@azure/msal-common 16.2.0 → 16.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (165) hide show
  1. package/dist/account/AccountInfo.mjs +1 -1
  2. package/dist/account/AuthToken.mjs +1 -1
  3. package/dist/account/CcsCredential.mjs +1 -1
  4. package/dist/account/ClientInfo.mjs +1 -1
  5. package/dist/account/TokenClaims.mjs +1 -1
  6. package/dist/authority/Authority.mjs +1 -1
  7. package/dist/authority/AuthorityFactory.mjs +1 -1
  8. package/dist/authority/AuthorityMetadata.mjs +1 -1
  9. package/dist/authority/AuthorityOptions.mjs +1 -1
  10. package/dist/authority/AuthorityType.mjs +1 -1
  11. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  12. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  13. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  14. package/dist/authority/ProtocolMode.mjs +1 -1
  15. package/dist/authority/RegionDiscovery.mjs +1 -1
  16. package/dist/cache/CacheManager.mjs +1 -1
  17. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  18. package/dist/cache/utils/AccountEntityUtils.mjs +1 -1
  19. package/dist/cache/utils/CacheHelpers.mjs +1 -1
  20. package/dist/client/AuthorizationCodeClient.mjs +1 -1
  21. package/dist/client/RefreshTokenClient.mjs +1 -1
  22. package/dist/client/SilentFlowClient.mjs +1 -1
  23. package/dist/config/ClientConfiguration.mjs +1 -1
  24. package/dist/constants/AADServerParamKeys.mjs +1 -1
  25. package/dist/crypto/ICrypto.mjs +1 -1
  26. package/dist/crypto/JoseHeader.mjs +1 -1
  27. package/dist/crypto/PopTokenGenerator.mjs +1 -1
  28. package/dist/error/AuthError.mjs +1 -1
  29. package/dist/error/AuthErrorCodes.mjs +1 -1
  30. package/dist/error/CacheError.mjs +1 -1
  31. package/dist/error/CacheErrorCodes.mjs +1 -1
  32. package/dist/error/ClientAuthError.mjs +1 -1
  33. package/dist/error/ClientAuthErrorCodes.mjs +1 -1
  34. package/dist/error/ClientConfigurationError.mjs +1 -1
  35. package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
  36. package/dist/error/InteractionRequiredAuthError.mjs +1 -1
  37. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  38. package/dist/error/JoseHeaderError.mjs +1 -1
  39. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  40. package/dist/error/NetworkError.mjs +1 -1
  41. package/dist/error/PlatformBrokerError.mjs +1 -1
  42. package/dist/error/ServerError.mjs +1 -1
  43. package/dist/index-node.mjs +1 -1
  44. package/dist/index.mjs +1 -1
  45. package/dist/logger/Logger.mjs +1 -1
  46. package/dist/network/INetworkModule.mjs +1 -1
  47. package/dist/network/RequestThumbprint.mjs +1 -1
  48. package/dist/network/ThrottlingUtils.mjs +1 -1
  49. package/dist/packageMetadata.d.ts +1 -1
  50. package/dist/packageMetadata.mjs +2 -2
  51. package/dist/protocol/Authorize.mjs +1 -1
  52. package/dist/protocol/Token.mjs +1 -1
  53. package/dist/request/AuthenticationHeaderParser.mjs +1 -1
  54. package/dist/request/RequestParameterBuilder.mjs +1 -1
  55. package/dist/request/ScopeSet.mjs +1 -1
  56. package/dist/response/ResponseHandler.d.ts +9 -9
  57. package/dist/response/ResponseHandler.d.ts.map +1 -1
  58. package/dist/response/ResponseHandler.mjs +27 -20
  59. package/dist/response/ResponseHandler.mjs.map +1 -1
  60. package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
  61. package/dist/telemetry/performance/PerformanceEvent.d.ts +1 -0
  62. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  63. package/dist/telemetry/performance/PerformanceEvent.mjs +2 -1
  64. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  65. package/dist/telemetry/performance/PerformanceEvents.mjs +1 -1
  66. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  67. package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
  68. package/dist/url/UrlString.mjs +1 -1
  69. package/dist/utils/ClientAssertionUtils.mjs +1 -1
  70. package/dist/utils/Constants.mjs +1 -1
  71. package/dist/utils/FunctionWrappers.mjs +1 -1
  72. package/dist/utils/ProtocolUtils.mjs +1 -1
  73. package/dist/utils/StringUtils.mjs +1 -1
  74. package/dist/utils/TimeUtils.mjs +1 -1
  75. package/dist/utils/UrlUtils.mjs +1 -1
  76. package/dist-browser/account/AccountInfo.mjs +1 -1
  77. package/dist-browser/account/AuthToken.mjs +1 -1
  78. package/dist-browser/account/CcsCredential.mjs +1 -1
  79. package/dist-browser/account/ClientInfo.mjs +1 -1
  80. package/dist-browser/account/TokenClaims.mjs +1 -1
  81. package/dist-browser/authority/Authority.mjs +1 -1
  82. package/dist-browser/authority/AuthorityFactory.mjs +1 -1
  83. package/dist-browser/authority/AuthorityMetadata.mjs +1 -1
  84. package/dist-browser/authority/AuthorityOptions.mjs +1 -1
  85. package/dist-browser/authority/AuthorityType.mjs +1 -1
  86. package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  87. package/dist-browser/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  88. package/dist-browser/authority/OpenIdConfigResponse.mjs +1 -1
  89. package/dist-browser/authority/ProtocolMode.mjs +1 -1
  90. package/dist-browser/authority/RegionDiscovery.mjs +1 -1
  91. package/dist-browser/cache/CacheManager.mjs +1 -1
  92. package/dist-browser/cache/persistence/TokenCacheContext.mjs +1 -1
  93. package/dist-browser/cache/utils/AccountEntityUtils.mjs +1 -1
  94. package/dist-browser/cache/utils/CacheHelpers.mjs +1 -1
  95. package/dist-browser/client/AuthorizationCodeClient.mjs +1 -1
  96. package/dist-browser/client/RefreshTokenClient.mjs +1 -1
  97. package/dist-browser/client/SilentFlowClient.mjs +1 -1
  98. package/dist-browser/config/ClientConfiguration.mjs +1 -1
  99. package/dist-browser/constants/AADServerParamKeys.mjs +1 -1
  100. package/dist-browser/crypto/ICrypto.mjs +1 -1
  101. package/dist-browser/crypto/JoseHeader.mjs +1 -1
  102. package/dist-browser/crypto/PopTokenGenerator.mjs +1 -1
  103. package/dist-browser/error/AuthError.mjs +1 -1
  104. package/dist-browser/error/AuthErrorCodes.mjs +1 -1
  105. package/dist-browser/error/CacheError.mjs +1 -1
  106. package/dist-browser/error/CacheErrorCodes.mjs +1 -1
  107. package/dist-browser/error/ClientAuthError.mjs +1 -1
  108. package/dist-browser/error/ClientAuthErrorCodes.mjs +1 -1
  109. package/dist-browser/error/ClientConfigurationError.mjs +1 -1
  110. package/dist-browser/error/ClientConfigurationErrorCodes.mjs +1 -1
  111. package/dist-browser/error/InteractionRequiredAuthError.mjs +1 -1
  112. package/dist-browser/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  113. package/dist-browser/error/JoseHeaderError.mjs +1 -1
  114. package/dist-browser/error/JoseHeaderErrorCodes.mjs +1 -1
  115. package/dist-browser/error/NetworkError.mjs +1 -1
  116. package/dist-browser/error/PlatformBrokerError.mjs +1 -1
  117. package/dist-browser/error/ServerError.mjs +1 -1
  118. package/dist-browser/index-browser.mjs +1 -1
  119. package/dist-browser/index.mjs +1 -1
  120. package/dist-browser/log-strings-mapping.json +7 -3
  121. package/dist-browser/logger/Logger.mjs +1 -1
  122. package/dist-browser/network/INetworkModule.mjs +1 -1
  123. package/dist-browser/network/RequestThumbprint.mjs +1 -1
  124. package/dist-browser/network/ThrottlingUtils.mjs +1 -1
  125. package/dist-browser/packageMetadata.d.ts +1 -1
  126. package/dist-browser/packageMetadata.mjs +2 -2
  127. package/dist-browser/protocol/Authorize.mjs +1 -1
  128. package/dist-browser/protocol/Token.mjs +1 -1
  129. package/dist-browser/request/AuthenticationHeaderParser.mjs +1 -1
  130. package/dist-browser/request/RequestParameterBuilder.mjs +1 -1
  131. package/dist-browser/request/ScopeSet.mjs +1 -1
  132. package/dist-browser/response/ResponseHandler.d.ts +9 -9
  133. package/dist-browser/response/ResponseHandler.d.ts.map +1 -1
  134. package/dist-browser/response/ResponseHandler.mjs +27 -20
  135. package/dist-browser/response/ResponseHandler.mjs.map +1 -1
  136. package/dist-browser/telemetry/performance/PerformanceClient.mjs +1 -1
  137. package/dist-browser/telemetry/performance/PerformanceEvent.d.ts +1 -0
  138. package/dist-browser/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  139. package/dist-browser/telemetry/performance/PerformanceEvent.mjs +2 -1
  140. package/dist-browser/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  141. package/dist-browser/telemetry/performance/PerformanceEvents.mjs +1 -1
  142. package/dist-browser/telemetry/performance/StubPerformanceClient.mjs +1 -1
  143. package/dist-browser/telemetry/server/ServerTelemetryManager.mjs +1 -1
  144. package/dist-browser/url/UrlString.mjs +1 -1
  145. package/dist-browser/utils/ClientAssertionUtils.mjs +1 -1
  146. package/dist-browser/utils/Constants.mjs +1 -1
  147. package/dist-browser/utils/FunctionWrappers.mjs +1 -1
  148. package/dist-browser/utils/ProtocolUtils.mjs +1 -1
  149. package/dist-browser/utils/StringUtils.mjs +1 -1
  150. package/dist-browser/utils/TimeUtils.mjs +1 -1
  151. package/dist-browser/utils/UrlUtils.mjs +1 -1
  152. package/lib/index-browser.cjs +2 -2
  153. package/lib/{index-node-DF7nODCX.js → index-node-DualfPC3.js} +133 -125
  154. package/lib/{index-node-DF7nODCX.js.map → index-node-DualfPC3.js.map} +1 -1
  155. package/lib/index-node.cjs +2 -2
  156. package/lib/index.cjs +2 -2
  157. package/lib/types/packageMetadata.d.ts +1 -1
  158. package/lib/types/response/ResponseHandler.d.ts +9 -9
  159. package/lib/types/response/ResponseHandler.d.ts.map +1 -1
  160. package/lib/types/telemetry/performance/PerformanceEvent.d.ts +1 -0
  161. package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  162. package/package.json +1 -1
  163. package/src/packageMetadata.ts +1 -1
  164. package/src/response/ResponseHandler.ts +67 -47
  165. package/src/telemetry/performance/PerformanceEvent.ts +4 -0
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v16.2.0 2026-03-02 */
1
+ /*! @azure/msal-common v16.2.1 2026-04-01 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
@@ -4232,7 +4232,7 @@ class Logger {
4232
4232
 
4233
4233
  /* eslint-disable header/header */
4234
4234
  const name = "@azure/msal-common";
4235
- const version = "16.2.0";
4235
+ const version = "16.2.1";
4236
4236
 
4237
4237
  /*
4238
4238
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5423,6 +5423,7 @@ const IntFields = new Set([
5423
5423
  "currRefreshCount",
5424
5424
  "expiredCacheRemovedCount",
5425
5425
  "upgradedCacheCount",
5426
+ "cacheMatchedAccounts",
5426
5427
  ]);
5427
5428
 
5428
5429
  /*
@@ -5575,15 +5576,102 @@ function isOidcProtocolMode(config) {
5575
5576
  * Licensed under the MIT License.
5576
5577
  */
5577
5578
  /**
5578
- * Error thrown when there is an error with the server code, for example, unavailability.
5579
+ * This class instance helps track the memory changes facilitating
5580
+ * decisions to read from and write to the persistent cache
5581
+ */ class TokenCacheContext {
5582
+ constructor(tokenCache, hasChanged) {
5583
+ this.cache = tokenCache;
5584
+ this.hasChanged = hasChanged;
5585
+ }
5586
+ /**
5587
+ * boolean which indicates the changes in cache
5588
+ */
5589
+ get cacheHasChanged() {
5590
+ return this.hasChanged;
5591
+ }
5592
+ /**
5593
+ * function to retrieve the token cache
5594
+ */
5595
+ get tokenCache() {
5596
+ return this.cache;
5597
+ }
5598
+ }
5599
+
5600
+ /*
5601
+ * Copyright (c) Microsoft Corporation. All rights reserved.
5602
+ * Licensed under the MIT License.
5579
5603
  */
5580
- class ServerError extends AuthError {
5581
- constructor(errorCode, errorMessage, subError, errorNo, status) {
5582
- super(errorCode, errorMessage, subError);
5583
- this.name = "ServerError";
5584
- this.errorNo = errorNo;
5585
- this.status = status;
5586
- Object.setPrototypeOf(this, ServerError.prototype);
5604
+ const KeyLocation = {
5605
+ SW: "sw"};
5606
+ /** @internal */
5607
+ class PopTokenGenerator {
5608
+ constructor(cryptoUtils, performanceClient) {
5609
+ this.cryptoUtils = cryptoUtils;
5610
+ this.performanceClient = performanceClient;
5611
+ }
5612
+ /**
5613
+ * Generates the req_cnf validated at the RP in the POP protocol for SHR parameters
5614
+ * and returns an object containing the keyid, the full req_cnf string and the req_cnf string hash
5615
+ * @param request
5616
+ * @returns
5617
+ */
5618
+ async generateCnf(request, logger) {
5619
+ const reqCnf = await invokeAsync(this.generateKid.bind(this), PopTokenGenerateCnf, logger, this.performanceClient, request.correlationId)(request);
5620
+ const reqCnfString = this.cryptoUtils.base64UrlEncode(JSON.stringify(reqCnf));
5621
+ return {
5622
+ kid: reqCnf.kid,
5623
+ reqCnfString,
5624
+ };
5625
+ }
5626
+ /**
5627
+ * Generates key_id for a SHR token request
5628
+ * @param request
5629
+ * @returns
5630
+ */
5631
+ async generateKid(request) {
5632
+ const kidThumbprint = await this.cryptoUtils.getPublicKeyThumbprint(request);
5633
+ return {
5634
+ kid: kidThumbprint,
5635
+ xms_ksl: KeyLocation.SW,
5636
+ };
5637
+ }
5638
+ /**
5639
+ * Signs the POP access_token with the local generated key-pair
5640
+ * @param accessToken
5641
+ * @param request
5642
+ * @returns
5643
+ */
5644
+ async signPopToken(accessToken, keyId, request) {
5645
+ return this.signPayload(accessToken, keyId, request);
5646
+ }
5647
+ /**
5648
+ * Utility function to generate the signed JWT for an access_token
5649
+ * @param payload
5650
+ * @param kid
5651
+ * @param request
5652
+ * @param claims
5653
+ * @returns
5654
+ */
5655
+ async signPayload(payload, keyId, request, claims) {
5656
+ // Deconstruct request to extract SHR parameters
5657
+ const { resourceRequestMethod, resourceRequestUri, shrClaims, shrNonce, shrOptions, } = request;
5658
+ const resourceUrlString = resourceRequestUri
5659
+ ? new UrlString(resourceRequestUri)
5660
+ : undefined;
5661
+ const resourceUrlComponents = resourceUrlString?.getUrlComponents();
5662
+ return this.cryptoUtils.signJwt({
5663
+ at: payload,
5664
+ ts: nowSeconds(),
5665
+ m: resourceRequestMethod?.toUpperCase(),
5666
+ u: resourceUrlComponents?.HostNameAndPort,
5667
+ nonce: shrNonce || this.cryptoUtils.createNewGuid(),
5668
+ p: resourceUrlComponents?.AbsolutePath,
5669
+ q: resourceUrlComponents?.QueryString
5670
+ ? [[], resourceUrlComponents.QueryString]
5671
+ : undefined,
5672
+ client_claims: shrClaims || undefined,
5673
+ ...claims,
5674
+ }, keyId, shrOptions, request.correlationId);
5587
5675
  }
5588
5676
  }
5589
5677
 
@@ -5716,6 +5804,23 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
5716
5804
  return new InteractionRequiredAuthError(errorCode, errorMessage);
5717
5805
  }
5718
5806
 
5807
+ /*
5808
+ * Copyright (c) Microsoft Corporation. All rights reserved.
5809
+ * Licensed under the MIT License.
5810
+ */
5811
+ /**
5812
+ * Error thrown when there is an error with the server code, for example, unavailability.
5813
+ */
5814
+ class ServerError extends AuthError {
5815
+ constructor(errorCode, errorMessage, subError, errorNo, status) {
5816
+ super(errorCode, errorMessage, subError);
5817
+ this.name = "ServerError";
5818
+ this.errorNo = errorNo;
5819
+ this.status = status;
5820
+ Object.setPrototypeOf(this, ServerError.prototype);
5821
+ }
5822
+ }
5823
+
5719
5824
  /*
5720
5825
  * Copyright (c) Microsoft Corporation. All rights reserved.
5721
5826
  * Licensed under the MIT License.
@@ -5789,110 +5894,6 @@ var ProtocolUtils = /*#__PURE__*/Object.freeze({
5789
5894
  setRequestState: setRequestState
5790
5895
  });
5791
5896
 
5792
- /*
5793
- * Copyright (c) Microsoft Corporation. All rights reserved.
5794
- * Licensed under the MIT License.
5795
- */
5796
- const KeyLocation = {
5797
- SW: "sw"};
5798
- /** @internal */
5799
- class PopTokenGenerator {
5800
- constructor(cryptoUtils, performanceClient) {
5801
- this.cryptoUtils = cryptoUtils;
5802
- this.performanceClient = performanceClient;
5803
- }
5804
- /**
5805
- * Generates the req_cnf validated at the RP in the POP protocol for SHR parameters
5806
- * and returns an object containing the keyid, the full req_cnf string and the req_cnf string hash
5807
- * @param request
5808
- * @returns
5809
- */
5810
- async generateCnf(request, logger) {
5811
- const reqCnf = await invokeAsync(this.generateKid.bind(this), PopTokenGenerateCnf, logger, this.performanceClient, request.correlationId)(request);
5812
- const reqCnfString = this.cryptoUtils.base64UrlEncode(JSON.stringify(reqCnf));
5813
- return {
5814
- kid: reqCnf.kid,
5815
- reqCnfString,
5816
- };
5817
- }
5818
- /**
5819
- * Generates key_id for a SHR token request
5820
- * @param request
5821
- * @returns
5822
- */
5823
- async generateKid(request) {
5824
- const kidThumbprint = await this.cryptoUtils.getPublicKeyThumbprint(request);
5825
- return {
5826
- kid: kidThumbprint,
5827
- xms_ksl: KeyLocation.SW,
5828
- };
5829
- }
5830
- /**
5831
- * Signs the POP access_token with the local generated key-pair
5832
- * @param accessToken
5833
- * @param request
5834
- * @returns
5835
- */
5836
- async signPopToken(accessToken, keyId, request) {
5837
- return this.signPayload(accessToken, keyId, request);
5838
- }
5839
- /**
5840
- * Utility function to generate the signed JWT for an access_token
5841
- * @param payload
5842
- * @param kid
5843
- * @param request
5844
- * @param claims
5845
- * @returns
5846
- */
5847
- async signPayload(payload, keyId, request, claims) {
5848
- // Deconstruct request to extract SHR parameters
5849
- const { resourceRequestMethod, resourceRequestUri, shrClaims, shrNonce, shrOptions, } = request;
5850
- const resourceUrlString = resourceRequestUri
5851
- ? new UrlString(resourceRequestUri)
5852
- : undefined;
5853
- const resourceUrlComponents = resourceUrlString?.getUrlComponents();
5854
- return this.cryptoUtils.signJwt({
5855
- at: payload,
5856
- ts: nowSeconds(),
5857
- m: resourceRequestMethod?.toUpperCase(),
5858
- u: resourceUrlComponents?.HostNameAndPort,
5859
- nonce: shrNonce || this.cryptoUtils.createNewGuid(),
5860
- p: resourceUrlComponents?.AbsolutePath,
5861
- q: resourceUrlComponents?.QueryString
5862
- ? [[], resourceUrlComponents.QueryString]
5863
- : undefined,
5864
- client_claims: shrClaims || undefined,
5865
- ...claims,
5866
- }, keyId, shrOptions, request.correlationId);
5867
- }
5868
- }
5869
-
5870
- /*
5871
- * Copyright (c) Microsoft Corporation. All rights reserved.
5872
- * Licensed under the MIT License.
5873
- */
5874
- /**
5875
- * This class instance helps track the memory changes facilitating
5876
- * decisions to read from and write to the persistent cache
5877
- */ class TokenCacheContext {
5878
- constructor(tokenCache, hasChanged) {
5879
- this.cache = tokenCache;
5880
- this.hasChanged = hasChanged;
5881
- }
5882
- /**
5883
- * boolean which indicates the changes in cache
5884
- */
5885
- get cacheHasChanged() {
5886
- return this.hasChanged;
5887
- }
5888
- /**
5889
- * function to retrieve the token cache
5890
- */
5891
- get tokenCache() {
5892
- return this.cache;
5893
- }
5894
- }
5895
-
5896
5897
  /*
5897
5898
  * Copyright (c) Microsoft Corporation. All rights reserved.
5898
5899
  * Licensed under the MIT License.
@@ -6047,7 +6048,7 @@ class ResponseHandler {
6047
6048
  if (serverTokenResponse.id_token && !!idTokenClaims) {
6048
6049
  cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || "");
6049
6050
  cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, request.correlationId, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
6050
- this.logger);
6051
+ this.logger, this.performanceClient);
6051
6052
  }
6052
6053
  // AccessToken
6053
6054
  let cachedAccessToken = null;
@@ -6193,17 +6194,24 @@ class ResponseHandler {
6193
6194
  };
6194
6195
  }
6195
6196
  }
6196
- function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
6197
+ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger, performanceClient) {
6197
6198
  logger?.verbose("setCachedAccount called", correlationId);
6198
- // Check if base account is already cached
6199
- const accountKeys = cacheStorage.getAccountKeys();
6200
- const baseAccountKey = accountKeys.find((accountKey) => {
6201
- return accountKey.startsWith(homeAccountId);
6202
- });
6203
- let cachedAccount = null;
6204
- if (baseAccountKey) {
6205
- cachedAccount = cacheStorage.getAccount(baseAccountKey, correlationId);
6199
+ /*
6200
+ * Check if base account is already cached. Filter by homeAccountId (identifies
6201
+ * the user's home identity) and environment (identifies the cloud) the two
6202
+ * tenant-agnostic properties that uniquely locate a base AccountEntity.
6203
+ */
6204
+ const accountEnvironment = environment || authority.getPreferredCache();
6205
+ const matchedAccounts = cacheStorage.getAccountsFilteredBy({ homeAccountId, environment: accountEnvironment }, correlationId);
6206
+ performanceClient?.addFields({ cacheMatchedAccounts: matchedAccounts.length }, correlationId);
6207
+ if (matchedAccounts.length > 1) {
6208
+ /*
6209
+ * Base accounts are expected to be unique for a given homeAccountId in normal cache usage.
6210
+ * If multiple matches exist, ignore the cache hit rather than arbitrarily choosing one.
6211
+ */
6212
+ logger?.warning("Multiple base accounts matched homeAccountId. Ignoring cached account and creating a new base account.", correlationId);
6206
6213
  }
6214
+ const cachedAccount = matchedAccounts.length === 1 ? matchedAccounts[0] : null;
6207
6215
  const baseAccount = cachedAccount ||
6208
6216
  createAccountEntity({
6209
6217
  homeAccountId,
@@ -7777,4 +7785,4 @@ exports.invokeAsync = invokeAsync;
7777
7785
  exports.tenantIdMatchesHomeTenant = tenantIdMatchesHomeTenant;
7778
7786
  exports.updateAccountTenantProfileData = updateAccountTenantProfileData;
7779
7787
  exports.version = version;
7780
- //# sourceMappingURL=index-node-DF7nODCX.js.map
7788
+ //# sourceMappingURL=index-node-DualfPC3.js.map