@azure/msal-common 16.4.0 → 16.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (167) hide show
  1. package/dist/account/AccountInfo.mjs +1 -1
  2. package/dist/account/AuthToken.mjs +1 -1
  3. package/dist/account/CcsCredential.mjs +1 -1
  4. package/dist/account/ClientInfo.mjs +1 -1
  5. package/dist/account/TokenClaims.mjs +1 -1
  6. package/dist/authority/Authority.mjs +1 -1
  7. package/dist/authority/AuthorityFactory.mjs +1 -1
  8. package/dist/authority/AuthorityMetadata.mjs +1 -1
  9. package/dist/authority/AuthorityOptions.mjs +1 -1
  10. package/dist/authority/AuthorityType.mjs +1 -1
  11. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  12. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  13. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  14. package/dist/authority/ProtocolMode.mjs +1 -1
  15. package/dist/authority/RegionDiscovery.mjs +1 -1
  16. package/dist/cache/CacheManager.mjs +1 -1
  17. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  18. package/dist/cache/utils/AccountEntityUtils.mjs +1 -1
  19. package/dist/cache/utils/CacheHelpers.mjs +1 -1
  20. package/dist/client/AuthorizationCodeClient.mjs +1 -1
  21. package/dist/client/RefreshTokenClient.mjs +1 -1
  22. package/dist/client/SilentFlowClient.mjs +1 -1
  23. package/dist/config/ClientConfiguration.mjs +1 -1
  24. package/dist/constants/AADServerParamKeys.mjs +1 -1
  25. package/dist/crypto/ICrypto.mjs +1 -1
  26. package/dist/crypto/JoseHeader.mjs +1 -1
  27. package/dist/crypto/PopTokenGenerator.mjs +1 -1
  28. package/dist/error/AuthError.mjs +1 -1
  29. package/dist/error/AuthErrorCodes.mjs +1 -1
  30. package/dist/error/CacheError.mjs +1 -1
  31. package/dist/error/CacheErrorCodes.mjs +1 -1
  32. package/dist/error/ClientAuthError.mjs +1 -1
  33. package/dist/error/ClientAuthErrorCodes.mjs +1 -1
  34. package/dist/error/ClientConfigurationError.mjs +1 -1
  35. package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
  36. package/dist/error/InteractionRequiredAuthError.mjs +1 -1
  37. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  38. package/dist/error/JoseHeaderError.mjs +1 -1
  39. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  40. package/dist/error/NetworkError.mjs +1 -1
  41. package/dist/error/PlatformBrokerError.mjs +1 -1
  42. package/dist/error/ServerError.mjs +1 -1
  43. package/dist/index-node.mjs +1 -1
  44. package/dist/index.mjs +1 -1
  45. package/dist/logger/Logger.mjs +1 -1
  46. package/dist/network/INetworkModule.mjs +1 -1
  47. package/dist/network/RequestThumbprint.mjs +1 -1
  48. package/dist/network/ThrottlingUtils.mjs +1 -1
  49. package/dist/packageMetadata.d.ts +1 -1
  50. package/dist/packageMetadata.mjs +2 -2
  51. package/dist/protocol/Authorize.mjs +1 -1
  52. package/dist/protocol/Token.mjs +1 -1
  53. package/dist/request/AuthenticationHeaderParser.mjs +1 -1
  54. package/dist/request/BaseAuthRequest.mjs +1 -1
  55. package/dist/request/RequestParameterBuilder.mjs +1 -1
  56. package/dist/request/ScopeSet.mjs +1 -1
  57. package/dist/response/ResponseHandler.d.ts +9 -9
  58. package/dist/response/ResponseHandler.d.ts.map +1 -1
  59. package/dist/response/ResponseHandler.mjs +27 -20
  60. package/dist/response/ResponseHandler.mjs.map +1 -1
  61. package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
  62. package/dist/telemetry/performance/PerformanceEvent.d.ts +8 -0
  63. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  64. package/dist/telemetry/performance/PerformanceEvent.mjs +2 -1
  65. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  66. package/dist/telemetry/performance/PerformanceEvents.mjs +1 -1
  67. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  68. package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
  69. package/dist/url/UrlString.mjs +1 -1
  70. package/dist/utils/ClientAssertionUtils.mjs +1 -1
  71. package/dist/utils/Constants.mjs +1 -1
  72. package/dist/utils/FunctionWrappers.mjs +1 -1
  73. package/dist/utils/ProtocolUtils.mjs +1 -1
  74. package/dist/utils/StringUtils.mjs +1 -1
  75. package/dist/utils/TimeUtils.mjs +1 -1
  76. package/dist/utils/UrlUtils.mjs +1 -1
  77. package/dist-browser/account/AccountInfo.mjs +1 -1
  78. package/dist-browser/account/AuthToken.mjs +1 -1
  79. package/dist-browser/account/CcsCredential.mjs +1 -1
  80. package/dist-browser/account/ClientInfo.mjs +1 -1
  81. package/dist-browser/account/TokenClaims.mjs +1 -1
  82. package/dist-browser/authority/Authority.mjs +1 -1
  83. package/dist-browser/authority/AuthorityFactory.mjs +1 -1
  84. package/dist-browser/authority/AuthorityMetadata.mjs +1 -1
  85. package/dist-browser/authority/AuthorityOptions.mjs +1 -1
  86. package/dist-browser/authority/AuthorityType.mjs +1 -1
  87. package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  88. package/dist-browser/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  89. package/dist-browser/authority/OpenIdConfigResponse.mjs +1 -1
  90. package/dist-browser/authority/ProtocolMode.mjs +1 -1
  91. package/dist-browser/authority/RegionDiscovery.mjs +1 -1
  92. package/dist-browser/cache/CacheManager.mjs +1 -1
  93. package/dist-browser/cache/persistence/TokenCacheContext.mjs +1 -1
  94. package/dist-browser/cache/utils/AccountEntityUtils.mjs +1 -1
  95. package/dist-browser/cache/utils/CacheHelpers.mjs +1 -1
  96. package/dist-browser/client/AuthorizationCodeClient.mjs +1 -1
  97. package/dist-browser/client/RefreshTokenClient.mjs +1 -1
  98. package/dist-browser/client/SilentFlowClient.mjs +1 -1
  99. package/dist-browser/config/ClientConfiguration.mjs +1 -1
  100. package/dist-browser/constants/AADServerParamKeys.mjs +1 -1
  101. package/dist-browser/crypto/ICrypto.mjs +1 -1
  102. package/dist-browser/crypto/JoseHeader.mjs +1 -1
  103. package/dist-browser/crypto/PopTokenGenerator.mjs +1 -1
  104. package/dist-browser/error/AuthError.mjs +1 -1
  105. package/dist-browser/error/AuthErrorCodes.mjs +1 -1
  106. package/dist-browser/error/CacheError.mjs +1 -1
  107. package/dist-browser/error/CacheErrorCodes.mjs +1 -1
  108. package/dist-browser/error/ClientAuthError.mjs +1 -1
  109. package/dist-browser/error/ClientAuthErrorCodes.mjs +1 -1
  110. package/dist-browser/error/ClientConfigurationError.mjs +1 -1
  111. package/dist-browser/error/ClientConfigurationErrorCodes.mjs +1 -1
  112. package/dist-browser/error/InteractionRequiredAuthError.mjs +1 -1
  113. package/dist-browser/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  114. package/dist-browser/error/JoseHeaderError.mjs +1 -1
  115. package/dist-browser/error/JoseHeaderErrorCodes.mjs +1 -1
  116. package/dist-browser/error/NetworkError.mjs +1 -1
  117. package/dist-browser/error/PlatformBrokerError.mjs +1 -1
  118. package/dist-browser/error/ServerError.mjs +1 -1
  119. package/dist-browser/index-browser.mjs +1 -1
  120. package/dist-browser/index.mjs +1 -1
  121. package/dist-browser/log-strings-mapping.json +7 -3
  122. package/dist-browser/logger/Logger.mjs +1 -1
  123. package/dist-browser/network/INetworkModule.mjs +1 -1
  124. package/dist-browser/network/RequestThumbprint.mjs +1 -1
  125. package/dist-browser/network/ThrottlingUtils.mjs +1 -1
  126. package/dist-browser/packageMetadata.d.ts +1 -1
  127. package/dist-browser/packageMetadata.mjs +2 -2
  128. package/dist-browser/protocol/Authorize.mjs +1 -1
  129. package/dist-browser/protocol/Token.mjs +1 -1
  130. package/dist-browser/request/AuthenticationHeaderParser.mjs +1 -1
  131. package/dist-browser/request/BaseAuthRequest.mjs +1 -1
  132. package/dist-browser/request/RequestParameterBuilder.mjs +1 -1
  133. package/dist-browser/request/ScopeSet.mjs +1 -1
  134. package/dist-browser/response/ResponseHandler.d.ts +9 -9
  135. package/dist-browser/response/ResponseHandler.d.ts.map +1 -1
  136. package/dist-browser/response/ResponseHandler.mjs +27 -20
  137. package/dist-browser/response/ResponseHandler.mjs.map +1 -1
  138. package/dist-browser/telemetry/performance/PerformanceClient.mjs +1 -1
  139. package/dist-browser/telemetry/performance/PerformanceEvent.d.ts +8 -0
  140. package/dist-browser/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  141. package/dist-browser/telemetry/performance/PerformanceEvent.mjs +2 -1
  142. package/dist-browser/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  143. package/dist-browser/telemetry/performance/PerformanceEvents.mjs +1 -1
  144. package/dist-browser/telemetry/performance/StubPerformanceClient.mjs +1 -1
  145. package/dist-browser/telemetry/server/ServerTelemetryManager.mjs +1 -1
  146. package/dist-browser/url/UrlString.mjs +1 -1
  147. package/dist-browser/utils/ClientAssertionUtils.mjs +1 -1
  148. package/dist-browser/utils/Constants.mjs +1 -1
  149. package/dist-browser/utils/FunctionWrappers.mjs +1 -1
  150. package/dist-browser/utils/ProtocolUtils.mjs +1 -1
  151. package/dist-browser/utils/StringUtils.mjs +1 -1
  152. package/dist-browser/utils/TimeUtils.mjs +1 -1
  153. package/dist-browser/utils/UrlUtils.mjs +1 -1
  154. package/lib/index-browser.cjs +2 -2
  155. package/lib/{index-node-5qBGS-xm.js → index-node-5FoJ00Jc.js} +133 -125
  156. package/lib/{index-node-5qBGS-xm.js.map → index-node-5FoJ00Jc.js.map} +1 -1
  157. package/lib/index-node.cjs +2 -2
  158. package/lib/index.cjs +2 -2
  159. package/lib/types/packageMetadata.d.ts +1 -1
  160. package/lib/types/response/ResponseHandler.d.ts +9 -9
  161. package/lib/types/response/ResponseHandler.d.ts.map +1 -1
  162. package/lib/types/telemetry/performance/PerformanceEvent.d.ts +8 -0
  163. package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  164. package/package.json +1 -1
  165. package/src/packageMetadata.ts +1 -1
  166. package/src/response/ResponseHandler.ts +67 -47
  167. package/src/telemetry/performance/PerformanceEvent.ts +12 -0
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v16.4.0 2026-03-18 */
1
+ /*! @azure/msal-common v16.4.1 2026-04-01 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
@@ -4253,7 +4253,7 @@ class Logger {
4253
4253
 
4254
4254
  /* eslint-disable header/header */
4255
4255
  const name = "@azure/msal-common";
4256
- const version = "16.4.0";
4256
+ const version = "16.4.1";
4257
4257
 
4258
4258
  /*
4259
4259
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5449,6 +5449,7 @@ const IntFields = new Set([
5449
5449
  "currRefreshCount",
5450
5450
  "expiredCacheRemovedCount",
5451
5451
  "upgradedCacheCount",
5452
+ "cacheMatchedAccounts",
5452
5453
  "networkRtt",
5453
5454
  "redirectBridgeTimeoutMs",
5454
5455
  "redirectBridgeMessageVersion",
@@ -5605,15 +5606,102 @@ function isOidcProtocolMode(config) {
5605
5606
  * Licensed under the MIT License.
5606
5607
  */
5607
5608
  /**
5608
- * Error thrown when there is an error with the server code, for example, unavailability.
5609
+ * This class instance helps track the memory changes facilitating
5610
+ * decisions to read from and write to the persistent cache
5611
+ */ class TokenCacheContext {
5612
+ constructor(tokenCache, hasChanged) {
5613
+ this.cache = tokenCache;
5614
+ this.hasChanged = hasChanged;
5615
+ }
5616
+ /**
5617
+ * boolean which indicates the changes in cache
5618
+ */
5619
+ get cacheHasChanged() {
5620
+ return this.hasChanged;
5621
+ }
5622
+ /**
5623
+ * function to retrieve the token cache
5624
+ */
5625
+ get tokenCache() {
5626
+ return this.cache;
5627
+ }
5628
+ }
5629
+
5630
+ /*
5631
+ * Copyright (c) Microsoft Corporation. All rights reserved.
5632
+ * Licensed under the MIT License.
5609
5633
  */
5610
- class ServerError extends AuthError {
5611
- constructor(errorCode, errorMessage, subError, errorNo, status) {
5612
- super(errorCode, errorMessage, subError);
5613
- this.name = "ServerError";
5614
- this.errorNo = errorNo;
5615
- this.status = status;
5616
- Object.setPrototypeOf(this, ServerError.prototype);
5634
+ const KeyLocation = {
5635
+ SW: "sw"};
5636
+ /** @internal */
5637
+ class PopTokenGenerator {
5638
+ constructor(cryptoUtils, performanceClient) {
5639
+ this.cryptoUtils = cryptoUtils;
5640
+ this.performanceClient = performanceClient;
5641
+ }
5642
+ /**
5643
+ * Generates the req_cnf validated at the RP in the POP protocol for SHR parameters
5644
+ * and returns an object containing the keyid, the full req_cnf string and the req_cnf string hash
5645
+ * @param request
5646
+ * @returns
5647
+ */
5648
+ async generateCnf(request, logger) {
5649
+ const reqCnf = await invokeAsync(this.generateKid.bind(this), PopTokenGenerateCnf, logger, this.performanceClient, request.correlationId)(request);
5650
+ const reqCnfString = this.cryptoUtils.base64UrlEncode(JSON.stringify(reqCnf));
5651
+ return {
5652
+ kid: reqCnf.kid,
5653
+ reqCnfString,
5654
+ };
5655
+ }
5656
+ /**
5657
+ * Generates key_id for a SHR token request
5658
+ * @param request
5659
+ * @returns
5660
+ */
5661
+ async generateKid(request) {
5662
+ const kidThumbprint = await this.cryptoUtils.getPublicKeyThumbprint(request);
5663
+ return {
5664
+ kid: kidThumbprint,
5665
+ xms_ksl: KeyLocation.SW,
5666
+ };
5667
+ }
5668
+ /**
5669
+ * Signs the POP access_token with the local generated key-pair
5670
+ * @param accessToken
5671
+ * @param request
5672
+ * @returns
5673
+ */
5674
+ async signPopToken(accessToken, keyId, request) {
5675
+ return this.signPayload(accessToken, keyId, request);
5676
+ }
5677
+ /**
5678
+ * Utility function to generate the signed JWT for an access_token
5679
+ * @param payload
5680
+ * @param kid
5681
+ * @param request
5682
+ * @param claims
5683
+ * @returns
5684
+ */
5685
+ async signPayload(payload, keyId, request, claims) {
5686
+ // Deconstruct request to extract SHR parameters
5687
+ const { resourceRequestMethod, resourceRequestUri, shrClaims, shrNonce, shrOptions, } = request;
5688
+ const resourceUrlString = resourceRequestUri
5689
+ ? new UrlString(resourceRequestUri)
5690
+ : undefined;
5691
+ const resourceUrlComponents = resourceUrlString?.getUrlComponents();
5692
+ return this.cryptoUtils.signJwt({
5693
+ at: payload,
5694
+ ts: nowSeconds(),
5695
+ m: resourceRequestMethod?.toUpperCase(),
5696
+ u: resourceUrlComponents?.HostNameAndPort,
5697
+ nonce: shrNonce || this.cryptoUtils.createNewGuid(),
5698
+ p: resourceUrlComponents?.AbsolutePath,
5699
+ q: resourceUrlComponents?.QueryString
5700
+ ? [[], resourceUrlComponents.QueryString]
5701
+ : undefined,
5702
+ client_claims: shrClaims || undefined,
5703
+ ...claims,
5704
+ }, keyId, shrOptions, request.correlationId);
5617
5705
  }
5618
5706
  }
5619
5707
 
@@ -5746,6 +5834,23 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
5746
5834
  return new InteractionRequiredAuthError(errorCode, errorMessage);
5747
5835
  }
5748
5836
 
5837
+ /*
5838
+ * Copyright (c) Microsoft Corporation. All rights reserved.
5839
+ * Licensed under the MIT License.
5840
+ */
5841
+ /**
5842
+ * Error thrown when there is an error with the server code, for example, unavailability.
5843
+ */
5844
+ class ServerError extends AuthError {
5845
+ constructor(errorCode, errorMessage, subError, errorNo, status) {
5846
+ super(errorCode, errorMessage, subError);
5847
+ this.name = "ServerError";
5848
+ this.errorNo = errorNo;
5849
+ this.status = status;
5850
+ Object.setPrototypeOf(this, ServerError.prototype);
5851
+ }
5852
+ }
5853
+
5749
5854
  /*
5750
5855
  * Copyright (c) Microsoft Corporation. All rights reserved.
5751
5856
  * Licensed under the MIT License.
@@ -5819,110 +5924,6 @@ var ProtocolUtils = /*#__PURE__*/Object.freeze({
5819
5924
  setRequestState: setRequestState
5820
5925
  });
5821
5926
 
5822
- /*
5823
- * Copyright (c) Microsoft Corporation. All rights reserved.
5824
- * Licensed under the MIT License.
5825
- */
5826
- const KeyLocation = {
5827
- SW: "sw"};
5828
- /** @internal */
5829
- class PopTokenGenerator {
5830
- constructor(cryptoUtils, performanceClient) {
5831
- this.cryptoUtils = cryptoUtils;
5832
- this.performanceClient = performanceClient;
5833
- }
5834
- /**
5835
- * Generates the req_cnf validated at the RP in the POP protocol for SHR parameters
5836
- * and returns an object containing the keyid, the full req_cnf string and the req_cnf string hash
5837
- * @param request
5838
- * @returns
5839
- */
5840
- async generateCnf(request, logger) {
5841
- const reqCnf = await invokeAsync(this.generateKid.bind(this), PopTokenGenerateCnf, logger, this.performanceClient, request.correlationId)(request);
5842
- const reqCnfString = this.cryptoUtils.base64UrlEncode(JSON.stringify(reqCnf));
5843
- return {
5844
- kid: reqCnf.kid,
5845
- reqCnfString,
5846
- };
5847
- }
5848
- /**
5849
- * Generates key_id for a SHR token request
5850
- * @param request
5851
- * @returns
5852
- */
5853
- async generateKid(request) {
5854
- const kidThumbprint = await this.cryptoUtils.getPublicKeyThumbprint(request);
5855
- return {
5856
- kid: kidThumbprint,
5857
- xms_ksl: KeyLocation.SW,
5858
- };
5859
- }
5860
- /**
5861
- * Signs the POP access_token with the local generated key-pair
5862
- * @param accessToken
5863
- * @param request
5864
- * @returns
5865
- */
5866
- async signPopToken(accessToken, keyId, request) {
5867
- return this.signPayload(accessToken, keyId, request);
5868
- }
5869
- /**
5870
- * Utility function to generate the signed JWT for an access_token
5871
- * @param payload
5872
- * @param kid
5873
- * @param request
5874
- * @param claims
5875
- * @returns
5876
- */
5877
- async signPayload(payload, keyId, request, claims) {
5878
- // Deconstruct request to extract SHR parameters
5879
- const { resourceRequestMethod, resourceRequestUri, shrClaims, shrNonce, shrOptions, } = request;
5880
- const resourceUrlString = resourceRequestUri
5881
- ? new UrlString(resourceRequestUri)
5882
- : undefined;
5883
- const resourceUrlComponents = resourceUrlString?.getUrlComponents();
5884
- return this.cryptoUtils.signJwt({
5885
- at: payload,
5886
- ts: nowSeconds(),
5887
- m: resourceRequestMethod?.toUpperCase(),
5888
- u: resourceUrlComponents?.HostNameAndPort,
5889
- nonce: shrNonce || this.cryptoUtils.createNewGuid(),
5890
- p: resourceUrlComponents?.AbsolutePath,
5891
- q: resourceUrlComponents?.QueryString
5892
- ? [[], resourceUrlComponents.QueryString]
5893
- : undefined,
5894
- client_claims: shrClaims || undefined,
5895
- ...claims,
5896
- }, keyId, shrOptions, request.correlationId);
5897
- }
5898
- }
5899
-
5900
- /*
5901
- * Copyright (c) Microsoft Corporation. All rights reserved.
5902
- * Licensed under the MIT License.
5903
- */
5904
- /**
5905
- * This class instance helps track the memory changes facilitating
5906
- * decisions to read from and write to the persistent cache
5907
- */ class TokenCacheContext {
5908
- constructor(tokenCache, hasChanged) {
5909
- this.cache = tokenCache;
5910
- this.hasChanged = hasChanged;
5911
- }
5912
- /**
5913
- * boolean which indicates the changes in cache
5914
- */
5915
- get cacheHasChanged() {
5916
- return this.hasChanged;
5917
- }
5918
- /**
5919
- * function to retrieve the token cache
5920
- */
5921
- get tokenCache() {
5922
- return this.cache;
5923
- }
5924
- }
5925
-
5926
5927
  /*
5927
5928
  * Copyright (c) Microsoft Corporation. All rights reserved.
5928
5929
  * Licensed under the MIT License.
@@ -6077,7 +6078,7 @@ class ResponseHandler {
6077
6078
  if (serverTokenResponse.id_token && !!idTokenClaims) {
6078
6079
  cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || "");
6079
6080
  cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, request.correlationId, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
6080
- this.logger);
6081
+ this.logger, this.performanceClient);
6081
6082
  }
6082
6083
  // AccessToken
6083
6084
  let cachedAccessToken = null;
@@ -6228,17 +6229,24 @@ class ResponseHandler {
6228
6229
  };
6229
6230
  }
6230
6231
  }
6231
- function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
6232
+ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger, performanceClient) {
6232
6233
  logger?.verbose("setCachedAccount called", correlationId);
6233
- // Check if base account is already cached
6234
- const accountKeys = cacheStorage.getAccountKeys();
6235
- const baseAccountKey = accountKeys.find((accountKey) => {
6236
- return accountKey.startsWith(homeAccountId);
6237
- });
6238
- let cachedAccount = null;
6239
- if (baseAccountKey) {
6240
- cachedAccount = cacheStorage.getAccount(baseAccountKey, correlationId);
6234
+ /*
6235
+ * Check if base account is already cached. Filter by homeAccountId (identifies
6236
+ * the user's home identity) and environment (identifies the cloud) the two
6237
+ * tenant-agnostic properties that uniquely locate a base AccountEntity.
6238
+ */
6239
+ const accountEnvironment = environment || authority.getPreferredCache();
6240
+ const matchedAccounts = cacheStorage.getAccountsFilteredBy({ homeAccountId, environment: accountEnvironment }, correlationId);
6241
+ performanceClient?.addFields({ cacheMatchedAccounts: matchedAccounts.length }, correlationId);
6242
+ if (matchedAccounts.length > 1) {
6243
+ /*
6244
+ * Base accounts are expected to be unique for a given homeAccountId in normal cache usage.
6245
+ * If multiple matches exist, ignore the cache hit rather than arbitrarily choosing one.
6246
+ */
6247
+ logger?.warning("Multiple base accounts matched homeAccountId. Ignoring cached account and creating a new base account.", correlationId);
6241
6248
  }
6249
+ const cachedAccount = matchedAccounts.length === 1 ? matchedAccounts[0] : null;
6242
6250
  const baseAccount = cachedAccount ||
6243
6251
  createAccountEntity({
6244
6252
  homeAccountId,
@@ -7855,4 +7863,4 @@ exports.invokeAsync = invokeAsync;
7855
7863
  exports.tenantIdMatchesHomeTenant = tenantIdMatchesHomeTenant;
7856
7864
  exports.updateAccountTenantProfileData = updateAccountTenantProfileData;
7857
7865
  exports.version = version;
7858
- //# sourceMappingURL=index-node-5qBGS-xm.js.map
7866
+ //# sourceMappingURL=index-node-5FoJ00Jc.js.map