@azure/msal-browser 5.6.3 → 5.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (411) hide show
  1. package/README.md +0 -1
  2. package/dist/app/IPublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientApplication.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +2 -3
  5. package/dist/broker/nativeBroker/NativeStatusCodes.mjs.map +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  8. package/dist/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
  9. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +2 -2
  10. package/dist/cache/AccountManager.mjs +1 -1
  11. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  12. package/dist/cache/BrowserCacheManager.mjs +1 -1
  13. package/dist/cache/CacheHelpers.mjs +1 -1
  14. package/dist/cache/CacheKeys.d.ts +1 -0
  15. package/dist/cache/CacheKeys.d.ts.map +1 -1
  16. package/dist/cache/CacheKeys.mjs +3 -2
  17. package/dist/cache/CacheKeys.mjs.map +1 -1
  18. package/dist/cache/CookieStorage.mjs +1 -1
  19. package/dist/cache/DatabaseStorage.mjs +1 -1
  20. package/dist/cache/EncryptedData.mjs +1 -1
  21. package/dist/cache/LocalStorage.mjs +1 -1
  22. package/dist/cache/MemoryStorage.mjs +1 -1
  23. package/dist/cache/SessionStorage.mjs +1 -1
  24. package/dist/cache/TokenCache.mjs +1 -1
  25. package/dist/config/Configuration.d.ts +7 -0
  26. package/dist/config/Configuration.d.ts.map +1 -1
  27. package/dist/config/Configuration.mjs +2 -1
  28. package/dist/config/Configuration.mjs.map +1 -1
  29. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  30. package/dist/controllers/StandardController.d.ts +16 -0
  31. package/dist/controllers/StandardController.d.ts.map +1 -1
  32. package/dist/controllers/StandardController.mjs +150 -20
  33. package/dist/controllers/StandardController.mjs.map +1 -1
  34. package/dist/crypto/BrowserCrypto.mjs +1 -1
  35. package/dist/crypto/CryptoOps.mjs +1 -1
  36. package/dist/crypto/PkceGenerator.mjs +1 -1
  37. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  38. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  39. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +2 -3
  40. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs.map +1 -1
  41. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  42. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  43. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
  44. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +2 -2
  45. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  46. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  47. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
  48. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  49. package/dist/custom-auth-path/cache/CacheKeys.d.ts +1 -0
  50. package/dist/custom-auth-path/cache/CacheKeys.d.ts.map +1 -1
  51. package/dist/custom-auth-path/cache/CacheKeys.mjs +3 -2
  52. package/dist/custom-auth-path/cache/CacheKeys.mjs.map +1 -1
  53. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  54. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  55. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  56. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  57. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  58. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  59. package/dist/custom-auth-path/config/Configuration.d.ts +7 -0
  60. package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
  61. package/dist/custom-auth-path/config/Configuration.mjs +2 -1
  62. package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
  63. package/dist/custom-auth-path/controllers/StandardController.d.ts +16 -0
  64. package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
  65. package/dist/custom-auth-path/controllers/StandardController.mjs +150 -20
  66. package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
  67. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  68. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  69. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  70. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  71. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  72. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  74. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  158. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  159. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  160. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  169. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  170. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  171. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  172. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  173. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  174. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  175. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  176. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  177. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  178. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  179. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  180. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  181. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  182. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  183. package/dist/custom-auth-path/error/NativeAuthError.d.ts.map +1 -1
  184. package/dist/custom-auth-path/error/NativeAuthError.mjs +3 -4
  185. package/dist/custom-auth-path/error/NativeAuthError.mjs.map +1 -1
  186. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  187. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  188. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  189. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  190. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  191. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts +2 -2
  192. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  193. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +32 -19
  194. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  195. package/dist/custom-auth-path/interaction_client/PopupClient.d.ts.map +1 -1
  196. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +6 -2
  197. package/dist/custom-auth-path/interaction_client/PopupClient.mjs.map +1 -1
  198. package/dist/custom-auth-path/interaction_client/RedirectClient.d.ts.map +1 -1
  199. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +6 -2
  200. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs.map +1 -1
  201. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  202. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  203. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts +14 -0
  204. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
  205. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +45 -3
  206. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
  207. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  208. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
  209. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  210. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
  211. package/dist/custom-auth-path/log-strings-mapping.json +47 -15
  212. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  213. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  214. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  215. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  216. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  217. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  218. package/dist/custom-auth-path/protocol/Authorize.d.ts.map +1 -1
  219. package/dist/custom-auth-path/protocol/Authorize.mjs +5 -1
  220. package/dist/custom-auth-path/protocol/Authorize.mjs.map +1 -1
  221. package/dist/custom-auth-path/redirect_bridge/index.d.ts.map +1 -1
  222. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  223. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  224. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts +1 -0
  225. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  226. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +3 -2
  227. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
  228. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
  229. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
  230. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +8 -3
  231. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs.map +1 -1
  232. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  233. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  234. package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
  235. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  236. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
  237. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  238. package/dist/encode/Base64Decode.mjs +1 -1
  239. package/dist/encode/Base64Encode.mjs +1 -1
  240. package/dist/error/BrowserAuthError.mjs +1 -1
  241. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  242. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  243. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  244. package/dist/error/NativeAuthError.d.ts.map +1 -1
  245. package/dist/error/NativeAuthError.mjs +3 -4
  246. package/dist/error/NativeAuthError.mjs.map +1 -1
  247. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  248. package/dist/error/NestedAppAuthError.mjs +1 -1
  249. package/dist/event/EventHandler.mjs +1 -1
  250. package/dist/event/EventMessage.mjs +1 -1
  251. package/dist/event/EventType.mjs +1 -1
  252. package/dist/index.mjs +1 -1
  253. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  254. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  255. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts +2 -2
  256. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  257. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +32 -19
  258. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  259. package/dist/interaction_client/PopupClient.d.ts.map +1 -1
  260. package/dist/interaction_client/PopupClient.mjs +6 -2
  261. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  262. package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
  263. package/dist/interaction_client/RedirectClient.mjs +6 -2
  264. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  265. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  266. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  267. package/dist/interaction_client/SilentIframeClient.d.ts +14 -0
  268. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  269. package/dist/interaction_client/SilentIframeClient.mjs +45 -3
  270. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  271. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  272. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  273. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  274. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  275. package/dist/log-strings-mapping.json +47 -15
  276. package/dist/naa/BridgeError.mjs +1 -1
  277. package/dist/naa/BridgeProxy.mjs +1 -1
  278. package/dist/naa/BridgeStatusCode.mjs +1 -1
  279. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  280. package/dist/navigation/NavigationClient.mjs +1 -1
  281. package/dist/network/FetchClient.mjs +1 -1
  282. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  283. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  284. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  285. package/dist/packageMetadata.d.ts +1 -1
  286. package/dist/packageMetadata.mjs +2 -2
  287. package/dist/protocol/Authorize.d.ts.map +1 -1
  288. package/dist/protocol/Authorize.mjs +5 -1
  289. package/dist/protocol/Authorize.mjs.map +1 -1
  290. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
  291. package/dist/redirect-bridge/cache/CacheKeys.d.ts +1 -0
  292. package/dist/redirect-bridge/cache/CacheKeys.d.ts.map +1 -1
  293. package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
  294. package/dist/redirect-bridge/config/Configuration.d.ts +7 -0
  295. package/dist/redirect-bridge/config/Configuration.d.ts.map +1 -1
  296. package/dist/redirect-bridge/config/Configuration.mjs +1 -1
  297. package/dist/redirect-bridge/controllers/StandardController.d.ts +16 -0
  298. package/dist/redirect-bridge/controllers/StandardController.d.ts.map +1 -1
  299. package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
  300. package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
  301. package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
  302. package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
  303. package/dist/redirect-bridge/error/NativeAuthError.d.ts.map +1 -1
  304. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts +2 -2
  305. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  306. package/dist/redirect-bridge/interaction_client/PopupClient.d.ts.map +1 -1
  307. package/dist/redirect-bridge/interaction_client/RedirectClient.d.ts.map +1 -1
  308. package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts +14 -0
  309. package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts.map +1 -1
  310. package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
  311. package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
  312. package/dist/redirect-bridge/protocol/Authorize.d.ts.map +1 -1
  313. package/dist/redirect-bridge/redirect_bridge/index.d.ts.map +1 -1
  314. package/dist/redirect-bridge/redirect_bridge/index.mjs +11 -7
  315. package/dist/redirect-bridge/redirect_bridge/index.mjs.map +1 -1
  316. package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts +1 -0
  317. package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  318. package/dist/redirect-bridge/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
  319. package/dist/redirect-bridge/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
  320. package/dist/redirect-bridge/utils/BrowserConstants.mjs +7 -3
  321. package/dist/redirect-bridge/utils/BrowserConstants.mjs.map +1 -1
  322. package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
  323. package/dist/redirect_bridge/index.d.ts.map +1 -1
  324. package/dist/request/RequestHelpers.mjs +1 -1
  325. package/dist/response/ResponseHandler.mjs +1 -1
  326. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  327. package/dist/telemetry/BrowserPerformanceEvents.d.ts +1 -0
  328. package/dist/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  329. package/dist/telemetry/BrowserPerformanceEvents.mjs +3 -2
  330. package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
  331. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  332. package/dist/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
  333. package/dist/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
  334. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +10 -3
  335. package/dist/telemetry/BrowserRootPerformanceEvents.mjs.map +1 -1
  336. package/dist/utils/BrowserConstants.mjs +1 -1
  337. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  338. package/dist/utils/BrowserUtils.mjs +1 -1
  339. package/dist/utils/Helpers.mjs +1 -1
  340. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  341. package/lib/custom-auth-path/log-strings-mapping.json +47 -15
  342. package/lib/custom-auth-path/msal-custom-auth.cjs +334 -133
  343. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  344. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
  345. package/lib/custom-auth-path/types/cache/CacheKeys.d.ts +1 -0
  346. package/lib/custom-auth-path/types/cache/CacheKeys.d.ts.map +1 -1
  347. package/lib/custom-auth-path/types/config/Configuration.d.ts +7 -0
  348. package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
  349. package/lib/custom-auth-path/types/controllers/StandardController.d.ts +16 -0
  350. package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
  351. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  352. package/lib/custom-auth-path/types/error/NativeAuthError.d.ts.map +1 -1
  353. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts +2 -2
  354. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  355. package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts.map +1 -1
  356. package/lib/custom-auth-path/types/interaction_client/RedirectClient.d.ts.map +1 -1
  357. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts +14 -0
  358. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  359. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  360. package/lib/custom-auth-path/types/protocol/Authorize.d.ts.map +1 -1
  361. package/lib/custom-auth-path/types/redirect_bridge/index.d.ts.map +1 -1
  362. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts +1 -0
  363. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  364. package/lib/custom-auth-path/types/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
  365. package/lib/custom-auth-path/types/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
  366. package/lib/log-strings-mapping.json +47 -15
  367. package/lib/msal-browser.cjs +343 -138
  368. package/lib/msal-browser.cjs.map +1 -1
  369. package/lib/msal-browser.js +343 -138
  370. package/lib/msal-browser.js.map +1 -1
  371. package/lib/msal-browser.min.js +2 -2
  372. package/lib/redirect-bridge/msal-redirect-bridge.js +24 -16
  373. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  374. package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
  375. package/lib/types/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
  376. package/lib/types/cache/CacheKeys.d.ts +1 -0
  377. package/lib/types/cache/CacheKeys.d.ts.map +1 -1
  378. package/lib/types/config/Configuration.d.ts +7 -0
  379. package/lib/types/config/Configuration.d.ts.map +1 -1
  380. package/lib/types/controllers/StandardController.d.ts +16 -0
  381. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  382. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  383. package/lib/types/error/NativeAuthError.d.ts.map +1 -1
  384. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts +2 -2
  385. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  386. package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
  387. package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
  388. package/lib/types/interaction_client/SilentIframeClient.d.ts +14 -0
  389. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  390. package/lib/types/packageMetadata.d.ts +1 -1
  391. package/lib/types/protocol/Authorize.d.ts.map +1 -1
  392. package/lib/types/redirect_bridge/index.d.ts.map +1 -1
  393. package/lib/types/telemetry/BrowserPerformanceEvents.d.ts +1 -0
  394. package/lib/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  395. package/lib/types/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
  396. package/lib/types/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
  397. package/package.json +2 -2
  398. package/src/broker/nativeBroker/PlatformAuthProvider.ts +1 -1
  399. package/src/cache/CacheKeys.ts +1 -0
  400. package/src/config/Configuration.ts +8 -0
  401. package/src/controllers/StandardController.ts +233 -35
  402. package/src/error/NativeAuthError.ts +1 -2
  403. package/src/interaction_client/PlatformAuthInteractionClient.ts +44 -23
  404. package/src/interaction_client/PopupClient.ts +10 -0
  405. package/src/interaction_client/RedirectClient.ts +10 -0
  406. package/src/interaction_client/SilentIframeClient.ts +123 -20
  407. package/src/packageMetadata.ts +1 -1
  408. package/src/protocol/Authorize.ts +8 -0
  409. package/src/redirect_bridge/index.ts +12 -5
  410. package/src/telemetry/BrowserPerformanceEvents.ts +3 -0
  411. package/src/telemetry/BrowserRootPerformanceEvents.ts +7 -0
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-browser v5.6.3 2026-04-01 */
1
+ /*! @azure/msal-browser v5.7.0 2026-04-16 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- /*! @azure/msal-common v16.4.1 2026-04-01 */
5
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6
6
  /*
7
7
  * Copyright (c) Microsoft Corporation. All rights reserved.
8
8
  * Licensed under the MIT License.
@@ -234,7 +234,7 @@ const JsonWebTokenTypes$1 = {
234
234
  // Token renewal offset default in seconds
235
235
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
236
236
 
237
- /*! @azure/msal-common v16.4.1 2026-04-01 */
237
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
238
238
  /*
239
239
  * Copyright (c) Microsoft Corporation. All rights reserved.
240
240
  * Licensed under the MIT License.
@@ -286,7 +286,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
286
286
  const RESOURCE = "resource";
287
287
  const CLI_DATA = "clidata";
288
288
 
289
- /*! @azure/msal-common v16.4.1 2026-04-01 */
289
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
290
290
  /*
291
291
  * Copyright (c) Microsoft Corporation. All rights reserved.
292
292
  * Licensed under the MIT License.
@@ -317,7 +317,7 @@ function createAuthError(code, additionalMessage) {
317
317
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
318
318
  }
319
319
 
320
- /*! @azure/msal-common v16.4.1 2026-04-01 */
320
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
321
321
 
322
322
  /*
323
323
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -337,7 +337,7 @@ function createClientConfigurationError(errorCode) {
337
337
  return new ClientConfigurationError(errorCode);
338
338
  }
339
339
 
340
- /*! @azure/msal-common v16.4.1 2026-04-01 */
340
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
341
341
  /*
342
342
  * Copyright (c) Microsoft Corporation. All rights reserved.
343
343
  * Licensed under the MIT License.
@@ -417,7 +417,7 @@ class StringUtils {
417
417
  }
418
418
  }
419
419
 
420
- /*! @azure/msal-common v16.4.1 2026-04-01 */
420
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
421
421
 
422
422
  /*
423
423
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -440,7 +440,7 @@ function createClientAuthError(errorCode, additionalMessage) {
440
440
  return new ClientAuthError(errorCode, additionalMessage);
441
441
  }
442
442
 
443
- /*! @azure/msal-common v16.4.1 2026-04-01 */
443
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
444
444
  /*
445
445
  * Copyright (c) Microsoft Corporation. All rights reserved.
446
446
  * Licensed under the MIT License.
@@ -494,7 +494,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
494
494
  urlParseError: urlParseError
495
495
  });
496
496
 
497
- /*! @azure/msal-common v16.4.1 2026-04-01 */
497
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
498
498
  /*
499
499
  * Copyright (c) Microsoft Corporation. All rights reserved.
500
500
  * Licensed under the MIT License.
@@ -582,7 +582,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
582
582
  userCanceled: userCanceled
583
583
  });
584
584
 
585
- /*! @azure/msal-common v16.4.1 2026-04-01 */
585
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
586
586
 
587
587
  /*
588
588
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -777,7 +777,7 @@ class ScopeSet {
777
777
  }
778
778
  }
779
779
 
780
- /*! @azure/msal-common v16.4.1 2026-04-01 */
780
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
781
781
 
782
782
  /*
783
783
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -898,18 +898,29 @@ function addSid(parameters, sid) {
898
898
  parameters.set(SID, sid);
899
899
  }
900
900
  /**
901
- * add claims
902
- * @param claims
903
- */
904
- function addClaims(parameters, claims, clientCapabilities) {
905
- const mergedClaims = addClientCapabilitiesToClaims$1(claims, clientCapabilities);
906
- try {
907
- JSON.parse(mergedClaims);
908
- }
909
- catch (e) {
910
- throw createClientConfigurationError(invalidClaims);
901
+ * Adds claims to request parameters, conditionally excluding clientCapabilities
902
+ * when skipBrokerClaims is true and a brokered flow is in effect.
903
+ * @param parameters - The request parameters map
904
+ * @param claims - The claims string from the request
905
+ * @param clientCapabilities - The client capabilities from configuration
906
+ * @param skipBrokerClaims - When true and BROKER_CLIENT_ID is present, excludes clientCapabilities from claims
907
+ */
908
+ function addClaims(parameters, claims, clientCapabilities, skipBrokerClaims) {
909
+ // Skip clientCapabilities if skipBrokerClaims is set to true and this is a brokered authentication flow
910
+ const configClaims = skipBrokerClaims && parameters.has(BROKER_CLIENT_ID)
911
+ ? undefined
912
+ : clientCapabilities;
913
+ if (!StringUtils.isEmptyObj(claims) ||
914
+ (configClaims && configClaims.length > 0)) {
915
+ const mergedClaims = addClientCapabilitiesToClaims$1(claims, configClaims);
916
+ try {
917
+ JSON.parse(mergedClaims);
918
+ }
919
+ catch (e) {
920
+ throw createClientConfigurationError(invalidClaims);
921
+ }
922
+ parameters.set(CLAIMS, mergedClaims);
911
923
  }
912
- parameters.set(CLAIMS, mergedClaims);
913
924
  }
914
925
  /**
915
926
  * add correlationId
@@ -1155,7 +1166,7 @@ function addResource(parameters, resource) {
1155
1166
  }
1156
1167
  }
1157
1168
 
1158
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1169
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1159
1170
 
1160
1171
  /*
1161
1172
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1264,7 +1275,7 @@ function normalizeUrlForComparison(url) {
1264
1275
  }
1265
1276
  }
1266
1277
 
1267
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1278
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1268
1279
 
1269
1280
  /*
1270
1281
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1303,7 +1314,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
1303
1314
  },
1304
1315
  };
1305
1316
 
1306
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1317
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1307
1318
  /*
1308
1319
  * Copyright (c) Microsoft Corporation. All rights reserved.
1309
1320
  * Licensed under the MIT License.
@@ -1578,12 +1589,12 @@ class Logger {
1578
1589
  }
1579
1590
  }
1580
1591
 
1581
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1592
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1582
1593
  /* eslint-disable header/header */
1583
1594
  const name$1 = "@azure/msal-common";
1584
- const version$1 = "16.4.1";
1595
+ const version$1 = "16.5.0";
1585
1596
 
1586
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1597
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1587
1598
  /*
1588
1599
  * Copyright (c) Microsoft Corporation. All rights reserved.
1589
1600
  * Licensed under the MIT License.
@@ -1603,7 +1614,7 @@ const AzureCloudInstance = {
1603
1614
  AzureUsGovernment: "https://login.microsoftonline.us",
1604
1615
  };
1605
1616
 
1606
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1617
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1607
1618
  /*
1608
1619
  * Copyright (c) Microsoft Corporation. All rights reserved.
1609
1620
  * Licensed under the MIT License.
@@ -1685,7 +1696,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
1685
1696
  return updatedAccountInfo;
1686
1697
  }
1687
1698
 
1688
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1699
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1689
1700
 
1690
1701
  /*
1691
1702
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1765,7 +1776,7 @@ function checkMaxAge(authTime, maxAge) {
1765
1776
  }
1766
1777
  }
1767
1778
 
1768
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1779
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1769
1780
 
1770
1781
  /*
1771
1782
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1922,7 +1933,7 @@ class UrlString {
1922
1933
  }
1923
1934
  }
1924
1935
 
1925
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1936
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1926
1937
 
1927
1938
  /*
1928
1939
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2079,7 +2090,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2079
2090
  return null;
2080
2091
  }
2081
2092
 
2082
- /*! @azure/msal-common v16.4.1 2026-04-01 */
2093
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2083
2094
  /*
2084
2095
  * Copyright (c) Microsoft Corporation. All rights reserved.
2085
2096
  * Licensed under the MIT License.
@@ -2087,7 +2098,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
2087
2098
  const cacheQuotaExceeded = "cache_quota_exceeded";
2088
2099
  const cacheErrorUnknown = "cache_error_unknown";
2089
2100
 
2090
- /*! @azure/msal-common v16.4.1 2026-04-01 */
2101
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2091
2102
 
2092
2103
  /*
2093
2104
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2125,7 +2136,7 @@ function createCacheError(e) {
2125
2136
  }
2126
2137
  }
2127
2138
 
2128
- /*! @azure/msal-common v16.4.1 2026-04-01 */
2139
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2129
2140
 
2130
2141
  /*
2131
2142
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2163,7 +2174,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
2163
2174
  };
2164
2175
  }
2165
2176
 
2166
- /*! @azure/msal-common v16.4.1 2026-04-01 */
2177
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2167
2178
  /*
2168
2179
  * Copyright (c) Microsoft Corporation. All rights reserved.
2169
2180
  * Licensed under the MIT License.
@@ -2178,7 +2189,7 @@ const AuthorityType = {
2178
2189
  Ciam: 3,
2179
2190
  };
2180
2191
 
2181
- /*! @azure/msal-common v16.4.1 2026-04-01 */
2192
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2182
2193
  /*
2183
2194
  * Copyright (c) Microsoft Corporation. All rights reserved.
2184
2195
  * Licensed under the MIT License.
@@ -2200,7 +2211,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
2200
2211
  return null;
2201
2212
  }
2202
2213
 
2203
- /*! @azure/msal-common v16.4.1 2026-04-01 */
2214
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2204
2215
  /*
2205
2216
  * Copyright (c) Microsoft Corporation. All rights reserved.
2206
2217
  * Licensed under the MIT License.
@@ -2224,7 +2235,7 @@ const ProtocolMode = {
2224
2235
  EAR: "EAR",
2225
2236
  };
2226
2237
 
2227
- /*! @azure/msal-common v16.4.1 2026-04-01 */
2238
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2228
2239
  /**
2229
2240
  * Returns the AccountInfo interface for this account.
2230
2241
  */
@@ -2399,7 +2410,7 @@ function isAccountEntity(entity) {
2399
2410
  entity.hasOwnProperty("authorityType"));
2400
2411
  }
2401
2412
 
2402
- /*! @azure/msal-common v16.4.1 2026-04-01 */
2413
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2403
2414
 
2404
2415
  /*
2405
2416
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3501,7 +3512,7 @@ class DefaultStorageClass extends CacheManager {
3501
3512
  }
3502
3513
  }
3503
3514
 
3504
- /*! @azure/msal-common v16.4.1 2026-04-01 */
3515
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3505
3516
  /*
3506
3517
  * Copyright (c) Microsoft Corporation. All rights reserved.
3507
3518
  * Licensed under the MIT License.
@@ -3552,7 +3563,7 @@ const IntFields = new Set([
3552
3563
  "redirectBridgeMessageVersion",
3553
3564
  ]);
3554
3565
 
3555
- /*! @azure/msal-common v16.4.1 2026-04-01 */
3566
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3556
3567
 
3557
3568
  /*
3558
3569
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3607,7 +3618,7 @@ class StubPerformanceClient {
3607
3618
  }
3608
3619
  }
3609
3620
 
3610
- /*! @azure/msal-common v16.4.1 2026-04-01 */
3621
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3611
3622
 
3612
3623
  /*
3613
3624
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3702,7 +3713,7 @@ function isOidcProtocolMode(config) {
3702
3713
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3703
3714
  }
3704
3715
 
3705
- /*! @azure/msal-common v16.4.1 2026-04-01 */
3716
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3706
3717
  /*
3707
3718
  * Copyright (c) Microsoft Corporation. All rights reserved.
3708
3719
  * Licensed under the MIT License.
@@ -3729,7 +3740,7 @@ function isOidcProtocolMode(config) {
3729
3740
  }
3730
3741
  }
3731
3742
 
3732
- /*! @azure/msal-common v16.4.1 2026-04-01 */
3743
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3733
3744
  /*
3734
3745
  * Copyright (c) Microsoft Corporation. All rights reserved.
3735
3746
  * Licensed under the MIT License.
@@ -3794,7 +3805,7 @@ function wasClockTurnedBack(cachedAt) {
3794
3805
  return cachedAtSec > nowSeconds();
3795
3806
  }
3796
3807
 
3797
- /*! @azure/msal-common v16.4.1 2026-04-01 */
3808
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3798
3809
 
3799
3810
  /*
3800
3811
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4053,7 +4064,7 @@ function isAuthorityMetadataExpired(metadata) {
4053
4064
  return metadata.expiresAt <= nowSeconds();
4054
4065
  }
4055
4066
 
4056
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4067
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4057
4068
  /*
4058
4069
  * Copyright (c) Microsoft Corporation. All rights reserved.
4059
4070
  * Licensed under the MIT License.
@@ -4124,7 +4135,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
4124
4135
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4125
4136
  const SetUserData = "setUserData";
4126
4137
 
4127
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4138
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4128
4139
  /*
4129
4140
  * Copyright (c) Microsoft Corporation. All rights reserved.
4130
4141
  * Licensed under the MIT License.
@@ -4217,7 +4228,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
4217
4228
  };
4218
4229
  };
4219
4230
 
4220
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4231
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4221
4232
 
4222
4233
  /*
4223
4234
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4297,7 +4308,7 @@ class PopTokenGenerator {
4297
4308
  }
4298
4309
  }
4299
4310
 
4300
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4311
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4301
4312
  /*
4302
4313
  * Copyright (c) Microsoft Corporation. All rights reserved.
4303
4314
  * Licensed under the MIT License.
@@ -4361,7 +4372,7 @@ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
4361
4372
  uxNotAllowed: uxNotAllowed
4362
4373
  });
4363
4374
 
4364
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4375
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4365
4376
 
4366
4377
  /*
4367
4378
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4429,7 +4440,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
4429
4440
  return new InteractionRequiredAuthError(errorCode, errorMessage);
4430
4441
  }
4431
4442
 
4432
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4443
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4433
4444
 
4434
4445
  /*
4435
4446
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4448,7 +4459,7 @@ class ServerError extends AuthError {
4448
4459
  }
4449
4460
  }
4450
4461
 
4451
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4462
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4452
4463
 
4453
4464
  /*
4454
4465
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4516,7 +4527,7 @@ function parseRequestState(base64Decode, state) {
4516
4527
  }
4517
4528
  }
4518
4529
 
4519
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4530
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4520
4531
 
4521
4532
  /*
4522
4533
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4864,7 +4875,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
4864
4875
  return baseAccount;
4865
4876
  }
4866
4877
 
4867
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4878
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4868
4879
  /*
4869
4880
  * Copyright (c) Microsoft Corporation. All rights reserved.
4870
4881
  * Licensed under the MIT License.
@@ -4874,7 +4885,7 @@ const CcsCredentialType = {
4874
4885
  UPN: "UPN",
4875
4886
  };
4876
4887
 
4877
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4888
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4878
4889
  /*
4879
4890
  * Copyright (c) Microsoft Corporation. All rights reserved.
4880
4891
  * Licensed under the MIT License.
@@ -4892,7 +4903,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
4892
4903
  }
4893
4904
  }
4894
4905
 
4895
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4906
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4896
4907
  /*
4897
4908
  * Copyright (c) Microsoft Corporation. All rights reserved.
4898
4909
  * Licensed under the MIT License.
@@ -4913,7 +4924,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
4913
4924
  };
4914
4925
  }
4915
4926
 
4916
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4927
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4917
4928
 
4918
4929
  /*
4919
4930
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4999,7 +5010,7 @@ class ThrottlingUtils {
4999
5010
  }
5000
5011
  }
5001
5012
 
5002
- /*! @azure/msal-common v16.4.1 2026-04-01 */
5013
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5003
5014
 
5004
5015
  /*
5005
5016
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5030,7 +5041,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
5030
5041
  return new NetworkError(error, httpStatus, responseHeaders);
5031
5042
  }
5032
5043
 
5033
- /*! @azure/msal-common v16.4.1 2026-04-01 */
5044
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5034
5045
 
5035
5046
  /*
5036
5047
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5144,7 +5155,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
5144
5155
  return response;
5145
5156
  }
5146
5157
 
5147
- /*! @azure/msal-common v16.4.1 2026-04-01 */
5158
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5148
5159
  /*
5149
5160
  * Copyright (c) Microsoft Corporation. All rights reserved.
5150
5161
  * Licensed under the MIT License.
@@ -5156,7 +5167,7 @@ function isOpenIdConfigResponse(response) {
5156
5167
  response.hasOwnProperty("jwks_uri"));
5157
5168
  }
5158
5169
 
5159
- /*! @azure/msal-common v16.4.1 2026-04-01 */
5170
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5160
5171
  /*
5161
5172
  * Copyright (c) Microsoft Corporation. All rights reserved.
5162
5173
  * Licensed under the MIT License.
@@ -5166,7 +5177,7 @@ function isCloudInstanceDiscoveryResponse(response) {
5166
5177
  response.hasOwnProperty("metadata"));
5167
5178
  }
5168
5179
 
5169
- /*! @azure/msal-common v16.4.1 2026-04-01 */
5180
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5170
5181
  /*
5171
5182
  * Copyright (c) Microsoft Corporation. All rights reserved.
5172
5183
  * Licensed under the MIT License.
@@ -5176,7 +5187,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
5176
5187
  response.hasOwnProperty("error_description"));
5177
5188
  }
5178
5189
 
5179
- /*! @azure/msal-common v16.4.1 2026-04-01 */
5190
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5180
5191
 
5181
5192
  /*
5182
5193
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5281,7 +5292,7 @@ RegionDiscovery.IMDS_OPTIONS = {
5281
5292
  },
5282
5293
  };
5283
5294
 
5284
- /*! @azure/msal-common v16.4.1 2026-04-01 */
5295
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5285
5296
 
5286
5297
  /*
5287
5298
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6101,7 +6112,7 @@ function buildStaticAuthorityOptions(authOptions) {
6101
6112
  };
6102
6113
  }
6103
6114
 
6104
- /*! @azure/msal-common v16.4.1 2026-04-01 */
6115
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6105
6116
 
6106
6117
  /*
6107
6118
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6135,7 +6146,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
6135
6146
  }
6136
6147
  }
6137
6148
 
6138
- /*! @azure/msal-common v16.4.1 2026-04-01 */
6149
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6139
6150
 
6140
6151
  /*
6141
6152
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6300,11 +6311,6 @@ class AuthorizationCodeClient {
6300
6311
  throw createClientConfigurationError(missingSshJwk);
6301
6312
  }
6302
6313
  }
6303
- if (!StringUtils.isEmptyObj(request.claims) ||
6304
- (this.config.authOptions.clientCapabilities &&
6305
- this.config.authOptions.clientCapabilities.length > 0)) {
6306
- addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
6307
- }
6308
6314
  let ccsCred = undefined;
6309
6315
  if (request.clientInfo) {
6310
6316
  try {
@@ -6353,6 +6359,7 @@ class AuthorizationCodeClient {
6353
6359
  });
6354
6360
  }
6355
6361
  instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
6362
+ addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities, request.skipBrokerClaims);
6356
6363
  return mapToQueryString(parameters);
6357
6364
  }
6358
6365
  /**
@@ -6396,7 +6403,7 @@ class AuthorizationCodeClient {
6396
6403
  }
6397
6404
  }
6398
6405
 
6399
- /*! @azure/msal-common v16.4.1 2026-04-01 */
6406
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6400
6407
 
6401
6408
  /*
6402
6409
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6586,11 +6593,6 @@ class RefreshTokenClient {
6586
6593
  throw createClientConfigurationError(missingSshJwk);
6587
6594
  }
6588
6595
  }
6589
- if (!StringUtils.isEmptyObj(request.claims) ||
6590
- (this.config.authOptions.clientCapabilities &&
6591
- this.config.authOptions.clientCapabilities.length > 0)) {
6592
- addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
6593
- }
6594
6596
  if (this.config.systemOptions.preventCorsPreflight &&
6595
6597
  request.ccsCredential) {
6596
6598
  switch (request.ccsCredential.type) {
@@ -6617,11 +6619,12 @@ class RefreshTokenClient {
6617
6619
  });
6618
6620
  }
6619
6621
  instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
6622
+ addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities, request.skipBrokerClaims);
6620
6623
  return mapToQueryString(parameters);
6621
6624
  }
6622
6625
  }
6623
6626
 
6624
- /*! @azure/msal-common v16.4.1 2026-04-01 */
6627
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6625
6628
 
6626
6629
  /*
6627
6630
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6737,7 +6740,7 @@ class SilentFlowClient {
6737
6740
  }
6738
6741
  }
6739
6742
 
6740
- /*! @azure/msal-common v16.4.1 2026-04-01 */
6743
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6741
6744
 
6742
6745
  /*
6743
6746
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6752,7 +6755,7 @@ const StubbedNetworkModule = {
6752
6755
  },
6753
6756
  };
6754
6757
 
6755
- /*! @azure/msal-common v16.4.1 2026-04-01 */
6758
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6756
6759
 
6757
6760
  /*
6758
6761
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6876,14 +6879,10 @@ function getStandardAuthorizeRequestParameters(authOptions, request, logger, per
6876
6879
  if (request.state) {
6877
6880
  addState(parameters, request.state);
6878
6881
  }
6879
- if (request.claims ||
6880
- (authOptions.clientCapabilities &&
6881
- authOptions.clientCapabilities.length > 0)) {
6882
- addClaims(parameters, request.claims, authOptions.clientCapabilities);
6883
- }
6884
6882
  if (request.embeddedClientId) {
6885
6883
  addBrokerParameters(parameters, authOptions.clientId, authOptions.redirectUri);
6886
6884
  }
6885
+ addClaims(parameters, request.claims, authOptions.clientCapabilities, request.skipBrokerClaims);
6887
6886
  // If extraQueryParameters includes instance_aware its value will be added when extraQueryParameters are added
6888
6887
  if (authOptions.instanceAware &&
6889
6888
  (!request.extraQueryParameters ||
@@ -6979,7 +6978,7 @@ function extractLoginHint(account) {
6979
6978
  return account.loginHint || account.idTokenClaims?.login_hint || null;
6980
6979
  }
6981
6980
 
6982
- /*! @azure/msal-common v16.4.1 2026-04-01 */
6981
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6983
6982
 
6984
6983
  /*
6985
6984
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7012,7 +7011,7 @@ function containsResourceParam(params) {
7012
7011
  return Object.prototype.hasOwnProperty.call(params, "resource");
7013
7012
  }
7014
7013
 
7015
- /*! @azure/msal-common v16.4.1 2026-04-01 */
7014
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7016
7015
 
7017
7016
  /*
7018
7017
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7070,7 +7069,7 @@ class AuthenticationHeaderParser {
7070
7069
  }
7071
7070
  }
7072
7071
 
7073
- /*! @azure/msal-common v16.4.1 2026-04-01 */
7072
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7074
7073
  /*
7075
7074
  * Copyright (c) Microsoft Corporation. All rights reserved.
7076
7075
  * Licensed under the MIT License.
@@ -7087,7 +7086,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
7087
7086
  unexpectedError: unexpectedError
7088
7087
  });
7089
7088
 
7090
- /*! @azure/msal-common v16.4.1 2026-04-01 */
7089
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7091
7090
 
7092
7091
  /*
7093
7092
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7348,7 +7347,7 @@ class ServerTelemetryManager {
7348
7347
  }
7349
7348
  }
7350
7349
 
7351
- /*! @azure/msal-common v16.4.1 2026-04-01 */
7350
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7352
7351
 
7353
7352
  /*
7354
7353
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7369,7 +7368,7 @@ function createJoseHeaderError(code) {
7369
7368
  return new JoseHeaderError(code);
7370
7369
  }
7371
7370
 
7372
- /*! @azure/msal-common v16.4.1 2026-04-01 */
7371
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7373
7372
  /*
7374
7373
  * Copyright (c) Microsoft Corporation. All rights reserved.
7375
7374
  * Licensed under the MIT License.
@@ -7377,7 +7376,7 @@ function createJoseHeaderError(code) {
7377
7376
  const missingKidError = "missing_kid_error";
7378
7377
  const missingAlgError = "missing_alg_error";
7379
7378
 
7380
- /*! @azure/msal-common v16.4.1 2026-04-01 */
7379
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7381
7380
 
7382
7381
  /*
7383
7382
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7417,7 +7416,7 @@ class JoseHeader {
7417
7416
  }
7418
7417
  }
7419
7418
 
7420
- /*! @azure/msal-common v16.4.1 2026-04-01 */
7419
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7421
7420
 
7422
7421
  /*
7423
7422
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8002,6 +8001,7 @@ const StandardInteractionClientGetDiscoveredAuthority = "standardInteractionClie
8002
8001
  * Used to acquire a token from Native component when native brokering is enabled.
8003
8002
  */
8004
8003
  const NativeInteractionClientAcquireToken = "nativeInteractionClientAcquireToken";
8004
+ const NativeInteractionClientAcquireTokenRedirect = "nativeInteractionClientAcquireToken";
8005
8005
  /**
8006
8006
  * acquireTokenByRefreshToken API in RefreshTokenClient (msal-common).
8007
8007
  */
@@ -8075,7 +8075,7 @@ const LoadRefreshToken = "loadRefreshToken";
8075
8075
  * Background telemetry measurement that tracks whether a late bridge response
8076
8076
  * arrives after the iframe timeout has already fired.
8077
8077
  */
8078
- const WaitForBridgeLateResponse = "waitForBridgeLateResponse";
8078
+ const WaitForBridgeLateResponse$1 = "waitForBridgeLateResponse";
8079
8079
 
8080
8080
  /*
8081
8081
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -9001,7 +9001,7 @@ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request,
9001
9001
  // Clear the active monitor
9002
9002
  activeBridgeMonitor = null;
9003
9003
  if (experimentalConfig?.iframeTimeoutTelemetry) {
9004
- lateMeasurement = performanceClient.startMeasurement(WaitForBridgeLateResponse, correlationId);
9004
+ lateMeasurement = performanceClient.startMeasurement(WaitForBridgeLateResponse$1, correlationId);
9005
9005
  timedOut$1 = true;
9006
9006
  lateTimeoutId = window.setTimeout(() => {
9007
9007
  lateMeasurement?.end({ success: false });
@@ -9802,7 +9802,14 @@ const InitializeClientApplication = "initializeClientApplication";
9802
9802
  // Update cache storage
9803
9803
  const LocalStorageUpdated = "localStorageUpdated";
9804
9804
  // Load external tokens
9805
- const LoadExternalTokens = "loadExternalTokens";
9805
+ const LoadExternalTokens = "loadExternalTokens";
9806
+ /**
9807
+ * SSO capability verification call (msal-browser).
9808
+ * Fire-and-forget SSO verification call made after interactive authentication completes.
9809
+ */
9810
+ const SsoCapable = "ssoCapable";
9811
+ // Wait for late response from bridge after timeout has already occurred
9812
+ const WaitForBridgeLateResponse = "waitForBridgeLateResponse";
9806
9813
 
9807
9814
  var BrowserRootPerformanceEvents = /*#__PURE__*/Object.freeze({
9808
9815
  __proto__: null,
@@ -9814,7 +9821,9 @@ var BrowserRootPerformanceEvents = /*#__PURE__*/Object.freeze({
9814
9821
  InitializeClientApplication: InitializeClientApplication,
9815
9822
  LoadExternalTokens: LoadExternalTokens,
9816
9823
  LocalStorageUpdated: LocalStorageUpdated,
9817
- SsoSilent: SsoSilent
9824
+ SsoCapable: SsoCapable,
9825
+ SsoSilent: SsoSilent,
9826
+ WaitForBridgeLateResponse: WaitForBridgeLateResponse
9818
9827
  });
9819
9828
 
9820
9829
  /*
@@ -9833,6 +9842,7 @@ const PLATFORM_AUTH_DOM_SUPPORT = `${PREFIX}.${BROWSER_PREFIX}.platform.auth.dom
9833
9842
  const VERSION_CACHE_KEY = `${PREFIX}.version`;
9834
9843
  const ACCOUNT_KEYS = "account.keys";
9835
9844
  const TOKEN_KEYS = "token.keys";
9845
+ const SSO_CAPABLE = `${PREFIX}.${BROWSER_PREFIX}.sso.capable`;
9836
9846
  function getAccountKeysCacheKey(schema = ACCOUNT_SCHEMA_VERSION) {
9837
9847
  if (schema < 1) {
9838
9848
  return `${PREFIX}.${ACCOUNT_KEYS}`;
@@ -10331,7 +10341,7 @@ const EventType = {
10331
10341
 
10332
10342
  /* eslint-disable header/header */
10333
10343
  const name = "@azure/msal-browser";
10334
- const version = "5.6.3";
10344
+ const version = "5.7.0";
10335
10345
 
10336
10346
  /*
10337
10347
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -12434,7 +12444,6 @@ const unsupportedMethod = "unsupported_method";
12434
12444
  const USER_INTERACTION_REQUIRED = "USER_INTERACTION_REQUIRED";
12435
12445
  const USER_CANCEL = "USER_CANCEL";
12436
12446
  const NO_NETWORK = "NO_NETWORK";
12437
- const PERSISTENT_ERROR = "PERSISTENT_ERROR";
12438
12447
  const DISABLED = "DISABLED";
12439
12448
  const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
12440
12449
  const UX_NOT_ALLOWED = "UX_NOT_ALLOWED";
@@ -12458,8 +12467,7 @@ class NativeAuthError extends AuthError {
12458
12467
  function isFatalNativeAuthError(error) {
12459
12468
  if (error.ext &&
12460
12469
  error.ext.status &&
12461
- (error.ext.status === PERSISTENT_ERROR ||
12462
- error.ext.status === DISABLED)) {
12470
+ error.ext.status === DISABLED) {
12463
12471
  return true;
12464
12472
  }
12465
12473
  if (error.ext &&
@@ -12585,12 +12593,12 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
12585
12593
  async acquireToken(request, cacheLookupPolicy) {
12586
12594
  this.logger.trace("03qeos", this.correlationId);
12587
12595
  // start the perf measurement
12588
- const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken, request.correlationId);
12596
+ const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken, this.correlationId);
12589
12597
  const reqTimestamp = nowSeconds();
12590
12598
  const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
12591
12599
  try {
12592
12600
  // initialize native request
12593
- const nativeRequest = await this.initializeNativeRequest(request);
12601
+ const nativeRequest = await this.initializePlatformRequest(request);
12594
12602
  // check if the tokens can be retrieved from internal cache
12595
12603
  try {
12596
12604
  const result = await this.acquireTokensFromCache(this.accountId, nativeRequest);
@@ -12604,6 +12612,10 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
12604
12612
  catch (e) {
12605
12613
  if (cacheLookupPolicy === CacheLookupPolicy.AccessToken) {
12606
12614
  this.logger.info("0eitbc", this.correlationId);
12615
+ nativeATMeasurement.end({
12616
+ success: false,
12617
+ brokerErrorCode: "cache_request_failed",
12618
+ });
12607
12619
  throw e;
12608
12620
  }
12609
12621
  // continue with a native call for any and all errors
@@ -12625,7 +12637,6 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
12625
12637
  success: false,
12626
12638
  errorCode: error.errorCode,
12627
12639
  subErrorCode: error.subError,
12628
- isNativeBroker: true,
12629
12640
  });
12630
12641
  throw error;
12631
12642
  });
@@ -12634,6 +12645,9 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
12634
12645
  if (e instanceof NativeAuthError) {
12635
12646
  serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode);
12636
12647
  }
12648
+ nativeATMeasurement.end({
12649
+ success: false,
12650
+ });
12637
12651
  throw e;
12638
12652
  }
12639
12653
  }
@@ -12666,7 +12680,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
12666
12680
  // fetch the account from browser cache
12667
12681
  const account = this.browserStorage.getBaseAccountInfo({
12668
12682
  nativeAccountId,
12669
- }, request.correlationId);
12683
+ }, this.correlationId);
12670
12684
  if (!account) {
12671
12685
  throw createClientAuthError(noAccountFound);
12672
12686
  }
@@ -12696,7 +12710,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
12696
12710
  */
12697
12711
  async acquireTokenRedirect(request, rootMeasurement, options) {
12698
12712
  this.logger.trace("0luikq", this.correlationId);
12699
- const nativeRequest = await this.initializeNativeRequest(request);
12713
+ const nativeRequest = await this.initializePlatformRequest(request);
12700
12714
  const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
12701
12715
  try {
12702
12716
  await this.platformAuthProvider.sendMessage(nativeRequest);
@@ -12728,7 +12742,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
12728
12742
  * @param performanceClient {IPerformanceClient?}
12729
12743
  * @param correlationId {string?} correlation identifier
12730
12744
  */
12731
- async handleRedirectPromise(performanceClient, correlationId) {
12745
+ async handleRedirectPromise() {
12732
12746
  this.logger.trace("1c5lhw", this.correlationId);
12733
12747
  if (!this.browserStorage.isInteractionInProgress(true)) {
12734
12748
  this.logger.info("0le6uv", this.correlationId);
@@ -12738,9 +12752,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
12738
12752
  const cachedRequest = this.browserStorage.getCachedNativeRequest();
12739
12753
  if (!cachedRequest) {
12740
12754
  this.logger.verbose("0a6zjb", this.correlationId);
12741
- if (performanceClient && correlationId) {
12742
- performanceClient?.addFields({ errorCode: "no_cached_request" }, correlationId);
12743
- }
12755
+ this.performanceClient?.addFields({ errorCode: "no_cached_request" }, this.correlationId);
12744
12756
  return null;
12745
12757
  }
12746
12758
  const { prompt, ...request } = cachedRequest;
@@ -12755,6 +12767,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
12755
12767
  const authResult = await this.handleNativeResponse(response, request, reqTimestamp);
12756
12768
  const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
12757
12769
  serverTelemetryManager.clearNativeBrokerErrorCode();
12770
+ this.performanceClient?.addFields({ isNativeBroker: true }, this.correlationId);
12758
12771
  return authResult;
12759
12772
  }
12760
12773
  catch (e) {
@@ -13023,15 +13036,23 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
13023
13036
  * Translates developer provided request object into NativeRequest object
13024
13037
  * @param request
13025
13038
  */
13026
- async initializeNativeRequest(request) {
13027
- this.logger.trace("04j6wj", this.correlationId);
13039
+ async initializePlatformRequest(request) {
13040
+ this.logger.trace("1xdm2a", this.correlationId);
13028
13041
  const canonicalAuthority = await this.getCanonicalAuthority(request);
13042
+ // ignore config claims if skipBrokerClaims is set to true and this is a brokered authentication flow
13043
+ const configClaims = request.skipBrokerClaims && !!request.embeddedClientId
13044
+ ? undefined
13045
+ : this.config.auth.clientCapabilities;
13029
13046
  // scopes are expected to be received by the native broker as "scope" and will be added to the request below. Other properties that should be dropped from the request to the native broker can be included in the object destructuring here.
13030
- const { scopes, ...remainingProperties } = request;
13047
+ const { scopes, claims, ...remainingProperties } = request;
13031
13048
  const scopeSet = new ScopeSet(scopes || []);
13032
13049
  scopeSet.appendScopes(OIDC_DEFAULT_SCOPES$1);
13050
+ const mergedClaims = configClaims && configClaims.length
13051
+ ? addClientCapabilitiesToClaims$1(claims, configClaims)
13052
+ : claims;
13033
13053
  const validatedRequest = {
13034
13054
  ...remainingProperties,
13055
+ claims: mergedClaims,
13035
13056
  accountId: this.accountId,
13036
13057
  clientId: this.config.auth.clientId,
13037
13058
  authority: canonicalAuthority.urlString,
@@ -13101,12 +13122,12 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
13101
13122
  switch (this.apiId) {
13102
13123
  case ApiId.ssoSilent:
13103
13124
  case ApiId.acquireTokenSilent_silentFlow:
13104
- this.logger.trace("1hiwaz", this.correlationId);
13125
+ this.logger.trace("12n1y2", this.correlationId);
13105
13126
  return PromptValue$1.NONE;
13106
13127
  }
13107
13128
  // Prompt not provided, request may proceed and native broker decides if it needs to prompt
13108
13129
  if (!prompt) {
13109
- this.logger.trace("1qlu04", this.correlationId);
13130
+ this.logger.trace("0uid1p", this.correlationId);
13110
13131
  return undefined;
13111
13132
  }
13112
13133
  // If request is interactive, check if prompt provided is allowed to go directly to native broker
@@ -13114,10 +13135,10 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
13114
13135
  case PromptValue$1.NONE:
13115
13136
  case PromptValue$1.CONSENT:
13116
13137
  case PromptValue$1.LOGIN:
13117
- this.logger.trace("1ynje4", this.correlationId);
13138
+ this.logger.trace("0i0hco", this.correlationId);
13118
13139
  return prompt;
13119
13140
  default:
13120
- this.logger.trace("0nkr6q", this.correlationId);
13141
+ this.logger.trace("0w3tpw", this.correlationId);
13121
13142
  throw createBrowserAuthError(nativePromptNotSupported);
13122
13143
  }
13123
13144
  }
@@ -13153,7 +13174,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
13153
13174
  this.performanceClient?.addFields({
13154
13175
  embeddedClientId: child_client_id,
13155
13176
  embeddedRedirectUri: child_redirect_uri,
13156
- }, request.correlationId);
13177
+ }, this.correlationId);
13157
13178
  }
13158
13179
  }
13159
13180
 
@@ -13240,6 +13261,10 @@ async function getStandardParameters(config, authority, request, logger, perform
13240
13261
  if (request.platformBroker) {
13241
13262
  // signal ests that this is a WAM call
13242
13263
  addNativeBroker(parameters);
13264
+ // instrument JS-platform bridge specific fields
13265
+ performanceClient.addFields({
13266
+ isPlatformAuthorizeRequest: true,
13267
+ }, request.correlationId);
13243
13268
  // pass the req_cnf for POP
13244
13269
  if (request.authenticationScheme === AuthenticationScheme$1.POP) {
13245
13270
  const cryptoOps = new CryptoOps(logger, performanceClient);
@@ -13709,6 +13734,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
13709
13734
  },
13710
13735
  instanceAware: false,
13711
13736
  isMcp: false,
13737
+ verifySSO: false,
13712
13738
  };
13713
13739
  // Default cache options for browser
13714
13740
  const DEFAULT_CACHE_OPTIONS = {
@@ -14261,7 +14287,7 @@ function isDomEnabledForPlatformAuth() {
14261
14287
  }
14262
14288
  }
14263
14289
  /**
14264
- * Returns boolean indicating whether or not the request should attempt to use native broker
14290
+ * Returns boolean indicating whether or not the request should attempt to use platform broker
14265
14291
  * @param logger
14266
14292
  * @param config
14267
14293
  * @param correlationId
@@ -14543,6 +14569,10 @@ class PopupClient extends StandardInteractionClient {
14543
14569
  return;
14544
14570
  }
14545
14571
  }
14572
+ // Redirect bridge requires "state" param to work properly
14573
+ validRequest.state = setRequestState(this.browserCrypto, validRequest.state || "", {
14574
+ interactionType: exports.InteractionType.Popup,
14575
+ });
14546
14576
  // Create logout string and navigate user window to logout.
14547
14577
  const logoutUri = authClient.getLogoutUri(validRequest);
14548
14578
  this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, validRequest.correlationId, exports.InteractionType.Popup, validRequest);
@@ -15083,6 +15113,10 @@ class RedirectClient extends StandardInteractionClient {
15083
15113
  }
15084
15114
  }
15085
15115
  }
15116
+ // Redirect bridge requires "state" param to work properly
15117
+ validLogoutRequest.state = setRequestState(this.browserCrypto, validLogoutRequest.state || "", {
15118
+ interactionType: exports.InteractionType.Redirect,
15119
+ });
15086
15120
  // Create logout string and navigate user window to logout.
15087
15121
  const logoutUri = authClient.getLogoutUri(validLogoutRequest);
15088
15122
  if (validLogoutRequest.account?.homeAccountId) {
@@ -15331,6 +15365,38 @@ class SilentIframeClient extends StandardInteractionClient {
15331
15365
  return invokeAsync(handleResponseEAR, HandleResponseEar, this.logger, this.performanceClient, correlationId)(silentRequest, serverParams, this.apiId, this.config, discoveredAuthority, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
15332
15366
  }
15333
15367
  }
15368
+ /**
15369
+ * Verifies SSO capability by making an iframe request to /authorize without exchanging the code for tokens.
15370
+ * This is useful for verifying SSO capability in the background without the overhead of a full token exchange.
15371
+ * @param request - The SSO silent request
15372
+ * @returns true if SSO verification was successful with a valid authorization code, false otherwise
15373
+ */
15374
+ async verifySso(request) {
15375
+ const inputRequest = { ...request };
15376
+ if (!inputRequest.prompt) {
15377
+ inputRequest.prompt = PromptValue$1.NONE;
15378
+ }
15379
+ // Create silent request
15380
+ const silentRequest = await invokeAsync(initializeAuthorizationRequest, StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(inputRequest, exports.InteractionType.Silent, this.config, this.browserCrypto, this.browserStorage, this.logger, this.performanceClient, this.correlationId);
15381
+ const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
15382
+ serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger),
15383
+ requestAuthority: silentRequest.authority,
15384
+ requestAzureCloudOptions: silentRequest.azureCloudOptions,
15385
+ requestExtraQueryParameters: silentRequest.extraQueryParameters,
15386
+ account: silentRequest.account,
15387
+ });
15388
+ const { serverParams } = await this.silentAuthorizeHelper(authClient, silentRequest);
15389
+ const correlationId = silentRequest.correlationId;
15390
+ // Validate the response - this checks for errors and validates state
15391
+ validateAuthorizationResponse(serverParams, silentRequest.state);
15392
+ // Verify a valid authorization code is present
15393
+ if (!serverParams.code) {
15394
+ this.logger.warning("0y34ti", correlationId);
15395
+ return false;
15396
+ }
15397
+ this.logger.verbose("0kkkcj", correlationId);
15398
+ return true;
15399
+ }
15334
15400
  /**
15335
15401
  * Currently Unsupported
15336
15402
  */
@@ -15345,6 +15411,16 @@ class SilentIframeClient extends StandardInteractionClient {
15345
15411
  * @param userRequestScopes
15346
15412
  */
15347
15413
  async silentTokenHelper(authClient, request) {
15414
+ const { serverParams, pkceCodes } = await this.silentAuthorizeHelper(authClient, request);
15415
+ return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, request.correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
15416
+ }
15417
+ /**
15418
+ * Shared helper that generates PKCE codes, builds the /authorize URL,
15419
+ * loads it in a hidden iframe, waits for the redirect-bridge response,
15420
+ * and returns the deserialized server parameters along with the PKCE codes
15421
+ * and the request that was sent.
15422
+ */
15423
+ async silentAuthorizeHelper(authClient, request) {
15348
15424
  const correlationId = request.correlationId;
15349
15425
  const pkceCodes = await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
15350
15426
  const silentRequest = {
@@ -15371,7 +15447,7 @@ class SilentIframeClient extends StandardInteractionClient {
15371
15447
  invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
15372
15448
  }
15373
15449
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
15374
- return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
15450
+ return { serverParams, pkceCodes, silentRequest };
15375
15451
  }
15376
15452
  }
15377
15453
 
@@ -15750,22 +15826,25 @@ class StandardController {
15750
15826
  }
15751
15827
  const loggedInAccounts = this.getAllAccounts();
15752
15828
  const platformBrokerRequest = this.browserStorage.getCachedNativeRequest();
15753
- const useNative = platformBrokerRequest &&
15754
- this.platformAuthProvider &&
15755
- !options?.hash;
15829
+ const useNative = platformBrokerRequest && !options?.hash;
15756
15830
  let rootMeasurement;
15757
15831
  let redirectResponse;
15832
+ let cachedRedirectRequest;
15758
15833
  try {
15759
15834
  if (useNative && this.platformAuthProvider) {
15760
15835
  const correlationId = platformBrokerRequest?.correlationId || "";
15761
15836
  this.eventHandler.emitEvent(EventType.HANDLE_REDIRECT_START, correlationId, exports.InteractionType.Redirect);
15762
15837
  rootMeasurement = this.performanceClient.startMeasurement(AcquireTokenRedirect, correlationId);
15763
15838
  this.logger.trace("12v7is", correlationId);
15839
+ rootMeasurement.add({
15840
+ isPlatformBrokerRequest: true,
15841
+ });
15764
15842
  const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.handleRedirectPromise, this.performanceClient, this.platformAuthProvider, platformBrokerRequest.accountId, this.nativeInternalStorage, platformBrokerRequest.correlationId);
15765
- redirectResponse = invokeAsync(nativeClient.handleRedirectPromise.bind(nativeClient), HandleNativeRedirectPromiseMeasurement, this.logger, this.performanceClient, rootMeasurement.event.correlationId)(this.performanceClient, rootMeasurement.event.correlationId);
15843
+ redirectResponse = invokeAsync(nativeClient.handleRedirectPromise.bind(nativeClient), HandleNativeRedirectPromiseMeasurement, this.logger, this.performanceClient, rootMeasurement.event.correlationId)();
15766
15844
  }
15767
15845
  else {
15768
15846
  const [standardRequest, codeVerifier] = this.browserStorage.getCachedRequest("");
15847
+ cachedRedirectRequest = standardRequest;
15769
15848
  const correlationId = standardRequest.correlationId;
15770
15849
  this.eventHandler.emitEvent(EventType.HANDLE_REDIRECT_START, correlationId, exports.InteractionType.Redirect);
15771
15850
  // Reset rootMeasurement now that we have correlationId
@@ -15794,6 +15873,8 @@ class StandardController {
15794
15873
  rootMeasurement.end({
15795
15874
  success: true,
15796
15875
  }, undefined, result.account);
15876
+ // Fire-and-forget SSO capability verification in background
15877
+ this.verifySsoCapability(cachedRedirectRequest, exports.InteractionType.Redirect);
15797
15878
  }
15798
15879
  else {
15799
15880
  /*
@@ -15859,12 +15940,14 @@ class StandardController {
15859
15940
  if (this.platformAuthProvider &&
15860
15941
  this.canUsePlatformBroker(request)) {
15861
15942
  const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.acquireTokenRedirect, this.performanceClient, this.platformAuthProvider, this.getNativeAccountId(request), this.nativeInternalStorage, correlationId);
15862
- result = nativeClient
15863
- .acquireTokenRedirect(request, atrMeasurement)
15864
- .catch((e) => {
15943
+ result = invokeAsync(nativeClient.acquireTokenRedirect.bind(nativeClient), NativeInteractionClientAcquireTokenRedirect, this.logger, this.performanceClient, correlationId)(request, atrMeasurement).catch((e) => {
15944
+ atrMeasurement.add({
15945
+ brokerErrorName: e.name,
15946
+ brokerErrorCode: e.errorCode,
15947
+ });
15865
15948
  if (e instanceof NativeAuthError &&
15866
15949
  isFatalNativeAuthError(e)) {
15867
- this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
15950
+ this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
15868
15951
  const redirectClient = this.createRedirectClient(correlationId);
15869
15952
  return redirectClient.acquireToken(request);
15870
15953
  }
@@ -15930,6 +16013,9 @@ class StandardController {
15930
16013
  let result;
15931
16014
  const pkce = this.getPreGeneratedPkceCodes(correlationId);
15932
16015
  if (this.canUsePlatformBroker(request)) {
16016
+ atPopupMeasurement.add({
16017
+ isPlatformBrokerRequest: true,
16018
+ });
15933
16019
  result = this.acquireTokenNative({
15934
16020
  ...request,
15935
16021
  correlationId,
@@ -15942,9 +16028,13 @@ class StandardController {
15942
16028
  return response;
15943
16029
  })
15944
16030
  .catch((e) => {
16031
+ atPopupMeasurement.add({
16032
+ brokerErrorName: e.name,
16033
+ brokerErrorCode: e.errorCode,
16034
+ });
15945
16035
  if (e instanceof NativeAuthError &&
15946
16036
  isFatalNativeAuthError(e)) {
15947
- this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
16037
+ this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
15948
16038
  const popupClient = this.createPopupClient(correlationId);
15949
16039
  return popupClient.acquireToken(request, pkce);
15950
16040
  }
@@ -15975,6 +16065,8 @@ class StandardController {
15975
16065
  accessTokenSize: result.accessToken.length,
15976
16066
  idTokenSize: result.idToken.length,
15977
16067
  }, undefined, result.account);
16068
+ // SSO capability verification in background
16069
+ this.verifySsoCapability(request, exports.InteractionType.Popup);
15978
16070
  return result;
15979
16071
  })
15980
16072
  .catch((e) => {
@@ -16027,6 +16119,103 @@ class StandardController {
16027
16119
  window.removeEventListener("online", listener);
16028
16120
  window.removeEventListener("offline", listener);
16029
16121
  }
16122
+ /**
16123
+ * Reads the cached ssoCapable value from localStorage.
16124
+ * @returns The cached ssoCapable boolean value, or undefined if not cached or expired.
16125
+ */
16126
+ getCachedSsoCapable() {
16127
+ try {
16128
+ const cachedValue = window.localStorage.getItem(SSO_CAPABLE);
16129
+ if (cachedValue) {
16130
+ const parsed = JSON.parse(cachedValue);
16131
+ if (parsed &&
16132
+ typeof parsed.ssoCapable === "boolean" &&
16133
+ parsed.expiresOn &&
16134
+ Date.now() < parsed.expiresOn) {
16135
+ return parsed.ssoCapable;
16136
+ }
16137
+ }
16138
+ }
16139
+ catch {
16140
+ // If parsing fails, return undefined
16141
+ }
16142
+ return undefined;
16143
+ }
16144
+ /**
16145
+ * SSO capability verification in the background.
16146
+ * This method makes an iframe request to /authorize to verify SSO capability without calling /token.
16147
+ * This method does not block the caller and tracks telemetry for success/failure.
16148
+ * This method only executes if verifySSO is set to true in the auth configuration.
16149
+ * The result is cached in localStorage with a 24-hour TTL; the SSO verification call
16150
+ * is only attempted when the cached value is absent or expired.
16151
+ * @param request - The original request used for the authentication flow
16152
+ * @param interactionType - The interactionType of the AT operation for logging purposes
16153
+ */
16154
+ verifySsoCapability(request, interactionType) {
16155
+ // Check if SSO capability verification is enabled
16156
+ if (!this.config.auth.verifySSO) {
16157
+ return;
16158
+ }
16159
+ // Check TTL: derive ssoCapable state from localStorage and skip if not expired
16160
+ const ssoCacheKey = SSO_CAPABLE;
16161
+ const SSO_CAPABLE_TTL_MS = 24 * 60 * 60 * 1000; // 24 hours
16162
+ const cachedSsoCapable = this.getCachedSsoCapable();
16163
+ if (cachedSsoCapable !== undefined) {
16164
+ this.logger.verbose("13poou", "");
16165
+ return;
16166
+ }
16167
+ const correlationId = createNewGuid();
16168
+ const ssoCapableMeasurement = this.performanceClient.startMeasurement(SsoCapable, correlationId);
16169
+ ssoCapableMeasurement.add({
16170
+ "ext.interactionType": interactionType,
16171
+ });
16172
+ this.logger.verbose("0pbr0i", correlationId);
16173
+ /*
16174
+ * Use setTimeout to ensure this runs in a separate macrotask after the current call stack completes
16175
+ * This ensures the result is returned to the caller before the SSO verification starts and doesn't affect performance
16176
+ */
16177
+ setTimeout(() => {
16178
+ const ssoVerificationRequest = {
16179
+ ...request,
16180
+ correlationId: correlationId,
16181
+ };
16182
+ const silentIframeClient = this.createSilentIframeClient(correlationId);
16183
+ silentIframeClient
16184
+ .verifySso(ssoVerificationRequest)
16185
+ .then((result) => {
16186
+ this.logger.verbose("1gd1iv", correlationId);
16187
+ // TBD to add profileTelemetry later in localStorage with 24h TTL
16188
+ try {
16189
+ const cacheEntry = JSON.stringify({
16190
+ ssoCapable: result,
16191
+ expiresOn: Date.now() + SSO_CAPABLE_TTL_MS,
16192
+ });
16193
+ window.localStorage.setItem(ssoCacheKey, cacheEntry);
16194
+ }
16195
+ catch {
16196
+ this.logger.warning("18lmoj", correlationId);
16197
+ }
16198
+ ssoCapableMeasurement.end({
16199
+ fromCache: false,
16200
+ success: result,
16201
+ }, undefined);
16202
+ })
16203
+ .catch((error) => {
16204
+ this.logger.warning("05g83w", correlationId);
16205
+ // reset the cache
16206
+ try {
16207
+ window.localStorage.removeItem(ssoCacheKey);
16208
+ }
16209
+ catch {
16210
+ this.logger.warning("0nlf9q", correlationId);
16211
+ }
16212
+ ssoCapableMeasurement.end({
16213
+ fromCache: false,
16214
+ success: false,
16215
+ }, error);
16216
+ });
16217
+ }, 0);
16218
+ }
16030
16219
  // #endregion
16031
16220
  // #region Silent Flow
16032
16221
  /**
@@ -16048,13 +16237,12 @@ class StandardController {
16048
16237
  const correlationId = this.getRequestCorrelationId(request);
16049
16238
  const validRequest = {
16050
16239
  ...request,
16051
- // will be PromptValue.NONE or PromptValue.NO_SESSION
16052
- prompt: request.prompt,
16053
16240
  correlationId: correlationId,
16054
16241
  };
16055
16242
  this.ssoSilentMeasurement = this.performanceClient.startMeasurement(SsoSilent, correlationId);
16056
16243
  this.ssoSilentMeasurement?.add({
16057
16244
  scenarioId: request.scenarioId,
16245
+ ssoCapable: this.getCachedSsoCapable(),
16058
16246
  });
16059
16247
  preflightCheck(this.initialized, this.ssoSilentMeasurement, this.config, validRequest);
16060
16248
  this.ssoSilentMeasurement?.increment({
@@ -16067,10 +16255,17 @@ class StandardController {
16067
16255
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Silent, validRequest);
16068
16256
  let result;
16069
16257
  if (this.canUsePlatformBroker(validRequest)) {
16258
+ this.ssoSilentMeasurement?.add({
16259
+ isPlatformBrokerRequest: true,
16260
+ });
16070
16261
  result = this.acquireTokenNative(validRequest, ApiId.ssoSilent).catch((e) => {
16262
+ this.ssoSilentMeasurement?.add({
16263
+ brokerErrorName: e.name,
16264
+ brokerErrorCode: e.errorCode,
16265
+ });
16071
16266
  // If native token acquisition fails for availability reasons fallback to standard flow
16072
16267
  if (e instanceof NativeAuthError && isFatalNativeAuthError(e)) {
16073
- this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
16268
+ this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
16074
16269
  const silentIframeClient = this.createSilentIframeClient(validRequest.correlationId);
16075
16270
  return silentIframeClient.acquireToken(validRequest);
16076
16271
  }
@@ -16143,7 +16338,6 @@ class StandardController {
16143
16338
  this.hybridAuthCodeResponses.delete(hybridAuthCode);
16144
16339
  atbcMeasurement.end({
16145
16340
  success: true,
16146
- isNativeBroker: result.fromPlatformBroker,
16147
16341
  accessTokenSize: result.accessToken.length,
16148
16342
  idTokenSize: result.idToken.length,
16149
16343
  }, undefined, result.account);
@@ -16167,10 +16361,17 @@ class StandardController {
16167
16361
  }
16168
16362
  else if (request.nativeAccountId) {
16169
16363
  if (this.canUsePlatformBroker(request, request.nativeAccountId)) {
16364
+ atbcMeasurement.add({
16365
+ isPlatformBrokerRequest: true,
16366
+ });
16170
16367
  const result = await this.acquireTokenNative({
16171
16368
  ...request,
16172
16369
  correlationId,
16173
16370
  }, ApiId.acquireTokenByCode, request.nativeAccountId).catch((e) => {
16371
+ atbcMeasurement.add({
16372
+ brokerErrorName: e.name,
16373
+ brokerErrorCode: e.errorCode,
16374
+ });
16174
16375
  // If native token acquisition fails for availability reasons fallback to standard flow
16175
16376
  if (e instanceof NativeAuthError &&
16176
16377
  isFatalNativeAuthError(e)) {
@@ -16221,7 +16422,6 @@ class StandardController {
16221
16422
  this.acquireTokenByCodeAsyncMeasurement?.end({
16222
16423
  success: true,
16223
16424
  fromCache: response.fromCache,
16224
- isNativeBroker: response.fromPlatformBroker,
16225
16425
  });
16226
16426
  return response;
16227
16427
  })
@@ -16390,7 +16590,7 @@ class StandardController {
16390
16590
  throw createBrowserAuthError(nativeConnectionNotEstablished);
16391
16591
  }
16392
16592
  const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, apiId, this.performanceClient, this.platformAuthProvider, accountId || this.getNativeAccountId(request), this.nativeInternalStorage, correlationId);
16393
- return nativeClient.acquireToken(request, cacheLookupPolicy);
16593
+ return invokeAsync(nativeClient.acquireToken.bind(nativeClient), NativeInteractionClientAcquireToken, this.logger, this.performanceClient, correlationId)(request, cacheLookupPolicy);
16394
16594
  }
16395
16595
  /**
16396
16596
  * Returns boolean indicating if this request can use the platform broker
@@ -16404,7 +16604,7 @@ class StandardController {
16404
16604
  return false;
16405
16605
  }
16406
16606
  if (!isPlatformAuthAllowed(this.config, this.logger, correlationId, this.platformAuthProvider, request.authenticationScheme)) {
16407
- this.logger.trace("1m4bzf", correlationId);
16607
+ this.logger.trace("0yoy1g", correlationId);
16408
16608
  return false;
16409
16609
  }
16410
16610
  if (request.prompt) {
@@ -16623,6 +16823,7 @@ class StandardController {
16623
16823
  atsMeasurement.add({
16624
16824
  cacheLookupPolicy: request.cacheLookupPolicy,
16625
16825
  scenarioId: request.scenarioId,
16826
+ ssoCapable: this.getCachedSsoCapable(),
16626
16827
  });
16627
16828
  preflightCheck(this.initialized, atsMeasurement, this.config, request);
16628
16829
  this.logger.verbose("0x1c4s", correlationId);
@@ -16635,7 +16836,6 @@ class StandardController {
16635
16836
  atsMeasurement.end({
16636
16837
  success: true,
16637
16838
  fromCache: result.fromCache,
16638
- isNativeBroker: result.fromPlatformBroker,
16639
16839
  accessTokenSize: result.accessToken.length,
16640
16840
  idTokenSize: result.idToken.length,
16641
16841
  }, undefined, result.account);
@@ -16795,7 +16995,12 @@ class StandardController {
16795
16995
  if (isPlatformAuthAllowed(this.config, this.logger, silentRequest.correlationId, this.platformAuthProvider, silentRequest.authenticationScheme) &&
16796
16996
  silentRequest.account.nativeAccountId) {
16797
16997
  this.logger.verbose("0sczo4", silentRequest.correlationId);
16998
+ this.performanceClient.addFields({ isPlatformBrokerRequest: true }, silentRequest.correlationId);
16798
16999
  return this.acquireTokenNative(silentRequest, ApiId.acquireTokenSilent_silentFlow, silentRequest.account.nativeAccountId, cacheLookupPolicy).catch(async (e) => {
17000
+ this.performanceClient.addFields({
17001
+ brokerErrorName: e.name,
17002
+ brokerErrorCode: e.errorCode,
17003
+ }, silentRequest.correlationId);
16799
17004
  // If native token acquisition fails for availability reasons fallback to web flow
16800
17005
  if (e instanceof NativeAuthError && isFatalNativeAuthError(e)) {
16801
17006
  this.logger.verbose("07rkmb", silentRequest.correlationId);