@azure/msal-browser 5.6.3 → 5.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (411) hide show
  1. package/README.md +0 -1
  2. package/dist/app/IPublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientApplication.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +2 -3
  5. package/dist/broker/nativeBroker/NativeStatusCodes.mjs.map +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  8. package/dist/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
  9. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +2 -2
  10. package/dist/cache/AccountManager.mjs +1 -1
  11. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  12. package/dist/cache/BrowserCacheManager.mjs +1 -1
  13. package/dist/cache/CacheHelpers.mjs +1 -1
  14. package/dist/cache/CacheKeys.d.ts +1 -0
  15. package/dist/cache/CacheKeys.d.ts.map +1 -1
  16. package/dist/cache/CacheKeys.mjs +3 -2
  17. package/dist/cache/CacheKeys.mjs.map +1 -1
  18. package/dist/cache/CookieStorage.mjs +1 -1
  19. package/dist/cache/DatabaseStorage.mjs +1 -1
  20. package/dist/cache/EncryptedData.mjs +1 -1
  21. package/dist/cache/LocalStorage.mjs +1 -1
  22. package/dist/cache/MemoryStorage.mjs +1 -1
  23. package/dist/cache/SessionStorage.mjs +1 -1
  24. package/dist/cache/TokenCache.mjs +1 -1
  25. package/dist/config/Configuration.d.ts +7 -0
  26. package/dist/config/Configuration.d.ts.map +1 -1
  27. package/dist/config/Configuration.mjs +2 -1
  28. package/dist/config/Configuration.mjs.map +1 -1
  29. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  30. package/dist/controllers/StandardController.d.ts +16 -0
  31. package/dist/controllers/StandardController.d.ts.map +1 -1
  32. package/dist/controllers/StandardController.mjs +150 -20
  33. package/dist/controllers/StandardController.mjs.map +1 -1
  34. package/dist/crypto/BrowserCrypto.mjs +1 -1
  35. package/dist/crypto/CryptoOps.mjs +1 -1
  36. package/dist/crypto/PkceGenerator.mjs +1 -1
  37. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  38. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  39. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +2 -3
  40. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs.map +1 -1
  41. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  42. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  43. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
  44. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +2 -2
  45. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  46. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  47. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
  48. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  49. package/dist/custom-auth-path/cache/CacheKeys.d.ts +1 -0
  50. package/dist/custom-auth-path/cache/CacheKeys.d.ts.map +1 -1
  51. package/dist/custom-auth-path/cache/CacheKeys.mjs +3 -2
  52. package/dist/custom-auth-path/cache/CacheKeys.mjs.map +1 -1
  53. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  54. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  55. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  56. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  57. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  58. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  59. package/dist/custom-auth-path/config/Configuration.d.ts +7 -0
  60. package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
  61. package/dist/custom-auth-path/config/Configuration.mjs +2 -1
  62. package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
  63. package/dist/custom-auth-path/controllers/StandardController.d.ts +16 -0
  64. package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
  65. package/dist/custom-auth-path/controllers/StandardController.mjs +150 -20
  66. package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
  67. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  68. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  69. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  70. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  71. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  72. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  74. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  158. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  159. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  160. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  169. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  170. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  171. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  172. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  173. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  174. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  175. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  176. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  177. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  178. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  179. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  180. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  181. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  182. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  183. package/dist/custom-auth-path/error/NativeAuthError.d.ts.map +1 -1
  184. package/dist/custom-auth-path/error/NativeAuthError.mjs +3 -4
  185. package/dist/custom-auth-path/error/NativeAuthError.mjs.map +1 -1
  186. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  187. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  188. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  189. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  190. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  191. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts +2 -2
  192. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  193. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +32 -19
  194. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  195. package/dist/custom-auth-path/interaction_client/PopupClient.d.ts.map +1 -1
  196. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +6 -2
  197. package/dist/custom-auth-path/interaction_client/PopupClient.mjs.map +1 -1
  198. package/dist/custom-auth-path/interaction_client/RedirectClient.d.ts.map +1 -1
  199. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +6 -2
  200. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs.map +1 -1
  201. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  202. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  203. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts +14 -0
  204. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
  205. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +45 -3
  206. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
  207. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  208. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
  209. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  210. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
  211. package/dist/custom-auth-path/log-strings-mapping.json +47 -15
  212. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  213. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  214. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  215. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  216. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  217. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  218. package/dist/custom-auth-path/protocol/Authorize.d.ts.map +1 -1
  219. package/dist/custom-auth-path/protocol/Authorize.mjs +5 -1
  220. package/dist/custom-auth-path/protocol/Authorize.mjs.map +1 -1
  221. package/dist/custom-auth-path/redirect_bridge/index.d.ts.map +1 -1
  222. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  223. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  224. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts +1 -0
  225. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  226. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +3 -2
  227. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
  228. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
  229. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
  230. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +8 -3
  231. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs.map +1 -1
  232. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  233. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  234. package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
  235. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  236. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
  237. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  238. package/dist/encode/Base64Decode.mjs +1 -1
  239. package/dist/encode/Base64Encode.mjs +1 -1
  240. package/dist/error/BrowserAuthError.mjs +1 -1
  241. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  242. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  243. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  244. package/dist/error/NativeAuthError.d.ts.map +1 -1
  245. package/dist/error/NativeAuthError.mjs +3 -4
  246. package/dist/error/NativeAuthError.mjs.map +1 -1
  247. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  248. package/dist/error/NestedAppAuthError.mjs +1 -1
  249. package/dist/event/EventHandler.mjs +1 -1
  250. package/dist/event/EventMessage.mjs +1 -1
  251. package/dist/event/EventType.mjs +1 -1
  252. package/dist/index.mjs +1 -1
  253. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  254. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  255. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts +2 -2
  256. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  257. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +32 -19
  258. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  259. package/dist/interaction_client/PopupClient.d.ts.map +1 -1
  260. package/dist/interaction_client/PopupClient.mjs +6 -2
  261. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  262. package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
  263. package/dist/interaction_client/RedirectClient.mjs +6 -2
  264. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  265. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  266. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  267. package/dist/interaction_client/SilentIframeClient.d.ts +14 -0
  268. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  269. package/dist/interaction_client/SilentIframeClient.mjs +45 -3
  270. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  271. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  272. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  273. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  274. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  275. package/dist/log-strings-mapping.json +47 -15
  276. package/dist/naa/BridgeError.mjs +1 -1
  277. package/dist/naa/BridgeProxy.mjs +1 -1
  278. package/dist/naa/BridgeStatusCode.mjs +1 -1
  279. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  280. package/dist/navigation/NavigationClient.mjs +1 -1
  281. package/dist/network/FetchClient.mjs +1 -1
  282. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  283. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  284. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  285. package/dist/packageMetadata.d.ts +1 -1
  286. package/dist/packageMetadata.mjs +2 -2
  287. package/dist/protocol/Authorize.d.ts.map +1 -1
  288. package/dist/protocol/Authorize.mjs +5 -1
  289. package/dist/protocol/Authorize.mjs.map +1 -1
  290. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
  291. package/dist/redirect-bridge/cache/CacheKeys.d.ts +1 -0
  292. package/dist/redirect-bridge/cache/CacheKeys.d.ts.map +1 -1
  293. package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
  294. package/dist/redirect-bridge/config/Configuration.d.ts +7 -0
  295. package/dist/redirect-bridge/config/Configuration.d.ts.map +1 -1
  296. package/dist/redirect-bridge/config/Configuration.mjs +1 -1
  297. package/dist/redirect-bridge/controllers/StandardController.d.ts +16 -0
  298. package/dist/redirect-bridge/controllers/StandardController.d.ts.map +1 -1
  299. package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
  300. package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
  301. package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
  302. package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
  303. package/dist/redirect-bridge/error/NativeAuthError.d.ts.map +1 -1
  304. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts +2 -2
  305. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  306. package/dist/redirect-bridge/interaction_client/PopupClient.d.ts.map +1 -1
  307. package/dist/redirect-bridge/interaction_client/RedirectClient.d.ts.map +1 -1
  308. package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts +14 -0
  309. package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts.map +1 -1
  310. package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
  311. package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
  312. package/dist/redirect-bridge/protocol/Authorize.d.ts.map +1 -1
  313. package/dist/redirect-bridge/redirect_bridge/index.d.ts.map +1 -1
  314. package/dist/redirect-bridge/redirect_bridge/index.mjs +11 -7
  315. package/dist/redirect-bridge/redirect_bridge/index.mjs.map +1 -1
  316. package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts +1 -0
  317. package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  318. package/dist/redirect-bridge/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
  319. package/dist/redirect-bridge/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
  320. package/dist/redirect-bridge/utils/BrowserConstants.mjs +7 -3
  321. package/dist/redirect-bridge/utils/BrowserConstants.mjs.map +1 -1
  322. package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
  323. package/dist/redirect_bridge/index.d.ts.map +1 -1
  324. package/dist/request/RequestHelpers.mjs +1 -1
  325. package/dist/response/ResponseHandler.mjs +1 -1
  326. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  327. package/dist/telemetry/BrowserPerformanceEvents.d.ts +1 -0
  328. package/dist/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  329. package/dist/telemetry/BrowserPerformanceEvents.mjs +3 -2
  330. package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
  331. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  332. package/dist/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
  333. package/dist/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
  334. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +10 -3
  335. package/dist/telemetry/BrowserRootPerformanceEvents.mjs.map +1 -1
  336. package/dist/utils/BrowserConstants.mjs +1 -1
  337. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  338. package/dist/utils/BrowserUtils.mjs +1 -1
  339. package/dist/utils/Helpers.mjs +1 -1
  340. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  341. package/lib/custom-auth-path/log-strings-mapping.json +47 -15
  342. package/lib/custom-auth-path/msal-custom-auth.cjs +334 -133
  343. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  344. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
  345. package/lib/custom-auth-path/types/cache/CacheKeys.d.ts +1 -0
  346. package/lib/custom-auth-path/types/cache/CacheKeys.d.ts.map +1 -1
  347. package/lib/custom-auth-path/types/config/Configuration.d.ts +7 -0
  348. package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
  349. package/lib/custom-auth-path/types/controllers/StandardController.d.ts +16 -0
  350. package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
  351. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  352. package/lib/custom-auth-path/types/error/NativeAuthError.d.ts.map +1 -1
  353. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts +2 -2
  354. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  355. package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts.map +1 -1
  356. package/lib/custom-auth-path/types/interaction_client/RedirectClient.d.ts.map +1 -1
  357. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts +14 -0
  358. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  359. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  360. package/lib/custom-auth-path/types/protocol/Authorize.d.ts.map +1 -1
  361. package/lib/custom-auth-path/types/redirect_bridge/index.d.ts.map +1 -1
  362. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts +1 -0
  363. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  364. package/lib/custom-auth-path/types/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
  365. package/lib/custom-auth-path/types/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
  366. package/lib/log-strings-mapping.json +47 -15
  367. package/lib/msal-browser.cjs +343 -138
  368. package/lib/msal-browser.cjs.map +1 -1
  369. package/lib/msal-browser.js +343 -138
  370. package/lib/msal-browser.js.map +1 -1
  371. package/lib/msal-browser.min.js +2 -2
  372. package/lib/redirect-bridge/msal-redirect-bridge.js +24 -16
  373. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  374. package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
  375. package/lib/types/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
  376. package/lib/types/cache/CacheKeys.d.ts +1 -0
  377. package/lib/types/cache/CacheKeys.d.ts.map +1 -1
  378. package/lib/types/config/Configuration.d.ts +7 -0
  379. package/lib/types/config/Configuration.d.ts.map +1 -1
  380. package/lib/types/controllers/StandardController.d.ts +16 -0
  381. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  382. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  383. package/lib/types/error/NativeAuthError.d.ts.map +1 -1
  384. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts +2 -2
  385. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  386. package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
  387. package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
  388. package/lib/types/interaction_client/SilentIframeClient.d.ts +14 -0
  389. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  390. package/lib/types/packageMetadata.d.ts +1 -1
  391. package/lib/types/protocol/Authorize.d.ts.map +1 -1
  392. package/lib/types/redirect_bridge/index.d.ts.map +1 -1
  393. package/lib/types/telemetry/BrowserPerformanceEvents.d.ts +1 -0
  394. package/lib/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  395. package/lib/types/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
  396. package/lib/types/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
  397. package/package.json +2 -2
  398. package/src/broker/nativeBroker/PlatformAuthProvider.ts +1 -1
  399. package/src/cache/CacheKeys.ts +1 -0
  400. package/src/config/Configuration.ts +8 -0
  401. package/src/controllers/StandardController.ts +233 -35
  402. package/src/error/NativeAuthError.ts +1 -2
  403. package/src/interaction_client/PlatformAuthInteractionClient.ts +44 -23
  404. package/src/interaction_client/PopupClient.ts +10 -0
  405. package/src/interaction_client/RedirectClient.ts +10 -0
  406. package/src/interaction_client/SilentIframeClient.ts +123 -20
  407. package/src/packageMetadata.ts +1 -1
  408. package/src/protocol/Authorize.ts +8 -0
  409. package/src/redirect_bridge/index.ts +12 -5
  410. package/src/telemetry/BrowserPerformanceEvents.ts +3 -0
  411. package/src/telemetry/BrowserRootPerformanceEvents.ts +7 -0
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v5.6.3 2026-04-01 */
1
+ /*! @azure/msal-browser v5.7.0 2026-04-16 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v16.4.1 2026-04-01 */
5
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -229,7 +229,7 @@ const JsonWebTokenTypes = {
229
229
  // Token renewal offset default in seconds
230
230
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
231
231
 
232
- /*! @azure/msal-common v16.4.1 2026-04-01 */
232
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
233
233
  /*
234
234
  * Copyright (c) Microsoft Corporation. All rights reserved.
235
235
  * Licensed under the MIT License.
@@ -281,7 +281,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
281
281
  const RESOURCE = "resource";
282
282
  const CLI_DATA = "clidata";
283
283
 
284
- /*! @azure/msal-common v16.4.1 2026-04-01 */
284
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
285
285
  /*
286
286
  * Copyright (c) Microsoft Corporation. All rights reserved.
287
287
  * Licensed under the MIT License.
@@ -312,7 +312,7 @@ function createAuthError(code, additionalMessage) {
312
312
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
313
313
  }
314
314
 
315
- /*! @azure/msal-common v16.4.1 2026-04-01 */
315
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
316
316
 
317
317
  /*
318
318
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -332,7 +332,7 @@ function createClientConfigurationError(errorCode) {
332
332
  return new ClientConfigurationError(errorCode);
333
333
  }
334
334
 
335
- /*! @azure/msal-common v16.4.1 2026-04-01 */
335
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
336
336
  /*
337
337
  * Copyright (c) Microsoft Corporation. All rights reserved.
338
338
  * Licensed under the MIT License.
@@ -412,7 +412,7 @@ class StringUtils {
412
412
  }
413
413
  }
414
414
 
415
- /*! @azure/msal-common v16.4.1 2026-04-01 */
415
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
416
416
 
417
417
  /*
418
418
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -435,7 +435,7 @@ function createClientAuthError(errorCode, additionalMessage) {
435
435
  return new ClientAuthError(errorCode, additionalMessage);
436
436
  }
437
437
 
438
- /*! @azure/msal-common v16.4.1 2026-04-01 */
438
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
439
439
  /*
440
440
  * Copyright (c) Microsoft Corporation. All rights reserved.
441
441
  * Licensed under the MIT License.
@@ -459,7 +459,7 @@ const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
459
459
  const authorityMismatch = "authority_mismatch";
460
460
  const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
461
461
 
462
- /*! @azure/msal-common v16.4.1 2026-04-01 */
462
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
463
463
  /*
464
464
  * Copyright (c) Microsoft Corporation. All rights reserved.
465
465
  * Licensed under the MIT License.
@@ -498,7 +498,7 @@ const methodNotImplemented = "method_not_implemented";
498
498
  const resourceParameterRequired = "resource_parameter_required";
499
499
  const misplacedResourceParam = "misplaced_resource_parameter";
500
500
 
501
- /*! @azure/msal-common v16.4.1 2026-04-01 */
501
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
502
502
 
503
503
  /*
504
504
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -693,7 +693,7 @@ class ScopeSet {
693
693
  }
694
694
  }
695
695
 
696
- /*! @azure/msal-common v16.4.1 2026-04-01 */
696
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
697
697
 
698
698
  /*
699
699
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -814,18 +814,29 @@ function addSid(parameters, sid) {
814
814
  parameters.set(SID, sid);
815
815
  }
816
816
  /**
817
- * add claims
818
- * @param claims
819
- */
820
- function addClaims(parameters, claims, clientCapabilities) {
821
- const mergedClaims = addClientCapabilitiesToClaims(claims, clientCapabilities);
822
- try {
823
- JSON.parse(mergedClaims);
824
- }
825
- catch (e) {
826
- throw createClientConfigurationError(invalidClaims);
817
+ * Adds claims to request parameters, conditionally excluding clientCapabilities
818
+ * when skipBrokerClaims is true and a brokered flow is in effect.
819
+ * @param parameters - The request parameters map
820
+ * @param claims - The claims string from the request
821
+ * @param clientCapabilities - The client capabilities from configuration
822
+ * @param skipBrokerClaims - When true and BROKER_CLIENT_ID is present, excludes clientCapabilities from claims
823
+ */
824
+ function addClaims(parameters, claims, clientCapabilities, skipBrokerClaims) {
825
+ // Skip clientCapabilities if skipBrokerClaims is set to true and this is a brokered authentication flow
826
+ const configClaims = skipBrokerClaims && parameters.has(BROKER_CLIENT_ID)
827
+ ? undefined
828
+ : clientCapabilities;
829
+ if (!StringUtils.isEmptyObj(claims) ||
830
+ (configClaims && configClaims.length > 0)) {
831
+ const mergedClaims = addClientCapabilitiesToClaims(claims, configClaims);
832
+ try {
833
+ JSON.parse(mergedClaims);
834
+ }
835
+ catch (e) {
836
+ throw createClientConfigurationError(invalidClaims);
837
+ }
838
+ parameters.set(CLAIMS, mergedClaims);
827
839
  }
828
- parameters.set(CLAIMS, mergedClaims);
829
840
  }
830
841
  /**
831
842
  * add correlationId
@@ -1071,7 +1082,7 @@ function addResource(parameters, resource) {
1071
1082
  }
1072
1083
  }
1073
1084
 
1074
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1085
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1075
1086
 
1076
1087
  /*
1077
1088
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1180,7 +1191,7 @@ function normalizeUrlForComparison(url) {
1180
1191
  }
1181
1192
  }
1182
1193
 
1183
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1194
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1184
1195
 
1185
1196
  /*
1186
1197
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1219,7 +1230,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
1219
1230
  },
1220
1231
  };
1221
1232
 
1222
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1233
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1223
1234
  /*
1224
1235
  * Copyright (c) Microsoft Corporation. All rights reserved.
1225
1236
  * Licensed under the MIT License.
@@ -1480,12 +1491,12 @@ class Logger {
1480
1491
  }
1481
1492
  }
1482
1493
 
1483
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1494
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1484
1495
  /* eslint-disable header/header */
1485
1496
  const name$1 = "@azure/msal-common";
1486
- const version$1 = "16.4.1";
1497
+ const version$1 = "16.5.0";
1487
1498
 
1488
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1499
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1489
1500
  /*
1490
1501
  * Copyright (c) Microsoft Corporation. All rights reserved.
1491
1502
  * Licensed under the MIT License.
@@ -1494,7 +1505,7 @@ const AzureCloudInstance = {
1494
1505
  // AzureCloudInstance is not specified.
1495
1506
  None: "none"};
1496
1507
 
1497
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1508
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1498
1509
  /*
1499
1510
  * Copyright (c) Microsoft Corporation. All rights reserved.
1500
1511
  * Licensed under the MIT License.
@@ -1576,7 +1587,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1576
1587
  return updatedAccountInfo;
1577
1588
  }
1578
1589
 
1579
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1590
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1580
1591
 
1581
1592
  /*
1582
1593
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1656,7 +1667,7 @@ function checkMaxAge(authTime, maxAge) {
1656
1667
  }
1657
1668
  }
1658
1669
 
1659
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1670
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1660
1671
 
1661
1672
  /*
1662
1673
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1813,7 +1824,7 @@ class UrlString {
1813
1824
  }
1814
1825
  }
1815
1826
 
1816
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1827
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1817
1828
 
1818
1829
  /*
1819
1830
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1970,7 +1981,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1970
1981
  return null;
1971
1982
  }
1972
1983
 
1973
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1984
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1974
1985
  /*
1975
1986
  * Copyright (c) Microsoft Corporation. All rights reserved.
1976
1987
  * Licensed under the MIT License.
@@ -1978,7 +1989,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
1978
1989
  const cacheQuotaExceeded = "cache_quota_exceeded";
1979
1990
  const cacheErrorUnknown = "cache_error_unknown";
1980
1991
 
1981
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1992
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1982
1993
 
1983
1994
  /*
1984
1995
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2016,7 +2027,7 @@ function createCacheError(e) {
2016
2027
  }
2017
2028
  }
2018
2029
 
2019
- /*! @azure/msal-common v16.4.1 2026-04-01 */
2030
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2020
2031
 
2021
2032
  /*
2022
2033
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2054,7 +2065,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
2054
2065
  };
2055
2066
  }
2056
2067
 
2057
- /*! @azure/msal-common v16.4.1 2026-04-01 */
2068
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2058
2069
  /*
2059
2070
  * Copyright (c) Microsoft Corporation. All rights reserved.
2060
2071
  * Licensed under the MIT License.
@@ -2069,7 +2080,7 @@ const AuthorityType = {
2069
2080
  Ciam: 3,
2070
2081
  };
2071
2082
 
2072
- /*! @azure/msal-common v16.4.1 2026-04-01 */
2083
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2073
2084
  /*
2074
2085
  * Copyright (c) Microsoft Corporation. All rights reserved.
2075
2086
  * Licensed under the MIT License.
@@ -2091,7 +2102,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
2091
2102
  return null;
2092
2103
  }
2093
2104
 
2094
- /*! @azure/msal-common v16.4.1 2026-04-01 */
2105
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2095
2106
  /*
2096
2107
  * Copyright (c) Microsoft Corporation. All rights reserved.
2097
2108
  * Licensed under the MIT License.
@@ -2115,7 +2126,7 @@ const ProtocolMode = {
2115
2126
  EAR: "EAR",
2116
2127
  };
2117
2128
 
2118
- /*! @azure/msal-common v16.4.1 2026-04-01 */
2129
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2119
2130
  /**
2120
2131
  * Returns the AccountInfo interface for this account.
2121
2132
  */
@@ -2290,7 +2301,7 @@ function isAccountEntity(entity) {
2290
2301
  entity.hasOwnProperty("authorityType"));
2291
2302
  }
2292
2303
 
2293
- /*! @azure/msal-common v16.4.1 2026-04-01 */
2304
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2294
2305
 
2295
2306
  /*
2296
2307
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3391,7 +3402,7 @@ class DefaultStorageClass extends CacheManager {
3391
3402
  }
3392
3403
  }
3393
3404
 
3394
- /*! @azure/msal-common v16.4.1 2026-04-01 */
3405
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3395
3406
  /*
3396
3407
  * Copyright (c) Microsoft Corporation. All rights reserved.
3397
3408
  * Licensed under the MIT License.
@@ -3405,7 +3416,7 @@ class DefaultStorageClass extends CacheManager {
3405
3416
  const PerformanceEventStatus = {
3406
3417
  InProgress: 1};
3407
3418
 
3408
- /*! @azure/msal-common v16.4.1 2026-04-01 */
3419
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3409
3420
 
3410
3421
  /*
3411
3422
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3460,7 +3471,7 @@ class StubPerformanceClient {
3460
3471
  }
3461
3472
  }
3462
3473
 
3463
- /*! @azure/msal-common v16.4.1 2026-04-01 */
3474
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3464
3475
 
3465
3476
  /*
3466
3477
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3555,7 +3566,7 @@ function isOidcProtocolMode(config) {
3555
3566
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3556
3567
  }
3557
3568
 
3558
- /*! @azure/msal-common v16.4.1 2026-04-01 */
3569
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3559
3570
  /*
3560
3571
  * Copyright (c) Microsoft Corporation. All rights reserved.
3561
3572
  * Licensed under the MIT License.
@@ -3582,7 +3593,7 @@ function isOidcProtocolMode(config) {
3582
3593
  }
3583
3594
  }
3584
3595
 
3585
- /*! @azure/msal-common v16.4.1 2026-04-01 */
3596
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3586
3597
  /*
3587
3598
  * Copyright (c) Microsoft Corporation. All rights reserved.
3588
3599
  * Licensed under the MIT License.
@@ -3647,7 +3658,7 @@ function wasClockTurnedBack(cachedAt) {
3647
3658
  return cachedAtSec > nowSeconds();
3648
3659
  }
3649
3660
 
3650
- /*! @azure/msal-common v16.4.1 2026-04-01 */
3661
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3651
3662
 
3652
3663
  /*
3653
3664
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3906,7 +3917,7 @@ function isAuthorityMetadataExpired(metadata) {
3906
3917
  return metadata.expiresAt <= nowSeconds();
3907
3918
  }
3908
3919
 
3909
- /*! @azure/msal-common v16.4.1 2026-04-01 */
3920
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3910
3921
  /*
3911
3922
  * Copyright (c) Microsoft Corporation. All rights reserved.
3912
3923
  * Licensed under the MIT License.
@@ -3977,7 +3988,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
3977
3988
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
3978
3989
  const SetUserData = "setUserData";
3979
3990
 
3980
- /*! @azure/msal-common v16.4.1 2026-04-01 */
3991
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3981
3992
  /*
3982
3993
  * Copyright (c) Microsoft Corporation. All rights reserved.
3983
3994
  * Licensed under the MIT License.
@@ -4070,7 +4081,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
4070
4081
  };
4071
4082
  };
4072
4083
 
4073
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4084
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4074
4085
 
4075
4086
  /*
4076
4087
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4150,7 +4161,7 @@ class PopTokenGenerator {
4150
4161
  }
4151
4162
  }
4152
4163
 
4153
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4164
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4154
4165
  /*
4155
4166
  * Copyright (c) Microsoft Corporation. All rights reserved.
4156
4167
  * Licensed under the MIT License.
@@ -4201,7 +4212,7 @@ const badToken = "bad_token";
4201
4212
  */
4202
4213
  const interruptedUser = "interrupted_user";
4203
4214
 
4204
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4215
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4205
4216
 
4206
4217
  /*
4207
4218
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4269,7 +4280,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
4269
4280
  return new InteractionRequiredAuthError(errorCode, errorMessage);
4270
4281
  }
4271
4282
 
4272
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4283
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4273
4284
 
4274
4285
  /*
4275
4286
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4288,7 +4299,7 @@ class ServerError extends AuthError {
4288
4299
  }
4289
4300
  }
4290
4301
 
4291
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4302
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4292
4303
 
4293
4304
  /*
4294
4305
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4356,7 +4367,7 @@ function parseRequestState(base64Decode, state) {
4356
4367
  }
4357
4368
  }
4358
4369
 
4359
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4370
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4360
4371
 
4361
4372
  /*
4362
4373
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4704,7 +4715,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
4704
4715
  return baseAccount;
4705
4716
  }
4706
4717
 
4707
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4718
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4708
4719
  /*
4709
4720
  * Copyright (c) Microsoft Corporation. All rights reserved.
4710
4721
  * Licensed under the MIT License.
@@ -4714,7 +4725,7 @@ const CcsCredentialType = {
4714
4725
  UPN: "UPN",
4715
4726
  };
4716
4727
 
4717
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4728
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4718
4729
  /*
4719
4730
  * Copyright (c) Microsoft Corporation. All rights reserved.
4720
4731
  * Licensed under the MIT License.
@@ -4732,7 +4743,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
4732
4743
  }
4733
4744
  }
4734
4745
 
4735
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4746
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4736
4747
  /*
4737
4748
  * Copyright (c) Microsoft Corporation. All rights reserved.
4738
4749
  * Licensed under the MIT License.
@@ -4753,7 +4764,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
4753
4764
  };
4754
4765
  }
4755
4766
 
4756
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4767
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4757
4768
 
4758
4769
  /*
4759
4770
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4839,7 +4850,7 @@ class ThrottlingUtils {
4839
4850
  }
4840
4851
  }
4841
4852
 
4842
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4853
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4843
4854
 
4844
4855
  /*
4845
4856
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4870,7 +4881,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
4870
4881
  return new NetworkError(error, httpStatus, responseHeaders);
4871
4882
  }
4872
4883
 
4873
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4884
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4874
4885
 
4875
4886
  /*
4876
4887
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4984,7 +4995,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
4984
4995
  return response;
4985
4996
  }
4986
4997
 
4987
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4998
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4988
4999
  /*
4989
5000
  * Copyright (c) Microsoft Corporation. All rights reserved.
4990
5001
  * Licensed under the MIT License.
@@ -4996,7 +5007,7 @@ function isOpenIdConfigResponse(response) {
4996
5007
  response.hasOwnProperty("jwks_uri"));
4997
5008
  }
4998
5009
 
4999
- /*! @azure/msal-common v16.4.1 2026-04-01 */
5010
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5000
5011
  /*
5001
5012
  * Copyright (c) Microsoft Corporation. All rights reserved.
5002
5013
  * Licensed under the MIT License.
@@ -5006,7 +5017,7 @@ function isCloudInstanceDiscoveryResponse(response) {
5006
5017
  response.hasOwnProperty("metadata"));
5007
5018
  }
5008
5019
 
5009
- /*! @azure/msal-common v16.4.1 2026-04-01 */
5020
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5010
5021
  /*
5011
5022
  * Copyright (c) Microsoft Corporation. All rights reserved.
5012
5023
  * Licensed under the MIT License.
@@ -5016,7 +5027,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
5016
5027
  response.hasOwnProperty("error_description"));
5017
5028
  }
5018
5029
 
5019
- /*! @azure/msal-common v16.4.1 2026-04-01 */
5030
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5020
5031
 
5021
5032
  /*
5022
5033
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5121,7 +5132,7 @@ RegionDiscovery.IMDS_OPTIONS = {
5121
5132
  },
5122
5133
  };
5123
5134
 
5124
- /*! @azure/msal-common v16.4.1 2026-04-01 */
5135
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5125
5136
 
5126
5137
  /*
5127
5138
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5941,7 +5952,7 @@ function buildStaticAuthorityOptions(authOptions) {
5941
5952
  };
5942
5953
  }
5943
5954
 
5944
- /*! @azure/msal-common v16.4.1 2026-04-01 */
5955
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5945
5956
 
5946
5957
  /*
5947
5958
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5975,7 +5986,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
5975
5986
  }
5976
5987
  }
5977
5988
 
5978
- /*! @azure/msal-common v16.4.1 2026-04-01 */
5989
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5979
5990
 
5980
5991
  /*
5981
5992
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6140,11 +6151,6 @@ class AuthorizationCodeClient {
6140
6151
  throw createClientConfigurationError(missingSshJwk);
6141
6152
  }
6142
6153
  }
6143
- if (!StringUtils.isEmptyObj(request.claims) ||
6144
- (this.config.authOptions.clientCapabilities &&
6145
- this.config.authOptions.clientCapabilities.length > 0)) {
6146
- addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
6147
- }
6148
6154
  let ccsCred = undefined;
6149
6155
  if (request.clientInfo) {
6150
6156
  try {
@@ -6193,6 +6199,7 @@ class AuthorizationCodeClient {
6193
6199
  });
6194
6200
  }
6195
6201
  instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
6202
+ addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities, request.skipBrokerClaims);
6196
6203
  return mapToQueryString(parameters);
6197
6204
  }
6198
6205
  /**
@@ -6236,7 +6243,7 @@ class AuthorizationCodeClient {
6236
6243
  }
6237
6244
  }
6238
6245
 
6239
- /*! @azure/msal-common v16.4.1 2026-04-01 */
6246
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6240
6247
 
6241
6248
  /*
6242
6249
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6426,11 +6433,6 @@ class RefreshTokenClient {
6426
6433
  throw createClientConfigurationError(missingSshJwk);
6427
6434
  }
6428
6435
  }
6429
- if (!StringUtils.isEmptyObj(request.claims) ||
6430
- (this.config.authOptions.clientCapabilities &&
6431
- this.config.authOptions.clientCapabilities.length > 0)) {
6432
- addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
6433
- }
6434
6436
  if (this.config.systemOptions.preventCorsPreflight &&
6435
6437
  request.ccsCredential) {
6436
6438
  switch (request.ccsCredential.type) {
@@ -6457,11 +6459,12 @@ class RefreshTokenClient {
6457
6459
  });
6458
6460
  }
6459
6461
  instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
6462
+ addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities, request.skipBrokerClaims);
6460
6463
  return mapToQueryString(parameters);
6461
6464
  }
6462
6465
  }
6463
6466
 
6464
- /*! @azure/msal-common v16.4.1 2026-04-01 */
6467
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6465
6468
 
6466
6469
  /*
6467
6470
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6577,7 +6580,7 @@ class SilentFlowClient {
6577
6580
  }
6578
6581
  }
6579
6582
 
6580
- /*! @azure/msal-common v16.4.1 2026-04-01 */
6583
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6581
6584
 
6582
6585
  /*
6583
6586
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6592,7 +6595,7 @@ const StubbedNetworkModule = {
6592
6595
  },
6593
6596
  };
6594
6597
 
6595
- /*! @azure/msal-common v16.4.1 2026-04-01 */
6598
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6596
6599
 
6597
6600
  /*
6598
6601
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6716,14 +6719,10 @@ function getStandardAuthorizeRequestParameters(authOptions, request, logger, per
6716
6719
  if (request.state) {
6717
6720
  addState(parameters, request.state);
6718
6721
  }
6719
- if (request.claims ||
6720
- (authOptions.clientCapabilities &&
6721
- authOptions.clientCapabilities.length > 0)) {
6722
- addClaims(parameters, request.claims, authOptions.clientCapabilities);
6723
- }
6724
6722
  if (request.embeddedClientId) {
6725
6723
  addBrokerParameters(parameters, authOptions.clientId, authOptions.redirectUri);
6726
6724
  }
6725
+ addClaims(parameters, request.claims, authOptions.clientCapabilities, request.skipBrokerClaims);
6727
6726
  // If extraQueryParameters includes instance_aware its value will be added when extraQueryParameters are added
6728
6727
  if (authOptions.instanceAware &&
6729
6728
  (!request.extraQueryParameters ||
@@ -6819,7 +6818,7 @@ function extractLoginHint(account) {
6819
6818
  return account.loginHint || account.idTokenClaims?.login_hint || null;
6820
6819
  }
6821
6820
 
6822
- /*! @azure/msal-common v16.4.1 2026-04-01 */
6821
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6823
6822
 
6824
6823
  /*
6825
6824
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6852,7 +6851,7 @@ function containsResourceParam(params) {
6852
6851
  return Object.prototype.hasOwnProperty.call(params, "resource");
6853
6852
  }
6854
6853
 
6855
- /*! @azure/msal-common v16.4.1 2026-04-01 */
6854
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6856
6855
  /*
6857
6856
  * Copyright (c) Microsoft Corporation. All rights reserved.
6858
6857
  * Licensed under the MIT License.
@@ -6862,7 +6861,7 @@ function containsResourceParam(params) {
6862
6861
  */
6863
6862
  const unexpectedError = "unexpected_error";
6864
6863
 
6865
- /*! @azure/msal-common v16.4.1 2026-04-01 */
6864
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6866
6865
 
6867
6866
  /*
6868
6867
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7123,7 +7122,7 @@ class ServerTelemetryManager {
7123
7122
  }
7124
7123
  }
7125
7124
 
7126
- /*! @azure/msal-common v16.4.1 2026-04-01 */
7125
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7127
7126
 
7128
7127
  /*
7129
7128
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7144,7 +7143,7 @@ function createJoseHeaderError(code) {
7144
7143
  return new JoseHeaderError(code);
7145
7144
  }
7146
7145
 
7147
- /*! @azure/msal-common v16.4.1 2026-04-01 */
7146
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7148
7147
  /*
7149
7148
  * Copyright (c) Microsoft Corporation. All rights reserved.
7150
7149
  * Licensed under the MIT License.
@@ -7152,7 +7151,7 @@ function createJoseHeaderError(code) {
7152
7151
  const missingKidError = "missing_kid_error";
7153
7152
  const missingAlgError = "missing_alg_error";
7154
7153
 
7155
- /*! @azure/msal-common v16.4.1 2026-04-01 */
7154
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7156
7155
 
7157
7156
  /*
7158
7157
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7587,7 +7586,7 @@ function ensureArgumentIsJSONString(argName, argValue, correlationId) {
7587
7586
 
7588
7587
  /* eslint-disable header/header */
7589
7588
  const name = "@azure/msal-browser";
7590
- const version = "5.6.3";
7589
+ const version = "5.7.0";
7591
7590
 
7592
7591
  /*
7593
7592
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8143,6 +8142,7 @@ const StandardInteractionClientGetDiscoveredAuthority = "standardInteractionClie
8143
8142
  * Used to acquire a token from Native component when native brokering is enabled.
8144
8143
  */
8145
8144
  const NativeInteractionClientAcquireToken = "nativeInteractionClientAcquireToken";
8145
+ const NativeInteractionClientAcquireTokenRedirect = "nativeInteractionClientAcquireToken";
8146
8146
  /**
8147
8147
  * acquireTokenByRefreshToken API in RefreshTokenClient (msal-common).
8148
8148
  */
@@ -14189,7 +14189,12 @@ const SsoSilent = "ssoSilent";
14189
14189
  // Initialize client application
14190
14190
  const InitializeClientApplication = "initializeClientApplication";
14191
14191
  // Update cache storage
14192
- const LocalStorageUpdated = "localStorageUpdated";
14192
+ const LocalStorageUpdated = "localStorageUpdated";
14193
+ /**
14194
+ * SSO capability verification call (msal-browser).
14195
+ * Fire-and-forget SSO verification call made after interactive authentication completes.
14196
+ */
14197
+ const SsoCapable = "ssoCapable";
14193
14198
 
14194
14199
  /*
14195
14200
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -14206,6 +14211,7 @@ const PLATFORM_AUTH_DOM_SUPPORT = `${PREFIX}.${BROWSER_PREFIX}.platform.auth.dom
14206
14211
  const VERSION_CACHE_KEY = `${PREFIX}.version`;
14207
14212
  const ACCOUNT_KEYS = "account.keys";
14208
14213
  const TOKEN_KEYS = "token.keys";
14214
+ const SSO_CAPABLE = `${PREFIX}.${BROWSER_PREFIX}.sso.capable`;
14209
14215
  function getAccountKeysCacheKey(schema = ACCOUNT_SCHEMA_VERSION) {
14210
14216
  if (schema < 1) {
14211
14217
  return `${PREFIX}.${ACCOUNT_KEYS}`;
@@ -16391,7 +16397,6 @@ const userSwitch = "user_switch";
16391
16397
  const USER_INTERACTION_REQUIRED = "USER_INTERACTION_REQUIRED";
16392
16398
  const USER_CANCEL = "USER_CANCEL";
16393
16399
  const NO_NETWORK = "NO_NETWORK";
16394
- const PERSISTENT_ERROR = "PERSISTENT_ERROR";
16395
16400
  const DISABLED = "DISABLED";
16396
16401
  const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
16397
16402
  const UX_NOT_ALLOWED = "UX_NOT_ALLOWED";
@@ -16415,8 +16420,7 @@ class NativeAuthError extends AuthError {
16415
16420
  function isFatalNativeAuthError(error) {
16416
16421
  if (error.ext &&
16417
16422
  error.ext.status &&
16418
- (error.ext.status === PERSISTENT_ERROR ||
16419
- error.ext.status === DISABLED)) {
16423
+ error.ext.status === DISABLED) {
16420
16424
  return true;
16421
16425
  }
16422
16426
  if (error.ext &&
@@ -16542,12 +16546,12 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
16542
16546
  async acquireToken(request, cacheLookupPolicy) {
16543
16547
  this.logger.trace("03qeos", this.correlationId);
16544
16548
  // start the perf measurement
16545
- const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken, request.correlationId);
16549
+ const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken, this.correlationId);
16546
16550
  const reqTimestamp = nowSeconds();
16547
16551
  const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
16548
16552
  try {
16549
16553
  // initialize native request
16550
- const nativeRequest = await this.initializeNativeRequest(request);
16554
+ const nativeRequest = await this.initializePlatformRequest(request);
16551
16555
  // check if the tokens can be retrieved from internal cache
16552
16556
  try {
16553
16557
  const result = await this.acquireTokensFromCache(this.accountId, nativeRequest);
@@ -16561,6 +16565,10 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
16561
16565
  catch (e) {
16562
16566
  if (cacheLookupPolicy === CacheLookupPolicy.AccessToken) {
16563
16567
  this.logger.info("0eitbc", this.correlationId);
16568
+ nativeATMeasurement.end({
16569
+ success: false,
16570
+ brokerErrorCode: "cache_request_failed",
16571
+ });
16564
16572
  throw e;
16565
16573
  }
16566
16574
  // continue with a native call for any and all errors
@@ -16582,7 +16590,6 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
16582
16590
  success: false,
16583
16591
  errorCode: error.errorCode,
16584
16592
  subErrorCode: error.subError,
16585
- isNativeBroker: true,
16586
16593
  });
16587
16594
  throw error;
16588
16595
  });
@@ -16591,6 +16598,9 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
16591
16598
  if (e instanceof NativeAuthError) {
16592
16599
  serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode);
16593
16600
  }
16601
+ nativeATMeasurement.end({
16602
+ success: false,
16603
+ });
16594
16604
  throw e;
16595
16605
  }
16596
16606
  }
@@ -16623,7 +16633,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
16623
16633
  // fetch the account from browser cache
16624
16634
  const account = this.browserStorage.getBaseAccountInfo({
16625
16635
  nativeAccountId,
16626
- }, request.correlationId);
16636
+ }, this.correlationId);
16627
16637
  if (!account) {
16628
16638
  throw createClientAuthError(noAccountFound);
16629
16639
  }
@@ -16653,7 +16663,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
16653
16663
  */
16654
16664
  async acquireTokenRedirect(request, rootMeasurement, options) {
16655
16665
  this.logger.trace("0luikq", this.correlationId);
16656
- const nativeRequest = await this.initializeNativeRequest(request);
16666
+ const nativeRequest = await this.initializePlatformRequest(request);
16657
16667
  const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
16658
16668
  try {
16659
16669
  await this.platformAuthProvider.sendMessage(nativeRequest);
@@ -16685,7 +16695,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
16685
16695
  * @param performanceClient {IPerformanceClient?}
16686
16696
  * @param correlationId {string?} correlation identifier
16687
16697
  */
16688
- async handleRedirectPromise(performanceClient, correlationId) {
16698
+ async handleRedirectPromise() {
16689
16699
  this.logger.trace("1c5lhw", this.correlationId);
16690
16700
  if (!this.browserStorage.isInteractionInProgress(true)) {
16691
16701
  this.logger.info("0le6uv", this.correlationId);
@@ -16695,9 +16705,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
16695
16705
  const cachedRequest = this.browserStorage.getCachedNativeRequest();
16696
16706
  if (!cachedRequest) {
16697
16707
  this.logger.verbose("0a6zjb", this.correlationId);
16698
- if (performanceClient && correlationId) {
16699
- performanceClient?.addFields({ errorCode: "no_cached_request" }, correlationId);
16700
- }
16708
+ this.performanceClient?.addFields({ errorCode: "no_cached_request" }, this.correlationId);
16701
16709
  return null;
16702
16710
  }
16703
16711
  const { prompt, ...request } = cachedRequest;
@@ -16712,6 +16720,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
16712
16720
  const authResult = await this.handleNativeResponse(response, request, reqTimestamp);
16713
16721
  const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
16714
16722
  serverTelemetryManager.clearNativeBrokerErrorCode();
16723
+ this.performanceClient?.addFields({ isNativeBroker: true }, this.correlationId);
16715
16724
  return authResult;
16716
16725
  }
16717
16726
  catch (e) {
@@ -16980,15 +16989,23 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
16980
16989
  * Translates developer provided request object into NativeRequest object
16981
16990
  * @param request
16982
16991
  */
16983
- async initializeNativeRequest(request) {
16984
- this.logger.trace("04j6wj", this.correlationId);
16992
+ async initializePlatformRequest(request) {
16993
+ this.logger.trace("1xdm2a", this.correlationId);
16985
16994
  const canonicalAuthority = await this.getCanonicalAuthority(request);
16995
+ // ignore config claims if skipBrokerClaims is set to true and this is a brokered authentication flow
16996
+ const configClaims = request.skipBrokerClaims && !!request.embeddedClientId
16997
+ ? undefined
16998
+ : this.config.auth.clientCapabilities;
16986
16999
  // scopes are expected to be received by the native broker as "scope" and will be added to the request below. Other properties that should be dropped from the request to the native broker can be included in the object destructuring here.
16987
- const { scopes, ...remainingProperties } = request;
17000
+ const { scopes, claims, ...remainingProperties } = request;
16988
17001
  const scopeSet = new ScopeSet(scopes || []);
16989
17002
  scopeSet.appendScopes(OIDC_DEFAULT_SCOPES);
17003
+ const mergedClaims = configClaims && configClaims.length
17004
+ ? addClientCapabilitiesToClaims(claims, configClaims)
17005
+ : claims;
16990
17006
  const validatedRequest = {
16991
17007
  ...remainingProperties,
17008
+ claims: mergedClaims,
16992
17009
  accountId: this.accountId,
16993
17010
  clientId: this.config.auth.clientId,
16994
17011
  authority: canonicalAuthority.urlString,
@@ -17058,12 +17075,12 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
17058
17075
  switch (this.apiId) {
17059
17076
  case ApiId.ssoSilent:
17060
17077
  case ApiId.acquireTokenSilent_silentFlow:
17061
- this.logger.trace("1hiwaz", this.correlationId);
17078
+ this.logger.trace("12n1y2", this.correlationId);
17062
17079
  return PromptValue.NONE;
17063
17080
  }
17064
17081
  // Prompt not provided, request may proceed and native broker decides if it needs to prompt
17065
17082
  if (!prompt) {
17066
- this.logger.trace("1qlu04", this.correlationId);
17083
+ this.logger.trace("0uid1p", this.correlationId);
17067
17084
  return undefined;
17068
17085
  }
17069
17086
  // If request is interactive, check if prompt provided is allowed to go directly to native broker
@@ -17071,10 +17088,10 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
17071
17088
  case PromptValue.NONE:
17072
17089
  case PromptValue.CONSENT:
17073
17090
  case PromptValue.LOGIN:
17074
- this.logger.trace("1ynje4", this.correlationId);
17091
+ this.logger.trace("0i0hco", this.correlationId);
17075
17092
  return prompt;
17076
17093
  default:
17077
- this.logger.trace("0nkr6q", this.correlationId);
17094
+ this.logger.trace("0w3tpw", this.correlationId);
17078
17095
  throw createBrowserAuthError(nativePromptNotSupported);
17079
17096
  }
17080
17097
  }
@@ -17110,7 +17127,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
17110
17127
  this.performanceClient?.addFields({
17111
17128
  embeddedClientId: child_client_id,
17112
17129
  embeddedRedirectUri: child_redirect_uri,
17113
- }, request.correlationId);
17130
+ }, this.correlationId);
17114
17131
  }
17115
17132
  }
17116
17133
 
@@ -17197,6 +17214,10 @@ async function getStandardParameters(config, authority, request, logger, perform
17197
17214
  if (request.platformBroker) {
17198
17215
  // signal ests that this is a WAM call
17199
17216
  addNativeBroker(parameters);
17217
+ // instrument JS-platform bridge specific fields
17218
+ performanceClient.addFields({
17219
+ isPlatformAuthorizeRequest: true,
17220
+ }, request.correlationId);
17200
17221
  // pass the req_cnf for POP
17201
17222
  if (request.authenticationScheme === AuthenticationScheme.POP) {
17202
17223
  const cryptoOps = new CryptoOps(logger, performanceClient);
@@ -17666,6 +17687,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
17666
17687
  },
17667
17688
  instanceAware: false,
17668
17689
  isMcp: false,
17690
+ verifySSO: false,
17669
17691
  };
17670
17692
  // Default cache options for browser
17671
17693
  const DEFAULT_CACHE_OPTIONS = {
@@ -18200,7 +18222,7 @@ function isDomEnabledForPlatformAuth() {
18200
18222
  }
18201
18223
  }
18202
18224
  /**
18203
- * Returns boolean indicating whether or not the request should attempt to use native broker
18225
+ * Returns boolean indicating whether or not the request should attempt to use platform broker
18204
18226
  * @param logger
18205
18227
  * @param config
18206
18228
  * @param correlationId
@@ -18482,6 +18504,10 @@ class PopupClient extends StandardInteractionClient {
18482
18504
  return;
18483
18505
  }
18484
18506
  }
18507
+ // Redirect bridge requires "state" param to work properly
18508
+ validRequest.state = setRequestState(this.browserCrypto, validRequest.state || "", {
18509
+ interactionType: InteractionType.Popup,
18510
+ });
18485
18511
  // Create logout string and navigate user window to logout.
18486
18512
  const logoutUri = authClient.getLogoutUri(validRequest);
18487
18513
  this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, validRequest.correlationId, InteractionType.Popup, validRequest);
@@ -19022,6 +19048,10 @@ class RedirectClient extends StandardInteractionClient {
19022
19048
  }
19023
19049
  }
19024
19050
  }
19051
+ // Redirect bridge requires "state" param to work properly
19052
+ validLogoutRequest.state = setRequestState(this.browserCrypto, validLogoutRequest.state || "", {
19053
+ interactionType: InteractionType.Redirect,
19054
+ });
19025
19055
  // Create logout string and navigate user window to logout.
19026
19056
  const logoutUri = authClient.getLogoutUri(validLogoutRequest);
19027
19057
  if (validLogoutRequest.account?.homeAccountId) {
@@ -19270,6 +19300,38 @@ class SilentIframeClient extends StandardInteractionClient {
19270
19300
  return invokeAsync(handleResponseEAR, HandleResponseEar, this.logger, this.performanceClient, correlationId)(silentRequest, serverParams, this.apiId, this.config, discoveredAuthority, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
19271
19301
  }
19272
19302
  }
19303
+ /**
19304
+ * Verifies SSO capability by making an iframe request to /authorize without exchanging the code for tokens.
19305
+ * This is useful for verifying SSO capability in the background without the overhead of a full token exchange.
19306
+ * @param request - The SSO silent request
19307
+ * @returns true if SSO verification was successful with a valid authorization code, false otherwise
19308
+ */
19309
+ async verifySso(request) {
19310
+ const inputRequest = { ...request };
19311
+ if (!inputRequest.prompt) {
19312
+ inputRequest.prompt = PromptValue.NONE;
19313
+ }
19314
+ // Create silent request
19315
+ const silentRequest = await invokeAsync(initializeAuthorizationRequest, StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(inputRequest, InteractionType.Silent, this.config, this.browserCrypto, this.browserStorage, this.logger, this.performanceClient, this.correlationId);
19316
+ const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
19317
+ serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger),
19318
+ requestAuthority: silentRequest.authority,
19319
+ requestAzureCloudOptions: silentRequest.azureCloudOptions,
19320
+ requestExtraQueryParameters: silentRequest.extraQueryParameters,
19321
+ account: silentRequest.account,
19322
+ });
19323
+ const { serverParams } = await this.silentAuthorizeHelper(authClient, silentRequest);
19324
+ const correlationId = silentRequest.correlationId;
19325
+ // Validate the response - this checks for errors and validates state
19326
+ validateAuthorizationResponse(serverParams, silentRequest.state);
19327
+ // Verify a valid authorization code is present
19328
+ if (!serverParams.code) {
19329
+ this.logger.warning("0y34ti", correlationId);
19330
+ return false;
19331
+ }
19332
+ this.logger.verbose("0kkkcj", correlationId);
19333
+ return true;
19334
+ }
19273
19335
  /**
19274
19336
  * Currently Unsupported
19275
19337
  */
@@ -19284,6 +19346,16 @@ class SilentIframeClient extends StandardInteractionClient {
19284
19346
  * @param userRequestScopes
19285
19347
  */
19286
19348
  async silentTokenHelper(authClient, request) {
19349
+ const { serverParams, pkceCodes } = await this.silentAuthorizeHelper(authClient, request);
19350
+ return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, request.correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
19351
+ }
19352
+ /**
19353
+ * Shared helper that generates PKCE codes, builds the /authorize URL,
19354
+ * loads it in a hidden iframe, waits for the redirect-bridge response,
19355
+ * and returns the deserialized server parameters along with the PKCE codes
19356
+ * and the request that was sent.
19357
+ */
19358
+ async silentAuthorizeHelper(authClient, request) {
19287
19359
  const correlationId = request.correlationId;
19288
19360
  const pkceCodes = await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
19289
19361
  const silentRequest = {
@@ -19310,7 +19382,7 @@ class SilentIframeClient extends StandardInteractionClient {
19310
19382
  invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
19311
19383
  }
19312
19384
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
19313
- return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
19385
+ return { serverParams, pkceCodes, silentRequest };
19314
19386
  }
19315
19387
  }
19316
19388
 
@@ -19677,22 +19749,25 @@ class StandardController {
19677
19749
  }
19678
19750
  const loggedInAccounts = this.getAllAccounts();
19679
19751
  const platformBrokerRequest = this.browserStorage.getCachedNativeRequest();
19680
- const useNative = platformBrokerRequest &&
19681
- this.platformAuthProvider &&
19682
- !options?.hash;
19752
+ const useNative = platformBrokerRequest && !options?.hash;
19683
19753
  let rootMeasurement;
19684
19754
  let redirectResponse;
19755
+ let cachedRedirectRequest;
19685
19756
  try {
19686
19757
  if (useNative && this.platformAuthProvider) {
19687
19758
  const correlationId = platformBrokerRequest?.correlationId || "";
19688
19759
  this.eventHandler.emitEvent(EventType.HANDLE_REDIRECT_START, correlationId, InteractionType.Redirect);
19689
19760
  rootMeasurement = this.performanceClient.startMeasurement(AcquireTokenRedirect, correlationId);
19690
19761
  this.logger.trace("12v7is", correlationId);
19762
+ rootMeasurement.add({
19763
+ isPlatformBrokerRequest: true,
19764
+ });
19691
19765
  const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.handleRedirectPromise, this.performanceClient, this.platformAuthProvider, platformBrokerRequest.accountId, this.nativeInternalStorage, platformBrokerRequest.correlationId);
19692
- redirectResponse = invokeAsync(nativeClient.handleRedirectPromise.bind(nativeClient), HandleNativeRedirectPromiseMeasurement, this.logger, this.performanceClient, rootMeasurement.event.correlationId)(this.performanceClient, rootMeasurement.event.correlationId);
19766
+ redirectResponse = invokeAsync(nativeClient.handleRedirectPromise.bind(nativeClient), HandleNativeRedirectPromiseMeasurement, this.logger, this.performanceClient, rootMeasurement.event.correlationId)();
19693
19767
  }
19694
19768
  else {
19695
19769
  const [standardRequest, codeVerifier] = this.browserStorage.getCachedRequest("");
19770
+ cachedRedirectRequest = standardRequest;
19696
19771
  const correlationId = standardRequest.correlationId;
19697
19772
  this.eventHandler.emitEvent(EventType.HANDLE_REDIRECT_START, correlationId, InteractionType.Redirect);
19698
19773
  // Reset rootMeasurement now that we have correlationId
@@ -19721,6 +19796,8 @@ class StandardController {
19721
19796
  rootMeasurement.end({
19722
19797
  success: true,
19723
19798
  }, undefined, result.account);
19799
+ // Fire-and-forget SSO capability verification in background
19800
+ this.verifySsoCapability(cachedRedirectRequest, InteractionType.Redirect);
19724
19801
  }
19725
19802
  else {
19726
19803
  /*
@@ -19786,12 +19863,14 @@ class StandardController {
19786
19863
  if (this.platformAuthProvider &&
19787
19864
  this.canUsePlatformBroker(request)) {
19788
19865
  const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.acquireTokenRedirect, this.performanceClient, this.platformAuthProvider, this.getNativeAccountId(request), this.nativeInternalStorage, correlationId);
19789
- result = nativeClient
19790
- .acquireTokenRedirect(request, atrMeasurement)
19791
- .catch((e) => {
19866
+ result = invokeAsync(nativeClient.acquireTokenRedirect.bind(nativeClient), NativeInteractionClientAcquireTokenRedirect, this.logger, this.performanceClient, correlationId)(request, atrMeasurement).catch((e) => {
19867
+ atrMeasurement.add({
19868
+ brokerErrorName: e.name,
19869
+ brokerErrorCode: e.errorCode,
19870
+ });
19792
19871
  if (e instanceof NativeAuthError &&
19793
19872
  isFatalNativeAuthError(e)) {
19794
- this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
19873
+ this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
19795
19874
  const redirectClient = this.createRedirectClient(correlationId);
19796
19875
  return redirectClient.acquireToken(request);
19797
19876
  }
@@ -19857,6 +19936,9 @@ class StandardController {
19857
19936
  let result;
19858
19937
  const pkce = this.getPreGeneratedPkceCodes(correlationId);
19859
19938
  if (this.canUsePlatformBroker(request)) {
19939
+ atPopupMeasurement.add({
19940
+ isPlatformBrokerRequest: true,
19941
+ });
19860
19942
  result = this.acquireTokenNative({
19861
19943
  ...request,
19862
19944
  correlationId,
@@ -19869,9 +19951,13 @@ class StandardController {
19869
19951
  return response;
19870
19952
  })
19871
19953
  .catch((e) => {
19954
+ atPopupMeasurement.add({
19955
+ brokerErrorName: e.name,
19956
+ brokerErrorCode: e.errorCode,
19957
+ });
19872
19958
  if (e instanceof NativeAuthError &&
19873
19959
  isFatalNativeAuthError(e)) {
19874
- this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
19960
+ this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
19875
19961
  const popupClient = this.createPopupClient(correlationId);
19876
19962
  return popupClient.acquireToken(request, pkce);
19877
19963
  }
@@ -19902,6 +19988,8 @@ class StandardController {
19902
19988
  accessTokenSize: result.accessToken.length,
19903
19989
  idTokenSize: result.idToken.length,
19904
19990
  }, undefined, result.account);
19991
+ // SSO capability verification in background
19992
+ this.verifySsoCapability(request, InteractionType.Popup);
19905
19993
  return result;
19906
19994
  })
19907
19995
  .catch((e) => {
@@ -19954,6 +20042,103 @@ class StandardController {
19954
20042
  window.removeEventListener("online", listener);
19955
20043
  window.removeEventListener("offline", listener);
19956
20044
  }
20045
+ /**
20046
+ * Reads the cached ssoCapable value from localStorage.
20047
+ * @returns The cached ssoCapable boolean value, or undefined if not cached or expired.
20048
+ */
20049
+ getCachedSsoCapable() {
20050
+ try {
20051
+ const cachedValue = window.localStorage.getItem(SSO_CAPABLE);
20052
+ if (cachedValue) {
20053
+ const parsed = JSON.parse(cachedValue);
20054
+ if (parsed &&
20055
+ typeof parsed.ssoCapable === "boolean" &&
20056
+ parsed.expiresOn &&
20057
+ Date.now() < parsed.expiresOn) {
20058
+ return parsed.ssoCapable;
20059
+ }
20060
+ }
20061
+ }
20062
+ catch {
20063
+ // If parsing fails, return undefined
20064
+ }
20065
+ return undefined;
20066
+ }
20067
+ /**
20068
+ * SSO capability verification in the background.
20069
+ * This method makes an iframe request to /authorize to verify SSO capability without calling /token.
20070
+ * This method does not block the caller and tracks telemetry for success/failure.
20071
+ * This method only executes if verifySSO is set to true in the auth configuration.
20072
+ * The result is cached in localStorage with a 24-hour TTL; the SSO verification call
20073
+ * is only attempted when the cached value is absent or expired.
20074
+ * @param request - The original request used for the authentication flow
20075
+ * @param interactionType - The interactionType of the AT operation for logging purposes
20076
+ */
20077
+ verifySsoCapability(request, interactionType) {
20078
+ // Check if SSO capability verification is enabled
20079
+ if (!this.config.auth.verifySSO) {
20080
+ return;
20081
+ }
20082
+ // Check TTL: derive ssoCapable state from localStorage and skip if not expired
20083
+ const ssoCacheKey = SSO_CAPABLE;
20084
+ const SSO_CAPABLE_TTL_MS = 24 * 60 * 60 * 1000; // 24 hours
20085
+ const cachedSsoCapable = this.getCachedSsoCapable();
20086
+ if (cachedSsoCapable !== undefined) {
20087
+ this.logger.verbose("13poou", "");
20088
+ return;
20089
+ }
20090
+ const correlationId = createNewGuid();
20091
+ const ssoCapableMeasurement = this.performanceClient.startMeasurement(SsoCapable, correlationId);
20092
+ ssoCapableMeasurement.add({
20093
+ "ext.interactionType": interactionType,
20094
+ });
20095
+ this.logger.verbose("0pbr0i", correlationId);
20096
+ /*
20097
+ * Use setTimeout to ensure this runs in a separate macrotask after the current call stack completes
20098
+ * This ensures the result is returned to the caller before the SSO verification starts and doesn't affect performance
20099
+ */
20100
+ setTimeout(() => {
20101
+ const ssoVerificationRequest = {
20102
+ ...request,
20103
+ correlationId: correlationId,
20104
+ };
20105
+ const silentIframeClient = this.createSilentIframeClient(correlationId);
20106
+ silentIframeClient
20107
+ .verifySso(ssoVerificationRequest)
20108
+ .then((result) => {
20109
+ this.logger.verbose("1gd1iv", correlationId);
20110
+ // TBD to add profileTelemetry later in localStorage with 24h TTL
20111
+ try {
20112
+ const cacheEntry = JSON.stringify({
20113
+ ssoCapable: result,
20114
+ expiresOn: Date.now() + SSO_CAPABLE_TTL_MS,
20115
+ });
20116
+ window.localStorage.setItem(ssoCacheKey, cacheEntry);
20117
+ }
20118
+ catch {
20119
+ this.logger.warning("18lmoj", correlationId);
20120
+ }
20121
+ ssoCapableMeasurement.end({
20122
+ fromCache: false,
20123
+ success: result,
20124
+ }, undefined);
20125
+ })
20126
+ .catch((error) => {
20127
+ this.logger.warning("05g83w", correlationId);
20128
+ // reset the cache
20129
+ try {
20130
+ window.localStorage.removeItem(ssoCacheKey);
20131
+ }
20132
+ catch {
20133
+ this.logger.warning("0nlf9q", correlationId);
20134
+ }
20135
+ ssoCapableMeasurement.end({
20136
+ fromCache: false,
20137
+ success: false,
20138
+ }, error);
20139
+ });
20140
+ }, 0);
20141
+ }
19957
20142
  // #endregion
19958
20143
  // #region Silent Flow
19959
20144
  /**
@@ -19975,13 +20160,12 @@ class StandardController {
19975
20160
  const correlationId = this.getRequestCorrelationId(request);
19976
20161
  const validRequest = {
19977
20162
  ...request,
19978
- // will be PromptValue.NONE or PromptValue.NO_SESSION
19979
- prompt: request.prompt,
19980
20163
  correlationId: correlationId,
19981
20164
  };
19982
20165
  this.ssoSilentMeasurement = this.performanceClient.startMeasurement(SsoSilent, correlationId);
19983
20166
  this.ssoSilentMeasurement?.add({
19984
20167
  scenarioId: request.scenarioId,
20168
+ ssoCapable: this.getCachedSsoCapable(),
19985
20169
  });
19986
20170
  preflightCheck(this.initialized, this.ssoSilentMeasurement, this.config, validRequest);
19987
20171
  this.ssoSilentMeasurement?.increment({
@@ -19994,10 +20178,17 @@ class StandardController {
19994
20178
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, InteractionType.Silent, validRequest);
19995
20179
  let result;
19996
20180
  if (this.canUsePlatformBroker(validRequest)) {
20181
+ this.ssoSilentMeasurement?.add({
20182
+ isPlatformBrokerRequest: true,
20183
+ });
19997
20184
  result = this.acquireTokenNative(validRequest, ApiId.ssoSilent).catch((e) => {
20185
+ this.ssoSilentMeasurement?.add({
20186
+ brokerErrorName: e.name,
20187
+ brokerErrorCode: e.errorCode,
20188
+ });
19998
20189
  // If native token acquisition fails for availability reasons fallback to standard flow
19999
20190
  if (e instanceof NativeAuthError && isFatalNativeAuthError(e)) {
20000
- this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
20191
+ this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
20001
20192
  const silentIframeClient = this.createSilentIframeClient(validRequest.correlationId);
20002
20193
  return silentIframeClient.acquireToken(validRequest);
20003
20194
  }
@@ -20070,7 +20261,6 @@ class StandardController {
20070
20261
  this.hybridAuthCodeResponses.delete(hybridAuthCode);
20071
20262
  atbcMeasurement.end({
20072
20263
  success: true,
20073
- isNativeBroker: result.fromPlatformBroker,
20074
20264
  accessTokenSize: result.accessToken.length,
20075
20265
  idTokenSize: result.idToken.length,
20076
20266
  }, undefined, result.account);
@@ -20094,10 +20284,17 @@ class StandardController {
20094
20284
  }
20095
20285
  else if (request.nativeAccountId) {
20096
20286
  if (this.canUsePlatformBroker(request, request.nativeAccountId)) {
20287
+ atbcMeasurement.add({
20288
+ isPlatformBrokerRequest: true,
20289
+ });
20097
20290
  const result = await this.acquireTokenNative({
20098
20291
  ...request,
20099
20292
  correlationId,
20100
20293
  }, ApiId.acquireTokenByCode, request.nativeAccountId).catch((e) => {
20294
+ atbcMeasurement.add({
20295
+ brokerErrorName: e.name,
20296
+ brokerErrorCode: e.errorCode,
20297
+ });
20101
20298
  // If native token acquisition fails for availability reasons fallback to standard flow
20102
20299
  if (e instanceof NativeAuthError &&
20103
20300
  isFatalNativeAuthError(e)) {
@@ -20148,7 +20345,6 @@ class StandardController {
20148
20345
  this.acquireTokenByCodeAsyncMeasurement?.end({
20149
20346
  success: true,
20150
20347
  fromCache: response.fromCache,
20151
- isNativeBroker: response.fromPlatformBroker,
20152
20348
  });
20153
20349
  return response;
20154
20350
  })
@@ -20317,7 +20513,7 @@ class StandardController {
20317
20513
  throw createBrowserAuthError(nativeConnectionNotEstablished);
20318
20514
  }
20319
20515
  const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, apiId, this.performanceClient, this.platformAuthProvider, accountId || this.getNativeAccountId(request), this.nativeInternalStorage, correlationId);
20320
- return nativeClient.acquireToken(request, cacheLookupPolicy);
20516
+ return invokeAsync(nativeClient.acquireToken.bind(nativeClient), NativeInteractionClientAcquireToken, this.logger, this.performanceClient, correlationId)(request, cacheLookupPolicy);
20321
20517
  }
20322
20518
  /**
20323
20519
  * Returns boolean indicating if this request can use the platform broker
@@ -20331,7 +20527,7 @@ class StandardController {
20331
20527
  return false;
20332
20528
  }
20333
20529
  if (!isPlatformAuthAllowed(this.config, this.logger, correlationId, this.platformAuthProvider, request.authenticationScheme)) {
20334
- this.logger.trace("1m4bzf", correlationId);
20530
+ this.logger.trace("0yoy1g", correlationId);
20335
20531
  return false;
20336
20532
  }
20337
20533
  if (request.prompt) {
@@ -20550,6 +20746,7 @@ class StandardController {
20550
20746
  atsMeasurement.add({
20551
20747
  cacheLookupPolicy: request.cacheLookupPolicy,
20552
20748
  scenarioId: request.scenarioId,
20749
+ ssoCapable: this.getCachedSsoCapable(),
20553
20750
  });
20554
20751
  preflightCheck(this.initialized, atsMeasurement, this.config, request);
20555
20752
  this.logger.verbose("0x1c4s", correlationId);
@@ -20562,7 +20759,6 @@ class StandardController {
20562
20759
  atsMeasurement.end({
20563
20760
  success: true,
20564
20761
  fromCache: result.fromCache,
20565
- isNativeBroker: result.fromPlatformBroker,
20566
20762
  accessTokenSize: result.accessToken.length,
20567
20763
  idTokenSize: result.idToken.length,
20568
20764
  }, undefined, result.account);
@@ -20722,7 +20918,12 @@ class StandardController {
20722
20918
  if (isPlatformAuthAllowed(this.config, this.logger, silentRequest.correlationId, this.platformAuthProvider, silentRequest.authenticationScheme) &&
20723
20919
  silentRequest.account.nativeAccountId) {
20724
20920
  this.logger.verbose("0sczo4", silentRequest.correlationId);
20921
+ this.performanceClient.addFields({ isPlatformBrokerRequest: true }, silentRequest.correlationId);
20725
20922
  return this.acquireTokenNative(silentRequest, ApiId.acquireTokenSilent_silentFlow, silentRequest.account.nativeAccountId, cacheLookupPolicy).catch(async (e) => {
20923
+ this.performanceClient.addFields({
20924
+ brokerErrorName: e.name,
20925
+ brokerErrorCode: e.errorCode,
20926
+ }, silentRequest.correlationId);
20726
20927
  // If native token acquisition fails for availability reasons fallback to web flow
20727
20928
  if (e instanceof NativeAuthError && isFatalNativeAuthError(e)) {
20728
20929
  this.logger.verbose("07rkmb", silentRequest.correlationId);