@azure/msal-common 15.15.0 → 15.16.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (111) hide show
  1. package/README.md +5 -5
  2. package/dist/account/AccountInfo.mjs +1 -1
  3. package/dist/account/AuthToken.mjs +1 -1
  4. package/dist/account/CcsCredential.mjs +1 -1
  5. package/dist/account/ClientInfo.mjs +1 -1
  6. package/dist/account/TokenClaims.mjs +1 -1
  7. package/dist/authority/Authority.mjs +1 -1
  8. package/dist/authority/AuthorityFactory.mjs +1 -1
  9. package/dist/authority/AuthorityMetadata.mjs +1 -1
  10. package/dist/authority/AuthorityOptions.mjs +1 -1
  11. package/dist/authority/AuthorityType.mjs +1 -1
  12. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  13. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  14. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  15. package/dist/authority/ProtocolMode.mjs +1 -1
  16. package/dist/authority/RegionDiscovery.mjs +1 -1
  17. package/dist/cache/CacheManager.mjs +1 -1
  18. package/dist/cache/entities/AccountEntity.mjs +1 -1
  19. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  20. package/dist/cache/utils/CacheHelpers.mjs +1 -1
  21. package/dist/client/AuthorizationCodeClient.d.ts.map +1 -1
  22. package/dist/client/AuthorizationCodeClient.mjs +12 -8
  23. package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
  24. package/dist/client/BaseClient.mjs +1 -1
  25. package/dist/client/RefreshTokenClient.d.ts.map +1 -1
  26. package/dist/client/RefreshTokenClient.mjs +12 -8
  27. package/dist/client/RefreshTokenClient.mjs.map +1 -1
  28. package/dist/client/SilentFlowClient.mjs +1 -1
  29. package/dist/config/ClientConfiguration.mjs +1 -1
  30. package/dist/constants/AADServerParamKeys.mjs +1 -1
  31. package/dist/crypto/ICrypto.mjs +1 -1
  32. package/dist/crypto/JoseHeader.mjs +1 -1
  33. package/dist/crypto/PopTokenGenerator.mjs +1 -1
  34. package/dist/error/AuthError.mjs +1 -1
  35. package/dist/error/AuthErrorCodes.mjs +1 -1
  36. package/dist/error/CacheError.mjs +1 -1
  37. package/dist/error/CacheErrorCodes.mjs +1 -1
  38. package/dist/error/ClientAuthError.mjs +1 -1
  39. package/dist/error/ClientAuthErrorCodes.mjs +1 -1
  40. package/dist/error/ClientConfigurationError.mjs +1 -1
  41. package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
  42. package/dist/error/InteractionRequiredAuthError.d.ts +1 -1
  43. package/dist/error/InteractionRequiredAuthError.mjs +1 -1
  44. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  45. package/dist/error/JoseHeaderError.mjs +1 -1
  46. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  47. package/dist/error/NetworkError.mjs +1 -1
  48. package/dist/error/PlatformBrokerError.mjs +1 -1
  49. package/dist/error/ServerError.mjs +1 -1
  50. package/dist/index-browser.mjs +1 -1
  51. package/dist/index-node.mjs +1 -1
  52. package/dist/index.mjs +1 -1
  53. package/dist/logger/Logger.mjs +1 -1
  54. package/dist/network/INetworkModule.mjs +1 -1
  55. package/dist/network/RequestThumbprint.mjs +1 -1
  56. package/dist/network/ThrottlingUtils.mjs +1 -1
  57. package/dist/packageMetadata.d.ts +1 -1
  58. package/dist/packageMetadata.mjs +2 -2
  59. package/dist/protocol/Authorize.d.ts.map +1 -1
  60. package/dist/protocol/Authorize.mjs +11 -8
  61. package/dist/protocol/Authorize.mjs.map +1 -1
  62. package/dist/request/AuthenticationHeaderParser.mjs +1 -1
  63. package/dist/request/BaseAuthRequest.d.ts +2 -0
  64. package/dist/request/BaseAuthRequest.d.ts.map +1 -1
  65. package/dist/request/RequestParameterBuilder.mjs +1 -1
  66. package/dist/request/ScopeSet.mjs +1 -1
  67. package/dist/response/ResponseHandler.mjs +1 -1
  68. package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
  69. package/dist/telemetry/performance/PerformanceEvent.d.ts +20 -0
  70. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  71. package/dist/telemetry/performance/PerformanceEvent.mjs +6 -1
  72. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  73. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  74. package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
  75. package/dist/url/UrlString.mjs +1 -1
  76. package/dist/utils/ClientAssertionUtils.mjs +1 -1
  77. package/dist/utils/Constants.mjs +1 -1
  78. package/dist/utils/FunctionWrappers.mjs +1 -1
  79. package/dist/utils/ProtocolUtils.mjs +1 -1
  80. package/dist/utils/StringUtils.d.ts +25 -0
  81. package/dist/utils/StringUtils.d.ts.map +1 -1
  82. package/dist/utils/StringUtils.mjs +40 -1
  83. package/dist/utils/StringUtils.mjs.map +1 -1
  84. package/dist/utils/TimeUtils.mjs +1 -1
  85. package/dist/utils/UrlUtils.mjs +1 -1
  86. package/lib/index-browser.cjs +2 -2
  87. package/lib/{index-node-BtzY9XyU.js → index-node-DcRBQUZQ.js} +73 -18
  88. package/lib/index-node-DcRBQUZQ.js.map +1 -0
  89. package/lib/index-node.cjs +2 -2
  90. package/lib/index.cjs +2 -2
  91. package/lib/types/client/AuthorizationCodeClient.d.ts.map +1 -1
  92. package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
  93. package/lib/types/error/InteractionRequiredAuthError.d.ts +1 -1
  94. package/lib/types/packageMetadata.d.ts +1 -1
  95. package/lib/types/protocol/Authorize.d.ts.map +1 -1
  96. package/lib/types/request/BaseAuthRequest.d.ts +2 -0
  97. package/lib/types/request/BaseAuthRequest.d.ts.map +1 -1
  98. package/lib/types/telemetry/performance/PerformanceEvent.d.ts +20 -0
  99. package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  100. package/lib/types/utils/StringUtils.d.ts +25 -0
  101. package/lib/types/utils/StringUtils.d.ts.map +1 -1
  102. package/package.json +1 -1
  103. package/src/client/AuthorizationCodeClient.ts +19 -12
  104. package/src/client/RefreshTokenClient.ts +19 -12
  105. package/src/error/InteractionRequiredAuthError.ts +1 -1
  106. package/src/packageMetadata.ts +1 -1
  107. package/src/protocol/Authorize.ts +15 -12
  108. package/src/request/BaseAuthRequest.ts +2 -0
  109. package/src/telemetry/performance/PerformanceEvent.ts +27 -0
  110. package/src/utils/StringUtils.ts +48 -0
  111. package/lib/index-node-BtzY9XyU.js.map +0 -1
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.15.0 2026-02-23 */
1
+ /*! @azure/msal-common v15.16.1 2026-03-13 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
@@ -1149,6 +1149,45 @@ class StringUtils {
1149
1149
  .replace(/\?/g, "\\?"));
1150
1150
  return regex.test(input);
1151
1151
  }
1152
+ /**
1153
+ * Tests if a given string matches a given pattern using stricter, anchored matching semantics.
1154
+ *
1155
+ * Differences from `matchPattern` (legacy):
1156
+ * - All regex metacharacters (including `.`) in the pattern are treated as literals,
1157
+ * so `example.com` matches only `example.com` and not `exampleXcom`.
1158
+ * - The generated regex is anchored with `^` and `$` so partial/substring matches
1159
+ * are not allowed.
1160
+ * - `*` is the only supported wildcard. Its behaviour depends on the URL component:
1161
+ * - `host` component: `*` matches any sequence of characters that does NOT include
1162
+ * a dot (`.`), keeping wildcards within a single DNS label boundary.
1163
+ * - All other components: `*` matches any sequence of characters (including `/`).
1164
+ *
1165
+ * @param pattern - The `protectedResourceMap` key pattern to match against. `*` is a
1166
+ * multi-character wildcard; all other characters are treated as literals.
1167
+ * @param input - The URL component value (e.g. host, pathname) extracted from the
1168
+ * outgoing request URL to test against the pattern.
1169
+ * @param options - Optional. Provide `component` to enable component-aware wildcard
1170
+ * semantics. Accepted values: `"host"`, `"path"`, `"protocol"`, `"search"`,
1171
+ * `"hash"`. Defaults to path-style (permissive) matching when omitted.
1172
+ * @returns `true` if the full input string matches the pattern; `false` otherwise.
1173
+ */
1174
+ static matchPatternStrict(pattern, input, options) {
1175
+ const component = options?.component;
1176
+ // Step 1: Escape all regex special characters so literals are matched literally.
1177
+ let regexBody = pattern.replace(/[.+^${}()|[\]\\*?]/g, "\\$&");
1178
+ // Step 2: Replace the escaped '*' with its component-aware regex equivalent.
1179
+ if (component === "host") {
1180
+ regexBody = regexBody.replace(/\\\*/g, "[^.]*");
1181
+ }
1182
+ else {
1183
+ // PATH, PROTOCOL, SEARCH, HASH, or unspecified: '*' matches any characters.
1184
+ regexBody = regexBody.replace(/\\\*/g, ".*");
1185
+ }
1186
+ // Step 3: Anchor for full-string matching.
1187
+ // eslint-disable-next-line security/detect-non-literal-regexp
1188
+ const regex = new RegExp(`^${regexBody}$`);
1189
+ return regex.test(input);
1190
+ }
1152
1191
  }
1153
1192
 
1154
1193
  /*
@@ -2199,6 +2238,11 @@ const IntFields = new Set([
2199
2238
  "currRefreshCount",
2200
2239
  "expiredCacheRemovedCount",
2201
2240
  "upgradedCacheCount",
2241
+ "networkRtt",
2242
+ "iframePollIntervalMs",
2243
+ "iframeTimeoutMs",
2244
+ "iframeTickCount",
2245
+ "crossOriginTickCount",
2202
2246
  ]);
2203
2247
 
2204
2248
  /*
@@ -3987,7 +4031,7 @@ class Logger {
3987
4031
 
3988
4032
  /* eslint-disable header/header */
3989
4033
  const name = "@azure/msal-common";
3990
- const version = "15.15.0";
4034
+ const version = "15.16.1";
3991
4035
 
3992
4036
  /*
3993
4037
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7504,11 +7548,6 @@ class AuthorizationCodeClient extends BaseClient {
7504
7548
  throw createClientConfigurationError(missingSshJwk);
7505
7549
  }
7506
7550
  }
7507
- if (!StringUtils.isEmptyObj(request.claims) ||
7508
- (this.config.authOptions.clientCapabilities &&
7509
- this.config.authOptions.clientCapabilities.length > 0)) {
7510
- addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
7511
- }
7512
7551
  let ccsCred = undefined;
7513
7552
  if (request.clientInfo) {
7514
7553
  try {
@@ -7558,6 +7597,15 @@ class AuthorizationCodeClient extends BaseClient {
7558
7597
  });
7559
7598
  }
7560
7599
  instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
7600
+ // ignore config claims if skipBrokerClaims is set to true and this is a brokered authentication flow
7601
+ const configClaims = request.skipBrokerClaims &&
7602
+ parameters.has(BROKER_CLIENT_ID)
7603
+ ? undefined
7604
+ : this.config.authOptions.clientCapabilities;
7605
+ if (!StringUtils.isEmptyObj(request.claims) ||
7606
+ (configClaims && configClaims.length > 0)) {
7607
+ addClaims(parameters, request.claims, configClaims);
7608
+ }
7561
7609
  return mapToQueryString(parameters);
7562
7610
  }
7563
7611
  /**
@@ -7767,11 +7815,6 @@ class RefreshTokenClient extends BaseClient {
7767
7815
  throw createClientConfigurationError(missingSshJwk);
7768
7816
  }
7769
7817
  }
7770
- if (!StringUtils.isEmptyObj(request.claims) ||
7771
- (this.config.authOptions.clientCapabilities &&
7772
- this.config.authOptions.clientCapabilities.length > 0)) {
7773
- addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
7774
- }
7775
7818
  if (this.config.systemOptions.preventCorsPreflight &&
7776
7819
  request.ccsCredential) {
7777
7820
  switch (request.ccsCredential.type) {
@@ -7797,6 +7840,15 @@ class RefreshTokenClient extends BaseClient {
7797
7840
  addExtraQueryParameters(parameters, request.tokenBodyParameters);
7798
7841
  }
7799
7842
  instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
7843
+ // ignore config claims if skipBrokerClaims is set to true and this is a brokered authentication flow
7844
+ const configClaims = request.skipBrokerClaims &&
7845
+ parameters.has(BROKER_CLIENT_ID)
7846
+ ? undefined
7847
+ : this.config.authOptions.clientCapabilities;
7848
+ if (!StringUtils.isEmptyObj(request.claims) ||
7849
+ (configClaims && configClaims.length > 0)) {
7850
+ addClaims(parameters, request.claims, configClaims);
7851
+ }
7800
7852
  return mapToQueryString(parameters);
7801
7853
  }
7802
7854
  }
@@ -8029,14 +8081,17 @@ function getStandardAuthorizeRequestParameters(authOptions, request, logger, per
8029
8081
  if (request.state) {
8030
8082
  addState(parameters, request.state);
8031
8083
  }
8032
- if (request.claims ||
8033
- (authOptions.clientCapabilities &&
8034
- authOptions.clientCapabilities.length > 0)) {
8035
- addClaims(parameters, request.claims, authOptions.clientCapabilities);
8036
- }
8037
8084
  if (request.embeddedClientId) {
8038
8085
  addBrokerParameters(parameters, authOptions.clientId, authOptions.redirectUri);
8039
8086
  }
8087
+ // ignore config claims if skipBrokerClaims is set to true and this is a brokered authentication flow
8088
+ const configClaims = request.skipBrokerClaims &&
8089
+ parameters.has(BROKER_CLIENT_ID)
8090
+ ? undefined
8091
+ : authOptions.clientCapabilities;
8092
+ if (request.claims || (configClaims && configClaims.length > 0)) {
8093
+ addClaims(parameters, request.claims, configClaims);
8094
+ }
8040
8095
  // If extraQueryParameters includes instance_aware its value will be added when extraQueryParameters are added
8041
8096
  if (authOptions.instanceAware &&
8042
8097
  (!request.extraQueryParameters ||
@@ -8604,4 +8659,4 @@ exports.invokeAsync = invokeAsync;
8604
8659
  exports.tenantIdMatchesHomeTenant = tenantIdMatchesHomeTenant;
8605
8660
  exports.updateAccountTenantProfileData = updateAccountTenantProfileData;
8606
8661
  exports.version = version;
8607
- //# sourceMappingURL=index-node-BtzY9XyU.js.map
8662
+ //# sourceMappingURL=index-node-DcRBQUZQ.js.map