@azure/msal-common 16.9.0 → 16.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (383) hide show
  1. package/dist/account/AccountInfo.mjs +9 -3
  2. package/dist/account/AccountInfo.mjs.map +1 -1
  3. package/dist/account/AuthToken.mjs +9 -23
  4. package/dist/account/AuthToken.mjs.map +1 -1
  5. package/dist/account/CcsCredential.mjs +1 -1
  6. package/dist/account/CcsCredential.mjs.map +1 -1
  7. package/dist/account/ClientInfo.mjs +4 -4
  8. package/dist/account/ClientInfo.mjs.map +1 -1
  9. package/dist/account/TokenClaims.mjs +1 -1
  10. package/dist/account/TokenClaims.mjs.map +1 -1
  11. package/dist/authority/Authority.mjs +36 -37
  12. package/dist/authority/Authority.mjs.map +1 -1
  13. package/dist/authority/AuthorityFactory.mjs +3 -3
  14. package/dist/authority/AuthorityFactory.mjs.map +1 -1
  15. package/dist/authority/AuthorityMetadata.mjs +2 -2
  16. package/dist/authority/AuthorityMetadata.mjs.map +1 -1
  17. package/dist/authority/AuthorityOptions.mjs +1 -1
  18. package/dist/authority/AuthorityOptions.mjs.map +1 -1
  19. package/dist/authority/AuthorityType.mjs +1 -1
  20. package/dist/authority/AuthorityType.mjs.map +1 -1
  21. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  22. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  23. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  24. package/dist/authority/ProtocolMode.mjs +1 -1
  25. package/dist/authority/ProtocolMode.mjs.map +1 -1
  26. package/dist/authority/RegionDiscovery.mjs +16 -10
  27. package/dist/authority/RegionDiscovery.mjs.map +1 -1
  28. package/dist/cache/CacheManager.mjs +62 -46
  29. package/dist/cache/CacheManager.mjs.map +1 -1
  30. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  31. package/dist/cache/persistence/TokenCacheContext.mjs.map +1 -1
  32. package/dist/cache/utils/AccountEntityUtils.mjs +18 -8
  33. package/dist/cache/utils/AccountEntityUtils.mjs.map +1 -1
  34. package/dist/cache/utils/CacheHelpers.mjs +10 -5
  35. package/dist/cache/utils/CacheHelpers.mjs.map +1 -1
  36. package/dist/client/AuthorizationCodeClient.mjs +7 -7
  37. package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
  38. package/dist/client/RefreshTokenClient.mjs +8 -8
  39. package/dist/client/RefreshTokenClient.mjs.map +1 -1
  40. package/dist/client/SilentFlowClient.mjs +10 -18
  41. package/dist/client/SilentFlowClient.mjs.map +1 -1
  42. package/dist/config/ClientConfiguration.mjs +3 -3
  43. package/dist/config/ClientConfiguration.mjs.map +1 -1
  44. package/dist/constants/AADServerParamKeys.mjs +7 -3
  45. package/dist/constants/AADServerParamKeys.mjs.map +1 -1
  46. package/dist/crypto/ICrypto.mjs +11 -11
  47. package/dist/crypto/ICrypto.mjs.map +1 -1
  48. package/dist/crypto/JoseHeader.mjs +3 -3
  49. package/dist/crypto/JoseHeader.mjs.map +1 -1
  50. package/dist/crypto/PopTokenGenerator.mjs +2 -2
  51. package/dist/crypto/PopTokenGenerator.mjs.map +1 -1
  52. package/dist/error/AuthError.mjs +5 -7
  53. package/dist/error/AuthError.mjs.map +1 -1
  54. package/dist/error/AuthErrorCodes.mjs +1 -1
  55. package/dist/error/CacheError.mjs +1 -1
  56. package/dist/error/CacheError.mjs.map +1 -1
  57. package/dist/error/CacheErrorCodes.mjs +1 -1
  58. package/dist/error/ClientAuthError.mjs +5 -5
  59. package/dist/error/ClientAuthError.mjs.map +1 -1
  60. package/dist/error/ClientAuthErrorCodes.mjs +2 -4
  61. package/dist/error/ClientAuthErrorCodes.mjs.map +1 -1
  62. package/dist/error/ClientConfigurationError.mjs +5 -5
  63. package/dist/error/ClientConfigurationError.mjs.map +1 -1
  64. package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
  65. package/dist/error/InteractionRequiredAuthError.mjs +5 -6
  66. package/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
  67. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  68. package/dist/error/JoseHeaderError.mjs +5 -5
  69. package/dist/error/JoseHeaderError.mjs.map +1 -1
  70. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  71. package/dist/error/NetworkError.mjs +2 -2
  72. package/dist/error/NetworkError.mjs.map +1 -1
  73. package/dist/error/PlatformBrokerError.mjs +3 -3
  74. package/dist/error/PlatformBrokerError.mjs.map +1 -1
  75. package/dist/error/ServerError.mjs +3 -3
  76. package/dist/error/ServerError.mjs.map +1 -1
  77. package/dist/index-node.mjs +53 -53
  78. package/dist/index.mjs +59 -59
  79. package/dist/logger/Logger.mjs +1 -1
  80. package/dist/logger/Logger.mjs.map +1 -1
  81. package/dist/network/INetworkModule.mjs +4 -3
  82. package/dist/network/INetworkModule.mjs.map +1 -1
  83. package/dist/network/RequestThumbprint.mjs +1 -1
  84. package/dist/network/ThrottlingUtils.mjs +2 -2
  85. package/dist/network/ThrottlingUtils.mjs.map +1 -1
  86. package/dist/packageMetadata.mjs +2 -2
  87. package/dist/protocol/Authorize.mjs +16 -14
  88. package/dist/protocol/Authorize.mjs.map +1 -1
  89. package/dist/protocol/Token.mjs +2 -2
  90. package/dist/protocol/Token.mjs.map +1 -1
  91. package/dist/request/AuthenticationHeaderParser.mjs +4 -4
  92. package/dist/request/AuthenticationHeaderParser.mjs.map +1 -1
  93. package/dist/request/BaseAuthRequest.mjs +3 -3
  94. package/dist/request/BaseAuthRequest.mjs.map +1 -1
  95. package/dist/request/RequestParameterBuilder.mjs +51 -33
  96. package/dist/request/RequestParameterBuilder.mjs.map +1 -1
  97. package/dist/request/ScopeSet.mjs +13 -12
  98. package/dist/request/ScopeSet.mjs.map +1 -1
  99. package/dist/response/ResponseHandler.mjs +29 -27
  100. package/dist/response/ResponseHandler.mjs.map +1 -1
  101. package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
  102. package/dist/telemetry/performance/PerformanceClient.mjs.map +1 -1
  103. package/dist/telemetry/performance/PerformanceEvent.mjs +1 -1
  104. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  105. package/dist/telemetry/performance/PerformanceEvents.mjs +1 -1
  106. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  107. package/dist/telemetry/performance/StubPerformanceClient.mjs.map +1 -1
  108. package/dist/telemetry/server/ServerTelemetryManager.mjs +2 -2
  109. package/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
  110. package/dist/url/UrlString.mjs +15 -14
  111. package/dist/url/UrlString.mjs.map +1 -1
  112. package/dist/utils/ClientAssertionUtils.mjs +3 -2
  113. package/dist/utils/ClientAssertionUtils.mjs.map +1 -1
  114. package/dist/utils/Constants.mjs +7 -3
  115. package/dist/utils/Constants.mjs.map +1 -1
  116. package/dist/utils/FunctionWrappers.mjs +1 -1
  117. package/dist/utils/FunctionWrappers.mjs.map +1 -1
  118. package/dist/utils/ProtocolUtils.mjs +12 -9
  119. package/dist/utils/ProtocolUtils.mjs.map +1 -1
  120. package/dist/utils/StringUtils.mjs +1 -1
  121. package/dist/utils/StringUtils.mjs.map +1 -1
  122. package/dist/utils/TimeUtils.mjs +1 -1
  123. package/dist/utils/TimeUtils.mjs.map +1 -1
  124. package/dist/utils/UrlUtils.mjs +4 -4
  125. package/dist/utils/UrlUtils.mjs.map +1 -1
  126. package/dist-browser/account/AccountInfo.mjs +9 -3
  127. package/dist-browser/account/AccountInfo.mjs.map +1 -1
  128. package/dist-browser/account/AuthToken.mjs +9 -23
  129. package/dist-browser/account/AuthToken.mjs.map +1 -1
  130. package/dist-browser/account/CcsCredential.mjs +1 -1
  131. package/dist-browser/account/CcsCredential.mjs.map +1 -1
  132. package/dist-browser/account/ClientInfo.mjs +4 -4
  133. package/dist-browser/account/ClientInfo.mjs.map +1 -1
  134. package/dist-browser/account/TokenClaims.mjs +1 -1
  135. package/dist-browser/account/TokenClaims.mjs.map +1 -1
  136. package/dist-browser/authority/Authority.mjs +36 -37
  137. package/dist-browser/authority/Authority.mjs.map +1 -1
  138. package/dist-browser/authority/AuthorityFactory.mjs +3 -3
  139. package/dist-browser/authority/AuthorityFactory.mjs.map +1 -1
  140. package/dist-browser/authority/AuthorityMetadata.mjs +2 -2
  141. package/dist-browser/authority/AuthorityMetadata.mjs.map +1 -1
  142. package/dist-browser/authority/AuthorityOptions.mjs +1 -1
  143. package/dist-browser/authority/AuthorityOptions.mjs.map +1 -1
  144. package/dist-browser/authority/AuthorityType.mjs +1 -1
  145. package/dist-browser/authority/AuthorityType.mjs.map +1 -1
  146. package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  147. package/dist-browser/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  148. package/dist-browser/authority/OpenIdConfigResponse.mjs +1 -1
  149. package/dist-browser/authority/ProtocolMode.mjs +1 -1
  150. package/dist-browser/authority/ProtocolMode.mjs.map +1 -1
  151. package/dist-browser/authority/RegionDiscovery.mjs +16 -10
  152. package/dist-browser/authority/RegionDiscovery.mjs.map +1 -1
  153. package/dist-browser/cache/CacheManager.mjs +62 -46
  154. package/dist-browser/cache/CacheManager.mjs.map +1 -1
  155. package/dist-browser/cache/persistence/TokenCacheContext.mjs +1 -1
  156. package/dist-browser/cache/persistence/TokenCacheContext.mjs.map +1 -1
  157. package/dist-browser/cache/utils/AccountEntityUtils.mjs +18 -8
  158. package/dist-browser/cache/utils/AccountEntityUtils.mjs.map +1 -1
  159. package/dist-browser/cache/utils/CacheHelpers.mjs +10 -5
  160. package/dist-browser/cache/utils/CacheHelpers.mjs.map +1 -1
  161. package/dist-browser/client/AuthorizationCodeClient.mjs +7 -7
  162. package/dist-browser/client/AuthorizationCodeClient.mjs.map +1 -1
  163. package/dist-browser/client/RefreshTokenClient.mjs +8 -8
  164. package/dist-browser/client/RefreshTokenClient.mjs.map +1 -1
  165. package/dist-browser/client/SilentFlowClient.mjs +10 -18
  166. package/dist-browser/client/SilentFlowClient.mjs.map +1 -1
  167. package/dist-browser/config/ClientConfiguration.mjs +3 -3
  168. package/dist-browser/config/ClientConfiguration.mjs.map +1 -1
  169. package/dist-browser/constants/AADServerParamKeys.mjs +7 -3
  170. package/dist-browser/constants/AADServerParamKeys.mjs.map +1 -1
  171. package/dist-browser/crypto/ICrypto.mjs +11 -11
  172. package/dist-browser/crypto/ICrypto.mjs.map +1 -1
  173. package/dist-browser/crypto/JoseHeader.mjs +3 -3
  174. package/dist-browser/crypto/JoseHeader.mjs.map +1 -1
  175. package/dist-browser/crypto/PopTokenGenerator.mjs +2 -2
  176. package/dist-browser/crypto/PopTokenGenerator.mjs.map +1 -1
  177. package/dist-browser/error/AuthError.mjs +5 -7
  178. package/dist-browser/error/AuthError.mjs.map +1 -1
  179. package/dist-browser/error/AuthErrorCodes.mjs +1 -1
  180. package/dist-browser/error/CacheError.mjs +1 -1
  181. package/dist-browser/error/CacheError.mjs.map +1 -1
  182. package/dist-browser/error/CacheErrorCodes.mjs +1 -1
  183. package/dist-browser/error/ClientAuthError.mjs +5 -5
  184. package/dist-browser/error/ClientAuthError.mjs.map +1 -1
  185. package/dist-browser/error/ClientAuthErrorCodes.mjs +2 -4
  186. package/dist-browser/error/ClientAuthErrorCodes.mjs.map +1 -1
  187. package/dist-browser/error/ClientConfigurationError.mjs +5 -5
  188. package/dist-browser/error/ClientConfigurationError.mjs.map +1 -1
  189. package/dist-browser/error/ClientConfigurationErrorCodes.mjs +1 -1
  190. package/dist-browser/error/InteractionRequiredAuthError.mjs +5 -6
  191. package/dist-browser/error/InteractionRequiredAuthError.mjs.map +1 -1
  192. package/dist-browser/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  193. package/dist-browser/error/JoseHeaderError.mjs +5 -5
  194. package/dist-browser/error/JoseHeaderError.mjs.map +1 -1
  195. package/dist-browser/error/JoseHeaderErrorCodes.mjs +1 -1
  196. package/dist-browser/error/NetworkError.mjs +2 -2
  197. package/dist-browser/error/NetworkError.mjs.map +1 -1
  198. package/dist-browser/error/PlatformBrokerError.mjs +3 -3
  199. package/dist-browser/error/PlatformBrokerError.mjs.map +1 -1
  200. package/dist-browser/error/ServerError.mjs +3 -3
  201. package/dist-browser/error/ServerError.mjs.map +1 -1
  202. package/dist-browser/index-browser.mjs +55 -55
  203. package/dist-browser/index.mjs +59 -59
  204. package/dist-browser/log-strings-mapping.json +2 -2
  205. package/dist-browser/logger/Logger.mjs +1 -1
  206. package/dist-browser/logger/Logger.mjs.map +1 -1
  207. package/dist-browser/network/INetworkModule.mjs +4 -3
  208. package/dist-browser/network/INetworkModule.mjs.map +1 -1
  209. package/dist-browser/network/RequestThumbprint.mjs +1 -1
  210. package/dist-browser/network/ThrottlingUtils.mjs +2 -2
  211. package/dist-browser/network/ThrottlingUtils.mjs.map +1 -1
  212. package/dist-browser/packageMetadata.mjs +2 -2
  213. package/dist-browser/protocol/Authorize.mjs +16 -14
  214. package/dist-browser/protocol/Authorize.mjs.map +1 -1
  215. package/dist-browser/protocol/Token.mjs +2 -2
  216. package/dist-browser/protocol/Token.mjs.map +1 -1
  217. package/dist-browser/request/AuthenticationHeaderParser.mjs +4 -4
  218. package/dist-browser/request/AuthenticationHeaderParser.mjs.map +1 -1
  219. package/dist-browser/request/BaseAuthRequest.mjs +3 -3
  220. package/dist-browser/request/BaseAuthRequest.mjs.map +1 -1
  221. package/dist-browser/request/RequestParameterBuilder.mjs +51 -33
  222. package/dist-browser/request/RequestParameterBuilder.mjs.map +1 -1
  223. package/dist-browser/request/ScopeSet.mjs +13 -12
  224. package/dist-browser/request/ScopeSet.mjs.map +1 -1
  225. package/dist-browser/response/ResponseHandler.mjs +29 -27
  226. package/dist-browser/response/ResponseHandler.mjs.map +1 -1
  227. package/dist-browser/telemetry/performance/PerformanceClient.mjs +1 -1
  228. package/dist-browser/telemetry/performance/PerformanceClient.mjs.map +1 -1
  229. package/dist-browser/telemetry/performance/PerformanceEvent.mjs +1 -1
  230. package/dist-browser/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  231. package/dist-browser/telemetry/performance/PerformanceEvents.mjs +1 -1
  232. package/dist-browser/telemetry/performance/StubPerformanceClient.mjs +1 -1
  233. package/dist-browser/telemetry/performance/StubPerformanceClient.mjs.map +1 -1
  234. package/dist-browser/telemetry/server/ServerTelemetryManager.mjs +2 -2
  235. package/dist-browser/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
  236. package/dist-browser/url/UrlString.mjs +15 -14
  237. package/dist-browser/url/UrlString.mjs.map +1 -1
  238. package/dist-browser/utils/ClientAssertionUtils.mjs +3 -2
  239. package/dist-browser/utils/ClientAssertionUtils.mjs.map +1 -1
  240. package/dist-browser/utils/Constants.mjs +7 -3
  241. package/dist-browser/utils/Constants.mjs.map +1 -1
  242. package/dist-browser/utils/FunctionWrappers.mjs +1 -1
  243. package/dist-browser/utils/FunctionWrappers.mjs.map +1 -1
  244. package/dist-browser/utils/ProtocolUtils.mjs +12 -9
  245. package/dist-browser/utils/ProtocolUtils.mjs.map +1 -1
  246. package/dist-browser/utils/StringUtils.mjs +1 -1
  247. package/dist-browser/utils/StringUtils.mjs.map +1 -1
  248. package/dist-browser/utils/TimeUtils.mjs +1 -1
  249. package/dist-browser/utils/TimeUtils.mjs.map +1 -1
  250. package/dist-browser/utils/UrlUtils.mjs +4 -4
  251. package/dist-browser/utils/UrlUtils.mjs.map +1 -1
  252. package/lib/index-browser.cjs +8 -8
  253. package/lib/index-browser.cjs.map +1 -1
  254. package/lib/{index-node-CcOYLhxB.js → index-node-BSFEsmmC.js} +364 -312
  255. package/lib/index-node-BSFEsmmC.js.map +1 -0
  256. package/lib/index-node.cjs +2 -2
  257. package/lib/index.cjs +2 -2
  258. package/package.json +1 -1
  259. package/src/account/AccountInfo.ts +19 -1
  260. package/src/account/AuthToken.ts +19 -21
  261. package/src/account/ClientCredentials.ts +1 -0
  262. package/src/account/ClientInfo.ts +8 -3
  263. package/src/authority/Authority.ts +72 -37
  264. package/src/authority/AuthorityFactory.ts +4 -2
  265. package/src/authority/AuthorityMetadata.ts +2 -1
  266. package/src/authority/RegionDiscovery.ts +18 -11
  267. package/src/cache/CacheManager.ts +160 -57
  268. package/src/cache/entities/AccountEntity.ts +4 -0
  269. package/src/cache/entities/CredentialEntity.ts +2 -0
  270. package/src/cache/utils/AccountEntityUtils.ts +23 -3
  271. package/src/cache/utils/CacheHelpers.ts +15 -3
  272. package/src/cache/utils/CacheTypes.ts +2 -0
  273. package/src/client/AuthorizationCodeClient.ts +10 -4
  274. package/src/client/RefreshTokenClient.ts +12 -5
  275. package/src/client/SilentFlowClient.ts +17 -20
  276. package/src/config/ClientConfiguration.ts +8 -2
  277. package/src/constants/AADServerParamKeys.ts +5 -0
  278. package/src/crypto/ICrypto.ts +40 -10
  279. package/src/crypto/JoseHeader.ts +8 -2
  280. package/src/crypto/PopTokenGenerator.ts +1 -1
  281. package/src/error/AuthError.ts +9 -5
  282. package/src/error/ClientAuthError.ts +8 -3
  283. package/src/error/ClientAuthErrorCodes.ts +0 -2
  284. package/src/error/ClientConfigurationError.ts +5 -4
  285. package/src/error/InteractionRequiredAuthError.ts +9 -5
  286. package/src/error/JoseHeaderError.ts +11 -4
  287. package/src/error/NetworkError.ts +6 -1
  288. package/src/error/PlatformBrokerError.ts +2 -1
  289. package/src/error/ServerError.ts +3 -2
  290. package/src/network/INetworkModule.ts +3 -2
  291. package/src/network/ThrottlingUtils.ts +1 -0
  292. package/src/packageMetadata.ts +1 -1
  293. package/src/protocol/Authorize.ts +21 -6
  294. package/src/protocol/Token.ts +4 -1
  295. package/src/request/AuthenticationHeaderParser.ts +6 -3
  296. package/src/request/BaseAuthRequest.ts +8 -2
  297. package/src/request/RequestParameterBuilder.ts +66 -43
  298. package/src/request/ScopeSet.ts +27 -11
  299. package/src/response/ImdsComputeResponse.ts +14 -0
  300. package/src/response/ResponseHandler.ts +45 -32
  301. package/src/url/UrlString.ts +32 -13
  302. package/src/utils/ClientAssertionUtils.ts +3 -1
  303. package/src/utils/Constants.ts +6 -3
  304. package/src/utils/ProtocolUtils.ts +26 -8
  305. package/src/utils/UrlUtils.ts +8 -3
  306. package/types/account/AccountInfo.d.ts +8 -2
  307. package/types/account/AccountInfo.d.ts.map +1 -1
  308. package/types/account/AuthToken.d.ts +2 -6
  309. package/types/account/AuthToken.d.ts.map +1 -1
  310. package/types/account/ClientCredentials.d.ts +1 -0
  311. package/types/account/ClientCredentials.d.ts.map +1 -1
  312. package/types/account/ClientInfo.d.ts.map +1 -1
  313. package/types/authority/Authority.d.ts +4 -4
  314. package/types/authority/Authority.d.ts.map +1 -1
  315. package/types/authority/AuthorityFactory.d.ts.map +1 -1
  316. package/types/authority/AuthorityMetadata.d.ts.map +1 -1
  317. package/types/authority/RegionDiscovery.d.ts +3 -2
  318. package/types/authority/RegionDiscovery.d.ts.map +1 -1
  319. package/types/cache/CacheManager.d.ts +0 -7
  320. package/types/cache/CacheManager.d.ts.map +1 -1
  321. package/types/cache/entities/AccountEntity.d.ts +4 -0
  322. package/types/cache/entities/AccountEntity.d.ts.map +1 -1
  323. package/types/cache/entities/CredentialEntity.d.ts +2 -0
  324. package/types/cache/entities/CredentialEntity.d.ts.map +1 -1
  325. package/types/cache/utils/AccountEntityUtils.d.ts +1 -1
  326. package/types/cache/utils/AccountEntityUtils.d.ts.map +1 -1
  327. package/types/cache/utils/CacheHelpers.d.ts +1 -1
  328. package/types/cache/utils/CacheHelpers.d.ts.map +1 -1
  329. package/types/cache/utils/CacheTypes.d.ts +2 -1
  330. package/types/cache/utils/CacheTypes.d.ts.map +1 -1
  331. package/types/client/AuthorizationCodeClient.d.ts.map +1 -1
  332. package/types/client/RefreshTokenClient.d.ts.map +1 -1
  333. package/types/client/SilentFlowClient.d.ts.map +1 -1
  334. package/types/config/ClientConfiguration.d.ts.map +1 -1
  335. package/types/constants/AADServerParamKeys.d.ts +4 -0
  336. package/types/constants/AADServerParamKeys.d.ts.map +1 -1
  337. package/types/crypto/ICrypto.d.ts.map +1 -1
  338. package/types/crypto/JoseHeader.d.ts.map +1 -1
  339. package/types/error/AuthError.d.ts +2 -3
  340. package/types/error/AuthError.d.ts.map +1 -1
  341. package/types/error/ClientAuthError.d.ts +2 -2
  342. package/types/error/ClientAuthError.d.ts.map +1 -1
  343. package/types/error/ClientAuthErrorCodes.d.ts +0 -2
  344. package/types/error/ClientAuthErrorCodes.d.ts.map +1 -1
  345. package/types/error/ClientConfigurationError.d.ts +2 -2
  346. package/types/error/ClientConfigurationError.d.ts.map +1 -1
  347. package/types/error/InteractionRequiredAuthError.d.ts +2 -2
  348. package/types/error/InteractionRequiredAuthError.d.ts.map +1 -1
  349. package/types/error/JoseHeaderError.d.ts +2 -2
  350. package/types/error/JoseHeaderError.d.ts.map +1 -1
  351. package/types/error/NetworkError.d.ts.map +1 -1
  352. package/types/error/PlatformBrokerError.d.ts +1 -1
  353. package/types/error/PlatformBrokerError.d.ts.map +1 -1
  354. package/types/error/ServerError.d.ts +1 -1
  355. package/types/error/ServerError.d.ts.map +1 -1
  356. package/types/network/INetworkModule.d.ts.map +1 -1
  357. package/types/network/ThrottlingUtils.d.ts.map +1 -1
  358. package/types/packageMetadata.d.ts +1 -1
  359. package/types/packageMetadata.d.ts.map +1 -1
  360. package/types/protocol/Authorize.d.ts +4 -2
  361. package/types/protocol/Authorize.d.ts.map +1 -1
  362. package/types/protocol/Token.d.ts.map +1 -1
  363. package/types/request/AuthenticationHeaderParser.d.ts.map +1 -1
  364. package/types/request/BaseAuthRequest.d.ts +4 -0
  365. package/types/request/BaseAuthRequest.d.ts.map +1 -1
  366. package/types/request/RequestParameterBuilder.d.ts +12 -3
  367. package/types/request/RequestParameterBuilder.d.ts.map +1 -1
  368. package/types/request/ScopeSet.d.ts +4 -3
  369. package/types/request/ScopeSet.d.ts.map +1 -1
  370. package/types/response/ImdsComputeResponse.d.ts +10 -0
  371. package/types/response/ImdsComputeResponse.d.ts.map +1 -0
  372. package/types/response/ResponseHandler.d.ts +1 -1
  373. package/types/response/ResponseHandler.d.ts.map +1 -1
  374. package/types/url/UrlString.d.ts +5 -4
  375. package/types/url/UrlString.d.ts.map +1 -1
  376. package/types/utils/ClientAssertionUtils.d.ts +1 -1
  377. package/types/utils/ClientAssertionUtils.d.ts.map +1 -1
  378. package/types/utils/Constants.d.ts +6 -2
  379. package/types/utils/Constants.d.ts.map +1 -1
  380. package/types/utils/ProtocolUtils.d.ts +6 -3
  381. package/types/utils/ProtocolUtils.d.ts.map +1 -1
  382. package/types/utils/UrlUtils.d.ts.map +1 -1
  383. package/lib/index-node-CcOYLhxB.js.map +0 -1
@@ -402,7 +402,8 @@ export abstract class CacheManager implements ICacheManager {
402
402
  if (idToken) {
403
403
  idTokenClaims = extractTokenClaims(
404
404
  idToken.secret,
405
- this.cryptoImpl.base64Decode
405
+ this.cryptoImpl.base64Decode,
406
+ correlationId
406
407
  );
407
408
 
408
409
  if (
@@ -525,6 +526,14 @@ export abstract class CacheManager implements ICacheManager {
525
526
  return false;
526
527
  }
527
528
 
529
+ if (
530
+ !!tenantProfileFilter.nativeAccountId &&
531
+ tenantProfile.nativeAccountId !==
532
+ tenantProfileFilter.nativeAccountId
533
+ ) {
534
+ return false;
535
+ }
536
+
528
537
  return true;
529
538
  }
530
539
 
@@ -601,7 +610,8 @@ export abstract class CacheManager implements ICacheManager {
601
610
  ): Promise<void> {
602
611
  if (!cacheRecord) {
603
612
  throw createClientAuthError(
604
- ClientAuthErrorCodes.invalidCacheRecord
613
+ ClientAuthErrorCodes.invalidCacheRecord,
614
+ correlationId
605
615
  );
606
616
  }
607
617
 
@@ -680,7 +690,10 @@ export abstract class CacheManager implements ICacheManager {
680
690
  };
681
691
 
682
692
  const tokenKeys = this.getTokenKeys();
683
- const currentScopes = ScopeSet.fromString(credential.target);
693
+ const currentScopes = ScopeSet.fromString(
694
+ credential.target,
695
+ correlationId
696
+ );
684
697
 
685
698
  tokenKeys.accessToken.forEach((key) => {
686
699
  if (
@@ -702,7 +715,10 @@ export abstract class CacheManager implements ICacheManager {
702
715
  correlationId
703
716
  )
704
717
  ) {
705
- const tokenScopeSet = ScopeSet.fromString(tokenEntity.target);
718
+ const tokenScopeSet = ScopeSet.fromString(
719
+ tokenEntity.target,
720
+ correlationId
721
+ );
706
722
  if (tokenScopeSet.intersectingScopeSets(currentScopes)) {
707
723
  this.removeAccessToken(key, correlationId);
708
724
  }
@@ -759,16 +775,6 @@ export abstract class CacheManager implements ICacheManager {
759
775
  return;
760
776
  }
761
777
 
762
- if (
763
- !!accountFilter.nativeAccountId &&
764
- !this.matchNativeAccountId(
765
- entity,
766
- accountFilter.nativeAccountId
767
- )
768
- ) {
769
- return;
770
- }
771
-
772
778
  if (
773
779
  !!accountFilter.authorityType &&
774
780
  !this.matchAuthorityType(entity, accountFilter.authorityType)
@@ -783,6 +789,7 @@ export abstract class CacheManager implements ICacheManager {
783
789
  username: accountFilter?.username,
784
790
  loginHint: accountFilter?.loginHint,
785
791
  upn: accountFilter?.upn,
792
+ nativeAccountId: accountFilter?.nativeAccountId,
786
793
  };
787
794
 
788
795
  const matchingTenantProfiles = entity.tenantProfiles?.filter(
@@ -865,7 +872,10 @@ export abstract class CacheManager implements ICacheManager {
865
872
  * idTokens do not have "target", target specific refreshTokens do exist for some types of authentication
866
873
  * Resource specific refresh tokens case will be added when the support is deemed necessary
867
874
  */
868
- if (!!filter.target && !this.matchTarget(entity, filter.target)) {
875
+ if (
876
+ !!filter.target &&
877
+ !this.matchTarget(entity, filter.target, correlationId)
878
+ ) {
869
879
  return false;
870
880
  }
871
881
 
@@ -889,6 +899,34 @@ export abstract class CacheManager implements ICacheManager {
889
899
  }
890
900
  }
891
901
 
902
+ // Additional cache key components matching (bidirectional isolation)
903
+ const entityComponents = entity.additionalCacheKeyComponents;
904
+ const filterComponents = filter.additionalCacheKeyComponents;
905
+ const entityHasComponents =
906
+ !!entityComponents && Object.keys(entityComponents).length > 0;
907
+ const filterHasComponents =
908
+ !!filterComponents && Object.keys(filterComponents).length > 0;
909
+
910
+ if (entityHasComponents !== filterHasComponents) {
911
+ return false;
912
+ }
913
+ if (entityHasComponents && filterHasComponents) {
914
+ const entityKeys = Object.keys(entityComponents).sort();
915
+ const filterKeys = Object.keys(filterComponents).sort();
916
+ if (entityKeys.length !== filterKeys.length) {
917
+ return false;
918
+ }
919
+ for (let i = 0; i < entityKeys.length; i++) {
920
+ if (
921
+ entityKeys[i] !== filterKeys[i] ||
922
+ entityComponents[entityKeys[i]] !==
923
+ filterComponents[filterKeys[i]]
924
+ ) {
925
+ return false;
926
+ }
927
+ }
928
+ }
929
+
892
930
  return true;
893
931
  }
894
932
 
@@ -1289,7 +1327,10 @@ export abstract class CacheManager implements ICacheManager {
1289
1327
  "CacheManager - getAccessToken called",
1290
1328
  correlationId
1291
1329
  );
1292
- const scopes = ScopeSet.createSearchScopes(request.scopes);
1330
+ const scopes = ScopeSet.createSearchScopes(
1331
+ request.scopes,
1332
+ correlationId
1333
+ );
1293
1334
  const authScheme =
1294
1335
  request.authenticationScheme ||
1295
1336
  Constants.AuthenticationScheme.BEARER;
@@ -1599,7 +1640,8 @@ export abstract class CacheManager implements ICacheManager {
1599
1640
  return null;
1600
1641
  } else if (numAppMetadata > 1) {
1601
1642
  throw createClientAuthError(
1602
- ClientAuthErrorCodes.multipleMatchingAppMetadata
1643
+ ClientAuthErrorCodes.multipleMatchingAppMetadata,
1644
+ correlationId
1603
1645
  );
1604
1646
  }
1605
1647
 
@@ -1806,21 +1848,6 @@ export abstract class CacheManager implements ICacheManager {
1806
1848
  return !!(entity.realm?.toLowerCase() === realm.toLowerCase());
1807
1849
  }
1808
1850
 
1809
- /**
1810
- * helper to match nativeAccountId
1811
- * @param entity
1812
- * @param nativeAccountId
1813
- * @returns boolean indicating the match result
1814
- */
1815
- private matchNativeAccountId(
1816
- entity: AccountEntity,
1817
- nativeAccountId: string
1818
- ): boolean {
1819
- return !!(
1820
- entity.nativeAccountId && nativeAccountId === entity.nativeAccountId
1821
- );
1822
- }
1823
-
1824
1851
  /**
1825
1852
  * helper to match loginHint which can be either:
1826
1853
  * 1. login_hint ID token claim
@@ -1879,7 +1906,11 @@ export abstract class CacheManager implements ICacheManager {
1879
1906
  * @param entity
1880
1907
  * @param target
1881
1908
  */
1882
- private matchTarget(entity: CredentialEntity, target: ScopeSet): boolean {
1909
+ private matchTarget(
1910
+ entity: CredentialEntity,
1911
+ target: ScopeSet,
1912
+ correlationId: string
1913
+ ): boolean {
1883
1914
  const isNotAccessTokenCredential =
1884
1915
  entity.credentialType !== Constants.CredentialType.ACCESS_TOKEN &&
1885
1916
  entity.credentialType !==
@@ -1889,7 +1920,10 @@ export abstract class CacheManager implements ICacheManager {
1889
1920
  return false;
1890
1921
  }
1891
1922
 
1892
- const entityScopeSet: ScopeSet = ScopeSet.fromString(entity.target);
1923
+ const entityScopeSet: ScopeSet = ScopeSet.fromString(
1924
+ entity.target,
1925
+ correlationId
1926
+ );
1893
1927
 
1894
1928
  return entityScopeSet.containsScopeSet(target);
1895
1929
  }
@@ -1954,72 +1988,141 @@ export abstract class CacheManager implements ICacheManager {
1954
1988
  /** @internal */
1955
1989
  export class DefaultStorageClass extends CacheManager {
1956
1990
  async setAccount(): Promise<void> {
1957
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
1991
+ throw createClientAuthError(
1992
+ ClientAuthErrorCodes.methodNotImplemented,
1993
+ ""
1994
+ );
1958
1995
  }
1959
1996
  getAccount(): AccountEntity {
1960
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
1997
+ throw createClientAuthError(
1998
+ ClientAuthErrorCodes.methodNotImplemented,
1999
+ ""
2000
+ );
1961
2001
  }
1962
2002
  async setIdTokenCredential(): Promise<void> {
1963
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
2003
+ throw createClientAuthError(
2004
+ ClientAuthErrorCodes.methodNotImplemented,
2005
+ ""
2006
+ );
1964
2007
  }
1965
2008
  getIdTokenCredential(): IdTokenEntity {
1966
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
2009
+ throw createClientAuthError(
2010
+ ClientAuthErrorCodes.methodNotImplemented,
2011
+ ""
2012
+ );
1967
2013
  }
1968
2014
  async setAccessTokenCredential(): Promise<void> {
1969
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
2015
+ throw createClientAuthError(
2016
+ ClientAuthErrorCodes.methodNotImplemented,
2017
+ ""
2018
+ );
1970
2019
  }
1971
2020
  getAccessTokenCredential(): AccessTokenEntity {
1972
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
2021
+ throw createClientAuthError(
2022
+ ClientAuthErrorCodes.methodNotImplemented,
2023
+ ""
2024
+ );
1973
2025
  }
1974
2026
  async setRefreshTokenCredential(): Promise<void> {
1975
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
2027
+ throw createClientAuthError(
2028
+ ClientAuthErrorCodes.methodNotImplemented,
2029
+ ""
2030
+ );
1976
2031
  }
1977
2032
  getRefreshTokenCredential(): RefreshTokenEntity {
1978
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
2033
+ throw createClientAuthError(
2034
+ ClientAuthErrorCodes.methodNotImplemented,
2035
+ ""
2036
+ );
1979
2037
  }
1980
2038
  setAppMetadata(): void {
1981
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
2039
+ throw createClientAuthError(
2040
+ ClientAuthErrorCodes.methodNotImplemented,
2041
+ ""
2042
+ );
1982
2043
  }
1983
2044
  getAppMetadata(): AppMetadataEntity {
1984
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
2045
+ throw createClientAuthError(
2046
+ ClientAuthErrorCodes.methodNotImplemented,
2047
+ ""
2048
+ );
1985
2049
  }
1986
2050
  setServerTelemetry(): void {
1987
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
2051
+ throw createClientAuthError(
2052
+ ClientAuthErrorCodes.methodNotImplemented,
2053
+ ""
2054
+ );
1988
2055
  }
1989
2056
  getServerTelemetry(): ServerTelemetryEntity {
1990
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
2057
+ throw createClientAuthError(
2058
+ ClientAuthErrorCodes.methodNotImplemented,
2059
+ ""
2060
+ );
1991
2061
  }
1992
2062
  setAuthorityMetadata(): void {
1993
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
2063
+ throw createClientAuthError(
2064
+ ClientAuthErrorCodes.methodNotImplemented,
2065
+ ""
2066
+ );
1994
2067
  }
1995
2068
  getAuthorityMetadata(): AuthorityMetadataEntity | null {
1996
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
2069
+ throw createClientAuthError(
2070
+ ClientAuthErrorCodes.methodNotImplemented,
2071
+ ""
2072
+ );
1997
2073
  }
1998
2074
  getAuthorityMetadataKeys(): Array<string> {
1999
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
2075
+ throw createClientAuthError(
2076
+ ClientAuthErrorCodes.methodNotImplemented,
2077
+ ""
2078
+ );
2000
2079
  }
2001
2080
  setThrottlingCache(): void {
2002
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
2081
+ throw createClientAuthError(
2082
+ ClientAuthErrorCodes.methodNotImplemented,
2083
+ ""
2084
+ );
2003
2085
  }
2004
2086
  getThrottlingCache(): ThrottlingEntity {
2005
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
2087
+ throw createClientAuthError(
2088
+ ClientAuthErrorCodes.methodNotImplemented,
2089
+ ""
2090
+ );
2006
2091
  }
2007
2092
  removeItem(): boolean {
2008
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
2093
+ throw createClientAuthError(
2094
+ ClientAuthErrorCodes.methodNotImplemented,
2095
+ ""
2096
+ );
2009
2097
  }
2010
2098
  getKeys(): string[] {
2011
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
2099
+ throw createClientAuthError(
2100
+ ClientAuthErrorCodes.methodNotImplemented,
2101
+ ""
2102
+ );
2012
2103
  }
2013
2104
  getAccountKeys(): string[] {
2014
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
2105
+ throw createClientAuthError(
2106
+ ClientAuthErrorCodes.methodNotImplemented,
2107
+ ""
2108
+ );
2015
2109
  }
2016
2110
  getTokenKeys(): TokenKeys {
2017
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
2111
+ throw createClientAuthError(
2112
+ ClientAuthErrorCodes.methodNotImplemented,
2113
+ ""
2114
+ );
2018
2115
  }
2019
2116
  generateCredentialKey(): string {
2020
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
2117
+ throw createClientAuthError(
2118
+ ClientAuthErrorCodes.methodNotImplemented,
2119
+ ""
2120
+ );
2021
2121
  }
2022
2122
  generateAccountKey(): string {
2023
- throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
2123
+ throw createClientAuthError(
2124
+ ClientAuthErrorCodes.methodNotImplemented,
2125
+ ""
2126
+ );
2024
2127
  }
2025
2128
  }
@@ -42,6 +42,10 @@ export type AccountEntity = {
42
42
  lastModificationApp?: string;
43
43
  cloudGraphHostName?: string;
44
44
  msGraphHost?: string;
45
+ /**
46
+ * @deprecated Use tenantProfiles[].nativeAccountId instead. Kept for cache downgrade compatibility.
47
+ * Will be removed at the next ACCOUNT_SCHEMA_VERSION bump.
48
+ */
45
49
  nativeAccountId?: string;
46
50
  tenantProfiles?: Array<TenantProfile>;
47
51
  /** Timestamp when the entry was last updated */
@@ -31,6 +31,8 @@ export type CredentialEntity = {
31
31
  tokenType?: AuthenticationScheme;
32
32
  /** KeyId for PoP and SSH tokens stored in the kid claim */
33
33
  keyId?: string;
34
+ /** Additional cache key components for cache isolation (e.g., { fmi_path: "..." }). Stored as raw key-value pairs; a combined hash is computed at key-generation time. */
35
+ additionalCacheKeyComponents?: Record<string, string>;
34
36
  /** Timestamp when the entry was last updated */
35
37
  lastUpdatedAt: string;
36
38
  };
@@ -54,10 +54,18 @@ export function getAccountInfo(accountEntity: AccountEntity): AccountInfo {
54
54
  buildTenantProfile(
55
55
  accountEntity.homeAccountId,
56
56
  accountEntity.localAccountId,
57
- accountEntity.realm
57
+ accountEntity.realm,
58
+ accountEntity.nativeAccountId
58
59
  )
59
60
  );
60
61
  }
62
+ // Resolve nativeAccountId from the home tenant profile first, fall back to top-level (deprecated) for old cache entries
63
+ const homeTenantProfile = tenantProfiles.find(
64
+ (tp) => tp.tenantId === accountEntity.realm
65
+ );
66
+ const nativeAccountId =
67
+ homeTenantProfile?.nativeAccountId || accountEntity.nativeAccountId;
68
+
61
69
  return {
62
70
  homeAccountId: accountEntity.homeAccountId,
63
71
  environment: accountEntity.environment,
@@ -66,7 +74,7 @@ export function getAccountInfo(accountEntity: AccountEntity): AccountInfo {
66
74
  localAccountId: accountEntity.localAccountId,
67
75
  loginHint: accountEntity.loginHint,
68
76
  name: accountEntity.name,
69
- nativeAccountId: accountEntity.nativeAccountId,
77
+ nativeAccountId: nativeAccountId,
70
78
  authorityType: accountEntity.authorityType,
71
79
  // Deserialize tenant profiles array into a Map
72
80
  tenantProfiles: new Map(
@@ -103,6 +111,7 @@ export function createAccountEntity(
103
111
  tenantProfiles?: Array<TenantProfile>;
104
112
  },
105
113
  authority: Authority,
114
+ correlationId: string,
106
115
  base64Decode?: (input: string) => string
107
116
  ): AccountEntity {
108
117
  let authorityType;
@@ -130,7 +139,8 @@ export function createAccountEntity(
130
139
 
131
140
  if (!env) {
132
141
  throw createClientAuthError(
133
- ClientAuthErrorCodes.invalidCacheEnvironment
142
+ ClientAuthErrorCodes.invalidCacheEnvironment,
143
+ correlationId
134
144
  );
135
145
  }
136
146
 
@@ -168,6 +178,7 @@ export function createAccountEntity(
168
178
  accountDetails.homeAccountId,
169
179
  localAccountId,
170
180
  realm,
181
+ accountDetails.nativeAccountId,
171
182
  accountDetails.idTokenClaims
172
183
  );
173
184
  tenantProfiles = [tenantProfile];
@@ -221,9 +232,18 @@ export function createAccountEntityFromAccountInfo(
221
232
  accountInfo.homeAccountId,
222
233
  accountInfo.localAccountId,
223
234
  accountInfo.tenantId,
235
+ accountInfo.nativeAccountId,
224
236
  accountInfo.idTokenClaims
225
237
  )
226
238
  );
239
+ } else if (accountInfo.nativeAccountId) {
240
+ // Ensure nativeAccountId is set on the matching tenant profile
241
+ const matchingProfile = tenantProfiles.find(
242
+ (tp) => tp.tenantId === accountInfo.tenantId
243
+ );
244
+ if (matchingProfile && !matchingProfile.nativeAccountId) {
245
+ matchingProfile.nativeAccountId = accountInfo.nativeAccountId;
246
+ }
227
247
  }
228
248
  return {
229
249
  authorityType:
@@ -68,10 +68,12 @@ export function createAccessTokenEntity(
68
68
  expiresOn: number,
69
69
  extExpiresOn: number,
70
70
  base64Decode: (input: string) => string,
71
+ correlationId: string,
71
72
  refreshOn?: number,
72
73
  tokenType?: Constants.AuthenticationScheme,
73
74
  userAssertionHash?: string,
74
- keyId?: string
75
+ keyId?: string,
76
+ additionalCacheKeyComponents?: Record<string, string>
75
77
  ): AccessTokenEntity {
76
78
  const atEntity: AccessTokenEntity = {
77
79
  homeAccountId: homeAccountId,
@@ -111,11 +113,13 @@ export function createAccessTokenEntity(
111
113
  // Make sure keyId is present and add it to credential
112
114
  const tokenClaims: TokenClaims | null = extractTokenClaims(
113
115
  accessToken,
114
- base64Decode
116
+ base64Decode,
117
+ correlationId
115
118
  );
116
119
  if (!tokenClaims?.cnf?.kid) {
117
120
  throw createClientAuthError(
118
- ClientAuthErrorCodes.tokenClaimsCnfRequiredForSignedJwt
121
+ ClientAuthErrorCodes.tokenClaimsCnfRequiredForSignedJwt,
122
+ correlationId
119
123
  );
120
124
  }
121
125
  atEntity.keyId = tokenClaims.cnf.kid;
@@ -125,6 +129,14 @@ export function createAccessTokenEntity(
125
129
  }
126
130
  }
127
131
 
132
+ /* Additional cache key components for cache isolation (e.g., FMI path) */
133
+ if (
134
+ additionalCacheKeyComponents &&
135
+ Object.keys(additionalCacheKeyComponents).length > 0
136
+ ) {
137
+ atEntity.additionalCacheKeyComponents = additionalCacheKeyComponents;
138
+ }
139
+
128
140
  return atEntity;
129
141
  }
130
142
 
@@ -72,6 +72,7 @@ export type TenantProfileFilter = Pick<
72
72
  | "isHomeTenant"
73
73
  | "username"
74
74
  | "upn"
75
+ | "nativeAccountId"
75
76
  >;
76
77
 
77
78
  /**
@@ -88,6 +89,7 @@ export type CredentialFilter = {
88
89
  userAssertionHash?: string;
89
90
  tokenType?: AuthenticationScheme;
90
91
  keyId?: string;
92
+ additionalCacheKeyComponents?: Record<string, string>;
91
93
  };
92
94
 
93
95
  /**
@@ -132,7 +132,8 @@ export class AuthorizationCodeClient {
132
132
  ): Promise<AuthenticationResult> {
133
133
  if (!request.code) {
134
134
  throw createClientAuthError(
135
- ClientAuthErrorCodes.requestCannotBeMade
135
+ ClientAuthErrorCodes.requestCannotBeMade,
136
+ request.correlationId
136
137
  );
137
138
  }
138
139
 
@@ -205,7 +206,8 @@ export class AuthorizationCodeClient {
205
206
  // Throw error if logoutRequest is null/undefined
206
207
  if (!logoutRequest) {
207
208
  throw createClientConfigurationError(
208
- ClientConfigurationErrorCodes.logoutRequestEmpty
209
+ ClientConfigurationErrorCodes.logoutRequestEmpty,
210
+ ""
209
211
  );
210
212
  }
211
213
  const queryString = this.createLogoutUrlQueryString(logoutRequest);
@@ -319,7 +321,8 @@ export class AuthorizationCodeClient {
319
321
  // Just validate
320
322
  if (!request.redirectUri) {
321
323
  throw createClientConfigurationError(
322
- ClientConfigurationErrorCodes.redirectUriEmpty
324
+ ClientConfigurationErrorCodes.redirectUriEmpty,
325
+ request.correlationId
323
326
  );
324
327
  }
325
328
  } else {
@@ -334,6 +337,7 @@ export class AuthorizationCodeClient {
334
337
  RequestParameterBuilder.addScopes(
335
338
  parameters,
336
339
  request.scopes,
340
+ request.correlationId,
337
341
  true,
338
342
  this.oidcDefaultScopes
339
343
  );
@@ -431,7 +435,8 @@ export class AuthorizationCodeClient {
431
435
  RequestParameterBuilder.addSshJwk(parameters, request.sshJwk);
432
436
  } else {
433
437
  throw createClientConfigurationError(
434
- ClientConfigurationErrorCodes.missingSshJwk
438
+ ClientConfigurationErrorCodes.missingSshJwk,
439
+ request.correlationId
435
440
  );
436
441
  }
437
442
  }
@@ -519,6 +524,7 @@ export class AuthorizationCodeClient {
519
524
 
520
525
  RequestParameterBuilder.addClaims(
521
526
  parameters,
527
+ request.correlationId,
522
528
  request.claims,
523
529
  this.config.authOptions.clientCapabilities,
524
530
  request.skipBrokerClaims
@@ -177,13 +177,15 @@ export class RefreshTokenClient {
177
177
  // Cannot renew token if no request object is given.
178
178
  if (!request) {
179
179
  throw createClientConfigurationError(
180
- ClientConfigurationErrorCodes.tokenRequestEmpty
180
+ ClientConfigurationErrorCodes.tokenRequestEmpty,
181
+ ""
181
182
  );
182
183
  }
183
184
  // We currently do not support silent flow for account === null use cases; This will be revisited for confidential flow usecases
184
185
  if (!request.account) {
185
186
  throw createClientAuthError(
186
- ClientAuthErrorCodes.noAccountInSilentRequest
187
+ ClientAuthErrorCodes.noAccountInSilentRequest,
188
+ request.correlationId
187
189
  );
188
190
  }
189
191
 
@@ -258,7 +260,8 @@ export class RefreshTokenClient {
258
260
 
259
261
  if (!refreshToken) {
260
262
  throw createInteractionRequiredAuthError(
261
- InteractionRequiredAuthErrorCodes.noTokensFound
263
+ InteractionRequiredAuthErrorCodes.noTokensFound,
264
+ request.correlationId
262
265
  );
263
266
  }
264
267
 
@@ -276,7 +279,8 @@ export class RefreshTokenClient {
276
279
 
277
280
  if (TimeUtils.isTokenExpired(refreshToken.expiresOn, offset)) {
278
281
  throw createInteractionRequiredAuthError(
279
- InteractionRequiredAuthErrorCodes.refreshTokenExpired
282
+ InteractionRequiredAuthErrorCodes.refreshTokenExpired,
283
+ request.correlationId
280
284
  );
281
285
  }
282
286
  }
@@ -407,6 +411,7 @@ export class RefreshTokenClient {
407
411
  RequestParameterBuilder.addScopes(
408
412
  parameters,
409
413
  request.scopes,
414
+ request.correlationId,
410
415
  true,
411
416
  this.config.authOptions.authority.options.OIDCOptions?.defaultScopes
412
417
  );
@@ -497,7 +502,8 @@ export class RefreshTokenClient {
497
502
  RequestParameterBuilder.addSshJwk(parameters, request.sshJwk);
498
503
  } else {
499
504
  throw createClientConfigurationError(
500
- ClientConfigurationErrorCodes.missingSshJwk
505
+ ClientConfigurationErrorCodes.missingSshJwk,
506
+ request.correlationId
501
507
  );
502
508
  }
503
509
  }
@@ -554,6 +560,7 @@ export class RefreshTokenClient {
554
560
 
555
561
  RequestParameterBuilder.addClaims(
556
562
  parameters,
563
+ request.correlationId,
557
564
  request.claims,
558
565
  this.config.authOptions.clientCapabilities,
559
566
  request.skipBrokerClaims