@azure/msal-browser 5.6.3 → 5.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +0 -1
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +2 -3
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs.map +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +2 -2
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.d.ts +1 -0
- package/dist/cache/CacheKeys.d.ts.map +1 -1
- package/dist/cache/CacheKeys.mjs +3 -2
- package/dist/cache/CacheKeys.mjs.map +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.d.ts +7 -0
- package/dist/config/Configuration.d.ts.map +1 -1
- package/dist/config/Configuration.mjs +2 -1
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.d.ts +16 -0
- package/dist/controllers/StandardController.d.ts.map +1 -1
- package/dist/controllers/StandardController.mjs +150 -20
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +2 -3
- package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs.map +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +2 -2
- package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
- package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
- package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
- package/dist/custom-auth-path/cache/CacheKeys.d.ts +1 -0
- package/dist/custom-auth-path/cache/CacheKeys.d.ts.map +1 -1
- package/dist/custom-auth-path/cache/CacheKeys.mjs +3 -2
- package/dist/custom-auth-path/cache/CacheKeys.mjs.map +1 -1
- package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
- package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
- package/dist/custom-auth-path/config/Configuration.d.ts +7 -0
- package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
- package/dist/custom-auth-path/config/Configuration.mjs +2 -1
- package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
- package/dist/custom-auth-path/controllers/StandardController.d.ts +16 -0
- package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
- package/dist/custom-auth-path/controllers/StandardController.mjs +150 -20
- package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
- package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
- package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
- package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
- package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/error/NativeAuthError.d.ts.map +1 -1
- package/dist/custom-auth-path/error/NativeAuthError.mjs +3 -4
- package/dist/custom-auth-path/error/NativeAuthError.mjs.map +1 -1
- package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
- package/dist/custom-auth-path/event/EventType.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts +2 -2
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +32 -19
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/PopupClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/PopupClient.mjs +6 -2
- package/dist/custom-auth-path/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/RedirectClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +6 -2
- package/dist/custom-auth-path/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts +14 -0
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +45 -3
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/custom-auth-path/log-strings-mapping.json +47 -15
- package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
- package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
- package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
- package/dist/custom-auth-path/packageMetadata.mjs +2 -2
- package/dist/custom-auth-path/protocol/Authorize.d.ts.map +1 -1
- package/dist/custom-auth-path/protocol/Authorize.mjs +5 -1
- package/dist/custom-auth-path/protocol/Authorize.mjs.map +1 -1
- package/dist/custom-auth-path/redirect_bridge/index.d.ts.map +1 -1
- package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
- package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts +1 -0
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +3 -2
- package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
- package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
- package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
- package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +8 -3
- package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs.map +1 -1
- package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
- package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
- package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.d.ts.map +1 -1
- package/dist/error/NativeAuthError.mjs +3 -4
- package/dist/error/NativeAuthError.mjs.map +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.d.ts +2 -2
- package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +32 -19
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.d.ts.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +6 -2
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +6 -2
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.d.ts +14 -0
- package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +45 -3
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/log-strings-mapping.json +47 -15
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.d.ts.map +1 -1
- package/dist/protocol/Authorize.mjs +5 -1
- package/dist/protocol/Authorize.mjs.map +1 -1
- package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
- package/dist/redirect-bridge/cache/CacheKeys.d.ts +1 -0
- package/dist/redirect-bridge/cache/CacheKeys.d.ts.map +1 -1
- package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
- package/dist/redirect-bridge/config/Configuration.d.ts +7 -0
- package/dist/redirect-bridge/config/Configuration.d.ts.map +1 -1
- package/dist/redirect-bridge/config/Configuration.mjs +1 -1
- package/dist/redirect-bridge/controllers/StandardController.d.ts +16 -0
- package/dist/redirect-bridge/controllers/StandardController.d.ts.map +1 -1
- package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
- package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
- package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/redirect-bridge/error/NativeAuthError.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts +2 -2
- package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/PopupClient.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/RedirectClient.d.ts.map +1 -1
- package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts +14 -0
- package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
- package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
- package/dist/redirect-bridge/protocol/Authorize.d.ts.map +1 -1
- package/dist/redirect-bridge/redirect_bridge/index.d.ts.map +1 -1
- package/dist/redirect-bridge/redirect_bridge/index.mjs +11 -7
- package/dist/redirect-bridge/redirect_bridge/index.mjs.map +1 -1
- package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts +1 -0
- package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/dist/redirect-bridge/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
- package/dist/redirect-bridge/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
- package/dist/redirect-bridge/utils/BrowserConstants.mjs +7 -3
- package/dist/redirect-bridge/utils/BrowserConstants.mjs.map +1 -1
- package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
- package/dist/redirect_bridge/index.d.ts.map +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.d.ts +1 -0
- package/dist/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +3 -2
- package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
- package/dist/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +10 -3
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs.map +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +47 -15
- package/lib/custom-auth-path/msal-custom-auth.cjs +334 -133
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
- package/lib/custom-auth-path/types/cache/CacheKeys.d.ts +1 -0
- package/lib/custom-auth-path/types/cache/CacheKeys.d.ts.map +1 -1
- package/lib/custom-auth-path/types/config/Configuration.d.ts +7 -0
- package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
- package/lib/custom-auth-path/types/controllers/StandardController.d.ts +16 -0
- package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/lib/custom-auth-path/types/error/NativeAuthError.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts +2 -2
- package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts +14 -0
- package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
- package/lib/custom-auth-path/types/protocol/Authorize.d.ts.map +1 -1
- package/lib/custom-auth-path/types/redirect_bridge/index.d.ts.map +1 -1
- package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts +1 -0
- package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/lib/custom-auth-path/types/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
- package/lib/custom-auth-path/types/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
- package/lib/log-strings-mapping.json +47 -15
- package/lib/msal-browser.cjs +343 -138
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +343 -138
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.js +24 -16
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
- package/lib/types/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
- package/lib/types/cache/CacheKeys.d.ts +1 -0
- package/lib/types/cache/CacheKeys.d.ts.map +1 -1
- package/lib/types/config/Configuration.d.ts +7 -0
- package/lib/types/config/Configuration.d.ts.map +1 -1
- package/lib/types/controllers/StandardController.d.ts +16 -0
- package/lib/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/lib/types/error/NativeAuthError.d.ts.map +1 -1
- package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts +2 -2
- package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/lib/types/interaction_client/SilentIframeClient.d.ts +14 -0
- package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/protocol/Authorize.d.ts.map +1 -1
- package/lib/types/redirect_bridge/index.d.ts.map +1 -1
- package/lib/types/telemetry/BrowserPerformanceEvents.d.ts +1 -0
- package/lib/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
- package/lib/types/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
- package/lib/types/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/broker/nativeBroker/PlatformAuthProvider.ts +1 -1
- package/src/cache/CacheKeys.ts +1 -0
- package/src/config/Configuration.ts +8 -0
- package/src/controllers/StandardController.ts +233 -35
- package/src/error/NativeAuthError.ts +1 -2
- package/src/interaction_client/PlatformAuthInteractionClient.ts +44 -23
- package/src/interaction_client/PopupClient.ts +10 -0
- package/src/interaction_client/RedirectClient.ts +10 -0
- package/src/interaction_client/SilentIframeClient.ts +123 -20
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +8 -0
- package/src/redirect_bridge/index.ts +12 -5
- package/src/telemetry/BrowserPerformanceEvents.ts +3 -0
- package/src/telemetry/BrowserRootPerformanceEvents.ts +7 -0
package/lib/msal-browser.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @azure/msal-browser v5.
|
|
1
|
+
/*! @azure/msal-browser v5.7.0 2026-04-16 */
|
|
2
2
|
'use strict';
|
|
3
3
|
(function (global, factory) {
|
|
4
4
|
typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
|
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
(global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msal = {}));
|
|
7
7
|
})(this, (function (exports) { 'use strict';
|
|
8
8
|
|
|
9
|
-
/*! @azure/msal-common v16.
|
|
9
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
10
10
|
/*
|
|
11
11
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
12
12
|
* Licensed under the MIT License.
|
|
@@ -238,7 +238,7 @@
|
|
|
238
238
|
// Token renewal offset default in seconds
|
|
239
239
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
240
240
|
|
|
241
|
-
/*! @azure/msal-common v16.
|
|
241
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
242
242
|
/*
|
|
243
243
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
244
244
|
* Licensed under the MIT License.
|
|
@@ -290,7 +290,7 @@
|
|
|
290
290
|
const RESOURCE = "resource";
|
|
291
291
|
const CLI_DATA = "clidata";
|
|
292
292
|
|
|
293
|
-
/*! @azure/msal-common v16.
|
|
293
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
294
294
|
/*
|
|
295
295
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
296
296
|
* Licensed under the MIT License.
|
|
@@ -321,7 +321,7 @@
|
|
|
321
321
|
return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
|
|
322
322
|
}
|
|
323
323
|
|
|
324
|
-
/*! @azure/msal-common v16.
|
|
324
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
325
325
|
|
|
326
326
|
/*
|
|
327
327
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -341,7 +341,7 @@
|
|
|
341
341
|
return new ClientConfigurationError(errorCode);
|
|
342
342
|
}
|
|
343
343
|
|
|
344
|
-
/*! @azure/msal-common v16.
|
|
344
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
345
345
|
/*
|
|
346
346
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
347
347
|
* Licensed under the MIT License.
|
|
@@ -421,7 +421,7 @@
|
|
|
421
421
|
}
|
|
422
422
|
}
|
|
423
423
|
|
|
424
|
-
/*! @azure/msal-common v16.
|
|
424
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
425
425
|
|
|
426
426
|
/*
|
|
427
427
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -444,7 +444,7 @@
|
|
|
444
444
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
445
445
|
}
|
|
446
446
|
|
|
447
|
-
/*! @azure/msal-common v16.
|
|
447
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
448
448
|
/*
|
|
449
449
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
450
450
|
* Licensed under the MIT License.
|
|
@@ -498,7 +498,7 @@
|
|
|
498
498
|
urlParseError: urlParseError
|
|
499
499
|
});
|
|
500
500
|
|
|
501
|
-
/*! @azure/msal-common v16.
|
|
501
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
502
502
|
/*
|
|
503
503
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
504
504
|
* Licensed under the MIT License.
|
|
@@ -586,7 +586,7 @@
|
|
|
586
586
|
userCanceled: userCanceled
|
|
587
587
|
});
|
|
588
588
|
|
|
589
|
-
/*! @azure/msal-common v16.
|
|
589
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
590
590
|
|
|
591
591
|
/*
|
|
592
592
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -781,7 +781,7 @@
|
|
|
781
781
|
}
|
|
782
782
|
}
|
|
783
783
|
|
|
784
|
-
/*! @azure/msal-common v16.
|
|
784
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
785
785
|
|
|
786
786
|
/*
|
|
787
787
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -902,18 +902,29 @@
|
|
|
902
902
|
parameters.set(SID, sid);
|
|
903
903
|
}
|
|
904
904
|
/**
|
|
905
|
-
*
|
|
906
|
-
*
|
|
907
|
-
|
|
908
|
-
|
|
909
|
-
|
|
910
|
-
|
|
911
|
-
|
|
912
|
-
|
|
913
|
-
|
|
914
|
-
|
|
905
|
+
* Adds claims to request parameters, conditionally excluding clientCapabilities
|
|
906
|
+
* when skipBrokerClaims is true and a brokered flow is in effect.
|
|
907
|
+
* @param parameters - The request parameters map
|
|
908
|
+
* @param claims - The claims string from the request
|
|
909
|
+
* @param clientCapabilities - The client capabilities from configuration
|
|
910
|
+
* @param skipBrokerClaims - When true and BROKER_CLIENT_ID is present, excludes clientCapabilities from claims
|
|
911
|
+
*/
|
|
912
|
+
function addClaims(parameters, claims, clientCapabilities, skipBrokerClaims) {
|
|
913
|
+
// Skip clientCapabilities if skipBrokerClaims is set to true and this is a brokered authentication flow
|
|
914
|
+
const configClaims = skipBrokerClaims && parameters.has(BROKER_CLIENT_ID)
|
|
915
|
+
? undefined
|
|
916
|
+
: clientCapabilities;
|
|
917
|
+
if (!StringUtils.isEmptyObj(claims) ||
|
|
918
|
+
(configClaims && configClaims.length > 0)) {
|
|
919
|
+
const mergedClaims = addClientCapabilitiesToClaims$1(claims, configClaims);
|
|
920
|
+
try {
|
|
921
|
+
JSON.parse(mergedClaims);
|
|
922
|
+
}
|
|
923
|
+
catch (e) {
|
|
924
|
+
throw createClientConfigurationError(invalidClaims);
|
|
925
|
+
}
|
|
926
|
+
parameters.set(CLAIMS, mergedClaims);
|
|
915
927
|
}
|
|
916
|
-
parameters.set(CLAIMS, mergedClaims);
|
|
917
928
|
}
|
|
918
929
|
/**
|
|
919
930
|
* add correlationId
|
|
@@ -1159,7 +1170,7 @@
|
|
|
1159
1170
|
}
|
|
1160
1171
|
}
|
|
1161
1172
|
|
|
1162
|
-
/*! @azure/msal-common v16.
|
|
1173
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1163
1174
|
|
|
1164
1175
|
/*
|
|
1165
1176
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1268,7 +1279,7 @@
|
|
|
1268
1279
|
}
|
|
1269
1280
|
}
|
|
1270
1281
|
|
|
1271
|
-
/*! @azure/msal-common v16.
|
|
1282
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1272
1283
|
|
|
1273
1284
|
/*
|
|
1274
1285
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1307,7 +1318,7 @@
|
|
|
1307
1318
|
},
|
|
1308
1319
|
};
|
|
1309
1320
|
|
|
1310
|
-
/*! @azure/msal-common v16.
|
|
1321
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1311
1322
|
/*
|
|
1312
1323
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1313
1324
|
* Licensed under the MIT License.
|
|
@@ -1582,12 +1593,12 @@
|
|
|
1582
1593
|
}
|
|
1583
1594
|
}
|
|
1584
1595
|
|
|
1585
|
-
/*! @azure/msal-common v16.
|
|
1596
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1586
1597
|
/* eslint-disable header/header */
|
|
1587
1598
|
const name$1 = "@azure/msal-common";
|
|
1588
|
-
const version$1 = "16.
|
|
1599
|
+
const version$1 = "16.5.0";
|
|
1589
1600
|
|
|
1590
|
-
/*! @azure/msal-common v16.
|
|
1601
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1591
1602
|
/*
|
|
1592
1603
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1593
1604
|
* Licensed under the MIT License.
|
|
@@ -1607,7 +1618,7 @@
|
|
|
1607
1618
|
AzureUsGovernment: "https://login.microsoftonline.us",
|
|
1608
1619
|
};
|
|
1609
1620
|
|
|
1610
|
-
/*! @azure/msal-common v16.
|
|
1621
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1611
1622
|
/*
|
|
1612
1623
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1613
1624
|
* Licensed under the MIT License.
|
|
@@ -1689,7 +1700,7 @@
|
|
|
1689
1700
|
return updatedAccountInfo;
|
|
1690
1701
|
}
|
|
1691
1702
|
|
|
1692
|
-
/*! @azure/msal-common v16.
|
|
1703
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1693
1704
|
|
|
1694
1705
|
/*
|
|
1695
1706
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1769,7 +1780,7 @@
|
|
|
1769
1780
|
}
|
|
1770
1781
|
}
|
|
1771
1782
|
|
|
1772
|
-
/*! @azure/msal-common v16.
|
|
1783
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1773
1784
|
|
|
1774
1785
|
/*
|
|
1775
1786
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1926,7 +1937,7 @@
|
|
|
1926
1937
|
}
|
|
1927
1938
|
}
|
|
1928
1939
|
|
|
1929
|
-
/*! @azure/msal-common v16.
|
|
1940
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
1930
1941
|
|
|
1931
1942
|
/*
|
|
1932
1943
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2083,7 +2094,7 @@
|
|
|
2083
2094
|
return null;
|
|
2084
2095
|
}
|
|
2085
2096
|
|
|
2086
|
-
/*! @azure/msal-common v16.
|
|
2097
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2087
2098
|
/*
|
|
2088
2099
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2089
2100
|
* Licensed under the MIT License.
|
|
@@ -2091,7 +2102,7 @@
|
|
|
2091
2102
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
2092
2103
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
2093
2104
|
|
|
2094
|
-
/*! @azure/msal-common v16.
|
|
2105
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2095
2106
|
|
|
2096
2107
|
/*
|
|
2097
2108
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2129,7 +2140,7 @@
|
|
|
2129
2140
|
}
|
|
2130
2141
|
}
|
|
2131
2142
|
|
|
2132
|
-
/*! @azure/msal-common v16.
|
|
2143
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2133
2144
|
|
|
2134
2145
|
/*
|
|
2135
2146
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2167,7 +2178,7 @@
|
|
|
2167
2178
|
};
|
|
2168
2179
|
}
|
|
2169
2180
|
|
|
2170
|
-
/*! @azure/msal-common v16.
|
|
2181
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2171
2182
|
/*
|
|
2172
2183
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2173
2184
|
* Licensed under the MIT License.
|
|
@@ -2182,7 +2193,7 @@
|
|
|
2182
2193
|
Ciam: 3,
|
|
2183
2194
|
};
|
|
2184
2195
|
|
|
2185
|
-
/*! @azure/msal-common v16.
|
|
2196
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2186
2197
|
/*
|
|
2187
2198
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2188
2199
|
* Licensed under the MIT License.
|
|
@@ -2204,7 +2215,7 @@
|
|
|
2204
2215
|
return null;
|
|
2205
2216
|
}
|
|
2206
2217
|
|
|
2207
|
-
/*! @azure/msal-common v16.
|
|
2218
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2208
2219
|
/*
|
|
2209
2220
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2210
2221
|
* Licensed under the MIT License.
|
|
@@ -2228,7 +2239,7 @@
|
|
|
2228
2239
|
EAR: "EAR",
|
|
2229
2240
|
};
|
|
2230
2241
|
|
|
2231
|
-
/*! @azure/msal-common v16.
|
|
2242
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2232
2243
|
/**
|
|
2233
2244
|
* Returns the AccountInfo interface for this account.
|
|
2234
2245
|
*/
|
|
@@ -2403,7 +2414,7 @@
|
|
|
2403
2414
|
entity.hasOwnProperty("authorityType"));
|
|
2404
2415
|
}
|
|
2405
2416
|
|
|
2406
|
-
/*! @azure/msal-common v16.
|
|
2417
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
2407
2418
|
|
|
2408
2419
|
/*
|
|
2409
2420
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3505,7 +3516,7 @@
|
|
|
3505
3516
|
}
|
|
3506
3517
|
}
|
|
3507
3518
|
|
|
3508
|
-
/*! @azure/msal-common v16.
|
|
3519
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3509
3520
|
/*
|
|
3510
3521
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3511
3522
|
* Licensed under the MIT License.
|
|
@@ -3556,7 +3567,7 @@
|
|
|
3556
3567
|
"redirectBridgeMessageVersion",
|
|
3557
3568
|
]);
|
|
3558
3569
|
|
|
3559
|
-
/*! @azure/msal-common v16.
|
|
3570
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3560
3571
|
|
|
3561
3572
|
/*
|
|
3562
3573
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3611,7 +3622,7 @@
|
|
|
3611
3622
|
}
|
|
3612
3623
|
}
|
|
3613
3624
|
|
|
3614
|
-
/*! @azure/msal-common v16.
|
|
3625
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3615
3626
|
|
|
3616
3627
|
/*
|
|
3617
3628
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3706,7 +3717,7 @@
|
|
|
3706
3717
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3707
3718
|
}
|
|
3708
3719
|
|
|
3709
|
-
/*! @azure/msal-common v16.
|
|
3720
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3710
3721
|
/*
|
|
3711
3722
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3712
3723
|
* Licensed under the MIT License.
|
|
@@ -3733,7 +3744,7 @@
|
|
|
3733
3744
|
}
|
|
3734
3745
|
}
|
|
3735
3746
|
|
|
3736
|
-
/*! @azure/msal-common v16.
|
|
3747
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3737
3748
|
/*
|
|
3738
3749
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3739
3750
|
* Licensed under the MIT License.
|
|
@@ -3798,7 +3809,7 @@
|
|
|
3798
3809
|
return cachedAtSec > nowSeconds();
|
|
3799
3810
|
}
|
|
3800
3811
|
|
|
3801
|
-
/*! @azure/msal-common v16.
|
|
3812
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
3802
3813
|
|
|
3803
3814
|
/*
|
|
3804
3815
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4057,7 +4068,7 @@
|
|
|
4057
4068
|
return metadata.expiresAt <= nowSeconds();
|
|
4058
4069
|
}
|
|
4059
4070
|
|
|
4060
|
-
/*! @azure/msal-common v16.
|
|
4071
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4061
4072
|
/*
|
|
4062
4073
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4063
4074
|
* Licensed under the MIT License.
|
|
@@ -4128,7 +4139,7 @@
|
|
|
4128
4139
|
const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
|
|
4129
4140
|
const SetUserData = "setUserData";
|
|
4130
4141
|
|
|
4131
|
-
/*! @azure/msal-common v16.
|
|
4142
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4132
4143
|
/*
|
|
4133
4144
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4134
4145
|
* Licensed under the MIT License.
|
|
@@ -4221,7 +4232,7 @@
|
|
|
4221
4232
|
};
|
|
4222
4233
|
};
|
|
4223
4234
|
|
|
4224
|
-
/*! @azure/msal-common v16.
|
|
4235
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4225
4236
|
|
|
4226
4237
|
/*
|
|
4227
4238
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4301,7 +4312,7 @@
|
|
|
4301
4312
|
}
|
|
4302
4313
|
}
|
|
4303
4314
|
|
|
4304
|
-
/*! @azure/msal-common v16.
|
|
4315
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4305
4316
|
/*
|
|
4306
4317
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4307
4318
|
* Licensed under the MIT License.
|
|
@@ -4365,7 +4376,7 @@
|
|
|
4365
4376
|
uxNotAllowed: uxNotAllowed
|
|
4366
4377
|
});
|
|
4367
4378
|
|
|
4368
|
-
/*! @azure/msal-common v16.
|
|
4379
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4369
4380
|
|
|
4370
4381
|
/*
|
|
4371
4382
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4433,7 +4444,7 @@
|
|
|
4433
4444
|
return new InteractionRequiredAuthError(errorCode, errorMessage);
|
|
4434
4445
|
}
|
|
4435
4446
|
|
|
4436
|
-
/*! @azure/msal-common v16.
|
|
4447
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4437
4448
|
|
|
4438
4449
|
/*
|
|
4439
4450
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4452,7 +4463,7 @@
|
|
|
4452
4463
|
}
|
|
4453
4464
|
}
|
|
4454
4465
|
|
|
4455
|
-
/*! @azure/msal-common v16.
|
|
4466
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4456
4467
|
|
|
4457
4468
|
/*
|
|
4458
4469
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4520,7 +4531,7 @@
|
|
|
4520
4531
|
}
|
|
4521
4532
|
}
|
|
4522
4533
|
|
|
4523
|
-
/*! @azure/msal-common v16.
|
|
4534
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4524
4535
|
|
|
4525
4536
|
/*
|
|
4526
4537
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4868,7 +4879,7 @@
|
|
|
4868
4879
|
return baseAccount;
|
|
4869
4880
|
}
|
|
4870
4881
|
|
|
4871
|
-
/*! @azure/msal-common v16.
|
|
4882
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4872
4883
|
/*
|
|
4873
4884
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4874
4885
|
* Licensed under the MIT License.
|
|
@@ -4878,7 +4889,7 @@
|
|
|
4878
4889
|
UPN: "UPN",
|
|
4879
4890
|
};
|
|
4880
4891
|
|
|
4881
|
-
/*! @azure/msal-common v16.
|
|
4892
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4882
4893
|
/*
|
|
4883
4894
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4884
4895
|
* Licensed under the MIT License.
|
|
@@ -4896,7 +4907,7 @@
|
|
|
4896
4907
|
}
|
|
4897
4908
|
}
|
|
4898
4909
|
|
|
4899
|
-
/*! @azure/msal-common v16.
|
|
4910
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4900
4911
|
/*
|
|
4901
4912
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4902
4913
|
* Licensed under the MIT License.
|
|
@@ -4917,7 +4928,7 @@
|
|
|
4917
4928
|
};
|
|
4918
4929
|
}
|
|
4919
4930
|
|
|
4920
|
-
/*! @azure/msal-common v16.
|
|
4931
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
4921
4932
|
|
|
4922
4933
|
/*
|
|
4923
4934
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5003,7 +5014,7 @@
|
|
|
5003
5014
|
}
|
|
5004
5015
|
}
|
|
5005
5016
|
|
|
5006
|
-
/*! @azure/msal-common v16.
|
|
5017
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5007
5018
|
|
|
5008
5019
|
/*
|
|
5009
5020
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5034,7 +5045,7 @@
|
|
|
5034
5045
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
5035
5046
|
}
|
|
5036
5047
|
|
|
5037
|
-
/*! @azure/msal-common v16.
|
|
5048
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5038
5049
|
|
|
5039
5050
|
/*
|
|
5040
5051
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5148,7 +5159,7 @@
|
|
|
5148
5159
|
return response;
|
|
5149
5160
|
}
|
|
5150
5161
|
|
|
5151
|
-
/*! @azure/msal-common v16.
|
|
5162
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5152
5163
|
/*
|
|
5153
5164
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5154
5165
|
* Licensed under the MIT License.
|
|
@@ -5160,7 +5171,7 @@
|
|
|
5160
5171
|
response.hasOwnProperty("jwks_uri"));
|
|
5161
5172
|
}
|
|
5162
5173
|
|
|
5163
|
-
/*! @azure/msal-common v16.
|
|
5174
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5164
5175
|
/*
|
|
5165
5176
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5166
5177
|
* Licensed under the MIT License.
|
|
@@ -5170,7 +5181,7 @@
|
|
|
5170
5181
|
response.hasOwnProperty("metadata"));
|
|
5171
5182
|
}
|
|
5172
5183
|
|
|
5173
|
-
/*! @azure/msal-common v16.
|
|
5184
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5174
5185
|
/*
|
|
5175
5186
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5176
5187
|
* Licensed under the MIT License.
|
|
@@ -5180,7 +5191,7 @@
|
|
|
5180
5191
|
response.hasOwnProperty("error_description"));
|
|
5181
5192
|
}
|
|
5182
5193
|
|
|
5183
|
-
/*! @azure/msal-common v16.
|
|
5194
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5184
5195
|
|
|
5185
5196
|
/*
|
|
5186
5197
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5285,7 +5296,7 @@
|
|
|
5285
5296
|
},
|
|
5286
5297
|
};
|
|
5287
5298
|
|
|
5288
|
-
/*! @azure/msal-common v16.
|
|
5299
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
5289
5300
|
|
|
5290
5301
|
/*
|
|
5291
5302
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6105,7 +6116,7 @@
|
|
|
6105
6116
|
};
|
|
6106
6117
|
}
|
|
6107
6118
|
|
|
6108
|
-
/*! @azure/msal-common v16.
|
|
6119
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6109
6120
|
|
|
6110
6121
|
/*
|
|
6111
6122
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6139,7 +6150,7 @@
|
|
|
6139
6150
|
}
|
|
6140
6151
|
}
|
|
6141
6152
|
|
|
6142
|
-
/*! @azure/msal-common v16.
|
|
6153
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6143
6154
|
|
|
6144
6155
|
/*
|
|
6145
6156
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6304,11 +6315,6 @@
|
|
|
6304
6315
|
throw createClientConfigurationError(missingSshJwk);
|
|
6305
6316
|
}
|
|
6306
6317
|
}
|
|
6307
|
-
if (!StringUtils.isEmptyObj(request.claims) ||
|
|
6308
|
-
(this.config.authOptions.clientCapabilities &&
|
|
6309
|
-
this.config.authOptions.clientCapabilities.length > 0)) {
|
|
6310
|
-
addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
|
|
6311
|
-
}
|
|
6312
6318
|
let ccsCred = undefined;
|
|
6313
6319
|
if (request.clientInfo) {
|
|
6314
6320
|
try {
|
|
@@ -6357,6 +6363,7 @@
|
|
|
6357
6363
|
});
|
|
6358
6364
|
}
|
|
6359
6365
|
instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
|
|
6366
|
+
addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities, request.skipBrokerClaims);
|
|
6360
6367
|
return mapToQueryString(parameters);
|
|
6361
6368
|
}
|
|
6362
6369
|
/**
|
|
@@ -6400,7 +6407,7 @@
|
|
|
6400
6407
|
}
|
|
6401
6408
|
}
|
|
6402
6409
|
|
|
6403
|
-
/*! @azure/msal-common v16.
|
|
6410
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6404
6411
|
|
|
6405
6412
|
/*
|
|
6406
6413
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6590,11 +6597,6 @@
|
|
|
6590
6597
|
throw createClientConfigurationError(missingSshJwk);
|
|
6591
6598
|
}
|
|
6592
6599
|
}
|
|
6593
|
-
if (!StringUtils.isEmptyObj(request.claims) ||
|
|
6594
|
-
(this.config.authOptions.clientCapabilities &&
|
|
6595
|
-
this.config.authOptions.clientCapabilities.length > 0)) {
|
|
6596
|
-
addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
|
|
6597
|
-
}
|
|
6598
6600
|
if (this.config.systemOptions.preventCorsPreflight &&
|
|
6599
6601
|
request.ccsCredential) {
|
|
6600
6602
|
switch (request.ccsCredential.type) {
|
|
@@ -6621,11 +6623,12 @@
|
|
|
6621
6623
|
});
|
|
6622
6624
|
}
|
|
6623
6625
|
instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
|
|
6626
|
+
addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities, request.skipBrokerClaims);
|
|
6624
6627
|
return mapToQueryString(parameters);
|
|
6625
6628
|
}
|
|
6626
6629
|
}
|
|
6627
6630
|
|
|
6628
|
-
/*! @azure/msal-common v16.
|
|
6631
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6629
6632
|
|
|
6630
6633
|
/*
|
|
6631
6634
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6741,7 +6744,7 @@
|
|
|
6741
6744
|
}
|
|
6742
6745
|
}
|
|
6743
6746
|
|
|
6744
|
-
/*! @azure/msal-common v16.
|
|
6747
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6745
6748
|
|
|
6746
6749
|
/*
|
|
6747
6750
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6756,7 +6759,7 @@
|
|
|
6756
6759
|
},
|
|
6757
6760
|
};
|
|
6758
6761
|
|
|
6759
|
-
/*! @azure/msal-common v16.
|
|
6762
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6760
6763
|
|
|
6761
6764
|
/*
|
|
6762
6765
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6880,14 +6883,10 @@
|
|
|
6880
6883
|
if (request.state) {
|
|
6881
6884
|
addState(parameters, request.state);
|
|
6882
6885
|
}
|
|
6883
|
-
if (request.claims ||
|
|
6884
|
-
(authOptions.clientCapabilities &&
|
|
6885
|
-
authOptions.clientCapabilities.length > 0)) {
|
|
6886
|
-
addClaims(parameters, request.claims, authOptions.clientCapabilities);
|
|
6887
|
-
}
|
|
6888
6886
|
if (request.embeddedClientId) {
|
|
6889
6887
|
addBrokerParameters(parameters, authOptions.clientId, authOptions.redirectUri);
|
|
6890
6888
|
}
|
|
6889
|
+
addClaims(parameters, request.claims, authOptions.clientCapabilities, request.skipBrokerClaims);
|
|
6891
6890
|
// If extraQueryParameters includes instance_aware its value will be added when extraQueryParameters are added
|
|
6892
6891
|
if (authOptions.instanceAware &&
|
|
6893
6892
|
(!request.extraQueryParameters ||
|
|
@@ -6983,7 +6982,7 @@
|
|
|
6983
6982
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
6984
6983
|
}
|
|
6985
6984
|
|
|
6986
|
-
/*! @azure/msal-common v16.
|
|
6985
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
6987
6986
|
|
|
6988
6987
|
/*
|
|
6989
6988
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7016,7 +7015,7 @@
|
|
|
7016
7015
|
return Object.prototype.hasOwnProperty.call(params, "resource");
|
|
7017
7016
|
}
|
|
7018
7017
|
|
|
7019
|
-
/*! @azure/msal-common v16.
|
|
7018
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7020
7019
|
|
|
7021
7020
|
/*
|
|
7022
7021
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7074,7 +7073,7 @@
|
|
|
7074
7073
|
}
|
|
7075
7074
|
}
|
|
7076
7075
|
|
|
7077
|
-
/*! @azure/msal-common v16.
|
|
7076
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7078
7077
|
/*
|
|
7079
7078
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7080
7079
|
* Licensed under the MIT License.
|
|
@@ -7091,7 +7090,7 @@
|
|
|
7091
7090
|
unexpectedError: unexpectedError
|
|
7092
7091
|
});
|
|
7093
7092
|
|
|
7094
|
-
/*! @azure/msal-common v16.
|
|
7093
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7095
7094
|
|
|
7096
7095
|
/*
|
|
7097
7096
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7352,7 +7351,7 @@
|
|
|
7352
7351
|
}
|
|
7353
7352
|
}
|
|
7354
7353
|
|
|
7355
|
-
/*! @azure/msal-common v16.
|
|
7354
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7356
7355
|
|
|
7357
7356
|
/*
|
|
7358
7357
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7373,7 +7372,7 @@
|
|
|
7373
7372
|
return new JoseHeaderError(code);
|
|
7374
7373
|
}
|
|
7375
7374
|
|
|
7376
|
-
/*! @azure/msal-common v16.
|
|
7375
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7377
7376
|
/*
|
|
7378
7377
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7379
7378
|
* Licensed under the MIT License.
|
|
@@ -7381,7 +7380,7 @@
|
|
|
7381
7380
|
const missingKidError = "missing_kid_error";
|
|
7382
7381
|
const missingAlgError = "missing_alg_error";
|
|
7383
7382
|
|
|
7384
|
-
/*! @azure/msal-common v16.
|
|
7383
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7385
7384
|
|
|
7386
7385
|
/*
|
|
7387
7386
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7421,7 +7420,7 @@
|
|
|
7421
7420
|
}
|
|
7422
7421
|
}
|
|
7423
7422
|
|
|
7424
|
-
/*! @azure/msal-common v16.
|
|
7423
|
+
/*! @azure/msal-common v16.5.0 2026-04-16 */
|
|
7425
7424
|
|
|
7426
7425
|
/*
|
|
7427
7426
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8006,6 +8005,7 @@
|
|
|
8006
8005
|
* Used to acquire a token from Native component when native brokering is enabled.
|
|
8007
8006
|
*/
|
|
8008
8007
|
const NativeInteractionClientAcquireToken = "nativeInteractionClientAcquireToken";
|
|
8008
|
+
const NativeInteractionClientAcquireTokenRedirect = "nativeInteractionClientAcquireToken";
|
|
8009
8009
|
/**
|
|
8010
8010
|
* acquireTokenByRefreshToken API in RefreshTokenClient (msal-common).
|
|
8011
8011
|
*/
|
|
@@ -8079,7 +8079,7 @@
|
|
|
8079
8079
|
* Background telemetry measurement that tracks whether a late bridge response
|
|
8080
8080
|
* arrives after the iframe timeout has already fired.
|
|
8081
8081
|
*/
|
|
8082
|
-
const WaitForBridgeLateResponse = "waitForBridgeLateResponse";
|
|
8082
|
+
const WaitForBridgeLateResponse$1 = "waitForBridgeLateResponse";
|
|
8083
8083
|
|
|
8084
8084
|
/*
|
|
8085
8085
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -9005,7 +9005,7 @@
|
|
|
9005
9005
|
// Clear the active monitor
|
|
9006
9006
|
activeBridgeMonitor = null;
|
|
9007
9007
|
if (experimentalConfig?.iframeTimeoutTelemetry) {
|
|
9008
|
-
lateMeasurement = performanceClient.startMeasurement(WaitForBridgeLateResponse, correlationId);
|
|
9008
|
+
lateMeasurement = performanceClient.startMeasurement(WaitForBridgeLateResponse$1, correlationId);
|
|
9009
9009
|
timedOut$1 = true;
|
|
9010
9010
|
lateTimeoutId = window.setTimeout(() => {
|
|
9011
9011
|
lateMeasurement?.end({ success: false });
|
|
@@ -9806,7 +9806,14 @@
|
|
|
9806
9806
|
// Update cache storage
|
|
9807
9807
|
const LocalStorageUpdated = "localStorageUpdated";
|
|
9808
9808
|
// Load external tokens
|
|
9809
|
-
const LoadExternalTokens = "loadExternalTokens";
|
|
9809
|
+
const LoadExternalTokens = "loadExternalTokens";
|
|
9810
|
+
/**
|
|
9811
|
+
* SSO capability verification call (msal-browser).
|
|
9812
|
+
* Fire-and-forget SSO verification call made after interactive authentication completes.
|
|
9813
|
+
*/
|
|
9814
|
+
const SsoCapable = "ssoCapable";
|
|
9815
|
+
// Wait for late response from bridge after timeout has already occurred
|
|
9816
|
+
const WaitForBridgeLateResponse = "waitForBridgeLateResponse";
|
|
9810
9817
|
|
|
9811
9818
|
var BrowserRootPerformanceEvents = /*#__PURE__*/Object.freeze({
|
|
9812
9819
|
__proto__: null,
|
|
@@ -9818,7 +9825,9 @@
|
|
|
9818
9825
|
InitializeClientApplication: InitializeClientApplication,
|
|
9819
9826
|
LoadExternalTokens: LoadExternalTokens,
|
|
9820
9827
|
LocalStorageUpdated: LocalStorageUpdated,
|
|
9821
|
-
|
|
9828
|
+
SsoCapable: SsoCapable,
|
|
9829
|
+
SsoSilent: SsoSilent,
|
|
9830
|
+
WaitForBridgeLateResponse: WaitForBridgeLateResponse
|
|
9822
9831
|
});
|
|
9823
9832
|
|
|
9824
9833
|
/*
|
|
@@ -9837,6 +9846,7 @@
|
|
|
9837
9846
|
const VERSION_CACHE_KEY = `${PREFIX}.version`;
|
|
9838
9847
|
const ACCOUNT_KEYS = "account.keys";
|
|
9839
9848
|
const TOKEN_KEYS = "token.keys";
|
|
9849
|
+
const SSO_CAPABLE = `${PREFIX}.${BROWSER_PREFIX}.sso.capable`;
|
|
9840
9850
|
function getAccountKeysCacheKey(schema = ACCOUNT_SCHEMA_VERSION) {
|
|
9841
9851
|
if (schema < 1) {
|
|
9842
9852
|
return `${PREFIX}.${ACCOUNT_KEYS}`;
|
|
@@ -10335,7 +10345,7 @@
|
|
|
10335
10345
|
|
|
10336
10346
|
/* eslint-disable header/header */
|
|
10337
10347
|
const name = "@azure/msal-browser";
|
|
10338
|
-
const version = "5.
|
|
10348
|
+
const version = "5.7.0";
|
|
10339
10349
|
|
|
10340
10350
|
/*
|
|
10341
10351
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -12438,7 +12448,6 @@
|
|
|
12438
12448
|
const USER_INTERACTION_REQUIRED = "USER_INTERACTION_REQUIRED";
|
|
12439
12449
|
const USER_CANCEL = "USER_CANCEL";
|
|
12440
12450
|
const NO_NETWORK = "NO_NETWORK";
|
|
12441
|
-
const PERSISTENT_ERROR = "PERSISTENT_ERROR";
|
|
12442
12451
|
const DISABLED = "DISABLED";
|
|
12443
12452
|
const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
|
|
12444
12453
|
const UX_NOT_ALLOWED = "UX_NOT_ALLOWED";
|
|
@@ -12462,8 +12471,7 @@
|
|
|
12462
12471
|
function isFatalNativeAuthError(error) {
|
|
12463
12472
|
if (error.ext &&
|
|
12464
12473
|
error.ext.status &&
|
|
12465
|
-
|
|
12466
|
-
error.ext.status === DISABLED)) {
|
|
12474
|
+
error.ext.status === DISABLED) {
|
|
12467
12475
|
return true;
|
|
12468
12476
|
}
|
|
12469
12477
|
if (error.ext &&
|
|
@@ -12589,12 +12597,12 @@
|
|
|
12589
12597
|
async acquireToken(request, cacheLookupPolicy) {
|
|
12590
12598
|
this.logger.trace("03qeos", this.correlationId);
|
|
12591
12599
|
// start the perf measurement
|
|
12592
|
-
const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken,
|
|
12600
|
+
const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken, this.correlationId);
|
|
12593
12601
|
const reqTimestamp = nowSeconds();
|
|
12594
12602
|
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
12595
12603
|
try {
|
|
12596
12604
|
// initialize native request
|
|
12597
|
-
const nativeRequest = await this.
|
|
12605
|
+
const nativeRequest = await this.initializePlatformRequest(request);
|
|
12598
12606
|
// check if the tokens can be retrieved from internal cache
|
|
12599
12607
|
try {
|
|
12600
12608
|
const result = await this.acquireTokensFromCache(this.accountId, nativeRequest);
|
|
@@ -12608,6 +12616,10 @@
|
|
|
12608
12616
|
catch (e) {
|
|
12609
12617
|
if (cacheLookupPolicy === CacheLookupPolicy.AccessToken) {
|
|
12610
12618
|
this.logger.info("0eitbc", this.correlationId);
|
|
12619
|
+
nativeATMeasurement.end({
|
|
12620
|
+
success: false,
|
|
12621
|
+
brokerErrorCode: "cache_request_failed",
|
|
12622
|
+
});
|
|
12611
12623
|
throw e;
|
|
12612
12624
|
}
|
|
12613
12625
|
// continue with a native call for any and all errors
|
|
@@ -12629,7 +12641,6 @@
|
|
|
12629
12641
|
success: false,
|
|
12630
12642
|
errorCode: error.errorCode,
|
|
12631
12643
|
subErrorCode: error.subError,
|
|
12632
|
-
isNativeBroker: true,
|
|
12633
12644
|
});
|
|
12634
12645
|
throw error;
|
|
12635
12646
|
});
|
|
@@ -12638,6 +12649,9 @@
|
|
|
12638
12649
|
if (e instanceof NativeAuthError) {
|
|
12639
12650
|
serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode);
|
|
12640
12651
|
}
|
|
12652
|
+
nativeATMeasurement.end({
|
|
12653
|
+
success: false,
|
|
12654
|
+
});
|
|
12641
12655
|
throw e;
|
|
12642
12656
|
}
|
|
12643
12657
|
}
|
|
@@ -12670,7 +12684,7 @@
|
|
|
12670
12684
|
// fetch the account from browser cache
|
|
12671
12685
|
const account = this.browserStorage.getBaseAccountInfo({
|
|
12672
12686
|
nativeAccountId,
|
|
12673
|
-
},
|
|
12687
|
+
}, this.correlationId);
|
|
12674
12688
|
if (!account) {
|
|
12675
12689
|
throw createClientAuthError(noAccountFound);
|
|
12676
12690
|
}
|
|
@@ -12700,7 +12714,7 @@
|
|
|
12700
12714
|
*/
|
|
12701
12715
|
async acquireTokenRedirect(request, rootMeasurement, options) {
|
|
12702
12716
|
this.logger.trace("0luikq", this.correlationId);
|
|
12703
|
-
const nativeRequest = await this.
|
|
12717
|
+
const nativeRequest = await this.initializePlatformRequest(request);
|
|
12704
12718
|
const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
|
|
12705
12719
|
try {
|
|
12706
12720
|
await this.platformAuthProvider.sendMessage(nativeRequest);
|
|
@@ -12732,7 +12746,7 @@
|
|
|
12732
12746
|
* @param performanceClient {IPerformanceClient?}
|
|
12733
12747
|
* @param correlationId {string?} correlation identifier
|
|
12734
12748
|
*/
|
|
12735
|
-
async handleRedirectPromise(
|
|
12749
|
+
async handleRedirectPromise() {
|
|
12736
12750
|
this.logger.trace("1c5lhw", this.correlationId);
|
|
12737
12751
|
if (!this.browserStorage.isInteractionInProgress(true)) {
|
|
12738
12752
|
this.logger.info("0le6uv", this.correlationId);
|
|
@@ -12742,9 +12756,7 @@
|
|
|
12742
12756
|
const cachedRequest = this.browserStorage.getCachedNativeRequest();
|
|
12743
12757
|
if (!cachedRequest) {
|
|
12744
12758
|
this.logger.verbose("0a6zjb", this.correlationId);
|
|
12745
|
-
|
|
12746
|
-
performanceClient?.addFields({ errorCode: "no_cached_request" }, correlationId);
|
|
12747
|
-
}
|
|
12759
|
+
this.performanceClient?.addFields({ errorCode: "no_cached_request" }, this.correlationId);
|
|
12748
12760
|
return null;
|
|
12749
12761
|
}
|
|
12750
12762
|
const { prompt, ...request } = cachedRequest;
|
|
@@ -12759,6 +12771,7 @@
|
|
|
12759
12771
|
const authResult = await this.handleNativeResponse(response, request, reqTimestamp);
|
|
12760
12772
|
const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
|
|
12761
12773
|
serverTelemetryManager.clearNativeBrokerErrorCode();
|
|
12774
|
+
this.performanceClient?.addFields({ isNativeBroker: true }, this.correlationId);
|
|
12762
12775
|
return authResult;
|
|
12763
12776
|
}
|
|
12764
12777
|
catch (e) {
|
|
@@ -13027,15 +13040,23 @@
|
|
|
13027
13040
|
* Translates developer provided request object into NativeRequest object
|
|
13028
13041
|
* @param request
|
|
13029
13042
|
*/
|
|
13030
|
-
async
|
|
13031
|
-
this.logger.trace("
|
|
13043
|
+
async initializePlatformRequest(request) {
|
|
13044
|
+
this.logger.trace("1xdm2a", this.correlationId);
|
|
13032
13045
|
const canonicalAuthority = await this.getCanonicalAuthority(request);
|
|
13046
|
+
// ignore config claims if skipBrokerClaims is set to true and this is a brokered authentication flow
|
|
13047
|
+
const configClaims = request.skipBrokerClaims && !!request.embeddedClientId
|
|
13048
|
+
? undefined
|
|
13049
|
+
: this.config.auth.clientCapabilities;
|
|
13033
13050
|
// scopes are expected to be received by the native broker as "scope" and will be added to the request below. Other properties that should be dropped from the request to the native broker can be included in the object destructuring here.
|
|
13034
|
-
const { scopes, ...remainingProperties } = request;
|
|
13051
|
+
const { scopes, claims, ...remainingProperties } = request;
|
|
13035
13052
|
const scopeSet = new ScopeSet(scopes || []);
|
|
13036
13053
|
scopeSet.appendScopes(OIDC_DEFAULT_SCOPES$1);
|
|
13054
|
+
const mergedClaims = configClaims && configClaims.length
|
|
13055
|
+
? addClientCapabilitiesToClaims$1(claims, configClaims)
|
|
13056
|
+
: claims;
|
|
13037
13057
|
const validatedRequest = {
|
|
13038
13058
|
...remainingProperties,
|
|
13059
|
+
claims: mergedClaims,
|
|
13039
13060
|
accountId: this.accountId,
|
|
13040
13061
|
clientId: this.config.auth.clientId,
|
|
13041
13062
|
authority: canonicalAuthority.urlString,
|
|
@@ -13105,12 +13126,12 @@
|
|
|
13105
13126
|
switch (this.apiId) {
|
|
13106
13127
|
case ApiId.ssoSilent:
|
|
13107
13128
|
case ApiId.acquireTokenSilent_silentFlow:
|
|
13108
|
-
this.logger.trace("
|
|
13129
|
+
this.logger.trace("12n1y2", this.correlationId);
|
|
13109
13130
|
return PromptValue$1.NONE;
|
|
13110
13131
|
}
|
|
13111
13132
|
// Prompt not provided, request may proceed and native broker decides if it needs to prompt
|
|
13112
13133
|
if (!prompt) {
|
|
13113
|
-
this.logger.trace("
|
|
13134
|
+
this.logger.trace("0uid1p", this.correlationId);
|
|
13114
13135
|
return undefined;
|
|
13115
13136
|
}
|
|
13116
13137
|
// If request is interactive, check if prompt provided is allowed to go directly to native broker
|
|
@@ -13118,10 +13139,10 @@
|
|
|
13118
13139
|
case PromptValue$1.NONE:
|
|
13119
13140
|
case PromptValue$1.CONSENT:
|
|
13120
13141
|
case PromptValue$1.LOGIN:
|
|
13121
|
-
this.logger.trace("
|
|
13142
|
+
this.logger.trace("0i0hco", this.correlationId);
|
|
13122
13143
|
return prompt;
|
|
13123
13144
|
default:
|
|
13124
|
-
this.logger.trace("
|
|
13145
|
+
this.logger.trace("0w3tpw", this.correlationId);
|
|
13125
13146
|
throw createBrowserAuthError(nativePromptNotSupported);
|
|
13126
13147
|
}
|
|
13127
13148
|
}
|
|
@@ -13157,7 +13178,7 @@
|
|
|
13157
13178
|
this.performanceClient?.addFields({
|
|
13158
13179
|
embeddedClientId: child_client_id,
|
|
13159
13180
|
embeddedRedirectUri: child_redirect_uri,
|
|
13160
|
-
},
|
|
13181
|
+
}, this.correlationId);
|
|
13161
13182
|
}
|
|
13162
13183
|
}
|
|
13163
13184
|
|
|
@@ -13244,6 +13265,10 @@
|
|
|
13244
13265
|
if (request.platformBroker) {
|
|
13245
13266
|
// signal ests that this is a WAM call
|
|
13246
13267
|
addNativeBroker(parameters);
|
|
13268
|
+
// instrument JS-platform bridge specific fields
|
|
13269
|
+
performanceClient.addFields({
|
|
13270
|
+
isPlatformAuthorizeRequest: true,
|
|
13271
|
+
}, request.correlationId);
|
|
13247
13272
|
// pass the req_cnf for POP
|
|
13248
13273
|
if (request.authenticationScheme === AuthenticationScheme$1.POP) {
|
|
13249
13274
|
const cryptoOps = new CryptoOps(logger, performanceClient);
|
|
@@ -13713,6 +13738,7 @@
|
|
|
13713
13738
|
},
|
|
13714
13739
|
instanceAware: false,
|
|
13715
13740
|
isMcp: false,
|
|
13741
|
+
verifySSO: false,
|
|
13716
13742
|
};
|
|
13717
13743
|
// Default cache options for browser
|
|
13718
13744
|
const DEFAULT_CACHE_OPTIONS = {
|
|
@@ -14265,7 +14291,7 @@
|
|
|
14265
14291
|
}
|
|
14266
14292
|
}
|
|
14267
14293
|
/**
|
|
14268
|
-
* Returns boolean indicating whether or not the request should attempt to use
|
|
14294
|
+
* Returns boolean indicating whether or not the request should attempt to use platform broker
|
|
14269
14295
|
* @param logger
|
|
14270
14296
|
* @param config
|
|
14271
14297
|
* @param correlationId
|
|
@@ -14547,6 +14573,10 @@
|
|
|
14547
14573
|
return;
|
|
14548
14574
|
}
|
|
14549
14575
|
}
|
|
14576
|
+
// Redirect bridge requires "state" param to work properly
|
|
14577
|
+
validRequest.state = setRequestState(this.browserCrypto, validRequest.state || "", {
|
|
14578
|
+
interactionType: exports.InteractionType.Popup,
|
|
14579
|
+
});
|
|
14550
14580
|
// Create logout string and navigate user window to logout.
|
|
14551
14581
|
const logoutUri = authClient.getLogoutUri(validRequest);
|
|
14552
14582
|
this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, validRequest.correlationId, exports.InteractionType.Popup, validRequest);
|
|
@@ -15087,6 +15117,10 @@
|
|
|
15087
15117
|
}
|
|
15088
15118
|
}
|
|
15089
15119
|
}
|
|
15120
|
+
// Redirect bridge requires "state" param to work properly
|
|
15121
|
+
validLogoutRequest.state = setRequestState(this.browserCrypto, validLogoutRequest.state || "", {
|
|
15122
|
+
interactionType: exports.InteractionType.Redirect,
|
|
15123
|
+
});
|
|
15090
15124
|
// Create logout string and navigate user window to logout.
|
|
15091
15125
|
const logoutUri = authClient.getLogoutUri(validLogoutRequest);
|
|
15092
15126
|
if (validLogoutRequest.account?.homeAccountId) {
|
|
@@ -15335,6 +15369,38 @@
|
|
|
15335
15369
|
return invokeAsync(handleResponseEAR, HandleResponseEar, this.logger, this.performanceClient, correlationId)(silentRequest, serverParams, this.apiId, this.config, discoveredAuthority, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
15336
15370
|
}
|
|
15337
15371
|
}
|
|
15372
|
+
/**
|
|
15373
|
+
* Verifies SSO capability by making an iframe request to /authorize without exchanging the code for tokens.
|
|
15374
|
+
* This is useful for verifying SSO capability in the background without the overhead of a full token exchange.
|
|
15375
|
+
* @param request - The SSO silent request
|
|
15376
|
+
* @returns true if SSO verification was successful with a valid authorization code, false otherwise
|
|
15377
|
+
*/
|
|
15378
|
+
async verifySso(request) {
|
|
15379
|
+
const inputRequest = { ...request };
|
|
15380
|
+
if (!inputRequest.prompt) {
|
|
15381
|
+
inputRequest.prompt = PromptValue$1.NONE;
|
|
15382
|
+
}
|
|
15383
|
+
// Create silent request
|
|
15384
|
+
const silentRequest = await invokeAsync(initializeAuthorizationRequest, StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(inputRequest, exports.InteractionType.Silent, this.config, this.browserCrypto, this.browserStorage, this.logger, this.performanceClient, this.correlationId);
|
|
15385
|
+
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
|
|
15386
|
+
serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger),
|
|
15387
|
+
requestAuthority: silentRequest.authority,
|
|
15388
|
+
requestAzureCloudOptions: silentRequest.azureCloudOptions,
|
|
15389
|
+
requestExtraQueryParameters: silentRequest.extraQueryParameters,
|
|
15390
|
+
account: silentRequest.account,
|
|
15391
|
+
});
|
|
15392
|
+
const { serverParams } = await this.silentAuthorizeHelper(authClient, silentRequest);
|
|
15393
|
+
const correlationId = silentRequest.correlationId;
|
|
15394
|
+
// Validate the response - this checks for errors and validates state
|
|
15395
|
+
validateAuthorizationResponse(serverParams, silentRequest.state);
|
|
15396
|
+
// Verify a valid authorization code is present
|
|
15397
|
+
if (!serverParams.code) {
|
|
15398
|
+
this.logger.warning("0y34ti", correlationId);
|
|
15399
|
+
return false;
|
|
15400
|
+
}
|
|
15401
|
+
this.logger.verbose("0kkkcj", correlationId);
|
|
15402
|
+
return true;
|
|
15403
|
+
}
|
|
15338
15404
|
/**
|
|
15339
15405
|
* Currently Unsupported
|
|
15340
15406
|
*/
|
|
@@ -15349,6 +15415,16 @@
|
|
|
15349
15415
|
* @param userRequestScopes
|
|
15350
15416
|
*/
|
|
15351
15417
|
async silentTokenHelper(authClient, request) {
|
|
15418
|
+
const { serverParams, pkceCodes } = await this.silentAuthorizeHelper(authClient, request);
|
|
15419
|
+
return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, request.correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
|
|
15420
|
+
}
|
|
15421
|
+
/**
|
|
15422
|
+
* Shared helper that generates PKCE codes, builds the /authorize URL,
|
|
15423
|
+
* loads it in a hidden iframe, waits for the redirect-bridge response,
|
|
15424
|
+
* and returns the deserialized server parameters along with the PKCE codes
|
|
15425
|
+
* and the request that was sent.
|
|
15426
|
+
*/
|
|
15427
|
+
async silentAuthorizeHelper(authClient, request) {
|
|
15352
15428
|
const correlationId = request.correlationId;
|
|
15353
15429
|
const pkceCodes = await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
|
|
15354
15430
|
const silentRequest = {
|
|
@@ -15375,7 +15451,7 @@
|
|
|
15375
15451
|
invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
|
|
15376
15452
|
}
|
|
15377
15453
|
const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
|
|
15378
|
-
return
|
|
15454
|
+
return { serverParams, pkceCodes, silentRequest };
|
|
15379
15455
|
}
|
|
15380
15456
|
}
|
|
15381
15457
|
|
|
@@ -15754,22 +15830,25 @@
|
|
|
15754
15830
|
}
|
|
15755
15831
|
const loggedInAccounts = this.getAllAccounts();
|
|
15756
15832
|
const platformBrokerRequest = this.browserStorage.getCachedNativeRequest();
|
|
15757
|
-
const useNative = platformBrokerRequest &&
|
|
15758
|
-
this.platformAuthProvider &&
|
|
15759
|
-
!options?.hash;
|
|
15833
|
+
const useNative = platformBrokerRequest && !options?.hash;
|
|
15760
15834
|
let rootMeasurement;
|
|
15761
15835
|
let redirectResponse;
|
|
15836
|
+
let cachedRedirectRequest;
|
|
15762
15837
|
try {
|
|
15763
15838
|
if (useNative && this.platformAuthProvider) {
|
|
15764
15839
|
const correlationId = platformBrokerRequest?.correlationId || "";
|
|
15765
15840
|
this.eventHandler.emitEvent(EventType.HANDLE_REDIRECT_START, correlationId, exports.InteractionType.Redirect);
|
|
15766
15841
|
rootMeasurement = this.performanceClient.startMeasurement(AcquireTokenRedirect, correlationId);
|
|
15767
15842
|
this.logger.trace("12v7is", correlationId);
|
|
15843
|
+
rootMeasurement.add({
|
|
15844
|
+
isPlatformBrokerRequest: true,
|
|
15845
|
+
});
|
|
15768
15846
|
const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.handleRedirectPromise, this.performanceClient, this.platformAuthProvider, platformBrokerRequest.accountId, this.nativeInternalStorage, platformBrokerRequest.correlationId);
|
|
15769
|
-
redirectResponse = invokeAsync(nativeClient.handleRedirectPromise.bind(nativeClient), HandleNativeRedirectPromiseMeasurement, this.logger, this.performanceClient, rootMeasurement.event.correlationId)(
|
|
15847
|
+
redirectResponse = invokeAsync(nativeClient.handleRedirectPromise.bind(nativeClient), HandleNativeRedirectPromiseMeasurement, this.logger, this.performanceClient, rootMeasurement.event.correlationId)();
|
|
15770
15848
|
}
|
|
15771
15849
|
else {
|
|
15772
15850
|
const [standardRequest, codeVerifier] = this.browserStorage.getCachedRequest("");
|
|
15851
|
+
cachedRedirectRequest = standardRequest;
|
|
15773
15852
|
const correlationId = standardRequest.correlationId;
|
|
15774
15853
|
this.eventHandler.emitEvent(EventType.HANDLE_REDIRECT_START, correlationId, exports.InteractionType.Redirect);
|
|
15775
15854
|
// Reset rootMeasurement now that we have correlationId
|
|
@@ -15798,6 +15877,8 @@
|
|
|
15798
15877
|
rootMeasurement.end({
|
|
15799
15878
|
success: true,
|
|
15800
15879
|
}, undefined, result.account);
|
|
15880
|
+
// Fire-and-forget SSO capability verification in background
|
|
15881
|
+
this.verifySsoCapability(cachedRedirectRequest, exports.InteractionType.Redirect);
|
|
15801
15882
|
}
|
|
15802
15883
|
else {
|
|
15803
15884
|
/*
|
|
@@ -15863,12 +15944,14 @@
|
|
|
15863
15944
|
if (this.platformAuthProvider &&
|
|
15864
15945
|
this.canUsePlatformBroker(request)) {
|
|
15865
15946
|
const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.acquireTokenRedirect, this.performanceClient, this.platformAuthProvider, this.getNativeAccountId(request), this.nativeInternalStorage, correlationId);
|
|
15866
|
-
result = nativeClient
|
|
15867
|
-
.
|
|
15868
|
-
|
|
15947
|
+
result = invokeAsync(nativeClient.acquireTokenRedirect.bind(nativeClient), NativeInteractionClientAcquireTokenRedirect, this.logger, this.performanceClient, correlationId)(request, atrMeasurement).catch((e) => {
|
|
15948
|
+
atrMeasurement.add({
|
|
15949
|
+
brokerErrorName: e.name,
|
|
15950
|
+
brokerErrorCode: e.errorCode,
|
|
15951
|
+
});
|
|
15869
15952
|
if (e instanceof NativeAuthError &&
|
|
15870
15953
|
isFatalNativeAuthError(e)) {
|
|
15871
|
-
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
|
|
15954
|
+
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
|
|
15872
15955
|
const redirectClient = this.createRedirectClient(correlationId);
|
|
15873
15956
|
return redirectClient.acquireToken(request);
|
|
15874
15957
|
}
|
|
@@ -15934,6 +16017,9 @@
|
|
|
15934
16017
|
let result;
|
|
15935
16018
|
const pkce = this.getPreGeneratedPkceCodes(correlationId);
|
|
15936
16019
|
if (this.canUsePlatformBroker(request)) {
|
|
16020
|
+
atPopupMeasurement.add({
|
|
16021
|
+
isPlatformBrokerRequest: true,
|
|
16022
|
+
});
|
|
15937
16023
|
result = this.acquireTokenNative({
|
|
15938
16024
|
...request,
|
|
15939
16025
|
correlationId,
|
|
@@ -15946,9 +16032,13 @@
|
|
|
15946
16032
|
return response;
|
|
15947
16033
|
})
|
|
15948
16034
|
.catch((e) => {
|
|
16035
|
+
atPopupMeasurement.add({
|
|
16036
|
+
brokerErrorName: e.name,
|
|
16037
|
+
brokerErrorCode: e.errorCode,
|
|
16038
|
+
});
|
|
15949
16039
|
if (e instanceof NativeAuthError &&
|
|
15950
16040
|
isFatalNativeAuthError(e)) {
|
|
15951
|
-
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
|
|
16041
|
+
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
|
|
15952
16042
|
const popupClient = this.createPopupClient(correlationId);
|
|
15953
16043
|
return popupClient.acquireToken(request, pkce);
|
|
15954
16044
|
}
|
|
@@ -15979,6 +16069,8 @@
|
|
|
15979
16069
|
accessTokenSize: result.accessToken.length,
|
|
15980
16070
|
idTokenSize: result.idToken.length,
|
|
15981
16071
|
}, undefined, result.account);
|
|
16072
|
+
// SSO capability verification in background
|
|
16073
|
+
this.verifySsoCapability(request, exports.InteractionType.Popup);
|
|
15982
16074
|
return result;
|
|
15983
16075
|
})
|
|
15984
16076
|
.catch((e) => {
|
|
@@ -16031,6 +16123,103 @@
|
|
|
16031
16123
|
window.removeEventListener("online", listener);
|
|
16032
16124
|
window.removeEventListener("offline", listener);
|
|
16033
16125
|
}
|
|
16126
|
+
/**
|
|
16127
|
+
* Reads the cached ssoCapable value from localStorage.
|
|
16128
|
+
* @returns The cached ssoCapable boolean value, or undefined if not cached or expired.
|
|
16129
|
+
*/
|
|
16130
|
+
getCachedSsoCapable() {
|
|
16131
|
+
try {
|
|
16132
|
+
const cachedValue = window.localStorage.getItem(SSO_CAPABLE);
|
|
16133
|
+
if (cachedValue) {
|
|
16134
|
+
const parsed = JSON.parse(cachedValue);
|
|
16135
|
+
if (parsed &&
|
|
16136
|
+
typeof parsed.ssoCapable === "boolean" &&
|
|
16137
|
+
parsed.expiresOn &&
|
|
16138
|
+
Date.now() < parsed.expiresOn) {
|
|
16139
|
+
return parsed.ssoCapable;
|
|
16140
|
+
}
|
|
16141
|
+
}
|
|
16142
|
+
}
|
|
16143
|
+
catch {
|
|
16144
|
+
// If parsing fails, return undefined
|
|
16145
|
+
}
|
|
16146
|
+
return undefined;
|
|
16147
|
+
}
|
|
16148
|
+
/**
|
|
16149
|
+
* SSO capability verification in the background.
|
|
16150
|
+
* This method makes an iframe request to /authorize to verify SSO capability without calling /token.
|
|
16151
|
+
* This method does not block the caller and tracks telemetry for success/failure.
|
|
16152
|
+
* This method only executes if verifySSO is set to true in the auth configuration.
|
|
16153
|
+
* The result is cached in localStorage with a 24-hour TTL; the SSO verification call
|
|
16154
|
+
* is only attempted when the cached value is absent or expired.
|
|
16155
|
+
* @param request - The original request used for the authentication flow
|
|
16156
|
+
* @param interactionType - The interactionType of the AT operation for logging purposes
|
|
16157
|
+
*/
|
|
16158
|
+
verifySsoCapability(request, interactionType) {
|
|
16159
|
+
// Check if SSO capability verification is enabled
|
|
16160
|
+
if (!this.config.auth.verifySSO) {
|
|
16161
|
+
return;
|
|
16162
|
+
}
|
|
16163
|
+
// Check TTL: derive ssoCapable state from localStorage and skip if not expired
|
|
16164
|
+
const ssoCacheKey = SSO_CAPABLE;
|
|
16165
|
+
const SSO_CAPABLE_TTL_MS = 24 * 60 * 60 * 1000; // 24 hours
|
|
16166
|
+
const cachedSsoCapable = this.getCachedSsoCapable();
|
|
16167
|
+
if (cachedSsoCapable !== undefined) {
|
|
16168
|
+
this.logger.verbose("13poou", "");
|
|
16169
|
+
return;
|
|
16170
|
+
}
|
|
16171
|
+
const correlationId = createNewGuid();
|
|
16172
|
+
const ssoCapableMeasurement = this.performanceClient.startMeasurement(SsoCapable, correlationId);
|
|
16173
|
+
ssoCapableMeasurement.add({
|
|
16174
|
+
"ext.interactionType": interactionType,
|
|
16175
|
+
});
|
|
16176
|
+
this.logger.verbose("0pbr0i", correlationId);
|
|
16177
|
+
/*
|
|
16178
|
+
* Use setTimeout to ensure this runs in a separate macrotask after the current call stack completes
|
|
16179
|
+
* This ensures the result is returned to the caller before the SSO verification starts and doesn't affect performance
|
|
16180
|
+
*/
|
|
16181
|
+
setTimeout(() => {
|
|
16182
|
+
const ssoVerificationRequest = {
|
|
16183
|
+
...request,
|
|
16184
|
+
correlationId: correlationId,
|
|
16185
|
+
};
|
|
16186
|
+
const silentIframeClient = this.createSilentIframeClient(correlationId);
|
|
16187
|
+
silentIframeClient
|
|
16188
|
+
.verifySso(ssoVerificationRequest)
|
|
16189
|
+
.then((result) => {
|
|
16190
|
+
this.logger.verbose("1gd1iv", correlationId);
|
|
16191
|
+
// TBD to add profileTelemetry later in localStorage with 24h TTL
|
|
16192
|
+
try {
|
|
16193
|
+
const cacheEntry = JSON.stringify({
|
|
16194
|
+
ssoCapable: result,
|
|
16195
|
+
expiresOn: Date.now() + SSO_CAPABLE_TTL_MS,
|
|
16196
|
+
});
|
|
16197
|
+
window.localStorage.setItem(ssoCacheKey, cacheEntry);
|
|
16198
|
+
}
|
|
16199
|
+
catch {
|
|
16200
|
+
this.logger.warning("18lmoj", correlationId);
|
|
16201
|
+
}
|
|
16202
|
+
ssoCapableMeasurement.end({
|
|
16203
|
+
fromCache: false,
|
|
16204
|
+
success: result,
|
|
16205
|
+
}, undefined);
|
|
16206
|
+
})
|
|
16207
|
+
.catch((error) => {
|
|
16208
|
+
this.logger.warning("05g83w", correlationId);
|
|
16209
|
+
// reset the cache
|
|
16210
|
+
try {
|
|
16211
|
+
window.localStorage.removeItem(ssoCacheKey);
|
|
16212
|
+
}
|
|
16213
|
+
catch {
|
|
16214
|
+
this.logger.warning("0nlf9q", correlationId);
|
|
16215
|
+
}
|
|
16216
|
+
ssoCapableMeasurement.end({
|
|
16217
|
+
fromCache: false,
|
|
16218
|
+
success: false,
|
|
16219
|
+
}, error);
|
|
16220
|
+
});
|
|
16221
|
+
}, 0);
|
|
16222
|
+
}
|
|
16034
16223
|
// #endregion
|
|
16035
16224
|
// #region Silent Flow
|
|
16036
16225
|
/**
|
|
@@ -16052,13 +16241,12 @@
|
|
|
16052
16241
|
const correlationId = this.getRequestCorrelationId(request);
|
|
16053
16242
|
const validRequest = {
|
|
16054
16243
|
...request,
|
|
16055
|
-
// will be PromptValue.NONE or PromptValue.NO_SESSION
|
|
16056
|
-
prompt: request.prompt,
|
|
16057
16244
|
correlationId: correlationId,
|
|
16058
16245
|
};
|
|
16059
16246
|
this.ssoSilentMeasurement = this.performanceClient.startMeasurement(SsoSilent, correlationId);
|
|
16060
16247
|
this.ssoSilentMeasurement?.add({
|
|
16061
16248
|
scenarioId: request.scenarioId,
|
|
16249
|
+
ssoCapable: this.getCachedSsoCapable(),
|
|
16062
16250
|
});
|
|
16063
16251
|
preflightCheck(this.initialized, this.ssoSilentMeasurement, this.config, validRequest);
|
|
16064
16252
|
this.ssoSilentMeasurement?.increment({
|
|
@@ -16071,10 +16259,17 @@
|
|
|
16071
16259
|
this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Silent, validRequest);
|
|
16072
16260
|
let result;
|
|
16073
16261
|
if (this.canUsePlatformBroker(validRequest)) {
|
|
16262
|
+
this.ssoSilentMeasurement?.add({
|
|
16263
|
+
isPlatformBrokerRequest: true,
|
|
16264
|
+
});
|
|
16074
16265
|
result = this.acquireTokenNative(validRequest, ApiId.ssoSilent).catch((e) => {
|
|
16266
|
+
this.ssoSilentMeasurement?.add({
|
|
16267
|
+
brokerErrorName: e.name,
|
|
16268
|
+
brokerErrorCode: e.errorCode,
|
|
16269
|
+
});
|
|
16075
16270
|
// If native token acquisition fails for availability reasons fallback to standard flow
|
|
16076
16271
|
if (e instanceof NativeAuthError && isFatalNativeAuthError(e)) {
|
|
16077
|
-
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
|
|
16272
|
+
this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
|
|
16078
16273
|
const silentIframeClient = this.createSilentIframeClient(validRequest.correlationId);
|
|
16079
16274
|
return silentIframeClient.acquireToken(validRequest);
|
|
16080
16275
|
}
|
|
@@ -16147,7 +16342,6 @@
|
|
|
16147
16342
|
this.hybridAuthCodeResponses.delete(hybridAuthCode);
|
|
16148
16343
|
atbcMeasurement.end({
|
|
16149
16344
|
success: true,
|
|
16150
|
-
isNativeBroker: result.fromPlatformBroker,
|
|
16151
16345
|
accessTokenSize: result.accessToken.length,
|
|
16152
16346
|
idTokenSize: result.idToken.length,
|
|
16153
16347
|
}, undefined, result.account);
|
|
@@ -16171,10 +16365,17 @@
|
|
|
16171
16365
|
}
|
|
16172
16366
|
else if (request.nativeAccountId) {
|
|
16173
16367
|
if (this.canUsePlatformBroker(request, request.nativeAccountId)) {
|
|
16368
|
+
atbcMeasurement.add({
|
|
16369
|
+
isPlatformBrokerRequest: true,
|
|
16370
|
+
});
|
|
16174
16371
|
const result = await this.acquireTokenNative({
|
|
16175
16372
|
...request,
|
|
16176
16373
|
correlationId,
|
|
16177
16374
|
}, ApiId.acquireTokenByCode, request.nativeAccountId).catch((e) => {
|
|
16375
|
+
atbcMeasurement.add({
|
|
16376
|
+
brokerErrorName: e.name,
|
|
16377
|
+
brokerErrorCode: e.errorCode,
|
|
16378
|
+
});
|
|
16178
16379
|
// If native token acquisition fails for availability reasons fallback to standard flow
|
|
16179
16380
|
if (e instanceof NativeAuthError &&
|
|
16180
16381
|
isFatalNativeAuthError(e)) {
|
|
@@ -16225,7 +16426,6 @@
|
|
|
16225
16426
|
this.acquireTokenByCodeAsyncMeasurement?.end({
|
|
16226
16427
|
success: true,
|
|
16227
16428
|
fromCache: response.fromCache,
|
|
16228
|
-
isNativeBroker: response.fromPlatformBroker,
|
|
16229
16429
|
});
|
|
16230
16430
|
return response;
|
|
16231
16431
|
})
|
|
@@ -16394,7 +16594,7 @@
|
|
|
16394
16594
|
throw createBrowserAuthError(nativeConnectionNotEstablished);
|
|
16395
16595
|
}
|
|
16396
16596
|
const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, apiId, this.performanceClient, this.platformAuthProvider, accountId || this.getNativeAccountId(request), this.nativeInternalStorage, correlationId);
|
|
16397
|
-
return nativeClient.acquireToken(request, cacheLookupPolicy);
|
|
16597
|
+
return invokeAsync(nativeClient.acquireToken.bind(nativeClient), NativeInteractionClientAcquireToken, this.logger, this.performanceClient, correlationId)(request, cacheLookupPolicy);
|
|
16398
16598
|
}
|
|
16399
16599
|
/**
|
|
16400
16600
|
* Returns boolean indicating if this request can use the platform broker
|
|
@@ -16408,7 +16608,7 @@
|
|
|
16408
16608
|
return false;
|
|
16409
16609
|
}
|
|
16410
16610
|
if (!isPlatformAuthAllowed(this.config, this.logger, correlationId, this.platformAuthProvider, request.authenticationScheme)) {
|
|
16411
|
-
this.logger.trace("
|
|
16611
|
+
this.logger.trace("0yoy1g", correlationId);
|
|
16412
16612
|
return false;
|
|
16413
16613
|
}
|
|
16414
16614
|
if (request.prompt) {
|
|
@@ -16627,6 +16827,7 @@
|
|
|
16627
16827
|
atsMeasurement.add({
|
|
16628
16828
|
cacheLookupPolicy: request.cacheLookupPolicy,
|
|
16629
16829
|
scenarioId: request.scenarioId,
|
|
16830
|
+
ssoCapable: this.getCachedSsoCapable(),
|
|
16630
16831
|
});
|
|
16631
16832
|
preflightCheck(this.initialized, atsMeasurement, this.config, request);
|
|
16632
16833
|
this.logger.verbose("0x1c4s", correlationId);
|
|
@@ -16639,7 +16840,6 @@
|
|
|
16639
16840
|
atsMeasurement.end({
|
|
16640
16841
|
success: true,
|
|
16641
16842
|
fromCache: result.fromCache,
|
|
16642
|
-
isNativeBroker: result.fromPlatformBroker,
|
|
16643
16843
|
accessTokenSize: result.accessToken.length,
|
|
16644
16844
|
idTokenSize: result.idToken.length,
|
|
16645
16845
|
}, undefined, result.account);
|
|
@@ -16799,7 +16999,12 @@
|
|
|
16799
16999
|
if (isPlatformAuthAllowed(this.config, this.logger, silentRequest.correlationId, this.platformAuthProvider, silentRequest.authenticationScheme) &&
|
|
16800
17000
|
silentRequest.account.nativeAccountId) {
|
|
16801
17001
|
this.logger.verbose("0sczo4", silentRequest.correlationId);
|
|
17002
|
+
this.performanceClient.addFields({ isPlatformBrokerRequest: true }, silentRequest.correlationId);
|
|
16802
17003
|
return this.acquireTokenNative(silentRequest, ApiId.acquireTokenSilent_silentFlow, silentRequest.account.nativeAccountId, cacheLookupPolicy).catch(async (e) => {
|
|
17004
|
+
this.performanceClient.addFields({
|
|
17005
|
+
brokerErrorName: e.name,
|
|
17006
|
+
brokerErrorCode: e.errorCode,
|
|
17007
|
+
}, silentRequest.correlationId);
|
|
16803
17008
|
// If native token acquisition fails for availability reasons fallback to web flow
|
|
16804
17009
|
if (e instanceof NativeAuthError && isFatalNativeAuthError(e)) {
|
|
16805
17010
|
this.logger.verbose("07rkmb", silentRequest.correlationId);
|