@azure/msal-common 16.6.2 → 16.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (165) hide show
  1. package/dist/account/AccountInfo.mjs +1 -1
  2. package/dist/account/AuthToken.mjs +1 -1
  3. package/dist/account/CcsCredential.mjs +1 -1
  4. package/dist/account/ClientInfo.mjs +1 -1
  5. package/dist/account/TokenClaims.mjs +1 -1
  6. package/dist/authority/Authority.mjs +19 -6
  7. package/dist/authority/Authority.mjs.map +1 -1
  8. package/dist/authority/AuthorityFactory.mjs +1 -1
  9. package/dist/authority/AuthorityMetadata.mjs +1 -1
  10. package/dist/authority/AuthorityOptions.mjs +1 -1
  11. package/dist/authority/AuthorityType.mjs +1 -1
  12. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  13. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  14. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  15. package/dist/authority/ProtocolMode.mjs +1 -1
  16. package/dist/authority/RegionDiscovery.mjs +1 -1
  17. package/dist/cache/CacheManager.mjs +3 -3
  18. package/dist/cache/CacheManager.mjs.map +1 -1
  19. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  20. package/dist/cache/utils/AccountEntityUtils.mjs +1 -1
  21. package/dist/cache/utils/CacheHelpers.mjs +1 -1
  22. package/dist/client/AuthorizationCodeClient.mjs +1 -1
  23. package/dist/client/RefreshTokenClient.mjs +1 -1
  24. package/dist/client/SilentFlowClient.mjs +1 -1
  25. package/dist/config/ClientConfiguration.mjs +1 -1
  26. package/dist/constants/AADServerParamKeys.mjs +1 -1
  27. package/dist/crypto/ICrypto.mjs +1 -1
  28. package/dist/crypto/JoseHeader.mjs +1 -1
  29. package/dist/crypto/PopTokenGenerator.mjs +1 -1
  30. package/dist/error/AuthError.mjs +1 -1
  31. package/dist/error/AuthErrorCodes.mjs +1 -1
  32. package/dist/error/CacheError.mjs +1 -1
  33. package/dist/error/CacheErrorCodes.mjs +1 -1
  34. package/dist/error/ClientAuthError.mjs +1 -1
  35. package/dist/error/ClientAuthErrorCodes.mjs +1 -1
  36. package/dist/error/ClientConfigurationError.mjs +1 -1
  37. package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
  38. package/dist/error/InteractionRequiredAuthError.mjs +4 -4
  39. package/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
  40. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +3 -3
  41. package/dist/error/InteractionRequiredAuthErrorCodes.mjs.map +1 -1
  42. package/dist/error/JoseHeaderError.mjs +1 -1
  43. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  44. package/dist/error/NetworkError.mjs +1 -1
  45. package/dist/error/PlatformBrokerError.mjs +1 -1
  46. package/dist/error/ServerError.mjs +1 -1
  47. package/dist/index-node.mjs +1 -1
  48. package/dist/index.mjs +1 -1
  49. package/dist/logger/Logger.mjs +1 -1
  50. package/dist/network/INetworkModule.mjs +1 -1
  51. package/dist/network/RequestThumbprint.mjs +1 -1
  52. package/dist/network/ThrottlingUtils.mjs +1 -1
  53. package/dist/packageMetadata.mjs +2 -2
  54. package/dist/protocol/Authorize.mjs +1 -1
  55. package/dist/protocol/Token.mjs +1 -1
  56. package/dist/request/AuthenticationHeaderParser.mjs +1 -1
  57. package/dist/request/BaseAuthRequest.mjs +1 -1
  58. package/dist/request/RequestParameterBuilder.mjs +1 -1
  59. package/dist/request/ScopeSet.mjs +1 -1
  60. package/dist/response/ResponseHandler.mjs +1 -1
  61. package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
  62. package/dist/telemetry/performance/PerformanceEvent.mjs +1 -1
  63. package/dist/telemetry/performance/PerformanceEvents.mjs +1 -1
  64. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  65. package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
  66. package/dist/url/UrlString.mjs +1 -1
  67. package/dist/utils/ClientAssertionUtils.mjs +1 -1
  68. package/dist/utils/Constants.mjs +1 -1
  69. package/dist/utils/FunctionWrappers.mjs +1 -1
  70. package/dist/utils/ProtocolUtils.mjs +1 -1
  71. package/dist/utils/StringUtils.mjs +1 -1
  72. package/dist/utils/TimeUtils.mjs +1 -1
  73. package/dist/utils/UrlUtils.mjs +1 -1
  74. package/dist-browser/account/AccountInfo.mjs +1 -1
  75. package/dist-browser/account/AuthToken.mjs +1 -1
  76. package/dist-browser/account/CcsCredential.mjs +1 -1
  77. package/dist-browser/account/ClientInfo.mjs +1 -1
  78. package/dist-browser/account/TokenClaims.mjs +1 -1
  79. package/dist-browser/authority/Authority.mjs +19 -6
  80. package/dist-browser/authority/Authority.mjs.map +1 -1
  81. package/dist-browser/authority/AuthorityFactory.mjs +1 -1
  82. package/dist-browser/authority/AuthorityMetadata.mjs +1 -1
  83. package/dist-browser/authority/AuthorityOptions.mjs +1 -1
  84. package/dist-browser/authority/AuthorityType.mjs +1 -1
  85. package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  86. package/dist-browser/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  87. package/dist-browser/authority/OpenIdConfigResponse.mjs +1 -1
  88. package/dist-browser/authority/ProtocolMode.mjs +1 -1
  89. package/dist-browser/authority/RegionDiscovery.mjs +1 -1
  90. package/dist-browser/cache/CacheManager.mjs +3 -3
  91. package/dist-browser/cache/CacheManager.mjs.map +1 -1
  92. package/dist-browser/cache/persistence/TokenCacheContext.mjs +1 -1
  93. package/dist-browser/cache/utils/AccountEntityUtils.mjs +1 -1
  94. package/dist-browser/cache/utils/CacheHelpers.mjs +1 -1
  95. package/dist-browser/client/AuthorizationCodeClient.mjs +1 -1
  96. package/dist-browser/client/RefreshTokenClient.mjs +1 -1
  97. package/dist-browser/client/SilentFlowClient.mjs +1 -1
  98. package/dist-browser/config/ClientConfiguration.mjs +1 -1
  99. package/dist-browser/constants/AADServerParamKeys.mjs +1 -1
  100. package/dist-browser/crypto/ICrypto.mjs +1 -1
  101. package/dist-browser/crypto/JoseHeader.mjs +1 -1
  102. package/dist-browser/crypto/PopTokenGenerator.mjs +1 -1
  103. package/dist-browser/error/AuthError.mjs +1 -1
  104. package/dist-browser/error/AuthErrorCodes.mjs +1 -1
  105. package/dist-browser/error/CacheError.mjs +1 -1
  106. package/dist-browser/error/CacheErrorCodes.mjs +1 -1
  107. package/dist-browser/error/ClientAuthError.mjs +1 -1
  108. package/dist-browser/error/ClientAuthErrorCodes.mjs +1 -1
  109. package/dist-browser/error/ClientConfigurationError.mjs +1 -1
  110. package/dist-browser/error/ClientConfigurationErrorCodes.mjs +1 -1
  111. package/dist-browser/error/InteractionRequiredAuthError.mjs +4 -4
  112. package/dist-browser/error/InteractionRequiredAuthError.mjs.map +1 -1
  113. package/dist-browser/error/InteractionRequiredAuthErrorCodes.mjs +3 -3
  114. package/dist-browser/error/InteractionRequiredAuthErrorCodes.mjs.map +1 -1
  115. package/dist-browser/error/JoseHeaderError.mjs +1 -1
  116. package/dist-browser/error/JoseHeaderErrorCodes.mjs +1 -1
  117. package/dist-browser/error/NetworkError.mjs +1 -1
  118. package/dist-browser/error/PlatformBrokerError.mjs +1 -1
  119. package/dist-browser/error/ServerError.mjs +1 -1
  120. package/dist-browser/index-browser.mjs +1 -1
  121. package/dist-browser/index.mjs +1 -1
  122. package/dist-browser/log-strings-mapping.json +2 -2
  123. package/dist-browser/logger/Logger.mjs +1 -1
  124. package/dist-browser/network/INetworkModule.mjs +1 -1
  125. package/dist-browser/network/RequestThumbprint.mjs +1 -1
  126. package/dist-browser/network/ThrottlingUtils.mjs +1 -1
  127. package/dist-browser/packageMetadata.mjs +2 -2
  128. package/dist-browser/protocol/Authorize.mjs +1 -1
  129. package/dist-browser/protocol/Token.mjs +1 -1
  130. package/dist-browser/request/AuthenticationHeaderParser.mjs +1 -1
  131. package/dist-browser/request/BaseAuthRequest.mjs +1 -1
  132. package/dist-browser/request/RequestParameterBuilder.mjs +1 -1
  133. package/dist-browser/request/ScopeSet.mjs +1 -1
  134. package/dist-browser/response/ResponseHandler.mjs +1 -1
  135. package/dist-browser/telemetry/performance/PerformanceClient.mjs +1 -1
  136. package/dist-browser/telemetry/performance/PerformanceEvent.mjs +1 -1
  137. package/dist-browser/telemetry/performance/PerformanceEvents.mjs +1 -1
  138. package/dist-browser/telemetry/performance/StubPerformanceClient.mjs +1 -1
  139. package/dist-browser/telemetry/server/ServerTelemetryManager.mjs +1 -1
  140. package/dist-browser/url/UrlString.mjs +1 -1
  141. package/dist-browser/utils/ClientAssertionUtils.mjs +1 -1
  142. package/dist-browser/utils/Constants.mjs +1 -1
  143. package/dist-browser/utils/FunctionWrappers.mjs +1 -1
  144. package/dist-browser/utils/ProtocolUtils.mjs +1 -1
  145. package/dist-browser/utils/StringUtils.mjs +1 -1
  146. package/dist-browser/utils/TimeUtils.mjs +1 -1
  147. package/dist-browser/utils/UrlUtils.mjs +1 -1
  148. package/lib/index-browser.cjs +2 -2
  149. package/lib/{index-node-9_Gz5QUk.js → index-node-DHSwXao8.js} +27 -14
  150. package/lib/index-node-DHSwXao8.js.map +1 -0
  151. package/lib/index-node.cjs +2 -2
  152. package/lib/index.cjs +2 -2
  153. package/package.json +1 -1
  154. package/src/authority/Authority.ts +20 -5
  155. package/src/cache/CacheManager.ts +5 -10
  156. package/src/error/InteractionRequiredAuthError.ts +2 -2
  157. package/src/error/InteractionRequiredAuthErrorCodes.ts +1 -2
  158. package/src/packageMetadata.ts +1 -1
  159. package/types/authority/Authority.d.ts +5 -1
  160. package/types/authority/Authority.d.ts.map +1 -1
  161. package/types/cache/CacheManager.d.ts.map +1 -1
  162. package/types/error/InteractionRequiredAuthErrorCodes.d.ts +1 -1
  163. package/types/error/InteractionRequiredAuthErrorCodes.d.ts.map +1 -1
  164. package/types/packageMetadata.d.ts +1 -1
  165. package/lib/index-node-9_Gz5QUk.js.map +0 -1
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v16.6.2 2026-05-19 */
1
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2
2
  'use strict';
3
3
  import { RESOURCE_DELIM } from './Constants.mjs';
4
4
  import { createClientAuthError } from '../error/ClientAuthError.mjs';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v16.6.2 2026-05-19 */
1
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v16.6.2 2026-05-19 */
1
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v16.6.2 2026-05-19 */
1
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2
2
  'use strict';
3
3
  import { createClientAuthError } from '../error/ClientAuthError.mjs';
4
4
  import { StringUtils } from './StringUtils.mjs';
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-common v16.6.2 2026-05-19 */
1
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
5
- var indexNode = require('./index-node-9_Gz5QUk.js');
5
+ var indexNode = require('./index-node-DHSwXao8.js');
6
6
 
7
7
  /*
8
8
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v16.6.2 2026-05-19 */
1
+ /*! @azure/msal-common v16.7.0 2026-06-05 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
@@ -2410,7 +2410,7 @@ class Authority {
2410
2410
  }
2411
2411
  }
2412
2412
  // If cloudDiscoveryMetadata is empty or does not contain the host, check knownAuthorities
2413
- if (this.isInKnownAuthorities()) {
2413
+ if (this.isInKnownAuthorities(this.hostnameAndPort)) {
2414
2414
  this.logger.verbose("The host is included in knownAuthorities. Creating new cloud discovery metadata from the host.", this.correlationId);
2415
2415
  return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);
2416
2416
  }
@@ -2478,13 +2478,14 @@ class Authority {
2478
2478
  return match;
2479
2479
  }
2480
2480
  /**
2481
- * Helper function to determine if this host is included in the knownAuthorities config option
2481
+ * Helper function to determine if a host is included in the knownAuthorities config option.
2482
2482
  */
2483
- isInKnownAuthorities() {
2483
+ isInKnownAuthorities(host) {
2484
+ const normalizedHost = host.toLowerCase();
2484
2485
  const matches = this.authorityOptions.knownAuthorities.filter((authority) => {
2485
2486
  return (authority &&
2486
2487
  UrlString.getDomainFromUrl(authority).toLowerCase() ===
2487
- this.hostnameAndPort);
2488
+ normalizedHost);
2488
2489
  });
2489
2490
  return matches.length > 0;
2490
2491
  }
@@ -2561,6 +2562,10 @@ class Authority {
2561
2562
  * 4. Same as (2), but the issuer host matches the CIAM tenant pattern
2562
2563
  * `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
2563
2564
  * path.
2565
+ * 5. The issuer host is HTTPS and is explicitly listed in the
2566
+ * developer-configured `knownAuthorities`. This covers scenarios where
2567
+ * the OIDC discovery document returns an issuer host that differs from
2568
+ * the authority (e.g., a GUID-based issuer for a name-based CIAM authority).
2564
2569
  *
2565
2570
  * @param issuer The `issuer` value returned in the OIDC discovery document.
2566
2571
  * @throws ClientConfigurationError("issuer_validation_failed") on failure.
@@ -2597,11 +2602,19 @@ class Authority {
2597
2602
  * have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
2598
2603
  */
2599
2604
  const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
2605
+ /*
2606
+ * Rule 5: The issuer host is explicitly listed in the developer-configured
2607
+ * knownAuthorities. This covers scenarios where the OIDC discovery document
2608
+ * returns an issuer with a different host than the authority
2609
+ * (e.g., a GUID-based issuer for a name-based authority).
2610
+ */
2611
+ const matchesKnownAuthority = issuerScheme === "https:" && this.isInKnownAuthorities(issuerHost);
2600
2612
  // Each rule is an independent boolean; the issuer is valid if ANY rule matches.
2601
2613
  if (matchesAuthorityOrigin ||
2602
2614
  matchesKnownMicrosoftHost ||
2603
2615
  matchesRegionalMicrosoftHost ||
2604
- matchesCiamTenantPattern) {
2616
+ matchesCiamTenantPattern ||
2617
+ matchesKnownAuthority) {
2605
2618
  return;
2606
2619
  }
2607
2620
  // issuer validation fails if none of the above rules are satisfied
@@ -4413,7 +4426,7 @@ class Logger {
4413
4426
 
4414
4427
  /* eslint-disable header/header */
4415
4428
  const name = "@azure/msal-common";
4416
- const version = "16.6.2";
4429
+ const version = "16.7.0";
4417
4430
 
4418
4431
  /*
4419
4432
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4602,8 +4615,8 @@ class CacheManager {
4602
4615
  return false;
4603
4616
  }
4604
4617
  if (!!tenantProfileFilter.username &&
4605
- !(this.matchUsername(tenantProfile.username, tenantProfileFilter.username) ||
4606
- !this.matchUsername(tenantProfile.upn, tenantProfileFilter.username))) {
4618
+ !this.matchUsername(tenantProfile.username, tenantProfileFilter.username) &&
4619
+ !this.matchUsername(tenantProfile.upn, tenantProfileFilter.username)) {
4607
4620
  return false;
4608
4621
  }
4609
4622
  if (!!tenantProfileFilter.loginHint &&
@@ -5918,7 +5931,7 @@ const refreshTokenExpired = "refresh_token_expired";
5918
5931
  * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
5919
5932
  * @public
5920
5933
  */
5921
- const uxNotAllowed = "ux_not_allowed";
5934
+ const uiNotAllowed = "ui_not_allowed";
5922
5935
  /**
5923
5936
  * Server-originated error code indicating interaction is required to complete the request.
5924
5937
  * @public
@@ -5955,7 +5968,7 @@ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
5955
5968
  nativeAccountUnavailable: nativeAccountUnavailable,
5956
5969
  noTokensFound: noTokensFound,
5957
5970
  refreshTokenExpired: refreshTokenExpired,
5958
- uxNotAllowed: uxNotAllowed
5971
+ uiNotAllowed: uiNotAllowed
5959
5972
  });
5960
5973
 
5961
5974
  /*
@@ -5970,7 +5983,7 @@ const InteractionRequiredServerErrorMessage = [
5970
5983
  consentRequired,
5971
5984
  loginRequired,
5972
5985
  badToken,
5973
- uxNotAllowed,
5986
+ uiNotAllowed,
5974
5987
  interruptedUser,
5975
5988
  ];
5976
5989
  const InteractionRequiredAuthSubErrorMessage = [
@@ -5980,7 +5993,7 @@ const InteractionRequiredAuthSubErrorMessage = [
5980
5993
  "user_password_expired",
5981
5994
  "consent_required",
5982
5995
  "bad_token",
5983
- "ux_not_allowed",
5996
+ "ui_not_allowed",
5984
5997
  "interrupted_user",
5985
5998
  ];
5986
5999
  /**
@@ -8041,4 +8054,4 @@ exports.invokeAsync = invokeAsync;
8041
8054
  exports.tenantIdMatchesHomeTenant = tenantIdMatchesHomeTenant;
8042
8055
  exports.updateAccountTenantProfileData = updateAccountTenantProfileData;
8043
8056
  exports.version = version;
8044
- //# sourceMappingURL=index-node-9_Gz5QUk.js.map
8057
+ //# sourceMappingURL=index-node-DHSwXao8.js.map