@azure/msal-browser 5.6.2 → 5.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (456) hide show
  1. package/README.md +0 -1
  2. package/dist/app/IPublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientApplication.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +2 -3
  5. package/dist/broker/nativeBroker/NativeStatusCodes.mjs.map +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  8. package/dist/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
  9. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +2 -2
  10. package/dist/cache/AccountManager.mjs +1 -1
  11. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  12. package/dist/cache/BrowserCacheManager.mjs +1 -1
  13. package/dist/cache/CacheHelpers.mjs +1 -1
  14. package/dist/cache/CacheKeys.d.ts +1 -0
  15. package/dist/cache/CacheKeys.d.ts.map +1 -1
  16. package/dist/cache/CacheKeys.mjs +3 -2
  17. package/dist/cache/CacheKeys.mjs.map +1 -1
  18. package/dist/cache/CookieStorage.mjs +1 -1
  19. package/dist/cache/DatabaseStorage.mjs +1 -1
  20. package/dist/cache/EncryptedData.mjs +1 -1
  21. package/dist/cache/LocalStorage.mjs +1 -1
  22. package/dist/cache/MemoryStorage.mjs +1 -1
  23. package/dist/cache/SessionStorage.mjs +1 -1
  24. package/dist/cache/TokenCache.d.ts.map +1 -1
  25. package/dist/cache/TokenCache.mjs +9 -9
  26. package/dist/cache/TokenCache.mjs.map +1 -1
  27. package/dist/config/Configuration.d.ts +20 -1
  28. package/dist/config/Configuration.d.ts.map +1 -1
  29. package/dist/config/Configuration.mjs +10 -2
  30. package/dist/config/Configuration.mjs.map +1 -1
  31. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  32. package/dist/controllers/StandardController.d.ts +20 -2
  33. package/dist/controllers/StandardController.d.ts.map +1 -1
  34. package/dist/controllers/StandardController.mjs +204 -37
  35. package/dist/controllers/StandardController.mjs.map +1 -1
  36. package/dist/crypto/BrowserCrypto.mjs +1 -1
  37. package/dist/crypto/CryptoOps.mjs +1 -1
  38. package/dist/crypto/PkceGenerator.mjs +1 -1
  39. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  40. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  41. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +2 -3
  42. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs.map +1 -1
  43. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  44. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  45. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
  46. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +2 -2
  47. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  48. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  49. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
  50. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  51. package/dist/custom-auth-path/cache/CacheKeys.d.ts +1 -0
  52. package/dist/custom-auth-path/cache/CacheKeys.d.ts.map +1 -1
  53. package/dist/custom-auth-path/cache/CacheKeys.mjs +3 -2
  54. package/dist/custom-auth-path/cache/CacheKeys.mjs.map +1 -1
  55. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  56. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  57. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  58. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  59. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  60. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  61. package/dist/custom-auth-path/cache/TokenCache.d.ts.map +1 -1
  62. package/dist/custom-auth-path/config/Configuration.d.ts +20 -1
  63. package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
  64. package/dist/custom-auth-path/config/Configuration.mjs +10 -2
  65. package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
  66. package/dist/custom-auth-path/controllers/StandardController.d.ts +20 -2
  67. package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
  68. package/dist/custom-auth-path/controllers/StandardController.mjs +204 -37
  69. package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
  70. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  71. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  72. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  74. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  158. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  159. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  160. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  169. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  170. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  171. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  172. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  173. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  174. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  175. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  176. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  177. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  178. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  179. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  180. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  181. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  182. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  183. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  184. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  185. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  186. package/dist/custom-auth-path/error/NativeAuthError.d.ts.map +1 -1
  187. package/dist/custom-auth-path/error/NativeAuthError.mjs +3 -4
  188. package/dist/custom-auth-path/error/NativeAuthError.mjs.map +1 -1
  189. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  190. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  191. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  192. package/dist/custom-auth-path/index.d.ts +1 -1
  193. package/dist/custom-auth-path/index.d.ts.map +1 -1
  194. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  195. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  196. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts +12 -12
  197. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  198. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +39 -26
  199. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  200. package/dist/custom-auth-path/interaction_client/PopupClient.d.ts.map +1 -1
  201. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +6 -2
  202. package/dist/custom-auth-path/interaction_client/PopupClient.mjs.map +1 -1
  203. package/dist/custom-auth-path/interaction_client/RedirectClient.d.ts.map +1 -1
  204. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +6 -2
  205. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs.map +1 -1
  206. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  207. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  208. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts +14 -0
  209. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
  210. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +47 -5
  211. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
  212. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  213. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
  214. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  215. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
  216. package/dist/custom-auth-path/log-strings-mapping.json +67 -15
  217. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  218. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  219. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  220. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  221. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  222. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  223. package/dist/custom-auth-path/protocol/Authorize.d.ts.map +1 -1
  224. package/dist/custom-auth-path/protocol/Authorize.mjs +5 -1
  225. package/dist/custom-auth-path/protocol/Authorize.mjs.map +1 -1
  226. package/dist/custom-auth-path/redirect_bridge/index.d.ts.map +1 -1
  227. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  228. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  229. package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts +1 -0
  230. package/dist/custom-auth-path/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  231. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts +6 -0
  232. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  233. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +9 -3
  234. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
  235. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
  236. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
  237. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +8 -3
  238. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs.map +1 -1
  239. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  240. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  241. package/dist/custom-auth-path/utils/BrowserUtils.d.ts +2 -2
  242. package/dist/custom-auth-path/utils/BrowserUtils.d.ts.map +1 -1
  243. package/dist/custom-auth-path/utils/BrowserUtils.mjs +27 -3
  244. package/dist/custom-auth-path/utils/BrowserUtils.mjs.map +1 -1
  245. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  246. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
  247. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  248. package/dist/encode/Base64Decode.mjs +1 -1
  249. package/dist/encode/Base64Encode.mjs +1 -1
  250. package/dist/error/BrowserAuthError.mjs +1 -1
  251. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  252. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  253. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  254. package/dist/error/NativeAuthError.d.ts.map +1 -1
  255. package/dist/error/NativeAuthError.mjs +3 -4
  256. package/dist/error/NativeAuthError.mjs.map +1 -1
  257. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  258. package/dist/error/NestedAppAuthError.mjs +1 -1
  259. package/dist/event/EventHandler.mjs +1 -1
  260. package/dist/event/EventMessage.mjs +1 -1
  261. package/dist/event/EventType.mjs +1 -1
  262. package/dist/index.d.ts +1 -1
  263. package/dist/index.d.ts.map +1 -1
  264. package/dist/index.mjs +1 -1
  265. package/dist/index.mjs.map +1 -1
  266. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  267. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  268. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts +12 -12
  269. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  270. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +39 -26
  271. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  272. package/dist/interaction_client/PopupClient.d.ts.map +1 -1
  273. package/dist/interaction_client/PopupClient.mjs +6 -2
  274. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  275. package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
  276. package/dist/interaction_client/RedirectClient.mjs +6 -2
  277. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  278. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  279. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  280. package/dist/interaction_client/SilentIframeClient.d.ts +14 -0
  281. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  282. package/dist/interaction_client/SilentIframeClient.mjs +47 -5
  283. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  284. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  285. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  286. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  287. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  288. package/dist/log-strings-mapping.json +75 -23
  289. package/dist/naa/BridgeError.mjs +1 -1
  290. package/dist/naa/BridgeProxy.mjs +1 -1
  291. package/dist/naa/BridgeStatusCode.mjs +1 -1
  292. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  293. package/dist/navigation/NavigationClient.mjs +1 -1
  294. package/dist/network/FetchClient.mjs +1 -1
  295. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  296. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  297. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  298. package/dist/packageMetadata.d.ts +1 -1
  299. package/dist/packageMetadata.mjs +2 -2
  300. package/dist/protocol/Authorize.d.ts.map +1 -1
  301. package/dist/protocol/Authorize.mjs +5 -1
  302. package/dist/protocol/Authorize.mjs.map +1 -1
  303. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
  304. package/dist/redirect-bridge/cache/CacheKeys.d.ts +1 -0
  305. package/dist/redirect-bridge/cache/CacheKeys.d.ts.map +1 -1
  306. package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
  307. package/dist/redirect-bridge/cache/TokenCache.d.ts.map +1 -1
  308. package/dist/redirect-bridge/config/Configuration.d.ts +20 -1
  309. package/dist/redirect-bridge/config/Configuration.d.ts.map +1 -1
  310. package/dist/redirect-bridge/config/Configuration.mjs +1 -1
  311. package/dist/redirect-bridge/controllers/StandardController.d.ts +20 -2
  312. package/dist/redirect-bridge/controllers/StandardController.d.ts.map +1 -1
  313. package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
  314. package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
  315. package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
  316. package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
  317. package/dist/redirect-bridge/error/NativeAuthError.d.ts.map +1 -1
  318. package/dist/redirect-bridge/index.d.ts +1 -1
  319. package/dist/redirect-bridge/index.d.ts.map +1 -1
  320. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts +12 -12
  321. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  322. package/dist/redirect-bridge/interaction_client/PopupClient.d.ts.map +1 -1
  323. package/dist/redirect-bridge/interaction_client/RedirectClient.d.ts.map +1 -1
  324. package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts +14 -0
  325. package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts.map +1 -1
  326. package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
  327. package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
  328. package/dist/redirect-bridge/protocol/Authorize.d.ts.map +1 -1
  329. package/dist/redirect-bridge/redirect_bridge/index.d.ts.map +1 -1
  330. package/dist/redirect-bridge/redirect_bridge/index.mjs +11 -7
  331. package/dist/redirect-bridge/redirect_bridge/index.mjs.map +1 -1
  332. package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts +1 -0
  333. package/dist/redirect-bridge/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  334. package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts +6 -0
  335. package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  336. package/dist/redirect-bridge/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
  337. package/dist/redirect-bridge/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
  338. package/dist/redirect-bridge/utils/BrowserConstants.mjs +7 -3
  339. package/dist/redirect-bridge/utils/BrowserConstants.mjs.map +1 -1
  340. package/dist/redirect-bridge/utils/BrowserUtils.d.ts +2 -2
  341. package/dist/redirect-bridge/utils/BrowserUtils.d.ts.map +1 -1
  342. package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
  343. package/dist/redirect-bridge/utils/BrowserUtils.mjs.map +1 -1
  344. package/dist/redirect_bridge/index.d.ts.map +1 -1
  345. package/dist/request/RequestHelpers.mjs +1 -1
  346. package/dist/response/ResponseHandler.mjs +1 -1
  347. package/dist/telemetry/BrowserPerformanceClient.d.ts +1 -0
  348. package/dist/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  349. package/dist/telemetry/BrowserPerformanceClient.mjs +6 -1
  350. package/dist/telemetry/BrowserPerformanceClient.mjs.map +1 -1
  351. package/dist/telemetry/BrowserPerformanceEvents.d.ts +6 -0
  352. package/dist/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  353. package/dist/telemetry/BrowserPerformanceEvents.mjs +9 -3
  354. package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
  355. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  356. package/dist/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
  357. package/dist/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
  358. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +10 -3
  359. package/dist/telemetry/BrowserRootPerformanceEvents.mjs.map +1 -1
  360. package/dist/utils/BrowserConstants.mjs +1 -1
  361. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  362. package/dist/utils/BrowserUtils.d.ts +2 -2
  363. package/dist/utils/BrowserUtils.d.ts.map +1 -1
  364. package/dist/utils/BrowserUtils.mjs +27 -3
  365. package/dist/utils/BrowserUtils.mjs.map +1 -1
  366. package/dist/utils/Helpers.mjs +1 -1
  367. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  368. package/lib/custom-auth-path/log-strings-mapping.json +67 -15
  369. package/lib/custom-auth-path/msal-custom-auth.cjs +897 -617
  370. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  371. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
  372. package/lib/custom-auth-path/types/cache/CacheKeys.d.ts +1 -0
  373. package/lib/custom-auth-path/types/cache/CacheKeys.d.ts.map +1 -1
  374. package/lib/custom-auth-path/types/cache/TokenCache.d.ts.map +1 -1
  375. package/lib/custom-auth-path/types/config/Configuration.d.ts +20 -1
  376. package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
  377. package/lib/custom-auth-path/types/controllers/StandardController.d.ts +20 -2
  378. package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
  379. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  380. package/lib/custom-auth-path/types/error/NativeAuthError.d.ts.map +1 -1
  381. package/lib/custom-auth-path/types/index.d.ts +1 -1
  382. package/lib/custom-auth-path/types/index.d.ts.map +1 -1
  383. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts +12 -12
  384. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  385. package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts.map +1 -1
  386. package/lib/custom-auth-path/types/interaction_client/RedirectClient.d.ts.map +1 -1
  387. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts +14 -0
  388. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  389. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  390. package/lib/custom-auth-path/types/protocol/Authorize.d.ts.map +1 -1
  391. package/lib/custom-auth-path/types/redirect_bridge/index.d.ts.map +1 -1
  392. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts +1 -0
  393. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  394. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts +6 -0
  395. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  396. package/lib/custom-auth-path/types/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
  397. package/lib/custom-auth-path/types/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
  398. package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts +2 -2
  399. package/lib/custom-auth-path/types/utils/BrowserUtils.d.ts.map +1 -1
  400. package/lib/log-strings-mapping.json +75 -23
  401. package/lib/msal-browser.cjs +1045 -755
  402. package/lib/msal-browser.cjs.map +1 -1
  403. package/lib/msal-browser.js +1045 -755
  404. package/lib/msal-browser.js.map +1 -1
  405. package/lib/msal-browser.min.js +2 -2
  406. package/lib/redirect-bridge/msal-redirect-bridge.js +24 -16
  407. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  408. package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
  409. package/lib/types/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
  410. package/lib/types/cache/CacheKeys.d.ts +1 -0
  411. package/lib/types/cache/CacheKeys.d.ts.map +1 -1
  412. package/lib/types/cache/TokenCache.d.ts.map +1 -1
  413. package/lib/types/config/Configuration.d.ts +20 -1
  414. package/lib/types/config/Configuration.d.ts.map +1 -1
  415. package/lib/types/controllers/StandardController.d.ts +20 -2
  416. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  417. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  418. package/lib/types/error/NativeAuthError.d.ts.map +1 -1
  419. package/lib/types/index.d.ts +1 -1
  420. package/lib/types/index.d.ts.map +1 -1
  421. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts +12 -12
  422. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  423. package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
  424. package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
  425. package/lib/types/interaction_client/SilentIframeClient.d.ts +14 -0
  426. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  427. package/lib/types/packageMetadata.d.ts +1 -1
  428. package/lib/types/protocol/Authorize.d.ts.map +1 -1
  429. package/lib/types/redirect_bridge/index.d.ts.map +1 -1
  430. package/lib/types/telemetry/BrowserPerformanceClient.d.ts +1 -0
  431. package/lib/types/telemetry/BrowserPerformanceClient.d.ts.map +1 -1
  432. package/lib/types/telemetry/BrowserPerformanceEvents.d.ts +6 -0
  433. package/lib/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  434. package/lib/types/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
  435. package/lib/types/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
  436. package/lib/types/utils/BrowserUtils.d.ts +2 -2
  437. package/lib/types/utils/BrowserUtils.d.ts.map +1 -1
  438. package/package.json +2 -2
  439. package/src/broker/nativeBroker/PlatformAuthProvider.ts +1 -1
  440. package/src/cache/CacheKeys.ts +1 -0
  441. package/src/cache/TokenCache.ts +27 -24
  442. package/src/config/Configuration.ts +30 -0
  443. package/src/controllers/StandardController.ts +316 -69
  444. package/src/error/NativeAuthError.ts +1 -2
  445. package/src/index.ts +1 -0
  446. package/src/interaction_client/PlatformAuthInteractionClient.ts +99 -76
  447. package/src/interaction_client/PopupClient.ts +10 -0
  448. package/src/interaction_client/RedirectClient.ts +10 -0
  449. package/src/interaction_client/SilentIframeClient.ts +127 -22
  450. package/src/packageMetadata.ts +1 -1
  451. package/src/protocol/Authorize.ts +8 -0
  452. package/src/redirect_bridge/index.ts +12 -5
  453. package/src/telemetry/BrowserPerformanceClient.ts +6 -0
  454. package/src/telemetry/BrowserPerformanceEvents.ts +9 -0
  455. package/src/telemetry/BrowserRootPerformanceEvents.ts +7 -0
  456. package/src/utils/BrowserUtils.ts +36 -4
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-browser v5.6.2 2026-03-27 */
1
+ /*! @azure/msal-browser v5.7.0 2026-04-16 */
2
2
  'use strict';
3
3
  (function (global, factory) {
4
4
  typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
@@ -6,7 +6,7 @@
6
6
  (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msal = {}));
7
7
  })(this, (function (exports) { 'use strict';
8
8
 
9
- /*! @azure/msal-common v16.4.0 2026-03-27 */
9
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
10
10
  /*
11
11
  * Copyright (c) Microsoft Corporation. All rights reserved.
12
12
  * Licensed under the MIT License.
@@ -238,7 +238,7 @@
238
238
  // Token renewal offset default in seconds
239
239
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
240
240
 
241
- /*! @azure/msal-common v16.4.0 2026-03-27 */
241
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
242
242
  /*
243
243
  * Copyright (c) Microsoft Corporation. All rights reserved.
244
244
  * Licensed under the MIT License.
@@ -290,7 +290,7 @@
290
290
  const RESOURCE = "resource";
291
291
  const CLI_DATA = "clidata";
292
292
 
293
- /*! @azure/msal-common v16.4.0 2026-03-27 */
293
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
294
294
  /*
295
295
  * Copyright (c) Microsoft Corporation. All rights reserved.
296
296
  * Licensed under the MIT License.
@@ -321,7 +321,7 @@
321
321
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
322
322
  }
323
323
 
324
- /*! @azure/msal-common v16.4.0 2026-03-27 */
324
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
325
325
 
326
326
  /*
327
327
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -341,7 +341,7 @@
341
341
  return new ClientConfigurationError(errorCode);
342
342
  }
343
343
 
344
- /*! @azure/msal-common v16.4.0 2026-03-27 */
344
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
345
345
  /*
346
346
  * Copyright (c) Microsoft Corporation. All rights reserved.
347
347
  * Licensed under the MIT License.
@@ -421,7 +421,7 @@
421
421
  }
422
422
  }
423
423
 
424
- /*! @azure/msal-common v16.4.0 2026-03-27 */
424
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
425
425
 
426
426
  /*
427
427
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -444,7 +444,7 @@
444
444
  return new ClientAuthError(errorCode, additionalMessage);
445
445
  }
446
446
 
447
- /*! @azure/msal-common v16.4.0 2026-03-27 */
447
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
448
448
  /*
449
449
  * Copyright (c) Microsoft Corporation. All rights reserved.
450
450
  * Licensed under the MIT License.
@@ -498,7 +498,7 @@
498
498
  urlParseError: urlParseError
499
499
  });
500
500
 
501
- /*! @azure/msal-common v16.4.0 2026-03-27 */
501
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
502
502
  /*
503
503
  * Copyright (c) Microsoft Corporation. All rights reserved.
504
504
  * Licensed under the MIT License.
@@ -586,7 +586,7 @@
586
586
  userCanceled: userCanceled
587
587
  });
588
588
 
589
- /*! @azure/msal-common v16.4.0 2026-03-27 */
589
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
590
590
 
591
591
  /*
592
592
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -781,7 +781,7 @@
781
781
  }
782
782
  }
783
783
 
784
- /*! @azure/msal-common v16.4.0 2026-03-27 */
784
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
785
785
 
786
786
  /*
787
787
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -902,18 +902,29 @@
902
902
  parameters.set(SID, sid);
903
903
  }
904
904
  /**
905
- * add claims
906
- * @param claims
907
- */
908
- function addClaims(parameters, claims, clientCapabilities) {
909
- const mergedClaims = addClientCapabilitiesToClaims$1(claims, clientCapabilities);
910
- try {
911
- JSON.parse(mergedClaims);
912
- }
913
- catch (e) {
914
- throw createClientConfigurationError(invalidClaims);
905
+ * Adds claims to request parameters, conditionally excluding clientCapabilities
906
+ * when skipBrokerClaims is true and a brokered flow is in effect.
907
+ * @param parameters - The request parameters map
908
+ * @param claims - The claims string from the request
909
+ * @param clientCapabilities - The client capabilities from configuration
910
+ * @param skipBrokerClaims - When true and BROKER_CLIENT_ID is present, excludes clientCapabilities from claims
911
+ */
912
+ function addClaims(parameters, claims, clientCapabilities, skipBrokerClaims) {
913
+ // Skip clientCapabilities if skipBrokerClaims is set to true and this is a brokered authentication flow
914
+ const configClaims = skipBrokerClaims && parameters.has(BROKER_CLIENT_ID)
915
+ ? undefined
916
+ : clientCapabilities;
917
+ if (!StringUtils.isEmptyObj(claims) ||
918
+ (configClaims && configClaims.length > 0)) {
919
+ const mergedClaims = addClientCapabilitiesToClaims$1(claims, configClaims);
920
+ try {
921
+ JSON.parse(mergedClaims);
922
+ }
923
+ catch (e) {
924
+ throw createClientConfigurationError(invalidClaims);
925
+ }
926
+ parameters.set(CLAIMS, mergedClaims);
915
927
  }
916
- parameters.set(CLAIMS, mergedClaims);
917
928
  }
918
929
  /**
919
930
  * add correlationId
@@ -1159,7 +1170,7 @@
1159
1170
  }
1160
1171
  }
1161
1172
 
1162
- /*! @azure/msal-common v16.4.0 2026-03-27 */
1173
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1163
1174
 
1164
1175
  /*
1165
1176
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1268,7 +1279,7 @@
1268
1279
  }
1269
1280
  }
1270
1281
 
1271
- /*! @azure/msal-common v16.4.0 2026-03-27 */
1282
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1272
1283
 
1273
1284
  /*
1274
1285
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1307,7 +1318,7 @@
1307
1318
  },
1308
1319
  };
1309
1320
 
1310
- /*! @azure/msal-common v16.4.0 2026-03-27 */
1321
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1311
1322
  /*
1312
1323
  * Copyright (c) Microsoft Corporation. All rights reserved.
1313
1324
  * Licensed under the MIT License.
@@ -1582,12 +1593,12 @@
1582
1593
  }
1583
1594
  }
1584
1595
 
1585
- /*! @azure/msal-common v16.4.0 2026-03-27 */
1596
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1586
1597
  /* eslint-disable header/header */
1587
1598
  const name$1 = "@azure/msal-common";
1588
- const version$1 = "16.4.0";
1599
+ const version$1 = "16.5.0";
1589
1600
 
1590
- /*! @azure/msal-common v16.4.0 2026-03-27 */
1601
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1591
1602
  /*
1592
1603
  * Copyright (c) Microsoft Corporation. All rights reserved.
1593
1604
  * Licensed under the MIT License.
@@ -1607,7 +1618,7 @@
1607
1618
  AzureUsGovernment: "https://login.microsoftonline.us",
1608
1619
  };
1609
1620
 
1610
- /*! @azure/msal-common v16.4.0 2026-03-27 */
1621
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1611
1622
  /*
1612
1623
  * Copyright (c) Microsoft Corporation. All rights reserved.
1613
1624
  * Licensed under the MIT License.
@@ -1689,7 +1700,7 @@
1689
1700
  return updatedAccountInfo;
1690
1701
  }
1691
1702
 
1692
- /*! @azure/msal-common v16.4.0 2026-03-27 */
1703
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1693
1704
 
1694
1705
  /*
1695
1706
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1769,7 +1780,7 @@
1769
1780
  }
1770
1781
  }
1771
1782
 
1772
- /*! @azure/msal-common v16.4.0 2026-03-27 */
1783
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1773
1784
 
1774
1785
  /*
1775
1786
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1926,7 +1937,7 @@
1926
1937
  }
1927
1938
  }
1928
1939
 
1929
- /*! @azure/msal-common v16.4.0 2026-03-27 */
1940
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1930
1941
 
1931
1942
  /*
1932
1943
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2083,7 +2094,7 @@
2083
2094
  return null;
2084
2095
  }
2085
2096
 
2086
- /*! @azure/msal-common v16.4.0 2026-03-27 */
2097
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2087
2098
  /*
2088
2099
  * Copyright (c) Microsoft Corporation. All rights reserved.
2089
2100
  * Licensed under the MIT License.
@@ -2091,7 +2102,7 @@
2091
2102
  const cacheQuotaExceeded = "cache_quota_exceeded";
2092
2103
  const cacheErrorUnknown = "cache_error_unknown";
2093
2104
 
2094
- /*! @azure/msal-common v16.4.0 2026-03-27 */
2105
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2095
2106
 
2096
2107
  /*
2097
2108
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2129,7 +2140,7 @@
2129
2140
  }
2130
2141
  }
2131
2142
 
2132
- /*! @azure/msal-common v16.4.0 2026-03-27 */
2143
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2133
2144
 
2134
2145
  /*
2135
2146
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2167,7 +2178,7 @@
2167
2178
  };
2168
2179
  }
2169
2180
 
2170
- /*! @azure/msal-common v16.4.0 2026-03-27 */
2181
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2171
2182
  /*
2172
2183
  * Copyright (c) Microsoft Corporation. All rights reserved.
2173
2184
  * Licensed under the MIT License.
@@ -2182,7 +2193,7 @@
2182
2193
  Ciam: 3,
2183
2194
  };
2184
2195
 
2185
- /*! @azure/msal-common v16.4.0 2026-03-27 */
2196
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2186
2197
  /*
2187
2198
  * Copyright (c) Microsoft Corporation. All rights reserved.
2188
2199
  * Licensed under the MIT License.
@@ -2204,7 +2215,7 @@
2204
2215
  return null;
2205
2216
  }
2206
2217
 
2207
- /*! @azure/msal-common v16.4.0 2026-03-27 */
2218
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2208
2219
  /*
2209
2220
  * Copyright (c) Microsoft Corporation. All rights reserved.
2210
2221
  * Licensed under the MIT License.
@@ -2228,7 +2239,7 @@
2228
2239
  EAR: "EAR",
2229
2240
  };
2230
2241
 
2231
- /*! @azure/msal-common v16.4.0 2026-03-27 */
2242
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2232
2243
  /**
2233
2244
  * Returns the AccountInfo interface for this account.
2234
2245
  */
@@ -2403,7 +2414,7 @@
2403
2414
  entity.hasOwnProperty("authorityType"));
2404
2415
  }
2405
2416
 
2406
- /*! @azure/msal-common v16.4.0 2026-03-27 */
2417
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2407
2418
 
2408
2419
  /*
2409
2420
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3505,7 +3516,7 @@
3505
3516
  }
3506
3517
  }
3507
3518
 
3508
- /*! @azure/msal-common v16.4.0 2026-03-27 */
3519
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3509
3520
  /*
3510
3521
  * Copyright (c) Microsoft Corporation. All rights reserved.
3511
3522
  * Licensed under the MIT License.
@@ -3550,12 +3561,13 @@
3550
3561
  "currRefreshCount",
3551
3562
  "expiredCacheRemovedCount",
3552
3563
  "upgradedCacheCount",
3564
+ "cacheMatchedAccounts",
3553
3565
  "networkRtt",
3554
3566
  "redirectBridgeTimeoutMs",
3555
3567
  "redirectBridgeMessageVersion",
3556
3568
  ]);
3557
3569
 
3558
- /*! @azure/msal-common v16.4.0 2026-03-27 */
3570
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3559
3571
 
3560
3572
  /*
3561
3573
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3610,7 +3622,7 @@
3610
3622
  }
3611
3623
  }
3612
3624
 
3613
- /*! @azure/msal-common v16.4.0 2026-03-27 */
3625
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3614
3626
 
3615
3627
  /*
3616
3628
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3705,226 +3717,34 @@
3705
3717
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3706
3718
  }
3707
3719
 
3708
- /*! @azure/msal-common v16.4.0 2026-03-27 */
3709
-
3710
- /*
3711
- * Copyright (c) Microsoft Corporation. All rights reserved.
3712
- * Licensed under the MIT License.
3713
- */
3714
- /**
3715
- * Error thrown when there is an error with the server code, for example, unavailability.
3716
- */
3717
- class ServerError extends AuthError {
3718
- constructor(errorCode, errorMessage, subError, errorNo, status) {
3719
- super(errorCode, errorMessage, subError);
3720
- this.name = "ServerError";
3721
- this.errorNo = errorNo;
3722
- this.status = status;
3723
- Object.setPrototypeOf(this, ServerError.prototype);
3724
- }
3725
- }
3726
-
3727
- /*! @azure/msal-common v16.4.0 2026-03-27 */
3728
- /*
3729
- * Copyright (c) Microsoft Corporation. All rights reserved.
3730
- * Licensed under the MIT License.
3731
- */
3732
- /**
3733
- * MSAL-defined interaction required error code indicating no tokens are found in cache.
3734
- * @public
3735
- */
3736
- const noTokensFound = "no_tokens_found";
3737
- /**
3738
- * MSAL-defined error code indicating a native account is unavailable on the platform.
3739
- * @public
3740
- */
3741
- const nativeAccountUnavailable = "native_account_unavailable";
3742
- /**
3743
- * MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
3744
- * @public
3745
- */
3746
- const refreshTokenExpired = "refresh_token_expired";
3747
- /**
3748
- * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
3749
- * @public
3750
- */
3751
- const uxNotAllowed = "ux_not_allowed";
3752
- /**
3753
- * Server-originated error code indicating interaction is required to complete the request.
3754
- * @public
3755
- */
3756
- const interactionRequired = "interaction_required";
3757
- /**
3758
- * Server-originated error code indicating user consent is required.
3759
- * @public
3760
- */
3761
- const consentRequired = "consent_required";
3762
- /**
3763
- * Server-originated error code indicating user login is required.
3764
- * @public
3765
- */
3766
- const loginRequired = "login_required";
3767
- /**
3768
- * Server-originated error code indicating the token is invalid or corrupted.
3769
- * @public
3770
- */
3771
- const badToken = "bad_token";
3772
- /**
3773
- * Server-originated error code indicating the user is in an interrupted state and interaction is required.
3774
- * @public
3775
- */
3776
- const interruptedUser = "interrupted_user";
3777
-
3778
- var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
3779
- __proto__: null,
3780
- badToken: badToken,
3781
- consentRequired: consentRequired,
3782
- interactionRequired: interactionRequired,
3783
- interruptedUser: interruptedUser,
3784
- loginRequired: loginRequired,
3785
- nativeAccountUnavailable: nativeAccountUnavailable,
3786
- noTokensFound: noTokensFound,
3787
- refreshTokenExpired: refreshTokenExpired,
3788
- uxNotAllowed: uxNotAllowed
3789
- });
3790
-
3791
- /*! @azure/msal-common v16.4.0 2026-03-27 */
3792
-
3793
- /*
3794
- * Copyright (c) Microsoft Corporation. All rights reserved.
3795
- * Licensed under the MIT License.
3796
- */
3797
- /**
3798
- * InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required
3799
- */
3800
- const InteractionRequiredServerErrorMessage = [
3801
- interactionRequired,
3802
- consentRequired,
3803
- loginRequired,
3804
- badToken,
3805
- uxNotAllowed,
3806
- interruptedUser,
3807
- ];
3808
- const InteractionRequiredAuthSubErrorMessage = [
3809
- "message_only",
3810
- "additional_action",
3811
- "basic_action",
3812
- "user_password_expired",
3813
- "consent_required",
3814
- "bad_token",
3815
- "ux_not_allowed",
3816
- "interrupted_user",
3817
- ];
3818
- /**
3819
- * Error thrown when user interaction is required.
3820
- */
3821
- class InteractionRequiredAuthError extends AuthError {
3822
- constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
3823
- super(errorCode, errorMessage, subError);
3824
- Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
3825
- this.timestamp = timestamp || "";
3826
- this.traceId = traceId || "";
3827
- this.correlationId = correlationId || "";
3828
- this.claims = claims || "";
3829
- this.name = "InteractionRequiredAuthError";
3830
- this.errorNo = errorNo;
3831
- }
3832
- }
3833
- /**
3834
- * Helper function used to determine if an error thrown by the server requires interaction to resolve
3835
- * @param errorCode
3836
- * @param errorString
3837
- * @param subError
3838
- */
3839
- function isInteractionRequiredError(errorCode, errorString, subError) {
3840
- const isInteractionRequiredErrorCode = !!errorCode &&
3841
- InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;
3842
- const isInteractionRequiredSubError = !!subError &&
3843
- InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
3844
- const isInteractionRequiredErrorDesc = !!errorString &&
3845
- InteractionRequiredServerErrorMessage.some((irErrorCode) => {
3846
- return errorString.indexOf(irErrorCode) > -1;
3847
- });
3848
- return (isInteractionRequiredErrorCode ||
3849
- isInteractionRequiredErrorDesc ||
3850
- isInteractionRequiredSubError);
3851
- }
3852
- /**
3853
- * Creates an InteractionRequiredAuthError
3854
- */
3855
- function createInteractionRequiredAuthError(errorCode, errorMessage) {
3856
- return new InteractionRequiredAuthError(errorCode, errorMessage);
3857
- }
3858
-
3859
- /*! @azure/msal-common v16.4.0 2026-03-27 */
3860
-
3720
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3861
3721
  /*
3862
3722
  * Copyright (c) Microsoft Corporation. All rights reserved.
3863
3723
  * Licensed under the MIT License.
3864
3724
  */
3865
3725
  /**
3866
- * Appends user state with random guid, or returns random guid.
3867
- * @param cryptoObj
3868
- * @param userState
3869
- * @param meta
3870
- */
3871
- function setRequestState(cryptoObj, userState, meta) {
3872
- const libraryState = generateLibraryState(cryptoObj, meta);
3873
- return userState
3874
- ? `${libraryState}${RESOURCE_DELIM}${userState}`
3875
- : libraryState;
3876
- }
3877
- /**
3878
- * Generates the state value used by the common library.
3879
- * @param cryptoObj
3880
- * @param meta
3881
- */
3882
- function generateLibraryState(cryptoObj, meta) {
3883
- if (!cryptoObj) {
3884
- throw createClientAuthError(noCryptoObject);
3885
- }
3886
- // Create a state object containing a unique id and the timestamp of the request creation
3887
- const stateObj = {
3888
- id: cryptoObj.createNewGuid(),
3889
- };
3890
- if (meta) {
3891
- stateObj.meta = meta;
3892
- }
3893
- const stateString = JSON.stringify(stateObj);
3894
- return cryptoObj.base64Encode(stateString);
3895
- }
3896
- /**
3897
- * Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.
3898
- * @param base64Decode
3899
- * @param state
3900
- */
3901
- function parseRequestState(base64Decode, state) {
3902
- if (!base64Decode) {
3903
- throw createClientAuthError(noCryptoObject);
3904
- }
3905
- if (!state) {
3906
- throw createClientAuthError(invalidState);
3726
+ * This class instance helps track the memory changes facilitating
3727
+ * decisions to read from and write to the persistent cache
3728
+ */ class TokenCacheContext {
3729
+ constructor(tokenCache, hasChanged) {
3730
+ this.cache = tokenCache;
3731
+ this.hasChanged = hasChanged;
3907
3732
  }
3908
- try {
3909
- // Split the state between library state and user passed state and decode them separately
3910
- const splitState = state.split(RESOURCE_DELIM);
3911
- const libraryState = splitState[0];
3912
- const userState = splitState.length > 1
3913
- ? splitState.slice(1).join(RESOURCE_DELIM)
3914
- : "";
3915
- const libraryStateString = base64Decode(libraryState);
3916
- const libraryStateObj = JSON.parse(libraryStateString);
3917
- return {
3918
- userRequestState: userState || "",
3919
- libraryState: libraryStateObj,
3920
- };
3733
+ /**
3734
+ * boolean which indicates the changes in cache
3735
+ */
3736
+ get cacheHasChanged() {
3737
+ return this.hasChanged;
3921
3738
  }
3922
- catch (e) {
3923
- throw createClientAuthError(invalidState);
3739
+ /**
3740
+ * function to retrieve the token cache
3741
+ */
3742
+ get tokenCache() {
3743
+ return this.cache;
3924
3744
  }
3925
3745
  }
3926
3746
 
3927
- /*! @azure/msal-common v16.4.0 2026-03-27 */
3747
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3928
3748
  /*
3929
3749
  * Copyright (c) Microsoft Corporation. All rights reserved.
3930
3750
  * Licensed under the MIT License.
@@ -3989,21 +3809,280 @@
3989
3809
  return cachedAtSec > nowSeconds();
3990
3810
  }
3991
3811
 
3992
- /*! @azure/msal-common v16.4.0 2026-03-27 */
3812
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3813
+
3993
3814
  /*
3994
3815
  * Copyright (c) Microsoft Corporation. All rights reserved.
3995
3816
  * Licensed under the MIT License.
3996
3817
  */
3997
3818
  /**
3998
- * Time spent sending/waiting for the response of a request to the token endpoint
3999
- */
4000
- const NetworkClientSendPostRequestAsync = "networkClientSendPostRequestAsync";
4001
- const RefreshTokenClientExecutePostToTokenEndpoint = "refreshTokenClientExecutePostToTokenEndpoint";
4002
- const AuthorizationCodeClientExecutePostToTokenEndpoint = "authorizationCodeClientExecutePostToTokenEndpoint";
4003
- /**
4004
- * Time spent on the network for refresh token acquisition
3819
+ * Create IdTokenEntity
3820
+ * @param homeAccountId
3821
+ * @param authenticationResult
3822
+ * @param clientId
3823
+ * @param authority
4005
3824
  */
4006
- const RefreshTokenClientExecuteTokenRequest = "refreshTokenClientExecuteTokenRequest";
3825
+ function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
3826
+ const idTokenEntity = {
3827
+ credentialType: CredentialType.ID_TOKEN,
3828
+ homeAccountId: homeAccountId,
3829
+ environment: environment,
3830
+ clientId: clientId,
3831
+ secret: idToken,
3832
+ realm: tenantId,
3833
+ lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
3834
+ };
3835
+ return idTokenEntity;
3836
+ }
3837
+ /**
3838
+ * Create AccessTokenEntity
3839
+ * @param homeAccountId
3840
+ * @param environment
3841
+ * @param accessToken
3842
+ * @param clientId
3843
+ * @param tenantId
3844
+ * @param scopes
3845
+ * @param expiresOn
3846
+ * @param extExpiresOn
3847
+ */
3848
+ function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId) {
3849
+ const atEntity = {
3850
+ homeAccountId: homeAccountId,
3851
+ credentialType: CredentialType.ACCESS_TOKEN,
3852
+ secret: accessToken,
3853
+ cachedAt: nowSeconds().toString(),
3854
+ expiresOn: expiresOn.toString(),
3855
+ extendedExpiresOn: extExpiresOn.toString(),
3856
+ environment: environment,
3857
+ clientId: clientId,
3858
+ realm: tenantId,
3859
+ target: scopes,
3860
+ tokenType: tokenType || AuthenticationScheme$1.BEARER,
3861
+ lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
3862
+ };
3863
+ if (userAssertionHash) {
3864
+ atEntity.userAssertionHash = userAssertionHash;
3865
+ }
3866
+ if (refreshOn) {
3867
+ atEntity.refreshOn = refreshOn.toString();
3868
+ }
3869
+ /*
3870
+ * Create Access Token With Auth Scheme instead of regular access token
3871
+ * Cast to lower to handle "bearer" from ADFS
3872
+ */
3873
+ if (atEntity.tokenType?.toLowerCase() !==
3874
+ AuthenticationScheme$1.BEARER.toLowerCase()) {
3875
+ atEntity.credentialType =
3876
+ CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
3877
+ switch (atEntity.tokenType) {
3878
+ case AuthenticationScheme$1.POP:
3879
+ // Make sure keyId is present and add it to credential
3880
+ const tokenClaims = extractTokenClaims(accessToken, base64Decode);
3881
+ if (!tokenClaims?.cnf?.kid) {
3882
+ throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
3883
+ }
3884
+ atEntity.keyId = tokenClaims.cnf.kid;
3885
+ break;
3886
+ case AuthenticationScheme$1.SSH:
3887
+ atEntity.keyId = keyId;
3888
+ }
3889
+ }
3890
+ return atEntity;
3891
+ }
3892
+ /**
3893
+ * Create RefreshTokenEntity
3894
+ * @param homeAccountId
3895
+ * @param authenticationResult
3896
+ * @param clientId
3897
+ * @param authority
3898
+ */
3899
+ function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
3900
+ const rtEntity = {
3901
+ credentialType: CredentialType.REFRESH_TOKEN,
3902
+ homeAccountId: homeAccountId,
3903
+ environment: environment,
3904
+ clientId: clientId,
3905
+ secret: refreshToken,
3906
+ lastUpdatedAt: Date.now().toString(),
3907
+ };
3908
+ if (userAssertionHash) {
3909
+ rtEntity.userAssertionHash = userAssertionHash;
3910
+ }
3911
+ if (familyId) {
3912
+ rtEntity.familyId = familyId;
3913
+ }
3914
+ if (expiresOn) {
3915
+ rtEntity.expiresOn = expiresOn.toString();
3916
+ }
3917
+ return rtEntity;
3918
+ }
3919
+ function isCredentialEntity(entity) {
3920
+ return (entity.hasOwnProperty("homeAccountId") &&
3921
+ entity.hasOwnProperty("environment") &&
3922
+ entity.hasOwnProperty("credentialType") &&
3923
+ entity.hasOwnProperty("clientId") &&
3924
+ entity.hasOwnProperty("secret"));
3925
+ }
3926
+ /**
3927
+ * Validates an entity: checks for all expected params
3928
+ * @param entity
3929
+ */
3930
+ function isAccessTokenEntity(entity) {
3931
+ if (!entity) {
3932
+ return false;
3933
+ }
3934
+ return (isCredentialEntity(entity) &&
3935
+ entity.hasOwnProperty("realm") &&
3936
+ entity.hasOwnProperty("target") &&
3937
+ (entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
3938
+ entity["credentialType"] ===
3939
+ CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
3940
+ }
3941
+ /**
3942
+ * Validates an entity: checks for all expected params
3943
+ * @param entity
3944
+ */
3945
+ function isIdTokenEntity(entity) {
3946
+ if (!entity) {
3947
+ return false;
3948
+ }
3949
+ return (isCredentialEntity(entity) &&
3950
+ entity.hasOwnProperty("realm") &&
3951
+ entity["credentialType"] === CredentialType.ID_TOKEN);
3952
+ }
3953
+ /**
3954
+ * Validates an entity: checks for all expected params
3955
+ * @param entity
3956
+ */
3957
+ function isRefreshTokenEntity(entity) {
3958
+ if (!entity) {
3959
+ return false;
3960
+ }
3961
+ return (isCredentialEntity(entity) &&
3962
+ entity["credentialType"] === CredentialType.REFRESH_TOKEN);
3963
+ }
3964
+ /**
3965
+ * validates if a given cache entry is "Telemetry", parses <key,value>
3966
+ * @param key
3967
+ * @param entity
3968
+ */
3969
+ function isServerTelemetryEntity(key, entity) {
3970
+ const validateKey = key.indexOf(SERVER_TELEM_CACHE_KEY) === 0;
3971
+ let validateEntity = true;
3972
+ if (entity) {
3973
+ validateEntity =
3974
+ entity.hasOwnProperty("failedRequests") &&
3975
+ entity.hasOwnProperty("errors") &&
3976
+ entity.hasOwnProperty("cacheHits");
3977
+ }
3978
+ return validateKey && validateEntity;
3979
+ }
3980
+ /**
3981
+ * validates if a given cache entry is "Throttling", parses <key,value>
3982
+ * @param key
3983
+ * @param entity
3984
+ */
3985
+ function isThrottlingEntity(key, entity) {
3986
+ let validateKey = false;
3987
+ if (key) {
3988
+ validateKey = key.indexOf(THROTTLING_PREFIX) === 0;
3989
+ }
3990
+ let validateEntity = true;
3991
+ if (entity) {
3992
+ validateEntity = entity.hasOwnProperty("throttleTime");
3993
+ }
3994
+ return validateKey && validateEntity;
3995
+ }
3996
+ /**
3997
+ * Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
3998
+ */
3999
+ function generateAppMetadataKey({ environment, clientId, }) {
4000
+ const appMetaDataKeyArray = [
4001
+ APP_METADATA,
4002
+ environment,
4003
+ clientId,
4004
+ ];
4005
+ return appMetaDataKeyArray
4006
+ .join(CACHE_KEY_SEPARATOR$1)
4007
+ .toLowerCase();
4008
+ }
4009
+ /*
4010
+ * Validates an entity: checks for all expected params
4011
+ * @param entity
4012
+ */
4013
+ function isAppMetadataEntity(key, entity) {
4014
+ if (!entity) {
4015
+ return false;
4016
+ }
4017
+ return (key.indexOf(APP_METADATA) === 0 &&
4018
+ entity.hasOwnProperty("clientId") &&
4019
+ entity.hasOwnProperty("environment"));
4020
+ }
4021
+ /**
4022
+ * Validates an entity: checks for all expected params
4023
+ * @param entity
4024
+ */
4025
+ function isAuthorityMetadataEntity(key, entity) {
4026
+ if (!entity) {
4027
+ return false;
4028
+ }
4029
+ return (key.indexOf(AUTHORITY_METADATA_CACHE_KEY) === 0 &&
4030
+ entity.hasOwnProperty("aliases") &&
4031
+ entity.hasOwnProperty("preferred_cache") &&
4032
+ entity.hasOwnProperty("preferred_network") &&
4033
+ entity.hasOwnProperty("canonical_authority") &&
4034
+ entity.hasOwnProperty("authorization_endpoint") &&
4035
+ entity.hasOwnProperty("token_endpoint") &&
4036
+ entity.hasOwnProperty("issuer") &&
4037
+ entity.hasOwnProperty("aliasesFromNetwork") &&
4038
+ entity.hasOwnProperty("endpointsFromNetwork") &&
4039
+ entity.hasOwnProperty("expiresAt") &&
4040
+ entity.hasOwnProperty("jwks_uri"));
4041
+ }
4042
+ /**
4043
+ * Reset the exiresAt value
4044
+ */
4045
+ function generateAuthorityMetadataExpiresAt() {
4046
+ return (nowSeconds() +
4047
+ AUTHORITY_METADATA_REFRESH_TIME_SECONDS);
4048
+ }
4049
+ function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
4050
+ authorityMetadata.authorization_endpoint =
4051
+ updatedValues.authorization_endpoint;
4052
+ authorityMetadata.token_endpoint = updatedValues.token_endpoint;
4053
+ authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
4054
+ authorityMetadata.issuer = updatedValues.issuer;
4055
+ authorityMetadata.endpointsFromNetwork = fromNetwork;
4056
+ authorityMetadata.jwks_uri = updatedValues.jwks_uri;
4057
+ }
4058
+ function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
4059
+ authorityMetadata.aliases = updatedValues.aliases;
4060
+ authorityMetadata.preferred_cache = updatedValues.preferred_cache;
4061
+ authorityMetadata.preferred_network = updatedValues.preferred_network;
4062
+ authorityMetadata.aliasesFromNetwork = fromNetwork;
4063
+ }
4064
+ /**
4065
+ * Returns whether or not the data needs to be refreshed
4066
+ */
4067
+ function isAuthorityMetadataExpired(metadata) {
4068
+ return metadata.expiresAt <= nowSeconds();
4069
+ }
4070
+
4071
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4072
+ /*
4073
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4074
+ * Licensed under the MIT License.
4075
+ */
4076
+ /**
4077
+ * Time spent sending/waiting for the response of a request to the token endpoint
4078
+ */
4079
+ const NetworkClientSendPostRequestAsync = "networkClientSendPostRequestAsync";
4080
+ const RefreshTokenClientExecutePostToTokenEndpoint = "refreshTokenClientExecutePostToTokenEndpoint";
4081
+ const AuthorizationCodeClientExecutePostToTokenEndpoint = "authorizationCodeClientExecutePostToTokenEndpoint";
4082
+ /**
4083
+ * Time spent on the network for refresh token acquisition
4084
+ */
4085
+ const RefreshTokenClientExecuteTokenRequest = "refreshTokenClientExecuteTokenRequest";
4007
4086
  /**
4008
4087
  * Time taken for acquiring refresh token , records RT size
4009
4088
  */
@@ -4060,7 +4139,7 @@
4060
4139
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4061
4140
  const SetUserData = "setUserData";
4062
4141
 
4063
- /*! @azure/msal-common v16.4.0 2026-03-27 */
4142
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4064
4143
  /*
4065
4144
  * Copyright (c) Microsoft Corporation. All rights reserved.
4066
4145
  * Licensed under the MIT License.
@@ -4153,7 +4232,7 @@
4153
4232
  };
4154
4233
  };
4155
4234
 
4156
- /*! @azure/msal-common v16.4.0 2026-03-27 */
4235
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4157
4236
 
4158
4237
  /*
4159
4238
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4233,293 +4312,226 @@
4233
4312
  }
4234
4313
  }
4235
4314
 
4236
- /*! @azure/msal-common v16.4.0 2026-03-27 */
4315
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4237
4316
  /*
4238
4317
  * Copyright (c) Microsoft Corporation. All rights reserved.
4239
4318
  * Licensed under the MIT License.
4240
4319
  */
4241
4320
  /**
4242
- * This class instance helps track the memory changes facilitating
4243
- * decisions to read from and write to the persistent cache
4244
- */ class TokenCacheContext {
4245
- constructor(tokenCache, hasChanged) {
4246
- this.cache = tokenCache;
4247
- this.hasChanged = hasChanged;
4248
- }
4249
- /**
4250
- * boolean which indicates the changes in cache
4251
- */
4252
- get cacheHasChanged() {
4253
- return this.hasChanged;
4254
- }
4255
- /**
4256
- * function to retrieve the token cache
4257
- */
4258
- get tokenCache() {
4259
- return this.cache;
4260
- }
4261
- }
4262
-
4263
- /*! @azure/msal-common v16.4.0 2026-03-27 */
4264
-
4265
- /*
4266
- * Copyright (c) Microsoft Corporation. All rights reserved.
4267
- * Licensed under the MIT License.
4321
+ * MSAL-defined interaction required error code indicating no tokens are found in cache.
4322
+ * @public
4268
4323
  */
4324
+ const noTokensFound = "no_tokens_found";
4269
4325
  /**
4270
- * Create IdTokenEntity
4271
- * @param homeAccountId
4272
- * @param authenticationResult
4273
- * @param clientId
4274
- * @param authority
4326
+ * MSAL-defined error code indicating a native account is unavailable on the platform.
4327
+ * @public
4275
4328
  */
4276
- function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
4277
- const idTokenEntity = {
4278
- credentialType: CredentialType.ID_TOKEN,
4279
- homeAccountId: homeAccountId,
4280
- environment: environment,
4281
- clientId: clientId,
4282
- secret: idToken,
4283
- realm: tenantId,
4284
- lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
4285
- };
4286
- return idTokenEntity;
4287
- }
4329
+ const nativeAccountUnavailable = "native_account_unavailable";
4288
4330
  /**
4289
- * Create AccessTokenEntity
4290
- * @param homeAccountId
4291
- * @param environment
4292
- * @param accessToken
4293
- * @param clientId
4294
- * @param tenantId
4295
- * @param scopes
4296
- * @param expiresOn
4297
- * @param extExpiresOn
4331
+ * MSAL-defined error code indicating the refresh token has expired and user interaction is needed.
4332
+ * @public
4298
4333
  */
4299
- function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId) {
4300
- const atEntity = {
4301
- homeAccountId: homeAccountId,
4302
- credentialType: CredentialType.ACCESS_TOKEN,
4303
- secret: accessToken,
4304
- cachedAt: nowSeconds().toString(),
4305
- expiresOn: expiresOn.toString(),
4306
- extendedExpiresOn: extExpiresOn.toString(),
4307
- environment: environment,
4308
- clientId: clientId,
4309
- realm: tenantId,
4310
- target: scopes,
4311
- tokenType: tokenType || AuthenticationScheme$1.BEARER,
4312
- lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
4313
- };
4314
- if (userAssertionHash) {
4315
- atEntity.userAssertionHash = userAssertionHash;
4316
- }
4317
- if (refreshOn) {
4318
- atEntity.refreshOn = refreshOn.toString();
4319
- }
4320
- /*
4321
- * Create Access Token With Auth Scheme instead of regular access token
4322
- * Cast to lower to handle "bearer" from ADFS
4323
- */
4324
- if (atEntity.tokenType?.toLowerCase() !==
4325
- AuthenticationScheme$1.BEARER.toLowerCase()) {
4326
- atEntity.credentialType =
4327
- CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
4328
- switch (atEntity.tokenType) {
4329
- case AuthenticationScheme$1.POP:
4330
- // Make sure keyId is present and add it to credential
4331
- const tokenClaims = extractTokenClaims(accessToken, base64Decode);
4332
- if (!tokenClaims?.cnf?.kid) {
4333
- throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
4334
- }
4335
- atEntity.keyId = tokenClaims.cnf.kid;
4336
- break;
4337
- case AuthenticationScheme$1.SSH:
4338
- atEntity.keyId = keyId;
4339
- }
4340
- }
4341
- return atEntity;
4342
- }
4334
+ const refreshTokenExpired = "refresh_token_expired";
4343
4335
  /**
4344
- * Create RefreshTokenEntity
4345
- * @param homeAccountId
4346
- * @param authenticationResult
4347
- * @param clientId
4348
- * @param authority
4336
+ * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
4337
+ * @public
4349
4338
  */
4350
- function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
4351
- const rtEntity = {
4352
- credentialType: CredentialType.REFRESH_TOKEN,
4353
- homeAccountId: homeAccountId,
4354
- environment: environment,
4355
- clientId: clientId,
4356
- secret: refreshToken,
4357
- lastUpdatedAt: Date.now().toString(),
4358
- };
4359
- if (userAssertionHash) {
4360
- rtEntity.userAssertionHash = userAssertionHash;
4361
- }
4362
- if (familyId) {
4363
- rtEntity.familyId = familyId;
4364
- }
4365
- if (expiresOn) {
4366
- rtEntity.expiresOn = expiresOn.toString();
4367
- }
4368
- return rtEntity;
4369
- }
4370
- function isCredentialEntity(entity) {
4371
- return (entity.hasOwnProperty("homeAccountId") &&
4372
- entity.hasOwnProperty("environment") &&
4373
- entity.hasOwnProperty("credentialType") &&
4374
- entity.hasOwnProperty("clientId") &&
4375
- entity.hasOwnProperty("secret"));
4376
- }
4339
+ const uxNotAllowed = "ux_not_allowed";
4377
4340
  /**
4378
- * Validates an entity: checks for all expected params
4379
- * @param entity
4341
+ * Server-originated error code indicating interaction is required to complete the request.
4342
+ * @public
4380
4343
  */
4381
- function isAccessTokenEntity(entity) {
4382
- if (!entity) {
4383
- return false;
4384
- }
4385
- return (isCredentialEntity(entity) &&
4386
- entity.hasOwnProperty("realm") &&
4387
- entity.hasOwnProperty("target") &&
4388
- (entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
4389
- entity["credentialType"] ===
4390
- CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
4391
- }
4344
+ const interactionRequired = "interaction_required";
4392
4345
  /**
4393
- * Validates an entity: checks for all expected params
4394
- * @param entity
4346
+ * Server-originated error code indicating user consent is required.
4347
+ * @public
4395
4348
  */
4396
- function isIdTokenEntity(entity) {
4397
- if (!entity) {
4398
- return false;
4399
- }
4400
- return (isCredentialEntity(entity) &&
4401
- entity.hasOwnProperty("realm") &&
4402
- entity["credentialType"] === CredentialType.ID_TOKEN);
4403
- }
4349
+ const consentRequired = "consent_required";
4404
4350
  /**
4405
- * Validates an entity: checks for all expected params
4406
- * @param entity
4351
+ * Server-originated error code indicating user login is required.
4352
+ * @public
4407
4353
  */
4408
- function isRefreshTokenEntity(entity) {
4409
- if (!entity) {
4410
- return false;
4411
- }
4412
- return (isCredentialEntity(entity) &&
4413
- entity["credentialType"] === CredentialType.REFRESH_TOKEN);
4414
- }
4354
+ const loginRequired = "login_required";
4415
4355
  /**
4416
- * validates if a given cache entry is "Telemetry", parses <key,value>
4417
- * @param key
4418
- * @param entity
4356
+ * Server-originated error code indicating the token is invalid or corrupted.
4357
+ * @public
4419
4358
  */
4420
- function isServerTelemetryEntity(key, entity) {
4421
- const validateKey = key.indexOf(SERVER_TELEM_CACHE_KEY) === 0;
4422
- let validateEntity = true;
4423
- if (entity) {
4424
- validateEntity =
4425
- entity.hasOwnProperty("failedRequests") &&
4426
- entity.hasOwnProperty("errors") &&
4427
- entity.hasOwnProperty("cacheHits");
4428
- }
4429
- return validateKey && validateEntity;
4430
- }
4359
+ const badToken = "bad_token";
4431
4360
  /**
4432
- * validates if a given cache entry is "Throttling", parses <key,value>
4433
- * @param key
4434
- * @param entity
4361
+ * Server-originated error code indicating the user is in an interrupted state and interaction is required.
4362
+ * @public
4435
4363
  */
4436
- function isThrottlingEntity(key, entity) {
4437
- let validateKey = false;
4438
- if (key) {
4439
- validateKey = key.indexOf(THROTTLING_PREFIX) === 0;
4440
- }
4441
- let validateEntity = true;
4442
- if (entity) {
4443
- validateEntity = entity.hasOwnProperty("throttleTime");
4364
+ const interruptedUser = "interrupted_user";
4365
+
4366
+ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
4367
+ __proto__: null,
4368
+ badToken: badToken,
4369
+ consentRequired: consentRequired,
4370
+ interactionRequired: interactionRequired,
4371
+ interruptedUser: interruptedUser,
4372
+ loginRequired: loginRequired,
4373
+ nativeAccountUnavailable: nativeAccountUnavailable,
4374
+ noTokensFound: noTokensFound,
4375
+ refreshTokenExpired: refreshTokenExpired,
4376
+ uxNotAllowed: uxNotAllowed
4377
+ });
4378
+
4379
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4380
+
4381
+ /*
4382
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4383
+ * Licensed under the MIT License.
4384
+ */
4385
+ /**
4386
+ * InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required
4387
+ */
4388
+ const InteractionRequiredServerErrorMessage = [
4389
+ interactionRequired,
4390
+ consentRequired,
4391
+ loginRequired,
4392
+ badToken,
4393
+ uxNotAllowed,
4394
+ interruptedUser,
4395
+ ];
4396
+ const InteractionRequiredAuthSubErrorMessage = [
4397
+ "message_only",
4398
+ "additional_action",
4399
+ "basic_action",
4400
+ "user_password_expired",
4401
+ "consent_required",
4402
+ "bad_token",
4403
+ "ux_not_allowed",
4404
+ "interrupted_user",
4405
+ ];
4406
+ /**
4407
+ * Error thrown when user interaction is required.
4408
+ */
4409
+ class InteractionRequiredAuthError extends AuthError {
4410
+ constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
4411
+ super(errorCode, errorMessage, subError);
4412
+ Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
4413
+ this.timestamp = timestamp || "";
4414
+ this.traceId = traceId || "";
4415
+ this.correlationId = correlationId || "";
4416
+ this.claims = claims || "";
4417
+ this.name = "InteractionRequiredAuthError";
4418
+ this.errorNo = errorNo;
4444
4419
  }
4445
- return validateKey && validateEntity;
4446
4420
  }
4447
4421
  /**
4448
- * Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
4422
+ * Helper function used to determine if an error thrown by the server requires interaction to resolve
4423
+ * @param errorCode
4424
+ * @param errorString
4425
+ * @param subError
4449
4426
  */
4450
- function generateAppMetadataKey({ environment, clientId, }) {
4451
- const appMetaDataKeyArray = [
4452
- APP_METADATA,
4453
- environment,
4454
- clientId,
4455
- ];
4456
- return appMetaDataKeyArray
4457
- .join(CACHE_KEY_SEPARATOR$1)
4458
- .toLowerCase();
4427
+ function isInteractionRequiredError(errorCode, errorString, subError) {
4428
+ const isInteractionRequiredErrorCode = !!errorCode &&
4429
+ InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;
4430
+ const isInteractionRequiredSubError = !!subError &&
4431
+ InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;
4432
+ const isInteractionRequiredErrorDesc = !!errorString &&
4433
+ InteractionRequiredServerErrorMessage.some((irErrorCode) => {
4434
+ return errorString.indexOf(irErrorCode) > -1;
4435
+ });
4436
+ return (isInteractionRequiredErrorCode ||
4437
+ isInteractionRequiredErrorDesc ||
4438
+ isInteractionRequiredSubError);
4459
4439
  }
4440
+ /**
4441
+ * Creates an InteractionRequiredAuthError
4442
+ */
4443
+ function createInteractionRequiredAuthError(errorCode, errorMessage) {
4444
+ return new InteractionRequiredAuthError(errorCode, errorMessage);
4445
+ }
4446
+
4447
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4448
+
4460
4449
  /*
4461
- * Validates an entity: checks for all expected params
4462
- * @param entity
4450
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4451
+ * Licensed under the MIT License.
4463
4452
  */
4464
- function isAppMetadataEntity(key, entity) {
4465
- if (!entity) {
4466
- return false;
4467
- }
4468
- return (key.indexOf(APP_METADATA) === 0 &&
4469
- entity.hasOwnProperty("clientId") &&
4470
- entity.hasOwnProperty("environment"));
4471
- }
4472
4453
  /**
4473
- * Validates an entity: checks for all expected params
4474
- * @param entity
4454
+ * Error thrown when there is an error with the server code, for example, unavailability.
4475
4455
  */
4476
- function isAuthorityMetadataEntity(key, entity) {
4477
- if (!entity) {
4478
- return false;
4456
+ class ServerError extends AuthError {
4457
+ constructor(errorCode, errorMessage, subError, errorNo, status) {
4458
+ super(errorCode, errorMessage, subError);
4459
+ this.name = "ServerError";
4460
+ this.errorNo = errorNo;
4461
+ this.status = status;
4462
+ Object.setPrototypeOf(this, ServerError.prototype);
4479
4463
  }
4480
- return (key.indexOf(AUTHORITY_METADATA_CACHE_KEY) === 0 &&
4481
- entity.hasOwnProperty("aliases") &&
4482
- entity.hasOwnProperty("preferred_cache") &&
4483
- entity.hasOwnProperty("preferred_network") &&
4484
- entity.hasOwnProperty("canonical_authority") &&
4485
- entity.hasOwnProperty("authorization_endpoint") &&
4486
- entity.hasOwnProperty("token_endpoint") &&
4487
- entity.hasOwnProperty("issuer") &&
4488
- entity.hasOwnProperty("aliasesFromNetwork") &&
4489
- entity.hasOwnProperty("endpointsFromNetwork") &&
4490
- entity.hasOwnProperty("expiresAt") &&
4491
- entity.hasOwnProperty("jwks_uri"));
4492
- }
4464
+ }
4465
+
4466
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4467
+
4468
+ /*
4469
+ * Copyright (c) Microsoft Corporation. All rights reserved.
4470
+ * Licensed under the MIT License.
4471
+ */
4493
4472
  /**
4494
- * Reset the exiresAt value
4473
+ * Appends user state with random guid, or returns random guid.
4474
+ * @param cryptoObj
4475
+ * @param userState
4476
+ * @param meta
4495
4477
  */
4496
- function generateAuthorityMetadataExpiresAt() {
4497
- return (nowSeconds() +
4498
- AUTHORITY_METADATA_REFRESH_TIME_SECONDS);
4499
- }
4500
- function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
4501
- authorityMetadata.authorization_endpoint =
4502
- updatedValues.authorization_endpoint;
4503
- authorityMetadata.token_endpoint = updatedValues.token_endpoint;
4504
- authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
4505
- authorityMetadata.issuer = updatedValues.issuer;
4506
- authorityMetadata.endpointsFromNetwork = fromNetwork;
4507
- authorityMetadata.jwks_uri = updatedValues.jwks_uri;
4478
+ function setRequestState(cryptoObj, userState, meta) {
4479
+ const libraryState = generateLibraryState(cryptoObj, meta);
4480
+ return userState
4481
+ ? `${libraryState}${RESOURCE_DELIM}${userState}`
4482
+ : libraryState;
4508
4483
  }
4509
- function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
4510
- authorityMetadata.aliases = updatedValues.aliases;
4511
- authorityMetadata.preferred_cache = updatedValues.preferred_cache;
4512
- authorityMetadata.preferred_network = updatedValues.preferred_network;
4513
- authorityMetadata.aliasesFromNetwork = fromNetwork;
4484
+ /**
4485
+ * Generates the state value used by the common library.
4486
+ * @param cryptoObj
4487
+ * @param meta
4488
+ */
4489
+ function generateLibraryState(cryptoObj, meta) {
4490
+ if (!cryptoObj) {
4491
+ throw createClientAuthError(noCryptoObject);
4492
+ }
4493
+ // Create a state object containing a unique id and the timestamp of the request creation
4494
+ const stateObj = {
4495
+ id: cryptoObj.createNewGuid(),
4496
+ };
4497
+ if (meta) {
4498
+ stateObj.meta = meta;
4499
+ }
4500
+ const stateString = JSON.stringify(stateObj);
4501
+ return cryptoObj.base64Encode(stateString);
4514
4502
  }
4515
4503
  /**
4516
- * Returns whether or not the data needs to be refreshed
4504
+ * Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.
4505
+ * @param base64Decode
4506
+ * @param state
4517
4507
  */
4518
- function isAuthorityMetadataExpired(metadata) {
4519
- return metadata.expiresAt <= nowSeconds();
4508
+ function parseRequestState(base64Decode, state) {
4509
+ if (!base64Decode) {
4510
+ throw createClientAuthError(noCryptoObject);
4511
+ }
4512
+ if (!state) {
4513
+ throw createClientAuthError(invalidState);
4514
+ }
4515
+ try {
4516
+ // Split the state between library state and user passed state and decode them separately
4517
+ const splitState = state.split(RESOURCE_DELIM);
4518
+ const libraryState = splitState[0];
4519
+ const userState = splitState.length > 1
4520
+ ? splitState.slice(1).join(RESOURCE_DELIM)
4521
+ : "";
4522
+ const libraryStateString = base64Decode(libraryState);
4523
+ const libraryStateObj = JSON.parse(libraryStateString);
4524
+ return {
4525
+ userRequestState: userState || "",
4526
+ libraryState: libraryStateObj,
4527
+ };
4528
+ }
4529
+ catch (e) {
4530
+ throw createClientAuthError(invalidState);
4531
+ }
4520
4532
  }
4521
4533
 
4522
- /*! @azure/msal-common v16.4.0 2026-03-27 */
4534
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4523
4535
 
4524
4536
  /*
4525
4537
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4675,7 +4687,7 @@
4675
4687
  if (serverTokenResponse.id_token && !!idTokenClaims) {
4676
4688
  cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || "");
4677
4689
  cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, request.correlationId, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
4678
- this.logger);
4690
+ this.logger, this.performanceClient);
4679
4691
  }
4680
4692
  // AccessToken
4681
4693
  let cachedAccessToken = null;
@@ -4826,17 +4838,24 @@
4826
4838
  };
4827
4839
  }
4828
4840
  }
4829
- function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
4841
+ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger, performanceClient) {
4830
4842
  logger?.verbose("09jz0t", correlationId);
4831
- // Check if base account is already cached
4832
- const accountKeys = cacheStorage.getAccountKeys();
4833
- const baseAccountKey = accountKeys.find((accountKey) => {
4834
- return accountKey.startsWith(homeAccountId);
4835
- });
4836
- let cachedAccount = null;
4837
- if (baseAccountKey) {
4838
- cachedAccount = cacheStorage.getAccount(baseAccountKey, correlationId);
4843
+ /*
4844
+ * Check if base account is already cached. Filter by homeAccountId (identifies
4845
+ * the user's home identity) and environment (identifies the cloud) the two
4846
+ * tenant-agnostic properties that uniquely locate a base AccountEntity.
4847
+ */
4848
+ const accountEnvironment = environment || authority.getPreferredCache();
4849
+ const matchedAccounts = cacheStorage.getAccountsFilteredBy({ homeAccountId, environment: accountEnvironment }, correlationId);
4850
+ performanceClient?.addFields({ cacheMatchedAccounts: matchedAccounts.length }, correlationId);
4851
+ if (matchedAccounts.length > 1) {
4852
+ /*
4853
+ * Base accounts are expected to be unique for a given homeAccountId in normal cache usage.
4854
+ * If multiple matches exist, ignore the cache hit rather than arbitrarily choosing one.
4855
+ */
4856
+ logger?.warning("0x7ad1", correlationId);
4839
4857
  }
4858
+ const cachedAccount = matchedAccounts.length === 1 ? matchedAccounts[0] : null;
4840
4859
  const baseAccount = cachedAccount ||
4841
4860
  createAccountEntity({
4842
4861
  homeAccountId,
@@ -4860,7 +4879,7 @@
4860
4879
  return baseAccount;
4861
4880
  }
4862
4881
 
4863
- /*! @azure/msal-common v16.4.0 2026-03-27 */
4882
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4864
4883
  /*
4865
4884
  * Copyright (c) Microsoft Corporation. All rights reserved.
4866
4885
  * Licensed under the MIT License.
@@ -4870,7 +4889,7 @@
4870
4889
  UPN: "UPN",
4871
4890
  };
4872
4891
 
4873
- /*! @azure/msal-common v16.4.0 2026-03-27 */
4892
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4874
4893
  /*
4875
4894
  * Copyright (c) Microsoft Corporation. All rights reserved.
4876
4895
  * Licensed under the MIT License.
@@ -4888,7 +4907,7 @@
4888
4907
  }
4889
4908
  }
4890
4909
 
4891
- /*! @azure/msal-common v16.4.0 2026-03-27 */
4910
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4892
4911
  /*
4893
4912
  * Copyright (c) Microsoft Corporation. All rights reserved.
4894
4913
  * Licensed under the MIT License.
@@ -4909,7 +4928,7 @@
4909
4928
  };
4910
4929
  }
4911
4930
 
4912
- /*! @azure/msal-common v16.4.0 2026-03-27 */
4931
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4913
4932
 
4914
4933
  /*
4915
4934
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4995,7 +5014,7 @@
4995
5014
  }
4996
5015
  }
4997
5016
 
4998
- /*! @azure/msal-common v16.4.0 2026-03-27 */
5017
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4999
5018
 
5000
5019
  /*
5001
5020
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5026,7 +5045,7 @@
5026
5045
  return new NetworkError(error, httpStatus, responseHeaders);
5027
5046
  }
5028
5047
 
5029
- /*! @azure/msal-common v16.4.0 2026-03-27 */
5048
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5030
5049
 
5031
5050
  /*
5032
5051
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5140,7 +5159,7 @@
5140
5159
  return response;
5141
5160
  }
5142
5161
 
5143
- /*! @azure/msal-common v16.4.0 2026-03-27 */
5162
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5144
5163
  /*
5145
5164
  * Copyright (c) Microsoft Corporation. All rights reserved.
5146
5165
  * Licensed under the MIT License.
@@ -5152,7 +5171,7 @@
5152
5171
  response.hasOwnProperty("jwks_uri"));
5153
5172
  }
5154
5173
 
5155
- /*! @azure/msal-common v16.4.0 2026-03-27 */
5174
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5156
5175
  /*
5157
5176
  * Copyright (c) Microsoft Corporation. All rights reserved.
5158
5177
  * Licensed under the MIT License.
@@ -5162,7 +5181,7 @@
5162
5181
  response.hasOwnProperty("metadata"));
5163
5182
  }
5164
5183
 
5165
- /*! @azure/msal-common v16.4.0 2026-03-27 */
5184
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5166
5185
  /*
5167
5186
  * Copyright (c) Microsoft Corporation. All rights reserved.
5168
5187
  * Licensed under the MIT License.
@@ -5172,7 +5191,7 @@
5172
5191
  response.hasOwnProperty("error_description"));
5173
5192
  }
5174
5193
 
5175
- /*! @azure/msal-common v16.4.0 2026-03-27 */
5194
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5176
5195
 
5177
5196
  /*
5178
5197
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5277,7 +5296,7 @@
5277
5296
  },
5278
5297
  };
5279
5298
 
5280
- /*! @azure/msal-common v16.4.0 2026-03-27 */
5299
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5281
5300
 
5282
5301
  /*
5283
5302
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6097,7 +6116,7 @@
6097
6116
  };
6098
6117
  }
6099
6118
 
6100
- /*! @azure/msal-common v16.4.0 2026-03-27 */
6119
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6101
6120
 
6102
6121
  /*
6103
6122
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6131,7 +6150,7 @@
6131
6150
  }
6132
6151
  }
6133
6152
 
6134
- /*! @azure/msal-common v16.4.0 2026-03-27 */
6153
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6135
6154
 
6136
6155
  /*
6137
6156
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6296,11 +6315,6 @@
6296
6315
  throw createClientConfigurationError(missingSshJwk);
6297
6316
  }
6298
6317
  }
6299
- if (!StringUtils.isEmptyObj(request.claims) ||
6300
- (this.config.authOptions.clientCapabilities &&
6301
- this.config.authOptions.clientCapabilities.length > 0)) {
6302
- addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
6303
- }
6304
6318
  let ccsCred = undefined;
6305
6319
  if (request.clientInfo) {
6306
6320
  try {
@@ -6349,6 +6363,7 @@
6349
6363
  });
6350
6364
  }
6351
6365
  instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
6366
+ addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities, request.skipBrokerClaims);
6352
6367
  return mapToQueryString(parameters);
6353
6368
  }
6354
6369
  /**
@@ -6392,7 +6407,7 @@
6392
6407
  }
6393
6408
  }
6394
6409
 
6395
- /*! @azure/msal-common v16.4.0 2026-03-27 */
6410
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6396
6411
 
6397
6412
  /*
6398
6413
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6582,11 +6597,6 @@
6582
6597
  throw createClientConfigurationError(missingSshJwk);
6583
6598
  }
6584
6599
  }
6585
- if (!StringUtils.isEmptyObj(request.claims) ||
6586
- (this.config.authOptions.clientCapabilities &&
6587
- this.config.authOptions.clientCapabilities.length > 0)) {
6588
- addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
6589
- }
6590
6600
  if (this.config.systemOptions.preventCorsPreflight &&
6591
6601
  request.ccsCredential) {
6592
6602
  switch (request.ccsCredential.type) {
@@ -6613,11 +6623,12 @@
6613
6623
  });
6614
6624
  }
6615
6625
  instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
6626
+ addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities, request.skipBrokerClaims);
6616
6627
  return mapToQueryString(parameters);
6617
6628
  }
6618
6629
  }
6619
6630
 
6620
- /*! @azure/msal-common v16.4.0 2026-03-27 */
6631
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6621
6632
 
6622
6633
  /*
6623
6634
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6733,7 +6744,7 @@
6733
6744
  }
6734
6745
  }
6735
6746
 
6736
- /*! @azure/msal-common v16.4.0 2026-03-27 */
6747
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6737
6748
 
6738
6749
  /*
6739
6750
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6748,7 +6759,7 @@
6748
6759
  },
6749
6760
  };
6750
6761
 
6751
- /*! @azure/msal-common v16.4.0 2026-03-27 */
6762
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6752
6763
 
6753
6764
  /*
6754
6765
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6872,14 +6883,10 @@
6872
6883
  if (request.state) {
6873
6884
  addState(parameters, request.state);
6874
6885
  }
6875
- if (request.claims ||
6876
- (authOptions.clientCapabilities &&
6877
- authOptions.clientCapabilities.length > 0)) {
6878
- addClaims(parameters, request.claims, authOptions.clientCapabilities);
6879
- }
6880
6886
  if (request.embeddedClientId) {
6881
6887
  addBrokerParameters(parameters, authOptions.clientId, authOptions.redirectUri);
6882
6888
  }
6889
+ addClaims(parameters, request.claims, authOptions.clientCapabilities, request.skipBrokerClaims);
6883
6890
  // If extraQueryParameters includes instance_aware its value will be added when extraQueryParameters are added
6884
6891
  if (authOptions.instanceAware &&
6885
6892
  (!request.extraQueryParameters ||
@@ -6975,7 +6982,7 @@
6975
6982
  return account.loginHint || account.idTokenClaims?.login_hint || null;
6976
6983
  }
6977
6984
 
6978
- /*! @azure/msal-common v16.4.0 2026-03-27 */
6985
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6979
6986
 
6980
6987
  /*
6981
6988
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7008,7 +7015,7 @@
7008
7015
  return Object.prototype.hasOwnProperty.call(params, "resource");
7009
7016
  }
7010
7017
 
7011
- /*! @azure/msal-common v16.4.0 2026-03-27 */
7018
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7012
7019
 
7013
7020
  /*
7014
7021
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7066,7 +7073,7 @@
7066
7073
  }
7067
7074
  }
7068
7075
 
7069
- /*! @azure/msal-common v16.4.0 2026-03-27 */
7076
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7070
7077
  /*
7071
7078
  * Copyright (c) Microsoft Corporation. All rights reserved.
7072
7079
  * Licensed under the MIT License.
@@ -7083,7 +7090,7 @@
7083
7090
  unexpectedError: unexpectedError
7084
7091
  });
7085
7092
 
7086
- /*! @azure/msal-common v16.4.0 2026-03-27 */
7093
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7087
7094
 
7088
7095
  /*
7089
7096
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7344,7 +7351,7 @@
7344
7351
  }
7345
7352
  }
7346
7353
 
7347
- /*! @azure/msal-common v16.4.0 2026-03-27 */
7354
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7348
7355
 
7349
7356
  /*
7350
7357
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7365,7 +7372,7 @@
7365
7372
  return new JoseHeaderError(code);
7366
7373
  }
7367
7374
 
7368
- /*! @azure/msal-common v16.4.0 2026-03-27 */
7375
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7369
7376
  /*
7370
7377
  * Copyright (c) Microsoft Corporation. All rights reserved.
7371
7378
  * Licensed under the MIT License.
@@ -7373,7 +7380,7 @@
7373
7380
  const missingKidError = "missing_kid_error";
7374
7381
  const missingAlgError = "missing_alg_error";
7375
7382
 
7376
- /*! @azure/msal-common v16.4.0 2026-03-27 */
7383
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7377
7384
 
7378
7385
  /*
7379
7386
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7413,7 +7420,7 @@
7413
7420
  }
7414
7421
  }
7415
7422
 
7416
- /*! @azure/msal-common v16.4.0 2026-03-27 */
7423
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7417
7424
 
7418
7425
  /*
7419
7426
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7943,6 +7950,137 @@
7943
7950
  }
7944
7951
  }
7945
7952
 
7953
+ /*
7954
+ * Copyright (c) Microsoft Corporation. All rights reserved.
7955
+ * Licensed under the MIT License.
7956
+ */
7957
+ /**
7958
+ * acquireTokenFromCache (msal-browser).
7959
+ * Internal API for acquiring token from cache
7960
+ */
7961
+ const AcquireTokenFromCache = "acquireTokenFromCache";
7962
+ /**
7963
+ * acquireTokenByRefreshToken API (msal-browser and msal-node).
7964
+ * Used to renew an access token using a refresh token against the token endpoint.
7965
+ */
7966
+ const AcquireTokenByRefreshToken = "acquireTokenByRefreshToken";
7967
+ /**
7968
+ * acquireTokenSilentAsync (msal-browser).
7969
+ * Internal API for acquireTokenSilent.
7970
+ */
7971
+ const AcquireTokenSilentAsync = "acquireTokenSilentAsync";
7972
+ /**
7973
+ * getPublicKeyThumbprint API in CryptoOpts class (msal-browser).
7974
+ * Used to generate a public/private keypair and generate a public key thumbprint for pop requests.
7975
+ */
7976
+ const CryptoOptsGetPublicKeyThumbprint = "cryptoOptsGetPublicKeyThumbprint";
7977
+ /**
7978
+ * signJwt API in CryptoOpts class (msal-browser).
7979
+ * Used to signed a pop token.
7980
+ */
7981
+ const CryptoOptsSignJwt = "cryptoOptsSignJwt";
7982
+ /**
7983
+ * acquireToken API in the SilentCacheClient class (msal-browser).
7984
+ * Used to read access tokens from the cache.
7985
+ */
7986
+ const SilentCacheClientAcquireToken = "silentCacheClientAcquireToken";
7987
+ /**
7988
+ * acquireToken API in the SilentIframeClient class (msal-browser).
7989
+ * Used to acquire a new set of tokens from the authorize endpoint in a hidden iframe.
7990
+ */
7991
+ const SilentIframeClientAcquireToken = "silentIframeClientAcquireToken";
7992
+ const AwaitConcurrentIframe = "awaitConcurrentIframe"; // Time spent waiting for a concurrent iframe to complete
7993
+ /**
7994
+ * acquireToken API in SilentRereshClient (msal-browser).
7995
+ * Used to acquire a new set of tokens from the token endpoint using a refresh token.
7996
+ */
7997
+ const SilentRefreshClientAcquireToken = "silentRefreshClientAcquireToken";
7998
+ /**
7999
+ * getDiscoveredAuthority API in StandardInteractionClient class (msal-browser).
8000
+ * Used to load authority metadata for a request.
8001
+ */
8002
+ const StandardInteractionClientGetDiscoveredAuthority = "standardInteractionClientGetDiscoveredAuthority";
8003
+ /**
8004
+ * acquireToken API in NativeInteractionClient class (msal-browser).
8005
+ * Used to acquire a token from Native component when native brokering is enabled.
8006
+ */
8007
+ const NativeInteractionClientAcquireToken = "nativeInteractionClientAcquireToken";
8008
+ const NativeInteractionClientAcquireTokenRedirect = "nativeInteractionClientAcquireToken";
8009
+ /**
8010
+ * acquireTokenByRefreshToken API in RefreshTokenClient (msal-common).
8011
+ */
8012
+ const RefreshTokenClientAcquireTokenByRefreshToken = "refreshTokenClientAcquireTokenByRefreshToken";
8013
+ /**
8014
+ * acquireTokenBySilentIframe (msal-browser).
8015
+ * Internal API for acquiring token by silent Iframe
8016
+ */
8017
+ const AcquireTokenBySilentIframe = "acquireTokenBySilentIframe";
8018
+ /**
8019
+ * Internal API for initializing base request in BaseInteractionClient (msal-browser)
8020
+ */
8021
+ const InitializeBaseRequest = "initializeBaseRequest";
8022
+ /**
8023
+ * Internal API for initializing silent request in SilentCacheClient (msal-browser)
8024
+ */
8025
+ const InitializeSilentRequest = "initializeSilentRequest";
8026
+ const InitializeCache = "initializeCache";
8027
+ /**
8028
+ * Helper function in SilentIframeClient class (msal-browser).
8029
+ */
8030
+ const SilentIframeClientTokenHelper = "silentIframeClientTokenHelper";
8031
+ /**
8032
+ * SilentHandler
8033
+ */
8034
+ const SilentHandlerInitiateAuthRequest = "silentHandlerInitiateAuthRequest";
8035
+ const SilentHandlerMonitorIframeForHash = "silentHandlerMonitorIframeForHash";
8036
+ const SilentHandlerLoadFrameSync = "silentHandlerLoadFrameSync";
8037
+ /**
8038
+ * Helper functions in StandardInteractionClient class (msal-browser)
8039
+ */
8040
+ const StandardInteractionClientCreateAuthCodeClient = "standardInteractionClientCreateAuthCodeClient";
8041
+ const StandardInteractionClientGetClientConfiguration = "standardInteractionClientGetClientConfiguration";
8042
+ const StandardInteractionClientInitializeAuthorizationRequest = "standardInteractionClientInitializeAuthorizationRequest";
8043
+ const SilentFlowClientAcquireCachedToken = "silentFlowClientAcquireCachedToken";
8044
+ const GetStandardParams = "getStandardParams";
8045
+ const HandleCodeResponse = "handleCodeResponse";
8046
+ const HandleResponseEar = "handleResponseEar";
8047
+ const HandleResponsePlatformBroker = "handleResponsePlatformBroker";
8048
+ const HandleResponseCode = "handleResponseCode";
8049
+ const AuthClientAcquireToken = "authClientAcquireToken";
8050
+ const DeserializeResponse = "deserializeResponse";
8051
+ const AuthorityFactoryCreateDiscoveredInstance = "authorityFactoryCreateDiscoveredInstance";
8052
+ const AcquireTokenByCodeAsync = "acquireTokenByCodeAsync";
8053
+ const HandleRedirectPromiseMeasurement = "handleRedirectPromise";
8054
+ const HandleNativeRedirectPromiseMeasurement = "handleNativeRedirectPromise";
8055
+ const NativeMessageHandlerHandshake = "nativeMessageHandlerHandshake";
8056
+ const RemoveHiddenIframe = "removeHiddenIframe";
8057
+ const ImportExistingCache = "importExistingCache";
8058
+ /**
8059
+ * Crypto Operations
8060
+ */
8061
+ const GeneratePkceCodes = "generatePkceCodes";
8062
+ const GenerateCodeVerifier = "generateCodeVerifier";
8063
+ const GenerateCodeChallengeFromVerifier = "generateCodeChallengeFromVerifier";
8064
+ const Sha256Digest = "sha256Digest";
8065
+ const GetRandomValues = "getRandomValues";
8066
+ const GenerateHKDF = "generateHKDF";
8067
+ const GenerateBaseKey = "generateBaseKey";
8068
+ const Base64Decode = "base64Decode";
8069
+ const UrlEncodeArr = "urlEncodeArr";
8070
+ const Encrypt = "encrypt";
8071
+ const Decrypt = "decrypt";
8072
+ const GenerateEarKey = "generateEarKey";
8073
+ const DecryptEarResponse = "decryptEarResponse";
8074
+ const LoadAccount = "loadAccount";
8075
+ const LoadIdToken = "loadIdToken";
8076
+ const LoadAccessToken = "loadAccessToken";
8077
+ const LoadRefreshToken = "loadRefreshToken";
8078
+ /**
8079
+ * Background telemetry measurement that tracks whether a late bridge response
8080
+ * arrives after the iframe timeout has already fired.
8081
+ */
8082
+ const WaitForBridgeLateResponse$1 = "waitForBridgeLateResponse";
8083
+
7946
8084
  /*
7947
8085
  * Copyright (c) Microsoft Corporation. All rights reserved.
7948
8086
  * Licensed under the MIT License.
@@ -8849,20 +8987,35 @@
8849
8987
  activeBridgeMonitor = null;
8850
8988
  }
8851
8989
  }
8852
- async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient) {
8990
+ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient, experimentalConfig) {
8853
8991
  return new Promise((resolve, reject) => {
8854
8992
  logger.verbose("1rf6em", request.correlationId);
8855
8993
  const correlationId = request.correlationId;
8856
8994
  performanceClient.addFields({
8857
8995
  redirectBridgeTimeoutMs: timeoutMs,
8996
+ lateResponseExperimentEnabled: experimentalConfig?.iframeTimeoutTelemetry || false,
8858
8997
  }, correlationId);
8859
8998
  const { libraryState } = parseRequestState(browserCrypto.base64Decode, request.state || "");
8860
8999
  const channel = new BroadcastChannel(libraryState.id);
8861
9000
  let responseString = undefined;
9001
+ let timedOut$1 = false;
9002
+ let lateTimeoutId;
9003
+ let lateMeasurement;
8862
9004
  const timeoutId = window.setTimeout(() => {
8863
9005
  // Clear the active monitor
8864
9006
  activeBridgeMonitor = null;
8865
- channel.close();
9007
+ if (experimentalConfig?.iframeTimeoutTelemetry) {
9008
+ lateMeasurement = performanceClient.startMeasurement(WaitForBridgeLateResponse$1, correlationId);
9009
+ timedOut$1 = true;
9010
+ lateTimeoutId = window.setTimeout(() => {
9011
+ lateMeasurement?.end({ success: false });
9012
+ clearTimeout(lateTimeoutId);
9013
+ channel.close();
9014
+ }, 60000); // 60s late response timeout to allow for telemetry of late responses
9015
+ }
9016
+ else {
9017
+ channel.close();
9018
+ }
8866
9019
  reject(createBrowserAuthError(timedOut, "redirect_bridge_timeout"));
8867
9020
  }, timeoutMs);
8868
9021
  // Track this monitor so it can be cancelled if needed
@@ -8876,6 +9029,14 @@
8876
9029
  const messageVersion = event?.data && typeof event.data.v === "number"
8877
9030
  ? event.data.v
8878
9031
  : undefined;
9032
+ if (timedOut$1) {
9033
+ lateMeasurement?.end({
9034
+ success: responseString ? true : false,
9035
+ });
9036
+ clearTimeout(lateTimeoutId);
9037
+ channel.close();
9038
+ return;
9039
+ }
8879
9040
  performanceClient.addFields({
8880
9041
  redirectBridgeMessageVersion: messageVersion,
8881
9042
  }, correlationId);
@@ -9038,131 +9199,6 @@
9038
9199
  waitForBridgeResponse: waitForBridgeResponse
9039
9200
  });
9040
9201
 
9041
- /*
9042
- * Copyright (c) Microsoft Corporation. All rights reserved.
9043
- * Licensed under the MIT License.
9044
- */
9045
- /**
9046
- * acquireTokenFromCache (msal-browser).
9047
- * Internal API for acquiring token from cache
9048
- */
9049
- const AcquireTokenFromCache = "acquireTokenFromCache";
9050
- /**
9051
- * acquireTokenByRefreshToken API (msal-browser and msal-node).
9052
- * Used to renew an access token using a refresh token against the token endpoint.
9053
- */
9054
- const AcquireTokenByRefreshToken = "acquireTokenByRefreshToken";
9055
- /**
9056
- * acquireTokenSilentAsync (msal-browser).
9057
- * Internal API for acquireTokenSilent.
9058
- */
9059
- const AcquireTokenSilentAsync = "acquireTokenSilentAsync";
9060
- /**
9061
- * getPublicKeyThumbprint API in CryptoOpts class (msal-browser).
9062
- * Used to generate a public/private keypair and generate a public key thumbprint for pop requests.
9063
- */
9064
- const CryptoOptsGetPublicKeyThumbprint = "cryptoOptsGetPublicKeyThumbprint";
9065
- /**
9066
- * signJwt API in CryptoOpts class (msal-browser).
9067
- * Used to signed a pop token.
9068
- */
9069
- const CryptoOptsSignJwt = "cryptoOptsSignJwt";
9070
- /**
9071
- * acquireToken API in the SilentCacheClient class (msal-browser).
9072
- * Used to read access tokens from the cache.
9073
- */
9074
- const SilentCacheClientAcquireToken = "silentCacheClientAcquireToken";
9075
- /**
9076
- * acquireToken API in the SilentIframeClient class (msal-browser).
9077
- * Used to acquire a new set of tokens from the authorize endpoint in a hidden iframe.
9078
- */
9079
- const SilentIframeClientAcquireToken = "silentIframeClientAcquireToken";
9080
- const AwaitConcurrentIframe = "awaitConcurrentIframe"; // Time spent waiting for a concurrent iframe to complete
9081
- /**
9082
- * acquireToken API in SilentRereshClient (msal-browser).
9083
- * Used to acquire a new set of tokens from the token endpoint using a refresh token.
9084
- */
9085
- const SilentRefreshClientAcquireToken = "silentRefreshClientAcquireToken";
9086
- /**
9087
- * getDiscoveredAuthority API in StandardInteractionClient class (msal-browser).
9088
- * Used to load authority metadata for a request.
9089
- */
9090
- const StandardInteractionClientGetDiscoveredAuthority = "standardInteractionClientGetDiscoveredAuthority";
9091
- /**
9092
- * acquireToken API in NativeInteractionClient class (msal-browser).
9093
- * Used to acquire a token from Native component when native brokering is enabled.
9094
- */
9095
- const NativeInteractionClientAcquireToken = "nativeInteractionClientAcquireToken";
9096
- /**
9097
- * acquireTokenByRefreshToken API in RefreshTokenClient (msal-common).
9098
- */
9099
- const RefreshTokenClientAcquireTokenByRefreshToken = "refreshTokenClientAcquireTokenByRefreshToken";
9100
- /**
9101
- * acquireTokenBySilentIframe (msal-browser).
9102
- * Internal API for acquiring token by silent Iframe
9103
- */
9104
- const AcquireTokenBySilentIframe = "acquireTokenBySilentIframe";
9105
- /**
9106
- * Internal API for initializing base request in BaseInteractionClient (msal-browser)
9107
- */
9108
- const InitializeBaseRequest = "initializeBaseRequest";
9109
- /**
9110
- * Internal API for initializing silent request in SilentCacheClient (msal-browser)
9111
- */
9112
- const InitializeSilentRequest = "initializeSilentRequest";
9113
- const InitializeCache = "initializeCache";
9114
- /**
9115
- * Helper function in SilentIframeClient class (msal-browser).
9116
- */
9117
- const SilentIframeClientTokenHelper = "silentIframeClientTokenHelper";
9118
- /**
9119
- * SilentHandler
9120
- */
9121
- const SilentHandlerInitiateAuthRequest = "silentHandlerInitiateAuthRequest";
9122
- const SilentHandlerMonitorIframeForHash = "silentHandlerMonitorIframeForHash";
9123
- const SilentHandlerLoadFrameSync = "silentHandlerLoadFrameSync";
9124
- /**
9125
- * Helper functions in StandardInteractionClient class (msal-browser)
9126
- */
9127
- const StandardInteractionClientCreateAuthCodeClient = "standardInteractionClientCreateAuthCodeClient";
9128
- const StandardInteractionClientGetClientConfiguration = "standardInteractionClientGetClientConfiguration";
9129
- const StandardInteractionClientInitializeAuthorizationRequest = "standardInteractionClientInitializeAuthorizationRequest";
9130
- const SilentFlowClientAcquireCachedToken = "silentFlowClientAcquireCachedToken";
9131
- const GetStandardParams = "getStandardParams";
9132
- const HandleCodeResponse = "handleCodeResponse";
9133
- const HandleResponseEar = "handleResponseEar";
9134
- const HandleResponsePlatformBroker = "handleResponsePlatformBroker";
9135
- const HandleResponseCode = "handleResponseCode";
9136
- const AuthClientAcquireToken = "authClientAcquireToken";
9137
- const DeserializeResponse = "deserializeResponse";
9138
- const AuthorityFactoryCreateDiscoveredInstance = "authorityFactoryCreateDiscoveredInstance";
9139
- const AcquireTokenByCodeAsync = "acquireTokenByCodeAsync";
9140
- const HandleRedirectPromiseMeasurement = "handleRedirectPromise";
9141
- const HandleNativeRedirectPromiseMeasurement = "handleNativeRedirectPromise";
9142
- const NativeMessageHandlerHandshake = "nativeMessageHandlerHandshake";
9143
- const RemoveHiddenIframe = "removeHiddenIframe";
9144
- const ImportExistingCache = "importExistingCache";
9145
- /**
9146
- * Crypto Operations
9147
- */
9148
- const GeneratePkceCodes = "generatePkceCodes";
9149
- const GenerateCodeVerifier = "generateCodeVerifier";
9150
- const GenerateCodeChallengeFromVerifier = "generateCodeChallengeFromVerifier";
9151
- const Sha256Digest = "sha256Digest";
9152
- const GetRandomValues = "getRandomValues";
9153
- const GenerateHKDF = "generateHKDF";
9154
- const GenerateBaseKey = "generateBaseKey";
9155
- const Base64Decode = "base64Decode";
9156
- const UrlEncodeArr = "urlEncodeArr";
9157
- const Encrypt = "encrypt";
9158
- const Decrypt = "decrypt";
9159
- const GenerateEarKey = "generateEarKey";
9160
- const DecryptEarResponse = "decryptEarResponse";
9161
- const LoadAccount = "loadAccount";
9162
- const LoadIdToken = "loadIdToken";
9163
- const LoadAccessToken = "loadAccessToken";
9164
- const LoadRefreshToken = "loadRefreshToken";
9165
-
9166
9202
  /*
9167
9203
  * Copyright (c) Microsoft Corporation. All rights reserved.
9168
9204
  * Licensed under the MIT License.
@@ -9770,7 +9806,14 @@
9770
9806
  // Update cache storage
9771
9807
  const LocalStorageUpdated = "localStorageUpdated";
9772
9808
  // Load external tokens
9773
- const LoadExternalTokens = "loadExternalTokens";
9809
+ const LoadExternalTokens = "loadExternalTokens";
9810
+ /**
9811
+ * SSO capability verification call (msal-browser).
9812
+ * Fire-and-forget SSO verification call made after interactive authentication completes.
9813
+ */
9814
+ const SsoCapable = "ssoCapable";
9815
+ // Wait for late response from bridge after timeout has already occurred
9816
+ const WaitForBridgeLateResponse = "waitForBridgeLateResponse";
9774
9817
 
9775
9818
  var BrowserRootPerformanceEvents = /*#__PURE__*/Object.freeze({
9776
9819
  __proto__: null,
@@ -9782,7 +9825,9 @@
9782
9825
  InitializeClientApplication: InitializeClientApplication,
9783
9826
  LoadExternalTokens: LoadExternalTokens,
9784
9827
  LocalStorageUpdated: LocalStorageUpdated,
9785
- SsoSilent: SsoSilent
9828
+ SsoCapable: SsoCapable,
9829
+ SsoSilent: SsoSilent,
9830
+ WaitForBridgeLateResponse: WaitForBridgeLateResponse
9786
9831
  });
9787
9832
 
9788
9833
  /*
@@ -9801,6 +9846,7 @@
9801
9846
  const VERSION_CACHE_KEY = `${PREFIX}.version`;
9802
9847
  const ACCOUNT_KEYS = "account.keys";
9803
9848
  const TOKEN_KEYS = "token.keys";
9849
+ const SSO_CAPABLE = `${PREFIX}.${BROWSER_PREFIX}.sso.capable`;
9804
9850
  function getAccountKeysCacheKey(schema = ACCOUNT_SCHEMA_VERSION) {
9805
9851
  if (schema < 1) {
9806
9852
  return `${PREFIX}.${ACCOUNT_KEYS}`;
@@ -10299,7 +10345,7 @@
10299
10345
 
10300
10346
  /* eslint-disable header/header */
10301
10347
  const name = "@azure/msal-browser";
10302
- const version = "5.6.2";
10348
+ const version = "5.7.0";
10303
10349
 
10304
10350
  /*
10305
10351
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -12402,7 +12448,6 @@
12402
12448
  const USER_INTERACTION_REQUIRED = "USER_INTERACTION_REQUIRED";
12403
12449
  const USER_CANCEL = "USER_CANCEL";
12404
12450
  const NO_NETWORK = "NO_NETWORK";
12405
- const PERSISTENT_ERROR = "PERSISTENT_ERROR";
12406
12451
  const DISABLED = "DISABLED";
12407
12452
  const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
12408
12453
  const UX_NOT_ALLOWED = "UX_NOT_ALLOWED";
@@ -12426,8 +12471,7 @@
12426
12471
  function isFatalNativeAuthError(error) {
12427
12472
  if (error.ext &&
12428
12473
  error.ext.status &&
12429
- (error.ext.status === PERSISTENT_ERROR ||
12430
- error.ext.status === DISABLED)) {
12474
+ error.ext.status === DISABLED) {
12431
12475
  return true;
12432
12476
  }
12433
12477
  if (error.ext &&
@@ -12553,12 +12597,12 @@
12553
12597
  async acquireToken(request, cacheLookupPolicy) {
12554
12598
  this.logger.trace("03qeos", this.correlationId);
12555
12599
  // start the perf measurement
12556
- const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken, request.correlationId);
12600
+ const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken, this.correlationId);
12557
12601
  const reqTimestamp = nowSeconds();
12558
12602
  const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
12559
12603
  try {
12560
12604
  // initialize native request
12561
- const nativeRequest = await this.initializeNativeRequest(request);
12605
+ const nativeRequest = await this.initializePlatformRequest(request);
12562
12606
  // check if the tokens can be retrieved from internal cache
12563
12607
  try {
12564
12608
  const result = await this.acquireTokensFromCache(this.accountId, nativeRequest);
@@ -12572,6 +12616,10 @@
12572
12616
  catch (e) {
12573
12617
  if (cacheLookupPolicy === CacheLookupPolicy.AccessToken) {
12574
12618
  this.logger.info("0eitbc", this.correlationId);
12619
+ nativeATMeasurement.end({
12620
+ success: false,
12621
+ brokerErrorCode: "cache_request_failed",
12622
+ });
12575
12623
  throw e;
12576
12624
  }
12577
12625
  // continue with a native call for any and all errors
@@ -12593,7 +12641,6 @@
12593
12641
  success: false,
12594
12642
  errorCode: error.errorCode,
12595
12643
  subErrorCode: error.subError,
12596
- isNativeBroker: true,
12597
12644
  });
12598
12645
  throw error;
12599
12646
  });
@@ -12602,6 +12649,9 @@
12602
12649
  if (e instanceof NativeAuthError) {
12603
12650
  serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode);
12604
12651
  }
12652
+ nativeATMeasurement.end({
12653
+ success: false,
12654
+ });
12605
12655
  throw e;
12606
12656
  }
12607
12657
  }
@@ -12634,7 +12684,7 @@
12634
12684
  // fetch the account from browser cache
12635
12685
  const account = this.browserStorage.getBaseAccountInfo({
12636
12686
  nativeAccountId,
12637
- }, request.correlationId);
12687
+ }, this.correlationId);
12638
12688
  if (!account) {
12639
12689
  throw createClientAuthError(noAccountFound);
12640
12690
  }
@@ -12664,7 +12714,7 @@
12664
12714
  */
12665
12715
  async acquireTokenRedirect(request, rootMeasurement, options) {
12666
12716
  this.logger.trace("0luikq", this.correlationId);
12667
- const nativeRequest = await this.initializeNativeRequest(request);
12717
+ const nativeRequest = await this.initializePlatformRequest(request);
12668
12718
  const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
12669
12719
  try {
12670
12720
  await this.platformAuthProvider.sendMessage(nativeRequest);
@@ -12696,7 +12746,7 @@
12696
12746
  * @param performanceClient {IPerformanceClient?}
12697
12747
  * @param correlationId {string?} correlation identifier
12698
12748
  */
12699
- async handleRedirectPromise(performanceClient, correlationId) {
12749
+ async handleRedirectPromise() {
12700
12750
  this.logger.trace("1c5lhw", this.correlationId);
12701
12751
  if (!this.browserStorage.isInteractionInProgress(true)) {
12702
12752
  this.logger.info("0le6uv", this.correlationId);
@@ -12706,9 +12756,7 @@
12706
12756
  const cachedRequest = this.browserStorage.getCachedNativeRequest();
12707
12757
  if (!cachedRequest) {
12708
12758
  this.logger.verbose("0a6zjb", this.correlationId);
12709
- if (performanceClient && correlationId) {
12710
- performanceClient?.addFields({ errorCode: "no_cached_request" }, correlationId);
12711
- }
12759
+ this.performanceClient?.addFields({ errorCode: "no_cached_request" }, this.correlationId);
12712
12760
  return null;
12713
12761
  }
12714
12762
  const { prompt, ...request } = cachedRequest;
@@ -12723,6 +12771,7 @@
12723
12771
  const authResult = await this.handleNativeResponse(response, request, reqTimestamp);
12724
12772
  const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
12725
12773
  serverTelemetryManager.clearNativeBrokerErrorCode();
12774
+ this.performanceClient?.addFields({ isNativeBroker: true }, this.correlationId);
12726
12775
  return authResult;
12727
12776
  }
12728
12777
  catch (e) {
@@ -12763,9 +12812,9 @@
12763
12812
  }
12764
12813
  // Get the preferred_cache domain for the given authority
12765
12814
  const authority = await getDiscoveredAuthority(this.config, this.correlationId, this.performanceClient, this.browserStorage, this.logger, request.authority);
12766
- const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info, undefined, // environment
12815
+ const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, this.correlationId, idTokenClaims, response.client_info, authority.getPreferredCache(), // environment
12767
12816
  idTokenClaims.tid, undefined, // auth code payload
12768
- response.account.id);
12817
+ response.account.id, this.logger, this.performanceClient);
12769
12818
  // Ensure expires_in is in number format
12770
12819
  response.expires_in = Number(response.expires_in);
12771
12820
  // generate authenticationResult
@@ -12991,15 +13040,23 @@
12991
13040
  * Translates developer provided request object into NativeRequest object
12992
13041
  * @param request
12993
13042
  */
12994
- async initializeNativeRequest(request) {
12995
- this.logger.trace("04j6wj", this.correlationId);
13043
+ async initializePlatformRequest(request) {
13044
+ this.logger.trace("1xdm2a", this.correlationId);
12996
13045
  const canonicalAuthority = await this.getCanonicalAuthority(request);
13046
+ // ignore config claims if skipBrokerClaims is set to true and this is a brokered authentication flow
13047
+ const configClaims = request.skipBrokerClaims && !!request.embeddedClientId
13048
+ ? undefined
13049
+ : this.config.auth.clientCapabilities;
12997
13050
  // scopes are expected to be received by the native broker as "scope" and will be added to the request below. Other properties that should be dropped from the request to the native broker can be included in the object destructuring here.
12998
- const { scopes, ...remainingProperties } = request;
13051
+ const { scopes, claims, ...remainingProperties } = request;
12999
13052
  const scopeSet = new ScopeSet(scopes || []);
13000
13053
  scopeSet.appendScopes(OIDC_DEFAULT_SCOPES$1);
13054
+ const mergedClaims = configClaims && configClaims.length
13055
+ ? addClientCapabilitiesToClaims$1(claims, configClaims)
13056
+ : claims;
13001
13057
  const validatedRequest = {
13002
13058
  ...remainingProperties,
13059
+ claims: mergedClaims,
13003
13060
  accountId: this.accountId,
13004
13061
  clientId: this.config.auth.clientId,
13005
13062
  authority: canonicalAuthority.urlString,
@@ -13069,12 +13126,12 @@
13069
13126
  switch (this.apiId) {
13070
13127
  case ApiId.ssoSilent:
13071
13128
  case ApiId.acquireTokenSilent_silentFlow:
13072
- this.logger.trace("1hiwaz", this.correlationId);
13129
+ this.logger.trace("12n1y2", this.correlationId);
13073
13130
  return PromptValue$1.NONE;
13074
13131
  }
13075
13132
  // Prompt not provided, request may proceed and native broker decides if it needs to prompt
13076
13133
  if (!prompt) {
13077
- this.logger.trace("1qlu04", this.correlationId);
13134
+ this.logger.trace("0uid1p", this.correlationId);
13078
13135
  return undefined;
13079
13136
  }
13080
13137
  // If request is interactive, check if prompt provided is allowed to go directly to native broker
@@ -13082,10 +13139,10 @@
13082
13139
  case PromptValue$1.NONE:
13083
13140
  case PromptValue$1.CONSENT:
13084
13141
  case PromptValue$1.LOGIN:
13085
- this.logger.trace("1ynje4", this.correlationId);
13142
+ this.logger.trace("0i0hco", this.correlationId);
13086
13143
  return prompt;
13087
13144
  default:
13088
- this.logger.trace("0nkr6q", this.correlationId);
13145
+ this.logger.trace("0w3tpw", this.correlationId);
13089
13146
  throw createBrowserAuthError(nativePromptNotSupported);
13090
13147
  }
13091
13148
  }
@@ -13121,7 +13178,7 @@
13121
13178
  this.performanceClient?.addFields({
13122
13179
  embeddedClientId: child_client_id,
13123
13180
  embeddedRedirectUri: child_redirect_uri,
13124
- }, request.correlationId);
13181
+ }, this.correlationId);
13125
13182
  }
13126
13183
  }
13127
13184
 
@@ -13208,6 +13265,10 @@
13208
13265
  if (request.platformBroker) {
13209
13266
  // signal ests that this is a WAM call
13210
13267
  addNativeBroker(parameters);
13268
+ // instrument JS-platform bridge specific fields
13269
+ performanceClient.addFields({
13270
+ isPlatformAuthorizeRequest: true,
13271
+ }, request.correlationId);
13211
13272
  // pass the req_cnf for POP
13212
13273
  if (request.authenticationScheme === AuthenticationScheme$1.POP) {
13213
13274
  const cryptoOps = new CryptoOps(logger, performanceClient);
@@ -13650,7 +13711,7 @@
13650
13711
  *
13651
13712
  * @returns Configuration object
13652
13713
  */
13653
- function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system: userInputSystem, telemetry: userInputTelemetry, }, isBrowserEnvironment) {
13714
+ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system: userInputSystem, experimental: userInputExperimental, telemetry: userInputTelemetry, }, isBrowserEnvironment) {
13654
13715
  // Default auth options for browser
13655
13716
  const DEFAULT_AUTH_OPTIONS = {
13656
13717
  clientId: "",
@@ -13677,6 +13738,7 @@
13677
13738
  },
13678
13739
  instanceAware: false,
13679
13740
  isMcp: false,
13741
+ verifySSO: false,
13680
13742
  };
13681
13743
  // Default cache options for browser
13682
13744
  const DEFAULT_CACHE_OPTIONS = {
@@ -13722,6 +13784,9 @@
13722
13784
  },
13723
13785
  client: new StubPerformanceClient(),
13724
13786
  };
13787
+ const DEFAULT_EXPERIMENTAL_OPTIONS = {
13788
+ iframeTimeoutTelemetry: false,
13789
+ };
13725
13790
  // Throw an error if user has set OIDCOptions without being in OIDC protocol mode
13726
13791
  if (userInputSystem?.protocolMode !== ProtocolMode.OIDC &&
13727
13792
  userInputAuth?.OIDCOptions) {
@@ -13745,6 +13810,10 @@
13745
13810
  },
13746
13811
  cache: { ...DEFAULT_CACHE_OPTIONS, ...userInputCache },
13747
13812
  system: providedSystemOptions,
13813
+ experimental: {
13814
+ ...DEFAULT_EXPERIMENTAL_OPTIONS,
13815
+ ...userInputExperimental,
13816
+ },
13748
13817
  telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...userInputTelemetry },
13749
13818
  };
13750
13819
  return overlayedConfig;
@@ -14222,7 +14291,7 @@
14222
14291
  }
14223
14292
  }
14224
14293
  /**
14225
- * Returns boolean indicating whether or not the request should attempt to use native broker
14294
+ * Returns boolean indicating whether or not the request should attempt to use platform broker
14226
14295
  * @param logger
14227
14296
  * @param config
14228
14297
  * @param correlationId
@@ -14504,6 +14573,10 @@
14504
14573
  return;
14505
14574
  }
14506
14575
  }
14576
+ // Redirect bridge requires "state" param to work properly
14577
+ validRequest.state = setRequestState(this.browserCrypto, validRequest.state || "", {
14578
+ interactionType: exports.InteractionType.Popup,
14579
+ });
14507
14580
  // Create logout string and navigate user window to logout.
14508
14581
  const logoutUri = authClient.getLogoutUri(validRequest);
14509
14582
  this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, validRequest.correlationId, exports.InteractionType.Popup, validRequest);
@@ -15044,6 +15117,10 @@
15044
15117
  }
15045
15118
  }
15046
15119
  }
15120
+ // Redirect bridge requires "state" param to work properly
15121
+ validLogoutRequest.state = setRequestState(this.browserCrypto, validLogoutRequest.state || "", {
15122
+ interactionType: exports.InteractionType.Redirect,
15123
+ });
15047
15124
  // Create logout string and navigate user window to logout.
15048
15125
  const logoutUri = authClient.getLogoutUri(validLogoutRequest);
15049
15126
  if (validLogoutRequest.account?.homeAccountId) {
@@ -15270,7 +15347,7 @@
15270
15347
  const responseType = this.config.auth.OIDCOptions.responseMode;
15271
15348
  let responseString;
15272
15349
  try {
15273
- responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
15350
+ responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
15274
15351
  }
15275
15352
  finally {
15276
15353
  invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
@@ -15292,6 +15369,38 @@
15292
15369
  return invokeAsync(handleResponseEAR, HandleResponseEar, this.logger, this.performanceClient, correlationId)(silentRequest, serverParams, this.apiId, this.config, discoveredAuthority, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
15293
15370
  }
15294
15371
  }
15372
+ /**
15373
+ * Verifies SSO capability by making an iframe request to /authorize without exchanging the code for tokens.
15374
+ * This is useful for verifying SSO capability in the background without the overhead of a full token exchange.
15375
+ * @param request - The SSO silent request
15376
+ * @returns true if SSO verification was successful with a valid authorization code, false otherwise
15377
+ */
15378
+ async verifySso(request) {
15379
+ const inputRequest = { ...request };
15380
+ if (!inputRequest.prompt) {
15381
+ inputRequest.prompt = PromptValue$1.NONE;
15382
+ }
15383
+ // Create silent request
15384
+ const silentRequest = await invokeAsync(initializeAuthorizationRequest, StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(inputRequest, exports.InteractionType.Silent, this.config, this.browserCrypto, this.browserStorage, this.logger, this.performanceClient, this.correlationId);
15385
+ const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
15386
+ serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger),
15387
+ requestAuthority: silentRequest.authority,
15388
+ requestAzureCloudOptions: silentRequest.azureCloudOptions,
15389
+ requestExtraQueryParameters: silentRequest.extraQueryParameters,
15390
+ account: silentRequest.account,
15391
+ });
15392
+ const { serverParams } = await this.silentAuthorizeHelper(authClient, silentRequest);
15393
+ const correlationId = silentRequest.correlationId;
15394
+ // Validate the response - this checks for errors and validates state
15395
+ validateAuthorizationResponse(serverParams, silentRequest.state);
15396
+ // Verify a valid authorization code is present
15397
+ if (!serverParams.code) {
15398
+ this.logger.warning("0y34ti", correlationId);
15399
+ return false;
15400
+ }
15401
+ this.logger.verbose("0kkkcj", correlationId);
15402
+ return true;
15403
+ }
15295
15404
  /**
15296
15405
  * Currently Unsupported
15297
15406
  */
@@ -15306,6 +15415,16 @@
15306
15415
  * @param userRequestScopes
15307
15416
  */
15308
15417
  async silentTokenHelper(authClient, request) {
15418
+ const { serverParams, pkceCodes } = await this.silentAuthorizeHelper(authClient, request);
15419
+ return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, request.correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
15420
+ }
15421
+ /**
15422
+ * Shared helper that generates PKCE codes, builds the /authorize URL,
15423
+ * loads it in a hidden iframe, waits for the redirect-bridge response,
15424
+ * and returns the deserialized server parameters along with the PKCE codes
15425
+ * and the request that was sent.
15426
+ */
15427
+ async silentAuthorizeHelper(authClient, request) {
15309
15428
  const correlationId = request.correlationId;
15310
15429
  const pkceCodes = await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
15311
15430
  const silentRequest = {
@@ -15326,13 +15445,13 @@
15326
15445
  // Wait for response from the redirect bridge.
15327
15446
  let responseString;
15328
15447
  try {
15329
- responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
15448
+ responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
15330
15449
  }
15331
15450
  finally {
15332
15451
  invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
15333
15452
  }
15334
15453
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
15335
- return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
15454
+ return { serverParams, pkceCodes, silentRequest };
15336
15455
  }
15337
15456
  }
15338
15457
 
@@ -15586,22 +15705,32 @@
15586
15705
  this.nativeInternalStorage = new BrowserCacheManager(this.config.auth.clientId, nativeCacheOptions, this.browserCrypto, this.logger, this.performanceClient, this.eventHandler);
15587
15706
  this.activeSilentTokenRequests = new Map();
15588
15707
  // Register listener functions
15589
- this.trackPageVisibility = this.trackPageVisibility.bind(this);
15708
+ this.trackStateChange = this.trackStateChange.bind(this);
15590
15709
  // Register listener functions
15591
- this.trackPageVisibilityWithMeasurement =
15592
- this.trackPageVisibilityWithMeasurement.bind(this);
15710
+ this.trackStateChangeWithMeasurement =
15711
+ this.trackStateChangeWithMeasurement.bind(this);
15593
15712
  }
15594
15713
  static async createController(operatingContext, request) {
15595
15714
  const controller = new StandardController(operatingContext);
15596
15715
  await controller.initialize(request);
15597
15716
  return controller;
15598
15717
  }
15599
- trackPageVisibility(correlationId) {
15718
+ trackStateChange(correlationId, event) {
15600
15719
  if (!correlationId) {
15601
15720
  return;
15602
15721
  }
15603
- this.logger.info("16v6hv", correlationId);
15604
- this.performanceClient.incrementFields({ visibilityChangeCount: 1 }, correlationId);
15722
+ if (event.type === "visibilitychange") {
15723
+ this.logger.info("16v6hv", correlationId);
15724
+ this.performanceClient.incrementFields({ visibilityChangeCount: 1 }, correlationId);
15725
+ }
15726
+ else if (event.type === "online") {
15727
+ this.logger.info("0zirfd", correlationId);
15728
+ this.performanceClient.incrementFields({ onlineStatusChangeCount: 1 }, correlationId);
15729
+ }
15730
+ else if (event.type === "offline") {
15731
+ this.logger.info("1xk9ef", correlationId);
15732
+ this.performanceClient.incrementFields({ onlineStatusChangeCount: 1 }, correlationId);
15733
+ }
15605
15734
  }
15606
15735
  /**
15607
15736
  * Initializer function to perform async startup tasks such as connecting to WAM extension
@@ -15701,22 +15830,25 @@
15701
15830
  }
15702
15831
  const loggedInAccounts = this.getAllAccounts();
15703
15832
  const platformBrokerRequest = this.browserStorage.getCachedNativeRequest();
15704
- const useNative = platformBrokerRequest &&
15705
- this.platformAuthProvider &&
15706
- !options?.hash;
15833
+ const useNative = platformBrokerRequest && !options?.hash;
15707
15834
  let rootMeasurement;
15708
15835
  let redirectResponse;
15836
+ let cachedRedirectRequest;
15709
15837
  try {
15710
15838
  if (useNative && this.platformAuthProvider) {
15711
15839
  const correlationId = platformBrokerRequest?.correlationId || "";
15712
15840
  this.eventHandler.emitEvent(EventType.HANDLE_REDIRECT_START, correlationId, exports.InteractionType.Redirect);
15713
15841
  rootMeasurement = this.performanceClient.startMeasurement(AcquireTokenRedirect, correlationId);
15714
15842
  this.logger.trace("12v7is", correlationId);
15843
+ rootMeasurement.add({
15844
+ isPlatformBrokerRequest: true,
15845
+ });
15715
15846
  const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.handleRedirectPromise, this.performanceClient, this.platformAuthProvider, platformBrokerRequest.accountId, this.nativeInternalStorage, platformBrokerRequest.correlationId);
15716
- redirectResponse = invokeAsync(nativeClient.handleRedirectPromise.bind(nativeClient), HandleNativeRedirectPromiseMeasurement, this.logger, this.performanceClient, rootMeasurement.event.correlationId)(this.performanceClient, rootMeasurement.event.correlationId);
15847
+ redirectResponse = invokeAsync(nativeClient.handleRedirectPromise.bind(nativeClient), HandleNativeRedirectPromiseMeasurement, this.logger, this.performanceClient, rootMeasurement.event.correlationId)();
15717
15848
  }
15718
15849
  else {
15719
15850
  const [standardRequest, codeVerifier] = this.browserStorage.getCachedRequest("");
15851
+ cachedRedirectRequest = standardRequest;
15720
15852
  const correlationId = standardRequest.correlationId;
15721
15853
  this.eventHandler.emitEvent(EventType.HANDLE_REDIRECT_START, correlationId, exports.InteractionType.Redirect);
15722
15854
  // Reset rootMeasurement now that we have correlationId
@@ -15745,6 +15877,8 @@
15745
15877
  rootMeasurement.end({
15746
15878
  success: true,
15747
15879
  }, undefined, result.account);
15880
+ // Fire-and-forget SSO capability verification in background
15881
+ this.verifySsoCapability(cachedRedirectRequest, exports.InteractionType.Redirect);
15748
15882
  }
15749
15883
  else {
15750
15884
  /*
@@ -15810,12 +15944,14 @@
15810
15944
  if (this.platformAuthProvider &&
15811
15945
  this.canUsePlatformBroker(request)) {
15812
15946
  const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.acquireTokenRedirect, this.performanceClient, this.platformAuthProvider, this.getNativeAccountId(request), this.nativeInternalStorage, correlationId);
15813
- result = nativeClient
15814
- .acquireTokenRedirect(request, atrMeasurement)
15815
- .catch((e) => {
15947
+ result = invokeAsync(nativeClient.acquireTokenRedirect.bind(nativeClient), NativeInteractionClientAcquireTokenRedirect, this.logger, this.performanceClient, correlationId)(request, atrMeasurement).catch((e) => {
15948
+ atrMeasurement.add({
15949
+ brokerErrorName: e.name,
15950
+ brokerErrorCode: e.errorCode,
15951
+ });
15816
15952
  if (e instanceof NativeAuthError &&
15817
15953
  isFatalNativeAuthError(e)) {
15818
- this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
15954
+ this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
15819
15955
  const redirectClient = this.createRedirectClient(correlationId);
15820
15956
  return redirectClient.acquireToken(request);
15821
15957
  }
@@ -15881,6 +16017,9 @@
15881
16017
  let result;
15882
16018
  const pkce = this.getPreGeneratedPkceCodes(correlationId);
15883
16019
  if (this.canUsePlatformBroker(request)) {
16020
+ atPopupMeasurement.add({
16021
+ isPlatformBrokerRequest: true,
16022
+ });
15884
16023
  result = this.acquireTokenNative({
15885
16024
  ...request,
15886
16025
  correlationId,
@@ -15893,9 +16032,13 @@
15893
16032
  return response;
15894
16033
  })
15895
16034
  .catch((e) => {
16035
+ atPopupMeasurement.add({
16036
+ brokerErrorName: e.name,
16037
+ brokerErrorCode: e.errorCode,
16038
+ });
15896
16039
  if (e instanceof NativeAuthError &&
15897
16040
  isFatalNativeAuthError(e)) {
15898
- this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
16041
+ this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
15899
16042
  const popupClient = this.createPopupClient(correlationId);
15900
16043
  return popupClient.acquireToken(request, pkce);
15901
16044
  }
@@ -15926,6 +16069,8 @@
15926
16069
  accessTokenSize: result.accessToken.length,
15927
16070
  idTokenSize: result.idToken.length,
15928
16071
  }, undefined, result.account);
16072
+ // SSO capability verification in background
16073
+ this.verifySsoCapability(request, exports.InteractionType.Popup);
15929
16074
  return result;
15930
16075
  })
15931
16076
  .catch((e) => {
@@ -15943,15 +16088,137 @@
15943
16088
  }
15944
16089
  });
15945
16090
  }
15946
- trackPageVisibilityWithMeasurement() {
16091
+ trackStateChangeWithMeasurement(event) {
15947
16092
  const measurement = this.ssoSilentMeasurement ||
15948
16093
  this.acquireTokenByCodeAsyncMeasurement;
15949
16094
  if (!measurement) {
15950
16095
  return;
15951
16096
  }
15952
- measurement.increment({
15953
- visibilityChangeCount: 1,
16097
+ if (event.type === "visibilitychange") {
16098
+ this.logger.info("0yzimq", measurement.event.correlationId);
16099
+ measurement.increment({
16100
+ visibilityChangeCount: 1,
16101
+ });
16102
+ }
16103
+ else if (event.type === "online") {
16104
+ this.logger.info("1caf53", measurement.event.correlationId);
16105
+ measurement.increment({
16106
+ onlineStatusChangeCount: 1,
16107
+ });
16108
+ }
16109
+ else if (event.type === "offline") {
16110
+ this.logger.info("0fdyk7", measurement.event.correlationId);
16111
+ measurement.increment({
16112
+ onlineStatusChangeCount: 1,
16113
+ });
16114
+ }
16115
+ }
16116
+ addStateChangeListeners(listener) {
16117
+ document.addEventListener("visibilitychange", listener);
16118
+ window.addEventListener("online", listener);
16119
+ window.addEventListener("offline", listener);
16120
+ }
16121
+ removeStateChangeListeners(listener) {
16122
+ document.removeEventListener("visibilitychange", listener);
16123
+ window.removeEventListener("online", listener);
16124
+ window.removeEventListener("offline", listener);
16125
+ }
16126
+ /**
16127
+ * Reads the cached ssoCapable value from localStorage.
16128
+ * @returns The cached ssoCapable boolean value, or undefined if not cached or expired.
16129
+ */
16130
+ getCachedSsoCapable() {
16131
+ try {
16132
+ const cachedValue = window.localStorage.getItem(SSO_CAPABLE);
16133
+ if (cachedValue) {
16134
+ const parsed = JSON.parse(cachedValue);
16135
+ if (parsed &&
16136
+ typeof parsed.ssoCapable === "boolean" &&
16137
+ parsed.expiresOn &&
16138
+ Date.now() < parsed.expiresOn) {
16139
+ return parsed.ssoCapable;
16140
+ }
16141
+ }
16142
+ }
16143
+ catch {
16144
+ // If parsing fails, return undefined
16145
+ }
16146
+ return undefined;
16147
+ }
16148
+ /**
16149
+ * SSO capability verification in the background.
16150
+ * This method makes an iframe request to /authorize to verify SSO capability without calling /token.
16151
+ * This method does not block the caller and tracks telemetry for success/failure.
16152
+ * This method only executes if verifySSO is set to true in the auth configuration.
16153
+ * The result is cached in localStorage with a 24-hour TTL; the SSO verification call
16154
+ * is only attempted when the cached value is absent or expired.
16155
+ * @param request - The original request used for the authentication flow
16156
+ * @param interactionType - The interactionType of the AT operation for logging purposes
16157
+ */
16158
+ verifySsoCapability(request, interactionType) {
16159
+ // Check if SSO capability verification is enabled
16160
+ if (!this.config.auth.verifySSO) {
16161
+ return;
16162
+ }
16163
+ // Check TTL: derive ssoCapable state from localStorage and skip if not expired
16164
+ const ssoCacheKey = SSO_CAPABLE;
16165
+ const SSO_CAPABLE_TTL_MS = 24 * 60 * 60 * 1000; // 24 hours
16166
+ const cachedSsoCapable = this.getCachedSsoCapable();
16167
+ if (cachedSsoCapable !== undefined) {
16168
+ this.logger.verbose("13poou", "");
16169
+ return;
16170
+ }
16171
+ const correlationId = createNewGuid();
16172
+ const ssoCapableMeasurement = this.performanceClient.startMeasurement(SsoCapable, correlationId);
16173
+ ssoCapableMeasurement.add({
16174
+ "ext.interactionType": interactionType,
15954
16175
  });
16176
+ this.logger.verbose("0pbr0i", correlationId);
16177
+ /*
16178
+ * Use setTimeout to ensure this runs in a separate macrotask after the current call stack completes
16179
+ * This ensures the result is returned to the caller before the SSO verification starts and doesn't affect performance
16180
+ */
16181
+ setTimeout(() => {
16182
+ const ssoVerificationRequest = {
16183
+ ...request,
16184
+ correlationId: correlationId,
16185
+ };
16186
+ const silentIframeClient = this.createSilentIframeClient(correlationId);
16187
+ silentIframeClient
16188
+ .verifySso(ssoVerificationRequest)
16189
+ .then((result) => {
16190
+ this.logger.verbose("1gd1iv", correlationId);
16191
+ // TBD to add profileTelemetry later in localStorage with 24h TTL
16192
+ try {
16193
+ const cacheEntry = JSON.stringify({
16194
+ ssoCapable: result,
16195
+ expiresOn: Date.now() + SSO_CAPABLE_TTL_MS,
16196
+ });
16197
+ window.localStorage.setItem(ssoCacheKey, cacheEntry);
16198
+ }
16199
+ catch {
16200
+ this.logger.warning("18lmoj", correlationId);
16201
+ }
16202
+ ssoCapableMeasurement.end({
16203
+ fromCache: false,
16204
+ success: result,
16205
+ }, undefined);
16206
+ })
16207
+ .catch((error) => {
16208
+ this.logger.warning("05g83w", correlationId);
16209
+ // reset the cache
16210
+ try {
16211
+ window.localStorage.removeItem(ssoCacheKey);
16212
+ }
16213
+ catch {
16214
+ this.logger.warning("0nlf9q", correlationId);
16215
+ }
16216
+ ssoCapableMeasurement.end({
16217
+ fromCache: false,
16218
+ success: false,
16219
+ }, error);
16220
+ });
16221
+ }, 0);
15955
16222
  }
15956
16223
  // #endregion
15957
16224
  // #region Silent Flow
@@ -15974,28 +16241,35 @@
15974
16241
  const correlationId = this.getRequestCorrelationId(request);
15975
16242
  const validRequest = {
15976
16243
  ...request,
15977
- // will be PromptValue.NONE or PromptValue.NO_SESSION
15978
- prompt: request.prompt,
15979
16244
  correlationId: correlationId,
15980
16245
  };
15981
16246
  this.ssoSilentMeasurement = this.performanceClient.startMeasurement(SsoSilent, correlationId);
15982
16247
  this.ssoSilentMeasurement?.add({
15983
16248
  scenarioId: request.scenarioId,
16249
+ ssoCapable: this.getCachedSsoCapable(),
15984
16250
  });
15985
16251
  preflightCheck(this.initialized, this.ssoSilentMeasurement, this.config, validRequest);
15986
16252
  this.ssoSilentMeasurement?.increment({
15987
16253
  visibilityChangeCount: 0,
16254
+ onlineStatusChangeCount: 0,
15988
16255
  });
15989
- document.addEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
16256
+ this.addStateChangeListeners(this.trackStateChangeWithMeasurement);
15990
16257
  const loggedInAccounts = this.getAllAccounts();
15991
16258
  this.logger.verbose("0w1b45", correlationId);
15992
16259
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Silent, validRequest);
15993
16260
  let result;
15994
16261
  if (this.canUsePlatformBroker(validRequest)) {
16262
+ this.ssoSilentMeasurement?.add({
16263
+ isPlatformBrokerRequest: true,
16264
+ });
15995
16265
  result = this.acquireTokenNative(validRequest, ApiId.ssoSilent).catch((e) => {
16266
+ this.ssoSilentMeasurement?.add({
16267
+ brokerErrorName: e.name,
16268
+ brokerErrorCode: e.errorCode,
16269
+ });
15996
16270
  // If native token acquisition fails for availability reasons fallback to standard flow
15997
16271
  if (e instanceof NativeAuthError && isFatalNativeAuthError(e)) {
15998
- this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
16272
+ this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
15999
16273
  const silentIframeClient = this.createSilentIframeClient(validRequest.correlationId);
16000
16274
  return silentIframeClient.acquireToken(validRequest);
16001
16275
  }
@@ -16029,7 +16303,7 @@
16029
16303
  throw e;
16030
16304
  })
16031
16305
  .finally(() => {
16032
- document.removeEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
16306
+ this.removeStateChangeListeners(this.trackStateChangeWithMeasurement);
16033
16307
  });
16034
16308
  }
16035
16309
  /**
@@ -16068,7 +16342,6 @@
16068
16342
  this.hybridAuthCodeResponses.delete(hybridAuthCode);
16069
16343
  atbcMeasurement.end({
16070
16344
  success: true,
16071
- isNativeBroker: result.fromPlatformBroker,
16072
16345
  accessTokenSize: result.accessToken.length,
16073
16346
  idTokenSize: result.idToken.length,
16074
16347
  }, undefined, result.account);
@@ -16092,10 +16365,17 @@
16092
16365
  }
16093
16366
  else if (request.nativeAccountId) {
16094
16367
  if (this.canUsePlatformBroker(request, request.nativeAccountId)) {
16368
+ atbcMeasurement.add({
16369
+ isPlatformBrokerRequest: true,
16370
+ });
16095
16371
  const result = await this.acquireTokenNative({
16096
16372
  ...request,
16097
16373
  correlationId,
16098
16374
  }, ApiId.acquireTokenByCode, request.nativeAccountId).catch((e) => {
16375
+ atbcMeasurement.add({
16376
+ brokerErrorName: e.name,
16377
+ brokerErrorCode: e.errorCode,
16378
+ });
16099
16379
  // If native token acquisition fails for availability reasons fallback to standard flow
16100
16380
  if (e instanceof NativeAuthError &&
16101
16381
  isFatalNativeAuthError(e)) {
@@ -16136,8 +16416,9 @@
16136
16416
  this.performanceClient.startMeasurement(AcquireTokenByCodeAsync, correlationId);
16137
16417
  this.acquireTokenByCodeAsyncMeasurement?.increment({
16138
16418
  visibilityChangeCount: 0,
16419
+ onlineStatusChangeCount: 0,
16139
16420
  });
16140
- document.addEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
16421
+ this.addStateChangeListeners(this.trackStateChangeWithMeasurement);
16141
16422
  const silentAuthCodeClient = this.createSilentAuthCodeClient(correlationId);
16142
16423
  const silentTokenResult = await silentAuthCodeClient
16143
16424
  .acquireToken(request)
@@ -16145,7 +16426,6 @@
16145
16426
  this.acquireTokenByCodeAsyncMeasurement?.end({
16146
16427
  success: true,
16147
16428
  fromCache: response.fromCache,
16148
- isNativeBroker: response.fromPlatformBroker,
16149
16429
  });
16150
16430
  return response;
16151
16431
  })
@@ -16156,7 +16436,7 @@
16156
16436
  throw tokenRenewalError;
16157
16437
  })
16158
16438
  .finally(() => {
16159
- document.removeEventListener("visibilitychange", this.trackPageVisibilityWithMeasurement);
16439
+ this.removeStateChangeListeners(this.trackStateChangeWithMeasurement);
16160
16440
  });
16161
16441
  return silentTokenResult;
16162
16442
  }
@@ -16314,7 +16594,7 @@
16314
16594
  throw createBrowserAuthError(nativeConnectionNotEstablished);
16315
16595
  }
16316
16596
  const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, apiId, this.performanceClient, this.platformAuthProvider, accountId || this.getNativeAccountId(request), this.nativeInternalStorage, correlationId);
16317
- return nativeClient.acquireToken(request, cacheLookupPolicy);
16597
+ return invokeAsync(nativeClient.acquireToken.bind(nativeClient), NativeInteractionClientAcquireToken, this.logger, this.performanceClient, correlationId)(request, cacheLookupPolicy);
16318
16598
  }
16319
16599
  /**
16320
16600
  * Returns boolean indicating if this request can use the platform broker
@@ -16328,7 +16608,7 @@
16328
16608
  return false;
16329
16609
  }
16330
16610
  if (!isPlatformAuthAllowed(this.config, this.logger, correlationId, this.platformAuthProvider, request.authenticationScheme)) {
16331
- this.logger.trace("1m4bzf", correlationId);
16611
+ this.logger.trace("0yoy1g", correlationId);
16332
16612
  return false;
16333
16613
  }
16334
16614
  if (request.prompt) {
@@ -16547,6 +16827,7 @@
16547
16827
  atsMeasurement.add({
16548
16828
  cacheLookupPolicy: request.cacheLookupPolicy,
16549
16829
  scenarioId: request.scenarioId,
16830
+ ssoCapable: this.getCachedSsoCapable(),
16550
16831
  });
16551
16832
  preflightCheck(this.initialized, atsMeasurement, this.config, request);
16552
16833
  this.logger.verbose("0x1c4s", correlationId);
@@ -16559,7 +16840,6 @@
16559
16840
  atsMeasurement.end({
16560
16841
  success: true,
16561
16842
  fromCache: result.fromCache,
16562
- isNativeBroker: result.fromPlatformBroker,
16563
16843
  accessTokenSize: result.accessToken.length,
16564
16844
  idTokenSize: result.idToken.length,
16565
16845
  }, undefined, result.account);
@@ -16618,12 +16898,12 @@
16618
16898
  * @returns {Promise.<AuthenticationResult>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse}
16619
16899
  */
16620
16900
  async acquireTokenSilentAsync(request, account) {
16621
- const trackPageVisibility = () => this.trackPageVisibility(request.correlationId);
16901
+ const trackStateChange = (event) => this.trackStateChange(request.correlationId, event);
16622
16902
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, request.correlationId, exports.InteractionType.Silent, request);
16623
16903
  if (request.correlationId) {
16624
- this.performanceClient.incrementFields({ visibilityChangeCount: 0 }, request.correlationId);
16904
+ this.performanceClient.incrementFields({ visibilityChangeCount: 0, onlineStatusChangeCount: 0 }, request.correlationId);
16625
16905
  }
16626
- document.addEventListener("visibilitychange", trackPageVisibility);
16906
+ this.addStateChangeListeners(trackStateChange);
16627
16907
  const silentRequest = await invokeAsync(initializeSilentRequest, InitializeSilentRequest, this.logger, this.performanceClient, request.correlationId)(request, account, this.config, this.performanceClient, this.logger);
16628
16908
  const cacheLookupPolicy = request.cacheLookupPolicy || CacheLookupPolicy.Default;
16629
16909
  const result = this.acquireTokenSilentNoIframe(silentRequest, cacheLookupPolicy).catch(async (refreshTokenError) => {
@@ -16705,7 +16985,7 @@
16705
16985
  throw tokenRenewalError;
16706
16986
  })
16707
16987
  .finally(() => {
16708
- document.removeEventListener("visibilitychange", trackPageVisibility);
16988
+ this.removeStateChangeListeners(trackStateChange);
16709
16989
  });
16710
16990
  }
16711
16991
  /**
@@ -16719,7 +16999,12 @@
16719
16999
  if (isPlatformAuthAllowed(this.config, this.logger, silentRequest.correlationId, this.platformAuthProvider, silentRequest.authenticationScheme) &&
16720
17000
  silentRequest.account.nativeAccountId) {
16721
17001
  this.logger.verbose("0sczo4", silentRequest.correlationId);
17002
+ this.performanceClient.addFields({ isPlatformBrokerRequest: true }, silentRequest.correlationId);
16722
17003
  return this.acquireTokenNative(silentRequest, ApiId.acquireTokenSilent_silentFlow, silentRequest.account.nativeAccountId, cacheLookupPolicy).catch(async (e) => {
17004
+ this.performanceClient.addFields({
17005
+ brokerErrorName: e.name,
17006
+ brokerErrorCode: e.errorCode,
17007
+ }, silentRequest.correlationId);
16723
17008
  // If native token acquisition fails for availability reasons fallback to web flow
16724
17009
  if (e instanceof NativeAuthError && isFatalNativeAuthError(e)) {
16725
17010
  this.logger.verbose("07rkmb", silentRequest.correlationId);
@@ -18305,7 +18590,7 @@
18305
18590
  const storage = new BrowserCacheManager(browserConfig.auth.clientId, browserConfig.cache, cryptoOps, logger, browserConfig.telemetry.client, new EventHandler(logger), buildStaticAuthorityOptions(browserConfig.auth));
18306
18591
  const authorityString = request.authority || browserConfig.auth.authority;
18307
18592
  const authority = await createDiscoveredInstance(Authority.generateAuthority(authorityString, request.azureCloudOptions), browserConfig.system.networkClient, storage, authorityOptions, logger, correlationId, performanceClient);
18308
- const cacheRecordAccount = await invokeAsync(loadAccount, LoadAccount, logger, performanceClient, correlationId)(request, options.clientInfo || response.client_info || "", correlationId, storage, logger, cryptoOps, authority, idTokenClaims);
18593
+ const cacheRecordAccount = await invokeAsync(loadAccount, LoadAccount, logger, performanceClient, correlationId)(request, options.clientInfo || response.client_info || "", correlationId, storage, logger, cryptoOps, authority, idTokenClaims, performanceClient);
18309
18594
  const idToken = await invokeAsync(loadIdToken, LoadIdToken, logger, performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, kmsi, correlationId, storage, logger, config.auth.clientId);
18310
18595
  const accessToken = await invokeAsync(loadAccessToken, LoadAccessToken, logger, performanceClient, correlationId)(request, response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, kmsi, options, correlationId, storage, logger, config.auth.clientId);
18311
18596
  const refreshToken = await invokeAsync(loadRefreshToken, LoadRefreshToken, logger, performanceClient, correlationId)(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, kmsi, correlationId, storage, logger, config.auth.clientId, performanceClient);
@@ -18331,7 +18616,7 @@
18331
18616
  * @param requestHomeAccountId
18332
18617
  * @returns `AccountEntity`
18333
18618
  */
18334
- async function loadAccount(request, clientInfo, correlationId, storage, logger, cryptoObj, authority, idTokenClaims) {
18619
+ async function loadAccount(request, clientInfo, correlationId, storage, logger, cryptoObj, authority, idTokenClaims, performanceClient) {
18335
18620
  logger.verbose("0ke46k", correlationId);
18336
18621
  if (request.account) {
18337
18622
  const accountEntity = createAccountEntityFromAccountInfo(request.account);
@@ -18346,7 +18631,7 @@
18346
18631
  const claimsTenantId = idTokenClaims?.tid;
18347
18632
  const cachedAccount = buildAccountToCache(storage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, authority.getPreferredCache(), claimsTenantId, undefined, // authCodePayload
18348
18633
  undefined, // nativeAccountId
18349
- logger);
18634
+ logger, performanceClient);
18350
18635
  await storage.setAccount(cachedAccount, correlationId, isKmsi(idTokenClaims || {}), ApiId.loadExternalTokens);
18351
18636
  return cachedAccount;
18352
18637
  }
@@ -18618,6 +18903,9 @@
18618
18903
  getPageVisibility() {
18619
18904
  return document.visibilityState?.toString() || null;
18620
18905
  }
18906
+ getOnlineStatus() {
18907
+ return typeof navigator !== "undefined" ? navigator.onLine : null;
18908
+ }
18621
18909
  deleteIncompleteSubMeasurements(inProgressEvent) {
18622
18910
  void getPerfMeasurementModule()?.then((module) => {
18623
18911
  const rootEvent = this.eventsByCorrelationId.get(inProgressEvent.event.correlationId);
@@ -18644,6 +18932,7 @@
18644
18932
  startMeasurement(measureName, correlationId) {
18645
18933
  // Capture page visibilityState and then invoke start/end measurement
18646
18934
  const startPageVisibility = this.getPageVisibility();
18935
+ const startOnlineStatus = this.getOnlineStatus();
18647
18936
  const inProgressEvent = super.startMeasurement(measureName, correlationId);
18648
18937
  const startTime = supportsBrowserPerformanceNow()
18649
18938
  ? window.performance.now()
@@ -18659,6 +18948,7 @@
18659
18948
  const res = inProgressEvent.end({
18660
18949
  ...event,
18661
18950
  startPageVisibility,
18951
+ startOnlineStatus,
18662
18952
  endPageVisibility: this.getPageVisibility(),
18663
18953
  durationMs: getPerfDurationMs(startTime),
18664
18954
  networkEffectiveType: networkInfo.effectiveType,