@azure/msal-common 16.4.1 → 16.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (220) hide show
  1. package/dist/account/AccountInfo.d.ts +3 -1
  2. package/dist/account/AccountInfo.d.ts.map +1 -1
  3. package/dist/account/AccountInfo.mjs +3 -2
  4. package/dist/account/AccountInfo.mjs.map +1 -1
  5. package/dist/account/AuthToken.mjs +1 -1
  6. package/dist/account/CcsCredential.mjs +1 -1
  7. package/dist/account/ClientInfo.mjs +1 -1
  8. package/dist/account/TokenClaims.mjs +1 -1
  9. package/dist/authority/Authority.mjs +1 -1
  10. package/dist/authority/AuthorityFactory.mjs +1 -1
  11. package/dist/authority/AuthorityMetadata.mjs +1 -1
  12. package/dist/authority/AuthorityOptions.mjs +1 -1
  13. package/dist/authority/AuthorityType.mjs +1 -1
  14. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  15. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  16. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  17. package/dist/authority/ProtocolMode.mjs +1 -1
  18. package/dist/authority/RegionDiscovery.mjs +1 -1
  19. package/dist/cache/CacheManager.d.ts +7 -0
  20. package/dist/cache/CacheManager.d.ts.map +1 -1
  21. package/dist/cache/CacheManager.mjs +37 -9
  22. package/dist/cache/CacheManager.mjs.map +1 -1
  23. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  24. package/dist/cache/utils/AccountEntityUtils.mjs +1 -1
  25. package/dist/cache/utils/CacheHelpers.mjs +1 -1
  26. package/dist/cache/utils/CacheTypes.d.ts +1 -1
  27. package/dist/cache/utils/CacheTypes.d.ts.map +1 -1
  28. package/dist/client/AuthorizationCodeClient.d.ts.map +1 -1
  29. package/dist/client/AuthorizationCodeClient.mjs +3 -8
  30. package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
  31. package/dist/client/RefreshTokenClient.d.ts.map +1 -1
  32. package/dist/client/RefreshTokenClient.mjs +3 -8
  33. package/dist/client/RefreshTokenClient.mjs.map +1 -1
  34. package/dist/client/SilentFlowClient.mjs +1 -1
  35. package/dist/config/ClientConfiguration.mjs +1 -1
  36. package/dist/constants/AADServerParamKeys.mjs +1 -1
  37. package/dist/crypto/ICrypto.mjs +1 -1
  38. package/dist/crypto/JoseHeader.mjs +1 -1
  39. package/dist/crypto/PopTokenGenerator.mjs +1 -1
  40. package/dist/error/AuthError.mjs +1 -1
  41. package/dist/error/AuthErrorCodes.mjs +1 -1
  42. package/dist/error/CacheError.mjs +1 -1
  43. package/dist/error/CacheErrorCodes.mjs +1 -1
  44. package/dist/error/ClientAuthError.mjs +1 -1
  45. package/dist/error/ClientAuthErrorCodes.mjs +1 -1
  46. package/dist/error/ClientConfigurationError.mjs +1 -1
  47. package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
  48. package/dist/error/InteractionRequiredAuthError.mjs +1 -1
  49. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  50. package/dist/error/JoseHeaderError.mjs +1 -1
  51. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  52. package/dist/error/NetworkError.mjs +1 -1
  53. package/dist/error/PlatformBrokerError.mjs +1 -1
  54. package/dist/error/ServerError.mjs +1 -1
  55. package/dist/index-node.mjs +1 -1
  56. package/dist/index.mjs +1 -1
  57. package/dist/logger/Logger.mjs +1 -1
  58. package/dist/network/INetworkModule.mjs +1 -1
  59. package/dist/network/RequestThumbprint.mjs +1 -1
  60. package/dist/network/ThrottlingUtils.mjs +1 -1
  61. package/dist/packageMetadata.d.ts +1 -1
  62. package/dist/packageMetadata.mjs +2 -2
  63. package/dist/protocol/Authorize.d.ts.map +1 -1
  64. package/dist/protocol/Authorize.mjs +3 -7
  65. package/dist/protocol/Authorize.mjs.map +1 -1
  66. package/dist/protocol/Token.mjs +1 -1
  67. package/dist/request/AuthenticationHeaderParser.mjs +1 -1
  68. package/dist/request/BaseAuthRequest.d.ts +4 -0
  69. package/dist/request/BaseAuthRequest.d.ts.map +1 -1
  70. package/dist/request/BaseAuthRequest.mjs +1 -1
  71. package/dist/request/BaseAuthRequest.mjs.map +1 -1
  72. package/dist/request/RequestParameterBuilder.d.ts +8 -4
  73. package/dist/request/RequestParameterBuilder.d.ts.map +1 -1
  74. package/dist/request/RequestParameterBuilder.mjs +24 -12
  75. package/dist/request/RequestParameterBuilder.mjs.map +1 -1
  76. package/dist/request/ScopeSet.mjs +1 -1
  77. package/dist/response/ResponseHandler.mjs +1 -1
  78. package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
  79. package/dist/telemetry/performance/PerformanceEvent.d.ts +11 -0
  80. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  81. package/dist/telemetry/performance/PerformanceEvent.mjs +1 -1
  82. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  83. package/dist/telemetry/performance/PerformanceEvents.mjs +1 -1
  84. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  85. package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
  86. package/dist/url/UrlString.mjs +1 -1
  87. package/dist/utils/ClientAssertionUtils.mjs +1 -1
  88. package/dist/utils/Constants.mjs +1 -1
  89. package/dist/utils/FunctionWrappers.mjs +1 -1
  90. package/dist/utils/ProtocolUtils.mjs +1 -1
  91. package/dist/utils/StringUtils.mjs +1 -1
  92. package/dist/utils/TimeUtils.mjs +1 -1
  93. package/dist/utils/UrlUtils.mjs +1 -1
  94. package/dist-browser/account/AccountInfo.d.ts +3 -1
  95. package/dist-browser/account/AccountInfo.d.ts.map +1 -1
  96. package/dist-browser/account/AccountInfo.mjs +3 -2
  97. package/dist-browser/account/AccountInfo.mjs.map +1 -1
  98. package/dist-browser/account/AuthToken.mjs +1 -1
  99. package/dist-browser/account/CcsCredential.mjs +1 -1
  100. package/dist-browser/account/ClientInfo.mjs +1 -1
  101. package/dist-browser/account/TokenClaims.mjs +1 -1
  102. package/dist-browser/authority/Authority.mjs +1 -1
  103. package/dist-browser/authority/AuthorityFactory.mjs +1 -1
  104. package/dist-browser/authority/AuthorityMetadata.mjs +1 -1
  105. package/dist-browser/authority/AuthorityOptions.mjs +1 -1
  106. package/dist-browser/authority/AuthorityType.mjs +1 -1
  107. package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  108. package/dist-browser/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  109. package/dist-browser/authority/OpenIdConfigResponse.mjs +1 -1
  110. package/dist-browser/authority/ProtocolMode.mjs +1 -1
  111. package/dist-browser/authority/RegionDiscovery.mjs +1 -1
  112. package/dist-browser/cache/CacheManager.d.ts +7 -0
  113. package/dist-browser/cache/CacheManager.d.ts.map +1 -1
  114. package/dist-browser/cache/CacheManager.mjs +37 -9
  115. package/dist-browser/cache/CacheManager.mjs.map +1 -1
  116. package/dist-browser/cache/persistence/TokenCacheContext.mjs +1 -1
  117. package/dist-browser/cache/utils/AccountEntityUtils.mjs +1 -1
  118. package/dist-browser/cache/utils/CacheHelpers.mjs +1 -1
  119. package/dist-browser/cache/utils/CacheTypes.d.ts +1 -1
  120. package/dist-browser/cache/utils/CacheTypes.d.ts.map +1 -1
  121. package/dist-browser/client/AuthorizationCodeClient.d.ts.map +1 -1
  122. package/dist-browser/client/AuthorizationCodeClient.mjs +3 -8
  123. package/dist-browser/client/AuthorizationCodeClient.mjs.map +1 -1
  124. package/dist-browser/client/RefreshTokenClient.d.ts.map +1 -1
  125. package/dist-browser/client/RefreshTokenClient.mjs +3 -8
  126. package/dist-browser/client/RefreshTokenClient.mjs.map +1 -1
  127. package/dist-browser/client/SilentFlowClient.mjs +1 -1
  128. package/dist-browser/config/ClientConfiguration.mjs +1 -1
  129. package/dist-browser/constants/AADServerParamKeys.mjs +1 -1
  130. package/dist-browser/crypto/ICrypto.mjs +1 -1
  131. package/dist-browser/crypto/JoseHeader.mjs +1 -1
  132. package/dist-browser/crypto/PopTokenGenerator.mjs +1 -1
  133. package/dist-browser/error/AuthError.mjs +1 -1
  134. package/dist-browser/error/AuthErrorCodes.mjs +1 -1
  135. package/dist-browser/error/CacheError.mjs +1 -1
  136. package/dist-browser/error/CacheErrorCodes.mjs +1 -1
  137. package/dist-browser/error/ClientAuthError.mjs +1 -1
  138. package/dist-browser/error/ClientAuthErrorCodes.mjs +1 -1
  139. package/dist-browser/error/ClientConfigurationError.mjs +1 -1
  140. package/dist-browser/error/ClientConfigurationErrorCodes.mjs +1 -1
  141. package/dist-browser/error/InteractionRequiredAuthError.mjs +1 -1
  142. package/dist-browser/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  143. package/dist-browser/error/JoseHeaderError.mjs +1 -1
  144. package/dist-browser/error/JoseHeaderErrorCodes.mjs +1 -1
  145. package/dist-browser/error/NetworkError.mjs +1 -1
  146. package/dist-browser/error/PlatformBrokerError.mjs +1 -1
  147. package/dist-browser/error/ServerError.mjs +1 -1
  148. package/dist-browser/index-browser.mjs +1 -1
  149. package/dist-browser/index.mjs +1 -1
  150. package/dist-browser/log-strings-mapping.json +2 -2
  151. package/dist-browser/logger/Logger.mjs +1 -1
  152. package/dist-browser/network/INetworkModule.mjs +1 -1
  153. package/dist-browser/network/RequestThumbprint.mjs +1 -1
  154. package/dist-browser/network/ThrottlingUtils.mjs +1 -1
  155. package/dist-browser/packageMetadata.d.ts +1 -1
  156. package/dist-browser/packageMetadata.mjs +2 -2
  157. package/dist-browser/protocol/Authorize.d.ts.map +1 -1
  158. package/dist-browser/protocol/Authorize.mjs +3 -7
  159. package/dist-browser/protocol/Authorize.mjs.map +1 -1
  160. package/dist-browser/protocol/Token.mjs +1 -1
  161. package/dist-browser/request/AuthenticationHeaderParser.mjs +1 -1
  162. package/dist-browser/request/BaseAuthRequest.d.ts +4 -0
  163. package/dist-browser/request/BaseAuthRequest.d.ts.map +1 -1
  164. package/dist-browser/request/BaseAuthRequest.mjs +1 -1
  165. package/dist-browser/request/BaseAuthRequest.mjs.map +1 -1
  166. package/dist-browser/request/RequestParameterBuilder.d.ts +8 -4
  167. package/dist-browser/request/RequestParameterBuilder.d.ts.map +1 -1
  168. package/dist-browser/request/RequestParameterBuilder.mjs +24 -12
  169. package/dist-browser/request/RequestParameterBuilder.mjs.map +1 -1
  170. package/dist-browser/request/ScopeSet.mjs +1 -1
  171. package/dist-browser/response/ResponseHandler.mjs +1 -1
  172. package/dist-browser/telemetry/performance/PerformanceClient.mjs +1 -1
  173. package/dist-browser/telemetry/performance/PerformanceEvent.d.ts +11 -0
  174. package/dist-browser/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  175. package/dist-browser/telemetry/performance/PerformanceEvent.mjs +1 -1
  176. package/dist-browser/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  177. package/dist-browser/telemetry/performance/PerformanceEvents.mjs +1 -1
  178. package/dist-browser/telemetry/performance/StubPerformanceClient.mjs +1 -1
  179. package/dist-browser/telemetry/server/ServerTelemetryManager.mjs +1 -1
  180. package/dist-browser/url/UrlString.mjs +1 -1
  181. package/dist-browser/utils/ClientAssertionUtils.mjs +1 -1
  182. package/dist-browser/utils/Constants.mjs +1 -1
  183. package/dist-browser/utils/FunctionWrappers.mjs +1 -1
  184. package/dist-browser/utils/ProtocolUtils.mjs +1 -1
  185. package/dist-browser/utils/StringUtils.mjs +1 -1
  186. package/dist-browser/utils/TimeUtils.mjs +1 -1
  187. package/dist-browser/utils/UrlUtils.mjs +1 -1
  188. package/lib/index-browser.cjs +2 -2
  189. package/lib/{index-node-5FoJ00Jc.js → index-node-CJl1_QbT.js} +66 -38
  190. package/lib/index-node-CJl1_QbT.js.map +1 -0
  191. package/lib/index-node.cjs +2 -2
  192. package/lib/index.cjs +2 -2
  193. package/lib/types/account/AccountInfo.d.ts +3 -1
  194. package/lib/types/account/AccountInfo.d.ts.map +1 -1
  195. package/lib/types/cache/CacheManager.d.ts +7 -0
  196. package/lib/types/cache/CacheManager.d.ts.map +1 -1
  197. package/lib/types/cache/utils/CacheTypes.d.ts +1 -1
  198. package/lib/types/cache/utils/CacheTypes.d.ts.map +1 -1
  199. package/lib/types/client/AuthorizationCodeClient.d.ts.map +1 -1
  200. package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
  201. package/lib/types/packageMetadata.d.ts +1 -1
  202. package/lib/types/protocol/Authorize.d.ts.map +1 -1
  203. package/lib/types/request/BaseAuthRequest.d.ts +4 -0
  204. package/lib/types/request/BaseAuthRequest.d.ts.map +1 -1
  205. package/lib/types/request/RequestParameterBuilder.d.ts +8 -4
  206. package/lib/types/request/RequestParameterBuilder.d.ts.map +1 -1
  207. package/lib/types/telemetry/performance/PerformanceEvent.d.ts +11 -0
  208. package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  209. package/package.json +1 -1
  210. package/src/account/AccountInfo.ts +5 -2
  211. package/src/cache/CacheManager.ts +65 -10
  212. package/src/cache/utils/CacheTypes.ts +1 -0
  213. package/src/client/AuthorizationCodeClient.ts +8 -13
  214. package/src/client/RefreshTokenClient.ts +8 -13
  215. package/src/packageMetadata.ts +1 -1
  216. package/src/protocol/Authorize.ts +7 -12
  217. package/src/request/BaseAuthRequest.ts +4 -0
  218. package/src/request/RequestParameterBuilder.ts +30 -13
  219. package/src/telemetry/performance/PerformanceEvent.ts +13 -0
  220. package/lib/index-node-5FoJ00Jc.js.map +0 -1
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1
+ /*! @azure/msal-common v16.5.1 2026-04-21 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- var indexNode = require('./index-node-5FoJ00Jc.js');
5
+ var indexNode = require('./index-node-CJl1_QbT.js');
6
6
 
7
7
  /*
8
8
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v16.4.1 2026-04-01 */
1
+ /*! @azure/msal-common v16.5.1 2026-04-21 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
@@ -3018,6 +3018,7 @@ function buildTenantProfile(homeAccountId, localAccountId, tenantId, idTokenClai
3018
3018
  username: preferred_username || upn || "",
3019
3019
  loginHint: login_hint,
3020
3020
  isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId),
3021
+ upn: upn,
3021
3022
  };
3022
3023
  }
3023
3024
  else {
@@ -3045,7 +3046,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
3045
3046
  }
3046
3047
  // ID token claims override passed in account info and tenant profile
3047
3048
  if (idTokenClaims) {
3048
- // Ignore isHomeTenant, loginHint, and sid which are part of tenant profile but not base account info
3049
+ // Ignore isHomeTenant which is a utility property of tenant profile but not required in base account info
3049
3050
  // eslint-disable-next-line @typescript-eslint/no-unused-vars
3050
3051
  const { isHomeTenant, ...claimsSourcedTenantProfile } = buildTenantProfile(baseAccountInfo.homeAccountId, baseAccountInfo.localAccountId, baseAccountInfo.tenantId, idTokenClaims);
3051
3052
  updatedAccountInfo = {
@@ -3597,18 +3598,29 @@ function addSid(parameters, sid) {
3597
3598
  parameters.set(SID, sid);
3598
3599
  }
3599
3600
  /**
3600
- * add claims
3601
- * @param claims
3602
- */
3603
- function addClaims(parameters, claims, clientCapabilities) {
3604
- const mergedClaims = addClientCapabilitiesToClaims(claims, clientCapabilities);
3605
- try {
3606
- JSON.parse(mergedClaims);
3607
- }
3608
- catch (e) {
3609
- throw createClientConfigurationError(invalidClaims);
3601
+ * Adds claims to request parameters, conditionally excluding clientCapabilities
3602
+ * when skipBrokerClaims is true and a brokered flow is in effect.
3603
+ * @param parameters - The request parameters map
3604
+ * @param claims - The claims string from the request
3605
+ * @param clientCapabilities - The client capabilities from configuration
3606
+ * @param skipBrokerClaims - When true and BROKER_CLIENT_ID is present, excludes clientCapabilities from claims
3607
+ */
3608
+ function addClaims(parameters, claims, clientCapabilities, skipBrokerClaims) {
3609
+ // Skip clientCapabilities if skipBrokerClaims is set to true and this is a brokered authentication flow
3610
+ const configClaims = skipBrokerClaims && parameters.has(BROKER_CLIENT_ID)
3611
+ ? undefined
3612
+ : clientCapabilities;
3613
+ if (!StringUtils.isEmptyObj(claims) ||
3614
+ (configClaims && configClaims.length > 0)) {
3615
+ const mergedClaims = addClientCapabilitiesToClaims(claims, configClaims);
3616
+ try {
3617
+ JSON.parse(mergedClaims);
3618
+ }
3619
+ catch (e) {
3620
+ throw createClientConfigurationError(invalidClaims);
3621
+ }
3622
+ parameters.set(CLAIMS, mergedClaims);
3610
3623
  }
3611
- parameters.set(CLAIMS, mergedClaims);
3612
3624
  }
3613
3625
  /**
3614
3626
  * add correlationId
@@ -4253,7 +4265,7 @@ class Logger {
4253
4265
 
4254
4266
  /* eslint-disable header/header */
4255
4267
  const name = "@azure/msal-common";
4256
- const version = "16.4.1";
4268
+ const version = "16.5.1";
4257
4269
 
4258
4270
  /*
4259
4271
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4439,6 +4451,19 @@ class CacheManager {
4439
4451
  !(tenantProfile.isHomeTenant === tenantProfileFilter.isHomeTenant)) {
4440
4452
  return false;
4441
4453
  }
4454
+ if (!!tenantProfileFilter.username &&
4455
+ !(this.matchUsername(tenantProfile.username, tenantProfileFilter.username) ||
4456
+ !this.matchUsername(tenantProfile.upn, tenantProfileFilter.username))) {
4457
+ return false;
4458
+ }
4459
+ if (!!tenantProfileFilter.loginHint &&
4460
+ !this.matchLoginHintWithTenantProfile(tenantProfile, tenantProfileFilter.loginHint)) {
4461
+ return false;
4462
+ }
4463
+ if (!!tenantProfileFilter.upn &&
4464
+ !(tenantProfile.upn === tenantProfileFilter.upn)) {
4465
+ return false;
4466
+ }
4442
4467
  return true;
4443
4468
  }
4444
4469
  idTokenClaimsMatchTenantProfileFilter(idTokenClaims, tenantProfileFilter) {
@@ -4453,7 +4478,8 @@ class CacheManager {
4453
4478
  return false;
4454
4479
  }
4455
4480
  if (!!tenantProfileFilter.username &&
4456
- !this.matchUsername(idTokenClaims.preferred_username, tenantProfileFilter.username)) {
4481
+ !this.matchUsername(idTokenClaims.preferred_username, tenantProfileFilter.username) &&
4482
+ !this.matchUsername(idTokenClaims.upn, tenantProfileFilter.username)) {
4457
4483
  return false;
4458
4484
  }
4459
4485
  if (!!tenantProfileFilter.name &&
@@ -4554,10 +4580,6 @@ class CacheManager {
4554
4580
  !this.matchHomeAccountId(entity, accountFilter.homeAccountId)) {
4555
4581
  return;
4556
4582
  }
4557
- if (!!accountFilter.username &&
4558
- !this.matchUsername(entity.username, accountFilter.username)) {
4559
- return;
4560
- }
4561
4583
  if (!!accountFilter.environment &&
4562
4584
  !this.matchEnvironment(entity, accountFilter.environment, correlationId)) {
4563
4585
  return;
@@ -4578,6 +4600,9 @@ class CacheManager {
4578
4600
  const tenantProfileFilter = {
4579
4601
  localAccountId: accountFilter?.localAccountId,
4580
4602
  name: accountFilter?.name,
4603
+ username: accountFilter?.username,
4604
+ loginHint: accountFilter?.loginHint,
4605
+ upn: accountFilter?.upn,
4581
4606
  };
4582
4607
  const matchingTenantProfiles = entity.tenantProfiles?.filter((tenantProfile) => {
4583
4608
  return this.tenantProfileMatchesFilter(tenantProfile, tenantProfileFilter);
@@ -4828,11 +4853,11 @@ class CacheManager {
4828
4853
  const numHomeIdTokens = homeIdTokenMap.size;
4829
4854
  if (numHomeIdTokens < 1) {
4830
4855
  this.commonLogger.info("CacheManager:getIdToken - Multiple ID tokens found for account but none match account entity tenant id, returning first result", correlationId);
4831
- return idTokenMap.values().next().value;
4856
+ return idTokenMap.values().next().value ?? null;
4832
4857
  }
4833
4858
  else if (numHomeIdTokens === 1) {
4834
4859
  this.commonLogger.info("CacheManager:getIdToken - Multiple ID tokens found for account, defaulting to home tenant profile", correlationId);
4835
- return homeIdTokenMap.values().next().value;
4860
+ return homeIdTokenMap.values().next().value ?? null;
4836
4861
  }
4837
4862
  else {
4838
4863
  // Multiple ID tokens for home tenant profile, remove all and return null
@@ -4848,7 +4873,7 @@ class CacheManager {
4848
4873
  return null;
4849
4874
  }
4850
4875
  this.commonLogger.info("CacheManager:getIdToken - Returning ID token", correlationId);
4851
- return idTokenMap.values().next().value;
4876
+ return idTokenMap.values().next().value ?? null;
4852
4877
  }
4853
4878
  /**
4854
4879
  * Gets all idTokens matching the given filter
@@ -5161,6 +5186,17 @@ class CacheManager {
5161
5186
  typeof cachedUsername === "string" &&
5162
5187
  filterUsername?.toLowerCase() === cachedUsername.toLowerCase());
5163
5188
  }
5189
+ /**
5190
+ * helper to match loginhints
5191
+ * @param entity
5192
+ * @param loginHint
5193
+ * @returns
5194
+ */
5195
+ matchLoginHintWithTenantProfile(tenantProfile, loginHintFilter) {
5196
+ return (tenantProfile.loginHint === loginHintFilter ||
5197
+ tenantProfile.username === loginHintFilter ||
5198
+ tenantProfile.upn === loginHintFilter);
5199
+ }
5164
5200
  /**
5165
5201
  * helper to match assertion
5166
5202
  * @param value
@@ -5253,6 +5289,10 @@ class CacheManager {
5253
5289
  if (tokenClaims.upn === loginHint) {
5254
5290
  return true;
5255
5291
  }
5292
+ // check login hint against list of emails in token claims
5293
+ if (tokenClaims.emails && tokenClaims.emails.includes(loginHint)) {
5294
+ return true;
5295
+ }
5256
5296
  return false;
5257
5297
  }
5258
5298
  /**
@@ -6717,11 +6757,6 @@ class AuthorizationCodeClient {
6717
6757
  throw createClientConfigurationError(missingSshJwk);
6718
6758
  }
6719
6759
  }
6720
- if (!StringUtils.isEmptyObj(request.claims) ||
6721
- (this.config.authOptions.clientCapabilities &&
6722
- this.config.authOptions.clientCapabilities.length > 0)) {
6723
- addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
6724
- }
6725
6760
  let ccsCred = undefined;
6726
6761
  if (request.clientInfo) {
6727
6762
  try {
@@ -6770,6 +6805,7 @@ class AuthorizationCodeClient {
6770
6805
  });
6771
6806
  }
6772
6807
  instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
6808
+ addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities, request.skipBrokerClaims);
6773
6809
  return mapToQueryString(parameters);
6774
6810
  }
6775
6811
  /**
@@ -7001,11 +7037,6 @@ class RefreshTokenClient {
7001
7037
  throw createClientConfigurationError(missingSshJwk);
7002
7038
  }
7003
7039
  }
7004
- if (!StringUtils.isEmptyObj(request.claims) ||
7005
- (this.config.authOptions.clientCapabilities &&
7006
- this.config.authOptions.clientCapabilities.length > 0)) {
7007
- addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
7008
- }
7009
7040
  if (this.config.systemOptions.preventCorsPreflight &&
7010
7041
  request.ccsCredential) {
7011
7042
  switch (request.ccsCredential.type) {
@@ -7032,6 +7063,7 @@ class RefreshTokenClient {
7032
7063
  });
7033
7064
  }
7034
7065
  instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
7066
+ addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities, request.skipBrokerClaims);
7035
7067
  return mapToQueryString(parameters);
7036
7068
  }
7037
7069
  }
@@ -7285,14 +7317,10 @@ function getStandardAuthorizeRequestParameters(authOptions, request, logger, per
7285
7317
  if (request.state) {
7286
7318
  addState(parameters, request.state);
7287
7319
  }
7288
- if (request.claims ||
7289
- (authOptions.clientCapabilities &&
7290
- authOptions.clientCapabilities.length > 0)) {
7291
- addClaims(parameters, request.claims, authOptions.clientCapabilities);
7292
- }
7293
7320
  if (request.embeddedClientId) {
7294
7321
  addBrokerParameters(parameters, authOptions.clientId, authOptions.redirectUri);
7295
7322
  }
7323
+ addClaims(parameters, request.claims, authOptions.clientCapabilities, request.skipBrokerClaims);
7296
7324
  // If extraQueryParameters includes instance_aware its value will be added when extraQueryParameters are added
7297
7325
  if (authOptions.instanceAware &&
7298
7326
  (!request.extraQueryParameters ||
@@ -7863,4 +7891,4 @@ exports.invokeAsync = invokeAsync;
7863
7891
  exports.tenantIdMatchesHomeTenant = tenantIdMatchesHomeTenant;
7864
7892
  exports.updateAccountTenantProfileData = updateAccountTenantProfileData;
7865
7893
  exports.version = version;
7866
- //# sourceMappingURL=index-node-5FoJ00Jc.js.map
7894
+ //# sourceMappingURL=index-node-CJl1_QbT.js.map