
+
secret: idToken,
|
|
3828
|
+
realm: tenantId,
|
|
3829
|
+
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
3830
|
+
};
|
|
3831
|
+
return idTokenEntity;
|
|
3832
|
+
}
|
|
3833
|
+
/**
|
|
3834
|
+
* Create AccessTokenEntity
|
|
3835
|
+
* @param homeAccountId
|
|
3836
|
+
* @param environment
|
|
3837
|
+
* @param accessToken
|
|
3838
|
+
* @param clientId
|
|
3839
|
+
* @param tenantId
|
|
3840
|
+
* @param scopes
|
|
3841
|
+
* @param expiresOn
|
|
3842
|
+
* @param extExpiresOn
|
|
3843
|
+
*/
|
|
3844
|
+
function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId) {
|
|
3845
|
+
const atEntity = {
|
|
3846
|
+
homeAccountId: homeAccountId,
|
|
3847
|
+
credentialType: CredentialType.ACCESS_TOKEN,
|
|
3848
|
+
secret: accessToken,
|
|
3849
|
+
cachedAt: nowSeconds().toString(),
|
|
3850
|
+
expiresOn: expiresOn.toString(),
|
|
3851
|
+
extendedExpiresOn: extExpiresOn.toString(),
|
|
3852
|
+
environment: environment,
|
|
3853
|
+
clientId: clientId,
|
|
3854
|
+
realm: tenantId,
|
|
3855
|
+
target: scopes,
|
|
3856
|
+
tokenType: tokenType || AuthenticationScheme$1.BEARER,
|
|
3857
|
+
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
3858
|
+
};
|
|
3859
|
+
if (userAssertionHash) {
|
|
3860
|
+
atEntity.userAssertionHash = userAssertionHash;
|
|
3861
|
+
}
|
|
3862
|
+
if (refreshOn) {
|
|
3863
|
+
atEntity.refreshOn = refreshOn.toString();
|
|
3864
|
+
}
|
|
3865
|
+
/*
|
|
3866
|
+
* Create Access Token With Auth Scheme instead of regular access token
|
|
3867
|
+
* Cast to lower to handle "bearer" from ADFS
|
|
3868
|
+
*/
|
|
3869
|
+
if (atEntity.tokenType?.toLowerCase() !==
|
|
3870
|
+
AuthenticationScheme$1.BEARER.toLowerCase()) {
|
|
3871
|
+
atEntity.credentialType =
|
|
3872
|
+
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
|
|
3873
|
+
switch (atEntity.tokenType) {
|
|
3874
|
+
case AuthenticationScheme$1.POP:
|
|
3875
|
+
// Make sure keyId is present and add it to credential
|
|
3876
|
+
const tokenClaims = extractTokenClaims(accessToken, base64Decode);
|
|
3877
|
+
if (!tokenClaims?.cnf?.kid) {
|
|
3878
|
+
throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
|
|
3879
|
+
}
|
|
3880
|
+
atEntity.keyId = tokenClaims.cnf.kid;
|
|
3881
|
+
break;
|
|
3882
|
+
case AuthenticationScheme$1.SSH:
|
|
3883
|
+
atEntity.keyId = keyId;
|
|
3884
|
+
}
|
|
3885
|
+
}
|
|
3886
|
+
return atEntity;
|
|
3887
|
+
}
|
|
3888
|
+
/**
|
|
3889
|
+
* Create RefreshTokenEntity
|
|
3890
|
+
* @param homeAccountId
|
|
3891
|
+
* @param authenticationResult
|
|
3892
|
+
* @param clientId
|
|
3893
|
+
* @param authority
|
|
3894
|
+
*/
|
|
3895
|
+
function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
|
|
3896
|
+
const rtEntity = {
|
|
3897
|
+
credentialType: CredentialType.REFRESH_TOKEN,
|
|
3898
|
+
homeAccountId: homeAccountId,
|
|
3899
|
+
environment: environment,
|
|
3900
|
+
clientId: clientId,
|
|
3901
|
+
secret: refreshToken,
|
|
3902
|
+
lastUpdatedAt: Date.now().toString(),
|
|
3903
|
+
};
|
|
3904
|
+
if (userAssertionHash) {
|
|
3905
|
+
rtEntity.userAssertionHash = userAssertionHash;
|
|
3906
|
+
}
|
|
3907
|
+
if (familyId) {
|
|
3908
|
+
rtEntity.familyId = familyId;
|
|
3909
|
+
}
|
|
3910
|
+
if (expiresOn) {
|
|
3911
|
+
rtEntity.expiresOn = expiresOn.toString();
|
|
3912
|
+
}
|
|
3913
|
+
return rtEntity;
|
|
3914
|
+
}
|
|
3915
|
+
function isCredentialEntity(entity) {
|
|
3916
|
+
return (entity.hasOwnProperty("homeAccountId") &&
|
|
3917
|
+
entity.hasOwnProperty("environment") &&
|
|
3918
|
+
entity.hasOwnProperty("credentialType") &&
|
|
3919
|
+
entity.hasOwnProperty("clientId") &&
|
|
3920
|
+
entity.hasOwnProperty("secret"));
|
|
3921
|
+
}
|
|
3922
|
+
/**
|
|
3923
|
+
* Validates an entity: checks for all expected params
|
|
3924
|
+
* @param entity
|
|
3925
|
+
*/
|
|
3926
|
+
function isAccessTokenEntity(entity) {
|
|
3927
|
+
if (!entity) {
|
|
3928
|
+
return false;
|
|
3929
|
+
}
|
|
3930
|
+
return (isCredentialEntity(entity) &&
|
|
3931
|
+
entity.hasOwnProperty("realm") &&
|
|
3932
|
+
entity.hasOwnProperty("target") &&
|
|
3933
|
+
(entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
|
|
3934
|
+
entity["credentialType"] ===
|
|
3935
|
+
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
|
|
3936
|
+
}
|
|
3937
|
+
/**
|
|
3938
|
+
* Validates an entity: checks for all expected params
|
|
3939
|
+
* @param entity
|
|
3940
|
+
*/
|
|
3941
|
+
function isIdTokenEntity(entity) {
|
|
3942
|
+
if (!entity) {
|
|
3943
|
+
return false;
|
|
3944
|
+
}
|
|
3945
|
+
return (isCredentialEntity(entity) &&
|
|
3946
|
+
entity.hasOwnProperty("realm") &&
|
|
3947
|
+
entity["credentialType"] === CredentialType.ID_TOKEN);
|
|
3948
|
+
}
|
|
3949
|
+
/**
|
|
3950
|
+
* Validates an entity: checks for all expected params
|
|
3951
|
+
* @param entity
|
|
3952
|
+
*/
|
|
3953
|
+
function isRefreshTokenEntity(entity) {
|
|
3954
|
+
if (!entity) {
|
|
3955
|
+
return false;
|
|
3956
|
+
}
|
|
3957
|
+
return (isCredentialEntity(entity) &&
|
|
3958
|
+
entity["credentialType"] === CredentialType.REFRESH_TOKEN);
|
|
3959
|
+
}
|
|
3960
|
+
/**
|
|
3961
|
+
* validates if a given cache entry is "Telemetry", parses <key,value>
|
|
3962
|
+
* @param key
|
|
3963
|
+
* @param entity
|
|
3964
|
+
*/
|
|
3965
|
+
function isServerTelemetryEntity(key, entity) {
|
|
3966
|
+
const validateKey = key.indexOf(SERVER_TELEM_CACHE_KEY) === 0;
|
|
3967
|
+
let validateEntity = true;
|
|
3968
|
+
if (entity) {
|
|
3969
|
+
validateEntity =
|
|
3970
|
+
entity.hasOwnProperty("failedRequests") &&
|
|
3971
|
+
entity.hasOwnProperty("errors") &&
|
|
3972
|
+
entity.hasOwnProperty("cacheHits");
|
|
3973
|
+
}
|
|
3974
|
+
return validateKey && validateEntity;
|
|
3975
|
+
}
|
|
3976
|
+
/**
|
|
3977
|
+
* validates if a given cache entry is "Throttling", parses <key,value>
|
|
3978
|
+
* @param key
|
|
3979
|
+
* @param entity
|
|
3980
|
+
*/
|
|
3981
|
+
function isThrottlingEntity(key, entity) {
|
|
3982
|
+
let validateKey = false;
|
|
3983
|
+
if (key) {
|
|
3984
|
+
validateKey = key.indexOf(THROTTLING_PREFIX) === 0;
|
|
3985
|
+
}
|
|
3986
|
+
let validateEntity = true;
|
|
3987
|
+
if (entity) {
|
|
3988
|
+
validateEntity = entity.hasOwnProperty("throttleTime");
|
|
3989
|
+
}
|
|
3990
|
+
return validateKey && validateEntity;
|
|
3991
|
+
}
|
|
3992
|
+
/**
|
|
3993
|
+
* Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
|
|
3994
|
+
*/
|
|
3995
|
+
function generateAppMetadataKey({ environment, clientId, }) {
|
|
3996
|
+
const appMetaDataKeyArray = [
|
|
3997
|
+
APP_METADATA,
|
|
3998
|
+
environment,
|
|
3999
|
+
clientId,
|
|
4000
|
+
];
|
|
4001
|
+
return appMetaDataKeyArray
|
|
4002
|
+
.join(CACHE_KEY_SEPARATOR$1)
|
|
4003
|
+
.toLowerCase();
|
|
4004
|
+
}
|
|
4005
|
+
/*
|
|
4006
|
+
* Validates an entity: checks for all expected params
|
|
4007
|
+
* @param entity
|
|
4008
|
+
*/
|
|
4009
|
+
function isAppMetadataEntity(key, entity) {
|
|
4010
|
+
if (!entity) {
|
|
4011
|
+
return false;
|
|
4012
|
+
}
|
|
4013
|
+
return (key.indexOf(APP_METADATA) === 0 &&
|
|
4014
|
+
entity.hasOwnProperty("clientId") &&
|
|
4015
|
+
entity.hasOwnProperty("environment"));
|
|
4016
|
+
}
|
|
4017
|
+
/**
|
|
4018
|
+
* Validates an entity: checks for all expected params
|
|
4019
|
+
* @param entity
|
|
4020
|
+
*/
|
|
4021
|
+
function isAuthorityMetadataEntity(key, entity) {
|
|
4022
|
+
if (!entity) {
|
|
4023
|
+
return false;
|
|
4024
|
+
}
|
|
4025
|
+
return (key.indexOf(AUTHORITY_METADATA_CACHE_KEY) === 0 &&
|
|
4026
|
+
entity.hasOwnProperty("aliases") &&
|
|
4027
|
+
entity.hasOwnProperty("preferred_cache") &&
|
|
4028
|
+
entity.hasOwnProperty("preferred_network") &&
|
|
4029
|
+
entity.hasOwnProperty("canonical_authority") &&
|
|
4030
|
+
entity.hasOwnProperty("authorization_endpoint") &&
|
|
4031
|
+
entity.hasOwnProperty("token_endpoint") &&
|
|
4032
|
+
entity.hasOwnProperty("issuer") &&
|
|
4033
|
+
entity.hasOwnProperty("aliasesFromNetwork") &&
|
|
4034
|
+
entity.hasOwnProperty("endpointsFromNetwork") &&
|
|
4035
|
+
entity.hasOwnProperty("expiresAt") &&
|
|
4036
|
+
entity.hasOwnProperty("jwks_uri"));
|
|
4037
|
+
}
|
|
4038
|
+
/**
|
|
4039
|
+
* Reset the exiresAt value
|
|
4040
|
+
*/
|
|
4041
|
+
function generateAuthorityMetadataExpiresAt() {
|
|
4042
|
+
return (nowSeconds() +
|
|
4043
|
+
AUTHORITY_METADATA_REFRESH_TIME_SECONDS);
|
|
4044
|
+
}
|
|
4045
|
+
function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
|
|
4046
|
+
authorityMetadata.authorization_endpoint =
|
|
4047
|
+
updatedValues.authorization_endpoint;
|
|
4048
|
+
authorityMetadata.token_endpoint = updatedValues.token_endpoint;
|
|
4049
|
+
authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
|
|
4050
|
+
authorityMetadata.issuer = updatedValues.issuer;
|
|
4051
|
+
authorityMetadata.endpointsFromNetwork = fromNetwork;
|
|
4052
|
+
authorityMetadata.jwks_uri = updatedValues.jwks_uri;
|
|
4053
|
+
}
|
|
4054
|
+
function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
|
|
4055
|
+
authorityMetadata.aliases = updatedValues.aliases;
|
|
4056
|
+
authorityMetadata.preferred_cache = updatedValues.preferred_cache;
|
|
4057
|
+
authorityMetadata.preferred_network = updatedValues.preferred_network;
|
|
4058
|
+
authorityMetadata.aliasesFromNetwork = fromNetwork;
|
|
4059
|
+
}
|
|
4060
|
+
/**
|
|
4061
|
+
* Returns whether or not the data needs to be refreshed
|
|
4062
|
+
*/
|
|
4063
|
+
function isAuthorityMetadataExpired(metadata) {
|
|
4064
|
+
return metadata.expiresAt <= nowSeconds();
|
|
4065
|
+
}
|
|
4066
|
+
|
|
4067
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4068
|
+
/*
|
|
4069
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4070
|
+
* Licensed under the MIT License.
|
|
4071
|
+
*/
|
|
4072
|
+
/**
|
|
4073
|
+
* Time spent sending/waiting for the response of a request to the token endpoint
|
|
4074
|
+
*/
|
|
4075
|
+
const NetworkClientSendPostRequestAsync = "networkClientSendPostRequestAsync";
|
|
4076
|
+
const RefreshTokenClientExecutePostToTokenEndpoint = "refreshTokenClientExecutePostToTokenEndpoint";
|
|
4077
|
+
const AuthorizationCodeClientExecutePostToTokenEndpoint = "authorizationCodeClientExecutePostToTokenEndpoint";
|
|
4078
|
+
/**
|
|
4079
|
+
* Time spent on the network for refresh token acquisition
|
|
4080
|
+
*/
|
|
4081
|
+
const RefreshTokenClientExecuteTokenRequest = "refreshTokenClientExecuteTokenRequest";
|
|
4003
4082
|
/**
|
|
4004
4083
|
* Time taken for acquiring refresh token , records RT size
|
|
4005
4084
|
*/
|
|
@@ -4056,7 +4135,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
|
|
|
4056
4135
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
4057
4136
|
const SetUserData = "setUserData";
|
|
4058
4137
|
|
|
4059
|
-
/*! @azure/msal-common v16.
|
|
4138
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4060
4139
|
/*
|
|
4061
4140
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4062
4141
|
* Licensed under the MIT License.
|
|
@@ -4149,7 +4228,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
|
|
|
4149
4228
|
};
|
|
4150
4229
|
};
|
|
4151
4230
|
|
|
4152
|
-
/*! @azure/msal-common v16.
|
|
4231
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4153
4232
|
|
|
4154
4233
|
/*
|
|
4155
4234
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4229,293 +4308,226 @@ class PopTokenGenerator {
|
|
|
4229
4308
|
}
|
|
4230
4309
|
}
|
|
4231
4310
|
|
|
4232
|
-
/*! @azure/msal-common v16.
|
|
4311
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4233
4312
|
/*
|
|
4234
4313
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4235
4314
|
* Licensed under the MIT License.
|
|
4236
4315
|
*/
|
|
4237
4316
|
/**
|
|
4238
|
-
*
|
|
4239
|
-
*
|
|
4240
|
-
*/ class TokenCacheContext {
|
|
4241
|
-
constructor(tokenCache, hasChanged) {
|
|
4242
|
-
this.cache = tokenCache;
|
|
4243
|
-
this.hasChanged = hasChanged;
|
|
4244
|
-
}
|
|
4245
|
-
/**
|
|
4246
|
-
* boolean which indicates the changes in cache
|
|
4247
|
-
*/
|
|
4248
|
-
get cacheHasChanged() {
|
|
4249
|
-
return this.hasChanged;
|
|
4250
|
-
}
|
|
4251
|
-
/**
|
|
4252
|
-
* function to retrieve the token cache
|
|
4253
|
-
*/
|
|
4254
|
-
get tokenCache() {
|
|
4255
|
-
return this.cache;
|
|
4256
|
-
}
|
|
4257
|
-
}
|
|
4258
|
-
|
|
4259
|
-
/*! @azure/msal-common v16.4.0 2026-03-27 */
|
|
4260
|
-
|
|
4261
|
-
/*
|
|
4262
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4263
|
-
* Licensed under the MIT License.
|
|
4317
|
+
* MSAL-defined interaction required error code indicating no tokens are found in cache.
|
|
4318
|
+
* @public
|
|
4264
4319
|
*/
|
|
4320
|
+
const noTokensFound = "no_tokens_found";
|
|
4265
4321
|
/**
|
|
4266
|
-
*
|
|
4267
|
-
* @
|
|
4268
|
-
* @param authenticationResult
|
|
4269
|
-
* @param clientId
|
|
4270
|
-
* @param authority
|
|
4322
|
+
* MSAL-defined error code indicating a native account is unavailable on the platform.
|
|
4323
|
+
* @public
|
|
4271
4324
|
*/
|
|
4272
|
-
|
|
4273
|
-
const idTokenEntity = {
|
|
4274
|
-
credentialType: CredentialType.ID_TOKEN,
|
|
4275
|
-
homeAccountId: homeAccountId,
|
|
4276
|
-
environment: environment,
|
|
4277
|
-
clientId: clientId,
|
|
4278
|
-
secret: idToken,
|
|
4279
|
-
realm: tenantId,
|
|
4280
|
-
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
4281
|
-
};
|
|
4282
|
-
return idTokenEntity;
|
|
4283
|
-
}
|
|
4325
|
+
const nativeAccountUnavailable = "native_account_unavailable";
|
|
4284
4326
|
/**
|
|
4285
|
-
*
|
|
4286
|
-
* @
|
|
4287
|
-
* @param environment
|
|
4288
|
-
* @param accessToken
|
|
4289
|
-
* @param clientId
|
|
4290
|
-
* @param tenantId
|
|
4291
|
-
* @param scopes
|
|
4292
|
-
* @param expiresOn
|
|
4293
|
-
* @param extExpiresOn
|
|
4327
|
+
* MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
|
|
4328
|
+
* @public
|
|
4294
4329
|
*/
|
|
4295
|
-
|
|
4296
|
-
const atEntity = {
|
|
4297
|
-
homeAccountId: homeAccountId,
|
|
4298
|
-
credentialType: CredentialType.ACCESS_TOKEN,
|
|
4299
|
-
secret: accessToken,
|
|
4300
|
-
cachedAt: nowSeconds().toString(),
|
|
4301
|
-
expiresOn: expiresOn.toString(),
|
|
4302
|
-
extendedExpiresOn: extExpiresOn.toString(),
|
|
4303
|
-
environment: environment,
|
|
4304
|
-
clientId: clientId,
|
|
4305
|
-
realm: tenantId,
|
|
4306
|
-
target: scopes,
|
|
4307
|
-
tokenType: tokenType || AuthenticationScheme$1.BEARER,
|
|
4308
|
-
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
4309
|
-
};
|
|
4310
|
-
if (userAssertionHash) {
|
|
4311
|
-
atEntity.userAssertionHash = userAssertionHash;
|
|
4312
|
-
}
|
|
4313
|
-
if (refreshOn) {
|
|
4314
|
-
atEntity.refreshOn = refreshOn.toString();
|
|
4315
|
-
}
|
|
4316
|
-
/*
|
|
4317
|
-
* Create Access Token With Auth Scheme instead of regular access token
|
|
4318
|
-
* Cast to lower to handle "bearer" from ADFS
|
|
4319
|
-
*/
|
|
4320
|
-
if (atEntity.tokenType?.toLowerCase() !==
|
|
4321
|
-
AuthenticationScheme$1.BEARER.toLowerCase()) {
|
|
4322
|
-
atEntity.credentialType =
|
|
4323
|
-
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
|
|
4324
|
-
switch (atEntity.tokenType) {
|
|
4325
|
-
case AuthenticationScheme$1.POP:
|
|
4326
|
-
// Make sure keyId is present and add it to credential
|
|
4327
|
-
const tokenClaims = extractTokenClaims(accessToken, base64Decode);
|
|
4328
|
-
if (!tokenClaims?.cnf?.kid) {
|
|
4329
|
-
throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
|
|
4330
|
-
}
|
|
4331
|
-
atEntity.keyId = tokenClaims.cnf.kid;
|
|
4332
|
-
break;
|
|
4333
|
-
case AuthenticationScheme$1.SSH:
|
|
4334
|
-
atEntity.keyId = keyId;
|
|
4335
|
-
}
|
|
4336
|
-
}
|
|
4337
|
-
return atEntity;
|
|
4338
|
-
}
|
|
4330
|
+
const refreshTokenExpired = "refresh_token_expired";
|
|
4339
4331
|
/**
|
|
4340
|
-
*
|
|
4341
|
-
* @
|
|
4342
|
-
* @param authenticationResult
|
|
4343
|
-
* @param clientId
|
|
4344
|
-
* @param authority
|
|
4332
|
+
* MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
|
|
4333
|
+
* @public
|
|
4345
4334
|
*/
|
|
4346
|
-
|
|
4347
|
-
const rtEntity = {
|
|
4348
|
-
credentialType: CredentialType.REFRESH_TOKEN,
|
|
4349
|
-
homeAccountId: homeAccountId,
|
|
4350
|
-
environment: environment,
|
|
4351
|
-
clientId: clientId,
|
|
4352
|
-
secret: refreshToken,
|
|
4353
|
-
lastUpdatedAt: Date.now().toString(),
|
|
4354
|
-
};
|
|
4355
|
-
if (userAssertionHash) {
|
|
4356
|
-
rtEntity.userAssertionHash = userAssertionHash;
|
|
4357
|
-
}
|
|
4358
|
-
if (familyId) {
|
|
4359
|
-
rtEntity.familyId = familyId;
|
|
4360
|
-
}
|
|
4361
|
-
if (expiresOn) {
|
|
4362
|
-
rtEntity.expiresOn = expiresOn.toString();
|
|
4363
|
-
}
|
|
4364
|
-
return rtEntity;
|
|
4365
|
-
}
|
|
4366
|
-
function isCredentialEntity(entity) {
|
|
4367
|
-
return (entity.hasOwnProperty("homeAccountId") &&
|
|
4368
|
-
entity.hasOwnProperty("environment") &&
|
|
4369
|
-
entity.hasOwnProperty("credentialType") &&
|
|
4370
|
-
entity.hasOwnProperty("clientId") &&
|
|
4371
|
-
entity.hasOwnProperty("secret"));
|
|
4372
|
-
}
|
|
4335
|
+
const uxNotAllowed = "ux_not_allowed";
|
|
4373
4336
|
/**
|
|
4374
|
-
*
|
|
4375
|
-
* @
|
|
4337
|
+
* Server-originated error code indicating interaction is required to complete the request.
|
|
4338
|
+
* @public
|
|
4376
4339
|
*/
|
|
4377
|
-
|
|
4378
|
-
if (!entity) {
|
|
4379
|
-
return false;
|
|
4380
|
-
}
|
|
4381
|
-
return (isCredentialEntity(entity) &&
|
|
4382
|
-
entity.hasOwnProperty("realm") &&
|
|
4383
|
-
entity.hasOwnProperty("target") &&
|
|
4384
|
-
(entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
|
|
4385
|
-
entity["credentialType"] ===
|
|
4386
|
-
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
|
|
4387
|
-
}
|
|
4340
|
+
const interactionRequired = "interaction_required";
|
|
4388
4341
|
/**
|
|
4389
|
-
*
|
|
4390
|
-
* @
|
|
4342
|
+
* Server-originated error code indicating user consent is required.
|
|
4343
|
+
* @public
|
|
4391
4344
|
*/
|
|
4392
|
-
|
|
4393
|
-
if (!entity) {
|
|
4394
|
-
return false;
|
|
4395
|
-
}
|
|
4396
|
-
return (isCredentialEntity(entity) &&
|
|
4397
|
-
entity.hasOwnProperty("realm") &&
|
|
4398
|
-
entity["credentialType"] === CredentialType.ID_TOKEN);
|
|
4399
|
-
}
|
|
4345
|
+
const consentRequired = "consent_required";
|
|
4400
4346
|
/**
|
|
4401
|
-
*
|
|
4402
|
-
* @
|
|
4347
|
+
* Server-originated error code indicating user login is required.
|
|
4348
|
+
* @public
|
|
4403
4349
|
*/
|
|
4404
|
-
|
|
4405
|
-
if (!entity) {
|
|
4406
|
-
return false;
|
|
4407
|
-
}
|
|
4408
|
-
return (isCredentialEntity(entity) &&
|
|
4409
|
-
entity["credentialType"] === CredentialType.REFRESH_TOKEN);
|
|
4410
|
-
}
|
|
4350
|
+
const loginRequired = "login_required";
|
|
4411
4351
|
/**
|
|
4412
|
-
*
|
|
4413
|
-
* @
|
|
4414
|
-
* @param entity
|
|
4352
|
+
* Server-originated error code indicating the token is invalid or corrupted.
|
|
4353
|
+
* @public
|
|
4415
4354
|
*/
|
|
4416
|
-
|
|
4417
|
-
const validateKey = key.indexOf(SERVER_TELEM_CACHE_KEY) === 0;
|
|
4418
|
-
let validateEntity = true;
|
|
4419
|
-
if (entity) {
|
|
4420
|
-
validateEntity =
|
|
4421
|
-
entity.hasOwnProperty("failedRequests") &&
|
|
4422
|
-
entity.hasOwnProperty("errors") &&
|
|
4423
|
-
entity.hasOwnProperty("cacheHits");
|
|
4424
|
-
}
|
|
4425
|
-
return validateKey && validateEntity;
|
|
4426
|
-
}
|
|
4355
|
+
const badToken = "bad_token";
|
|
4427
4356
|
/**
|
|
4428
|
-
*
|
|
4429
|
-
* @
|
|
4430
|
-
* @param entity
|
|
4357
|
+
* Server-originated error code indicating the user is in an interrupted state and interaction is required.
|
|
4358
|
+
* @public
|
|
4431
4359
|
*/
|
|
4432
|
-
|
|
4433
|
-
|
|
4434
|
-
|
|
4435
|
-
|
|
4436
|
-
|
|
4437
|
-
|
|
4438
|
-
|
|
4439
|
-
|
|
4360
|
+
const interruptedUser = "interrupted_user";
|
|
4361
|
+
|
|
4362
|
+
var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
4363
|
+
__proto__: null,
|
|
4364
|
+
badToken: badToken,
|
|
4365
|
+
consentRequired: consentRequired,
|
|
4366
|
+
interactionRequired: interactionRequired,
|
|
4367
|
+
interruptedUser: interruptedUser,
|
|
4368
|
+
loginRequired: loginRequired,
|
|
4369
|
+
nativeAccountUnavailable: nativeAccountUnavailable,
|
|
4370
|
+
noTokensFound: noTokensFound,
|
|
4371
|
+
refreshTokenExpired: refreshTokenExpired,
|
|
4372
|
+
uxNotAllowed: uxNotAllowed
|
|
4373
|
+
});
|
|
4374
|
+
|
|
4375
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4376
|
+
|
|
4377
|
+
/*
|
|
4378
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4379
|
+
* Licensed under the MIT License.
|
|
4380
|
+
*/
|
|
4381
|
+
/**
|
|
4382
|
+
* InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required
|
|
4383
|
+
*/
|
|
4384
|
+
const InteractionRequiredServerErrorMessage = [
|
|
4385
|
+
interactionRequired,
|
|
4386
|
+
consentRequired,
|
|
4387
|
+
loginRequired,
|
|
4388
|
+
badToken,
|
|
4389
|
+
uxNotAllowed,
|
|
4390
|
+
interruptedUser,
|
|
4391
|
+
];
|
|
4392
|
+
const InteractionRequiredAuthSubErrorMessage = [
|
|
4393
|
+
"message_only",
|
|
4394
|
+
"additional_action",
|
|
4395
|
+
"basic_action",
|
|
4396
|
+
"user_password_expired",
|
|
4397
|
+
"consent_required",
|
|
4398
|
+
"bad_token",
|
|
4399
|
+
"ux_not_allowed",
|
|
4400
|
+
"interrupted_user",
|
|
4401
|
+
];
|
|
4402
|
+
/**
|
|
4403
|
+
* Error thrown when user interaction is required.
|
|
4404
|
+
*/
|
|
4405
|
+
class InteractionRequiredAuthError extends AuthError {
|
|
4406
|
+
constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
|
|
4407
|
+
super(errorCode, errorMessage, subError);
|
|
4408
|
+
Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
|
|
4409
|
+
this.timestamp = timestamp || "";
|
|
4410
|
+
this.traceId = traceId || "";
|
|
4411
|
+
this.correlationId = correlationId || "";
|
|
4412
|
+
this.claims = claims || "";
|
|
4413
|
+
this.name = "InteractionRequiredAuthError";
|
|
4414
|
+
this.errorNo = errorNo;
|
|
4440
4415
|
}
|
|
4441
|
-
return validateKey && validateEntity;
|
|
4442
4416
|
}
|
|
4443
4417
|
/**
|
|
4444
|
-
*
|
|
4418
|
+
* Helper function used to determine if an error thrown by the server requires interaction to resolve
|
|
4419
|
+
* @param errorCode
|
|
4420
|
+
* @param errorString
|
|
4421
|
+
* @param subError
|
|
4445
4422
|
*/
|
|
4446
|
-
function
|
|
4447
|
-
const
|
|
4448
|
-
|
|
4449
|
-
|
|
4450
|
-
|
|
4451
|
-
|
|
4452
|
-
|
|
4453
|
-
|
|
4454
|
-
|
|
4423
|
+
function isInteractionRequiredError(errorCode, errorString, subError) {
|
|
4424
|
+
const isInteractionRequiredErrorCode = !!errorCode &&
|
|
4425
|
+
InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;
|
|
4426
|
+
const isInteractionRequiredSubError = !!subError &&
|
|
4427
|
+
InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
|
|
4428
|
+
const isInteractionRequiredErrorDesc = !!errorString &&
|
|
4429
|
+
InteractionRequiredServerErrorMessage.some((irErrorCode) => {
|
|
4430
|
+
return errorString.indexOf(irErrorCode) > -1;
|
|
4431
|
+
});
|
|
4432
|
+
return (isInteractionRequiredErrorCode ||
|
|
4433
|
+
isInteractionRequiredErrorDesc ||
|
|
4434
|
+
isInteractionRequiredSubError);
|
|
4455
4435
|
}
|
|
4436
|
+
/**
|
|
4437
|
+
* Creates an InteractionRequiredAuthError
|
|
4438
|
+
*/
|
|
4439
|
+
function createInteractionRequiredAuthError(errorCode, errorMessage) {
|
|
4440
|
+
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4441
|
+
}
|
|
4442
|
+
|
|
4443
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4444
|
+
|
|
4456
4445
|
/*
|
|
4457
|
-
*
|
|
4458
|
-
*
|
|
4446
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4447
|
+
* Licensed under the MIT License.
|
|
4459
4448
|
*/
|
|
4460
|
-
function isAppMetadataEntity(key, entity) {
|
|
4461
|
-
if (!entity) {
|
|
4462
|
-
return false;
|
|
4463
|
-
}
|
|
4464
|
-
return (key.indexOf(APP_METADATA) === 0 &&
|
|
4465
|
-
entity.hasOwnProperty("clientId") &&
|
|
4466
|
-
entity.hasOwnProperty("environment"));
|
|
4467
|
-
}
|
|
4468
4449
|
/**
|
|
4469
|
-
*
|
|
4470
|
-
* @param entity
|
|
4450
|
+
* Error thrown when there is an error with the server code, for example, unavailability.
|
|
4471
4451
|
*/
|
|
4472
|
-
|
|
4473
|
-
|
|
4474
|
-
|
|
4452
|
+
class ServerError extends AuthError {
|
|
4453
|
+
constructor(errorCode, errorMessage, subError, errorNo, status) {
|
|
4454
|
+
super(errorCode, errorMessage, subError);
|
|
4455
|
+
this.name = "ServerError";
|
|
4456
|
+
this.errorNo = errorNo;
|
|
4457
|
+
this.status = status;
|
|
4458
|
+
Object.setPrototypeOf(this, ServerError.prototype);
|
|
4475
4459
|
}
|
|
4476
|
-
|
|
4477
|
-
|
|
4478
|
-
|
|
4479
|
-
|
|
4480
|
-
|
|
4481
|
-
|
|
4482
|
-
|
|
4483
|
-
|
|
4484
|
-
entity.hasOwnProperty("aliasesFromNetwork") &&
|
|
4485
|
-
entity.hasOwnProperty("endpointsFromNetwork") &&
|
|
4486
|
-
entity.hasOwnProperty("expiresAt") &&
|
|
4487
|
-
entity.hasOwnProperty("jwks_uri"));
|
|
4488
|
-
}
|
|
4460
|
+
}
|
|
4461
|
+
|
|
4462
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4463
|
+
|
|
4464
|
+
/*
|
|
4465
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4466
|
+
* Licensed under the MIT License.
|
|
4467
|
+
*/
|
|
4489
4468
|
/**
|
|
4490
|
-
*
|
|
4469
|
+
* Appends user state with random guid, or returns random guid.
|
|
4470
|
+
* @param cryptoObj
|
|
4471
|
+
* @param userState
|
|
4472
|
+
* @param meta
|
|
4491
4473
|
*/
|
|
4492
|
-
function
|
|
4493
|
-
|
|
4494
|
-
|
|
4495
|
-
}
|
|
4496
|
-
|
|
4497
|
-
authorityMetadata.authorization_endpoint =
|
|
4498
|
-
updatedValues.authorization_endpoint;
|
|
4499
|
-
authorityMetadata.token_endpoint = updatedValues.token_endpoint;
|
|
4500
|
-
authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
|
|
4501
|
-
authorityMetadata.issuer = updatedValues.issuer;
|
|
4502
|
-
authorityMetadata.endpointsFromNetwork = fromNetwork;
|
|
4503
|
-
authorityMetadata.jwks_uri = updatedValues.jwks_uri;
|
|
4474
|
+
function setRequestState(cryptoObj, userState, meta) {
|
|
4475
|
+
const libraryState = generateLibraryState(cryptoObj, meta);
|
|
4476
|
+
return userState
|
|
4477
|
+
? `${libraryState}${RESOURCE_DELIM}${userState}`
|
|
4478
|
+
: libraryState;
|
|
4504
4479
|
}
|
|
4505
|
-
|
|
4506
|
-
|
|
4507
|
-
|
|
4508
|
-
|
|
4509
|
-
|
|
4480
|
+
/**
|
|
4481
|
+
* Generates the state value used by the common library.
|
|
4482
|
+
* @param cryptoObj
|
|
4483
|
+
* @param meta
|
|
4484
|
+
*/
|
|
4485
|
+
function generateLibraryState(cryptoObj, meta) {
|
|
4486
|
+
if (!cryptoObj) {
|
|
4487
|
+
throw createClientAuthError(noCryptoObject);
|
|
4488
|
+
}
|
|
4489
|
+
// Create a state object containing a unique id and the timestamp of the request creation
|
|
4490
|
+
const stateObj = {
|
|
4491
|
+
id: cryptoObj.createNewGuid(),
|
|
4492
|
+
};
|
|
4493
|
+
if (meta) {
|
|
4494
|
+
stateObj.meta = meta;
|
|
4495
|
+
}
|
|
4496
|
+
const stateString = JSON.stringify(stateObj);
|
|
4497
|
+
return cryptoObj.base64Encode(stateString);
|
|
4510
4498
|
}
|
|
4511
4499
|
/**
|
|
4512
|
-
*
|
|
4500
|
+
* Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.
|
|
4501
|
+
* @param base64Decode
|
|
4502
|
+
* @param state
|
|
4513
4503
|
*/
|
|
4514
|
-
function
|
|
4515
|
-
|
|
4504
|
+
function parseRequestState(base64Decode, state) {
|
|
4505
|
+
if (!base64Decode) {
|
|
4506
|
+
throw createClientAuthError(noCryptoObject);
|
|
4507
|
+
}
|
|
4508
|
+
if (!state) {
|
|
4509
|
+
throw createClientAuthError(invalidState);
|
|
4510
|
+
}
|
|
4511
|
+
try {
|
|
4512
|
+
// Split the state between library state and user passed state and decode them separately
|
|
4513
|
+
const splitState = state.split(RESOURCE_DELIM);
|
|
4514
|
+
const libraryState = splitState[0];
|
|
4515
|
+
const userState = splitState.length > 1
|
|
4516
|
+
? splitState.slice(1).join(RESOURCE_DELIM)
|
|
4517
|
+
: "";
|
|
4518
|
+
const libraryStateString = base64Decode(libraryState);
|
|
4519
|
+
const libraryStateObj = JSON.parse(libraryStateString);
|
|
4520
|
+
return {
|
|
4521
|
+
userRequestState: userState || "",
|
|
4522
|
+
libraryState: libraryStateObj,
|
|
4523
|
+
};
|
|
4524
|
+
}
|
|
4525
|
+
catch (e) {
|
|
4526
|
+
throw createClientAuthError(invalidState);
|
|
4527
|
+
}
|
|
4516
4528
|
}
|
|
4517
4529
|
|
|
4518
|
-
/*! @azure/msal-common v16.
|
|
4530
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4519
4531
|
|
|
4520
4532
|
/*
|
|
4521
4533
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4671,7 +4683,7 @@ class ResponseHandler {
|
|
|
4671
4683
|
if (serverTokenResponse.id_token && !!idTokenClaims) {
|
|
4672
4684
|
cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || "");
|
|
4673
4685
|
cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, request.correlationId, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
|
|
4674
|
-
this.logger);
|
|
4686
|
+
this.logger, this.performanceClient);
|
|
4675
4687
|
}
|
|
4676
4688
|
// AccessToken
|
|
4677
4689
|
let cachedAccessToken = null;
|
|
@@ -4822,17 +4834,24 @@ class ResponseHandler {
|
|
|
4822
4834
|
};
|
|
4823
4835
|
}
|
|
4824
4836
|
}
|
|
4825
|
-
function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
|
|
4837
|
+
function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger, performanceClient) {
|
|
4826
4838
|
logger?.verbose("09jz0t", correlationId);
|
|
4827
|
-
|
|
4828
|
-
|
|
4829
|
-
|
|
4830
|
-
|
|
4831
|
-
|
|
4832
|
-
|
|
4833
|
-
|
|
4834
|
-
|
|
4839
|
+
/*
|
|
4840
|
+
* Check if base account is already cached. Filter by homeAccountId (identifies
|
|
4841
|
+
* the user's home identity) and environment (identifies the cloud) — the two
|
|
4842
|
+
* tenant-agnostic properties that uniquely locate a base AccountEntity.
|
|
4843
|
+
*/
|
|
4844
|
+
const accountEnvironment = environment || authority.getPreferredCache();
|
|
4845
|
+
const matchedAccounts = cacheStorage.getAccountsFilteredBy({ homeAccountId, environment: accountEnvironment }, correlationId);
|
|
4846
|
+
performanceClient?.addFields({ cacheMatchedAccounts: matchedAccounts.length }, correlationId);
|
|
4847
|
+
if (matchedAccounts.length > 1) {
|
|
4848
|
+
/*
|
|
4849
|
+
* Base accounts are expected to be unique for a given homeAccountId in normal cache usage.
|
|
4850
|
+
* If multiple matches exist, ignore the cache hit rather than arbitrarily choosing one.
|
|
4851
|
+
*/
|
|
4852
|
+
logger?.warning("0x7ad1", correlationId);
|
|
4835
4853
|
}
|
|
4854
|
+
const cachedAccount = matchedAccounts.length === 1 ? matchedAccounts[0] : null;
|
|
4836
4855
|
const baseAccount = cachedAccount ||
|
|
4837
4856
|
createAccountEntity({
|
|
4838
4857
|
homeAccountId,
|
|
@@ -4856,7 +4875,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
|
|
|
4856
4875
|
return baseAccount;
|
|
4857
4876
|
}
|
|
4858
4877
|
|
|
4859
|
-
/*! @azure/msal-common v16.
|
|
4878
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4860
4879
|
/*
|
|
4861
4880
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4862
4881
|
* Licensed under the MIT License.
|
|
@@ -4866,7 +4885,7 @@ const CcsCredentialType = {
|
|
|
4866
4885
|
UPN: "UPN",
|
|
4867
4886
|
};
|
|
4868
4887
|
|
|
4869
|
-
/*! @azure/msal-common v16.
|
|
4888
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4870
4889
|
/*
|
|
4871
4890
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4872
4891
|
* Licensed under the MIT License.
|
|
@@ -4884,7 +4903,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
|
|
|
4884
4903
|
}
|
|
4885
4904
|
}
|
|
4886
4905
|
|
|
4887
|
-
/*! @azure/msal-common v16.
|
|
4906
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4888
4907
|
/*
|
|
4889
4908
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4890
4909
|
* Licensed under the MIT License.
|
|
@@ -4905,7 +4924,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
|
|
|
4905
4924
|
};
|
|
4906
4925
|
}
|
|
4907
4926
|
|
|
4908
|
-
/*! @azure/msal-common v16.
|
|
4927
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4909
4928
|
|
|
4910
4929
|
/*
|
|
4911
4930
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4991,7 +5010,7 @@ class ThrottlingUtils {
|
|
|
4991
5010
|
}
|
|
4992
5011
|
}
|
|
4993
5012
|
|
|
4994
|
-
/*! @azure/msal-common v16.
|
|
5013
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4995
5014
|
|
|
4996
5015
|
/*
|
|
4997
5016
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5022,7 +5041,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
|
|
|
5022
5041
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
5023
5042
|
}
|
|
5024
5043
|
|
|
5025
|
-
/*! @azure/msal-common v16.
|
|
5044
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5026
5045
|
|
|
5027
5046
|
/*
|
|
5028
5047
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5136,7 +5155,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
|
|
|
5136
5155
|
return response;
|
|
5137
5156
|
}
|
|
5138
5157
|
|
|
5139
|
-
/*! @azure/msal-common v16.
|
|
5158
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5140
5159
|
/*
|
|
5141
5160
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5142
5161
|
* Licensed under the MIT License.
|
|
@@ -5148,7 +5167,7 @@ function isOpenIdConfigResponse(response) {
|
|
|
5148
5167
|
response.hasOwnProperty("jwks_uri"));
|
|
5149
5168
|
}
|
|
5150
5169
|
|
|
5151
|
-
/*! @azure/msal-common v16.
|
|
5170
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5152
5171
|
/*
|
|
5153
5172
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5154
5173
|
* Licensed under the MIT License.
|
|
@@ -5158,7 +5177,7 @@ function isCloudInstanceDiscoveryResponse(response) {
|
|
|
5158
5177
|
response.hasOwnProperty("metadata"));
|
|
5159
5178
|
}
|
|
5160
5179
|
|
|
5161
|
-
/*! @azure/msal-common v16.
|
|
5180
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5162
5181
|
/*
|
|
5163
5182
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5164
5183
|
* Licensed under the MIT License.
|
|
@@ -5168,7 +5187,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
|
|
|
5168
5187
|
response.hasOwnProperty("error_description"));
|
|
5169
5188
|
}
|
|
5170
5189
|
|
|
5171
|
-
/*! @azure/msal-common v16.
|
|
5190
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5172
5191
|
|
|
5173
5192
|
/*
|
|
5174
5193
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5273,7 +5292,7 @@ RegionDiscovery.IMDS_OPTIONS = {
|
|
|
5273
5292
|
},
|
|
5274
5293
|
};
|
|
5275
5294
|
|
|
5276
|
-
/*! @azure/msal-common v16.
|
|
5295
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5277
5296
|
|
|
5278
5297
|
/*
|
|
5279
5298
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6093,7 +6112,7 @@ function buildStaticAuthorityOptions(authOptions) {
|
|
|
6093
6112
|
};
|
|
6094
6113
|
}
|
|
6095
6114
|
|
|
6096
|
-
/*! @azure/msal-common v16.
|
|
6115
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6097
6116
|
|
|
6098
6117
|
/*
|
|
6099
6118
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6127,7 +6146,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
|
|
|
6127
6146
|
}
|
|
6128
6147
|
}
|
|
6129
6148
|
|
|
6130
|
-
/*! @azure/msal-common v16.
|
|
6149
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6131
6150
|
|
|
6132
6151
|
/*
|
|
6133
6152
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6292,11 +6311,6 @@ class AuthorizationCodeClient {
|
|
|
6292
6311
|
throw createClientConfigurationError(missingSshJwk);
|
|
6293
6312
|
}
|
|
6294
6313
|
}
|
|
6295
|
-
if (!StringUtils.isEmptyObj(request.claims) ||
|
|
6296
|
-
(this.config.authOptions.clientCapabilities &&
|
|
6297
|
-
this.config.authOptions.clientCapabilities.length > 0)) {
|
|
6298
|
-
addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
|
|
6299
|
-
}
|
|
6300
6314
|
let ccsCred = undefined;
|
|
6301
6315
|
if (request.clientInfo) {
|
|
6302
6316
|
try {
|
|
@@ -6345,6 +6359,7 @@ class AuthorizationCodeClient {
|
|
|
6345
6359
|
});
|
|
6346
6360
|
}
|
|
6347
6361
|
instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
|
|
6362
|
+
addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities, request.skipBrokerClaims);
|
|
6348
6363
|
return mapToQueryString(parameters);
|
|
6349
6364
|
}
|
|
6350
6365
|
/**
|
|
@@ -6388,7 +6403,7 @@ class AuthorizationCodeClient {
|
|
|
6388
6403
|
}
|
|
6389
6404
|
}
|
|
6390
6405
|
|
|
6391
|
-
/*! @azure/msal-common v16.
|
|
6406
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6392
6407
|
|
|
6393
6408
|
/*
|
|
6394
6409
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6578,11 +6593,6 @@ class RefreshTokenClient {
|
|
|
6578
6593
|
throw createClientConfigurationError(missingSshJwk);
|
|
6579
6594
|
}
|
|
6580
6595
|
}
|
|
6581
|
-
if (!StringUtils.isEmptyObj(request.claims) ||
|
|
6582
|
-
(this.config.authOptions.clientCapabilities &&
|
|
6583
|
-
this.config.authOptions.clientCapabilities.length > 0)) {
|
|
6584
|
-
addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
|
|
6585
|
-
}
|
|
6586
6596
|
if (this.config.systemOptions.preventCorsPreflight &&
|
|
6587
6597
|
request.ccsCredential) {
|
|
6588
6598
|
switch (request.ccsCredential.type) {
|
|
@@ -6609,11 +6619,12 @@ class RefreshTokenClient {
|
|
|
6609
6619
|
});
|
|
6610
6620
|
}
|
|
6611
6621
|
instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
|
|
6622
|
+
addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities, request.skipBrokerClaims);
|
|
6612
6623
|
return mapToQueryString(parameters);
|
|
6613
6624
|
}
|
|
6614
6625
|
}
|
|
6615
6626
|
|
|
6616
|
-
/*! @azure/msal-common v16.
|
|
6627
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6617
6628
|
|
|
6618
6629
|
/*
|
|
6619
6630
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6729,7 +6740,7 @@ class SilentFlowClient {
|
|
|
6729
6740
|
}
|
|
6730
6741
|
}
|
|
6731
6742
|
|
|
6732
|
-
/*! @azure/msal-common v16.
|
|
6743
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6733
6744
|
|
|
6734
6745
|
/*
|
|
6735
6746
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6744,7 +6755,7 @@ const StubbedNetworkModule = {
|
|
|
6744
6755
|
},
|
|
6745
6756
|
};
|
|
6746
6757
|
|
|
6747
|
-
/*! @azure/msal-common v16.
|
|
6758
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6748
6759
|
|
|
6749
6760
|
/*
|
|
6750
6761
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6868,14 +6879,10 @@ function getStandardAuthorizeRequestParameters(authOptions, request, logger, per
|
|
|
6868
6879
|
if (request.state) {
|
|
6869
6880
|
addState(parameters, request.state);
|
|
6870
6881
|
}
|
|
6871
|
-
if (request.claims ||
|
|
6872
|
-
(authOptions.clientCapabilities &&
|
|
6873
|
-
authOptions.clientCapabilities.length > 0)) {
|
|
6874
|
-
addClaims(parameters, request.claims, authOptions.clientCapabilities);
|
|
6875
|
-
}
|
|
6876
6882
|
if (request.embeddedClientId) {
|
|
6877
6883
|
addBrokerParameters(parameters, authOptions.clientId, authOptions.redirectUri);
|
|
6878
6884
|
}
|
|
6885
|
+
addClaims(parameters, request.claims, authOptions.clientCapabilities, request.skipBrokerClaims);
|
|
6879
6886
|
// If extraQueryParameters includes instance_aware its value will be added when extraQueryParameters are added
|
|
6880
6887
|
if (authOptions.instanceAware &&
|
|
6881
6888
|
(!request.extraQueryParameters ||
|
|
@@ -6971,7 +6978,7 @@ function extractLoginHint(account) {
|
|
|
6971
6978
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
6972
6979
|
}
|
|
6973
6980
|
|
|
6974
|
-
/*! @azure/msal-common v16.
|
|
6981
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6975
6982
|
|
|
6976
6983
|
/*
|
|
6977
6984
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7004,7 +7011,7 @@ function containsResourceParam(params) {
|
|
|
7004
7011
|
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
7005
7012
|
}
|
|
7006
7013
|
|
|
7007
|
-
/*! @azure/msal-common v16.
|
|
7014
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7008
7015
|
|
|
7009
7016
|
/*
|
|
7010
7017
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7062,7 +7069,7 @@ class AuthenticationHeaderParser {
|
|
|
7062
7069
|
}
|
|
7063
7070
|
}
|
|
7064
7071
|
|
|
7065
|
-
/*! @azure/msal-common v16.
|
|
7072
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7066
7073
|
/*
|
|
7067
7074
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7068
7075
|
* Licensed under the MIT License.
|
|
@@ -7079,7 +7086,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
7079
7086
|
unexpectedError: unexpectedError
|
|
7080
7087
|
});
|
|
7081
7088
|
|
|
7082
|
-
/*! @azure/msal-common v16.
|
|
7089
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7083
7090
|
|
|
7084
7091
|
/*
|
|
7085
7092
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7340,7 +7347,7 @@ class ServerTelemetryManager {
|
|
|
7340
7347
|
}
|
|
7341
7348
|
}
|
|
7342
7349
|
|
|
7343
|
-
/*! @azure/msal-common v16.
|
|
7350
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7344
7351
|
|
|
7345
7352
|
/*
|
|
7346
7353
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7361,7 +7368,7 @@ function createJoseHeaderError(code) {
|
|
|
7361
7368
|
return new JoseHeaderError(code);
|
|
7362
7369
|
}
|
|
7363
7370
|
|
|
7364
|
-
/*! @azure/msal-common v16.
|
|
7371
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7365
7372
|
/*
|
|
7366
7373
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7367
7374
|
* Licensed under the MIT License.
|
|
@@ -7369,7 +7376,7 @@ function createJoseHeaderError(code) {
|
|
|
7369
7376
|
const missingKidError = "missing_kid_error";
|
|
7370
7377
|
const missingAlgError = "missing_alg_error";
|
|
7371
7378
|
|
|
7372
|
-
/*! @azure/msal-common v16.
|
|
7379
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7373
7380
|
|
|
7374
7381
|
/*
|
|
7375
7382
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7409,7 +7416,7 @@ class JoseHeader {
|
|
|
7409
7416
|
}
|
|
7410
7417
|
}
|
|
7411
7418
|
|
|
7412
|
-
/*! @azure/msal-common v16.
|
|
7419
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7413
7420
|
|
|
7414
7421
|
/*
|
|
7415
7422
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7939,6 +7946,137 @@ class PerformanceClient {
|
|
|
7939
7946
|
}
|
|
7940
7947
|
}
|
|
7941
7948
|
|
|
7949
|
+
/*
|
|
7950
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7951
|
+
* Licensed under the MIT License.
|
|
7952
|
+
*/
|
|
7953
|
+
/**
|
|
7954
|
+
* acquireTokenFromCache (msal-browser).
|
|
7955
|
+
* Internal API for acquiring token from cache
|
|
7956
|
+
*/
|
|
7957
|
+
const AcquireTokenFromCache = "acquireTokenFromCache";
|
|
7958
|
+
/**
|
|
7959
|
+
* acquireTokenByRefreshToken API (msal-browser and msal-node).
|
|
7960
|
+
* Used to renew an access token using a refresh token against the token endpoint.
|
|
7961
|
+
*/
|
|
7962
|
+
const AcquireTokenByRefreshToken = "acquireTokenByRefreshToken";
|
|
7963
|
+
/**
|
|
7964
|
+
* acquireTokenSilentAsync (msal-browser).
|
|
7965
|
+
* Internal API for acquireTokenSilent.
|
|
7966
|
+
*/
|
|
7967
|
+
const AcquireTokenSilentAsync = "acquireTokenSilentAsync";
|
|
7968
|
+
/**
|
|
7969
|
+
* getPublicKeyThumbprint API in CryptoOpts class (msal-browser).
|
|
7970
|
+
* Used to generate a public/private keypair and generate a public key thumbprint for pop requests.
|
|
7971
|
+
*/
|
|
7972
|
+
const CryptoOptsGetPublicKeyThumbprint = "cryptoOptsGetPublicKeyThumbprint";
|
|
7973
|
+
/**
|
|
7974
|
+
* signJwt API in CryptoOpts class (msal-browser).
|
|
7975
|
+
* Used to signed a pop token.
|
|
7976
|
+
*/
|
|
7977
|
+
const CryptoOptsSignJwt = "cryptoOptsSignJwt";
|
|
7978
|
+
/**
|
|
7979
|
+
* acquireToken API in the SilentCacheClient class (msal-browser).
|
|
7980
|
+
* Used to read access tokens from the cache.
|
|
7981
|
+
*/
|
|
7982
|
+
const SilentCacheClientAcquireToken = "silentCacheClientAcquireToken";
|
|
7983
|
+
/**
|
|
7984
|
+
* acquireToken API in the SilentIframeClient class (msal-browser).
|
|
7985
|
+
* Used to acquire a new set of tokens from the authorize endpoint in a hidden iframe.
|
|
7986
|
+
*/
|
|
7987
|
+
const SilentIframeClientAcquireToken = "silentIframeClientAcquireToken";
|
|
7988
|
+
const AwaitConcurrentIframe = "awaitConcurrentIframe"; // Time spent waiting for a concurrent iframe to complete
|
|
7989
|
+
/**
|
|
7990
|
+
* acquireToken API in SilentRereshClient (msal-browser).
|
|
7991
|
+
* Used to acquire a new set of tokens from the token endpoint using a refresh token.
|
|
7992
|
+
*/
|
|
7993
|
+
const SilentRefreshClientAcquireToken = "silentRefreshClientAcquireToken";
|
|
7994
|
+
/**
|
|
7995
|
+
* getDiscoveredAuthority API in StandardInteractionClient class (msal-browser).
|
|
7996
|
+
* Used to load authority metadata for a request.
|
|
7997
|
+
*/
|
|
7998
|
+
const StandardInteractionClientGetDiscoveredAuthority = "standardInteractionClientGetDiscoveredAuthority";
|
|
7999
|
+
/**
|
|
8000
|
+
* acquireToken API in NativeInteractionClient class (msal-browser).
|
|
8001
|
+
* Used to acquire a token from Native component when native brokering is enabled.
|
|
8002
|
+
*/
|
|
8003
|
+
const NativeInteractionClientAcquireToken = "nativeInteractionClientAcquireToken";
|
|
8004
|
+
const NativeInteractionClientAcquireTokenRedirect = "nativeInteractionClientAcquireToken";
|
|
8005
|
+
/**
|
|
8006
|
+
* acquireTokenByRefreshToken API in RefreshTokenClient (msal-common).
|
|
8007
|
+
*/
|
|
8008
|
+
const RefreshTokenClientAcquireTokenByRefreshToken = "refreshTokenClientAcquireTokenByRefreshToken";
|
|
8009
|
+
/**
|
|
8010
|
+
* acquireTokenBySilentIframe (msal-browser).
|
|
8011
|
+
* Internal API for acquiring token by silent Iframe
|
|
8012
|
+
*/
|
|
8013
|
+
const AcquireTokenBySilentIframe = "acquireTokenBySilentIframe";
|
|
8014
|
+
/**
|
|
8015
|
+
* Internal API for initializing base request in BaseInteractionClient (msal-browser)
|
|
8016
|
+
*/
|
|
8017
|
+
const InitializeBaseRequest = "initializeBaseRequest";
|
|
8018
|
+
/**
|
|
8019
|
+
* Internal API for initializing silent request in SilentCacheClient (msal-browser)
|
|
8020
|
+
*/
|
|
8021
|
+
const InitializeSilentRequest = "initializeSilentRequest";
|
|
8022
|
+
const InitializeCache = "initializeCache";
|
|
8023
|
+
/**
|
|
8024
|
+
* Helper function in SilentIframeClient class (msal-browser).
|
|
8025
|
+
*/
|
|
8026
|
+
const SilentIframeClientTokenHelper = "silentIframeClientTokenHelper";
|
|
8027
|
+
/**
|
|
8028
|
+
* SilentHandler
|
|
8029
|
+
*/
|
|
8030
|
+
const SilentHandlerInitiateAuthRequest = "silentHandlerInitiateAuthRequest";
|
|
8031
|
+
const SilentHandlerMonitorIframeForHash = "silentHandlerMonitorIframeForHash";
|
|
8032
|
+
const SilentHandlerLoadFrameSync = "silentHandlerLoadFrameSync";
|
|
8033
|
+
/**
|
|
8034
|
+
* Helper functions in StandardInteractionClient class (msal-browser)
|
|
8035
|
+
*/
|
|
8036
|
+
const StandardInteractionClientCreateAuthCodeClient = "standardInteractionClientCreateAuthCodeClient";
|
|
8037
|
+
const StandardInteractionClientGetClientConfiguration = "standardInteractionClientGetClientConfiguration";
|
|
8038
|
+
const StandardInteractionClientInitializeAuthorizationRequest = "standardInteractionClientInitializeAuthorizationRequest";
|
|
8039
|
+
const SilentFlowClientAcquireCachedToken = "silentFlowClientAcquireCachedToken";
|
|
8040
|
+
const GetStandardParams = "getStandardParams";
|
|
8041
|
+
const HandleCodeResponse = "handleCodeResponse";
|
|
8042
|
+
const HandleResponseEar = "handleResponseEar";
|
|
8043
|
+
const HandleResponsePlatformBroker = "handleResponsePlatformBroker";
|
|
8044
|
+
const HandleResponseCode = "handleResponseCode";
|
|
8045
|
+
const AuthClientAcquireToken = "authClientAcquireToken";
|
|
8046
|
+
const DeserializeResponse = "deserializeResponse";
|
|
8047
|
+
const AuthorityFactoryCreateDiscoveredInstance = "authorityFactoryCreateDiscoveredInstance";
|
|
8048
|
+
const AcquireTokenByCodeAsync = "acquireTokenByCodeAsync";
|
|
8049
|
+
const HandleRedirectPromiseMeasurement = "handleRedirectPromise";
|
|
8050
|
+
const HandleNativeRedirectPromiseMeasurement = "handleNativeRedirectPromise";
|
|
8051
|
+
const NativeMessageHandlerHandshake = "nativeMessageHandlerHandshake";
|
|
8052
|
+
const RemoveHiddenIframe = "removeHiddenIframe";
|
|
8053
|
+
const ImportExistingCache = "importExistingCache";
|
|
8054
|
+
/**
|
|
8055
|
+
* Crypto Operations
|
|
8056
|
+
*/
|
|
8057
|
+
const GeneratePkceCodes = "generatePkceCodes";
|
|
8058
|
+
const GenerateCodeVerifier = "generateCodeVerifier";
|
|
8059
|
+
const GenerateCodeChallengeFromVerifier = "generateCodeChallengeFromVerifier";
|
|
8060
|
+
const Sha256Digest = "sha256Digest";
|
|
8061
|
+
const GetRandomValues = "getRandomValues";
|
|
8062
|
+
const GenerateHKDF = "generateHKDF";
|
|
8063
|
+
const GenerateBaseKey = "generateBaseKey";
|
|
8064
|
+
const Base64Decode = "base64Decode";
|
|
8065
|
+
const UrlEncodeArr = "urlEncodeArr";
|
|
8066
|
+
const Encrypt = "encrypt";
|
|
8067
|
+
const Decrypt = "decrypt";
|
|
8068
|
+
const GenerateEarKey = "generateEarKey";
|
|
8069
|
+
const DecryptEarResponse = "decryptEarResponse";
|
|
8070
|
+
const LoadAccount = "loadAccount";
|
|
8071
|
+
const LoadIdToken = "loadIdToken";
|
|
8072
|
+
const LoadAccessToken = "loadAccessToken";
|
|
8073
|
+
const LoadRefreshToken = "loadRefreshToken";
|
|
8074
|
+
/**
|
|
8075
|
+
* Background telemetry measurement that tracks whether a late bridge response
|
|
8076
|
+
* arrives after the iframe timeout has already fired.
|
|
8077
|
+
*/
|
|
8078
|
+
const WaitForBridgeLateResponse$1 = "waitForBridgeLateResponse";
|
|
8079
|
+
|
|
7942
8080
|
/*
|
|
7943
8081
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7944
8082
|
* Licensed under the MIT License.
|
|
@@ -8845,20 +8983,35 @@ function cancelPendingBridgeResponse(logger, correlationId) {
|
|
|
8845
8983
|
activeBridgeMonitor = null;
|
|
8846
8984
|
}
|
|
8847
8985
|
}
|
|
8848
|
-
async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient) {
|
|
8986
|
+
async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient, experimentalConfig) {
|
|
8849
8987
|
return new Promise((resolve, reject) => {
|
|
8850
8988
|
logger.verbose("1rf6em", request.correlationId);
|
|
8851
8989
|
const correlationId = request.correlationId;
|
|
8852
8990
|
performanceClient.addFields({
|
|
8853
8991
|
redirectBridgeTimeoutMs: timeoutMs,
|
|
8992
|
+
lateResponseExperimentEnabled: experimentalConfig?.iframeTimeoutTelemetry || false,
|
|
8854
8993
|
}, correlationId);
|
|
8855
8994
|
const { libraryState } = parseRequestState(browserCrypto.base64Decode, request.state || "");
|
|
8856
8995
|
const channel = new BroadcastChannel(libraryState.id);
|
|
8857
8996
|
let responseString = undefined;
|
|
8997
|
+
let timedOut$1 = false;
|
|
8998
|
+
let lateTimeoutId;
|
|
8999
|
+
let lateMeasurement;
|
|
8858
9000
|
const timeoutId = window.setTimeout(() => {
|
|
8859
9001
|
// Clear the active monitor
|
|
8860
9002
|
activeBridgeMonitor = null;
|
|
8861
|
-
|
|
9003
|
+
if (experimentalConfig?.iframeTimeoutTelemetry) {
|
|
9004
|
+
lateMeasurement = performanceClient.startMeasurement(WaitForBridgeLateResponse$1, correlationId);
|
|
9005
|
+
timedOut$1 = true;
|
|
9006
|
+
lateTimeoutId = window.setTimeout(() => {
|
|
9007
|
+
lateMeasurement?.end({ success: false });
|
|
9008
|
+
clearTimeout(lateTimeoutId);
|
|
9009
|
+
channel.close();
|
|
9010
|
+
}, 60000); // 60s late response timeout to allow for telemetry of late responses
|
|
9011
|
+
}
|
|
9012
|
+
else {
|
|
9013
|
+
channel.close();
|
|
9014
|
+
}
|
|
8862
9015
|
reject(createBrowserAuthError(timedOut, "redirect_bridge_timeout"));
|
|
8863
9016
|
}, timeoutMs);
|
|
8864
9017
|
// Track this monitor so it can be cancelled if needed
|
|
@@ -8872,6 +9025,14 @@ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request,
|
|
|
8872
9025
|
const messageVersion = event?.data && typeof event.data.v === "number"
|
|
8873
9026
|
? event.data.v
|
|
8874
9027
|
: undefined;
|
|
9028
|
+
if (timedOut$1) {
|
|
9029
|
+
lateMeasurement?.end({
|
|
9030
|
+
success: responseString ? true : false,
|
|
9031
|
+
});
|
|
9032
|
+
clearTimeout(lateTimeoutId);
|
|
9033
|
+
channel.close();
|
|
9034
|
+
return;
|
|
9035
|
+
}
|
|
8875
9036
|
performanceClient.addFields({
|
|
8876
9037
|
redirectBridgeMessageVersion: messageVersion,
|
|
8877
9038
|
}, correlationId);
|
|
@@ -9034,131 +9195,6 @@ var BrowserUtils = /*#__PURE__*/Object.freeze({
|
|
|
9034
9195
|
waitForBridgeResponse: waitForBridgeResponse
|
|
9035
9196
|
});
|
|
9036
9197
|
|
|
9037
|
-
/*
|
|
9038
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
9039
|
-
* Licensed under the MIT License.
|
|
9040
|
-
*/
|
|
9041
|
-
/**
|
|
9042
|
-
* acquireTokenFromCache (msal-browser).
|
|
9043
|
-
* Internal API for acquiring token from cache
|
|
9044
|
-
*/
|
|
9045
|
-
const AcquireTokenFromCache = "acquireTokenFromCache";
|
|
9046
|
-
/**
|
|
9047
|
-
* acquireTokenByRefreshToken API (msal-browser and msal-node).
|
|
9048
|
-
* Used to renew an access token using a refresh token against the token endpoint.
|
|
9049
|
-
*/
|
|
9050
|
-
const AcquireTokenByRefreshToken = "acquireTokenByRefreshToken";
|
|
9051
|
-
/**
|
|
9052
|
-
* acquireTokenSilentAsync (msal-browser).
|
|
9053
|
-
* Internal API for acquireTokenSilent.
|
|
9054
|
-
*/
|
|
9055
|
-
const AcquireTokenSilentAsync = "acquireTokenSilentAsync";
|
|
9056
|
-
/**
|
|
9057
|
-
* getPublicKeyThumbprint API in CryptoOpts class (msal-browser).
|
|
9058
|
-
* Used to generate a public/private keypair and generate a public key thumbprint for pop requests.
|
|
9059
|
-
*/
|
|
9060
|
-
const CryptoOptsGetPublicKeyThumbprint = "cryptoOptsGetPublicKeyThumbprint";
|
|
9061
|
-
/**
|
|
9062
|
-
* signJwt API in CryptoOpts class (msal-browser).
|
|
9063
|
-
* Used to signed a pop token.
|
|
9064
|
-
*/
|
|
9065
|
-
const CryptoOptsSignJwt = "cryptoOptsSignJwt";
|
|
9066
|
-
/**
|
|
9067
|
-
* acquireToken API in the SilentCacheClient class (msal-browser).
|
|
9068
|
-
* Used to read access tokens from the cache.
|
|
9069
|
-
*/
|
|
9070
|
-
const SilentCacheClientAcquireToken = "silentCacheClientAcquireToken";
|
|
9071
|
-
/**
|
|
9072
|
-
* acquireToken API in the SilentIframeClient class (msal-browser).
|
|
9073
|
-
* Used to acquire a new set of tokens from the authorize endpoint in a hidden iframe.
|
|
9074
|
-
*/
|
|
9075
|
-
const SilentIframeClientAcquireToken = "silentIframeClientAcquireToken";
|
|
9076
|
-
const AwaitConcurrentIframe = "awaitConcurrentIframe"; // Time spent waiting for a concurrent iframe to complete
|
|
9077
|
-
/**
|
|
9078
|
-
* acquireToken API in SilentRereshClient (msal-browser).
|
|
9079
|
-
* Used to acquire a new set of tokens from the token endpoint using a refresh token.
|
|
9080
|
-
*/
|
|
9081
|
-
const SilentRefreshClientAcquireToken = "silentRefreshClientAcquireToken";
|
|
9082
|
-
/**
|
|
9083
|
-
* getDiscoveredAuthority API in StandardInteractionClient class (msal-browser).
|
|
9084
|
-
* Used to load authority metadata for a request.
|
|
9085
|
-
*/
|
|
9086
|
-
const StandardInteractionClientGetDiscoveredAuthority = "standardInteractionClientGetDiscoveredAuthority";
|
|
9087
|
-
/**
|
|
9088
|
-
* acquireToken API in NativeInteractionClient class (msal-browser).
|
|
9089
|
-
* Used to acquire a token from Native component when native brokering is enabled.
|
|
9090
|
-
*/
|
|
9091
|
-
const NativeInteractionClientAcquireToken = "nativeInteractionClientAcquireToken";
|
|
9092
|
-
/**
|
|
9093
|
-
* acquireTokenByRefreshToken API in RefreshTokenClient (msal-common).
|
|
9094
|
-
*/
|
|
9095
|
-
const RefreshTokenClientAcquireTokenByRefreshToken = "refreshTokenClientAcquireTokenByRefreshToken";
|
|
9096
|
-
/**
|
|
9097
|
-
* acquireTokenBySilentIframe (msal-browser).
|
|
9098
|
-
* Internal API for acquiring token by silent Iframe
|
|
9099
|
-
*/
|
|
9100
|
-
const AcquireTokenBySilentIframe = "acquireTokenBySilentIframe";
|
|
9101
|
-
/**
|
|
9102
|
-
* Internal API for initializing base request in BaseInteractionClient (msal-browser)
|
|
9103
|
-
*/
|
|
9104
|
-
const InitializeBaseRequest = "initializeBaseRequest";
|
|
9105
|
-
/**
|
|
9106
|
-
* Internal API for initializing silent request in SilentCacheClient (msal-browser)
|
|
9107
|
-
*/
|
|
9108
|
-
const InitializeSilentRequest = "initializeSilentRequest";
|
|
9109
|
-
const InitializeCache = "initializeCache";
|
|
9110
|
-
/**
|
|
9111
|
-
* Helper function in SilentIframeClient class (msal-browser).
|
|
9112
|
-
*/
|
|
9113
|
-
const SilentIframeClientTokenHelper = "silentIframeClientTokenHelper";
|
|
9114
|
-
/**
|
|
9115
|
-
* SilentHandler
|
|
9116
|
-
*/
|
|
9117
|
-
const SilentHandlerInitiateAuthRequest = "silentHandlerInitiateAuthRequest";
|
|
9118
|
-
const SilentHandlerMonitorIframeForHash = "silentHandlerMonitorIframeForHash";
|
|
9119
|
-
const SilentHandlerLoadFrameSync = "silentHandlerLoadFrameSync";
|
|
9120
|
-
/**
|
|
9121
|
-
* Helper functions in StandardInteractionClient class (msal-browser)
|
|
9122
|
-
*/
|
|
9123
|
-
const StandardInteractionClientCreateAuthCodeClient = "standardInteractionClientCreateAuthCodeClient";
|
|
9124
|
-
const StandardInteractionClientGetClientConfiguration = "standardInteractionClientGetClientConfiguration";
|
|
9125
|
-
const StandardInteractionClientInitializeAuthorizationRequest = "standardInteractionClientInitializeAuthorizationRequest";
|
|
9126
|
-
const SilentFlowClientAcquireCachedToken = "silentFlowClientAcquireCachedToken";
|
|
9127
|
-
const GetStandardParams = "getStandardParams";
|
|
9128
|
-
const HandleCodeResponse = "handleCodeResponse";
|
|
9129
|
-
const HandleResponseEar = "handleResponseEar";
|
|
9130
|
-
const HandleResponsePlatformBroker = "handleResponsePlatformBroker";
|
|
9131
|
-
const HandleResponseCode = "handleResponseCode";
|
|
9132
|
-
const AuthClientAcquireToken = "authClientAcquireToken";
|
|
9133
|
-
const DeserializeResponse = "deserializeResponse";
|
|
9134
|
-
const AuthorityFactoryCreateDiscoveredInstance = "authorityFactoryCreateDiscoveredInstance";
|
|
9135
|
-
const AcquireTokenByCodeAsync = "acquireTokenByCodeAsync";
|
|
9136
|
-
const HandleRedirectPromiseMeasurement = "handleRedirectPromise";
|
|
9137
|
-
const HandleNativeRedirectPromiseMeasurement = "handleNativeRedirectPromise";
|
|
9138
|
-
const NativeMessageHandlerHandshake = "nativeMessageHandlerHandshake";
|
|
9139
|
-
const RemoveHiddenIframe = "removeHiddenIframe";
|
|
9140
|
-
const ImportExistingCache = "importExistingCache";
|
|
9141
|
-
/**
|
|
9142
|
-
* Crypto Operations
|
|
9143
|
-
*/
|
|
9144
|
-
const GeneratePkceCodes = "generatePkceCodes";
|
|
9145
|
-
const GenerateCodeVerifier = "generateCodeVerifier";
|
|
9146
|
-
const GenerateCodeChallengeFromVerifier = "generateCodeChallengeFromVerifier";
|
|
9147
|
-
const Sha256Digest = "sha256Digest";
|
|
9148
|
-
const GetRandomValues = "getRandomValues";
|
|
9149
|
-
const GenerateHKDF = "generateHKDF";
|
|
9150
|
-
const GenerateBaseKey = "generateBaseKey";
|
|
9151
|
-
const Base64Decode = "base64Decode";
|
|
9152
|
-
const UrlEncodeArr = "urlEncodeArr";
|
|
9153
|
-
const Encrypt = "encrypt";
|
|
9154
|
-
const Decrypt = "decrypt";
|
|
9155
|
-
const GenerateEarKey = "generateEarKey";
|
|
9156
|
-
const DecryptEarResponse = "decryptEarResponse";
|
|
9157
|
-
const LoadAccount = "loadAccount";
|
|
9158
|
-
const LoadIdToken = "loadIdToken";
|
|
9159
|
-
const LoadAccessToken = "loadAccessToken";
|
|
9160
|
-
const LoadRefreshToken = "loadRefreshToken";
|
|
9161
|
-
|
|
9162
9198
|
/*
|
|
9163
9199
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
9164
9200
|
* Licensed under the MIT License.
|
|
@@ -9766,7 +9802,14 @@ const InitializeClientApplication = "initializeClientApplication";
|
|
|
9766
9802
|
// Update cache storage
|
|
9767
9803
|
const LocalStorageUpdated = "localStorageUpdated";
|
|
9768
9804
|
// Load external tokens
|
|
9769
|
-
const LoadExternalTokens = "loadExternalTokens";
|
|
9805
|
+
const LoadExternalTokens = "loadExternalTokens";
|
|
9806
|
+
/**
|
|
9807
|
+
* SSO capability verification call (msal-browser).
|
|
9808
|
+
* Fire-and-forget SSO verification call made after interactive authentication completes.
|
|
9809
|
+
*/
|
|
9810
|
+
const SsoCapable = "ssoCapable";
|
|
9811
|
+
// Wait for late response from bridge after timeout has already occurred
|
|
9812
|
+
const WaitForBridgeLateResponse = "waitForBridgeLateResponse";
|
|
9770
9813
|
|
|
9771
9814
|
var BrowserRootPerformanceEvents = /*#__PURE__*/Object.freeze({
|
|
9772
9815
|
__proto__: null,
|
|
@@ -9778,7 +9821,9 @@ var BrowserRootPerformanceEvents = /*#__PURE__*/Object.freeze({
|
|
|
9778
9821
|
InitializeClientApplication: InitializeClientApplication,
|
|
9779
9822
|
LoadExternalTokens: LoadExternalTokens,
|
|
9780
9823
|
LocalStorageUpdated: LocalStorageUpdated,
|
|
9781
|
-
|
|
9824
|
+
SsoCapable: SsoCapable,
|
|
9825
|
+
SsoSilent: SsoSilent,
|
|
9826
|
+
WaitForBridgeLateResponse: WaitForBridgeLateResponse
|
|
9782
9827
|
});
|
|
9783
9828
|
|
|
9784
9829
|
/*
|
|
@@ -9797,6 +9842,7 @@ const PLATFORM_AUTH_DOM_SUPPORT = `${PREFIX}.${BROWSER_PREFIX}.platform.auth.dom
|
|
|
9797
9842
|
const VERSION_CACHE_KEY = `${PREFIX}.version`;
|
|
9798
9843
|
const ACCOUNT_KEYS = "account.keys";
|
|
9799
9844
|
const TOKEN_KEYS = "token.keys";
|
|
9845
|
+
const SSO_CAPABLE = `${PREFIX}.${BROWSER_PREFIX}.sso.capable`;
|
|
9800
9846
|
function getAccountKeysCacheKey(schema = ACCOUNT_SCHEMA_VERSION) {
|
|
9801
9847
|
if (schema < 1) {
|
|
9802
9848
|
return `${PREFIX}.${ACCOUNT_KEYS}`;
|
|
@@ -10295,7 +10341,7 @@ const EventType = {
|
|
|
10295
10341
|
|
|
10296
10342
|
/* eslint-disable header/header */
|
|
10297
10343
|
const name = "@azure/msal-browser";
|
|
10298
|
-
const version = "5.
|
|
10344
|
+
const version = "5.7.0";
|
|
10299
10345
|
|
|
10300
10346
|
/*
|
|
10301
10347
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -12398,7 +12444,6 @@ const unsupportedMethod = "unsupported_method";
|
|
|
12398
12444
|
const USER_INTERACTION_REQUIRED = "USER_INTERACTION_REQUIRED";
|
|
12399
12445
|
const USER_CANCEL = "USER_CANCEL";
|
|
12400
12446
|
const NO_NETWORK = "NO_NETWORK";
|
|
12401
|
-
const PERSISTENT_ERROR = "PERSISTENT_ERROR";
|
|
12402
12447
|
const DISABLED = "DISABLED";
|
|
12403
12448
|
const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
|
|
12404
12449
|
const UX_NOT_ALLOWED = "UX_NOT_ALLOWED";
|
|
@@ -12422,8 +12467,7 @@ class NativeAuthError extends AuthError {
|
|
|
12422
12467
|
function isFatalNativeAuthError(error) {
|
|
12423
12468
|
if (error.ext &&
|
|
12424
12469
|
error.ext.status &&
|
|
12425
|
-
|
|
12426
|
-
error.ext.status === DISABLED)) {
|
|
12470
|
+
error.ext.status === DISABLED) {
|
|
12427
12471
|
return true;
|
|
12428
12472
|
}
|
|
12429
12473
|
if (error.ext &&
|
|
@@ -12549,12 +12593,12 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
12549
12593
|
async acquireToken(request, cacheLookupPolicy) {
|
|
12550
12594
|
this.logger.trace("03qeos", this.correlationId);
|
|
12551
12595
|
// start the perf measurement
|
|
12552
|
-
const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken,
|
|
12596
|
+
const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken, this.correlationId);
|
|
12553
12597
|
const reqTimestamp = nowSeconds();
|
|
12554
12598
|
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
12555
12599
|
try {
|
|
12556
12600
|
// initialize native request
|
|
12557
|
-
const nativeRequest = await this.
|
|
12601
|
+
const nativeRequest = await this.initializePlatformRequest(request);
|
|
12558
12602
|
// check if the tokens can be retrieved from internal cache
|
|
12559
12603
|
try {
|
|
12560
12604
|
const result = await this.acquireTokensFromCache(this.accountId, nativeRequest);
|
|
@@ -12568,6 +12612,10 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
12568
12612
|
catch (e) {
|
|
12569
12613
|
if (cacheLookupPolicy === CacheLookupPolicy.AccessToken) {
|
|
12570
12614
|
this.logger.info("0eitbc", this.correlationId);
|
|
12615
|
+
nativeATMeasurement.end({
|
|
12616
|
+
success: false,
|
|
12617
|
+
brokerErrorCode: "cache_request_failed",
|
|
12618
|
+
});
|
|
12571
12619
|
throw e;
|
|
12572
12620
|
}
|
|
12573
12621
|
// continue with a native call for any and all errors
|
|
@@ -12589,7 +12637,6 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
12589
12637
|
success: false,
|
|
12590
12638
|
errorCode: error.errorCode,
|
|
12591
12639
|
subErrorCode: error.subError,
|
|
12592
|
-
isNativeBroker: true,
|
|
12593
12640
|
});
|
|
12594
12641
|
throw error;
|
|
12595
12642
|
});
|
|
@@ -12598,6 +12645,9 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
12598
12645
|
if (e instanceof NativeAuthError) {
|
|
12599
12646
|
serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode);
|
|
12600
12647
|
}
|
|
12648
|
+
nativeATMeasurement.end({
|
|
12649
|
+
success: false,
|
|
12650
|
+
});
|
|
12601
12651
|
throw e;
|
|
12602
12652
|
}
|
|
12603
12653
|
}
|
|
@@ -12630,7 +12680,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
12630
12680
|
// fetch the account from browser cache
|
|
12631
12681
|
const account = this.browserStorage.getBaseAccountInfo({
|
|
12632
12682
|
nativeAccountId,
|
|
12633
|
-
},
|
|
12683
|
+
}, this.correlationId);
|
|
12634
12684
|
if (!account) {
|
|
12635
12685
|
throw createClientAuthError(noAccountFound);
|
|
12636
12686
|
}
|
|
@@ -12660,7 +12710,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
12660
12710
|
*/
|
|
12661
12711
|
async acquireTokenRedirect(request, rootMeasurement, options) {
|
|
12662
12712
|
this.logger.trace("0luikq", this.correlationId);
|
|
12663
|
-
const nativeRequest = await this.
|
|
12713
|
+
const nativeRequest = await this.initializePlatformRequest(request);
|
|
12664
12714
|
const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
|
|
12665
12715
|
try {
|
|
12666
12716
|
await this.platformAuthProvider.sendMessage(nativeRequest);
|
|
@@ -12692,7 +12742,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
12692
12742
|
* @param performanceClient {IPerformanceClient?}
|
|
12693
12743
|
* @param correlationId {string?} correlation identifier
|
|
12694
12744
|
*/
|
|
12695
|
-
async handleRedirectPromise(
|
|
12745
|
+
async handleRedirectPromise() {
|
|
12696
12746
|
this.logger.trace("1c5lhw", this.correlationId);
|
|
12697
12747
|
if (!this.browserStorage.isInteractionInProgress(true)) {
|
|
12698
12748
|
this.logger.info("0le6uv", this.correlationId);
|
|
@@ -12702,9 +12752,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
12702
12752
|
const cachedRequest = this.browserStorage.getCachedNativeRequest();
|
|
12703
12753
|
if (!cachedRequest) {
|
|
12704
12754
|
this.logger.verbose("0a6zjb", this.correlationId);
|
|
12705
|
-
|
|
12706
|
-
performanceClient?.addFields({ errorCode: "no_cached_request" }, correlationId);
|
|
12707
|
-
}
|
|
12755
|
+
this.performanceClient?.addFields({ errorCode: "no_cached_request" }, this.correlationId);
|
|
12708
12756
|
return null;
|
|
12709
12757
|
}
|
|
12710
12758
|
const { prompt, ...request } = cachedRequest;
|
|
@@ -12719,6 +12767,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
12719
12767
|
const authResult = await this.handleNativeResponse(response, request, reqTimestamp);
|
|
12720
12768
|
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
12721
12769
|
serverTelemetryManager.clearNativeBrokerErrorCode();
|
|
12770
|
+
this.performanceClient?.addFields({ isNativeBroker: true }, this.correlationId);
|
|
12722
12771
|
return authResult;
|
|
12723
12772
|
}
|
|
12724
12773
|
catch (e) {
|
|
@@ -12759,9 +12808,9 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
12759
12808
|
}
|
|
12760
12809
|
// Get the preferred_cache domain for the given authority
|
|
12761
12810
|
const authority = await getDiscoveredAuthority(this.config, this.correlationId, this.performanceClient, this.browserStorage, this.logger, request.authority);
|
|
12762
|
-
const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info,
|
|
12811
|
+
const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info, authority.getPreferredCache(), // environment
|
|
12763
12812
|
idTokenClaims.tid, undefined, // auth code payload
|
|
12764
|
-
response.account.id);
|
|
12813
|
+
response.account.id, this.logger, this.performanceClient);
|
|
12765
12814
|
// Ensure expires_in is in number format
|
|
12766
12815
|
response.expires_in = Number(response.expires_in);
|
|
12767
12816
|
// generate authenticationResult
|
|
@@ -12987,15 +13036,23 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
12987
13036
|
* Translates developer provided request object into NativeRequest object
|
|
12988
13037
|
* @param request
|
|
12989
13038
|
*/
|
|
12990
|
-
async
|
|
12991
|
-
this.logger.trace("
|
|
13039
|
+
async initializePlatformRequest(request) {
|
|
13040
|
+
this.logger.trace("1xdm2a", this.correlationId);
|
|
12992
13041
|
const canonicalAuthority = await this.getCanonicalAuthority(request);
|
|
13042
|
+
// ignore config claims if skipBrokerClaims is set to true and this is a brokered authentication flow
|
|
13043
|
+
const configClaims = request.skipBrokerClaims && !!request.embeddedClientId
|
|
13044
|
+
? undefined
|
|
13045
|
+
: this.config.auth.clientCapabilities;
|
|
12993
13046
|
// scopes are expected to be received by the native broker as "scope" and will be added to the request below. Other properties that should be dropped from the request to the native broker can be included in the object destructuring here.
|
|
12994
|
-
const { scopes, ...remainingProperties } = request;
|
|
13047
|
+
const { scopes, claims, ...remainingProperties } = request;
|
|
12995
13048
|
const scopeSet = new ScopeSet(scopes || []);
|
|
12996
13049
|
scopeSet.appendScopes(OIDC_DEFAULT_SCOPES$1);
|
|
13050
|
+
const mergedClaims = configClaims && configClaims.length
|
|
13051
|
+
? addClientCapabilitiesToClaims$1(claims, configClaims)
|
|
13052
|
+
: claims;
|
|
12997
13053
|
const validatedRequest = {
|
|
12998
13054
|
...remainingProperties,
|
|
13055
|
+
claims: mergedClaims,
|
|
12999
13056
|
accountId: this.accountId,
|
|
13000
13057
|
clientId: this.config.auth.clientId,
|
|
13001
13058
|
authority: canonicalAuthority.urlString,
|
|
@@ -13065,12 +13122,12 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
13065
13122
|
switch (this.apiId) {
|
|
13066
13123
|
case ApiId.ssoSilent:
|
|
13067
13124
|
case ApiId.acquireTokenSilent_silentFlow:
|
|
13068
|
-
this.logger.trace("
|
|
13125
|
+
this.logger.trace("12n1y2", this.correlationId);
|
|
13069
13126
|
return PromptValue$1.NONE;
|
|
13070
13127
|
}
|
|
13071
13128
|
// Prompt not provided, request may proceed and native broker decides if it needs to prompt
|
|
13072
13129
|
if (!prompt) {
|
|
13073
|
-
this.logger.trace("
|
|
13130
|
+
this.logger.trace("0uid1p", this.correlationId);
|
|
13074
13131
|
return undefined;
|
|
13075
13132
|
}
|
|
13076
13133
|
// If request is interactive, check if prompt provided is allowed to go directly to native broker
|
|
@@ -13078,10 +13135,10 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
13078
13135
|
case PromptValue$1.NONE:
|
|
13079
13136
|
case PromptValue$1.CONSENT:
|
|
13080
13137
|
case PromptValue$1.LOGIN:
|
|
13081
|
-
this.logger.trace("
|
|
13138
|
+
this.logger.trace("0i0hco", this.correlationId);
|
|
13082
13139
|
return prompt;
|
|
13083
13140
|
default:
|
|
13084
|
-
this.logger.trace("
|
|
13141
|
+
this.logger.trace("0w3tpw", this.correlationId);
|
|
13085
13142
|
throw createBrowserAuthError(nativePromptNotSupported);
|
|
13086
13143
|
}
|
|
13087
13144
|
}
|
|
@@ -13117,7 +13174,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
13117
13174
|
this.performanceClient?.addFields({
|
|
13118
13175
|
embeddedClientId: child_client_id,
|
|
13119
13176
|
embeddedRedirectUri: child_redirect_uri,
|
|
13120
|
-
},
|
|
13177
|
+
}, this.correlationId);
|
|
13121
13178
|
}
|
|
13122
13179
|
}
|
|
13123
13180
|
|
|
@@ -13204,6 +13261,10 @@ async function getStandardParameters(config, authority, request, logger, perform
|
|
|
13204
13261
|
if (request.platformBroker) {
|
|
13205
13262
|
// signal ests that this is a WAM call
|
|
13206
13263
|
addNativeBroker(parameters);
|
|
13264
|
+
// instrument JS-platform bridge specific fields
|
|
13265
|
+
performanceClient.addFields({
|
|
13266
|
+
isPlatformAuthorizeRequest: true,
|
|
13267
|
+
}, request.correlationId);
|
|
13207
13268
|
// pass the req_cnf for POP
|
|
13208
13269
|
if (request.authenticationScheme === AuthenticationScheme$1.POP) {
|
|
13209
13270
|
const cryptoOps = new CryptoOps(logger, performanceClient);
|
|
@@ -13646,7 +13707,7 @@ const DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS = 2000;
|
|
|
13646
13707
|
*
|
|
13647
13708
|
* @returns Configuration object
|
|
13648
13709
|
*/
|
|
13649
|
-
function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system: userInputSystem, telemetry: userInputTelemetry, }, isBrowserEnvironment) {
|
|
13710
|
+
function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system: userInputSystem, experimental: userInputExperimental, telemetry: userInputTelemetry, }, isBrowserEnvironment) {
|
|
13650
13711
|
// Default auth options for browser
|
|
13651
13712
|
const DEFAULT_AUTH_OPTIONS = {
|
|
13652
13713
|
clientId: "",
|
|
@@ -13673,6 +13734,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
|
|
|
13673
13734
|
},
|
|
13674
13735
|
instanceAware: false,
|
|
13675
13736
|
isMcp: false,
|
|
13737
|
+
verifySSO: false,
|
|
13676
13738
|
};
|
|
13677
13739
|
// Default cache options for browser
|
|
13678
13740
|
const DEFAULT_CACHE_OPTIONS = {
|
|
@@ -13718,6 +13780,9 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
|
|
|
13718
13780
|
},
|
|
13719
13781
|
client: new StubPerformanceClient(),
|
|
13720
13782
|
};
|
|
13783
|
+
const DEFAULT_EXPERIMENTAL_OPTIONS = {
|
|
13784
|
+
iframeTimeoutTelemetry: false,
|
|
13785
|
+
};
|
|
13721
13786
|
// Throw an error if user has set OIDCOptions without being in OIDC protocol mode
|
|
13722
13787
|
if (userInputSystem?.protocolMode !== ProtocolMode.OIDC &&
|
|
13723
13788
|
userInputAuth?.OIDCOptions) {
|
|
@@ -13741,6 +13806,10 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
|
|
|
13741
13806
|
},
|
|
13742
13807
|
cache: { ...DEFAULT_CACHE_OPTIONS, ...userInputCache },
|
|
13743
13808
|
system: providedSystemOptions,
|
|
13809
|
+
experimental: {
|
|
13810
|
+
...DEFAULT_EXPERIMENTAL_OPTIONS,
|
|
13811
|
+
...userInputExperimental,
|
|
13812
|
+
},
|
|
13744
13813
|
telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...userInputTelemetry },
|
|
13745
13814
|
};
|
|
13746
13815
|
return overlayedConfig;
|
|
@@ -14218,7 +14287,7 @@ function isDomEnabledForPlatformAuth() {
|
|
|
14218
14287
|
}
|
|
14219
14288
|
}
|
|
14220
14289
|
/**
|
|
14221
|
-
* Returns boolean indicating whether or not the request should attempt to use
|
|
14290
|
+
* Returns boolean indicating whether or not the request should attempt to use platform broker
|
|
14222
14291
|
* @param logger
|
|
14223
14292
|
* @param config
|
|
14224
14293
|
* @param correlationId
|
|
@@ -14500,6 +14569,10 @@ class PopupClient extends StandardInteractionClient {
|
|
|
14500
14569
|
return;
|
|
14501
14570
|
}
|
|
14502
14571
|
}
|
|
14572
|
+
// Redirect bridge requires "state" param to work properly
|
|
14573
|
+
validRequest.state = setRequestState(this.browserCrypto, validRequest.state || "", {
|
|
14574
|
+
interactionType: exports.InteractionType.Popup,
|
|
14575
|
+
});
|
|
14503
14576
|
// Create logout string and navigate user window to logout.
|
|
14504
14577
|
const logoutUri = authClient.getLogoutUri(validRequest);
|
|
14505
14578
|
this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, validRequest.correlationId, exports.InteractionType.Popup, validRequest);
|
|
@@ -15040,6 +15113,10 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
15040
15113
|
}
|
|
15041
15114
|
}
|
|
15042
15115
|
}
|
|
15116
|
+
// Redirect bridge requires "state" param to work properly
|
|
15117
|
+
validLogoutRequest.state = setRequestState(this.browserCrypto, validLogoutRequest.state || "", {
|
|
15118
|
+
interactionType: exports.InteractionType.Redirect,
|
|
15119
|
+
});
|
|
15043
15120
|
// Create logout string and navigate user window to logout.
|
|
15044
15121
|
const logoutUri = authClient.getLogoutUri(validLogoutRequest);
|
|
15045
15122
|
if (validLogoutRequest.account?.homeAccountId) {
|
|
@@ -15266,7 +15343,7 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
15266
15343
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
15267
15344
|
let responseString;
|
|
15268
15345
|
try {
|
|
15269
|
-
responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
|
|
15346
|
+
responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
|
|
15270
15347
|
}
|
|
15271
15348
|
finally {
|
|
15272
15349
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
@@ -15288,6 +15365,38 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
15288
15365
|
return invokeAsync(handleResponseEAR, HandleResponseEar, this.logger, this.performanceClient, correlationId)(silentRequest, serverParams, this.apiId, this.config, discoveredAuthority, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
15289
15366
|
}
|
|
15290
15367
|
}
|
|
15368
|
+
/**
|
|
15369
|
+
* Verifies SSO capability by making an iframe request to /authorize without exchanging the code for tokens.
|
|
15370
|
+
* This is useful for verifying SSO capability in the background without the overhead of a full token exchange.
|
|
15371
|
+
* @param request - The SSO silent request
|
|
15372
|
+
* @returns true if SSO verification was successful with a valid authorization code, false otherwise
|
|
15373
|
+
*/
|
|
15374
|
+
async verifySso(request) {
|
|
15375
|
+
const inputRequest = { ...request };
|
|
15376
|
+
if (!inputRequest.prompt) {
|
|
15377
|
+
inputRequest.prompt = PromptValue$1.NONE;
|
|
15378
|
+
}
|
|
15379
|
+
// Create silent request
|
|
15380
|
+
const silentRequest = await invokeAsync(initializeAuthorizationRequest, StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(inputRequest, exports.InteractionType.Silent, this.config, this.browserCrypto, this.browserStorage, this.logger, this.performanceClient, this.correlationId);
|
|
15381
|
+
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
|
|
15382
|
+
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger),
|
|
15383
|
+
requestAuthority: silentRequest.authority,
|
|
15384
|
+
requestAzureCloudOptions: silentRequest.azureCloudOptions,
|
|
15385
|
+
requestExtraQueryParameters: silentRequest.extraQueryParameters,
|
|
15386
|
+
account: silentRequest.account,
|
|
15387
|
+
});
|
|
15388
|
+
const { serverParams } = await this.silentAuthorizeHelper(authClient, silentRequest);
|
|
15389
|
+
const correlationId = silentRequest.correlationId;
|
|
15390
|
+
// Validate the response - this checks for errors and validates state
|
|
15391
|
+
validateAuthorizationResponse(serverParams, silentRequest.state);
|
|
15392
|
+
// Verify a valid authorization code is present
|
|
15393
|
+
if (!serverParams.code) {
|
|
15394
|
+
this.logger.warning("0y34ti", correlationId);
|
|
15395
|
+
return false;
|
|
15396
|
+
}
|
|
15397
|
+
this.logger.verbose("0kkkcj", correlationId);
|
|
15398
|
+
return true;
|
|
15399
|
+
}
|
|
15291
15400
|
/**
|
|
15292
15401
|
* Currently Unsupported
|
|
15293
15402
|
*/
|
|
@@ -15302,6 +15411,16 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
15302
15411
|
* @param userRequestScopes
|
|
15303
15412
|
*/
|
|
15304
15413
|
async silentTokenHelper(authClient, request) {
|
|
15414
|
+
const { serverParams, pkceCodes } = await this.silentAuthorizeHelper(authClient, request);
|
|
15415
|
+
return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, request.correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
15416
|
+
}
|
|
15417
|
+
/**
|
|
15418
|
+
* Shared helper that generates PKCE codes, builds the /authorize URL,
|
|
15419
|
+
* loads it in a hidden iframe, waits for the redirect-bridge response,
|
|
15420
|
+
* and returns the deserialized server parameters along with the PKCE codes
|
|
15421
|
+
* and the request that was sent.
|
|
15422
|
+
*/
|
|
15423
|
+
async silentAuthorizeHelper(authClient, request) {
|
|
15305
15424
|
const correlationId = request.correlationId;
|
|
15306
15425
|
const pkceCodes = await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
|
|
15307
15426
|
const silentRequest = {
|
|
@@ -15322,13 +15441,13 @@ class SilentIframeClient extends StandardInteractionClient {
|
|
|
15322
15441
|
// Wait for response from the redirect bridge.
|
|
15323
15442
|
let responseString;
|
|
15324
15443
|
try {
|
|
15325
|
-
responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
|
|
15444
|
+
responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
|
|
15326
15445
|
}
|
|
15327
15446
|
finally {
|
|
15328
15447
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
15329
15448
|
}
|
|
15330
15449
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
|
|
15331
|
-
return
|
|
15450
|
+
return { serverParams, pkceCodes, silentRequest };
|
|
15332
15451
|
}
|
|
15333
15452
|
}
|
|
15334
15453
|
|
|
@@ -15582,22 +15701,32 @@ class StandardController {
|
|
|
15582
15701
|
this.nativeInternalStorage = new BrowserCacheManager(this.config.auth.clientId, nativeCacheOptions, this.browserCrypto, this.logger, this.performanceClient, this.eventHandler);
|
|
15583
15702
|
this.activeSilentTokenRequests = new Map();
|
|
15584
15703
|
// Register listener functions
|
|
15585
|
-
this.
|
|
15704
|
+
this.trackStateChange = this.trackStateChange.bind(this);
|
|
15586
15705
|
// Register listener functions
|
|
15587
|
-
this.
|
|
15588
|
-
this.
|
|
15706
|
+
this.trackStateChangeWithMeasurement =
|
|
15707
|
+
this.trackStateChangeWithMeasurement.bind(this);
|
|
15589
15708
|
}
|
|
15590
15709
|
static async createController(operatingContext, request) {
|
|
15591
15710
|
const controller = new StandardController(operatingContext);
|
|
15592
15711
|
await controller.initialize(request);
|
|
15593
15712
|
return controller;
|
|
15594
15713
|
}
|
|
15595
|
-
|
|
15714
|
+
trackStateChange(correlationId, event) {
|
|
15596
15715
|
if (!correlationId) {
|
|
15597
15716
|
return;
|
|
15598
15717
|
}
|
|
15599
|
-
|
|
15600
|
-
|
|
15718
|
+
if (event.type === "visibilitychange") {
|
|
15719
|
+
this.logger.info("16v6hv", correlationId);
|
|
15720
|
+
this.performanceClient.incrementFields({ visibilityChangeCount: 1 }, correlationId);
|
|
15721
|
+
}
|
|
15722
|
+
else if (event.type === "online") {
|
|
15723
|
+
this.logger.info("0zirfd", correlationId);
|
|
15724
|
+
this.performanceClient.incrementFields({ onlineStatusChangeCount: 1 }, correlationId);
|
|
15725
|
+
}
|
|
15726
|
+
else if (event.type === "offline") {
|
|
15727
|
+
this.logger.info("1xk9ef", correlationId);
|
|
15728
|
+
this.performanceClient.incrementFields({ onlineStatusChangeCount: 1 }, correlationId);
|
|
15729
|
+
}
|
|
15601
15730
|
}
|
|
15602
15731
|
/**
|
|
15603
15732
|
* Initializer function to perform async startup tasks such as connecting to WAM extension
|
|
@@ -15697,22 +15826,25 @@ class StandardController {
|
|
|
15697
15826
|
}
|
|
15698
15827
|
const loggedInAccounts = this.getAllAccounts();
|
|
15699
15828
|
const platformBrokerRequest = this.browserStorage.getCachedNativeRequest();
|
|
15700
|
-
const useNative = platformBrokerRequest &&
|
|
15701
|
-
this.platformAuthProvider &&
|
|
15702
|
-
!options?.hash;
|
|
15829
|
+
const useNative = platformBrokerRequest && !options?.hash;
|
|
15703
15830
|
let rootMeasurement;
|
|
15704
15831
|
let redirectResponse;
|
|
15832
|
+
let cachedRedirectRequest;
|
|
15705
15833
|
try {
|
|
15706
15834
|
if (useNative && this.platformAuthProvider) {
|
|
15707
15835
|
const correlationId = platformBrokerRequest?.correlationId || "";
|
|
15708
15836
|
this.eventHandler.emitEvent(EventType.HANDLE_REDIRECT_START, correlationId, exports.InteractionType.Redirect);
|
|
15709
15837
|
rootMeasurement = this.performanceClient.startMeasurement(AcquireTokenRedirect, correlationId);
|
|
15710
15838
|
this.logger.trace("12v7is", correlationId);
|
|
15839
|
+
rootMeasurement.add({
|
|
15840
|
+
isPlatformBrokerRequest: true,
|
|
15841
|
+
});
|
|
15711
15842
|
const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.handleRedirectPromise, this.performanceClient, this.platformAuthProvider, platformBrokerRequest.accountId, this.nativeInternalStorage, platformBrokerRequest.correlationId);
|
|
15712
|
-
redirectResponse = invokeAsync(nativeClient.handleRedirectPromise.bind(nativeClient), HandleNativeRedirectPromiseMeasurement, this.logger, this.performanceClient, rootMeasurement.event.correlationId)(
|
|
15843
|
+
redirectResponse = invokeAsync(nativeClient.handleRedirectPromise.bind(nativeClient), HandleNativeRedirectPromiseMeasurement, this.logger, this.performanceClient, rootMeasurement.event.correlationId)();
|
|
15713
15844
|
}
|
|
15714
15845
|
else {
|
|
15715
15846
|
const [standardRequest, codeVerifier] = this.browserStorage.getCachedRequest("");
|
|
15847
|
+
cachedRedirectRequest = standardRequest;
|
|
15716
15848
|
const correlationId = standardRequest.correlationId;
|
|
15717
15849
|
this.eventHandler.emitEvent(EventType.HANDLE_REDIRECT_START, correlationId, exports.InteractionType.Redirect);
|
|
15718
15850
|
// Reset rootMeasurement now that we have correlationId
|
|
@@ -15741,6 +15873,8 @@ class StandardController {
|
|
|
15741
15873
|
rootMeasurement.end({
|
|
15742
15874
|
success: true,
|
|
15743
15875
|
}, undefined, result.account);
|
|
15876
|
+
// Fire-and-forget SSO capability verification in background
|
|
15877
|
+
this.verifySsoCapability(cachedRedirectRequest, exports.InteractionType.Redirect);
|
|
15744
15878
|
}
|
|
15745
15879
|
else {
|
|
15746
15880
|
/*
|
|
@@ -15806,12 +15940,14 @@ class StandardController {
|
|
|
15806
15940
|
if (this.platformAuthProvider &&
|
|
15807
15941
|
this.canUsePlatformBroker(request)) {
|
|
15808
15942
|
const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.acquireTokenRedirect, this.performanceClient, this.platformAuthProvider, this.getNativeAccountId(request), this.nativeInternalStorage, correlationId);
|
|
15809
|
-
result = nativeClient
|
|
15810
|
-
.
|
|
15811
|
-
|
|
15943
|
+
result = invokeAsync(nativeClient.acquireTokenRedirect.bind(nativeClient), NativeInteractionClientAcquireTokenRedirect, this.logger, this.performanceClient, correlationId)(request, atrMeasurement).catch((e) => {
|
|
15944
|
+
atrMeasurement.add({
|
|
15945
|
+
brokerErrorName: e.name,
|
|
15946
|
+
brokerErrorCode: e.errorCode,
|
|
15947
|
+
});
|
|
15812
15948
|
if (e instanceof NativeAuthError &&
|
|
15813
15949
|
isFatalNativeAuthError(e)) {
|
|
15814
|
-
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
|
|
15950
|
+
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
|
|
15815
15951
|
const redirectClient = this.createRedirectClient(correlationId);
|
|
15816
15952
|
return redirectClient.acquireToken(request);
|
|
15817
15953
|
}
|
|
@@ -15877,6 +16013,9 @@ class StandardController {
|
|
|
15877
16013
|
let result;
|
|
15878
16014
|
const pkce = this.getPreGeneratedPkceCodes(correlationId);
|
|
15879
16015
|
if (this.canUsePlatformBroker(request)) {
|
|
16016
|
+
atPopupMeasurement.add({
|
|
16017
|
+
isPlatformBrokerRequest: true,
|
|
16018
|
+
});
|
|
15880
16019
|
result = this.acquireTokenNative({
|
|
15881
16020
|
...request,
|
|
15882
16021
|
correlationId,
|
|
@@ -15889,9 +16028,13 @@ class StandardController {
|
|
|
15889
16028
|
return response;
|
|
15890
16029
|
})
|
|
15891
16030
|
.catch((e) => {
|
|
16031
|
+
atPopupMeasurement.add({
|
|
16032
|
+
brokerErrorName: e.name,
|
|
16033
|
+
brokerErrorCode: e.errorCode,
|
|
16034
|
+
});
|
|
15892
16035
|
if (e instanceof NativeAuthError &&
|
|
15893
16036
|
isFatalNativeAuthError(e)) {
|
|
15894
|
-
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
|
|
16037
|
+
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
|
|
15895
16038
|
const popupClient = this.createPopupClient(correlationId);
|
|
15896
16039
|
return popupClient.acquireToken(request, pkce);
|
|
15897
16040
|
}
|
|
@@ -15922,6 +16065,8 @@ class StandardController {
|
|
|
15922
16065
|
accessTokenSize: result.accessToken.length,
|
|
15923
16066
|
idTokenSize: result.idToken.length,
|
|
15924
16067
|
}, undefined, result.account);
|
|
16068
|
+
// SSO capability verification in background
|
|
16069
|
+
this.verifySsoCapability(request, exports.InteractionType.Popup);
|
|
15925
16070
|
return result;
|
|
15926
16071
|
})
|
|
15927
16072
|
.catch((e) => {
|
|
@@ -15939,15 +16084,137 @@ class StandardController {
|
|
|
15939
16084
|
}
|
|
15940
16085
|
});
|
|
15941
16086
|
}
|
|
15942
|
-
|
|
16087
|
+
trackStateChangeWithMeasurement(event) {
|
|
15943
16088
|
const measurement = this.ssoSilentMeasurement ||
|
|
15944
16089
|
this.acquireTokenByCodeAsyncMeasurement;
|
|
15945
16090
|
if (!measurement) {
|
|
15946
16091
|
return;
|
|
15947
16092
|
}
|
|
15948
|
-
|
|
15949
|
-
|
|
16093
|
+
if (event.type === "visibilitychange") {
|
|
16094
|
+
this.logger.info("0yzimq", measurement.event.correlationId);
|
|
16095
|
+
measurement.increment({
|
|
16096
|
+
visibilityChangeCount: 1,
|
|
16097
|
+
});
|
|
16098
|
+
}
|
|
16099
|
+
else if (event.type === "online") {
|
|
16100
|
+
this.logger.info("1caf53", measurement.event.correlationId);
|
|
16101
|
+
measurement.increment({
|
|
16102
|
+
onlineStatusChangeCount: 1,
|
|
16103
|
+
});
|
|
16104
|
+
}
|
|
16105
|
+
else if (event.type === "offline") {
|
|
16106
|
+
this.logger.info("0fdyk7", measurement.event.correlationId);
|
|
16107
|
+
measurement.increment({
|
|
16108
|
+
onlineStatusChangeCount: 1,
|
|
16109
|
+
});
|
|
16110
|
+
}
|
|
16111
|
+
}
|
|
16112
|
+
addStateChangeListeners(listener) {
|
|
16113
|
+
document.addEventListener("visibilitychange", listener);
|
|
16114
|
+
window.addEventListener("online", listener);
|
|
16115
|
+
window.addEventListener("offline", listener);
|
|
16116
|
+
}
|
|
16117
|
+
removeStateChangeListeners(listener) {
|
|
16118
|
+
document.removeEventListener("visibilitychange", listener);
|
|
16119
|
+
window.removeEventListener("online", listener);
|
|
16120
|
+
window.removeEventListener("offline", listener);
|
|
16121
|
+
}
|
|
16122
|
+
/**
|
|
16123
|
+
* Reads the cached ssoCapable value from localStorage.
|
|
16124
|
+
* @returns The cached ssoCapable boolean value, or undefined if not cached or expired.
|
|
16125
|
+
*/
|
|
16126
|
+
getCachedSsoCapable() {
|
|
16127
|
+
try {
|
|
16128
|
+
const cachedValue = window.localStorage.getItem(SSO_CAPABLE);
|
|
16129
|
+
if (cachedValue) {
|
|
16130
|
+
const parsed = JSON.parse(cachedValue);
|
|
16131
|
+
if (parsed &&
|
|
16132
|
+
typeof parsed.ssoCapable === "boolean" &&
|
|
16133
|
+
parsed.expiresOn &&
|
|
16134
|
+
Date.now() < parsed.expiresOn) {
|
|
16135
|
+
return parsed.ssoCapable;
|
|
16136
|
+
}
|
|
16137
|
+
}
|
|
16138
|
+
}
|
|
16139
|
+
catch {
|
|
16140
|
+
// If parsing fails, return undefined
|
|
16141
|
+
}
|
|
16142
|
+
return undefined;
|
|
16143
|
+
}
|
|
16144
|
+
/**
|
|
16145
|
+
* SSO capability verification in the background.
|
|
16146
|
+
* This method makes an iframe request to /authorize to verify SSO capability without calling /token.
|
|
16147
|
+
* This method does not block the caller and tracks telemetry for success/failure.
|
|
16148
|
+
* This method only executes if verifySSO is set to true in the auth configuration.
|
|
16149
|
+
* The result is cached in localStorage with a 24-hour TTL; the SSO verification call
|
|
16150
|
+
* is only attempted when the cached value is absent or expired.
|
|
16151
|
+
* @param request - The original request used for the authentication flow
|
|
16152
|
+
* @param interactionType - The interactionType of the AT operation for logging purposes
|
|
16153
|
+
*/
|
|
16154
|
+
verifySsoCapability(request, interactionType) {
|
|
16155
|
+
// Check if SSO capability verification is enabled
|
|
16156
|
+
if (!this.config.auth.verifySSO) {
|
|
16157
|
+
return;
|
|
16158
|
+
}
|
|
16159
|
+
// Check TTL: derive ssoCapable state from localStorage and skip if not expired
|
|
16160
|
+
const ssoCacheKey = SSO_CAPABLE;
|
|
16161
|
+
const SSO_CAPABLE_TTL_MS = 24 * 60 * 60 * 1000; // 24 hours
|
|
16162
|
+
const cachedSsoCapable = this.getCachedSsoCapable();
|
|
16163
|
+
if (cachedSsoCapable !== undefined) {
|
|
16164
|
+
this.logger.verbose("13poou", "");
|
|
16165
|
+
return;
|
|
16166
|
+
}
|
|
16167
|
+
const correlationId = createNewGuid();
|
|
16168
|
+
const ssoCapableMeasurement = this.performanceClient.startMeasurement(SsoCapable, correlationId);
|
|
16169
|
+
ssoCapableMeasurement.add({
|
|
16170
|
+
"ext.interactionType": interactionType,
|
|
15950
16171
|
});
|
|
16172
|
+
this.logger.verbose("0pbr0i", correlationId);
|
|
16173
|
+
/*
|
|
16174
|
+
* Use setTimeout to ensure this runs in a separate macrotask after the current call stack completes
|
|
16175
|
+
* This ensures the result is returned to the caller before the SSO verification starts and doesn't affect performance
|
|
16176
|
+
*/
|
|
16177
|
+
setTimeout(() => {
|
|
16178
|
+
const ssoVerificationRequest = {
|
|
16179
|
+
...request,
|
|
16180
|
+
correlationId: correlationId,
|
|
16181
|
+
};
|
|
16182
|
+
const silentIframeClient = this.createSilentIframeClient(correlationId);
|
|
16183
|
+
silentIframeClient
|
|
16184
|
+
.verifySso(ssoVerificationRequest)
|
|
16185
|
+
.then((result) => {
|
|
16186
|
+
this.logger.verbose("1gd1iv", correlationId);
|
|
16187
|
+
// TBD to add profileTelemetry later in localStorage with 24h TTL
|
|
16188
|
+
try {
|
|
16189
|
+
const cacheEntry = JSON.stringify({
|
|
16190
|
+
ssoCapable: result,
|
|
16191
|
+
expiresOn: Date.now() + SSO_CAPABLE_TTL_MS,
|
|
16192
|
+
});
|
|
16193
|
+
window.localStorage.setItem(ssoCacheKey, cacheEntry);
|
|
16194
|
+
}
|
|
16195
|
+
catch {
|
|
16196
|
+
this.logger.warning("18lmoj", correlationId);
|
|
16197
|
+
}
|
|
16198
|
+
ssoCapableMeasurement.end({
|
|
16199
|
+
fromCache: false,
|
|
16200
|
+
success: result,
|
|
16201
|
+
}, undefined);
|
|
16202
|
+
})
|
|
16203
|
+
.catch((error) => {
|
|
16204
|
+
this.logger.warning("05g83w", correlationId);
|
|
16205
|
+
// reset the cache
|
|
16206
|
+
try {
|
|
16207
|
+
window.localStorage.removeItem(ssoCacheKey);
|
|
16208
|
+
}
|
|
16209
|
+
catch {
|
|
16210
|
+
this.logger.warning("0nlf9q", correlationId);
|
|
16211
|
+
}
|
|
16212
|
+
ssoCapableMeasurement.end({
|
|
16213
|
+
fromCache: false,
|
|
16214
|
+
success: false,
|
|
16215
|
+
}, error);
|
|
16216
|
+
});
|
|
16217
|
+
}, 0);
|
|
15951
16218
|
}
|
|
15952
16219
|
// #endregion
|
|
15953
16220
|
// #region Silent Flow
|
|
@@ -15970,28 +16237,35 @@ class StandardController {
|
|
|
15970
16237
|
const correlationId = this.getRequestCorrelationId(request);
|
|
15971
16238
|
const validRequest = {
|
|
15972
16239
|
...request,
|
|
15973
|
-
// will be PromptValue.NONE or PromptValue.NO_SESSION
|
|
15974
|
-
prompt: request.prompt,
|
|
15975
16240
|
correlationId: correlationId,
|
|
15976
16241
|
};
|
|
15977
16242
|
this.ssoSilentMeasurement = this.performanceClient.startMeasurement(SsoSilent, correlationId);
|
|
15978
16243
|
this.ssoSilentMeasurement?.add({
|
|
15979
16244
|
scenarioId: request.scenarioId,
|
|
16245
|
+
ssoCapable: this.getCachedSsoCapable(),
|
|
15980
16246
|
});
|
|
15981
16247
|
preflightCheck(this.initialized, this.ssoSilentMeasurement, this.config, validRequest);
|
|
15982
16248
|
this.ssoSilentMeasurement?.increment({
|
|
15983
16249
|
visibilityChangeCount: 0,
|
|
16250
|
+
onlineStatusChangeCount: 0,
|
|
15984
16251
|
});
|
|
15985
|
-
|
|
16252
|
+
this.addStateChangeListeners(this.trackStateChangeWithMeasurement);
|
|
15986
16253
|
const loggedInAccounts = this.getAllAccounts();
|
|
15987
16254
|
this.logger.verbose("0w1b45", correlationId);
|
|
15988
16255
|
this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Silent, validRequest);
|
|
15989
16256
|
let result;
|
|
15990
16257
|
if (this.canUsePlatformBroker(validRequest)) {
|
|
16258
|
+
this.ssoSilentMeasurement?.add({
|
|
16259
|
+
isPlatformBrokerRequest: true,
|
|
16260
|
+
});
|
|
15991
16261
|
result = this.acquireTokenNative(validRequest, ApiId.ssoSilent).catch((e) => {
|
|
16262
|
+
this.ssoSilentMeasurement?.add({
|
|
16263
|
+
brokerErrorName: e.name,
|
|
16264
|
+
brokerErrorCode: e.errorCode,
|
|
16265
|
+
});
|
|
15992
16266
|
// If native token acquisition fails for availability reasons fallback to standard flow
|
|
15993
16267
|
if (e instanceof NativeAuthError && isFatalNativeAuthError(e)) {
|
|
15994
|
-
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
|
|
16268
|
+
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
|
|
15995
16269
|
const silentIframeClient = this.createSilentIframeClient(validRequest.correlationId);
|
|
15996
16270
|
return silentIframeClient.acquireToken(validRequest);
|
|
15997
16271
|
}
|
|
@@ -16025,7 +16299,7 @@ class StandardController {
|
|
|
16025
16299
|
throw e;
|
|
16026
16300
|
})
|
|
16027
16301
|
.finally(() => {
|
|
16028
|
-
|
|
16302
|
+
this.removeStateChangeListeners(this.trackStateChangeWithMeasurement);
|
|
16029
16303
|
});
|
|
16030
16304
|
}
|
|
16031
16305
|
/**
|
|
@@ -16064,7 +16338,6 @@ class StandardController {
|
|
|
16064
16338
|
this.hybridAuthCodeResponses.delete(hybridAuthCode);
|
|
16065
16339
|
atbcMeasurement.end({
|
|
16066
16340
|
success: true,
|
|
16067
|
-
isNativeBroker: result.fromPlatformBroker,
|
|
16068
16341
|
accessTokenSize: result.accessToken.length,
|
|
16069
16342
|
idTokenSize: result.idToken.length,
|
|
16070
16343
|
}, undefined, result.account);
|
|
@@ -16088,10 +16361,17 @@ class StandardController {
|
|
|
16088
16361
|
}
|
|
16089
16362
|
else if (request.nativeAccountId) {
|
|
16090
16363
|
if (this.canUsePlatformBroker(request, request.nativeAccountId)) {
|
|
16364
|
+
atbcMeasurement.add({
|
|
16365
|
+
isPlatformBrokerRequest: true,
|
|
16366
|
+
});
|
|
16091
16367
|
const result = await this.acquireTokenNative({
|
|
16092
16368
|
...request,
|
|
16093
16369
|
correlationId,
|
|
16094
16370
|
}, ApiId.acquireTokenByCode, request.nativeAccountId).catch((e) => {
|
|
16371
|
+
atbcMeasurement.add({
|
|
16372
|
+
brokerErrorName: e.name,
|
|
16373
|
+
brokerErrorCode: e.errorCode,
|
|
16374
|
+
});
|
|
16095
16375
|
// If native token acquisition fails for availability reasons fallback to standard flow
|
|
16096
16376
|
if (e instanceof NativeAuthError &&
|
|
16097
16377
|
isFatalNativeAuthError(e)) {
|
|
@@ -16132,8 +16412,9 @@ class StandardController {
|
|
|
16132
16412
|
this.performanceClient.startMeasurement(AcquireTokenByCodeAsync, correlationId);
|
|
16133
16413
|
this.acquireTokenByCodeAsyncMeasurement?.increment({
|
|
16134
16414
|
visibilityChangeCount: 0,
|
|
16415
|
+
onlineStatusChangeCount: 0,
|
|
16135
16416
|
});
|
|
16136
|
-
|
|
16417
|
+
this.addStateChangeListeners(this.trackStateChangeWithMeasurement);
|
|
16137
16418
|
const silentAuthCodeClient = this.createSilentAuthCodeClient(correlationId);
|
|
16138
16419
|
const silentTokenResult = await silentAuthCodeClient
|
|
16139
16420
|
.acquireToken(request)
|
|
@@ -16141,7 +16422,6 @@ class StandardController {
|
|
|
16141
16422
|
this.acquireTokenByCodeAsyncMeasurement?.end({
|
|
16142
16423
|
success: true,
|
|
16143
16424
|
fromCache: response.fromCache,
|
|
16144
|
-
isNativeBroker: response.fromPlatformBroker,
|
|
16145
16425
|
});
|
|
16146
16426
|
return response;
|
|
16147
16427
|
})
|
|
@@ -16152,7 +16432,7 @@ class StandardController {
|
|
|
16152
16432
|
throw tokenRenewalError;
|
|
16153
16433
|
})
|
|
16154
16434
|
.finally(() => {
|
|
16155
|
-
|
|
16435
|
+
this.removeStateChangeListeners(this.trackStateChangeWithMeasurement);
|
|
16156
16436
|
});
|
|
16157
16437
|
return silentTokenResult;
|
|
16158
16438
|
}
|
|
@@ -16310,7 +16590,7 @@ class StandardController {
|
|
|
16310
16590
|
throw createBrowserAuthError(nativeConnectionNotEstablished);
|
|
16311
16591
|
}
|
|
16312
16592
|
const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, apiId, this.performanceClient, this.platformAuthProvider, accountId || this.getNativeAccountId(request), this.nativeInternalStorage, correlationId);
|
|
16313
|
-
return nativeClient.acquireToken(request, cacheLookupPolicy);
|
|
16593
|
+
return invokeAsync(nativeClient.acquireToken.bind(nativeClient), NativeInteractionClientAcquireToken, this.logger, this.performanceClient, correlationId)(request, cacheLookupPolicy);
|
|
16314
16594
|
}
|
|
16315
16595
|
/**
|
|
16316
16596
|
* Returns boolean indicating if this request can use the platform broker
|
|
@@ -16324,7 +16604,7 @@ class StandardController {
|
|
|
16324
16604
|
return false;
|
|
16325
16605
|
}
|
|
16326
16606
|
if (!isPlatformAuthAllowed(this.config, this.logger, correlationId, this.platformAuthProvider, request.authenticationScheme)) {
|
|
16327
|
-
this.logger.trace("
|
|
16607
|
+
this.logger.trace("0yoy1g", correlationId);
|
|
16328
16608
|
return false;
|
|
16329
16609
|
}
|
|
16330
16610
|
if (request.prompt) {
|
|
@@ -16543,6 +16823,7 @@ class StandardController {
|
|
|
16543
16823
|
atsMeasurement.add({
|
|
16544
16824
|
cacheLookupPolicy: request.cacheLookupPolicy,
|
|
16545
16825
|
scenarioId: request.scenarioId,
|
|
16826
|
+
ssoCapable: this.getCachedSsoCapable(),
|
|
16546
16827
|
});
|
|
16547
16828
|
preflightCheck(this.initialized, atsMeasurement, this.config, request);
|
|
16548
16829
|
this.logger.verbose("0x1c4s", correlationId);
|
|
@@ -16555,7 +16836,6 @@ class StandardController {
|
|
|
16555
16836
|
atsMeasurement.end({
|
|
16556
16837
|
success: true,
|
|
16557
16838
|
fromCache: result.fromCache,
|
|
16558
|
-
isNativeBroker: result.fromPlatformBroker,
|
|
16559
16839
|
accessTokenSize: result.accessToken.length,
|
|
16560
16840
|
idTokenSize: result.idToken.length,
|
|
16561
16841
|
}, undefined, result.account);
|
|
@@ -16614,12 +16894,12 @@ class StandardController {
|
|
|
16614
16894
|
* @returns {Promise.<AuthenticationResult>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse}
|
|
16615
16895
|
*/
|
|
16616
16896
|
async acquireTokenSilentAsync(request, account) {
|
|
16617
|
-
const
|
|
16897
|
+
const trackStateChange = (event) => this.trackStateChange(request.correlationId, event);
|
|
16618
16898
|
this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, request.correlationId, exports.InteractionType.Silent, request);
|
|
16619
16899
|
if (request.correlationId) {
|
|
16620
|
-
this.performanceClient.incrementFields({ visibilityChangeCount: 0 }, request.correlationId);
|
|
16900
|
+
this.performanceClient.incrementFields({ visibilityChangeCount: 0, onlineStatusChangeCount: 0 }, request.correlationId);
|
|
16621
16901
|
}
|
|
16622
|
-
|
|
16902
|
+
this.addStateChangeListeners(trackStateChange);
|
|
16623
16903
|
const silentRequest = await invokeAsync(initializeSilentRequest, InitializeSilentRequest, this.logger, this.performanceClient, request.correlationId)(request, account, this.config, this.performanceClient, this.logger);
|
|
16624
16904
|
const cacheLookupPolicy = request.cacheLookupPolicy || CacheLookupPolicy.Default;
|
|
16625
16905
|
const result = this.acquireTokenSilentNoIframe(silentRequest, cacheLookupPolicy).catch(async (refreshTokenError) => {
|
|
@@ -16701,7 +16981,7 @@ class StandardController {
|
|
|
16701
16981
|
throw tokenRenewalError;
|
|
16702
16982
|
})
|
|
16703
16983
|
.finally(() => {
|
|
16704
|
-
|
|
16984
|
+
this.removeStateChangeListeners(trackStateChange);
|
|
16705
16985
|
});
|
|
16706
16986
|
}
|
|
16707
16987
|
/**
|
|
@@ -16715,7 +16995,12 @@ class StandardController {
|
|
|
16715
16995
|
if (isPlatformAuthAllowed(this.config, this.logger, silentRequest.correlationId, this.platformAuthProvider, silentRequest.authenticationScheme) &&
|
|
16716
16996
|
silentRequest.account.nativeAccountId) {
|
|
16717
16997
|
this.logger.verbose("0sczo4", silentRequest.correlationId);
|
|
16998
|
+
this.performanceClient.addFields({ isPlatformBrokerRequest: true }, silentRequest.correlationId);
|
|
16718
16999
|
return this.acquireTokenNative(silentRequest, ApiId.acquireTokenSilent_silentFlow, silentRequest.account.nativeAccountId, cacheLookupPolicy).catch(async (e) => {
|
|
17000
|
+
this.performanceClient.addFields({
|
|
17001
|
+
brokerErrorName: e.name,
|
|
17002
|
+
brokerErrorCode: e.errorCode,
|
|
17003
|
+
}, silentRequest.correlationId);
|
|
16719
17004
|
// If native token acquisition fails for availability reasons fallback to web flow
|
|
16720
17005
|
if (e instanceof NativeAuthError && isFatalNativeAuthError(e)) {
|
|
16721
17006
|
this.logger.verbose("07rkmb", silentRequest.correlationId);
|
|
@@ -18301,7 +18586,7 @@ async function loadExternalTokens(config, request, response, options, performanc
|
|
|
18301
18586
|
const storage = new BrowserCacheManager(browserConfig.auth.clientId, browserConfig.cache, cryptoOps, logger, browserConfig.telemetry.client, new EventHandler(logger), buildStaticAuthorityOptions(browserConfig.auth));
|
|
18302
18587
|
const authorityString = request.authority || browserConfig.auth.authority;
|
|
18303
18588
|
const authority = await createDiscoveredInstance(Authority.generateAuthority(authorityString, request.azureCloudOptions), browserConfig.system.networkClient, storage, authorityOptions, logger, correlationId, performanceClient);
|
|
18304
|
-
const cacheRecordAccount = await invokeAsync(loadAccount, LoadAccount, logger, performanceClient, correlationId)(request, options.clientInfo || response.client_info || "", correlationId, storage, logger, cryptoOps, authority, idTokenClaims);
|
|
18589
|
+
const cacheRecordAccount = await invokeAsync(loadAccount, LoadAccount, logger, performanceClient, correlationId)(request, options.clientInfo || response.client_info || "", correlationId, storage, logger, cryptoOps, authority, idTokenClaims, performanceClient);
|
|
18305
18590
|
const idToken = await invokeAsync(loadIdToken, LoadIdToken, logger, performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, kmsi, correlationId, storage, logger, config.auth.clientId);
|
|
18306
18591
|
const accessToken = await invokeAsync(loadAccessToken, LoadAccessToken, logger, performanceClient, correlationId)(request, response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, kmsi, options, correlationId, storage, logger, config.auth.clientId);
|
|
18307
18592
|
const refreshToken = await invokeAsync(loadRefreshToken, LoadRefreshToken, logger, performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, kmsi, correlationId, storage, logger, config.auth.clientId, performanceClient);
|
|
@@ -18327,7 +18612,7 @@ async function loadExternalTokens(config, request, response, options, performanc
|
|
|
18327
18612
|
* @param requestHomeAccountId
|
|
18328
18613
|
* @returns `AccountEntity`
|
|
18329
18614
|
*/
|
|
18330
|
-
async function loadAccount(request, clientInfo, correlationId, storage, logger, cryptoObj, authority, idTokenClaims) {
|
|
18615
|
+
async function loadAccount(request, clientInfo, correlationId, storage, logger, cryptoObj, authority, idTokenClaims, performanceClient) {
|
|
18331
18616
|
logger.verbose("0ke46k", correlationId);
|
|
18332
18617
|
if (request.account) {
|
|
18333
18618
|
const accountEntity = createAccountEntityFromAccountInfo(request.account);
|
|
@@ -18342,7 +18627,7 @@ async function loadAccount(request, clientInfo, correlationId, storage, logger,
|
|
|
18342
18627
|
const claimsTenantId = idTokenClaims?.tid;
|
|
18343
18628
|
const cachedAccount = buildAccountToCache(storage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, authority.getPreferredCache(), claimsTenantId, undefined, // authCodePayload
|
|
18344
18629
|
undefined, // nativeAccountId
|
|
18345
|
-
logger);
|
|
18630
|
+
logger, performanceClient);
|
|
18346
18631
|
await storage.setAccount(cachedAccount, correlationId, isKmsi(idTokenClaims || {}), ApiId.loadExternalTokens);
|
|
18347
18632
|
return cachedAccount;
|
|
18348
18633
|
}
|
|
@@ -18614,6 +18899,9 @@ class BrowserPerformanceClient extends PerformanceClient {
|
|
|
18614
18899
|
getPageVisibility() {
|
|
18615
18900
|
return document.visibilityState?.toString() || null;
|
|
18616
18901
|
}
|
|
18902
|
+
getOnlineStatus() {
|
|
18903
|
+
return typeof navigator !== "undefined" ? navigator.onLine : null;
|
|
18904
|
+
}
|
|
18617
18905
|
deleteIncompleteSubMeasurements(inProgressEvent) {
|
|
18618
18906
|
void getPerfMeasurementModule()?.then((module) => {
|
|
18619
18907
|
const rootEvent = this.eventsByCorrelationId.get(inProgressEvent.event.correlationId);
|
|
@@ -18640,6 +18928,7 @@ class BrowserPerformanceClient extends PerformanceClient {
|
|
|
18640
18928
|
startMeasurement(measureName, correlationId) {
|
|
18641
18929
|
// Capture page visibilityState and then invoke start/end measurement
|
|
18642
18930
|
const startPageVisibility = this.getPageVisibility();
|
|
18931
|
+
const startOnlineStatus = this.getOnlineStatus();
|
|
18643
18932
|
const inProgressEvent = super.startMeasurement(measureName, correlationId);
|
|
18644
18933
|
const startTime = supportsBrowserPerformanceNow()
|
|
18645
18934
|
? window.performance.now()
|
|
@@ -18655,6 +18944,7 @@ class BrowserPerformanceClient extends PerformanceClient {
|
|
|
18655
18944
|
const res = inProgressEvent.end({
|
|
18656
18945
|
...event,
|
|
18657
18946
|
startPageVisibility,
|
|
18947
|
+
startOnlineStatus,
|
|
18658
18948
|
endPageVisibility: this.getPageVisibility(),
|
|
18659
18949
|
durationMs: getPerfDurationMs(startTime),
|
|
18660
18950
|
networkEffectiveType: networkInfo.effectiveType,
|