@azure/msal-browser 5.6.2 → 5.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +0 -1
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +2 -3
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs.map +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +2 -2
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.d.ts +1 -0
- package/dist/cache/CacheKeys.d.ts.map +1 -1
- package/dist/cache/CacheKeys.mjs +3 -2
- package/dist/cache/CacheKeys.mjs.map +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.d.ts.map +1 -1
- package/dist/cache/TokenCache.mjs +9 -9
- package/dist/cache/TokenCache.mjs.map +1 -1
- package/dist/config/Configuration.d.ts +20 -1
- package/dist/config/Configuration.d.ts.map +1 -1
- package/dist/config/Configuration.mjs +10 -2
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.d.ts +20 -2
- package/dist/controllers/StandardController.d.ts.map +1 -1
- package/dist/controllers/StandardController.mjs +204 -37
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +2 -3
- package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs.map +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +2 -2
- package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
- package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
- package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
- package/dist/custom-auth-path/cache/CacheKeys.d.ts +1 -0
- package/dist/custom-auth-path/cache/CacheKeys.d.ts.map +1 -1
- package/dist/custom-auth-path/cache/CacheKeys.mjs +3 -2
- package/dist/custom-auth-path/cache/CacheKeys.mjs.map +1 -1
- package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
- package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/TokenCache.d.ts.map +1 -1
- package/dist/custom-auth-path/config/Configuration.d.ts +20 -1
- package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
- package/dist/custom-auth-path/config/Configuration.mjs +10 -2
- package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
- package/dist/custom-auth-path/controllers/StandardController.d.ts +20 -2
- package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
- package/dist/custom-auth-path/controllers/StandardController.mjs +204 -37
- package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
- package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
- package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
- package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
- package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/error/NativeAuthError.d.ts.map +1 -1
- package/dist/custom-auth-path/error/NativeAuthError.mjs +3 -4
- package/dist/custom-auth-path/error/NativeAuthError.mjs.map +1 -1
- package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
- package/dist/custom-auth-path/event/EventType.mjs +1 -1
- package/dist/custom-auth-path/index.d.ts +1 -1
- package/dist/custom-auth-path/index.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts +12 -12
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +39 -26
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/PopupClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/PopupClient.mjs +6 -2
- package/dist/custom-auth-path/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/RedirectClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +6 -2
- package/dist/custom-auth-path/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts +14 -0
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +47 -5
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/custom-auth-path/log-strings-mapping.json +67 -15
- package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
- package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
- package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
- package/dist/custom-auth-path/packageMetadata.mjs +2 -2
- package/dist/custom-auth-path/protocol/Authorize.d.ts.map +1 -1
- package/dist/custom-auth-path/protocol/Authorize.mjs +5 -1
- package/dist/custom-auth-path/protocol/Authorize.mjs.map +1 -1
- package/dist/custom-auth-path/redirect_bridge/index.d.ts.map +1 -1
- package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
- package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
- package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts +6 -0
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +9 -3
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
- package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
- package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
- package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +8 -3
- package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs.map +1 -1
- package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserUtils.d.ts +2 -2
- package/dist/custom-auth-path/utils/BrowserUtils.d.ts.map +1 -1
- package/dist/custom-auth-path/utils/BrowserUtils.mjs +27 -3
- package/dist/custom-auth-path/utils/BrowserUtils.mjs.map +1 -1
- package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
- package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.d.ts.map +1 -1
- package/dist/error/NativeAuthError.mjs +3 -4
- package/dist/error/NativeAuthError.mjs.map +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.mjs +1 -1
- package/dist/index.mjs.map +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.d.ts +12 -12
- package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +39 -26
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.d.ts.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +6 -2
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +6 -2
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.d.ts +14 -0
- package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +47 -5
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/log-strings-mapping.json +75 -23
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.d.ts.map +1 -1
- package/dist/protocol/Authorize.mjs +5 -1
- package/dist/protocol/Authorize.mjs.map +1 -1
- package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
- package/dist/redirect-bridge/cache/CacheKeys.d.ts +1 -0
- package/dist/redirect-bridge/cache/CacheKeys.d.ts.map +1 -1
- package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
- package/dist/redirect-bridge/cache/TokenCache.d.ts.map +1 -1
- package/dist/redirect-bridge/config/Configuration.d.ts +20 -1
- package/dist/redirect-bridge/config/Configuration.d.ts.map +1 -1
- package/dist/redirect-bridge/config/Configuration.mjs +1 -1
- package/dist/redirect-bridge/controllers/StandardController.d.ts +20 -2
- package/dist/redirect-bridge/controllers/StandardController.d.ts.map +1 -1
- package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
- package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
- package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/redirect-bridge/error/NativeAuthError.d.ts.map +1 -1
- package/dist/redirect-bridge/index.d.ts +1 -1
- package/dist/redirect-bridge/index.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts +12 -12
- package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/PopupClient.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/RedirectClient.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts +14 -0
- package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
- package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
- package/dist/redirect-bridge/protocol/Authorize.d.ts.map +1 -1
- package/dist/redirect-bridge/redirect_bridge/index.d.ts.map +1 -1
- package/dist/redirect-bridge/redirect_bridge/index.mjs +11 -7
- package/dist/redirect-bridge/redirect_bridge/index.mjs.map +1 -1
- package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts +6 -0
- package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/dist/redirect-bridge/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
- package/dist/redirect-bridge/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
- package/dist/redirect-bridge/utils/BrowserConstants.mjs +7 -3
- package/dist/redirect-bridge/utils/BrowserConstants.mjs.map +1 -1
- package/dist/redirect-bridge/utils/BrowserUtils.d.ts +2 -2
- package/dist/redirect-bridge/utils/BrowserUtils.d.ts.map +1 -1
- package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
- package/dist/redirect-bridge/utils/BrowserUtils.mjs.map +1 -1
- package/dist/redirect_bridge/index.d.ts.map +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/dist/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +6 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.d.ts +6 -0
- package/dist/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +9 -3
- package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
- package/dist/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +10 -3
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs.map +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.d.ts +2 -2
- package/dist/utils/BrowserUtils.d.ts.map +1 -1
- package/dist/utils/BrowserUtils.mjs +27 -3
- package/dist/utils/BrowserUtils.mjs.map +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +67 -15
- package/lib/custom-auth-path/msal-custom-auth.cjs +897 -617
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
- package/lib/custom-auth-path/types/cache/CacheKeys.d.ts +1 -0
- package/lib/custom-auth-path/types/cache/CacheKeys.d.ts.map +1 -1
- package/lib/custom-auth-path/types/cache/TokenCache.d.ts.map +1 -1
- package/lib/custom-auth-path/types/config/Configuration.d.ts +20 -1
- package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
- package/lib/custom-auth-path/types/controllers/StandardController.d.ts +20 -2
- package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/lib/custom-auth-path/types/error/NativeAuthError.d.ts.map +1 -1
- package/lib/custom-auth-path/types/index.d.ts +1 -1
- package/lib/custom-auth-path/types/index.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts +12 -12
- package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts +14 -0
- package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
- package/lib/custom-auth-path/types/protocol/Authorize.d.ts.map +1 -1
- package/lib/custom-auth-path/types/redirect_bridge/index.d.ts.map +1 -1
- package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts +6 -0
- package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/lib/custom-auth-path/types/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
- package/lib/custom-auth-path/types/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
- package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts +2 -2
- package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts.map +1 -1
- package/lib/log-strings-mapping.json +75 -23
- package/lib/msal-browser.cjs +1045 -755
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +1045 -755
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.js +24 -16
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
- package/lib/types/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
- package/lib/types/cache/CacheKeys.d.ts +1 -0
- package/lib/types/cache/CacheKeys.d.ts.map +1 -1
- package/lib/types/cache/TokenCache.d.ts.map +1 -1
- package/lib/types/config/Configuration.d.ts +20 -1
- package/lib/types/config/Configuration.d.ts.map +1 -1
- package/lib/types/controllers/StandardController.d.ts +20 -2
- package/lib/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/lib/types/error/NativeAuthError.d.ts.map +1 -1
- package/lib/types/index.d.ts +1 -1
- package/lib/types/index.d.ts.map +1 -1
- package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts +12 -12
- package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/lib/types/interaction_client/SilentIframeClient.d.ts +14 -0
- package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/protocol/Authorize.d.ts.map +1 -1
- package/lib/types/redirect_bridge/index.d.ts.map +1 -1
- package/lib/types/telemetry/BrowserPerformanceClient.d.ts +1 -0
- package/lib/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
- package/lib/types/telemetry/BrowserPerformanceEvents.d.ts +6 -0
- package/lib/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/lib/types/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
- package/lib/types/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
- package/lib/types/utils/BrowserUtils.d.ts +2 -2
- package/lib/types/utils/BrowserUtils.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/broker/nativeBroker/PlatformAuthProvider.ts +1 -1
- package/src/cache/CacheKeys.ts +1 -0
- package/src/cache/TokenCache.ts +27 -24
- package/src/config/Configuration.ts +30 -0
- package/src/controllers/StandardController.ts +316 -69
- package/src/error/NativeAuthError.ts +1 -2
- package/src/index.ts +1 -0
- package/src/interaction_client/PlatformAuthInteractionClient.ts +99 -76
- package/src/interaction_client/PopupClient.ts +10 -0
- package/src/interaction_client/RedirectClient.ts +10 -0
- package/src/interaction_client/SilentIframeClient.ts +127 -22
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +8 -0
- package/src/redirect_bridge/index.ts +12 -5
- package/src/telemetry/BrowserPerformanceClient.ts +6 -0
- package/src/telemetry/BrowserPerformanceEvents.ts +9 -0
- package/src/telemetry/BrowserRootPerformanceEvents.ts +7 -0
- package/src/utils/BrowserUtils.ts +36 -4
package/lib/msal-browser.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.
|
|
1
|
+
/*! @azure/msal-browser v5.7.0 2026-04-16 */
|
|
2
2
|
'use strict';
|
|
3
3
|
(function (global, factory) {
|
|
4
4
|
typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
|
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
(global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msal = {}));
|
|
7
7
|
})(this, (function (exports) { 'use strict';
|
|
8
8
|
|
|
9
|
-
/*! @azure/msal-common v16.
|
|
9
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
10
10
|
/*
|
|
11
11
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
12
12
|
* Licensed under the MIT License.
|
|
@@ -238,7 +238,7 @@
|
|
|
238
238
|
// Token renewal offset default in seconds
|
|
239
239
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
240
240
|
|
|
241
|
-
/*! @azure/msal-common v16.
|
|
241
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
242
242
|
/*
|
|
243
243
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
244
244
|
* Licensed under the MIT License.
|
|
@@ -290,7 +290,7 @@
|
|
|
290
290
|
const RESOURCE = "resource";
|
|
291
291
|
const CLI_DATA = "clidata";
|
|
292
292
|
|
|
293
|
-
/*! @azure/msal-common v16.
|
|
293
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
294
294
|
/*
|
|
295
295
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
296
296
|
* Licensed under the MIT License.
|
|
@@ -321,7 +321,7 @@
|
|
|
321
321
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
322
322
|
}
|
|
323
323
|
|
|
324
|
-
/*! @azure/msal-common v16.
|
|
324
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
325
325
|
|
|
326
326
|
/*
|
|
327
327
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -341,7 +341,7 @@
|
|
|
341
341
|
return new ClientConfigurationError(errorCode);
|
|
342
342
|
}
|
|
343
343
|
|
|
344
|
-
/*! @azure/msal-common v16.
|
|
344
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
345
345
|
/*
|
|
346
346
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
347
347
|
* Licensed under the MIT License.
|
|
@@ -421,7 +421,7 @@
|
|
|
421
421
|
}
|
|
422
422
|
}
|
|
423
423
|
|
|
424
|
-
/*! @azure/msal-common v16.
|
|
424
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
425
425
|
|
|
426
426
|
/*
|
|
427
427
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -444,7 +444,7 @@
|
|
|
444
444
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
445
445
|
}
|
|
446
446
|
|
|
447
|
-
/*! @azure/msal-common v16.
|
|
447
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
448
448
|
/*
|
|
449
449
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
450
450
|
* Licensed under the MIT License.
|
|
@@ -498,7 +498,7 @@
|
|
|
498
498
|
urlParseError: urlParseError
|
|
499
499
|
});
|
|
500
500
|
|
|
501
|
-
/*! @azure/msal-common v16.
|
|
501
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
502
502
|
/*
|
|
503
503
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
504
504
|
* Licensed under the MIT License.
|
|
@@ -586,7 +586,7 @@
|
|
|
586
586
|
userCanceled: userCanceled
|
|
587
587
|
});
|
|
588
588
|
|
|
589
|
-
/*! @azure/msal-common v16.
|
|
589
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
590
590
|
|
|
591
591
|
/*
|
|
592
592
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -781,7 +781,7 @@
|
|
|
781
781
|
}
|
|
782
782
|
}
|
|
783
783
|
|
|
784
|
-
/*! @azure/msal-common v16.
|
|
784
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
785
785
|
|
|
786
786
|
/*
|
|
787
787
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -902,18 +902,29 @@
|
|
|
902
902
|
parameters.set(SID, sid);
|
|
903
903
|
}
|
|
904
904
|
/**
|
|
905
|
-
*
|
|
906
|
-
*
|
|
907
|
-
|
|
908
|
-
|
|
909
|
-
|
|
910
|
-
|
|
911
|
-
|
|
912
|
-
|
|
913
|
-
|
|
914
|
-
|
|
905
|
+
* Adds claims to request parameters, conditionally excluding clientCapabilities
|
|
906
|
+
* when skipBrokerClaims is true and a brokered flow is in effect.
|
|
907
|
+
* @param parameters - The request parameters map
|
|
908
|
+
* @param claims - The claims string from the request
|
|
909
|
+
* @param clientCapabilities - The client capabilities from configuration
|
|
910
|
+
* @param skipBrokerClaims - When true and BROKER_CLIENT_ID is present, excludes clientCapabilities from claims
|
|
911
|
+
*/
|
|
912
|
+
function addClaims(parameters, claims, clientCapabilities, skipBrokerClaims) {
|
|
913
|
+
// Skip clientCapabilities if skipBrokerClaims is set to true and this is a brokered authentication flow
|
|
914
|
+
const configClaims = skipBrokerClaims && parameters.has(BROKER_CLIENT_ID)
|
|
915
|
+
? undefined
|
|
916
|
+
: clientCapabilities;
|
|
917
|
+
if (!StringUtils.isEmptyObj(claims) ||
|
|
918
|
+
(configClaims && configClaims.length > 0)) {
|
|
919
|
+
const mergedClaims = addClientCapabilitiesToClaims$1(claims, configClaims);
|
|
920
|
+
try {
|
|
921
|
+
JSON.parse(mergedClaims);
|
|
922
|
+
}
|
|
923
|
+
catch (e) {
|
|
924
|
+
throw createClientConfigurationError(invalidClaims);
|
|
925
|
+
}
|
|
926
|
+
parameters.set(CLAIMS, mergedClaims);
|
|
915
927
|
}
|
|
916
|
-
parameters.set(CLAIMS, mergedClaims);
|
|
917
928
|
}
|
|
918
929
|
/**
|
|
919
930
|
* add correlationId
|
|
@@ -1159,7 +1170,7 @@
|
|
|
1159
1170
|
}
|
|
1160
1171
|
}
|
|
1161
1172
|
|
|
1162
|
-
/*! @azure/msal-common v16.
|
|
1173
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1163
1174
|
|
|
1164
1175
|
/*
|
|
1165
1176
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1268,7 +1279,7 @@
|
|
|
1268
1279
|
}
|
|
1269
1280
|
}
|
|
1270
1281
|
|
|
1271
|
-
/*! @azure/msal-common v16.
|
|
1282
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1272
1283
|
|
|
1273
1284
|
/*
|
|
1274
1285
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1307,7 +1318,7 @@
|
|
|
1307
1318
|
},
|
|
1308
1319
|
};
|
|
1309
1320
|
|
|
1310
|
-
/*! @azure/msal-common v16.
|
|
1321
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1311
1322
|
/*
|
|
1312
1323
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1313
1324
|
* Licensed under the MIT License.
|
|
@@ -1582,12 +1593,12 @@
|
|
|
1582
1593
|
}
|
|
1583
1594
|
}
|
|
1584
1595
|
|
|
1585
|
-
/*! @azure/msal-common v16.
|
|
1596
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1586
1597
|
/* eslint-disable header/header */
|
|
1587
1598
|
const name$1 = "@azure/msal-common";
|
|
1588
|
-
const version$1 = "16.
|
|
1599
|
+
const version$1 = "16.5.0";
|
|
1589
1600
|
|
|
1590
|
-
/*! @azure/msal-common v16.
|
|
1601
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1591
1602
|
/*
|
|
1592
1603
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1593
1604
|
* Licensed under the MIT License.
|
|
@@ -1607,7 +1618,7 @@
|
|
|
1607
1618
|
AzureUsGovernment: "https://login.microsoftonline.us",
|
|
1608
1619
|
};
|
|
1609
1620
|
|
|
1610
|
-
/*! @azure/msal-common v16.
|
|
1621
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1611
1622
|
/*
|
|
1612
1623
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1613
1624
|
* Licensed under the MIT License.
|
|
@@ -1689,7 +1700,7 @@
|
|
|
1689
1700
|
return updatedAccountInfo;
|
|
1690
1701
|
}
|
|
1691
1702
|
|
|
1692
|
-
/*! @azure/msal-common v16.
|
|
1703
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1693
1704
|
|
|
1694
1705
|
/*
|
|
1695
1706
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1769,7 +1780,7 @@
|
|
|
1769
1780
|
}
|
|
1770
1781
|
}
|
|
1771
1782
|
|
|
1772
|
-
/*! @azure/msal-common v16.
|
|
1783
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1773
1784
|
|
|
1774
1785
|
/*
|
|
1775
1786
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1926,7 +1937,7 @@
|
|
|
1926
1937
|
}
|
|
1927
1938
|
}
|
|
1928
1939
|
|
|
1929
|
-
/*! @azure/msal-common v16.
|
|
1940
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1930
1941
|
|
|
1931
1942
|
/*
|
|
1932
1943
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2083,7 +2094,7 @@
|
|
|
2083
2094
|
return null;
|
|
2084
2095
|
}
|
|
2085
2096
|
|
|
2086
|
-
/*! @azure/msal-common v16.
|
|
2097
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2087
2098
|
/*
|
|
2088
2099
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2089
2100
|
* Licensed under the MIT License.
|
|
@@ -2091,7 +2102,7 @@
|
|
|
2091
2102
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
2092
2103
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
2093
2104
|
|
|
2094
|
-
/*! @azure/msal-common v16.
|
|
2105
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2095
2106
|
|
|
2096
2107
|
/*
|
|
2097
2108
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2129,7 +2140,7 @@
|
|
|
2129
2140
|
}
|
|
2130
2141
|
}
|
|
2131
2142
|
|
|
2132
|
-
/*! @azure/msal-common v16.
|
|
2143
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2133
2144
|
|
|
2134
2145
|
/*
|
|
2135
2146
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2167,7 +2178,7 @@
|
|
|
2167
2178
|
};
|
|
2168
2179
|
}
|
|
2169
2180
|
|
|
2170
|
-
/*! @azure/msal-common v16.
|
|
2181
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2171
2182
|
/*
|
|
2172
2183
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2173
2184
|
* Licensed under the MIT License.
|
|
@@ -2182,7 +2193,7 @@
|
|
|
2182
2193
|
Ciam: 3,
|
|
2183
2194
|
};
|
|
2184
2195
|
|
|
2185
|
-
/*! @azure/msal-common v16.
|
|
2196
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2186
2197
|
/*
|
|
2187
2198
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2188
2199
|
* Licensed under the MIT License.
|
|
@@ -2204,7 +2215,7 @@
|
|
|
2204
2215
|
return null;
|
|
2205
2216
|
}
|
|
2206
2217
|
|
|
2207
|
-
/*! @azure/msal-common v16.
|
|
2218
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2208
2219
|
/*
|
|
2209
2220
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2210
2221
|
* Licensed under the MIT License.
|
|
@@ -2228,7 +2239,7 @@
|
|
|
2228
2239
|
EAR: "EAR",
|
|
2229
2240
|
};
|
|
2230
2241
|
|
|
2231
|
-
/*! @azure/msal-common v16.
|
|
2242
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2232
2243
|
/**
|
|
2233
2244
|
* Returns the AccountInfo interface for this account.
|
|
2234
2245
|
*/
|
|
@@ -2403,7 +2414,7 @@
|
|
|
2403
2414
|
entity.hasOwnProperty("authorityType"));
|
|
2404
2415
|
}
|
|
2405
2416
|
|
|
2406
|
-
/*! @azure/msal-common v16.
|
|
2417
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2407
2418
|
|
|
2408
2419
|
/*
|
|
2409
2420
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3505,7 +3516,7 @@
|
|
|
3505
3516
|
}
|
|
3506
3517
|
}
|
|
3507
3518
|
|
|
3508
|
-
/*! @azure/msal-common v16.
|
|
3519
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3509
3520
|
/*
|
|
3510
3521
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3511
3522
|
* Licensed under the MIT License.
|
|
@@ -3550,12 +3561,13 @@
|
|
|
3550
3561
|
"currRefreshCount",
|
|
3551
3562
|
"expiredCacheRemovedCount",
|
|
3552
3563
|
"upgradedCacheCount",
|
|
3564
|
+
"cacheMatchedAccounts",
|
|
3553
3565
|
"networkRtt",
|
|
3554
3566
|
"redirectBridgeTimeoutMs",
|
|
3555
3567
|
"redirectBridgeMessageVersion",
|
|
3556
3568
|
]);
|
|
3557
3569
|
|
|
3558
|
-
/*! @azure/msal-common v16.
|
|
3570
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3559
3571
|
|
|
3560
3572
|
/*
|
|
3561
3573
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3610,7 +3622,7 @@
|
|
|
3610
3622
|
}
|
|
3611
3623
|
}
|
|
3612
3624
|
|
|
3613
|
-
/*! @azure/msal-common v16.
|
|
3625
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3614
3626
|
|
|
3615
3627
|
/*
|
|
3616
3628
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3705,226 +3717,34 @@
|
|
|
3705
3717
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3706
3718
|
}
|
|
3707
3719
|
|
|
3708
|
-
/*! @azure/msal-common v16.
|
|
3709
|
-
|
|
3710
|
-
/*
|
|
3711
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3712
|
-
* Licensed under the MIT License.
|
|
3713
|
-
*/
|
|
3714
|
-
/**
|
|
3715
|
-
* Error thrown when there is an error with the server code, for example, unavailability.
|
|
3716
|
-
*/
|
|
3717
|
-
class ServerError extends AuthError {
|
|
3718
|
-
constructor(errorCode, errorMessage, subError, errorNo, status) {
|
|
3719
|
-
super(errorCode, errorMessage, subError);
|
|
3720
|
-
this.name = "ServerError";
|
|
3721
|
-
this.errorNo = errorNo;
|
|
3722
|
-
this.status = status;
|
|
3723
|
-
Object.setPrototypeOf(this, ServerError.prototype);
|
|
3724
|
-
}
|
|
3725
|
-
}
|
|
3726
|
-
|
|
3727
|
-
/*! @azure/msal-common v16.4.0 2026-03-27 */
|
|
3728
|
-
/*
|
|
3729
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3730
|
-
* Licensed under the MIT License.
|
|
3731
|
-
*/
|
|
3732
|
-
/**
|
|
3733
|
-
* MSAL-defined interaction required error code indicating no tokens are found in cache.
|
|
3734
|
-
* @public
|
|
3735
|
-
*/
|
|
3736
|
-
const noTokensFound = "no_tokens_found";
|
|
3737
|
-
/**
|
|
3738
|
-
* MSAL-defined error code indicating a native account is unavailable on the platform.
|
|
3739
|
-
* @public
|
|
3740
|
-
*/
|
|
3741
|
-
const nativeAccountUnavailable = "native_account_unavailable";
|
|
3742
|
-
/**
|
|
3743
|
-
* MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
|
|
3744
|
-
* @public
|
|
3745
|
-
*/
|
|
3746
|
-
const refreshTokenExpired = "refresh_token_expired";
|
|
3747
|
-
/**
|
|
3748
|
-
* MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
|
|
3749
|
-
* @public
|
|
3750
|
-
*/
|
|
3751
|
-
const uxNotAllowed = "ux_not_allowed";
|
|
3752
|
-
/**
|
|
3753
|
-
* Server-originated error code indicating interaction is required to complete the request.
|
|
3754
|
-
* @public
|
|
3755
|
-
*/
|
|
3756
|
-
const interactionRequired = "interaction_required";
|
|
3757
|
-
/**
|
|
3758
|
-
* Server-originated error code indicating user consent is required.
|
|
3759
|
-
* @public
|
|
3760
|
-
*/
|
|
3761
|
-
const consentRequired = "consent_required";
|
|
3762
|
-
/**
|
|
3763
|
-
* Server-originated error code indicating user login is required.
|
|
3764
|
-
* @public
|
|
3765
|
-
*/
|
|
3766
|
-
const loginRequired = "login_required";
|
|
3767
|
-
/**
|
|
3768
|
-
* Server-originated error code indicating the token is invalid or corrupted.
|
|
3769
|
-
* @public
|
|
3770
|
-
*/
|
|
3771
|
-
const badToken = "bad_token";
|
|
3772
|
-
/**
|
|
3773
|
-
* Server-originated error code indicating the user is in an interrupted state and interaction is required.
|
|
3774
|
-
* @public
|
|
3775
|
-
*/
|
|
3776
|
-
const interruptedUser = "interrupted_user";
|
|
3777
|
-
|
|
3778
|
-
var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
3779
|
-
__proto__: null,
|
|
3780
|
-
badToken: badToken,
|
|
3781
|
-
consentRequired: consentRequired,
|
|
3782
|
-
interactionRequired: interactionRequired,
|
|
3783
|
-
interruptedUser: interruptedUser,
|
|
3784
|
-
loginRequired: loginRequired,
|
|
3785
|
-
nativeAccountUnavailable: nativeAccountUnavailable,
|
|
3786
|
-
noTokensFound: noTokensFound,
|
|
3787
|
-
refreshTokenExpired: refreshTokenExpired,
|
|
3788
|
-
uxNotAllowed: uxNotAllowed
|
|
3789
|
-
});
|
|
3790
|
-
|
|
3791
|
-
/*! @azure/msal-common v16.4.0 2026-03-27 */
|
|
3792
|
-
|
|
3793
|
-
/*
|
|
3794
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3795
|
-
* Licensed under the MIT License.
|
|
3796
|
-
*/
|
|
3797
|
-
/**
|
|
3798
|
-
* InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required
|
|
3799
|
-
*/
|
|
3800
|
-
const InteractionRequiredServerErrorMessage = [
|
|
3801
|
-
interactionRequired,
|
|
3802
|
-
consentRequired,
|
|
3803
|
-
loginRequired,
|
|
3804
|
-
badToken,
|
|
3805
|
-
uxNotAllowed,
|
|
3806
|
-
interruptedUser,
|
|
3807
|
-
];
|
|
3808
|
-
const InteractionRequiredAuthSubErrorMessage = [
|
|
3809
|
-
"message_only",
|
|
3810
|
-
"additional_action",
|
|
3811
|
-
"basic_action",
|
|
3812
|
-
"user_password_expired",
|
|
3813
|
-
"consent_required",
|
|
3814
|
-
"bad_token",
|
|
3815
|
-
"ux_not_allowed",
|
|
3816
|
-
"interrupted_user",
|
|
3817
|
-
];
|
|
3818
|
-
/**
|
|
3819
|
-
* Error thrown when user interaction is required.
|
|
3820
|
-
*/
|
|
3821
|
-
class InteractionRequiredAuthError extends AuthError {
|
|
3822
|
-
constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
|
|
3823
|
-
super(errorCode, errorMessage, subError);
|
|
3824
|
-
Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
|
|
3825
|
-
this.timestamp = timestamp || "";
|
|
3826
|
-
this.traceId = traceId || "";
|
|
3827
|
-
this.correlationId = correlationId || "";
|
|
3828
|
-
this.claims = claims || "";
|
|
3829
|
-
this.name = "InteractionRequiredAuthError";
|
|
3830
|
-
this.errorNo = errorNo;
|
|
3831
|
-
}
|
|
3832
|
-
}
|
|
3833
|
-
/**
|
|
3834
|
-
* Helper function used to determine if an error thrown by the server requires interaction to resolve
|
|
3835
|
-
* @param errorCode
|
|
3836
|
-
* @param errorString
|
|
3837
|
-
* @param subError
|
|
3838
|
-
*/
|
|
3839
|
-
function isInteractionRequiredError(errorCode, errorString, subError) {
|
|
3840
|
-
const isInteractionRequiredErrorCode = !!errorCode &&
|
|
3841
|
-
InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;
|
|
3842
|
-
const isInteractionRequiredSubError = !!subError &&
|
|
3843
|
-
InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
|
|
3844
|
-
const isInteractionRequiredErrorDesc = !!errorString &&
|
|
3845
|
-
InteractionRequiredServerErrorMessage.some((irErrorCode) => {
|
|
3846
|
-
return errorString.indexOf(irErrorCode) > -1;
|
|
3847
|
-
});
|
|
3848
|
-
return (isInteractionRequiredErrorCode ||
|
|
3849
|
-
isInteractionRequiredErrorDesc ||
|
|
3850
|
-
isInteractionRequiredSubError);
|
|
3851
|
-
}
|
|
3852
|
-
/**
|
|
3853
|
-
* Creates an InteractionRequiredAuthError
|
|
3854
|
-
*/
|
|
3855
|
-
function createInteractionRequiredAuthError(errorCode, errorMessage) {
|
|
3856
|
-
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
3857
|
-
}
|
|
3858
|
-
|
|
3859
|
-
/*! @azure/msal-common v16.4.0 2026-03-27 */
|
|
3860
|
-
|
|
3720
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3861
3721
|
/*
|
|
3862
3722
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3863
3723
|
* Licensed under the MIT License.
|
|
3864
3724
|
*/
|
|
3865
3725
|
/**
|
|
3866
|
-
*
|
|
3867
|
-
*
|
|
3868
|
-
|
|
3869
|
-
|
|
3870
|
-
|
|
3871
|
-
|
|
3872
|
-
const libraryState = generateLibraryState(cryptoObj, meta);
|
|
3873
|
-
return userState
|
|
3874
|
-
? `${libraryState}${RESOURCE_DELIM}${userState}`
|
|
3875
|
-
: libraryState;
|
|
3876
|
-
}
|
|
3877
|
-
/**
|
|
3878
|
-
* Generates the state value used by the common library.
|
|
3879
|
-
* @param cryptoObj
|
|
3880
|
-
* @param meta
|
|
3881
|
-
*/
|
|
3882
|
-
function generateLibraryState(cryptoObj, meta) {
|
|
3883
|
-
if (!cryptoObj) {
|
|
3884
|
-
throw createClientAuthError(noCryptoObject);
|
|
3885
|
-
}
|
|
3886
|
-
// Create a state object containing a unique id and the timestamp of the request creation
|
|
3887
|
-
const stateObj = {
|
|
3888
|
-
id: cryptoObj.createNewGuid(),
|
|
3889
|
-
};
|
|
3890
|
-
if (meta) {
|
|
3891
|
-
stateObj.meta = meta;
|
|
3892
|
-
}
|
|
3893
|
-
const stateString = JSON.stringify(stateObj);
|
|
3894
|
-
return cryptoObj.base64Encode(stateString);
|
|
3895
|
-
}
|
|
3896
|
-
/**
|
|
3897
|
-
* Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.
|
|
3898
|
-
* @param base64Decode
|
|
3899
|
-
* @param state
|
|
3900
|
-
*/
|
|
3901
|
-
function parseRequestState(base64Decode, state) {
|
|
3902
|
-
if (!base64Decode) {
|
|
3903
|
-
throw createClientAuthError(noCryptoObject);
|
|
3904
|
-
}
|
|
3905
|
-
if (!state) {
|
|
3906
|
-
throw createClientAuthError(invalidState);
|
|
3726
|
+
* This class instance helps track the memory changes facilitating
|
|
3727
|
+
* decisions to read from and write to the persistent cache
|
|
3728
|
+
*/ class TokenCacheContext {
|
|
3729
|
+
constructor(tokenCache, hasChanged) {
|
|
3730
|
+
this.cache = tokenCache;
|
|
3731
|
+
this.hasChanged = hasChanged;
|
|
3907
3732
|
}
|
|
3908
|
-
|
|
3909
|
-
|
|
3910
|
-
|
|
3911
|
-
|
|
3912
|
-
|
|
3913
|
-
? splitState.slice(1).join(RESOURCE_DELIM)
|
|
3914
|
-
: "";
|
|
3915
|
-
const libraryStateString = base64Decode(libraryState);
|
|
3916
|
-
const libraryStateObj = JSON.parse(libraryStateString);
|
|
3917
|
-
return {
|
|
3918
|
-
userRequestState: userState || "",
|
|
3919
|
-
libraryState: libraryStateObj,
|
|
3920
|
-
};
|
|
3733
|
+
/**
|
|
3734
|
+
* boolean which indicates the changes in cache
|
|
3735
|
+
*/
|
|
3736
|
+
get cacheHasChanged() {
|
|
3737
|
+
return this.hasChanged;
|
|
3921
3738
|
}
|
|
3922
|
-
|
|
3923
|
-
|
|
3739
|
+
/**
|
|
3740
|
+
* function to retrieve the token cache
|
|
3741
|
+
*/
|
|
3742
|
+
get tokenCache() {
|
|
3743
|
+
return this.cache;
|
|
3924
3744
|
}
|
|
3925
3745
|
}
|
|
3926
3746
|
|
|
3927
|
-
/*! @azure/msal-common v16.
|
|
3747
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3928
3748
|
/*
|
|
3929
3749
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3930
3750
|
* Licensed under the MIT License.
|
|
@@ -3989,21 +3809,280 @@
|
|
|
3989
3809
|
return cachedAtSec > nowSeconds();
|
|
3990
3810
|
}
|
|
3991
3811
|
|
|
3992
|
-
/*! @azure/msal-common v16.
|
|
3812
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3813
|
+
|
|
3993
3814
|
/*
|
|
3994
3815
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3995
3816
|
* Licensed under the MIT License.
|
|
3996
3817
|
*/
|
|
3997
3818
|
/**
|
|
3998
|
-
*
|
|
3999
|
-
|
|
4000
|
-
|
|
4001
|
-
|
|
4002
|
-
|
|
4003
|
-
/**
|
|
4004
|
-
* Time spent on the network for refresh token acquisition
|
|
3819
|
+
* Create IdTokenEntity
|
|
3820
|
+
* @param homeAccountId
|
|
3821
|
+
* @param authenticationResult
|
|
3822
|
+
* @param clientId
|
|
3823
|
+
* @param authority
|
|
4005
3824
|
*/
|
|
4006
|
-
|
|
3825
|
+
function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
|
|
3826
|
+
const idTokenEntity = {
|
|
3827
|
+
credentialType: CredentialType.ID_TOKEN,
|
|
3828
|
+
homeAccountId: homeAccountId,
|
|
3829
|
+
environment: environment,
|
|
3830
|
+
clientId: clientId,
|
|
3831
|
+
secret: idToken,
|
|
3832
|
+
realm: tenantId,
|
|
3833
|
+
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
3834
|
+
};
|
|
3835
|
+
return idTokenEntity;
|
|
3836
|
+
}
|
|
3837
|
+
/**
|
|
3838
|
+
* Create AccessTokenEntity
|
|
3839
|
+
* @param homeAccountId
|
|
3840
|
+
* @param environment
|
|
3841
|
+
* @param accessToken
|
|
3842
|
+
* @param clientId
|
|
3843
|
+
* @param tenantId
|
|
3844
|
+
* @param scopes
|
|
3845
|
+
* @param expiresOn
|
|
3846
|
+
* @param extExpiresOn
|
|
3847
|
+
*/
|
|
3848
|
+
function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId) {
|
|
3849
|
+
const atEntity = {
|
|
3850
|
+
homeAccountId: homeAccountId,
|
|
3851
|
+
credentialType: CredentialType.ACCESS_TOKEN,
|
|
3852
|
+
secret: accessToken,
|
|
3853
|
+
cachedAt: nowSeconds().toString(),
|
|
3854
|
+
expiresOn: expiresOn.toString(),
|
|
3855
|
+
extendedExpiresOn: extExpiresOn.toString(),
|
|
3856
|
+
environment: environment,
|
|
3857
|
+
clientId: clientId,
|
|
3858
|
+
realm: tenantId,
|
|
3859
|
+
target: scopes,
|
|
3860
|
+
tokenType: tokenType || AuthenticationScheme$1.BEARER,
|
|
3861
|
+
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
3862
|
+
};
|
|
3863
|
+
if (userAssertionHash) {
|
|
3864
|
+
atEntity.userAssertionHash = userAssertionHash;
|
|
3865
|
+
}
|
|
3866
|
+
if (refreshOn) {
|
|
3867
|
+
atEntity.refreshOn = refreshOn.toString();
|
|
3868
|
+
}
|
|
3869
|
+
/*
|
|
3870
|
+
* Create Access Token With Auth Scheme instead of regular access token
|
|
3871
|
+
* Cast to lower to handle "bearer" from ADFS
|
|
3872
|
+
*/
|
|
3873
|
+
if (atEntity.tokenType?.toLowerCase() !==
|
|
3874
|
+
AuthenticationScheme$1.BEARER.toLowerCase()) {
|
|
3875
|
+
atEntity.credentialType =
|
|
3876
|
+
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
|
|
3877
|
+
switch (atEntity.tokenType) {
|
|
3878
|
+
case AuthenticationScheme$1.POP:
|
|
3879
|
+
// Make sure keyId is present and add it to credential
|
|
3880
|
+
const tokenClaims = extractTokenClaims(accessToken, base64Decode);
|
|
3881
|
+
if (!tokenClaims?.cnf?.kid) {
|
|
3882
|
+
throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
|
|
3883
|
+
}
|
|
3884
|
+
atEntity.keyId = tokenClaims.cnf.kid;
|
|
3885
|
+
break;
|
|
3886
|
+
case AuthenticationScheme$1.SSH:
|
|
3887
|
+
atEntity.keyId = keyId;
|
|
3888
|
+
}
|
|
3889
|
+
}
|
|
3890
|
+
return atEntity;
|
|
3891
|
+
}
|
|
3892
|
+
/**
|
|
3893
|
+
* Create RefreshTokenEntity
|
|
3894
|
+
* @param homeAccountId
|
|
3895
|
+
* @param authenticationResult
|
|
3896
|
+
* @param clientId
|
|
3897
|
+
* @param authority
|
|
3898
|
+
*/
|
|
3899
|
+
function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
|
|
3900
|
+
const rtEntity = {
|
|
3901
|
+
credentialType: CredentialType.REFRESH_TOKEN,
|
|
3902
|
+
homeAccountId: homeAccountId,
|
|
3903
|
+
environment: environment,
|
|
3904
|
+
clientId: clientId,
|
|
3905
|
+
secret: refreshToken,
|
|
3906
|
+
lastUpdatedAt: Date.now().toString(),
|
|
3907
|
+
};
|
|
3908
|
+
if (userAssertionHash) {
|
|
3909
|
+
rtEntity.userAssertionHash = userAssertionHash;
|
|
3910
|
+
}
|
|
3911
|
+
if (familyId) {
|
|
3912
|
+
rtEntity.familyId = familyId;
|
|
3913
|
+
}
|
|
3914
|
+
if (expiresOn) {
|
|
3915
|
+
rtEntity.expiresOn = expiresOn.toString();
|
|
3916
|
+
}
|
|
3917
|
+
return rtEntity;
|
|
3918
|
+
}
|
|
3919
|
+
function isCredentialEntity(entity) {
|
|
3920
|
+
return (entity.hasOwnProperty("homeAccountId") &&
|
|
3921
|
+
entity.hasOwnProperty("environment") &&
|
|
3922
|
+
entity.hasOwnProperty("credentialType") &&
|
|
3923
|
+
entity.hasOwnProperty("clientId") &&
|
|
3924
|
+
entity.hasOwnProperty("secret"));
|
|
3925
|
+
}
|
|
3926
|
+
/**
|
|
3927
|
+
* Validates an entity: checks for all expected params
|
|
3928
|
+
* @param entity
|
|
3929
|
+
*/
|
|
3930
|
+
function isAccessTokenEntity(entity) {
|
|
3931
|
+
if (!entity) {
|
|
3932
|
+
return false;
|
|
3933
|
+
}
|
|
3934
|
+
return (isCredentialEntity(entity) &&
|
|
3935
|
+
entity.hasOwnProperty("realm") &&
|
|
3936
|
+
entity.hasOwnProperty("target") &&
|
|
3937
|
+
(entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
|
|
3938
|
+
entity["credentialType"] ===
|
|
3939
|
+
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
|
|
3940
|
+
}
|
|
3941
|
+
/**
|
|
3942
|
+
* Validates an entity: checks for all expected params
|
|
3943
|
+
* @param entity
|
|
3944
|
+
*/
|
|
3945
|
+
function isIdTokenEntity(entity) {
|
|
3946
|
+
if (!entity) {
|
|
3947
|
+
return false;
|
|
3948
|
+
}
|
|
3949
|
+
return (isCredentialEntity(entity) &&
|
|
3950
|
+
entity.hasOwnProperty("realm") &&
|
|
3951
|
+
entity["credentialType"] === CredentialType.ID_TOKEN);
|
|
3952
|
+
}
|
|
3953
|
+
/**
|
|
3954
|
+
* Validates an entity: checks for all expected params
|
|
3955
|
+
* @param entity
|
|
3956
|
+
*/
|
|
3957
|
+
function isRefreshTokenEntity(entity) {
|
|
3958
|
+
if (!entity) {
|
|
3959
|
+
return false;
|
|
3960
|
+
}
|
|
3961
|
+
return (isCredentialEntity(entity) &&
|
|
3962
|
+
entity["credentialType"] === CredentialType.REFRESH_TOKEN);
|
|
3963
|
+
}
|
|
3964
|
+
/**
|
|
3965
|
+
* validates if a given cache entry is "Telemetry", parses <key,value>
|
|
3966
|
+
* @param key
|
|
3967
|
+
* @param entity
|
|
3968
|
+
*/
|
|
3969
|
+
function isServerTelemetryEntity(key, entity) {
|
|
3970
|
+
const validateKey = key.indexOf(SERVER_TELEM_CACHE_KEY) === 0;
|
|
3971
|
+
let validateEntity = true;
|
|
3972
|
+
if (entity) {
|
|
3973
|
+
validateEntity =
|
|
3974
|
+
entity.hasOwnProperty("failedRequests") &&
|
|
3975
|
+
entity.hasOwnProperty("errors") &&
|
|
3976
|
+
entity.hasOwnProperty("cacheHits");
|
|
3977
|
+
}
|
|
3978
|
+
return validateKey && validateEntity;
|
|
3979
|
+
}
|
|
3980
|
+
/**
|
|
3981
|
+
* validates if a given cache entry is "Throttling", parses <key,value>
|
|
3982
|
+
* @param key
|
|
3983
|
+
* @param entity
|
|
3984
|
+
*/
|
|
3985
|
+
function isThrottlingEntity(key, entity) {
|
|
3986
|
+
let validateKey = false;
|
|
3987
|
+
if (key) {
|
|
3988
|
+
validateKey = key.indexOf(THROTTLING_PREFIX) === 0;
|
|
3989
|
+
}
|
|
3990
|
+
let validateEntity = true;
|
|
3991
|
+
if (entity) {
|
|
3992
|
+
validateEntity = entity.hasOwnProperty("throttleTime");
|
|
3993
|
+
}
|
|
3994
|
+
return validateKey && validateEntity;
|
|
3995
|
+
}
|
|
3996
|
+
/**
|
|
3997
|
+
* Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
|
|
3998
|
+
*/
|
|
3999
|
+
function generateAppMetadataKey({ environment, clientId, }) {
|
|
4000
|
+
const appMetaDataKeyArray = [
|
|
4001
|
+
APP_METADATA,
|
|
4002
|
+
environment,
|
|
4003
|
+
clientId,
|
|
4004
|
+
];
|
|
4005
|
+
return appMetaDataKeyArray
|
|
4006
|
+
.join(CACHE_KEY_SEPARATOR$1)
|
|
4007
|
+
.toLowerCase();
|
|
4008
|
+
}
|
|
4009
|
+
/*
|
|
4010
|
+
* Validates an entity: checks for all expected params
|
|
4011
|
+
* @param entity
|
|
4012
|
+
*/
|
|
4013
|
+
function isAppMetadataEntity(key, entity) {
|
|
4014
|
+
if (!entity) {
|
|
4015
|
+
return false;
|
|
4016
|
+
}
|
|
4017
|
+
return (key.indexOf(APP_METADATA) === 0 &&
|
|
4018
|
+
entity.hasOwnProperty("clientId") &&
|
|
4019
|
+
entity.hasOwnProperty("environment"));
|
|
4020
|
+
}
|
|
4021
|
+
/**
|
|
4022
|
+
* Validates an entity: checks for all expected params
|
|
4023
|
+
* @param entity
|
|
4024
|
+
*/
|
|
4025
|
+
function isAuthorityMetadataEntity(key, entity) {
|
|
4026
|
+
if (!entity) {
|
|
4027
|
+
return false;
|
|
4028
|
+
}
|
|
4029
|
+
return (key.indexOf(AUTHORITY_METADATA_CACHE_KEY) === 0 &&
|
|
4030
|
+
entity.hasOwnProperty("aliases") &&
|
|
4031
|
+
entity.hasOwnProperty("preferred_cache") &&
|
|
4032
|
+
entity.hasOwnProperty("preferred_network") &&
|
|
4033
|
+
entity.hasOwnProperty("canonical_authority") &&
|
|
4034
|
+
entity.hasOwnProperty("authorization_endpoint") &&
|
|
4035
|
+
entity.hasOwnProperty("token_endpoint") &&
|
|
4036
|
+
entity.hasOwnProperty("issuer") &&
|
|
4037
|
+
entity.hasOwnProperty("aliasesFromNetwork") &&
|
|
4038
|
+
entity.hasOwnProperty("endpointsFromNetwork") &&
|
|
4039
|
+
entity.hasOwnProperty("expiresAt") &&
|
|
4040
|
+
entity.hasOwnProperty("jwks_uri"));
|
|
4041
|
+
}
|
|
4042
|
+
/**
|
|
4043
|
+
* Reset the exiresAt value
|
|
4044
|
+
*/
|
|
4045
|
+
function generateAuthorityMetadataExpiresAt() {
|
|
4046
|
+
return (nowSeconds() +
|
|
4047
|
+
AUTHORITY_METADATA_REFRESH_TIME_SECONDS);
|
|
4048
|
+
}
|
|
4049
|
+
function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
|
|
4050
|
+
authorityMetadata.authorization_endpoint =
|
|
4051
|
+
updatedValues.authorization_endpoint;
|
|
4052
|
+
authorityMetadata.token_endpoint = updatedValues.token_endpoint;
|
|
4053
|
+
authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
|
|
4054
|
+
authorityMetadata.issuer = updatedValues.issuer;
|
|
4055
|
+
authorityMetadata.endpointsFromNetwork = fromNetwork;
|
|
4056
|
+
authorityMetadata.jwks_uri = updatedValues.jwks_uri;
|
|
4057
|
+
}
|
|
4058
|
+
function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
|
|
4059
|
+
authorityMetadata.aliases = updatedValues.aliases;
|
|
4060
|
+
authorityMetadata.preferred_cache = updatedValues.preferred_cache;
|
|
4061
|
+
authorityMetadata.preferred_network = updatedValues.preferred_network;
|
|
4062
|
+
authorityMetadata.aliasesFromNetwork = fromNetwork;
|
|
4063
|
+
}
|
|
4064
|
+
/**
|
|
4065
|
+
* Returns whether or not the data needs to be refreshed
|
|
4066
|
+
*/
|
|
4067
|
+
function isAuthorityMetadataExpired(metadata) {
|
|
4068
|
+
return metadata.expiresAt <= nowSeconds();
|
|
4069
|
+
}
|
|
4070
|
+
|
|
4071
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4072
|
+
/*
|
|
4073
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4074
|
+
* Licensed under the MIT License.
|
|
4075
|
+
*/
|
|
4076
|
+
/**
|
|
4077
|
+
* Time spent sending/waiting for the response of a request to the token endpoint
|
|
4078
|
+
*/
|
|
4079
|
+
const NetworkClientSendPostRequestAsync = "networkClientSendPostRequestAsync";
|
|
4080
|
+
const RefreshTokenClientExecutePostToTokenEndpoint = "refreshTokenClientExecutePostToTokenEndpoint";
|
|
4081
|
+
const AuthorizationCodeClientExecutePostToTokenEndpoint = "authorizationCodeClientExecutePostToTokenEndpoint";
|
|
4082
|
+
/**
|
|
4083
|
+
* Time spent on the network for refresh token acquisition
|
|
4084
|
+
*/
|
|
4085
|
+
const RefreshTokenClientExecuteTokenRequest = "refreshTokenClientExecuteTokenRequest";
|
|
4007
4086
|
/**
|
|
4008
4087
|
* Time taken for acquiring refresh token , records RT size
|
|
4009
4088
|
*/
|
|
@@ -4060,7 +4139,7 @@
|
|
|
4060
4139
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
4061
4140
|
const SetUserData = "setUserData";
|
|
4062
4141
|
|
|
4063
|
-
/*! @azure/msal-common v16.
|
|
4142
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4064
4143
|
/*
|
|
4065
4144
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4066
4145
|
* Licensed under the MIT License.
|
|
@@ -4153,7 +4232,7 @@
|
|
|
4153
4232
|
};
|
|
4154
4233
|
};
|
|
4155
4234
|
|
|
4156
|
-
/*! @azure/msal-common v16.
|
|
4235
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4157
4236
|
|
|
4158
4237
|
/*
|
|
4159
4238
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4233,293 +4312,226 @@
|
|
|
4233
4312
|
}
|
|
4234
4313
|
}
|
|
4235
4314
|
|
|
4236
|
-
/*! @azure/msal-common v16.
|
|
4315
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4237
4316
|
/*
|
|
4238
4317
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4239
4318
|
* Licensed under the MIT License.
|
|
4240
4319
|
*/
|
|
4241
4320
|
/**
|
|
4242
|
-
*
|
|
4243
|
-
*
|
|
4244
|
-
*/ class TokenCacheContext {
|
|
4245
|
-
constructor(tokenCache, hasChanged) {
|
|
4246
|
-
this.cache = tokenCache;
|
|
4247
|
-
this.hasChanged = hasChanged;
|
|
4248
|
-
}
|
|
4249
|
-
/**
|
|
4250
|
-
* boolean which indicates the changes in cache
|
|
4251
|
-
*/
|
|
4252
|
-
get cacheHasChanged() {
|
|
4253
|
-
return this.hasChanged;
|
|
4254
|
-
}
|
|
4255
|
-
/**
|
|
4256
|
-
* function to retrieve the token cache
|
|
4257
|
-
*/
|
|
4258
|
-
get tokenCache() {
|
|
4259
|
-
return this.cache;
|
|
4260
|
-
}
|
|
4261
|
-
}
|
|
4262
|
-
|
|
4263
|
-
/*! @azure/msal-common v16.4.0 2026-03-27 */
|
|
4264
|
-
|
|
4265
|
-
/*
|
|
4266
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4267
|
-
* Licensed under the MIT License.
|
|
4321
|
+
* MSAL-defined interaction required error code indicating no tokens are found in cache.
|
|
4322
|
+
* @public
|
|
4268
4323
|
*/
|
|
4324
|
+
const noTokensFound = "no_tokens_found";
|
|
4269
4325
|
/**
|
|
4270
|
-
*
|
|
4271
|
-
* @
|
|
4272
|
-
* @param authenticationResult
|
|
4273
|
-
* @param clientId
|
|
4274
|
-
* @param authority
|
|
4326
|
+
* MSAL-defined error code indicating a native account is unavailable on the platform.
|
|
4327
|
+
* @public
|
|
4275
4328
|
*/
|
|
4276
|
-
|
|
4277
|
-
const idTokenEntity = {
|
|
4278
|
-
credentialType: CredentialType.ID_TOKEN,
|
|
4279
|
-
homeAccountId: homeAccountId,
|
|
4280
|
-
environment: environment,
|
|
4281
|
-
clientId: clientId,
|
|
4282
|
-
secret: idToken,
|
|
4283
|
-
realm: tenantId,
|
|
4284
|
-
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
4285
|
-
};
|
|
4286
|
-
return idTokenEntity;
|
|
4287
|
-
}
|
|
4329
|
+
const nativeAccountUnavailable = "native_account_unavailable";
|
|
4288
4330
|
/**
|
|
4289
|
-
*
|
|
4290
|
-
* @
|
|
4291
|
-
* @param environment
|
|
4292
|
-
* @param accessToken
|
|
4293
|
-
* @param clientId
|
|
4294
|
-
* @param tenantId
|
|
4295
|
-
* @param scopes
|
|
4296
|
-
* @param expiresOn
|
|
4297
|
-
* @param extExpiresOn
|
|
4331
|
+
* MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
|
|
4332
|
+
* @public
|
|
4298
4333
|
*/
|
|
4299
|
-
|
|
4300
|
-
const atEntity = {
|
|
4301
|
-
homeAccountId: homeAccountId,
|
|
4302
|
-
credentialType: CredentialType.ACCESS_TOKEN,
|
|
4303
|
-
secret: accessToken,
|
|
4304
|
-
cachedAt: nowSeconds().toString(),
|
|
4305
|
-
expiresOn: expiresOn.toString(),
|
|
4306
|
-
extendedExpiresOn: extExpiresOn.toString(),
|
|
4307
|
-
environment: environment,
|
|
4308
|
-
clientId: clientId,
|
|
4309
|
-
realm: tenantId,
|
|
4310
|
-
target: scopes,
|
|
4311
|
-
tokenType: tokenType || AuthenticationScheme$1.BEARER,
|
|
4312
|
-
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
4313
|
-
};
|
|
4314
|
-
if (userAssertionHash) {
|
|
4315
|
-
atEntity.userAssertionHash = userAssertionHash;
|
|
4316
|
-
}
|
|
4317
|
-
if (refreshOn) {
|
|
4318
|
-
atEntity.refreshOn = refreshOn.toString();
|
|
4319
|
-
}
|
|
4320
|
-
/*
|
|
4321
|
-
* Create Access Token With Auth Scheme instead of regular access token
|
|
4322
|
-
* Cast to lower to handle "bearer" from ADFS
|
|
4323
|
-
*/
|
|
4324
|
-
if (atEntity.tokenType?.toLowerCase() !==
|
|
4325
|
-
AuthenticationScheme$1.BEARER.toLowerCase()) {
|
|
4326
|
-
atEntity.credentialType =
|
|
4327
|
-
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
|
|
4328
|
-
switch (atEntity.tokenType) {
|
|
4329
|
-
case AuthenticationScheme$1.POP:
|
|
4330
|
-
// Make sure keyId is present and add it to credential
|
|
4331
|
-
const tokenClaims = extractTokenClaims(accessToken, base64Decode);
|
|
4332
|
-
if (!tokenClaims?.cnf?.kid) {
|
|
4333
|
-
throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
|
|
4334
|
-
}
|
|
4335
|
-
atEntity.keyId = tokenClaims.cnf.kid;
|
|
4336
|
-
break;
|
|
4337
|
-
case AuthenticationScheme$1.SSH:
|
|
4338
|
-
atEntity.keyId = keyId;
|
|
4339
|
-
}
|
|
4340
|
-
}
|
|
4341
|
-
return atEntity;
|
|
4342
|
-
}
|
|
4334
|
+
const refreshTokenExpired = "refresh_token_expired";
|
|
4343
4335
|
/**
|
|
4344
|
-
*
|
|
4345
|
-
* @
|
|
4346
|
-
* @param authenticationResult
|
|
4347
|
-
* @param clientId
|
|
4348
|
-
* @param authority
|
|
4336
|
+
* MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
|
|
4337
|
+
* @public
|
|
4349
4338
|
*/
|
|
4350
|
-
|
|
4351
|
-
const rtEntity = {
|
|
4352
|
-
credentialType: CredentialType.REFRESH_TOKEN,
|
|
4353
|
-
homeAccountId: homeAccountId,
|
|
4354
|
-
environment: environment,
|
|
4355
|
-
clientId: clientId,
|
|
4356
|
-
secret: refreshToken,
|
|
4357
|
-
lastUpdatedAt: Date.now().toString(),
|
|
4358
|
-
};
|
|
4359
|
-
if (userAssertionHash) {
|
|
4360
|
-
rtEntity.userAssertionHash = userAssertionHash;
|
|
4361
|
-
}
|
|
4362
|
-
if (familyId) {
|
|
4363
|
-
rtEntity.familyId = familyId;
|
|
4364
|
-
}
|
|
4365
|
-
if (expiresOn) {
|
|
4366
|
-
rtEntity.expiresOn = expiresOn.toString();
|
|
4367
|
-
}
|
|
4368
|
-
return rtEntity;
|
|
4369
|
-
}
|
|
4370
|
-
function isCredentialEntity(entity) {
|
|
4371
|
-
return (entity.hasOwnProperty("homeAccountId") &&
|
|
4372
|
-
entity.hasOwnProperty("environment") &&
|
|
4373
|
-
entity.hasOwnProperty("credentialType") &&
|
|
4374
|
-
entity.hasOwnProperty("clientId") &&
|
|
4375
|
-
entity.hasOwnProperty("secret"));
|
|
4376
|
-
}
|
|
4339
|
+
const uxNotAllowed = "ux_not_allowed";
|
|
4377
4340
|
/**
|
|
4378
|
-
*
|
|
4379
|
-
* @
|
|
4341
|
+
* Server-originated error code indicating interaction is required to complete the request.
|
|
4342
|
+
* @public
|
|
4380
4343
|
*/
|
|
4381
|
-
|
|
4382
|
-
if (!entity) {
|
|
4383
|
-
return false;
|
|
4384
|
-
}
|
|
4385
|
-
return (isCredentialEntity(entity) &&
|
|
4386
|
-
entity.hasOwnProperty("realm") &&
|
|
4387
|
-
entity.hasOwnProperty("target") &&
|
|
4388
|
-
(entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
|
|
4389
|
-
entity["credentialType"] ===
|
|
4390
|
-
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
|
|
4391
|
-
}
|
|
4344
|
+
const interactionRequired = "interaction_required";
|
|
4392
4345
|
/**
|
|
4393
|
-
*
|
|
4394
|
-
* @
|
|
4346
|
+
* Server-originated error code indicating user consent is required.
|
|
4347
|
+
* @public
|
|
4395
4348
|
*/
|
|
4396
|
-
|
|
4397
|
-
if (!entity) {
|
|
4398
|
-
return false;
|
|
4399
|
-
}
|
|
4400
|
-
return (isCredentialEntity(entity) &&
|
|
4401
|
-
entity.hasOwnProperty("realm") &&
|
|
4402
|
-
entity["credentialType"] === CredentialType.ID_TOKEN);
|
|
4403
|
-
}
|
|
4349
|
+
const consentRequired = "consent_required";
|
|
4404
4350
|
/**
|
|
4405
|
-
*
|
|
4406
|
-
* @
|
|
4351
|
+
* Server-originated error code indicating user login is required.
|
|
4352
|
+
* @public
|
|
4407
4353
|
*/
|
|
4408
|
-
|
|
4409
|
-
if (!entity) {
|
|
4410
|
-
return false;
|
|
4411
|
-
}
|
|
4412
|
-
return (isCredentialEntity(entity) &&
|
|
4413
|
-
entity["credentialType"] === CredentialType.REFRESH_TOKEN);
|
|
4414
|
-
}
|
|
4354
|
+
const loginRequired = "login_required";
|
|
4415
4355
|
/**
|
|
4416
|
-
*
|
|
4417
|
-
* @
|
|
4418
|
-
* @param entity
|
|
4356
|
+
* Server-originated error code indicating the token is invalid or corrupted.
|
|
4357
|
+
* @public
|
|
4419
4358
|
*/
|
|
4420
|
-
|
|
4421
|
-
const validateKey = key.indexOf(SERVER_TELEM_CACHE_KEY) === 0;
|
|
4422
|
-
let validateEntity = true;
|
|
4423
|
-
if (entity) {
|
|
4424
|
-
validateEntity =
|
|
4425
|
-
entity.hasOwnProperty("failedRequests") &&
|
|
4426
|
-
entity.hasOwnProperty("errors") &&
|
|
4427
|
-
entity.hasOwnProperty("cacheHits");
|
|
4428
|
-
}
|
|
4429
|
-
return validateKey && validateEntity;
|
|
4430
|
-
}
|
|
4359
|
+
const badToken = "bad_token";
|
|
4431
4360
|
/**
|
|
4432
|
-
*
|
|
4433
|
-
* @
|
|
4434
|
-
* @param entity
|
|
4361
|
+
* Server-originated error code indicating the user is in an interrupted state and interaction is required.
|
|
4362
|
+
* @public
|
|
4435
4363
|
*/
|
|
4436
|
-
|
|
4437
|
-
|
|
4438
|
-
|
|
4439
|
-
|
|
4440
|
-
|
|
4441
|
-
|
|
4442
|
-
|
|
4443
|
-
|
|
4364
|
+
const interruptedUser = "interrupted_user";
|
|
4365
|
+
|
|
4366
|
+
var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
4367
|
+
__proto__: null,
|
|
4368
|
+
badToken: badToken,
|
|
4369
|
+
consentRequired: consentRequired,
|
|
4370
|
+
interactionRequired: interactionRequired,
|
|
4371
|
+
interruptedUser: interruptedUser,
|
|
4372
|
+
loginRequired: loginRequired,
|
|
4373
|
+
nativeAccountUnavailable: nativeAccountUnavailable,
|
|
4374
|
+
noTokensFound: noTokensFound,
|
|
4375
|
+
refreshTokenExpired: refreshTokenExpired,
|
|
4376
|
+
uxNotAllowed: uxNotAllowed
|
|
4377
|
+
});
|
|
4378
|
+
|
|
4379
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4380
|
+
|
|
4381
|
+
/*
|
|
4382
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4383
|
+
* Licensed under the MIT License.
|
|
4384
|
+
*/
|
|
4385
|
+
/**
|
|
4386
|
+
* InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required
|
|
4387
|
+
*/
|
|
4388
|
+
const InteractionRequiredServerErrorMessage = [
|
|
4389
|
+
interactionRequired,
|
|
4390
|
+
consentRequired,
|
|
4391
|
+
loginRequired,
|
|
4392
|
+
badToken,
|
|
4393
|
+
uxNotAllowed,
|
|
4394
|
+
interruptedUser,
|
|
4395
|
+
];
|
|
4396
|
+
const InteractionRequiredAuthSubErrorMessage = [
|
|
4397
|
+
"message_only",
|
|
4398
|
+
"additional_action",
|
|
4399
|
+
"basic_action",
|
|
4400
|
+
"user_password_expired",
|
|
4401
|
+
"consent_required",
|
|
4402
|
+
"bad_token",
|
|
4403
|
+
"ux_not_allowed",
|
|
4404
|
+
"interrupted_user",
|
|
4405
|
+
];
|
|
4406
|
+
/**
|
|
4407
|
+
* Error thrown when user interaction is required.
|
|
4408
|
+
*/
|
|
4409
|
+
class InteractionRequiredAuthError extends AuthError {
|
|
4410
|
+
constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
|
|
4411
|
+
super(errorCode, errorMessage, subError);
|
|
4412
|
+
Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
|
|
4413
|
+
this.timestamp = timestamp || "";
|
|
4414
|
+
this.traceId = traceId || "";
|
|
4415
|
+
this.correlationId = correlationId || "";
|
|
4416
|
+
this.claims = claims || "";
|
|
4417
|
+
this.name = "InteractionRequiredAuthError";
|
|
4418
|
+
this.errorNo = errorNo;
|
|
4444
4419
|
}
|
|
4445
|
-
return validateKey && validateEntity;
|
|
4446
4420
|
}
|
|
4447
4421
|
/**
|
|
4448
|
-
*
|
|
4422
|
+
* Helper function used to determine if an error thrown by the server requires interaction to resolve
|
|
4423
|
+
* @param errorCode
|
|
4424
|
+
* @param errorString
|
|
4425
|
+
* @param subError
|
|
4449
4426
|
*/
|
|
4450
|
-
function
|
|
4451
|
-
const
|
|
4452
|
-
|
|
4453
|
-
|
|
4454
|
-
|
|
4455
|
-
|
|
4456
|
-
|
|
4457
|
-
|
|
4458
|
-
|
|
4427
|
+
function isInteractionRequiredError(errorCode, errorString, subError) {
|
|
4428
|
+
const isInteractionRequiredErrorCode = !!errorCode &&
|
|
4429
|
+
InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;
|
|
4430
|
+
const isInteractionRequiredSubError = !!subError &&
|
|
4431
|
+
InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
|
|
4432
|
+
const isInteractionRequiredErrorDesc = !!errorString &&
|
|
4433
|
+
InteractionRequiredServerErrorMessage.some((irErrorCode) => {
|
|
4434
|
+
return errorString.indexOf(irErrorCode) > -1;
|
|
4435
|
+
});
|
|
4436
|
+
return (isInteractionRequiredErrorCode ||
|
|
4437
|
+
isInteractionRequiredErrorDesc ||
|
|
4438
|
+
isInteractionRequiredSubError);
|
|
4459
4439
|
}
|
|
4440
|
+
/**
|
|
4441
|
+
* Creates an InteractionRequiredAuthError
|
|
4442
|
+
*/
|
|
4443
|
+
function createInteractionRequiredAuthError(errorCode, errorMessage) {
|
|
4444
|
+
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4445
|
+
}
|
|
4446
|
+
|
|
4447
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4448
|
+
|
|
4460
4449
|
/*
|
|
4461
|
-
*
|
|
4462
|
-
*
|
|
4450
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4451
|
+
* Licensed under the MIT License.
|
|
4463
4452
|
*/
|
|
4464
|
-
function isAppMetadataEntity(key, entity) {
|
|
4465
|
-
if (!entity) {
|
|
4466
|
-
return false;
|
|
4467
|
-
}
|
|
4468
|
-
return (key.indexOf(APP_METADATA) === 0 &&
|
|
4469
|
-
entity.hasOwnProperty("clientId") &&
|
|
4470
|
-
entity.hasOwnProperty("environment"));
|
|
4471
|
-
}
|
|
4472
4453
|
/**
|
|
4473
|
-
*
|
|
4474
|
-
* @param entity
|
|
4454
|
+
* Error thrown when there is an error with the server code, for example, unavailability.
|
|
4475
4455
|
*/
|
|
4476
|
-
|
|
4477
|
-
|
|
4478
|
-
|
|
4456
|
+
class ServerError extends AuthError {
|
|
4457
|
+
constructor(errorCode, errorMessage, subError, errorNo, status) {
|
|
4458
|
+
super(errorCode, errorMessage, subError);
|
|
4459
|
+
this.name = "ServerError";
|
|
4460
|
+
this.errorNo = errorNo;
|
|
4461
|
+
this.status = status;
|
|
4462
|
+
Object.setPrototypeOf(this, ServerError.prototype);
|
|
4479
4463
|
}
|
|
4480
|
-
|
|
4481
|
-
|
|
4482
|
-
|
|
4483
|
-
|
|
4484
|
-
|
|
4485
|
-
|
|
4486
|
-
|
|
4487
|
-
|
|
4488
|
-
entity.hasOwnProperty("aliasesFromNetwork") &&
|
|
4489
|
-
entity.hasOwnProperty("endpointsFromNetwork") &&
|
|
4490
|
-
entity.hasOwnProperty("expiresAt") &&
|
|
4491
|
-
entity.hasOwnProperty("jwks_uri"));
|
|
4492
|
-
}
|
|
4464
|
+
}
|
|
4465
|
+
|
|
4466
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4467
|
+
|
|
4468
|
+
/*
|
|
4469
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4470
|
+
* Licensed under the MIT License.
|
|
4471
|
+
*/
|
|
4493
4472
|
/**
|
|
4494
|
-
*
|
|
4473
|
+
* Appends user state with random guid, or returns random guid.
|
|
4474
|
+
* @param cryptoObj
|
|
4475
|
+
* @param userState
|
|
4476
|
+
* @param meta
|
|
4495
4477
|
*/
|
|
4496
|
-
function
|
|
4497
|
-
|
|
4498
|
-
|
|
4499
|
-
|
|
4500
|
-
|
|
4501
|
-
authorityMetadata.authorization_endpoint =
|
|
4502
|
-
updatedValues.authorization_endpoint;
|
|
4503
|
-
authorityMetadata.token_endpoint = updatedValues.token_endpoint;
|
|
4504
|
-
authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
|
|
4505
|
-
authorityMetadata.issuer = updatedValues.issuer;
|
|
4506
|
-
authorityMetadata.endpointsFromNetwork = fromNetwork;
|
|
4507
|
-
authorityMetadata.jwks_uri = updatedValues.jwks_uri;
|
|
4478
|
+
function setRequestState(cryptoObj, userState, meta) {
|
|
4479
|
+
const libraryState = generateLibraryState(cryptoObj, meta);
|
|
4480
|
+
return userState
|
|
4481
|
+
? `${libraryState}${RESOURCE_DELIM}${userState}`
|
|
4482
|
+
: libraryState;
|
|
4508
4483
|
}
|
|
4509
|
-
|
|
4510
|
-
|
|
4511
|
-
|
|
4512
|
-
|
|
4513
|
-
|
|
4484
|
+
/**
|
|
4485
|
+
* Generates the state value used by the common library.
|
|
4486
|
+
* @param cryptoObj
|
|
4487
|
+
* @param meta
|
|
4488
|
+
*/
|
|
4489
|
+
function generateLibraryState(cryptoObj, meta) {
|
|
4490
|
+
if (!cryptoObj) {
|
|
4491
|
+
throw createClientAuthError(noCryptoObject);
|
|
4492
|
+
}
|
|
4493
|
+
// Create a state object containing a unique id and the timestamp of the request creation
|
|
4494
|
+
const stateObj = {
|
|
4495
|
+
id: cryptoObj.createNewGuid(),
|
|
4496
|
+
};
|
|
4497
|
+
if (meta) {
|
|
4498
|
+
stateObj.meta = meta;
|
|
4499
|
+
}
|
|
4500
|
+
const stateString = JSON.stringify(stateObj);
|
|
4501
|
+
return cryptoObj.base64Encode(stateString);
|
|
4514
4502
|
}
|
|
4515
4503
|
/**
|
|
4516
|
-
*
|
|
4504
|
+
* Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.
|
|
4505
|
+
* @param base64Decode
|
|
4506
|
+
* @param state
|
|
4517
4507
|
*/
|
|
4518
|
-
function
|
|
4519
|
-
|
|
4508
|
+
function parseRequestState(base64Decode, state) {
|
|
4509
|
+
if (!base64Decode) {
|
|
4510
|
+
throw createClientAuthError(noCryptoObject);
|
|
4511
|
+
}
|
|
4512
|
+
if (!state) {
|
|
4513
|
+
throw createClientAuthError(invalidState);
|
|
4514
|
+
}
|
|
4515
|
+
try {
|
|
4516
|
+
// Split the state between library state and user passed state and decode them separately
|
|
4517
|
+
const splitState = state.split(RESOURCE_DELIM);
|
|
4518
|
+
const libraryState = splitState[0];
|
|
4519
|
+
const userState = splitState.length > 1
|
|
4520
|
+
? splitState.slice(1).join(RESOURCE_DELIM)
|
|
4521
|
+
: "";
|
|
4522
|
+
const libraryStateString = base64Decode(libraryState);
|
|
4523
|
+
const libraryStateObj = JSON.parse(libraryStateString);
|
|
4524
|
+
return {
|
|
4525
|
+
userRequestState: userState || "",
|
|
4526
|
+
libraryState: libraryStateObj,
|
|
4527
|
+
};
|
|
4528
|
+
}
|
|
4529
|
+
catch (e) {
|
|
4530
|
+
throw createClientAuthError(invalidState);
|
|
4531
|
+
}
|
|
4520
4532
|
}
|
|
4521
4533
|
|
|
4522
|
-
/*! @azure/msal-common v16.
|
|
4534
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4523
4535
|
|
|
4524
4536
|
/*
|
|
4525
4537
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4675,7 +4687,7 @@
|
|
|
4675
4687
|
if (serverTokenResponse.id_token && !!idTokenClaims) {
|
|
4676
4688
|
cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || "");
|
|
4677
4689
|
cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, request.correlationId, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
|
|
4678
|
-
this.logger);
|
|
4690
|
+
this.logger, this.performanceClient);
|
|
4679
4691
|
}
|
|
4680
4692
|
// AccessToken
|
|
4681
4693
|
let cachedAccessToken = null;
|
|
@@ -4826,17 +4838,24 @@
|
|
|
4826
4838
|
};
|
|
4827
4839
|
}
|
|
4828
4840
|
}
|
|
4829
|
-
function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
|
|
4841
|
+
function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger, performanceClient) {
|
|
4830
4842
|
logger?.verbose("09jz0t", correlationId);
|
|
4831
|
-
|
|
4832
|
-
|
|
4833
|
-
|
|
4834
|
-
|
|
4835
|
-
|
|
4836
|
-
|
|
4837
|
-
|
|
4838
|
-
|
|
4843
|
+
/*
|
|
4844
|
+
* Check if base account is already cached. Filter by homeAccountId (identifies
|
|
4845
|
+
* the user's home identity) and environment (identifies the cloud) — the two
|
|
4846
|
+
* tenant-agnostic properties that uniquely locate a base AccountEntity.
|
|
4847
|
+
*/
|
|
4848
|
+
const accountEnvironment = environment || authority.getPreferredCache();
|
|
4849
|
+
const matchedAccounts = cacheStorage.getAccountsFilteredBy({ homeAccountId, environment: accountEnvironment }, correlationId);
|
|
4850
|
+
performanceClient?.addFields({ cacheMatchedAccounts: matchedAccounts.length }, correlationId);
|
|
4851
|
+
if (matchedAccounts.length > 1) {
|
|
4852
|
+
/*
|
|
4853
|
+
* Base accounts are expected to be unique for a given homeAccountId in normal cache usage.
|
|
4854
|
+
* If multiple matches exist, ignore the cache hit rather than arbitrarily choosing one.
|
|
4855
|
+
*/
|
|
4856
|
+
logger?.warning("0x7ad1", correlationId);
|
|
4839
4857
|
}
|
|
4858
|
+
const cachedAccount = matchedAccounts.length === 1 ? matchedAccounts[0] : null;
|
|
4840
4859
|
const baseAccount = cachedAccount ||
|
|
4841
4860
|
createAccountEntity({
|
|
4842
4861
|
homeAccountId,
|
|
@@ -4860,7 +4879,7 @@
|
|
|
4860
4879
|
return baseAccount;
|
|
4861
4880
|
}
|
|
4862
4881
|
|
|
4863
|
-
/*! @azure/msal-common v16.
|
|
4882
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4864
4883
|
/*
|
|
4865
4884
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4866
4885
|
* Licensed under the MIT License.
|
|
@@ -4870,7 +4889,7 @@
|
|
|
4870
4889
|
UPN: "UPN",
|
|
4871
4890
|
};
|
|
4872
4891
|
|
|
4873
|
-
/*! @azure/msal-common v16.
|
|
4892
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4874
4893
|
/*
|
|
4875
4894
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4876
4895
|
* Licensed under the MIT License.
|
|
@@ -4888,7 +4907,7 @@
|
|
|
4888
4907
|
}
|
|
4889
4908
|
}
|
|
4890
4909
|
|
|
4891
|
-
/*! @azure/msal-common v16.
|
|
4910
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4892
4911
|
/*
|
|
4893
4912
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4894
4913
|
* Licensed under the MIT License.
|
|
@@ -4909,7 +4928,7 @@
|
|
|
4909
4928
|
};
|
|
4910
4929
|
}
|
|
4911
4930
|
|
|
4912
|
-
/*! @azure/msal-common v16.
|
|
4931
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4913
4932
|
|
|
4914
4933
|
/*
|
|
4915
4934
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4995,7 +5014,7 @@
|
|
|
4995
5014
|
}
|
|
4996
5015
|
}
|
|
4997
5016
|
|
|
4998
|
-
/*! @azure/msal-common v16.
|
|
5017
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4999
5018
|
|
|
5000
5019
|
/*
|
|
5001
5020
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5026,7 +5045,7 @@
|
|
|
5026
5045
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
5027
5046
|
}
|
|
5028
5047
|
|
|
5029
|
-
/*! @azure/msal-common v16.
|
|
5048
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5030
5049
|
|
|
5031
5050
|
/*
|
|
5032
5051
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5140,7 +5159,7 @@
|
|
|
5140
5159
|
return response;
|
|
5141
5160
|
}
|
|
5142
5161
|
|
|
5143
|
-
/*! @azure/msal-common v16.
|
|
5162
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5144
5163
|
/*
|
|
5145
5164
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5146
5165
|
* Licensed under the MIT License.
|
|
@@ -5152,7 +5171,7 @@
|
|
|
5152
5171
|
response.hasOwnProperty("jwks_uri"));
|
|
5153
5172
|
}
|
|
5154
5173
|
|
|
5155
|
-
/*! @azure/msal-common v16.
|
|
5174
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5156
5175
|
/*
|
|
5157
5176
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5158
5177
|
* Licensed under the MIT License.
|
|
@@ -5162,7 +5181,7 @@
|
|
|
5162
5181
|
response.hasOwnProperty("metadata"));
|
|
5163
5182
|
}
|
|
5164
5183
|
|
|
5165
|
-
/*! @azure/msal-common v16.
|
|
5184
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5166
5185
|
/*
|
|
5167
5186
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5168
5187
|
* Licensed under the MIT License.
|
|
@@ -5172,7 +5191,7 @@
|
|
|
5172
5191
|
response.hasOwnProperty("error_description"));
|
|
5173
5192
|
}
|
|
5174
5193
|
|
|
5175
|
-
/*! @azure/msal-common v16.
|
|
5194
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5176
5195
|
|
|
5177
5196
|
/*
|
|
5178
5197
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5277,7 +5296,7 @@
|
|
|
5277
5296
|
},
|
|
5278
5297
|
};
|
|
5279
5298
|
|
|
5280
|
-
/*! @azure/msal-common v16.
|
|
5299
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5281
5300
|
|
|
5282
5301
|
/*
|
|
5283
5302
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6097,7 +6116,7 @@
|
|
|
6097
6116
|
};
|
|
6098
6117
|
}
|
|
6099
6118
|
|
|
6100
|
-
/*! @azure/msal-common v16.
|
|
6119
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6101
6120
|
|
|
6102
6121
|
/*
|
|
6103
6122
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6131,7 +6150,7 @@
|
|
|
6131
6150
|
}
|
|
6132
6151
|
}
|
|
6133
6152
|
|
|
6134
|
-
/*! @azure/msal-common v16.
|
|
6153
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6135
6154
|
|
|
6136
6155
|
/*
|
|
6137
6156
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6296,11 +6315,6 @@
|
|
|
6296
6315
|
throw createClientConfigurationError(missingSshJwk);
|
|
6297
6316
|
}
|
|
6298
6317
|
}
|
|
6299
|
-
if (!StringUtils.isEmptyObj(request.claims) ||
|
|
6300
|
-
(this.config.authOptions.clientCapabilities &&
|
|
6301
|
-
this.config.authOptions.clientCapabilities.length > 0)) {
|
|
6302
|
-
addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
|
|
6303
|
-
}
|
|
6304
6318
|
let ccsCred = undefined;
|
|
6305
6319
|
if (request.clientInfo) {
|
|
6306
6320
|
try {
|
|
@@ -6349,6 +6363,7 @@
|
|
|
6349
6363
|
});
|
|
6350
6364
|
}
|
|
6351
6365
|
instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
|
|
6366
|
+
addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities, request.skipBrokerClaims);
|
|
6352
6367
|
return mapToQueryString(parameters);
|
|
6353
6368
|
}
|
|
6354
6369
|
/**
|
|
@@ -6392,7 +6407,7 @@
|
|
|
6392
6407
|
}
|
|
6393
6408
|
}
|
|
6394
6409
|
|
|
6395
|
-
/*! @azure/msal-common v16.
|
|
6410
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6396
6411
|
|
|
6397
6412
|
/*
|
|
6398
6413
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6582,11 +6597,6 @@
|
|
|
6582
6597
|
throw createClientConfigurationError(missingSshJwk);
|
|
6583
6598
|
}
|
|
6584
6599
|
}
|
|
6585
|
-
if (!StringUtils.isEmptyObj(request.claims) ||
|
|
6586
|
-
(this.config.authOptions.clientCapabilities &&
|
|
6587
|
-
this.config.authOptions.clientCapabilities.length > 0)) {
|
|
6588
|
-
addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
|
|
6589
|
-
}
|
|
6590
6600
|
if (this.config.systemOptions.preventCorsPreflight &&
|
|
6591
6601
|
request.ccsCredential) {
|
|
6592
6602
|
switch (request.ccsCredential.type) {
|
|
@@ -6613,11 +6623,12 @@
|
|
|
6613
6623
|
});
|
|
6614
6624
|
}
|
|
6615
6625
|
instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
|
|
6626
|
+
addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities, request.skipBrokerClaims);
|
|
6616
6627
|
return mapToQueryString(parameters);
|
|
6617
6628
|
}
|
|
6618
6629
|
}
|
|
6619
6630
|
|
|
6620
|
-
/*! @azure/msal-common v16.
|
|
6631
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6621
6632
|
|
|
6622
6633
|
/*
|
|
6623
6634
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6733,7 +6744,7 @@
|
|
|
6733
6744
|
}
|
|
6734
6745
|
}
|
|
6735
6746
|
|
|
6736
|
-
/*! @azure/msal-common v16.
|
|
6747
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6737
6748
|
|
|
6738
6749
|
/*
|
|
6739
6750
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6748,7 +6759,7 @@
|
|
|
6748
6759
|
},
|
|
6749
6760
|
};
|
|
6750
6761
|
|
|
6751
|
-
/*! @azure/msal-common v16.
|
|
6762
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6752
6763
|
|
|
6753
6764
|
/*
|
|
6754
6765
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6872,14 +6883,10 @@
|
|
|
6872
6883
|
if (request.state) {
|
|
6873
6884
|
addState(parameters, request.state);
|
|
6874
6885
|
}
|
|
6875
|
-
if (request.claims ||
|
|
6876
|
-
(authOptions.clientCapabilities &&
|
|
6877
|
-
authOptions.clientCapabilities.length > 0)) {
|
|
6878
|
-
addClaims(parameters, request.claims, authOptions.clientCapabilities);
|
|
6879
|
-
}
|
|
6880
6886
|
if (request.embeddedClientId) {
|
|
6881
6887
|
addBrokerParameters(parameters, authOptions.clientId, authOptions.redirectUri);
|
|
6882
6888
|
}
|
|
6889
|
+
addClaims(parameters, request.claims, authOptions.clientCapabilities, request.skipBrokerClaims);
|
|
6883
6890
|
// If extraQueryParameters includes instance_aware its value will be added when extraQueryParameters are added
|
|
6884
6891
|
if (authOptions.instanceAware &&
|
|
6885
6892
|
(!request.extraQueryParameters ||
|
|
@@ -6975,7 +6982,7 @@
|
|
|
6975
6982
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
6976
6983
|
}
|
|
6977
6984
|
|
|
6978
|
-
/*! @azure/msal-common v16.
|
|
6985
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6979
6986
|
|
|
6980
6987
|
/*
|
|
6981
6988
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7008,7 +7015,7 @@
|
|
|
7008
7015
|
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
7009
7016
|
}
|
|
7010
7017
|
|
|
7011
|
-
/*! @azure/msal-common v16.
|
|
7018
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7012
7019
|
|
|
7013
7020
|
/*
|
|
7014
7021
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7066,7 +7073,7 @@
|
|
|
7066
7073
|
}
|
|
7067
7074
|
}
|
|
7068
7075
|
|
|
7069
|
-
/*! @azure/msal-common v16.
|
|
7076
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7070
7077
|
/*
|
|
7071
7078
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7072
7079
|
* Licensed under the MIT License.
|
|
@@ -7083,7 +7090,7 @@
|
|
|
7083
7090
|
unexpectedError: unexpectedError
|
|
7084
7091
|
});
|
|
7085
7092
|
|
|
7086
|
-
/*! @azure/msal-common v16.
|
|
7093
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7087
7094
|
|
|
7088
7095
|
/*
|
|
7089
7096
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7344,7 +7351,7 @@
|
|
|
7344
7351
|
}
|
|
7345
7352
|
}
|
|
7346
7353
|
|
|
7347
|
-
/*! @azure/msal-common v16.
|
|
7354
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7348
7355
|
|
|
7349
7356
|
/*
|
|
7350
7357
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7365,7 +7372,7 @@
|
|
|
7365
7372
|
return new JoseHeaderError(code);
|
|
7366
7373
|
}
|
|
7367
7374
|
|
|
7368
|
-
/*! @azure/msal-common v16.
|
|
7375
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7369
7376
|
/*
|
|
7370
7377
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7371
7378
|
* Licensed under the MIT License.
|
|
@@ -7373,7 +7380,7 @@
|
|
|
7373
7380
|
const missingKidError = "missing_kid_error";
|
|
7374
7381
|
const missingAlgError = "missing_alg_error";
|
|
7375
7382
|
|
|
7376
|
-
/*! @azure/msal-common v16.
|
|
7383
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7377
7384
|
|
|
7378
7385
|
/*
|
|
7379
7386
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7413,7 +7420,7 @@
|
|
|
7413
7420
|
}
|
|
7414
7421
|
}
|
|
7415
7422
|
|
|
7416
|
-
/*! @azure/msal-common v16.
|
|
7423
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7417
7424
|
|
|
7418
7425
|
/*
|
|
7419
7426
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7943,6 +7950,137 @@
|
|
|
7943
7950
|
}
|
|
7944
7951
|
}
|
|
7945
7952
|
|
|
7953
|
+
/*
|
|
7954
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7955
|
+
* Licensed under the MIT License.
|
|
7956
|
+
*/
|
|
7957
|
+
/**
|
|
7958
|
+
* acquireTokenFromCache (msal-browser).
|
|
7959
|
+
* Internal API for acquiring token from cache
|
|
7960
|
+
*/
|
|
7961
|
+
const AcquireTokenFromCache = "acquireTokenFromCache";
|
|
7962
|
+
/**
|
|
7963
|
+
* acquireTokenByRefreshToken API (msal-browser and msal-node).
|
|
7964
|
+
* Used to renew an access token using a refresh token against the token endpoint.
|
|
7965
|
+
*/
|
|
7966
|
+
const AcquireTokenByRefreshToken = "acquireTokenByRefreshToken";
|
|
7967
|
+
/**
|
|
7968
|
+
* acquireTokenSilentAsync (msal-browser).
|
|
7969
|
+
* Internal API for acquireTokenSilent.
|
|
7970
|
+
*/
|
|
7971
|
+
const AcquireTokenSilentAsync = "acquireTokenSilentAsync";
|
|
7972
|
+
/**
|
|
7973
|
+
* getPublicKeyThumbprint API in CryptoOpts class (msal-browser).
|
|
7974
|
+
* Used to generate a public/private keypair and generate a public key thumbprint for pop requests.
|
|
7975
|
+
*/
|
|
7976
|
+
const CryptoOptsGetPublicKeyThumbprint = "cryptoOptsGetPublicKeyThumbprint";
|
|
7977
|
+
/**
|
|
7978
|
+
* signJwt API in CryptoOpts class (msal-browser).
|
|
7979
|
+
* Used to signed a pop token.
|
|
7980
|
+
*/
|
|
7981
|
+
const CryptoOptsSignJwt = "cryptoOptsSignJwt";
|
|
7982
|
+
/**
|
|
7983
|
+
* acquireToken API in the SilentCacheClient class (msal-browser).
|
|
7984
|
+
* Used to read access tokens from the cache.
|
|
7985
|
+
*/
|
|
7986
|
+
const SilentCacheClientAcquireToken = "silentCacheClientAcquireToken";
|
|
7987
|
+
/**
|
|
7988
|
+
* acquireToken API in the SilentIframeClient class (msal-browser).
|
|
7989
|
+
* Used to acquire a new set of tokens from the authorize endpoint in a hidden iframe.
|
|
7990
|
+
*/
|
|
7991
|
+
const SilentIframeClientAcquireToken = "silentIframeClientAcquireToken";
|
|
7992
|
+
const AwaitConcurrentIframe = "awaitConcurrentIframe"; // Time spent waiting for a concurrent iframe to complete
|
|
7993
|
+
/**
|
|
7994
|
+
* acquireToken API in SilentRereshClient (msal-browser).
|
|
7995
|
+
* Used to acquire a new set of tokens from the token endpoint using a refresh token.
|
|
7996
|
+
*/
|
|
7997
|
+
const SilentRefreshClientAcquireToken = "silentRefreshClientAcquireToken";
|
|
7998
|
+
/**
|
|
7999
|
+
* getDiscoveredAuthority API in StandardInteractionClient class (msal-browser).
|
|
8000
|
+
* Used to load authority metadata for a request.
|
|
8001
|
+
*/
|
|
8002
|
+
const StandardInteractionClientGetDiscoveredAuthority = "standardInteractionClientGetDiscoveredAuthority";
|
|
8003
|
+
/**
|
|
8004
|
+
* acquireToken API in NativeInteractionClient class (msal-browser).
|
|
8005
|
+
* Used to acquire a token from Native component when native brokering is enabled.
|
|
8006
|
+
*/
|
|
8007
|
+
const NativeInteractionClientAcquireToken = "nativeInteractionClientAcquireToken";
|
|
8008
|
+
const NativeInteractionClientAcquireTokenRedirect = "nativeInteractionClientAcquireToken";
|
|
8009
|
+
/**
|
|
8010
|
+
* acquireTokenByRefreshToken API in RefreshTokenClient (msal-common).
|
|
8011
|
+
*/
|
|
8012
|
+
const RefreshTokenClientAcquireTokenByRefreshToken = "refreshTokenClientAcquireTokenByRefreshToken";
|
|
8013
|
+
/**
|
|
8014
|
+
* acquireTokenBySilentIframe (msal-browser).
|
|
8015
|
+
* Internal API for acquiring token by silent Iframe
|
|
8016
|
+
*/
|
|
8017
|
+
const AcquireTokenBySilentIframe = "acquireTokenBySilentIframe";
|
|
8018
|
+
/**
|
|
8019
|
+
* Internal API for initializing base request in BaseInteractionClient (msal-browser)
|
|
8020
|
+
*/
|
|
8021
|
+
const InitializeBaseRequest = "initializeBaseRequest";
|
|
8022
|
+
/**
|
|
8023
|
+
* Internal API for initializing silent request in SilentCacheClient (msal-browser)
|
|
8024
|
+
*/
|
|
8025
|
+
const InitializeSilentRequest = "initializeSilentRequest";
|
|
8026
|
+
const InitializeCache = "initializeCache";
|
|
8027
|
+
/**
|
|
8028
|
+
* Helper function in SilentIframeClient class (msal-browser).
|
|
8029
|
+
*/
|
|
8030
|
+
const SilentIframeClientTokenHelper = "silentIframeClientTokenHelper";
|
|
8031
|
+
/**
|
|
8032
|
+
* SilentHandler
|
|
8033
|
+
*/
|
|
8034
|
+
const SilentHandlerInitiateAuthRequest = "silentHandlerInitiateAuthRequest";
|
|
8035
|
+
const SilentHandlerMonitorIframeForHash = "silentHandlerMonitorIframeForHash";
|
|
8036
|
+
const SilentHandlerLoadFrameSync = "silentHandlerLoadFrameSync";
|
|
8037
|
+
/**
|
|
8038
|
+
* Helper functions in StandardInteractionClient class (msal-browser)
|
|
8039
|
+
*/
|
|
8040
|
+
const StandardInteractionClientCreateAuthCodeClient = "standardInteractionClientCreateAuthCodeClient";
|
|
8041
|
+
const StandardInteractionClientGetClientConfiguration = "standardInteractionClientGetClientConfiguration";
|
|
8042
|
+
const StandardInteractionClientInitializeAuthorizationRequest = "standardInteractionClientInitializeAuthorizationRequest";
|
|
8043
|
+
const SilentFlowClientAcquireCachedToken = "silentFlowClientAcquireCachedToken";
|
|
8044
|
+
const GetStandardParams = "getStandardParams";
|
|
8045
|
+
const HandleCodeResponse = "handleCodeResponse";
|
|
8046
|
+
const HandleResponseEar = "handleResponseEar";
|
|
8047
|
+
const HandleResponsePlatformBroker = "handleResponsePlatformBroker";
|
|
8048
|
+
const HandleResponseCode = "handleResponseCode";
|
|
8049
|
+
const AuthClientAcquireToken = "authClientAcquireToken";
|
|
8050
|
+
const DeserializeResponse = "deserializeResponse";
|
|
8051
|
+
const AuthorityFactoryCreateDiscoveredInstance = "authorityFactoryCreateDiscoveredInstance";
|
|
8052
|
+
const AcquireTokenByCodeAsync = "acquireTokenByCodeAsync";
|
|
8053
|
+
const HandleRedirectPromiseMeasurement = "handleRedirectPromise";
|
|
8054
|
+
const HandleNativeRedirectPromiseMeasurement = "handleNativeRedirectPromise";
|
|
8055
|
+
const NativeMessageHandlerHandshake = "nativeMessageHandlerHandshake";
|
|
8056
|
+
const RemoveHiddenIframe = "removeHiddenIframe";
|
|
8057
|
+
const ImportExistingCache = "importExistingCache";
|
|
8058
|
+
/**
|
|
8059
|
+
* Crypto Operations
|
|
8060
|
+
*/
|
|
8061
|
+
const GeneratePkceCodes = "generatePkceCodes";
|
|
8062
|
+
const GenerateCodeVerifier = "generateCodeVerifier";
|
|
8063
|
+
const GenerateCodeChallengeFromVerifier = "generateCodeChallengeFromVerifier";
|
|
8064
|
+
const Sha256Digest = "sha256Digest";
|
|
8065
|
+
const GetRandomValues = "getRandomValues";
|
|
8066
|
+
const GenerateHKDF = "generateHKDF";
|
|
8067
|
+
const GenerateBaseKey = "generateBaseKey";
|
|
8068
|
+
const Base64Decode = "base64Decode";
|
|
8069
|
+
const UrlEncodeArr = "urlEncodeArr";
|
|
8070
|
+
const Encrypt = "encrypt";
|
|
8071
|
+
const Decrypt = "decrypt";
|
|
8072
|
+
const GenerateEarKey = "generateEarKey";
|
|
8073
|
+
const DecryptEarResponse = "decryptEarResponse";
|
|
8074
|
+
const LoadAccount = "loadAccount";
|
|
8075
|
+
const LoadIdToken = "loadIdToken";
|
|
8076
|
+
const LoadAccessToken = "loadAccessToken";
|
|
8077
|
+
const LoadRefreshToken = "loadRefreshToken";
|
|
8078
|
+
/**
|
|
8079
|
+
* Background telemetry measurement that tracks whether a late bridge response
|
|
8080
|
+
* arrives after the iframe timeout has already fired.
|
|
8081
|
+
*/
|
|
8082
|
+
const WaitForBridgeLateResponse$1 = "waitForBridgeLateResponse";
|
|
8083
|
+
|
|
7946
8084
|
/*
|
|
7947
8085
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7948
8086
|
* Licensed under the MIT License.
|
|
@@ -8849,20 +8987,35 @@
|
|
|
8849
8987
|
activeBridgeMonitor = null;
|
|
8850
8988
|
}
|
|
8851
8989
|
}
|
|
8852
|
-
async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient) {
|
|
8990
|
+
async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient, experimentalConfig) {
|
|
8853
8991
|
return new Promise((resolve, reject) => {
|
|
8854
8992
|
logger.verbose("1rf6em", request.correlationId);
|
|
8855
8993
|
const correlationId = request.correlationId;
|
|
8856
8994
|
performanceClient.addFields({
|
|
8857
8995
|
redirectBridgeTimeoutMs: timeoutMs,
|
|
8996
|
+
lateResponseExperimentEnabled: experimentalConfig?.iframeTimeoutTelemetry || false,
|
|
8858
8997
|
}, correlationId);
|
|
8859
8998
|
const { libraryState } = parseRequestState(browserCrypto.base64Decode, request.state || "");
|
|
8860
8999
|
const channel = new BroadcastChannel(libraryState.id);
|
|
8861
9000
|
let responseString = undefined;
|
|
9001
|
+
let timedOut$1 = false;
|
|
9002
|
+
let lateTimeoutId;
|
|
9003
|
+
let lateMeasurement;
|
|
8862
9004
|
const timeoutId = window.setTimeout(() => {
|
|
8863
9005
|
// Clear the active monitor
|
|
8864
9006
|
activeBridgeMonitor = null;
|
|
8865
|
-
|
|
9007
|
+
if (experimentalConfig?.iframeTimeoutTelemetry) {
|
|
9008
|
+
lateMeasurement = performanceClient.startMeasurement(WaitForBridgeLateResponse$1, correlationId);
|
|
9009
|
+
timedOut$1 = true;
|
|
9010
|
+
lateTimeoutId = window.setTimeout(() => {
|
|
9011
|
+
lateMeasurement?.end({ success: false });
|
|
9012
|
+
clearTimeout(lateTimeoutId);
|
|
9013
|
+
channel.close();
|
|
9014
|
+
}, 60000); // 60s late response timeout to allow for telemetry of late responses
|
|
9015
|
+
}
|
|
9016
|
+
else {
|
|
9017
|
+
channel.close();
|
|
9018
|
+
}
|
|
8866
9019
|
reject(createBrowserAuthError(timedOut, "redirect_bridge_timeout"));
|
|
8867
9020
|
}, timeoutMs);
|
|
8868
9021
|
// Track this monitor so it can be cancelled if needed
|
|
@@ -8876,6 +9029,14 @@
|
|
|
8876
9029
|
const messageVersion = event?.data && typeof event.data.v === "number"
|
|
8877
9030
|
? event.data.v
|
|
8878
9031
|
: undefined;
|
|
9032
|
+
if (timedOut$1) {
|
|
9033
|
+
lateMeasurement?.end({
|
|
9034
|
+
success: responseString ? true : false,
|
|
9035
|
+
});
|
|
9036
|
+
clearTimeout(lateTimeoutId);
|
|
9037
|
+
channel.close();
|
|
9038
|
+
return;
|
|
9039
|
+
}
|
|
8879
9040
|
performanceClient.addFields({
|
|
8880
9041
|
redirectBridgeMessageVersion: messageVersion,
|
|
8881
9042
|
}, correlationId);
|
|
@@ -9038,131 +9199,6 @@
|
|
|
9038
9199
|
waitForBridgeResponse: waitForBridgeResponse
|
|
9039
9200
|
});
|
|
9040
9201
|
|
|
9041
|
-
/*
|
|
9042
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
9043
|
-
* Licensed under the MIT License.
|
|
9044
|
-
*/
|
|
9045
|
-
/**
|
|
9046
|
-
* acquireTokenFromCache (msal-browser).
|
|
9047
|
-
* Internal API for acquiring token from cache
|
|
9048
|
-
*/
|
|
9049
|
-
const AcquireTokenFromCache = "acquireTokenFromCache";
|
|
9050
|
-
/**
|
|
9051
|
-
* acquireTokenByRefreshToken API (msal-browser and msal-node).
|
|
9052
|
-
* Used to renew an access token using a refresh token against the token endpoint.
|
|
9053
|
-
*/
|
|
9054
|
-
const AcquireTokenByRefreshToken = "acquireTokenByRefreshToken";
|
|
9055
|
-
/**
|
|
9056
|
-
* acquireTokenSilentAsync (msal-browser).
|
|
9057
|
-
* Internal API for acquireTokenSilent.
|
|
9058
|
-
*/
|
|
9059
|
-
const AcquireTokenSilentAsync = "acquireTokenSilentAsync";
|
|
9060
|
-
/**
|
|
9061
|
-
* getPublicKeyThumbprint API in CryptoOpts class (msal-browser).
|
|
9062
|
-
* Used to generate a public/private keypair and generate a public key thumbprint for pop requests.
|
|
9063
|
-
*/
|
|
9064
|
-
const CryptoOptsGetPublicKeyThumbprint = "cryptoOptsGetPublicKeyThumbprint";
|
|
9065
|
-
/**
|
|
9066
|
-
* signJwt API in CryptoOpts class (msal-browser).
|
|
9067
|
-
* Used to signed a pop token.
|
|
9068
|
-
*/
|
|
9069
|
-
const CryptoOptsSignJwt = "cryptoOptsSignJwt";
|
|
9070
|
-
/**
|
|
9071
|
-
* acquireToken API in the SilentCacheClient class (msal-browser).
|
|
9072
|
-
* Used to read access tokens from the cache.
|
|
9073
|
-
*/
|
|
9074
|
-
const SilentCacheClientAcquireToken = "silentCacheClientAcquireToken";
|
|
9075
|
-
/**
|
|
9076
|
-
* acquireToken API in the SilentIframeClient class (msal-browser).
|
|
9077
|
-
* Used to acquire a new set of tokens from the authorize endpoint in a hidden iframe.
|
|
9078
|
-
*/
|
|
9079
|
-
const SilentIframeClientAcquireToken = "silentIframeClientAcquireToken";
|
|
9080
|
-
const AwaitConcurrentIframe = "awaitConcurrentIframe"; // Time spent waiting for a concurrent iframe to complete
|
|
9081
|
-
/**
|
|
9082
|
-
* acquireToken API in SilentRereshClient (msal-browser).
|
|
9083
|
-
* Used to acquire a new set of tokens from the token endpoint using a refresh token.
|
|
9084
|
-
*/
|
|
9085
|
-
const SilentRefreshClientAcquireToken = "silentRefreshClientAcquireToken";
|
|
9086
|
-
/**
|
|
9087
|
-
* getDiscoveredAuthority API in StandardInteractionClient class (msal-browser).
|
|
9088
|
-
* Used to load authority metadata for a request.
|
|
9089
|
-
*/
|
|
9090
|
-
const StandardInteractionClientGetDiscoveredAuthority = "standardInteractionClientGetDiscoveredAuthority";
|
|
9091
|
-
/**
|
|
9092
|
-
* acquireToken API in NativeInteractionClient class (msal-browser).
|
|
9093
|
-
* Used to acquire a token from Native component when native brokering is enabled.
|
|
9094
|
-
*/
|
|
9095
|
-
const NativeInteractionClientAcquireToken = "nativeInteractionClientAcquireToken";
|
|
9096
|
-
/**
|
|
9097
|
-
* acquireTokenByRefreshToken API in RefreshTokenClient (msal-common).
|
|
9098
|
-
*/
|
|
9099
|
-
const RefreshTokenClientAcquireTokenByRefreshToken = "refreshTokenClientAcquireTokenByRefreshToken";
|
|
9100
|
-
/**
|
|
9101
|
-
* acquireTokenBySilentIframe (msal-browser).
|
|
9102
|
-
* Internal API for acquiring token by silent Iframe
|
|
9103
|
-
*/
|
|
9104
|
-
const AcquireTokenBySilentIframe = "acquireTokenBySilentIframe";
|
|
9105
|
-
/**
|
|
9106
|
-
* Internal API for initializing base request in BaseInteractionClient (msal-browser)
|
|
9107
|
-
*/
|
|
9108
|
-
const InitializeBaseRequest = "initializeBaseRequest";
|
|
9109
|
-
/**
|
|
9110
|
-
* Internal API for initializing silent request in SilentCacheClient (msal-browser)
|
|
9111
|
-
*/
|
|
9112
|
-
const InitializeSilentRequest = "initializeSilentRequest";
|
|
9113
|
-
const InitializeCache = "initializeCache";
|
|
9114
|
-
/**
|
|
9115
|
-
* Helper function in SilentIframeClient class (msal-browser).
|
|
9116
|
-
*/
|
|
9117
|
-
const SilentIframeClientTokenHelper = "silentIframeClientTokenHelper";
|
|
9118
|
-
/**
|
|
9119
|
-
* SilentHandler
|
|
9120
|
-
*/
|
|
9121
|
-
const SilentHandlerInitiateAuthRequest = "silentHandlerInitiateAuthRequest";
|
|
9122
|
-
const SilentHandlerMonitorIframeForHash = "silentHandlerMonitorIframeForHash";
|
|
9123
|
-
const SilentHandlerLoadFrameSync = "silentHandlerLoadFrameSync";
|
|
9124
|
-
/**
|
|
9125
|
-
* Helper functions in StandardInteractionClient class (msal-browser)
|
|
9126
|
-
*/
|
|
9127
|
-
const StandardInteractionClientCreateAuthCodeClient = "standardInteractionClientCreateAuthCodeClient";
|
|
9128
|
-
const StandardInteractionClientGetClientConfiguration = "standardInteractionClientGetClientConfiguration";
|
|
9129
|
-
const StandardInteractionClientInitializeAuthorizationRequest = "standardInteractionClientInitializeAuthorizationRequest";
|
|
9130
|
-
const SilentFlowClientAcquireCachedToken = "silentFlowClientAcquireCachedToken";
|
|
9131
|
-
const GetStandardParams = "getStandardParams";
|
|
9132
|
-
const HandleCodeResponse = "handleCodeResponse";
|
|
9133
|
-
const HandleResponseEar = "handleResponseEar";
|
|
9134
|
-
const HandleResponsePlatformBroker = "handleResponsePlatformBroker";
|
|
9135
|
-
const HandleResponseCode = "handleResponseCode";
|
|
9136
|
-
const AuthClientAcquireToken = "authClientAcquireToken";
|
|
9137
|
-
const DeserializeResponse = "deserializeResponse";
|
|
9138
|
-
const AuthorityFactoryCreateDiscoveredInstance = "authorityFactoryCreateDiscoveredInstance";
|
|
9139
|
-
const AcquireTokenByCodeAsync = "acquireTokenByCodeAsync";
|
|
9140
|
-
const HandleRedirectPromiseMeasurement = "handleRedirectPromise";
|
|
9141
|
-
const HandleNativeRedirectPromiseMeasurement = "handleNativeRedirectPromise";
|
|
9142
|
-
const NativeMessageHandlerHandshake = "nativeMessageHandlerHandshake";
|
|
9143
|
-
const RemoveHiddenIframe = "removeHiddenIframe";
|
|
9144
|
-
const ImportExistingCache = "importExistingCache";
|
|
9145
|
-
/**
|
|
9146
|
-
* Crypto Operations
|
|
9147
|
-
*/
|
|
9148
|
-
const GeneratePkceCodes = "generatePkceCodes";
|
|
9149
|
-
const GenerateCodeVerifier = "generateCodeVerifier";
|
|
9150
|
-
const GenerateCodeChallengeFromVerifier = "generateCodeChallengeFromVerifier";
|
|
9151
|
-
const Sha256Digest = "sha256Digest";
|
|
9152
|
-
const GetRandomValues = "getRandomValues";
|
|
9153
|
-
const GenerateHKDF = "generateHKDF";
|
|
9154
|
-
const GenerateBaseKey = "generateBaseKey";
|
|
9155
|
-
const Base64Decode = "base64Decode";
|
|
9156
|
-
const UrlEncodeArr = "urlEncodeArr";
|
|
9157
|
-
const Encrypt = "encrypt";
|
|
9158
|
-
const Decrypt = "decrypt";
|
|
9159
|
-
const GenerateEarKey = "generateEarKey";
|
|
9160
|
-
const DecryptEarResponse = "decryptEarResponse";
|
|
9161
|
-
const LoadAccount = "loadAccount";
|
|
9162
|
-
const LoadIdToken = "loadIdToken";
|
|
9163
|
-
const LoadAccessToken = "loadAccessToken";
|
|
9164
|
-
const LoadRefreshToken = "loadRefreshToken";
|
|
9165
|
-
|
|
9166
9202
|
/*
|
|
9167
9203
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
9168
9204
|
* Licensed under the MIT License.
|
|
@@ -9770,7 +9806,14 @@
|
|
|
9770
9806
|
// Update cache storage
|
|
9771
9807
|
const LocalStorageUpdated = "localStorageUpdated";
|
|
9772
9808
|
// Load external tokens
|
|
9773
|
-
const LoadExternalTokens = "loadExternalTokens";
|
|
9809
|
+
const LoadExternalTokens = "loadExternalTokens";
|
|
9810
|
+
/**
|
|
9811
|
+
* SSO capability verification call (msal-browser).
|
|
9812
|
+
* Fire-and-forget SSO verification call made after interactive authentication completes.
|
|
9813
|
+
*/
|
|
9814
|
+
const SsoCapable = "ssoCapable";
|
|
9815
|
+
// Wait for late response from bridge after timeout has already occurred
|
|
9816
|
+
const WaitForBridgeLateResponse = "waitForBridgeLateResponse";
|
|
9774
9817
|
|
|
9775
9818
|
var BrowserRootPerformanceEvents = /*#__PURE__*/Object.freeze({
|
|
9776
9819
|
__proto__: null,
|
|
@@ -9782,7 +9825,9 @@
|
|
|
9782
9825
|
InitializeClientApplication: InitializeClientApplication,
|
|
9783
9826
|
LoadExternalTokens: LoadExternalTokens,
|
|
9784
9827
|
LocalStorageUpdated: LocalStorageUpdated,
|
|
9785
|
-
|
|
9828
|
+
SsoCapable: SsoCapable,
|
|
9829
|
+
SsoSilent: SsoSilent,
|
|
9830
|
+
WaitForBridgeLateResponse: WaitForBridgeLateResponse
|
|
9786
9831
|
});
|
|
9787
9832
|
|
|
9788
9833
|
/*
|
|
@@ -9801,6 +9846,7 @@
|
|
|
9801
9846
|
const VERSION_CACHE_KEY = `${PREFIX}.version`;
|
|
9802
9847
|
const ACCOUNT_KEYS = "account.keys";
|
|
9803
9848
|
const TOKEN_KEYS = "token.keys";
|
|
9849
|
+
const SSO_CAPABLE = `${PREFIX}.${BROWSER_PREFIX}.sso.capable`;
|
|
9804
9850
|
function getAccountKeysCacheKey(schema = ACCOUNT_SCHEMA_VERSION) {
|
|
9805
9851
|
if (schema < 1) {
|
|
9806
9852
|
return `${PREFIX}.${ACCOUNT_KEYS}`;
|
|
@@ -10299,7 +10345,7 @@
|
|
|
10299
10345
|
|
|
10300
10346
|
/* eslint-disable header/header */
|
|
10301
10347
|
const name = "@azure/msal-browser";
|
|
10302
|
-
const version = "5.
|
|
10348
|
+
const version = "5.7.0";
|
|
10303
10349
|
|
|
10304
10350
|
/*
|
|
10305
10351
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -12402,7 +12448,6 @@
|
|
|
12402
12448
|
const USER_INTERACTION_REQUIRED = "USER_INTERACTION_REQUIRED";
|
|
12403
12449
|
const USER_CANCEL = "USER_CANCEL";
|
|
12404
12450
|
const NO_NETWORK = "NO_NETWORK";
|
|
12405
|
-
const PERSISTENT_ERROR = "PERSISTENT_ERROR";
|
|
12406
12451
|
const DISABLED = "DISABLED";
|
|
12407
12452
|
const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
|
|
12408
12453
|
const UX_NOT_ALLOWED = "UX_NOT_ALLOWED";
|
|
@@ -12426,8 +12471,7 @@
|
|
|
12426
12471
|
function isFatalNativeAuthError(error) {
|
|
12427
12472
|
if (error.ext &&
|
|
12428
12473
|
error.ext.status &&
|
|
12429
|
-
|
|
12430
|
-
error.ext.status === DISABLED)) {
|
|
12474
|
+
error.ext.status === DISABLED) {
|
|
12431
12475
|
return true;
|
|
12432
12476
|
}
|
|
12433
12477
|
if (error.ext &&
|
|
@@ -12553,12 +12597,12 @@
|
|
|
12553
12597
|
async acquireToken(request, cacheLookupPolicy) {
|
|
12554
12598
|
this.logger.trace("03qeos", this.correlationId);
|
|
12555
12599
|
// start the perf measurement
|
|
12556
|
-
const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken,
|
|
12600
|
+
const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken, this.correlationId);
|
|
12557
12601
|
const reqTimestamp = nowSeconds();
|
|
12558
12602
|
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
12559
12603
|
try {
|
|
12560
12604
|
// initialize native request
|
|
12561
|
-
const nativeRequest = await this.
|
|
12605
|
+
const nativeRequest = await this.initializePlatformRequest(request);
|
|
12562
12606
|
// check if the tokens can be retrieved from internal cache
|
|
12563
12607
|
try {
|
|
12564
12608
|
const result = await this.acquireTokensFromCache(this.accountId, nativeRequest);
|
|
@@ -12572,6 +12616,10 @@
|
|
|
12572
12616
|
catch (e) {
|
|
12573
12617
|
if (cacheLookupPolicy === CacheLookupPolicy.AccessToken) {
|
|
12574
12618
|
this.logger.info("0eitbc", this.correlationId);
|
|
12619
|
+
nativeATMeasurement.end({
|
|
12620
|
+
success: false,
|
|
12621
|
+
brokerErrorCode: "cache_request_failed",
|
|
12622
|
+
});
|
|
12575
12623
|
throw e;
|
|
12576
12624
|
}
|
|
12577
12625
|
// continue with a native call for any and all errors
|
|
@@ -12593,7 +12641,6 @@
|
|
|
12593
12641
|
success: false,
|
|
12594
12642
|
errorCode: error.errorCode,
|
|
12595
12643
|
subErrorCode: error.subError,
|
|
12596
|
-
isNativeBroker: true,
|
|
12597
12644
|
});
|
|
12598
12645
|
throw error;
|
|
12599
12646
|
});
|
|
@@ -12602,6 +12649,9 @@
|
|
|
12602
12649
|
if (e instanceof NativeAuthError) {
|
|
12603
12650
|
serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode);
|
|
12604
12651
|
}
|
|
12652
|
+
nativeATMeasurement.end({
|
|
12653
|
+
success: false,
|
|
12654
|
+
});
|
|
12605
12655
|
throw e;
|
|
12606
12656
|
}
|
|
12607
12657
|
}
|
|
@@ -12634,7 +12684,7 @@
|
|
|
12634
12684
|
// fetch the account from browser cache
|
|
12635
12685
|
const account = this.browserStorage.getBaseAccountInfo({
|
|
12636
12686
|
nativeAccountId,
|
|
12637
|
-
},
|
|
12687
|
+
}, this.correlationId);
|
|
12638
12688
|
if (!account) {
|
|
12639
12689
|
throw createClientAuthError(noAccountFound);
|
|
12640
12690
|
}
|
|
@@ -12664,7 +12714,7 @@
|
|
|
12664
12714
|
*/
|
|
12665
12715
|
async acquireTokenRedirect(request, rootMeasurement, options) {
|
|
12666
12716
|
this.logger.trace("0luikq", this.correlationId);
|
|
12667
|
-
const nativeRequest = await this.
|
|
12717
|
+
const nativeRequest = await this.initializePlatformRequest(request);
|
|
12668
12718
|
const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
|
|
12669
12719
|
try {
|
|
12670
12720
|
await this.platformAuthProvider.sendMessage(nativeRequest);
|
|
@@ -12696,7 +12746,7 @@
|
|
|
12696
12746
|
* @param performanceClient {IPerformanceClient?}
|
|
12697
12747
|
* @param correlationId {string?} correlation identifier
|
|
12698
12748
|
*/
|
|
12699
|
-
async handleRedirectPromise(
|
|
12749
|
+
async handleRedirectPromise() {
|
|
12700
12750
|
this.logger.trace("1c5lhw", this.correlationId);
|
|
12701
12751
|
if (!this.browserStorage.isInteractionInProgress(true)) {
|
|
12702
12752
|
this.logger.info("0le6uv", this.correlationId);
|
|
@@ -12706,9 +12756,7 @@
|
|
|
12706
12756
|
const cachedRequest = this.browserStorage.getCachedNativeRequest();
|
|
12707
12757
|
if (!cachedRequest) {
|
|
12708
12758
|
this.logger.verbose("0a6zjb", this.correlationId);
|
|
12709
|
-
|
|
12710
|
-
performanceClient?.addFields({ errorCode: "no_cached_request" }, correlationId);
|
|
12711
|
-
}
|
|
12759
|
+
this.performanceClient?.addFields({ errorCode: "no_cached_request" }, this.correlationId);
|
|
12712
12760
|
return null;
|
|
12713
12761
|
}
|
|
12714
12762
|
const { prompt, ...request } = cachedRequest;
|
|
@@ -12723,6 +12771,7 @@
|
|
|
12723
12771
|
const authResult = await this.handleNativeResponse(response, request, reqTimestamp);
|
|
12724
12772
|
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
12725
12773
|
serverTelemetryManager.clearNativeBrokerErrorCode();
|
|
12774
|
+
this.performanceClient?.addFields({ isNativeBroker: true }, this.correlationId);
|
|
12726
12775
|
return authResult;
|
|
12727
12776
|
}
|
|
12728
12777
|
catch (e) {
|
|
@@ -12763,9 +12812,9 @@
|
|
|
12763
12812
|
}
|
|
12764
12813
|
// Get the preferred_cache domain for the given authority
|
|
12765
12814
|
const authority = await getDiscoveredAuthority(this.config, this.correlationId, this.performanceClient, this.browserStorage, this.logger, request.authority);
|
|
12766
|
-
const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info,
|
|
12815
|
+
const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info, authority.getPreferredCache(), // environment
|
|
12767
12816
|
idTokenClaims.tid, undefined, // auth code payload
|
|
12768
|
-
response.account.id);
|
|
12817
|
+
response.account.id, this.logger, this.performanceClient);
|
|
12769
12818
|
// Ensure expires_in is in number format
|
|
12770
12819
|
response.expires_in = Number(response.expires_in);
|
|
12771
12820
|
// generate authenticationResult
|
|
@@ -12991,15 +13040,23 @@
|
|
|
12991
13040
|
* Translates developer provided request object into NativeRequest object
|
|
12992
13041
|
* @param request
|
|
12993
13042
|
*/
|
|
12994
|
-
async
|
|
12995
|
-
this.logger.trace("
|
|
13043
|
+
async initializePlatformRequest(request) {
|
|
13044
|
+
this.logger.trace("1xdm2a", this.correlationId);
|
|
12996
13045
|
const canonicalAuthority = await this.getCanonicalAuthority(request);
|
|
13046
|
+
// ignore config claims if skipBrokerClaims is set to true and this is a brokered authentication flow
|
|
13047
|
+
const configClaims = request.skipBrokerClaims && !!request.embeddedClientId
|
|
13048
|
+
? undefined
|
|
13049
|
+
: this.config.auth.clientCapabilities;
|
|
12997
13050
|
// scopes are expected to be received by the native broker as "scope" and will be added to the request below. Other properties that should be dropped from the request to the native broker can be included in the object destructuring here.
|
|
12998
|
-
const { scopes, ...remainingProperties } = request;
|
|
13051
|
+
const { scopes, claims, ...remainingProperties } = request;
|
|
12999
13052
|
const scopeSet = new ScopeSet(scopes || []);
|
|
13000
13053
|
scopeSet.appendScopes(OIDC_DEFAULT_SCOPES$1);
|
|
13054
|
+
const mergedClaims = configClaims && configClaims.length
|
|
13055
|
+
? addClientCapabilitiesToClaims$1(claims, configClaims)
|
|
13056
|
+
: claims;
|
|
13001
13057
|
const validatedRequest = {
|
|
13002
13058
|
...remainingProperties,
|
|
13059
|
+
claims: mergedClaims,
|
|
13003
13060
|
accountId: this.accountId,
|
|
13004
13061
|
clientId: this.config.auth.clientId,
|
|
13005
13062
|
authority: canonicalAuthority.urlString,
|
|
@@ -13069,12 +13126,12 @@
|
|
|
13069
13126
|
switch (this.apiId) {
|
|
13070
13127
|
case ApiId.ssoSilent:
|
|
13071
13128
|
case ApiId.acquireTokenSilent_silentFlow:
|
|
13072
|
-
this.logger.trace("
|
|
13129
|
+
this.logger.trace("12n1y2", this.correlationId);
|
|
13073
13130
|
return PromptValue$1.NONE;
|
|
13074
13131
|
}
|
|
13075
13132
|
// Prompt not provided, request may proceed and native broker decides if it needs to prompt
|
|
13076
13133
|
if (!prompt) {
|
|
13077
|
-
this.logger.trace("
|
|
13134
|
+
this.logger.trace("0uid1p", this.correlationId);
|
|
13078
13135
|
return undefined;
|
|
13079
13136
|
}
|
|
13080
13137
|
// If request is interactive, check if prompt provided is allowed to go directly to native broker
|
|
@@ -13082,10 +13139,10 @@
|
|
|
13082
13139
|
case PromptValue$1.NONE:
|
|
13083
13140
|
case PromptValue$1.CONSENT:
|
|
13084
13141
|
case PromptValue$1.LOGIN:
|
|
13085
|
-
this.logger.trace("
|
|
13142
|
+
this.logger.trace("0i0hco", this.correlationId);
|
|
13086
13143
|
return prompt;
|
|
13087
13144
|
default:
|
|
13088
|
-
this.logger.trace("
|
|
13145
|
+
this.logger.trace("0w3tpw", this.correlationId);
|
|
13089
13146
|
throw createBrowserAuthError(nativePromptNotSupported);
|
|
13090
13147
|
}
|
|
13091
13148
|
}
|
|
@@ -13121,7 +13178,7 @@
|
|
|
13121
13178
|
this.performanceClient?.addFields({
|
|
13122
13179
|
embeddedClientId: child_client_id,
|
|
13123
13180
|
embeddedRedirectUri: child_redirect_uri,
|
|
13124
|
-
},
|
|
13181
|
+
}, this.correlationId);
|
|
13125
13182
|
}
|
|
13126
13183
|
}
|
|
13127
13184
|
|
|
@@ -13208,6 +13265,10 @@
|
|
|
13208
13265
|
if (request.platformBroker) {
|
|
13209
13266
|
// signal ests that this is a WAM call
|
|
13210
13267
|
addNativeBroker(parameters);
|
|
13268
|
+
// instrument JS-platform bridge specific fields
|
|
13269
|
+
performanceClient.addFields({
|
|
13270
|
+
isPlatformAuthorizeRequest: true,
|
|
13271
|
+
}, request.correlationId);
|
|
13211
13272
|
// pass the req_cnf for POP
|
|
13212
13273
|
if (request.authenticationScheme === AuthenticationScheme$1.POP) {
|
|
13213
13274
|
const cryptoOps = new CryptoOps(logger, performanceClient);
|
|
@@ -13650,7 +13711,7 @@
|
|
|
13650
13711
|
*
|
|
13651
13712
|
* @returns Configuration object
|
|
13652
13713
|
*/
|
|
13653
|
-
function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system: userInputSystem, telemetry: userInputTelemetry, }, isBrowserEnvironment) {
|
|
13714
|
+
function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system: userInputSystem, experimental: userInputExperimental, telemetry: userInputTelemetry, }, isBrowserEnvironment) {
|
|
13654
13715
|
// Default auth options for browser
|
|
13655
13716
|
const DEFAULT_AUTH_OPTIONS = {
|
|
13656
13717
|
clientId: "",
|
|
@@ -13677,6 +13738,7 @@
|
|
|
13677
13738
|
},
|
|
13678
13739
|
instanceAware: false,
|
|
13679
13740
|
isMcp: false,
|
|
13741
|
+
verifySSO: false,
|
|
13680
13742
|
};
|
|
13681
13743
|
// Default cache options for browser
|
|
13682
13744
|
const DEFAULT_CACHE_OPTIONS = {
|
|
@@ -13722,6 +13784,9 @@
|
|
|
13722
13784
|
},
|
|
13723
13785
|
client: new StubPerformanceClient(),
|
|
13724
13786
|
};
|
|
13787
|
+
const DEFAULT_EXPERIMENTAL_OPTIONS = {
|
|
13788
|
+
iframeTimeoutTelemetry: false,
|
|
13789
|
+
};
|
|
13725
13790
|
// Throw an error if user has set OIDCOptions without being in OIDC protocol mode
|
|
13726
13791
|
if (userInputSystem?.protocolMode !== ProtocolMode.OIDC &&
|
|
13727
13792
|
userInputAuth?.OIDCOptions) {
|
|
@@ -13745,6 +13810,10 @@
|
|
|
13745
13810
|
},
|
|
13746
13811
|
cache: { ...DEFAULT_CACHE_OPTIONS, ...userInputCache },
|
|
13747
13812
|
system: providedSystemOptions,
|
|
13813
|
+
experimental: {
|
|
13814
|
+
...DEFAULT_EXPERIMENTAL_OPTIONS,
|
|
13815
|
+
...userInputExperimental,
|
|
13816
|
+
},
|
|
13748
13817
|
telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...userInputTelemetry },
|
|
13749
13818
|
};
|
|
13750
13819
|
return overlayedConfig;
|
|
@@ -14222,7 +14291,7 @@
|
|
|
14222
14291
|
}
|
|
14223
14292
|
}
|
|
14224
14293
|
/**
|
|
14225
|
-
* Returns boolean indicating whether or not the request should attempt to use
|
|
14294
|
+
* Returns boolean indicating whether or not the request should attempt to use platform broker
|
|
14226
14295
|
* @param logger
|
|
14227
14296
|
* @param config
|
|
14228
14297
|
* @param correlationId
|
|
@@ -14504,6 +14573,10 @@
|
|
|
14504
14573
|
return;
|
|
14505
14574
|
}
|
|
14506
14575
|
}
|
|
14576
|
+
// Redirect bridge requires "state" param to work properly
|
|
14577
|
+
validRequest.state = setRequestState(this.browserCrypto, validRequest.state || "", {
|
|
14578
|
+
interactionType: exports.InteractionType.Popup,
|
|
14579
|
+
});
|
|
14507
14580
|
// Create logout string and navigate user window to logout.
|
|
14508
14581
|
const logoutUri = authClient.getLogoutUri(validRequest);
|
|
14509
14582
|
this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, validRequest.correlationId, exports.InteractionType.Popup, validRequest);
|
|
@@ -15044,6 +15117,10 @@
|
|
|
15044
15117
|
}
|
|
15045
15118
|
}
|
|
15046
15119
|
}
|
|
15120
|
+
// Redirect bridge requires "state" param to work properly
|
|
15121
|
+
validLogoutRequest.state = setRequestState(this.browserCrypto, validLogoutRequest.state || "", {
|
|
15122
|
+
interactionType: exports.InteractionType.Redirect,
|
|
15123
|
+
});
|
|
15047
15124
|
// Create logout string and navigate user window to logout.
|
|
15048
15125
|
const logoutUri = authClient.getLogoutUri(validLogoutRequest);
|
|
15049
15126
|
if (validLogoutRequest.account?.homeAccountId) {
|
|
@@ -15270,7 +15347,7 @@
|
|
|
15270
15347
|
const responseType = this.config.auth.OIDCOptions.responseMode;
|
|
15271
15348
|
let responseString;
|
|
15272
15349
|
try {
|
|
15273
|
-
responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
|
|
15350
|
+
responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
|
|
15274
15351
|
}
|
|
15275
15352
|
finally {
|
|
15276
15353
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
@@ -15292,6 +15369,38 @@
|
|
|
15292
15369
|
return invokeAsync(handleResponseEAR, HandleResponseEar, this.logger, this.performanceClient, correlationId)(silentRequest, serverParams, this.apiId, this.config, discoveredAuthority, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
15293
15370
|
}
|
|
15294
15371
|
}
|
|
15372
|
+
/**
|
|
15373
|
+
* Verifies SSO capability by making an iframe request to /authorize without exchanging the code for tokens.
|
|
15374
|
+
* This is useful for verifying SSO capability in the background without the overhead of a full token exchange.
|
|
15375
|
+
* @param request - The SSO silent request
|
|
15376
|
+
* @returns true if SSO verification was successful with a valid authorization code, false otherwise
|
|
15377
|
+
*/
|
|
15378
|
+
async verifySso(request) {
|
|
15379
|
+
const inputRequest = { ...request };
|
|
15380
|
+
if (!inputRequest.prompt) {
|
|
15381
|
+
inputRequest.prompt = PromptValue$1.NONE;
|
|
15382
|
+
}
|
|
15383
|
+
// Create silent request
|
|
15384
|
+
const silentRequest = await invokeAsync(initializeAuthorizationRequest, StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(inputRequest, exports.InteractionType.Silent, this.config, this.browserCrypto, this.browserStorage, this.logger, this.performanceClient, this.correlationId);
|
|
15385
|
+
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
|
|
15386
|
+
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger),
|
|
15387
|
+
requestAuthority: silentRequest.authority,
|
|
15388
|
+
requestAzureCloudOptions: silentRequest.azureCloudOptions,
|
|
15389
|
+
requestExtraQueryParameters: silentRequest.extraQueryParameters,
|
|
15390
|
+
account: silentRequest.account,
|
|
15391
|
+
});
|
|
15392
|
+
const { serverParams } = await this.silentAuthorizeHelper(authClient, silentRequest);
|
|
15393
|
+
const correlationId = silentRequest.correlationId;
|
|
15394
|
+
// Validate the response - this checks for errors and validates state
|
|
15395
|
+
validateAuthorizationResponse(serverParams, silentRequest.state);
|
|
15396
|
+
// Verify a valid authorization code is present
|
|
15397
|
+
if (!serverParams.code) {
|
|
15398
|
+
this.logger.warning("0y34ti", correlationId);
|
|
15399
|
+
return false;
|
|
15400
|
+
}
|
|
15401
|
+
this.logger.verbose("0kkkcj", correlationId);
|
|
15402
|
+
return true;
|
|
15403
|
+
}
|
|
15295
15404
|
/**
|
|
15296
15405
|
* Currently Unsupported
|
|
15297
15406
|
*/
|
|
@@ -15306,6 +15415,16 @@
|
|
|
15306
15415
|
* @param userRequestScopes
|
|
15307
15416
|
*/
|
|
15308
15417
|
async silentTokenHelper(authClient, request) {
|
|
15418
|
+
const { serverParams, pkceCodes } = await this.silentAuthorizeHelper(authClient, request);
|
|
15419
|
+
return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, request.correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
15420
|
+
}
|
|
15421
|
+
/**
|
|
15422
|
+
* Shared helper that generates PKCE codes, builds the /authorize URL,
|
|
15423
|
+
* loads it in a hidden iframe, waits for the redirect-bridge response,
|
|
15424
|
+
* and returns the deserialized server parameters along with the PKCE codes
|
|
15425
|
+
* and the request that was sent.
|
|
15426
|
+
*/
|
|
15427
|
+
async silentAuthorizeHelper(authClient, request) {
|
|
15309
15428
|
const correlationId = request.correlationId;
|
|
15310
15429
|
const pkceCodes = await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
|
|
15311
15430
|
const silentRequest = {
|
|
@@ -15326,13 +15445,13 @@
|
|
|
15326
15445
|
// Wait for response from the redirect bridge.
|
|
15327
15446
|
let responseString;
|
|
15328
15447
|
try {
|
|
15329
|
-
responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
|
|
15448
|
+
responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
|
|
15330
15449
|
}
|
|
15331
15450
|
finally {
|
|
15332
15451
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
15333
15452
|
}
|
|
15334
15453
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
|
|
15335
|
-
return
|
|
15454
|
+
return { serverParams, pkceCodes, silentRequest };
|
|
15336
15455
|
}
|
|
15337
15456
|
}
|
|
15338
15457
|
|
|
@@ -15586,22 +15705,32 @@
|
|
|
15586
15705
|
this.nativeInternalStorage = new BrowserCacheManager(this.config.auth.clientId, nativeCacheOptions, this.browserCrypto, this.logger, this.performanceClient, this.eventHandler);
|
|
15587
15706
|
this.activeSilentTokenRequests = new Map();
|
|
15588
15707
|
// Register listener functions
|
|
15589
|
-
this.
|
|
15708
|
+
this.trackStateChange = this.trackStateChange.bind(this);
|
|
15590
15709
|
// Register listener functions
|
|
15591
|
-
this.
|
|
15592
|
-
this.
|
|
15710
|
+
this.trackStateChangeWithMeasurement =
|
|
15711
|
+
this.trackStateChangeWithMeasurement.bind(this);
|
|
15593
15712
|
}
|
|
15594
15713
|
static async createController(operatingContext, request) {
|
|
15595
15714
|
const controller = new StandardController(operatingContext);
|
|
15596
15715
|
await controller.initialize(request);
|
|
15597
15716
|
return controller;
|
|
15598
15717
|
}
|
|
15599
|
-
|
|
15718
|
+
trackStateChange(correlationId, event) {
|
|
15600
15719
|
if (!correlationId) {
|
|
15601
15720
|
return;
|
|
15602
15721
|
}
|
|
15603
|
-
|
|
15604
|
-
|
|
15722
|
+
if (event.type === "visibilitychange") {
|
|
15723
|
+
this.logger.info("16v6hv", correlationId);
|
|
15724
|
+
this.performanceClient.incrementFields({ visibilityChangeCount: 1 }, correlationId);
|
|
15725
|
+
}
|
|
15726
|
+
else if (event.type === "online") {
|
|
15727
|
+
this.logger.info("0zirfd", correlationId);
|
|
15728
|
+
this.performanceClient.incrementFields({ onlineStatusChangeCount: 1 }, correlationId);
|
|
15729
|
+
}
|
|
15730
|
+
else if (event.type === "offline") {
|
|
15731
|
+
this.logger.info("1xk9ef", correlationId);
|
|
15732
|
+
this.performanceClient.incrementFields({ onlineStatusChangeCount: 1 }, correlationId);
|
|
15733
|
+
}
|
|
15605
15734
|
}
|
|
15606
15735
|
/**
|
|
15607
15736
|
* Initializer function to perform async startup tasks such as connecting to WAM extension
|
|
@@ -15701,22 +15830,25 @@
|
|
|
15701
15830
|
}
|
|
15702
15831
|
const loggedInAccounts = this.getAllAccounts();
|
|
15703
15832
|
const platformBrokerRequest = this.browserStorage.getCachedNativeRequest();
|
|
15704
|
-
const useNative = platformBrokerRequest &&
|
|
15705
|
-
this.platformAuthProvider &&
|
|
15706
|
-
!options?.hash;
|
|
15833
|
+
const useNative = platformBrokerRequest && !options?.hash;
|
|
15707
15834
|
let rootMeasurement;
|
|
15708
15835
|
let redirectResponse;
|
|
15836
|
+
let cachedRedirectRequest;
|
|
15709
15837
|
try {
|
|
15710
15838
|
if (useNative && this.platformAuthProvider) {
|
|
15711
15839
|
const correlationId = platformBrokerRequest?.correlationId || "";
|
|
15712
15840
|
this.eventHandler.emitEvent(EventType.HANDLE_REDIRECT_START, correlationId, exports.InteractionType.Redirect);
|
|
15713
15841
|
rootMeasurement = this.performanceClient.startMeasurement(AcquireTokenRedirect, correlationId);
|
|
15714
15842
|
this.logger.trace("12v7is", correlationId);
|
|
15843
|
+
rootMeasurement.add({
|
|
15844
|
+
isPlatformBrokerRequest: true,
|
|
15845
|
+
});
|
|
15715
15846
|
const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.handleRedirectPromise, this.performanceClient, this.platformAuthProvider, platformBrokerRequest.accountId, this.nativeInternalStorage, platformBrokerRequest.correlationId);
|
|
15716
|
-
redirectResponse = invokeAsync(nativeClient.handleRedirectPromise.bind(nativeClient), HandleNativeRedirectPromiseMeasurement, this.logger, this.performanceClient, rootMeasurement.event.correlationId)(
|
|
15847
|
+
redirectResponse = invokeAsync(nativeClient.handleRedirectPromise.bind(nativeClient), HandleNativeRedirectPromiseMeasurement, this.logger, this.performanceClient, rootMeasurement.event.correlationId)();
|
|
15717
15848
|
}
|
|
15718
15849
|
else {
|
|
15719
15850
|
const [standardRequest, codeVerifier] = this.browserStorage.getCachedRequest("");
|
|
15851
|
+
cachedRedirectRequest = standardRequest;
|
|
15720
15852
|
const correlationId = standardRequest.correlationId;
|
|
15721
15853
|
this.eventHandler.emitEvent(EventType.HANDLE_REDIRECT_START, correlationId, exports.InteractionType.Redirect);
|
|
15722
15854
|
// Reset rootMeasurement now that we have correlationId
|
|
@@ -15745,6 +15877,8 @@
|
|
|
15745
15877
|
rootMeasurement.end({
|
|
15746
15878
|
success: true,
|
|
15747
15879
|
}, undefined, result.account);
|
|
15880
|
+
// Fire-and-forget SSO capability verification in background
|
|
15881
|
+
this.verifySsoCapability(cachedRedirectRequest, exports.InteractionType.Redirect);
|
|
15748
15882
|
}
|
|
15749
15883
|
else {
|
|
15750
15884
|
/*
|
|
@@ -15810,12 +15944,14 @@
|
|
|
15810
15944
|
if (this.platformAuthProvider &&
|
|
15811
15945
|
this.canUsePlatformBroker(request)) {
|
|
15812
15946
|
const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.acquireTokenRedirect, this.performanceClient, this.platformAuthProvider, this.getNativeAccountId(request), this.nativeInternalStorage, correlationId);
|
|
15813
|
-
result = nativeClient
|
|
15814
|
-
.
|
|
15815
|
-
|
|
15947
|
+
result = invokeAsync(nativeClient.acquireTokenRedirect.bind(nativeClient), NativeInteractionClientAcquireTokenRedirect, this.logger, this.performanceClient, correlationId)(request, atrMeasurement).catch((e) => {
|
|
15948
|
+
atrMeasurement.add({
|
|
15949
|
+
brokerErrorName: e.name,
|
|
15950
|
+
brokerErrorCode: e.errorCode,
|
|
15951
|
+
});
|
|
15816
15952
|
if (e instanceof NativeAuthError &&
|
|
15817
15953
|
isFatalNativeAuthError(e)) {
|
|
15818
|
-
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
|
|
15954
|
+
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
|
|
15819
15955
|
const redirectClient = this.createRedirectClient(correlationId);
|
|
15820
15956
|
return redirectClient.acquireToken(request);
|
|
15821
15957
|
}
|
|
@@ -15881,6 +16017,9 @@
|
|
|
15881
16017
|
let result;
|
|
15882
16018
|
const pkce = this.getPreGeneratedPkceCodes(correlationId);
|
|
15883
16019
|
if (this.canUsePlatformBroker(request)) {
|
|
16020
|
+
atPopupMeasurement.add({
|
|
16021
|
+
isPlatformBrokerRequest: true,
|
|
16022
|
+
});
|
|
15884
16023
|
result = this.acquireTokenNative({
|
|
15885
16024
|
...request,
|
|
15886
16025
|
correlationId,
|
|
@@ -15893,9 +16032,13 @@
|
|
|
15893
16032
|
return response;
|
|
15894
16033
|
})
|
|
15895
16034
|
.catch((e) => {
|
|
16035
|
+
atPopupMeasurement.add({
|
|
16036
|
+
brokerErrorName: e.name,
|
|
16037
|
+
brokerErrorCode: e.errorCode,
|
|
16038
|
+
});
|
|
15896
16039
|
if (e instanceof NativeAuthError &&
|
|
15897
16040
|
isFatalNativeAuthError(e)) {
|
|
15898
|
-
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
|
|
16041
|
+
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
|
|
15899
16042
|
const popupClient = this.createPopupClient(correlationId);
|
|
15900
16043
|
return popupClient.acquireToken(request, pkce);
|
|
15901
16044
|
}
|
|
@@ -15926,6 +16069,8 @@
|
|
|
15926
16069
|
accessTokenSize: result.accessToken.length,
|
|
15927
16070
|
idTokenSize: result.idToken.length,
|
|
15928
16071
|
}, undefined, result.account);
|
|
16072
|
+
// SSO capability verification in background
|
|
16073
|
+
this.verifySsoCapability(request, exports.InteractionType.Popup);
|
|
15929
16074
|
return result;
|
|
15930
16075
|
})
|
|
15931
16076
|
.catch((e) => {
|
|
@@ -15943,15 +16088,137 @@
|
|
|
15943
16088
|
}
|
|
15944
16089
|
});
|
|
15945
16090
|
}
|
|
15946
|
-
|
|
16091
|
+
trackStateChangeWithMeasurement(event) {
|
|
15947
16092
|
const measurement = this.ssoSilentMeasurement ||
|
|
15948
16093
|
this.acquireTokenByCodeAsyncMeasurement;
|
|
15949
16094
|
if (!measurement) {
|
|
15950
16095
|
return;
|
|
15951
16096
|
}
|
|
15952
|
-
|
|
15953
|
-
|
|
16097
|
+
if (event.type === "visibilitychange") {
|
|
16098
|
+
this.logger.info("0yzimq", measurement.event.correlationId);
|
|
16099
|
+
measurement.increment({
|
|
16100
|
+
visibilityChangeCount: 1,
|
|
16101
|
+
});
|
|
16102
|
+
}
|
|
16103
|
+
else if (event.type === "online") {
|
|
16104
|
+
this.logger.info("1caf53", measurement.event.correlationId);
|
|
16105
|
+
measurement.increment({
|
|
16106
|
+
onlineStatusChangeCount: 1,
|
|
16107
|
+
});
|
|
16108
|
+
}
|
|
16109
|
+
else if (event.type === "offline") {
|
|
16110
|
+
this.logger.info("0fdyk7", measurement.event.correlationId);
|
|
16111
|
+
measurement.increment({
|
|
16112
|
+
onlineStatusChangeCount: 1,
|
|
16113
|
+
});
|
|
16114
|
+
}
|
|
16115
|
+
}
|
|
16116
|
+
addStateChangeListeners(listener) {
|
|
16117
|
+
document.addEventListener("visibilitychange", listener);
|
|
16118
|
+
window.addEventListener("online", listener);
|
|
16119
|
+
window.addEventListener("offline", listener);
|
|
16120
|
+
}
|
|
16121
|
+
removeStateChangeListeners(listener) {
|
|
16122
|
+
document.removeEventListener("visibilitychange", listener);
|
|
16123
|
+
window.removeEventListener("online", listener);
|
|
16124
|
+
window.removeEventListener("offline", listener);
|
|
16125
|
+
}
|
|
16126
|
+
/**
|
|
16127
|
+
* Reads the cached ssoCapable value from localStorage.
|
|
16128
|
+
* @returns The cached ssoCapable boolean value, or undefined if not cached or expired.
|
|
16129
|
+
*/
|
|
16130
|
+
getCachedSsoCapable() {
|
|
16131
|
+
try {
|
|
16132
|
+
const cachedValue = window.localStorage.getItem(SSO_CAPABLE);
|
|
16133
|
+
if (cachedValue) {
|
|
16134
|
+
const parsed = JSON.parse(cachedValue);
|
|
16135
|
+
if (parsed &&
|
|
16136
|
+
typeof parsed.ssoCapable === "boolean" &&
|
|
16137
|
+
parsed.expiresOn &&
|
|
16138
|
+
Date.now() < parsed.expiresOn) {
|
|
16139
|
+
return parsed.ssoCapable;
|
|
16140
|
+
}
|
|
16141
|
+
}
|
|
16142
|
+
}
|
|
16143
|
+
catch {
|
|
16144
|
+
// If parsing fails, return undefined
|
|
16145
|
+
}
|
|
16146
|
+
return undefined;
|
|
16147
|
+
}
|
|
16148
|
+
/**
|
|
16149
|
+
* SSO capability verification in the background.
|
|
16150
|
+
* This method makes an iframe request to /authorize to verify SSO capability without calling /token.
|
|
16151
|
+
* This method does not block the caller and tracks telemetry for success/failure.
|
|
16152
|
+
* This method only executes if verifySSO is set to true in the auth configuration.
|
|
16153
|
+
* The result is cached in localStorage with a 24-hour TTL; the SSO verification call
|
|
16154
|
+
* is only attempted when the cached value is absent or expired.
|
|
16155
|
+
* @param request - The original request used for the authentication flow
|
|
16156
|
+
* @param interactionType - The interactionType of the AT operation for logging purposes
|
|
16157
|
+
*/
|
|
16158
|
+
verifySsoCapability(request, interactionType) {
|
|
16159
|
+
// Check if SSO capability verification is enabled
|
|
16160
|
+
if (!this.config.auth.verifySSO) {
|
|
16161
|
+
return;
|
|
16162
|
+
}
|
|
16163
|
+
// Check TTL: derive ssoCapable state from localStorage and skip if not expired
|
|
16164
|
+
const ssoCacheKey = SSO_CAPABLE;
|
|
16165
|
+
const SSO_CAPABLE_TTL_MS = 24 * 60 * 60 * 1000; // 24 hours
|
|
16166
|
+
const cachedSsoCapable = this.getCachedSsoCapable();
|
|
16167
|
+
if (cachedSsoCapable !== undefined) {
|
|
16168
|
+
this.logger.verbose("13poou", "");
|
|
16169
|
+
return;
|
|
16170
|
+
}
|
|
16171
|
+
const correlationId = createNewGuid();
|
|
16172
|
+
const ssoCapableMeasurement = this.performanceClient.startMeasurement(SsoCapable, correlationId);
|
|
16173
|
+
ssoCapableMeasurement.add({
|
|
16174
|
+
"ext.interactionType": interactionType,
|
|
15954
16175
|
});
|
|
16176
|
+
this.logger.verbose("0pbr0i", correlationId);
|
|
16177
|
+
/*
|
|
16178
|
+
* Use setTimeout to ensure this runs in a separate macrotask after the current call stack completes
|
|
16179
|
+
* This ensures the result is returned to the caller before the SSO verification starts and doesn't affect performance
|
|
16180
|
+
*/
|
|
16181
|
+
setTimeout(() => {
|
|
16182
|
+
const ssoVerificationRequest = {
|
|
16183
|
+
...request,
|
|
16184
|
+
correlationId: correlationId,
|
|
16185
|
+
};
|
|
16186
|
+
const silentIframeClient = this.createSilentIframeClient(correlationId);
|
|
16187
|
+
silentIframeClient
|
|
16188
|
+
.verifySso(ssoVerificationRequest)
|
|
16189
|
+
.then((result) => {
|
|
16190
|
+
this.logger.verbose("1gd1iv", correlationId);
|
|
16191
|
+
// TBD to add profileTelemetry later in localStorage with 24h TTL
|
|
16192
|
+
try {
|
|
16193
|
+
const cacheEntry = JSON.stringify({
|
|
16194
|
+
ssoCapable: result,
|
|
16195
|
+
expiresOn: Date.now() + SSO_CAPABLE_TTL_MS,
|
|
16196
|
+
});
|
|
16197
|
+
window.localStorage.setItem(ssoCacheKey, cacheEntry);
|
|
16198
|
+
}
|
|
16199
|
+
catch {
|
|
16200
|
+
this.logger.warning("18lmoj", correlationId);
|
|
16201
|
+
}
|
|
16202
|
+
ssoCapableMeasurement.end({
|
|
16203
|
+
fromCache: false,
|
|
16204
|
+
success: result,
|
|
16205
|
+
}, undefined);
|
|
16206
|
+
})
|
|
16207
|
+
.catch((error) => {
|
|
16208
|
+
this.logger.warning("05g83w", correlationId);
|
|
16209
|
+
// reset the cache
|
|
16210
|
+
try {
|
|
16211
|
+
window.localStorage.removeItem(ssoCacheKey);
|
|
16212
|
+
}
|
|
16213
|
+
catch {
|
|
16214
|
+
this.logger.warning("0nlf9q", correlationId);
|
|
16215
|
+
}
|
|
16216
|
+
ssoCapableMeasurement.end({
|
|
16217
|
+
fromCache: false,
|
|
16218
|
+
success: false,
|
|
16219
|
+
}, error);
|
|
16220
|
+
});
|
|
16221
|
+
}, 0);
|
|
15955
16222
|
}
|
|
15956
16223
|
// #endregion
|
|
15957
16224
|
// #region Silent Flow
|
|
@@ -15974,28 +16241,35 @@
|
|
|
15974
16241
|
const correlationId = this.getRequestCorrelationId(request);
|
|
15975
16242
|
const validRequest = {
|
|
15976
16243
|
...request,
|
|
15977
|
-
// will be PromptValue.NONE or PromptValue.NO_SESSION
|
|
15978
|
-
prompt: request.prompt,
|
|
15979
16244
|
correlationId: correlationId,
|
|
15980
16245
|
};
|
|
15981
16246
|
this.ssoSilentMeasurement = this.performanceClient.startMeasurement(SsoSilent, correlationId);
|
|
15982
16247
|
this.ssoSilentMeasurement?.add({
|
|
15983
16248
|
scenarioId: request.scenarioId,
|
|
16249
|
+
ssoCapable: this.getCachedSsoCapable(),
|
|
15984
16250
|
});
|
|
15985
16251
|
preflightCheck(this.initialized, this.ssoSilentMeasurement, this.config, validRequest);
|
|
15986
16252
|
this.ssoSilentMeasurement?.increment({
|
|
15987
16253
|
visibilityChangeCount: 0,
|
|
16254
|
+
onlineStatusChangeCount: 0,
|
|
15988
16255
|
});
|
|
15989
|
-
|
|
16256
|
+
this.addStateChangeListeners(this.trackStateChangeWithMeasurement);
|
|
15990
16257
|
const loggedInAccounts = this.getAllAccounts();
|
|
15991
16258
|
this.logger.verbose("0w1b45", correlationId);
|
|
15992
16259
|
this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Silent, validRequest);
|
|
15993
16260
|
let result;
|
|
15994
16261
|
if (this.canUsePlatformBroker(validRequest)) {
|
|
16262
|
+
this.ssoSilentMeasurement?.add({
|
|
16263
|
+
isPlatformBrokerRequest: true,
|
|
16264
|
+
});
|
|
15995
16265
|
result = this.acquireTokenNative(validRequest, ApiId.ssoSilent).catch((e) => {
|
|
16266
|
+
this.ssoSilentMeasurement?.add({
|
|
16267
|
+
brokerErrorName: e.name,
|
|
16268
|
+
brokerErrorCode: e.errorCode,
|
|
16269
|
+
});
|
|
15996
16270
|
// If native token acquisition fails for availability reasons fallback to standard flow
|
|
15997
16271
|
if (e instanceof NativeAuthError && isFatalNativeAuthError(e)) {
|
|
15998
|
-
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
|
|
16272
|
+
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
|
|
15999
16273
|
const silentIframeClient = this.createSilentIframeClient(validRequest.correlationId);
|
|
16000
16274
|
return silentIframeClient.acquireToken(validRequest);
|
|
16001
16275
|
}
|
|
@@ -16029,7 +16303,7 @@
|
|
|
16029
16303
|
throw e;
|
|
16030
16304
|
})
|
|
16031
16305
|
.finally(() => {
|
|
16032
|
-
|
|
16306
|
+
this.removeStateChangeListeners(this.trackStateChangeWithMeasurement);
|
|
16033
16307
|
});
|
|
16034
16308
|
}
|
|
16035
16309
|
/**
|
|
@@ -16068,7 +16342,6 @@
|
|
|
16068
16342
|
this.hybridAuthCodeResponses.delete(hybridAuthCode);
|
|
16069
16343
|
atbcMeasurement.end({
|
|
16070
16344
|
success: true,
|
|
16071
|
-
isNativeBroker: result.fromPlatformBroker,
|
|
16072
16345
|
accessTokenSize: result.accessToken.length,
|
|
16073
16346
|
idTokenSize: result.idToken.length,
|
|
16074
16347
|
}, undefined, result.account);
|
|
@@ -16092,10 +16365,17 @@
|
|
|
16092
16365
|
}
|
|
16093
16366
|
else if (request.nativeAccountId) {
|
|
16094
16367
|
if (this.canUsePlatformBroker(request, request.nativeAccountId)) {
|
|
16368
|
+
atbcMeasurement.add({
|
|
16369
|
+
isPlatformBrokerRequest: true,
|
|
16370
|
+
});
|
|
16095
16371
|
const result = await this.acquireTokenNative({
|
|
16096
16372
|
...request,
|
|
16097
16373
|
correlationId,
|
|
16098
16374
|
}, ApiId.acquireTokenByCode, request.nativeAccountId).catch((e) => {
|
|
16375
|
+
atbcMeasurement.add({
|
|
16376
|
+
brokerErrorName: e.name,
|
|
16377
|
+
brokerErrorCode: e.errorCode,
|
|
16378
|
+
});
|
|
16099
16379
|
// If native token acquisition fails for availability reasons fallback to standard flow
|
|
16100
16380
|
if (e instanceof NativeAuthError &&
|
|
16101
16381
|
isFatalNativeAuthError(e)) {
|
|
@@ -16136,8 +16416,9 @@
|
|
|
16136
16416
|
this.performanceClient.startMeasurement(AcquireTokenByCodeAsync, correlationId);
|
|
16137
16417
|
this.acquireTokenByCodeAsyncMeasurement?.increment({
|
|
16138
16418
|
visibilityChangeCount: 0,
|
|
16419
|
+
onlineStatusChangeCount: 0,
|
|
16139
16420
|
});
|
|
16140
|
-
|
|
16421
|
+
this.addStateChangeListeners(this.trackStateChangeWithMeasurement);
|
|
16141
16422
|
const silentAuthCodeClient = this.createSilentAuthCodeClient(correlationId);
|
|
16142
16423
|
const silentTokenResult = await silentAuthCodeClient
|
|
16143
16424
|
.acquireToken(request)
|
|
@@ -16145,7 +16426,6 @@
|
|
|
16145
16426
|
this.acquireTokenByCodeAsyncMeasurement?.end({
|
|
16146
16427
|
success: true,
|
|
16147
16428
|
fromCache: response.fromCache,
|
|
16148
|
-
isNativeBroker: response.fromPlatformBroker,
|
|
16149
16429
|
});
|
|
16150
16430
|
return response;
|
|
16151
16431
|
})
|
|
@@ -16156,7 +16436,7 @@
|
|
|
16156
16436
|
throw tokenRenewalError;
|
|
16157
16437
|
})
|
|
16158
16438
|
.finally(() => {
|
|
16159
|
-
|
|
16439
|
+
this.removeStateChangeListeners(this.trackStateChangeWithMeasurement);
|
|
16160
16440
|
});
|
|
16161
16441
|
return silentTokenResult;
|
|
16162
16442
|
}
|
|
@@ -16314,7 +16594,7 @@
|
|
|
16314
16594
|
throw createBrowserAuthError(nativeConnectionNotEstablished);
|
|
16315
16595
|
}
|
|
16316
16596
|
const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, apiId, this.performanceClient, this.platformAuthProvider, accountId || this.getNativeAccountId(request), this.nativeInternalStorage, correlationId);
|
|
16317
|
-
return nativeClient.acquireToken(request, cacheLookupPolicy);
|
|
16597
|
+
return invokeAsync(nativeClient.acquireToken.bind(nativeClient), NativeInteractionClientAcquireToken, this.logger, this.performanceClient, correlationId)(request, cacheLookupPolicy);
|
|
16318
16598
|
}
|
|
16319
16599
|
/**
|
|
16320
16600
|
* Returns boolean indicating if this request can use the platform broker
|
|
@@ -16328,7 +16608,7 @@
|
|
|
16328
16608
|
return false;
|
|
16329
16609
|
}
|
|
16330
16610
|
if (!isPlatformAuthAllowed(this.config, this.logger, correlationId, this.platformAuthProvider, request.authenticationScheme)) {
|
|
16331
|
-
this.logger.trace("
|
|
16611
|
+
this.logger.trace("0yoy1g", correlationId);
|
|
16332
16612
|
return false;
|
|
16333
16613
|
}
|
|
16334
16614
|
if (request.prompt) {
|
|
@@ -16547,6 +16827,7 @@
|
|
|
16547
16827
|
atsMeasurement.add({
|
|
16548
16828
|
cacheLookupPolicy: request.cacheLookupPolicy,
|
|
16549
16829
|
scenarioId: request.scenarioId,
|
|
16830
|
+
ssoCapable: this.getCachedSsoCapable(),
|
|
16550
16831
|
});
|
|
16551
16832
|
preflightCheck(this.initialized, atsMeasurement, this.config, request);
|
|
16552
16833
|
this.logger.verbose("0x1c4s", correlationId);
|
|
@@ -16559,7 +16840,6 @@
|
|
|
16559
16840
|
atsMeasurement.end({
|
|
16560
16841
|
success: true,
|
|
16561
16842
|
fromCache: result.fromCache,
|
|
16562
|
-
isNativeBroker: result.fromPlatformBroker,
|
|
16563
16843
|
accessTokenSize: result.accessToken.length,
|
|
16564
16844
|
idTokenSize: result.idToken.length,
|
|
16565
16845
|
}, undefined, result.account);
|
|
@@ -16618,12 +16898,12 @@
|
|
|
16618
16898
|
* @returns {Promise.<AuthenticationResult>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse}
|
|
16619
16899
|
*/
|
|
16620
16900
|
async acquireTokenSilentAsync(request, account) {
|
|
16621
|
-
const
|
|
16901
|
+
const trackStateChange = (event) => this.trackStateChange(request.correlationId, event);
|
|
16622
16902
|
this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, request.correlationId, exports.InteractionType.Silent, request);
|
|
16623
16903
|
if (request.correlationId) {
|
|
16624
|
-
this.performanceClient.incrementFields({ visibilityChangeCount: 0 }, request.correlationId);
|
|
16904
|
+
this.performanceClient.incrementFields({ visibilityChangeCount: 0, onlineStatusChangeCount: 0 }, request.correlationId);
|
|
16625
16905
|
}
|
|
16626
|
-
|
|
16906
|
+
this.addStateChangeListeners(trackStateChange);
|
|
16627
16907
|
const silentRequest = await invokeAsync(initializeSilentRequest, InitializeSilentRequest, this.logger, this.performanceClient, request.correlationId)(request, account, this.config, this.performanceClient, this.logger);
|
|
16628
16908
|
const cacheLookupPolicy = request.cacheLookupPolicy || CacheLookupPolicy.Default;
|
|
16629
16909
|
const result = this.acquireTokenSilentNoIframe(silentRequest, cacheLookupPolicy).catch(async (refreshTokenError) => {
|
|
@@ -16705,7 +16985,7 @@
|
|
|
16705
16985
|
throw tokenRenewalError;
|
|
16706
16986
|
})
|
|
16707
16987
|
.finally(() => {
|
|
16708
|
-
|
|
16988
|
+
this.removeStateChangeListeners(trackStateChange);
|
|
16709
16989
|
});
|
|
16710
16990
|
}
|
|
16711
16991
|
/**
|
|
@@ -16719,7 +16999,12 @@
|
|
|
16719
16999
|
if (isPlatformAuthAllowed(this.config, this.logger, silentRequest.correlationId, this.platformAuthProvider, silentRequest.authenticationScheme) &&
|
|
16720
17000
|
silentRequest.account.nativeAccountId) {
|
|
16721
17001
|
this.logger.verbose("0sczo4", silentRequest.correlationId);
|
|
17002
|
+
this.performanceClient.addFields({ isPlatformBrokerRequest: true }, silentRequest.correlationId);
|
|
16722
17003
|
return this.acquireTokenNative(silentRequest, ApiId.acquireTokenSilent_silentFlow, silentRequest.account.nativeAccountId, cacheLookupPolicy).catch(async (e) => {
|
|
17004
|
+
this.performanceClient.addFields({
|
|
17005
|
+
brokerErrorName: e.name,
|
|
17006
|
+
brokerErrorCode: e.errorCode,
|
|
17007
|
+
}, silentRequest.correlationId);
|
|
16723
17008
|
// If native token acquisition fails for availability reasons fallback to web flow
|
|
16724
17009
|
if (e instanceof NativeAuthError && isFatalNativeAuthError(e)) {
|
|
16725
17010
|
this.logger.verbose("07rkmb", silentRequest.correlationId);
|
|
@@ -18305,7 +18590,7 @@
|
|
|
18305
18590
|
const storage = new BrowserCacheManager(browserConfig.auth.clientId, browserConfig.cache, cryptoOps, logger, browserConfig.telemetry.client, new EventHandler(logger), buildStaticAuthorityOptions(browserConfig.auth));
|
|
18306
18591
|
const authorityString = request.authority || browserConfig.auth.authority;
|
|
18307
18592
|
const authority = await createDiscoveredInstance(Authority.generateAuthority(authorityString, request.azureCloudOptions), browserConfig.system.networkClient, storage, authorityOptions, logger, correlationId, performanceClient);
|
|
18308
|
-
const cacheRecordAccount = await invokeAsync(loadAccount, LoadAccount, logger, performanceClient, correlationId)(request, options.clientInfo || response.client_info || "", correlationId, storage, logger, cryptoOps, authority, idTokenClaims);
|
|
18593
|
+
const cacheRecordAccount = await invokeAsync(loadAccount, LoadAccount, logger, performanceClient, correlationId)(request, options.clientInfo || response.client_info || "", correlationId, storage, logger, cryptoOps, authority, idTokenClaims, performanceClient);
|
|
18309
18594
|
const idToken = await invokeAsync(loadIdToken, LoadIdToken, logger, performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, kmsi, correlationId, storage, logger, config.auth.clientId);
|
|
18310
18595
|
const accessToken = await invokeAsync(loadAccessToken, LoadAccessToken, logger, performanceClient, correlationId)(request, response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, kmsi, options, correlationId, storage, logger, config.auth.clientId);
|
|
18311
18596
|
const refreshToken = await invokeAsync(loadRefreshToken, LoadRefreshToken, logger, performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, kmsi, correlationId, storage, logger, config.auth.clientId, performanceClient);
|
|
@@ -18331,7 +18616,7 @@
|
|
|
18331
18616
|
* @param requestHomeAccountId
|
|
18332
18617
|
* @returns `AccountEntity`
|
|
18333
18618
|
*/
|
|
18334
|
-
async function loadAccount(request, clientInfo, correlationId, storage, logger, cryptoObj, authority, idTokenClaims) {
|
|
18619
|
+
async function loadAccount(request, clientInfo, correlationId, storage, logger, cryptoObj, authority, idTokenClaims, performanceClient) {
|
|
18335
18620
|
logger.verbose("0ke46k", correlationId);
|
|
18336
18621
|
if (request.account) {
|
|
18337
18622
|
const accountEntity = createAccountEntityFromAccountInfo(request.account);
|
|
@@ -18346,7 +18631,7 @@
|
|
|
18346
18631
|
const claimsTenantId = idTokenClaims?.tid;
|
|
18347
18632
|
const cachedAccount = buildAccountToCache(storage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, authority.getPreferredCache(), claimsTenantId, undefined, // authCodePayload
|
|
18348
18633
|
undefined, // nativeAccountId
|
|
18349
|
-
logger);
|
|
18634
|
+
logger, performanceClient);
|
|
18350
18635
|
await storage.setAccount(cachedAccount, correlationId, isKmsi(idTokenClaims || {}), ApiId.loadExternalTokens);
|
|
18351
18636
|
return cachedAccount;
|
|
18352
18637
|
}
|
|
@@ -18618,6 +18903,9 @@
|
|
|
18618
18903
|
getPageVisibility() {
|
|
18619
18904
|
return document.visibilityState?.toString() || null;
|
|
18620
18905
|
}
|
|
18906
|
+
getOnlineStatus() {
|
|
18907
|
+
return typeof navigator !== "undefined" ? navigator.onLine : null;
|
|
18908
|
+
}
|
|
18621
18909
|
deleteIncompleteSubMeasurements(inProgressEvent) {
|
|
18622
18910
|
void getPerfMeasurementModule()?.then((module) => {
|
|
18623
18911
|
const rootEvent = this.eventsByCorrelationId.get(inProgressEvent.event.correlationId);
|
|
@@ -18644,6 +18932,7 @@
|
|
|
18644
18932
|
startMeasurement(measureName, correlationId) {
|
|
18645
18933
|
// Capture page visibilityState and then invoke start/end measurement
|
|
18646
18934
|
const startPageVisibility = this.getPageVisibility();
|
|
18935
|
+
const startOnlineStatus = this.getOnlineStatus();
|
|
18647
18936
|
const inProgressEvent = super.startMeasurement(measureName, correlationId);
|
|
18648
18937
|
const startTime = supportsBrowserPerformanceNow()
|
|
18649
18938
|
? window.performance.now()
|
|
@@ -18659,6 +18948,7 @@
|
|
|
18659
18948
|
const res = inProgressEvent.end({
|
|
18660
18949
|
...event,
|
|
18661
18950
|
startPageVisibility,
|
|
18951
|
+
startOnlineStatus,
|
|
18662
18952
|
endPageVisibility: this.getPageVisibility(),
|
|
18663
18953
|
durationMs: getPerfDurationMs(startTime),
|
|
18664
18954
|
networkEffectiveType: networkInfo.effectiveType,
|