@azure/msal-browser 5.6.3 → 5.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (411) hide show
  1. package/README.md +0 -1
  2. package/dist/app/IPublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientApplication.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +2 -3
  5. package/dist/broker/nativeBroker/NativeStatusCodes.mjs.map +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  7. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  8. package/dist/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
  9. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +2 -2
  10. package/dist/cache/AccountManager.mjs +1 -1
  11. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  12. package/dist/cache/BrowserCacheManager.mjs +1 -1
  13. package/dist/cache/CacheHelpers.mjs +1 -1
  14. package/dist/cache/CacheKeys.d.ts +1 -0
  15. package/dist/cache/CacheKeys.d.ts.map +1 -1
  16. package/dist/cache/CacheKeys.mjs +3 -2
  17. package/dist/cache/CacheKeys.mjs.map +1 -1
  18. package/dist/cache/CookieStorage.mjs +1 -1
  19. package/dist/cache/DatabaseStorage.mjs +1 -1
  20. package/dist/cache/EncryptedData.mjs +1 -1
  21. package/dist/cache/LocalStorage.mjs +1 -1
  22. package/dist/cache/MemoryStorage.mjs +1 -1
  23. package/dist/cache/SessionStorage.mjs +1 -1
  24. package/dist/cache/TokenCache.mjs +1 -1
  25. package/dist/config/Configuration.d.ts +7 -0
  26. package/dist/config/Configuration.d.ts.map +1 -1
  27. package/dist/config/Configuration.mjs +2 -1
  28. package/dist/config/Configuration.mjs.map +1 -1
  29. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  30. package/dist/controllers/StandardController.d.ts +16 -0
  31. package/dist/controllers/StandardController.d.ts.map +1 -1
  32. package/dist/controllers/StandardController.mjs +150 -20
  33. package/dist/controllers/StandardController.mjs.map +1 -1
  34. package/dist/crypto/BrowserCrypto.mjs +1 -1
  35. package/dist/crypto/CryptoOps.mjs +1 -1
  36. package/dist/crypto/PkceGenerator.mjs +1 -1
  37. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  38. package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
  39. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +2 -3
  40. package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs.map +1 -1
  41. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  42. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  43. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
  44. package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +2 -2
  45. package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
  46. package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
  47. package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +1 -1
  48. package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
  49. package/dist/custom-auth-path/cache/CacheKeys.d.ts +1 -0
  50. package/dist/custom-auth-path/cache/CacheKeys.d.ts.map +1 -1
  51. package/dist/custom-auth-path/cache/CacheKeys.mjs +3 -2
  52. package/dist/custom-auth-path/cache/CacheKeys.mjs.map +1 -1
  53. package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
  54. package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
  55. package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
  56. package/dist/custom-auth-path/cache/LocalStorage.mjs +1 -1
  57. package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
  58. package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
  59. package/dist/custom-auth-path/config/Configuration.d.ts +7 -0
  60. package/dist/custom-auth-path/config/Configuration.d.ts.map +1 -1
  61. package/dist/custom-auth-path/config/Configuration.mjs +2 -1
  62. package/dist/custom-auth-path/config/Configuration.mjs.map +1 -1
  63. package/dist/custom-auth-path/controllers/StandardController.d.ts +16 -0
  64. package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
  65. package/dist/custom-auth-path/controllers/StandardController.mjs +150 -20
  66. package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
  67. package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
  68. package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
  69. package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
  70. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
  71. package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
  72. package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  73. package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
  74. package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  75. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  76. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  77. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  78. package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  79. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  80. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  81. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  82. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  83. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  84. package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  85. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  86. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  87. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  88. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  89. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  90. package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  91. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  92. package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
  93. package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
  94. package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  95. package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  96. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  97. package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  98. package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  99. package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  100. package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  101. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  102. package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  103. package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
  104. package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  105. package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  106. package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  107. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  108. package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  109. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  110. package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  111. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  112. package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  113. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
  114. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
  115. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  116. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  117. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
  118. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
  119. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
  120. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  121. package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  122. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  123. package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  124. package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  125. package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  126. package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
  127. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  128. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  129. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  130. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  131. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  132. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  133. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  134. package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  135. package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  136. package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
  137. package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  138. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  139. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  140. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  141. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  142. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  143. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  144. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  145. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  146. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  147. package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  148. package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  149. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  150. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  151. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  152. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  153. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  154. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  155. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  156. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  157. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  158. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  159. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  160. package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  161. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  162. package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  163. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  164. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  165. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  166. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  167. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  168. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  169. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  170. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  171. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  172. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  173. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  174. package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  175. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  176. package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  177. package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
  178. package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
  179. package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
  180. package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
  181. package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
  182. package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  183. package/dist/custom-auth-path/error/NativeAuthError.d.ts.map +1 -1
  184. package/dist/custom-auth-path/error/NativeAuthError.mjs +3 -4
  185. package/dist/custom-auth-path/error/NativeAuthError.mjs.map +1 -1
  186. package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
  187. package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
  188. package/dist/custom-auth-path/event/EventType.mjs +1 -1
  189. package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
  190. package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  191. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts +2 -2
  192. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  193. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +32 -19
  194. package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  195. package/dist/custom-auth-path/interaction_client/PopupClient.d.ts.map +1 -1
  196. package/dist/custom-auth-path/interaction_client/PopupClient.mjs +6 -2
  197. package/dist/custom-auth-path/interaction_client/PopupClient.mjs.map +1 -1
  198. package/dist/custom-auth-path/interaction_client/RedirectClient.d.ts.map +1 -1
  199. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +6 -2
  200. package/dist/custom-auth-path/interaction_client/RedirectClient.mjs.map +1 -1
  201. package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
  202. package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
  203. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts +14 -0
  204. package/dist/custom-auth-path/interaction_client/SilentIframeClient.d.ts.map +1 -1
  205. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +45 -3
  206. package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs.map +1 -1
  207. package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
  208. package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
  209. package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
  210. package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
  211. package/dist/custom-auth-path/log-strings-mapping.json +47 -15
  212. package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
  213. package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
  214. package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
  215. package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
  216. package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
  217. package/dist/custom-auth-path/packageMetadata.mjs +2 -2
  218. package/dist/custom-auth-path/protocol/Authorize.d.ts.map +1 -1
  219. package/dist/custom-auth-path/protocol/Authorize.mjs +5 -1
  220. package/dist/custom-auth-path/protocol/Authorize.mjs.map +1 -1
  221. package/dist/custom-auth-path/redirect_bridge/index.d.ts.map +1 -1
  222. package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
  223. package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
  224. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts +1 -0
  225. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  226. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs +3 -2
  227. package/dist/custom-auth-path/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
  228. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
  229. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
  230. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs +8 -3
  231. package/dist/custom-auth-path/telemetry/BrowserRootPerformanceEvents.mjs.map +1 -1
  232. package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
  233. package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
  234. package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
  235. package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
  236. package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
  237. package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
  238. package/dist/encode/Base64Decode.mjs +1 -1
  239. package/dist/encode/Base64Encode.mjs +1 -1
  240. package/dist/error/BrowserAuthError.mjs +1 -1
  241. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  242. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  243. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  244. package/dist/error/NativeAuthError.d.ts.map +1 -1
  245. package/dist/error/NativeAuthError.mjs +3 -4
  246. package/dist/error/NativeAuthError.mjs.map +1 -1
  247. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  248. package/dist/error/NestedAppAuthError.mjs +1 -1
  249. package/dist/event/EventHandler.mjs +1 -1
  250. package/dist/event/EventMessage.mjs +1 -1
  251. package/dist/event/EventType.mjs +1 -1
  252. package/dist/index.mjs +1 -1
  253. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  254. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  255. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts +2 -2
  256. package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  257. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +32 -19
  258. package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
  259. package/dist/interaction_client/PopupClient.d.ts.map +1 -1
  260. package/dist/interaction_client/PopupClient.mjs +6 -2
  261. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  262. package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
  263. package/dist/interaction_client/RedirectClient.mjs +6 -2
  264. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  265. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  266. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  267. package/dist/interaction_client/SilentIframeClient.d.ts +14 -0
  268. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  269. package/dist/interaction_client/SilentIframeClient.mjs +45 -3
  270. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  271. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  272. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  273. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  274. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  275. package/dist/log-strings-mapping.json +47 -15
  276. package/dist/naa/BridgeError.mjs +1 -1
  277. package/dist/naa/BridgeProxy.mjs +1 -1
  278. package/dist/naa/BridgeStatusCode.mjs +1 -1
  279. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  280. package/dist/navigation/NavigationClient.mjs +1 -1
  281. package/dist/network/FetchClient.mjs +1 -1
  282. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  283. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  284. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  285. package/dist/packageMetadata.d.ts +1 -1
  286. package/dist/packageMetadata.mjs +2 -2
  287. package/dist/protocol/Authorize.d.ts.map +1 -1
  288. package/dist/protocol/Authorize.mjs +5 -1
  289. package/dist/protocol/Authorize.mjs.map +1 -1
  290. package/dist/redirect-bridge/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
  291. package/dist/redirect-bridge/cache/CacheKeys.d.ts +1 -0
  292. package/dist/redirect-bridge/cache/CacheKeys.d.ts.map +1 -1
  293. package/dist/redirect-bridge/cache/CacheKeys.mjs +1 -1
  294. package/dist/redirect-bridge/config/Configuration.d.ts +7 -0
  295. package/dist/redirect-bridge/config/Configuration.d.ts.map +1 -1
  296. package/dist/redirect-bridge/config/Configuration.mjs +1 -1
  297. package/dist/redirect-bridge/controllers/StandardController.d.ts +16 -0
  298. package/dist/redirect-bridge/controllers/StandardController.d.ts.map +1 -1
  299. package/dist/redirect-bridge/custom_auth/CustomAuthConstants.d.ts +1 -1
  300. package/dist/redirect-bridge/encode/Base64Decode.mjs +1 -1
  301. package/dist/redirect-bridge/error/BrowserAuthError.mjs +1 -1
  302. package/dist/redirect-bridge/error/BrowserAuthErrorCodes.mjs +1 -1
  303. package/dist/redirect-bridge/error/NativeAuthError.d.ts.map +1 -1
  304. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts +2 -2
  305. package/dist/redirect-bridge/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  306. package/dist/redirect-bridge/interaction_client/PopupClient.d.ts.map +1 -1
  307. package/dist/redirect-bridge/interaction_client/RedirectClient.d.ts.map +1 -1
  308. package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts +14 -0
  309. package/dist/redirect-bridge/interaction_client/SilentIframeClient.d.ts.map +1 -1
  310. package/dist/redirect-bridge/navigation/NavigationClient.mjs +1 -1
  311. package/dist/redirect-bridge/packageMetadata.d.ts +1 -1
  312. package/dist/redirect-bridge/protocol/Authorize.d.ts.map +1 -1
  313. package/dist/redirect-bridge/redirect_bridge/index.d.ts.map +1 -1
  314. package/dist/redirect-bridge/redirect_bridge/index.mjs +11 -7
  315. package/dist/redirect-bridge/redirect_bridge/index.mjs.map +1 -1
  316. package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts +1 -0
  317. package/dist/redirect-bridge/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  318. package/dist/redirect-bridge/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
  319. package/dist/redirect-bridge/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
  320. package/dist/redirect-bridge/utils/BrowserConstants.mjs +7 -3
  321. package/dist/redirect-bridge/utils/BrowserConstants.mjs.map +1 -1
  322. package/dist/redirect-bridge/utils/BrowserUtils.mjs +1 -1
  323. package/dist/redirect_bridge/index.d.ts.map +1 -1
  324. package/dist/request/RequestHelpers.mjs +1 -1
  325. package/dist/response/ResponseHandler.mjs +1 -1
  326. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  327. package/dist/telemetry/BrowserPerformanceEvents.d.ts +1 -0
  328. package/dist/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  329. package/dist/telemetry/BrowserPerformanceEvents.mjs +3 -2
  330. package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
  331. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  332. package/dist/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
  333. package/dist/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
  334. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +10 -3
  335. package/dist/telemetry/BrowserRootPerformanceEvents.mjs.map +1 -1
  336. package/dist/utils/BrowserConstants.mjs +1 -1
  337. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  338. package/dist/utils/BrowserUtils.mjs +1 -1
  339. package/dist/utils/Helpers.mjs +1 -1
  340. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  341. package/lib/custom-auth-path/log-strings-mapping.json +47 -15
  342. package/lib/custom-auth-path/msal-custom-auth.cjs +334 -133
  343. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  344. package/lib/custom-auth-path/types/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
  345. package/lib/custom-auth-path/types/cache/CacheKeys.d.ts +1 -0
  346. package/lib/custom-auth-path/types/cache/CacheKeys.d.ts.map +1 -1
  347. package/lib/custom-auth-path/types/config/Configuration.d.ts +7 -0
  348. package/lib/custom-auth-path/types/config/Configuration.d.ts.map +1 -1
  349. package/lib/custom-auth-path/types/controllers/StandardController.d.ts +16 -0
  350. package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
  351. package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  352. package/lib/custom-auth-path/types/error/NativeAuthError.d.ts.map +1 -1
  353. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts +2 -2
  354. package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  355. package/lib/custom-auth-path/types/interaction_client/PopupClient.d.ts.map +1 -1
  356. package/lib/custom-auth-path/types/interaction_client/RedirectClient.d.ts.map +1 -1
  357. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts +14 -0
  358. package/lib/custom-auth-path/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  359. package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
  360. package/lib/custom-auth-path/types/protocol/Authorize.d.ts.map +1 -1
  361. package/lib/custom-auth-path/types/redirect_bridge/index.d.ts.map +1 -1
  362. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts +1 -0
  363. package/lib/custom-auth-path/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  364. package/lib/custom-auth-path/types/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
  365. package/lib/custom-auth-path/types/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
  366. package/lib/log-strings-mapping.json +47 -15
  367. package/lib/msal-browser.cjs +343 -138
  368. package/lib/msal-browser.cjs.map +1 -1
  369. package/lib/msal-browser.js +343 -138
  370. package/lib/msal-browser.js.map +1 -1
  371. package/lib/msal-browser.min.js +2 -2
  372. package/lib/redirect-bridge/msal-redirect-bridge.js +24 -16
  373. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  374. package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
  375. package/lib/types/broker/nativeBroker/PlatformAuthProvider.d.ts +1 -1
  376. package/lib/types/cache/CacheKeys.d.ts +1 -0
  377. package/lib/types/cache/CacheKeys.d.ts.map +1 -1
  378. package/lib/types/config/Configuration.d.ts +7 -0
  379. package/lib/types/config/Configuration.d.ts.map +1 -1
  380. package/lib/types/controllers/StandardController.d.ts +16 -0
  381. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  382. package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
  383. package/lib/types/error/NativeAuthError.d.ts.map +1 -1
  384. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts +2 -2
  385. package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
  386. package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
  387. package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
  388. package/lib/types/interaction_client/SilentIframeClient.d.ts +14 -0
  389. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  390. package/lib/types/packageMetadata.d.ts +1 -1
  391. package/lib/types/protocol/Authorize.d.ts.map +1 -1
  392. package/lib/types/redirect_bridge/index.d.ts.map +1 -1
  393. package/lib/types/telemetry/BrowserPerformanceEvents.d.ts +1 -0
  394. package/lib/types/telemetry/BrowserPerformanceEvents.d.ts.map +1 -1
  395. package/lib/types/telemetry/BrowserRootPerformanceEvents.d.ts +6 -0
  396. package/lib/types/telemetry/BrowserRootPerformanceEvents.d.ts.map +1 -1
  397. package/package.json +2 -2
  398. package/src/broker/nativeBroker/PlatformAuthProvider.ts +1 -1
  399. package/src/cache/CacheKeys.ts +1 -0
  400. package/src/config/Configuration.ts +8 -0
  401. package/src/controllers/StandardController.ts +233 -35
  402. package/src/error/NativeAuthError.ts +1 -2
  403. package/src/interaction_client/PlatformAuthInteractionClient.ts +44 -23
  404. package/src/interaction_client/PopupClient.ts +10 -0
  405. package/src/interaction_client/RedirectClient.ts +10 -0
  406. package/src/interaction_client/SilentIframeClient.ts +123 -20
  407. package/src/packageMetadata.ts +1 -1
  408. package/src/protocol/Authorize.ts +8 -0
  409. package/src/redirect_bridge/index.ts +12 -5
  410. package/src/telemetry/BrowserPerformanceEvents.ts +3 -0
  411. package/src/telemetry/BrowserRootPerformanceEvents.ts +7 -0
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-browser v5.6.3 2026-04-01 */
1
+ /*! @azure/msal-browser v5.7.0 2026-04-16 */
2
2
  'use strict';
3
3
  (function (global, factory) {
4
4
  typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
@@ -6,7 +6,7 @@
6
6
  (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msal = {}));
7
7
  })(this, (function (exports) { 'use strict';
8
8
 
9
- /*! @azure/msal-common v16.4.1 2026-04-01 */
9
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
10
10
  /*
11
11
  * Copyright (c) Microsoft Corporation. All rights reserved.
12
12
  * Licensed under the MIT License.
@@ -238,7 +238,7 @@
238
238
  // Token renewal offset default in seconds
239
239
  const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
240
240
 
241
- /*! @azure/msal-common v16.4.1 2026-04-01 */
241
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
242
242
  /*
243
243
  * Copyright (c) Microsoft Corporation. All rights reserved.
244
244
  * Licensed under the MIT License.
@@ -290,7 +290,7 @@
290
290
  const RESOURCE = "resource";
291
291
  const CLI_DATA = "clidata";
292
292
 
293
- /*! @azure/msal-common v16.4.1 2026-04-01 */
293
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
294
294
  /*
295
295
  * Copyright (c) Microsoft Corporation. All rights reserved.
296
296
  * Licensed under the MIT License.
@@ -321,7 +321,7 @@
321
321
  return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
322
322
  }
323
323
 
324
- /*! @azure/msal-common v16.4.1 2026-04-01 */
324
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
325
325
 
326
326
  /*
327
327
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -341,7 +341,7 @@
341
341
  return new ClientConfigurationError(errorCode);
342
342
  }
343
343
 
344
- /*! @azure/msal-common v16.4.1 2026-04-01 */
344
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
345
345
  /*
346
346
  * Copyright (c) Microsoft Corporation. All rights reserved.
347
347
  * Licensed under the MIT License.
@@ -421,7 +421,7 @@
421
421
  }
422
422
  }
423
423
 
424
- /*! @azure/msal-common v16.4.1 2026-04-01 */
424
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
425
425
 
426
426
  /*
427
427
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -444,7 +444,7 @@
444
444
  return new ClientAuthError(errorCode, additionalMessage);
445
445
  }
446
446
 
447
- /*! @azure/msal-common v16.4.1 2026-04-01 */
447
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
448
448
  /*
449
449
  * Copyright (c) Microsoft Corporation. All rights reserved.
450
450
  * Licensed under the MIT License.
@@ -498,7 +498,7 @@
498
498
  urlParseError: urlParseError
499
499
  });
500
500
 
501
- /*! @azure/msal-common v16.4.1 2026-04-01 */
501
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
502
502
  /*
503
503
  * Copyright (c) Microsoft Corporation. All rights reserved.
504
504
  * Licensed under the MIT License.
@@ -586,7 +586,7 @@
586
586
  userCanceled: userCanceled
587
587
  });
588
588
 
589
- /*! @azure/msal-common v16.4.1 2026-04-01 */
589
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
590
590
 
591
591
  /*
592
592
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -781,7 +781,7 @@
781
781
  }
782
782
  }
783
783
 
784
- /*! @azure/msal-common v16.4.1 2026-04-01 */
784
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
785
785
 
786
786
  /*
787
787
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -902,18 +902,29 @@
902
902
  parameters.set(SID, sid);
903
903
  }
904
904
  /**
905
- * add claims
906
- * @param claims
907
- */
908
- function addClaims(parameters, claims, clientCapabilities) {
909
- const mergedClaims = addClientCapabilitiesToClaims$1(claims, clientCapabilities);
910
- try {
911
- JSON.parse(mergedClaims);
912
- }
913
- catch (e) {
914
- throw createClientConfigurationError(invalidClaims);
905
+ * Adds claims to request parameters, conditionally excluding clientCapabilities
906
+ * when skipBrokerClaims is true and a brokered flow is in effect.
907
+ * @param parameters - The request parameters map
908
+ * @param claims - The claims string from the request
909
+ * @param clientCapabilities - The client capabilities from configuration
910
+ * @param skipBrokerClaims - When true and BROKER_CLIENT_ID is present, excludes clientCapabilities from claims
911
+ */
912
+ function addClaims(parameters, claims, clientCapabilities, skipBrokerClaims) {
913
+ // Skip clientCapabilities if skipBrokerClaims is set to true and this is a brokered authentication flow
914
+ const configClaims = skipBrokerClaims && parameters.has(BROKER_CLIENT_ID)
915
+ ? undefined
916
+ : clientCapabilities;
917
+ if (!StringUtils.isEmptyObj(claims) ||
918
+ (configClaims && configClaims.length > 0)) {
919
+ const mergedClaims = addClientCapabilitiesToClaims$1(claims, configClaims);
920
+ try {
921
+ JSON.parse(mergedClaims);
922
+ }
923
+ catch (e) {
924
+ throw createClientConfigurationError(invalidClaims);
925
+ }
926
+ parameters.set(CLAIMS, mergedClaims);
915
927
  }
916
- parameters.set(CLAIMS, mergedClaims);
917
928
  }
918
929
  /**
919
930
  * add correlationId
@@ -1159,7 +1170,7 @@
1159
1170
  }
1160
1171
  }
1161
1172
 
1162
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1173
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1163
1174
 
1164
1175
  /*
1165
1176
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1268,7 +1279,7 @@
1268
1279
  }
1269
1280
  }
1270
1281
 
1271
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1282
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1272
1283
 
1273
1284
  /*
1274
1285
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1307,7 +1318,7 @@
1307
1318
  },
1308
1319
  };
1309
1320
 
1310
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1321
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1311
1322
  /*
1312
1323
  * Copyright (c) Microsoft Corporation. All rights reserved.
1313
1324
  * Licensed under the MIT License.
@@ -1582,12 +1593,12 @@
1582
1593
  }
1583
1594
  }
1584
1595
 
1585
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1596
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1586
1597
  /* eslint-disable header/header */
1587
1598
  const name$1 = "@azure/msal-common";
1588
- const version$1 = "16.4.1";
1599
+ const version$1 = "16.5.0";
1589
1600
 
1590
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1601
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1591
1602
  /*
1592
1603
  * Copyright (c) Microsoft Corporation. All rights reserved.
1593
1604
  * Licensed under the MIT License.
@@ -1607,7 +1618,7 @@
1607
1618
  AzureUsGovernment: "https://login.microsoftonline.us",
1608
1619
  };
1609
1620
 
1610
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1621
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1611
1622
  /*
1612
1623
  * Copyright (c) Microsoft Corporation. All rights reserved.
1613
1624
  * Licensed under the MIT License.
@@ -1689,7 +1700,7 @@
1689
1700
  return updatedAccountInfo;
1690
1701
  }
1691
1702
 
1692
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1703
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1693
1704
 
1694
1705
  /*
1695
1706
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1769,7 +1780,7 @@
1769
1780
  }
1770
1781
  }
1771
1782
 
1772
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1783
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1773
1784
 
1774
1785
  /*
1775
1786
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1926,7 +1937,7 @@
1926
1937
  }
1927
1938
  }
1928
1939
 
1929
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1940
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
1930
1941
 
1931
1942
  /*
1932
1943
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2083,7 +2094,7 @@
2083
2094
  return null;
2084
2095
  }
2085
2096
 
2086
- /*! @azure/msal-common v16.4.1 2026-04-01 */
2097
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2087
2098
  /*
2088
2099
  * Copyright (c) Microsoft Corporation. All rights reserved.
2089
2100
  * Licensed under the MIT License.
@@ -2091,7 +2102,7 @@
2091
2102
  const cacheQuotaExceeded = "cache_quota_exceeded";
2092
2103
  const cacheErrorUnknown = "cache_error_unknown";
2093
2104
 
2094
- /*! @azure/msal-common v16.4.1 2026-04-01 */
2105
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2095
2106
 
2096
2107
  /*
2097
2108
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2129,7 +2140,7 @@
2129
2140
  }
2130
2141
  }
2131
2142
 
2132
- /*! @azure/msal-common v16.4.1 2026-04-01 */
2143
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2133
2144
 
2134
2145
  /*
2135
2146
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2167,7 +2178,7 @@
2167
2178
  };
2168
2179
  }
2169
2180
 
2170
- /*! @azure/msal-common v16.4.1 2026-04-01 */
2181
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2171
2182
  /*
2172
2183
  * Copyright (c) Microsoft Corporation. All rights reserved.
2173
2184
  * Licensed under the MIT License.
@@ -2182,7 +2193,7 @@
2182
2193
  Ciam: 3,
2183
2194
  };
2184
2195
 
2185
- /*! @azure/msal-common v16.4.1 2026-04-01 */
2196
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2186
2197
  /*
2187
2198
  * Copyright (c) Microsoft Corporation. All rights reserved.
2188
2199
  * Licensed under the MIT License.
@@ -2204,7 +2215,7 @@
2204
2215
  return null;
2205
2216
  }
2206
2217
 
2207
- /*! @azure/msal-common v16.4.1 2026-04-01 */
2218
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2208
2219
  /*
2209
2220
  * Copyright (c) Microsoft Corporation. All rights reserved.
2210
2221
  * Licensed under the MIT License.
@@ -2228,7 +2239,7 @@
2228
2239
  EAR: "EAR",
2229
2240
  };
2230
2241
 
2231
- /*! @azure/msal-common v16.4.1 2026-04-01 */
2242
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2232
2243
  /**
2233
2244
  * Returns the AccountInfo interface for this account.
2234
2245
  */
@@ -2403,7 +2414,7 @@
2403
2414
  entity.hasOwnProperty("authorityType"));
2404
2415
  }
2405
2416
 
2406
- /*! @azure/msal-common v16.4.1 2026-04-01 */
2417
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
2407
2418
 
2408
2419
  /*
2409
2420
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3505,7 +3516,7 @@
3505
3516
  }
3506
3517
  }
3507
3518
 
3508
- /*! @azure/msal-common v16.4.1 2026-04-01 */
3519
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3509
3520
  /*
3510
3521
  * Copyright (c) Microsoft Corporation. All rights reserved.
3511
3522
  * Licensed under the MIT License.
@@ -3556,7 +3567,7 @@
3556
3567
  "redirectBridgeMessageVersion",
3557
3568
  ]);
3558
3569
 
3559
- /*! @azure/msal-common v16.4.1 2026-04-01 */
3570
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3560
3571
 
3561
3572
  /*
3562
3573
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3611,7 +3622,7 @@
3611
3622
  }
3612
3623
  }
3613
3624
 
3614
- /*! @azure/msal-common v16.4.1 2026-04-01 */
3625
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3615
3626
 
3616
3627
  /*
3617
3628
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3706,7 +3717,7 @@
3706
3717
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
3707
3718
  }
3708
3719
 
3709
- /*! @azure/msal-common v16.4.1 2026-04-01 */
3720
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3710
3721
  /*
3711
3722
  * Copyright (c) Microsoft Corporation. All rights reserved.
3712
3723
  * Licensed under the MIT License.
@@ -3733,7 +3744,7 @@
3733
3744
  }
3734
3745
  }
3735
3746
 
3736
- /*! @azure/msal-common v16.4.1 2026-04-01 */
3747
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3737
3748
  /*
3738
3749
  * Copyright (c) Microsoft Corporation. All rights reserved.
3739
3750
  * Licensed under the MIT License.
@@ -3798,7 +3809,7 @@
3798
3809
  return cachedAtSec > nowSeconds();
3799
3810
  }
3800
3811
 
3801
- /*! @azure/msal-common v16.4.1 2026-04-01 */
3812
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
3802
3813
 
3803
3814
  /*
3804
3815
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4057,7 +4068,7 @@
4057
4068
  return metadata.expiresAt <= nowSeconds();
4058
4069
  }
4059
4070
 
4060
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4071
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4061
4072
  /*
4062
4073
  * Copyright (c) Microsoft Corporation. All rights reserved.
4063
4074
  * Licensed under the MIT License.
@@ -4128,7 +4139,7 @@
4128
4139
  const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
4129
4140
  const SetUserData = "setUserData";
4130
4141
 
4131
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4142
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4132
4143
  /*
4133
4144
  * Copyright (c) Microsoft Corporation. All rights reserved.
4134
4145
  * Licensed under the MIT License.
@@ -4221,7 +4232,7 @@
4221
4232
  };
4222
4233
  };
4223
4234
 
4224
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4235
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4225
4236
 
4226
4237
  /*
4227
4238
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4301,7 +4312,7 @@
4301
4312
  }
4302
4313
  }
4303
4314
 
4304
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4315
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4305
4316
  /*
4306
4317
  * Copyright (c) Microsoft Corporation. All rights reserved.
4307
4318
  * Licensed under the MIT License.
@@ -4365,7 +4376,7 @@
4365
4376
  uxNotAllowed: uxNotAllowed
4366
4377
  });
4367
4378
 
4368
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4379
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4369
4380
 
4370
4381
  /*
4371
4382
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4433,7 +4444,7 @@
4433
4444
  return new InteractionRequiredAuthError(errorCode, errorMessage);
4434
4445
  }
4435
4446
 
4436
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4447
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4437
4448
 
4438
4449
  /*
4439
4450
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4452,7 +4463,7 @@
4452
4463
  }
4453
4464
  }
4454
4465
 
4455
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4466
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4456
4467
 
4457
4468
  /*
4458
4469
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4520,7 +4531,7 @@
4520
4531
  }
4521
4532
  }
4522
4533
 
4523
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4534
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4524
4535
 
4525
4536
  /*
4526
4537
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4868,7 +4879,7 @@
4868
4879
  return baseAccount;
4869
4880
  }
4870
4881
 
4871
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4882
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4872
4883
  /*
4873
4884
  * Copyright (c) Microsoft Corporation. All rights reserved.
4874
4885
  * Licensed under the MIT License.
@@ -4878,7 +4889,7 @@
4878
4889
  UPN: "UPN",
4879
4890
  };
4880
4891
 
4881
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4892
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4882
4893
  /*
4883
4894
  * Copyright (c) Microsoft Corporation. All rights reserved.
4884
4895
  * Licensed under the MIT License.
@@ -4896,7 +4907,7 @@
4896
4907
  }
4897
4908
  }
4898
4909
 
4899
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4910
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4900
4911
  /*
4901
4912
  * Copyright (c) Microsoft Corporation. All rights reserved.
4902
4913
  * Licensed under the MIT License.
@@ -4917,7 +4928,7 @@
4917
4928
  };
4918
4929
  }
4919
4930
 
4920
- /*! @azure/msal-common v16.4.1 2026-04-01 */
4931
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
4921
4932
 
4922
4933
  /*
4923
4934
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5003,7 +5014,7 @@
5003
5014
  }
5004
5015
  }
5005
5016
 
5006
- /*! @azure/msal-common v16.4.1 2026-04-01 */
5017
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5007
5018
 
5008
5019
  /*
5009
5020
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5034,7 +5045,7 @@
5034
5045
  return new NetworkError(error, httpStatus, responseHeaders);
5035
5046
  }
5036
5047
 
5037
- /*! @azure/msal-common v16.4.1 2026-04-01 */
5048
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5038
5049
 
5039
5050
  /*
5040
5051
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5148,7 +5159,7 @@
5148
5159
  return response;
5149
5160
  }
5150
5161
 
5151
- /*! @azure/msal-common v16.4.1 2026-04-01 */
5162
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5152
5163
  /*
5153
5164
  * Copyright (c) Microsoft Corporation. All rights reserved.
5154
5165
  * Licensed under the MIT License.
@@ -5160,7 +5171,7 @@
5160
5171
  response.hasOwnProperty("jwks_uri"));
5161
5172
  }
5162
5173
 
5163
- /*! @azure/msal-common v16.4.1 2026-04-01 */
5174
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5164
5175
  /*
5165
5176
  * Copyright (c) Microsoft Corporation. All rights reserved.
5166
5177
  * Licensed under the MIT License.
@@ -5170,7 +5181,7 @@
5170
5181
  response.hasOwnProperty("metadata"));
5171
5182
  }
5172
5183
 
5173
- /*! @azure/msal-common v16.4.1 2026-04-01 */
5184
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5174
5185
  /*
5175
5186
  * Copyright (c) Microsoft Corporation. All rights reserved.
5176
5187
  * Licensed under the MIT License.
@@ -5180,7 +5191,7 @@
5180
5191
  response.hasOwnProperty("error_description"));
5181
5192
  }
5182
5193
 
5183
- /*! @azure/msal-common v16.4.1 2026-04-01 */
5194
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5184
5195
 
5185
5196
  /*
5186
5197
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5285,7 +5296,7 @@
5285
5296
  },
5286
5297
  };
5287
5298
 
5288
- /*! @azure/msal-common v16.4.1 2026-04-01 */
5299
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
5289
5300
 
5290
5301
  /*
5291
5302
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6105,7 +6116,7 @@
6105
6116
  };
6106
6117
  }
6107
6118
 
6108
- /*! @azure/msal-common v16.4.1 2026-04-01 */
6119
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6109
6120
 
6110
6121
  /*
6111
6122
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6139,7 +6150,7 @@
6139
6150
  }
6140
6151
  }
6141
6152
 
6142
- /*! @azure/msal-common v16.4.1 2026-04-01 */
6153
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6143
6154
 
6144
6155
  /*
6145
6156
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6304,11 +6315,6 @@
6304
6315
  throw createClientConfigurationError(missingSshJwk);
6305
6316
  }
6306
6317
  }
6307
- if (!StringUtils.isEmptyObj(request.claims) ||
6308
- (this.config.authOptions.clientCapabilities &&
6309
- this.config.authOptions.clientCapabilities.length > 0)) {
6310
- addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
6311
- }
6312
6318
  let ccsCred = undefined;
6313
6319
  if (request.clientInfo) {
6314
6320
  try {
@@ -6357,6 +6363,7 @@
6357
6363
  });
6358
6364
  }
6359
6365
  instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
6366
+ addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities, request.skipBrokerClaims);
6360
6367
  return mapToQueryString(parameters);
6361
6368
  }
6362
6369
  /**
@@ -6400,7 +6407,7 @@
6400
6407
  }
6401
6408
  }
6402
6409
 
6403
- /*! @azure/msal-common v16.4.1 2026-04-01 */
6410
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6404
6411
 
6405
6412
  /*
6406
6413
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6590,11 +6597,6 @@
6590
6597
  throw createClientConfigurationError(missingSshJwk);
6591
6598
  }
6592
6599
  }
6593
- if (!StringUtils.isEmptyObj(request.claims) ||
6594
- (this.config.authOptions.clientCapabilities &&
6595
- this.config.authOptions.clientCapabilities.length > 0)) {
6596
- addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
6597
- }
6598
6600
  if (this.config.systemOptions.preventCorsPreflight &&
6599
6601
  request.ccsCredential) {
6600
6602
  switch (request.ccsCredential.type) {
@@ -6621,11 +6623,12 @@
6621
6623
  });
6622
6624
  }
6623
6625
  instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
6626
+ addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities, request.skipBrokerClaims);
6624
6627
  return mapToQueryString(parameters);
6625
6628
  }
6626
6629
  }
6627
6630
 
6628
- /*! @azure/msal-common v16.4.1 2026-04-01 */
6631
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6629
6632
 
6630
6633
  /*
6631
6634
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6741,7 +6744,7 @@
6741
6744
  }
6742
6745
  }
6743
6746
 
6744
- /*! @azure/msal-common v16.4.1 2026-04-01 */
6747
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6745
6748
 
6746
6749
  /*
6747
6750
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6756,7 +6759,7 @@
6756
6759
  },
6757
6760
  };
6758
6761
 
6759
- /*! @azure/msal-common v16.4.1 2026-04-01 */
6762
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6760
6763
 
6761
6764
  /*
6762
6765
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6880,14 +6883,10 @@
6880
6883
  if (request.state) {
6881
6884
  addState(parameters, request.state);
6882
6885
  }
6883
- if (request.claims ||
6884
- (authOptions.clientCapabilities &&
6885
- authOptions.clientCapabilities.length > 0)) {
6886
- addClaims(parameters, request.claims, authOptions.clientCapabilities);
6887
- }
6888
6886
  if (request.embeddedClientId) {
6889
6887
  addBrokerParameters(parameters, authOptions.clientId, authOptions.redirectUri);
6890
6888
  }
6889
+ addClaims(parameters, request.claims, authOptions.clientCapabilities, request.skipBrokerClaims);
6891
6890
  // If extraQueryParameters includes instance_aware its value will be added when extraQueryParameters are added
6892
6891
  if (authOptions.instanceAware &&
6893
6892
  (!request.extraQueryParameters ||
@@ -6983,7 +6982,7 @@
6983
6982
  return account.loginHint || account.idTokenClaims?.login_hint || null;
6984
6983
  }
6985
6984
 
6986
- /*! @azure/msal-common v16.4.1 2026-04-01 */
6985
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
6987
6986
 
6988
6987
  /*
6989
6988
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7016,7 +7015,7 @@
7016
7015
  return Object.prototype.hasOwnProperty.call(params, "resource");
7017
7016
  }
7018
7017
 
7019
- /*! @azure/msal-common v16.4.1 2026-04-01 */
7018
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7020
7019
 
7021
7020
  /*
7022
7021
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7074,7 +7073,7 @@
7074
7073
  }
7075
7074
  }
7076
7075
 
7077
- /*! @azure/msal-common v16.4.1 2026-04-01 */
7076
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7078
7077
  /*
7079
7078
  * Copyright (c) Microsoft Corporation. All rights reserved.
7080
7079
  * Licensed under the MIT License.
@@ -7091,7 +7090,7 @@
7091
7090
  unexpectedError: unexpectedError
7092
7091
  });
7093
7092
 
7094
- /*! @azure/msal-common v16.4.1 2026-04-01 */
7093
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7095
7094
 
7096
7095
  /*
7097
7096
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7352,7 +7351,7 @@
7352
7351
  }
7353
7352
  }
7354
7353
 
7355
- /*! @azure/msal-common v16.4.1 2026-04-01 */
7354
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7356
7355
 
7357
7356
  /*
7358
7357
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7373,7 +7372,7 @@
7373
7372
  return new JoseHeaderError(code);
7374
7373
  }
7375
7374
 
7376
- /*! @azure/msal-common v16.4.1 2026-04-01 */
7375
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7377
7376
  /*
7378
7377
  * Copyright (c) Microsoft Corporation. All rights reserved.
7379
7378
  * Licensed under the MIT License.
@@ -7381,7 +7380,7 @@
7381
7380
  const missingKidError = "missing_kid_error";
7382
7381
  const missingAlgError = "missing_alg_error";
7383
7382
 
7384
- /*! @azure/msal-common v16.4.1 2026-04-01 */
7383
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7385
7384
 
7386
7385
  /*
7387
7386
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7421,7 +7420,7 @@
7421
7420
  }
7422
7421
  }
7423
7422
 
7424
- /*! @azure/msal-common v16.4.1 2026-04-01 */
7423
+ /*! @azure/msal-common v16.5.0 2026-04-16 */
7425
7424
 
7426
7425
  /*
7427
7426
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8006,6 +8005,7 @@
8006
8005
  * Used to acquire a token from Native component when native brokering is enabled.
8007
8006
  */
8008
8007
  const NativeInteractionClientAcquireToken = "nativeInteractionClientAcquireToken";
8008
+ const NativeInteractionClientAcquireTokenRedirect = "nativeInteractionClientAcquireToken";
8009
8009
  /**
8010
8010
  * acquireTokenByRefreshToken API in RefreshTokenClient (msal-common).
8011
8011
  */
@@ -8079,7 +8079,7 @@
8079
8079
  * Background telemetry measurement that tracks whether a late bridge response
8080
8080
  * arrives after the iframe timeout has already fired.
8081
8081
  */
8082
- const WaitForBridgeLateResponse = "waitForBridgeLateResponse";
8082
+ const WaitForBridgeLateResponse$1 = "waitForBridgeLateResponse";
8083
8083
 
8084
8084
  /*
8085
8085
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -9005,7 +9005,7 @@
9005
9005
  // Clear the active monitor
9006
9006
  activeBridgeMonitor = null;
9007
9007
  if (experimentalConfig?.iframeTimeoutTelemetry) {
9008
- lateMeasurement = performanceClient.startMeasurement(WaitForBridgeLateResponse, correlationId);
9008
+ lateMeasurement = performanceClient.startMeasurement(WaitForBridgeLateResponse$1, correlationId);
9009
9009
  timedOut$1 = true;
9010
9010
  lateTimeoutId = window.setTimeout(() => {
9011
9011
  lateMeasurement?.end({ success: false });
@@ -9806,7 +9806,14 @@
9806
9806
  // Update cache storage
9807
9807
  const LocalStorageUpdated = "localStorageUpdated";
9808
9808
  // Load external tokens
9809
- const LoadExternalTokens = "loadExternalTokens";
9809
+ const LoadExternalTokens = "loadExternalTokens";
9810
+ /**
9811
+ * SSO capability verification call (msal-browser).
9812
+ * Fire-and-forget SSO verification call made after interactive authentication completes.
9813
+ */
9814
+ const SsoCapable = "ssoCapable";
9815
+ // Wait for late response from bridge after timeout has already occurred
9816
+ const WaitForBridgeLateResponse = "waitForBridgeLateResponse";
9810
9817
 
9811
9818
  var BrowserRootPerformanceEvents = /*#__PURE__*/Object.freeze({
9812
9819
  __proto__: null,
@@ -9818,7 +9825,9 @@
9818
9825
  InitializeClientApplication: InitializeClientApplication,
9819
9826
  LoadExternalTokens: LoadExternalTokens,
9820
9827
  LocalStorageUpdated: LocalStorageUpdated,
9821
- SsoSilent: SsoSilent
9828
+ SsoCapable: SsoCapable,
9829
+ SsoSilent: SsoSilent,
9830
+ WaitForBridgeLateResponse: WaitForBridgeLateResponse
9822
9831
  });
9823
9832
 
9824
9833
  /*
@@ -9837,6 +9846,7 @@
9837
9846
  const VERSION_CACHE_KEY = `${PREFIX}.version`;
9838
9847
  const ACCOUNT_KEYS = "account.keys";
9839
9848
  const TOKEN_KEYS = "token.keys";
9849
+ const SSO_CAPABLE = `${PREFIX}.${BROWSER_PREFIX}.sso.capable`;
9840
9850
  function getAccountKeysCacheKey(schema = ACCOUNT_SCHEMA_VERSION) {
9841
9851
  if (schema < 1) {
9842
9852
  return `${PREFIX}.${ACCOUNT_KEYS}`;
@@ -10335,7 +10345,7 @@
10335
10345
 
10336
10346
  /* eslint-disable header/header */
10337
10347
  const name = "@azure/msal-browser";
10338
- const version = "5.6.3";
10348
+ const version = "5.7.0";
10339
10349
 
10340
10350
  /*
10341
10351
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -12438,7 +12448,6 @@
12438
12448
  const USER_INTERACTION_REQUIRED = "USER_INTERACTION_REQUIRED";
12439
12449
  const USER_CANCEL = "USER_CANCEL";
12440
12450
  const NO_NETWORK = "NO_NETWORK";
12441
- const PERSISTENT_ERROR = "PERSISTENT_ERROR";
12442
12451
  const DISABLED = "DISABLED";
12443
12452
  const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
12444
12453
  const UX_NOT_ALLOWED = "UX_NOT_ALLOWED";
@@ -12462,8 +12471,7 @@
12462
12471
  function isFatalNativeAuthError(error) {
12463
12472
  if (error.ext &&
12464
12473
  error.ext.status &&
12465
- (error.ext.status === PERSISTENT_ERROR ||
12466
- error.ext.status === DISABLED)) {
12474
+ error.ext.status === DISABLED) {
12467
12475
  return true;
12468
12476
  }
12469
12477
  if (error.ext &&
@@ -12589,12 +12597,12 @@
12589
12597
  async acquireToken(request, cacheLookupPolicy) {
12590
12598
  this.logger.trace("03qeos", this.correlationId);
12591
12599
  // start the perf measurement
12592
- const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken, request.correlationId);
12600
+ const nativeATMeasurement = this.performanceClient.startMeasurement(NativeInteractionClientAcquireToken, this.correlationId);
12593
12601
  const reqTimestamp = nowSeconds();
12594
12602
  const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
12595
12603
  try {
12596
12604
  // initialize native request
12597
- const nativeRequest = await this.initializeNativeRequest(request);
12605
+ const nativeRequest = await this.initializePlatformRequest(request);
12598
12606
  // check if the tokens can be retrieved from internal cache
12599
12607
  try {
12600
12608
  const result = await this.acquireTokensFromCache(this.accountId, nativeRequest);
@@ -12608,6 +12616,10 @@
12608
12616
  catch (e) {
12609
12617
  if (cacheLookupPolicy === CacheLookupPolicy.AccessToken) {
12610
12618
  this.logger.info("0eitbc", this.correlationId);
12619
+ nativeATMeasurement.end({
12620
+ success: false,
12621
+ brokerErrorCode: "cache_request_failed",
12622
+ });
12611
12623
  throw e;
12612
12624
  }
12613
12625
  // continue with a native call for any and all errors
@@ -12629,7 +12641,6 @@
12629
12641
  success: false,
12630
12642
  errorCode: error.errorCode,
12631
12643
  subErrorCode: error.subError,
12632
- isNativeBroker: true,
12633
12644
  });
12634
12645
  throw error;
12635
12646
  });
@@ -12638,6 +12649,9 @@
12638
12649
  if (e instanceof NativeAuthError) {
12639
12650
  serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode);
12640
12651
  }
12652
+ nativeATMeasurement.end({
12653
+ success: false,
12654
+ });
12641
12655
  throw e;
12642
12656
  }
12643
12657
  }
@@ -12670,7 +12684,7 @@
12670
12684
  // fetch the account from browser cache
12671
12685
  const account = this.browserStorage.getBaseAccountInfo({
12672
12686
  nativeAccountId,
12673
- }, request.correlationId);
12687
+ }, this.correlationId);
12674
12688
  if (!account) {
12675
12689
  throw createClientAuthError(noAccountFound);
12676
12690
  }
@@ -12700,7 +12714,7 @@
12700
12714
  */
12701
12715
  async acquireTokenRedirect(request, rootMeasurement, options) {
12702
12716
  this.logger.trace("0luikq", this.correlationId);
12703
- const nativeRequest = await this.initializeNativeRequest(request);
12717
+ const nativeRequest = await this.initializePlatformRequest(request);
12704
12718
  const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
12705
12719
  try {
12706
12720
  await this.platformAuthProvider.sendMessage(nativeRequest);
@@ -12732,7 +12746,7 @@
12732
12746
  * @param performanceClient {IPerformanceClient?}
12733
12747
  * @param correlationId {string?} correlation identifier
12734
12748
  */
12735
- async handleRedirectPromise(performanceClient, correlationId) {
12749
+ async handleRedirectPromise() {
12736
12750
  this.logger.trace("1c5lhw", this.correlationId);
12737
12751
  if (!this.browserStorage.isInteractionInProgress(true)) {
12738
12752
  this.logger.info("0le6uv", this.correlationId);
@@ -12742,9 +12756,7 @@
12742
12756
  const cachedRequest = this.browserStorage.getCachedNativeRequest();
12743
12757
  if (!cachedRequest) {
12744
12758
  this.logger.verbose("0a6zjb", this.correlationId);
12745
- if (performanceClient && correlationId) {
12746
- performanceClient?.addFields({ errorCode: "no_cached_request" }, correlationId);
12747
- }
12759
+ this.performanceClient?.addFields({ errorCode: "no_cached_request" }, this.correlationId);
12748
12760
  return null;
12749
12761
  }
12750
12762
  const { prompt, ...request } = cachedRequest;
@@ -12759,6 +12771,7 @@
12759
12771
  const authResult = await this.handleNativeResponse(response, request, reqTimestamp);
12760
12772
  const serverTelemetryManager = initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
12761
12773
  serverTelemetryManager.clearNativeBrokerErrorCode();
12774
+ this.performanceClient?.addFields({ isNativeBroker: true }, this.correlationId);
12762
12775
  return authResult;
12763
12776
  }
12764
12777
  catch (e) {
@@ -13027,15 +13040,23 @@
13027
13040
  * Translates developer provided request object into NativeRequest object
13028
13041
  * @param request
13029
13042
  */
13030
- async initializeNativeRequest(request) {
13031
- this.logger.trace("04j6wj", this.correlationId);
13043
+ async initializePlatformRequest(request) {
13044
+ this.logger.trace("1xdm2a", this.correlationId);
13032
13045
  const canonicalAuthority = await this.getCanonicalAuthority(request);
13046
+ // ignore config claims if skipBrokerClaims is set to true and this is a brokered authentication flow
13047
+ const configClaims = request.skipBrokerClaims && !!request.embeddedClientId
13048
+ ? undefined
13049
+ : this.config.auth.clientCapabilities;
13033
13050
  // scopes are expected to be received by the native broker as "scope" and will be added to the request below. Other properties that should be dropped from the request to the native broker can be included in the object destructuring here.
13034
- const { scopes, ...remainingProperties } = request;
13051
+ const { scopes, claims, ...remainingProperties } = request;
13035
13052
  const scopeSet = new ScopeSet(scopes || []);
13036
13053
  scopeSet.appendScopes(OIDC_DEFAULT_SCOPES$1);
13054
+ const mergedClaims = configClaims && configClaims.length
13055
+ ? addClientCapabilitiesToClaims$1(claims, configClaims)
13056
+ : claims;
13037
13057
  const validatedRequest = {
13038
13058
  ...remainingProperties,
13059
+ claims: mergedClaims,
13039
13060
  accountId: this.accountId,
13040
13061
  clientId: this.config.auth.clientId,
13041
13062
  authority: canonicalAuthority.urlString,
@@ -13105,12 +13126,12 @@
13105
13126
  switch (this.apiId) {
13106
13127
  case ApiId.ssoSilent:
13107
13128
  case ApiId.acquireTokenSilent_silentFlow:
13108
- this.logger.trace("1hiwaz", this.correlationId);
13129
+ this.logger.trace("12n1y2", this.correlationId);
13109
13130
  return PromptValue$1.NONE;
13110
13131
  }
13111
13132
  // Prompt not provided, request may proceed and native broker decides if it needs to prompt
13112
13133
  if (!prompt) {
13113
- this.logger.trace("1qlu04", this.correlationId);
13134
+ this.logger.trace("0uid1p", this.correlationId);
13114
13135
  return undefined;
13115
13136
  }
13116
13137
  // If request is interactive, check if prompt provided is allowed to go directly to native broker
@@ -13118,10 +13139,10 @@
13118
13139
  case PromptValue$1.NONE:
13119
13140
  case PromptValue$1.CONSENT:
13120
13141
  case PromptValue$1.LOGIN:
13121
- this.logger.trace("1ynje4", this.correlationId);
13142
+ this.logger.trace("0i0hco", this.correlationId);
13122
13143
  return prompt;
13123
13144
  default:
13124
- this.logger.trace("0nkr6q", this.correlationId);
13145
+ this.logger.trace("0w3tpw", this.correlationId);
13125
13146
  throw createBrowserAuthError(nativePromptNotSupported);
13126
13147
  }
13127
13148
  }
@@ -13157,7 +13178,7 @@
13157
13178
  this.performanceClient?.addFields({
13158
13179
  embeddedClientId: child_client_id,
13159
13180
  embeddedRedirectUri: child_redirect_uri,
13160
- }, request.correlationId);
13181
+ }, this.correlationId);
13161
13182
  }
13162
13183
  }
13163
13184
 
@@ -13244,6 +13265,10 @@
13244
13265
  if (request.platformBroker) {
13245
13266
  // signal ests that this is a WAM call
13246
13267
  addNativeBroker(parameters);
13268
+ // instrument JS-platform bridge specific fields
13269
+ performanceClient.addFields({
13270
+ isPlatformAuthorizeRequest: true,
13271
+ }, request.correlationId);
13247
13272
  // pass the req_cnf for POP
13248
13273
  if (request.authenticationScheme === AuthenticationScheme$1.POP) {
13249
13274
  const cryptoOps = new CryptoOps(logger, performanceClient);
@@ -13713,6 +13738,7 @@
13713
13738
  },
13714
13739
  instanceAware: false,
13715
13740
  isMcp: false,
13741
+ verifySSO: false,
13716
13742
  };
13717
13743
  // Default cache options for browser
13718
13744
  const DEFAULT_CACHE_OPTIONS = {
@@ -14265,7 +14291,7 @@
14265
14291
  }
14266
14292
  }
14267
14293
  /**
14268
- * Returns boolean indicating whether or not the request should attempt to use native broker
14294
+ * Returns boolean indicating whether or not the request should attempt to use platform broker
14269
14295
  * @param logger
14270
14296
  * @param config
14271
14297
  * @param correlationId
@@ -14547,6 +14573,10 @@
14547
14573
  return;
14548
14574
  }
14549
14575
  }
14576
+ // Redirect bridge requires "state" param to work properly
14577
+ validRequest.state = setRequestState(this.browserCrypto, validRequest.state || "", {
14578
+ interactionType: exports.InteractionType.Popup,
14579
+ });
14550
14580
  // Create logout string and navigate user window to logout.
14551
14581
  const logoutUri = authClient.getLogoutUri(validRequest);
14552
14582
  this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, validRequest.correlationId, exports.InteractionType.Popup, validRequest);
@@ -15087,6 +15117,10 @@
15087
15117
  }
15088
15118
  }
15089
15119
  }
15120
+ // Redirect bridge requires "state" param to work properly
15121
+ validLogoutRequest.state = setRequestState(this.browserCrypto, validLogoutRequest.state || "", {
15122
+ interactionType: exports.InteractionType.Redirect,
15123
+ });
15090
15124
  // Create logout string and navigate user window to logout.
15091
15125
  const logoutUri = authClient.getLogoutUri(validLogoutRequest);
15092
15126
  if (validLogoutRequest.account?.homeAccountId) {
@@ -15335,6 +15369,38 @@
15335
15369
  return invokeAsync(handleResponseEAR, HandleResponseEar, this.logger, this.performanceClient, correlationId)(silentRequest, serverParams, this.apiId, this.config, discoveredAuthority, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
15336
15370
  }
15337
15371
  }
15372
+ /**
15373
+ * Verifies SSO capability by making an iframe request to /authorize without exchanging the code for tokens.
15374
+ * This is useful for verifying SSO capability in the background without the overhead of a full token exchange.
15375
+ * @param request - The SSO silent request
15376
+ * @returns true if SSO verification was successful with a valid authorization code, false otherwise
15377
+ */
15378
+ async verifySso(request) {
15379
+ const inputRequest = { ...request };
15380
+ if (!inputRequest.prompt) {
15381
+ inputRequest.prompt = PromptValue$1.NONE;
15382
+ }
15383
+ // Create silent request
15384
+ const silentRequest = await invokeAsync(initializeAuthorizationRequest, StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(inputRequest, exports.InteractionType.Silent, this.config, this.browserCrypto, this.browserStorage, this.logger, this.performanceClient, this.correlationId);
15385
+ const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
15386
+ serverTelemetryManager: initializeServerTelemetryManager(this.apiId, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger),
15387
+ requestAuthority: silentRequest.authority,
15388
+ requestAzureCloudOptions: silentRequest.azureCloudOptions,
15389
+ requestExtraQueryParameters: silentRequest.extraQueryParameters,
15390
+ account: silentRequest.account,
15391
+ });
15392
+ const { serverParams } = await this.silentAuthorizeHelper(authClient, silentRequest);
15393
+ const correlationId = silentRequest.correlationId;
15394
+ // Validate the response - this checks for errors and validates state
15395
+ validateAuthorizationResponse(serverParams, silentRequest.state);
15396
+ // Verify a valid authorization code is present
15397
+ if (!serverParams.code) {
15398
+ this.logger.warning("0y34ti", correlationId);
15399
+ return false;
15400
+ }
15401
+ this.logger.verbose("0kkkcj", correlationId);
15402
+ return true;
15403
+ }
15338
15404
  /**
15339
15405
  * Currently Unsupported
15340
15406
  */
@@ -15349,6 +15415,16 @@
15349
15415
  * @param userRequestScopes
15350
15416
  */
15351
15417
  async silentTokenHelper(authClient, request) {
15418
+ const { serverParams, pkceCodes } = await this.silentAuthorizeHelper(authClient, request);
15419
+ return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, request.correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
15420
+ }
15421
+ /**
15422
+ * Shared helper that generates PKCE codes, builds the /authorize URL,
15423
+ * loads it in a hidden iframe, waits for the redirect-bridge response,
15424
+ * and returns the deserialized server parameters along with the PKCE codes
15425
+ * and the request that was sent.
15426
+ */
15427
+ async silentAuthorizeHelper(authClient, request) {
15352
15428
  const correlationId = request.correlationId;
15353
15429
  const pkceCodes = await invokeAsync(generatePkceCodes, GeneratePkceCodes, this.logger, this.performanceClient, correlationId)(this.performanceClient, this.logger, correlationId);
15354
15430
  const silentRequest = {
@@ -15375,7 +15451,7 @@
15375
15451
  invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
15376
15452
  }
15377
15453
  const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
15378
- return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceCodes.verifier, this.apiId, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
15454
+ return { serverParams, pkceCodes, silentRequest };
15379
15455
  }
15380
15456
  }
15381
15457
 
@@ -15754,22 +15830,25 @@
15754
15830
  }
15755
15831
  const loggedInAccounts = this.getAllAccounts();
15756
15832
  const platformBrokerRequest = this.browserStorage.getCachedNativeRequest();
15757
- const useNative = platformBrokerRequest &&
15758
- this.platformAuthProvider &&
15759
- !options?.hash;
15833
+ const useNative = platformBrokerRequest && !options?.hash;
15760
15834
  let rootMeasurement;
15761
15835
  let redirectResponse;
15836
+ let cachedRedirectRequest;
15762
15837
  try {
15763
15838
  if (useNative && this.platformAuthProvider) {
15764
15839
  const correlationId = platformBrokerRequest?.correlationId || "";
15765
15840
  this.eventHandler.emitEvent(EventType.HANDLE_REDIRECT_START, correlationId, exports.InteractionType.Redirect);
15766
15841
  rootMeasurement = this.performanceClient.startMeasurement(AcquireTokenRedirect, correlationId);
15767
15842
  this.logger.trace("12v7is", correlationId);
15843
+ rootMeasurement.add({
15844
+ isPlatformBrokerRequest: true,
15845
+ });
15768
15846
  const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.handleRedirectPromise, this.performanceClient, this.platformAuthProvider, platformBrokerRequest.accountId, this.nativeInternalStorage, platformBrokerRequest.correlationId);
15769
- redirectResponse = invokeAsync(nativeClient.handleRedirectPromise.bind(nativeClient), HandleNativeRedirectPromiseMeasurement, this.logger, this.performanceClient, rootMeasurement.event.correlationId)(this.performanceClient, rootMeasurement.event.correlationId);
15847
+ redirectResponse = invokeAsync(nativeClient.handleRedirectPromise.bind(nativeClient), HandleNativeRedirectPromiseMeasurement, this.logger, this.performanceClient, rootMeasurement.event.correlationId)();
15770
15848
  }
15771
15849
  else {
15772
15850
  const [standardRequest, codeVerifier] = this.browserStorage.getCachedRequest("");
15851
+ cachedRedirectRequest = standardRequest;
15773
15852
  const correlationId = standardRequest.correlationId;
15774
15853
  this.eventHandler.emitEvent(EventType.HANDLE_REDIRECT_START, correlationId, exports.InteractionType.Redirect);
15775
15854
  // Reset rootMeasurement now that we have correlationId
@@ -15798,6 +15877,8 @@
15798
15877
  rootMeasurement.end({
15799
15878
  success: true,
15800
15879
  }, undefined, result.account);
15880
+ // Fire-and-forget SSO capability verification in background
15881
+ this.verifySsoCapability(cachedRedirectRequest, exports.InteractionType.Redirect);
15801
15882
  }
15802
15883
  else {
15803
15884
  /*
@@ -15863,12 +15944,14 @@
15863
15944
  if (this.platformAuthProvider &&
15864
15945
  this.canUsePlatformBroker(request)) {
15865
15946
  const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.acquireTokenRedirect, this.performanceClient, this.platformAuthProvider, this.getNativeAccountId(request), this.nativeInternalStorage, correlationId);
15866
- result = nativeClient
15867
- .acquireTokenRedirect(request, atrMeasurement)
15868
- .catch((e) => {
15947
+ result = invokeAsync(nativeClient.acquireTokenRedirect.bind(nativeClient), NativeInteractionClientAcquireTokenRedirect, this.logger, this.performanceClient, correlationId)(request, atrMeasurement).catch((e) => {
15948
+ atrMeasurement.add({
15949
+ brokerErrorName: e.name,
15950
+ brokerErrorCode: e.errorCode,
15951
+ });
15869
15952
  if (e instanceof NativeAuthError &&
15870
15953
  isFatalNativeAuthError(e)) {
15871
- this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
15954
+ this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
15872
15955
  const redirectClient = this.createRedirectClient(correlationId);
15873
15956
  return redirectClient.acquireToken(request);
15874
15957
  }
@@ -15934,6 +16017,9 @@
15934
16017
  let result;
15935
16018
  const pkce = this.getPreGeneratedPkceCodes(correlationId);
15936
16019
  if (this.canUsePlatformBroker(request)) {
16020
+ atPopupMeasurement.add({
16021
+ isPlatformBrokerRequest: true,
16022
+ });
15937
16023
  result = this.acquireTokenNative({
15938
16024
  ...request,
15939
16025
  correlationId,
@@ -15946,9 +16032,13 @@
15946
16032
  return response;
15947
16033
  })
15948
16034
  .catch((e) => {
16035
+ atPopupMeasurement.add({
16036
+ brokerErrorName: e.name,
16037
+ brokerErrorCode: e.errorCode,
16038
+ });
15949
16039
  if (e instanceof NativeAuthError &&
15950
16040
  isFatalNativeAuthError(e)) {
15951
- this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
16041
+ this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
15952
16042
  const popupClient = this.createPopupClient(correlationId);
15953
16043
  return popupClient.acquireToken(request, pkce);
15954
16044
  }
@@ -15979,6 +16069,8 @@
15979
16069
  accessTokenSize: result.accessToken.length,
15980
16070
  idTokenSize: result.idToken.length,
15981
16071
  }, undefined, result.account);
16072
+ // SSO capability verification in background
16073
+ this.verifySsoCapability(request, exports.InteractionType.Popup);
15982
16074
  return result;
15983
16075
  })
15984
16076
  .catch((e) => {
@@ -16031,6 +16123,103 @@
16031
16123
  window.removeEventListener("online", listener);
16032
16124
  window.removeEventListener("offline", listener);
16033
16125
  }
16126
+ /**
16127
+ * Reads the cached ssoCapable value from localStorage.
16128
+ * @returns The cached ssoCapable boolean value, or undefined if not cached or expired.
16129
+ */
16130
+ getCachedSsoCapable() {
16131
+ try {
16132
+ const cachedValue = window.localStorage.getItem(SSO_CAPABLE);
16133
+ if (cachedValue) {
16134
+ const parsed = JSON.parse(cachedValue);
16135
+ if (parsed &&
16136
+ typeof parsed.ssoCapable === "boolean" &&
16137
+ parsed.expiresOn &&
16138
+ Date.now() < parsed.expiresOn) {
16139
+ return parsed.ssoCapable;
16140
+ }
16141
+ }
16142
+ }
16143
+ catch {
16144
+ // If parsing fails, return undefined
16145
+ }
16146
+ return undefined;
16147
+ }
16148
+ /**
16149
+ * SSO capability verification in the background.
16150
+ * This method makes an iframe request to /authorize to verify SSO capability without calling /token.
16151
+ * This method does not block the caller and tracks telemetry for success/failure.
16152
+ * This method only executes if verifySSO is set to true in the auth configuration.
16153
+ * The result is cached in localStorage with a 24-hour TTL; the SSO verification call
16154
+ * is only attempted when the cached value is absent or expired.
16155
+ * @param request - The original request used for the authentication flow
16156
+ * @param interactionType - The interactionType of the AT operation for logging purposes
16157
+ */
16158
+ verifySsoCapability(request, interactionType) {
16159
+ // Check if SSO capability verification is enabled
16160
+ if (!this.config.auth.verifySSO) {
16161
+ return;
16162
+ }
16163
+ // Check TTL: derive ssoCapable state from localStorage and skip if not expired
16164
+ const ssoCacheKey = SSO_CAPABLE;
16165
+ const SSO_CAPABLE_TTL_MS = 24 * 60 * 60 * 1000; // 24 hours
16166
+ const cachedSsoCapable = this.getCachedSsoCapable();
16167
+ if (cachedSsoCapable !== undefined) {
16168
+ this.logger.verbose("13poou", "");
16169
+ return;
16170
+ }
16171
+ const correlationId = createNewGuid();
16172
+ const ssoCapableMeasurement = this.performanceClient.startMeasurement(SsoCapable, correlationId);
16173
+ ssoCapableMeasurement.add({
16174
+ "ext.interactionType": interactionType,
16175
+ });
16176
+ this.logger.verbose("0pbr0i", correlationId);
16177
+ /*
16178
+ * Use setTimeout to ensure this runs in a separate macrotask after the current call stack completes
16179
+ * This ensures the result is returned to the caller before the SSO verification starts and doesn't affect performance
16180
+ */
16181
+ setTimeout(() => {
16182
+ const ssoVerificationRequest = {
16183
+ ...request,
16184
+ correlationId: correlationId,
16185
+ };
16186
+ const silentIframeClient = this.createSilentIframeClient(correlationId);
16187
+ silentIframeClient
16188
+ .verifySso(ssoVerificationRequest)
16189
+ .then((result) => {
16190
+ this.logger.verbose("1gd1iv", correlationId);
16191
+ // TBD to add profileTelemetry later in localStorage with 24h TTL
16192
+ try {
16193
+ const cacheEntry = JSON.stringify({
16194
+ ssoCapable: result,
16195
+ expiresOn: Date.now() + SSO_CAPABLE_TTL_MS,
16196
+ });
16197
+ window.localStorage.setItem(ssoCacheKey, cacheEntry);
16198
+ }
16199
+ catch {
16200
+ this.logger.warning("18lmoj", correlationId);
16201
+ }
16202
+ ssoCapableMeasurement.end({
16203
+ fromCache: false,
16204
+ success: result,
16205
+ }, undefined);
16206
+ })
16207
+ .catch((error) => {
16208
+ this.logger.warning("05g83w", correlationId);
16209
+ // reset the cache
16210
+ try {
16211
+ window.localStorage.removeItem(ssoCacheKey);
16212
+ }
16213
+ catch {
16214
+ this.logger.warning("0nlf9q", correlationId);
16215
+ }
16216
+ ssoCapableMeasurement.end({
16217
+ fromCache: false,
16218
+ success: false,
16219
+ }, error);
16220
+ });
16221
+ }, 0);
16222
+ }
16034
16223
  // #endregion
16035
16224
  // #region Silent Flow
16036
16225
  /**
@@ -16052,13 +16241,12 @@
16052
16241
  const correlationId = this.getRequestCorrelationId(request);
16053
16242
  const validRequest = {
16054
16243
  ...request,
16055
- // will be PromptValue.NONE or PromptValue.NO_SESSION
16056
- prompt: request.prompt,
16057
16244
  correlationId: correlationId,
16058
16245
  };
16059
16246
  this.ssoSilentMeasurement = this.performanceClient.startMeasurement(SsoSilent, correlationId);
16060
16247
  this.ssoSilentMeasurement?.add({
16061
16248
  scenarioId: request.scenarioId,
16249
+ ssoCapable: this.getCachedSsoCapable(),
16062
16250
  });
16063
16251
  preflightCheck(this.initialized, this.ssoSilentMeasurement, this.config, validRequest);
16064
16252
  this.ssoSilentMeasurement?.increment({
@@ -16071,10 +16259,17 @@
16071
16259
  this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, correlationId, exports.InteractionType.Silent, validRequest);
16072
16260
  let result;
16073
16261
  if (this.canUsePlatformBroker(validRequest)) {
16262
+ this.ssoSilentMeasurement?.add({
16263
+ isPlatformBrokerRequest: true,
16264
+ });
16074
16265
  result = this.acquireTokenNative(validRequest, ApiId.ssoSilent).catch((e) => {
16266
+ this.ssoSilentMeasurement?.add({
16267
+ brokerErrorName: e.name,
16268
+ brokerErrorCode: e.errorCode,
16269
+ });
16075
16270
  // If native token acquisition fails for availability reasons fallback to standard flow
16076
16271
  if (e instanceof NativeAuthError && isFatalNativeAuthError(e)) {
16077
- this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
16272
+ this.platformAuthProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt platform broker calls
16078
16273
  const silentIframeClient = this.createSilentIframeClient(validRequest.correlationId);
16079
16274
  return silentIframeClient.acquireToken(validRequest);
16080
16275
  }
@@ -16147,7 +16342,6 @@
16147
16342
  this.hybridAuthCodeResponses.delete(hybridAuthCode);
16148
16343
  atbcMeasurement.end({
16149
16344
  success: true,
16150
- isNativeBroker: result.fromPlatformBroker,
16151
16345
  accessTokenSize: result.accessToken.length,
16152
16346
  idTokenSize: result.idToken.length,
16153
16347
  }, undefined, result.account);
@@ -16171,10 +16365,17 @@
16171
16365
  }
16172
16366
  else if (request.nativeAccountId) {
16173
16367
  if (this.canUsePlatformBroker(request, request.nativeAccountId)) {
16368
+ atbcMeasurement.add({
16369
+ isPlatformBrokerRequest: true,
16370
+ });
16174
16371
  const result = await this.acquireTokenNative({
16175
16372
  ...request,
16176
16373
  correlationId,
16177
16374
  }, ApiId.acquireTokenByCode, request.nativeAccountId).catch((e) => {
16375
+ atbcMeasurement.add({
16376
+ brokerErrorName: e.name,
16377
+ brokerErrorCode: e.errorCode,
16378
+ });
16178
16379
  // If native token acquisition fails for availability reasons fallback to standard flow
16179
16380
  if (e instanceof NativeAuthError &&
16180
16381
  isFatalNativeAuthError(e)) {
@@ -16225,7 +16426,6 @@
16225
16426
  this.acquireTokenByCodeAsyncMeasurement?.end({
16226
16427
  success: true,
16227
16428
  fromCache: response.fromCache,
16228
- isNativeBroker: response.fromPlatformBroker,
16229
16429
  });
16230
16430
  return response;
16231
16431
  })
@@ -16394,7 +16594,7 @@
16394
16594
  throw createBrowserAuthError(nativeConnectionNotEstablished);
16395
16595
  }
16396
16596
  const nativeClient = new PlatformAuthInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, apiId, this.performanceClient, this.platformAuthProvider, accountId || this.getNativeAccountId(request), this.nativeInternalStorage, correlationId);
16397
- return nativeClient.acquireToken(request, cacheLookupPolicy);
16597
+ return invokeAsync(nativeClient.acquireToken.bind(nativeClient), NativeInteractionClientAcquireToken, this.logger, this.performanceClient, correlationId)(request, cacheLookupPolicy);
16398
16598
  }
16399
16599
  /**
16400
16600
  * Returns boolean indicating if this request can use the platform broker
@@ -16408,7 +16608,7 @@
16408
16608
  return false;
16409
16609
  }
16410
16610
  if (!isPlatformAuthAllowed(this.config, this.logger, correlationId, this.platformAuthProvider, request.authenticationScheme)) {
16411
- this.logger.trace("1m4bzf", correlationId);
16611
+ this.logger.trace("0yoy1g", correlationId);
16412
16612
  return false;
16413
16613
  }
16414
16614
  if (request.prompt) {
@@ -16627,6 +16827,7 @@
16627
16827
  atsMeasurement.add({
16628
16828
  cacheLookupPolicy: request.cacheLookupPolicy,
16629
16829
  scenarioId: request.scenarioId,
16830
+ ssoCapable: this.getCachedSsoCapable(),
16630
16831
  });
16631
16832
  preflightCheck(this.initialized, atsMeasurement, this.config, request);
16632
16833
  this.logger.verbose("0x1c4s", correlationId);
@@ -16639,7 +16840,6 @@
16639
16840
  atsMeasurement.end({
16640
16841
  success: true,
16641
16842
  fromCache: result.fromCache,
16642
- isNativeBroker: result.fromPlatformBroker,
16643
16843
  accessTokenSize: result.accessToken.length,
16644
16844
  idTokenSize: result.idToken.length,
16645
16845
  }, undefined, result.account);
@@ -16799,7 +16999,12 @@
16799
16999
  if (isPlatformAuthAllowed(this.config, this.logger, silentRequest.correlationId, this.platformAuthProvider, silentRequest.authenticationScheme) &&
16800
17000
  silentRequest.account.nativeAccountId) {
16801
17001
  this.logger.verbose("0sczo4", silentRequest.correlationId);
17002
+ this.performanceClient.addFields({ isPlatformBrokerRequest: true }, silentRequest.correlationId);
16802
17003
  return this.acquireTokenNative(silentRequest, ApiId.acquireTokenSilent_silentFlow, silentRequest.account.nativeAccountId, cacheLookupPolicy).catch(async (e) => {
17004
+ this.performanceClient.addFields({
17005
+ brokerErrorName: e.name,
17006
+ brokerErrorCode: e.errorCode,
17007
+ }, silentRequest.correlationId);
16803
17008
  // If native token acquisition fails for availability reasons fallback to web flow
16804
17009
  if (e instanceof NativeAuthError && isFatalNativeAuthError(e)) {
16805
17010
  this.logger.verbose("07rkmb", silentRequest.correlationId);