@azure/msal-common 16.9.0 → 16.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (397) hide show
  1. package/dist/account/AccountInfo.mjs +9 -3
  2. package/dist/account/AccountInfo.mjs.map +1 -1
  3. package/dist/account/AuthToken.mjs +9 -23
  4. package/dist/account/AuthToken.mjs.map +1 -1
  5. package/dist/account/CcsCredential.mjs +1 -1
  6. package/dist/account/CcsCredential.mjs.map +1 -1
  7. package/dist/account/ClientInfo.mjs +4 -4
  8. package/dist/account/ClientInfo.mjs.map +1 -1
  9. package/dist/account/TokenClaims.mjs +1 -1
  10. package/dist/account/TokenClaims.mjs.map +1 -1
  11. package/dist/authority/Authority.mjs +36 -37
  12. package/dist/authority/Authority.mjs.map +1 -1
  13. package/dist/authority/AuthorityFactory.mjs +3 -3
  14. package/dist/authority/AuthorityFactory.mjs.map +1 -1
  15. package/dist/authority/AuthorityMetadata.mjs +2 -2
  16. package/dist/authority/AuthorityMetadata.mjs.map +1 -1
  17. package/dist/authority/AuthorityOptions.mjs +1 -1
  18. package/dist/authority/AuthorityOptions.mjs.map +1 -1
  19. package/dist/authority/AuthorityType.mjs +1 -1
  20. package/dist/authority/AuthorityType.mjs.map +1 -1
  21. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  22. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  23. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  24. package/dist/authority/ProtocolMode.mjs +1 -1
  25. package/dist/authority/ProtocolMode.mjs.map +1 -1
  26. package/dist/authority/RegionDiscovery.mjs +16 -10
  27. package/dist/authority/RegionDiscovery.mjs.map +1 -1
  28. package/dist/cache/CacheManager.mjs +62 -46
  29. package/dist/cache/CacheManager.mjs.map +1 -1
  30. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  31. package/dist/cache/persistence/TokenCacheContext.mjs.map +1 -1
  32. package/dist/cache/utils/AccountEntityUtils.mjs +18 -8
  33. package/dist/cache/utils/AccountEntityUtils.mjs.map +1 -1
  34. package/dist/cache/utils/CacheHelpers.mjs +10 -5
  35. package/dist/cache/utils/CacheHelpers.mjs.map +1 -1
  36. package/dist/client/AuthorizationCodeClient.mjs +7 -7
  37. package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
  38. package/dist/client/RefreshTokenClient.mjs +8 -8
  39. package/dist/client/RefreshTokenClient.mjs.map +1 -1
  40. package/dist/client/SilentFlowClient.mjs +10 -18
  41. package/dist/client/SilentFlowClient.mjs.map +1 -1
  42. package/dist/config/ClientConfiguration.mjs +3 -3
  43. package/dist/config/ClientConfiguration.mjs.map +1 -1
  44. package/dist/constants/AADServerParamKeys.mjs +7 -3
  45. package/dist/constants/AADServerParamKeys.mjs.map +1 -1
  46. package/dist/crypto/ICrypto.mjs +11 -11
  47. package/dist/crypto/ICrypto.mjs.map +1 -1
  48. package/dist/crypto/JoseHeader.mjs +3 -3
  49. package/dist/crypto/JoseHeader.mjs.map +1 -1
  50. package/dist/crypto/PopTokenGenerator.mjs +2 -2
  51. package/dist/crypto/PopTokenGenerator.mjs.map +1 -1
  52. package/dist/error/AuthError.mjs +5 -7
  53. package/dist/error/AuthError.mjs.map +1 -1
  54. package/dist/error/AuthErrorCodes.mjs +1 -1
  55. package/dist/error/CacheError.mjs +1 -1
  56. package/dist/error/CacheError.mjs.map +1 -1
  57. package/dist/error/CacheErrorCodes.mjs +1 -1
  58. package/dist/error/ClientAuthError.mjs +5 -5
  59. package/dist/error/ClientAuthError.mjs.map +1 -1
  60. package/dist/error/ClientAuthErrorCodes.mjs +2 -4
  61. package/dist/error/ClientAuthErrorCodes.mjs.map +1 -1
  62. package/dist/error/ClientConfigurationError.mjs +5 -5
  63. package/dist/error/ClientConfigurationError.mjs.map +1 -1
  64. package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
  65. package/dist/error/InteractionRequiredAuthError.mjs +5 -6
  66. package/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
  67. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  68. package/dist/error/JoseHeaderError.mjs +5 -5
  69. package/dist/error/JoseHeaderError.mjs.map +1 -1
  70. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  71. package/dist/error/NetworkError.mjs +2 -2
  72. package/dist/error/NetworkError.mjs.map +1 -1
  73. package/dist/error/PlatformBrokerError.mjs +3 -3
  74. package/dist/error/PlatformBrokerError.mjs.map +1 -1
  75. package/dist/error/ServerError.mjs +3 -3
  76. package/dist/error/ServerError.mjs.map +1 -1
  77. package/dist/index-node.mjs +53 -53
  78. package/dist/index.mjs +59 -59
  79. package/dist/logger/Logger.mjs +1 -1
  80. package/dist/logger/Logger.mjs.map +1 -1
  81. package/dist/network/INetworkModule.mjs +4 -3
  82. package/dist/network/INetworkModule.mjs.map +1 -1
  83. package/dist/network/RequestThumbprint.mjs +2 -1
  84. package/dist/network/RequestThumbprint.mjs.map +1 -1
  85. package/dist/network/ThrottlingUtils.mjs +2 -2
  86. package/dist/network/ThrottlingUtils.mjs.map +1 -1
  87. package/dist/packageMetadata.mjs +2 -2
  88. package/dist/protocol/Authorize.mjs +16 -14
  89. package/dist/protocol/Authorize.mjs.map +1 -1
  90. package/dist/protocol/Token.mjs +2 -2
  91. package/dist/protocol/Token.mjs.map +1 -1
  92. package/dist/request/AuthenticationHeaderParser.mjs +4 -4
  93. package/dist/request/AuthenticationHeaderParser.mjs.map +1 -1
  94. package/dist/request/BaseAuthRequest.mjs +3 -3
  95. package/dist/request/BaseAuthRequest.mjs.map +1 -1
  96. package/dist/request/RequestParameterBuilder.mjs +51 -33
  97. package/dist/request/RequestParameterBuilder.mjs.map +1 -1
  98. package/dist/request/ScopeSet.mjs +13 -12
  99. package/dist/request/ScopeSet.mjs.map +1 -1
  100. package/dist/response/ResponseHandler.mjs +29 -27
  101. package/dist/response/ResponseHandler.mjs.map +1 -1
  102. package/dist/telemetry/performance/PerformanceClient.mjs +20 -1
  103. package/dist/telemetry/performance/PerformanceClient.mjs.map +1 -1
  104. package/dist/telemetry/performance/PerformanceEvent.mjs +1 -1
  105. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  106. package/dist/telemetry/performance/PerformanceEvents.mjs +1 -1
  107. package/dist/telemetry/performance/StubPerformanceClient.mjs +4 -1
  108. package/dist/telemetry/performance/StubPerformanceClient.mjs.map +1 -1
  109. package/dist/telemetry/server/ServerTelemetryManager.mjs +2 -2
  110. package/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
  111. package/dist/url/UrlString.mjs +15 -14
  112. package/dist/url/UrlString.mjs.map +1 -1
  113. package/dist/utils/ClientAssertionUtils.mjs +3 -2
  114. package/dist/utils/ClientAssertionUtils.mjs.map +1 -1
  115. package/dist/utils/Constants.mjs +7 -3
  116. package/dist/utils/Constants.mjs.map +1 -1
  117. package/dist/utils/FunctionWrappers.mjs +1 -1
  118. package/dist/utils/FunctionWrappers.mjs.map +1 -1
  119. package/dist/utils/ProtocolUtils.mjs +12 -9
  120. package/dist/utils/ProtocolUtils.mjs.map +1 -1
  121. package/dist/utils/StringUtils.mjs +1 -1
  122. package/dist/utils/StringUtils.mjs.map +1 -1
  123. package/dist/utils/TimeUtils.mjs +1 -1
  124. package/dist/utils/TimeUtils.mjs.map +1 -1
  125. package/dist/utils/UrlUtils.mjs +4 -4
  126. package/dist/utils/UrlUtils.mjs.map +1 -1
  127. package/dist-browser/account/AccountInfo.mjs +9 -3
  128. package/dist-browser/account/AccountInfo.mjs.map +1 -1
  129. package/dist-browser/account/AuthToken.mjs +9 -23
  130. package/dist-browser/account/AuthToken.mjs.map +1 -1
  131. package/dist-browser/account/CcsCredential.mjs +1 -1
  132. package/dist-browser/account/CcsCredential.mjs.map +1 -1
  133. package/dist-browser/account/ClientInfo.mjs +4 -4
  134. package/dist-browser/account/ClientInfo.mjs.map +1 -1
  135. package/dist-browser/account/TokenClaims.mjs +1 -1
  136. package/dist-browser/account/TokenClaims.mjs.map +1 -1
  137. package/dist-browser/authority/Authority.mjs +36 -37
  138. package/dist-browser/authority/Authority.mjs.map +1 -1
  139. package/dist-browser/authority/AuthorityFactory.mjs +3 -3
  140. package/dist-browser/authority/AuthorityFactory.mjs.map +1 -1
  141. package/dist-browser/authority/AuthorityMetadata.mjs +2 -2
  142. package/dist-browser/authority/AuthorityMetadata.mjs.map +1 -1
  143. package/dist-browser/authority/AuthorityOptions.mjs +1 -1
  144. package/dist-browser/authority/AuthorityOptions.mjs.map +1 -1
  145. package/dist-browser/authority/AuthorityType.mjs +1 -1
  146. package/dist-browser/authority/AuthorityType.mjs.map +1 -1
  147. package/dist-browser/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  148. package/dist-browser/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  149. package/dist-browser/authority/OpenIdConfigResponse.mjs +1 -1
  150. package/dist-browser/authority/ProtocolMode.mjs +1 -1
  151. package/dist-browser/authority/ProtocolMode.mjs.map +1 -1
  152. package/dist-browser/authority/RegionDiscovery.mjs +16 -10
  153. package/dist-browser/authority/RegionDiscovery.mjs.map +1 -1
  154. package/dist-browser/cache/CacheManager.mjs +62 -46
  155. package/dist-browser/cache/CacheManager.mjs.map +1 -1
  156. package/dist-browser/cache/persistence/TokenCacheContext.mjs +1 -1
  157. package/dist-browser/cache/persistence/TokenCacheContext.mjs.map +1 -1
  158. package/dist-browser/cache/utils/AccountEntityUtils.mjs +18 -8
  159. package/dist-browser/cache/utils/AccountEntityUtils.mjs.map +1 -1
  160. package/dist-browser/cache/utils/CacheHelpers.mjs +10 -5
  161. package/dist-browser/cache/utils/CacheHelpers.mjs.map +1 -1
  162. package/dist-browser/client/AuthorizationCodeClient.mjs +7 -7
  163. package/dist-browser/client/AuthorizationCodeClient.mjs.map +1 -1
  164. package/dist-browser/client/RefreshTokenClient.mjs +8 -8
  165. package/dist-browser/client/RefreshTokenClient.mjs.map +1 -1
  166. package/dist-browser/client/SilentFlowClient.mjs +10 -18
  167. package/dist-browser/client/SilentFlowClient.mjs.map +1 -1
  168. package/dist-browser/config/ClientConfiguration.mjs +3 -3
  169. package/dist-browser/config/ClientConfiguration.mjs.map +1 -1
  170. package/dist-browser/constants/AADServerParamKeys.mjs +7 -3
  171. package/dist-browser/constants/AADServerParamKeys.mjs.map +1 -1
  172. package/dist-browser/crypto/ICrypto.mjs +11 -11
  173. package/dist-browser/crypto/ICrypto.mjs.map +1 -1
  174. package/dist-browser/crypto/JoseHeader.mjs +3 -3
  175. package/dist-browser/crypto/JoseHeader.mjs.map +1 -1
  176. package/dist-browser/crypto/PopTokenGenerator.mjs +2 -2
  177. package/dist-browser/crypto/PopTokenGenerator.mjs.map +1 -1
  178. package/dist-browser/error/AuthError.mjs +5 -7
  179. package/dist-browser/error/AuthError.mjs.map +1 -1
  180. package/dist-browser/error/AuthErrorCodes.mjs +1 -1
  181. package/dist-browser/error/CacheError.mjs +1 -1
  182. package/dist-browser/error/CacheError.mjs.map +1 -1
  183. package/dist-browser/error/CacheErrorCodes.mjs +1 -1
  184. package/dist-browser/error/ClientAuthError.mjs +5 -5
  185. package/dist-browser/error/ClientAuthError.mjs.map +1 -1
  186. package/dist-browser/error/ClientAuthErrorCodes.mjs +2 -4
  187. package/dist-browser/error/ClientAuthErrorCodes.mjs.map +1 -1
  188. package/dist-browser/error/ClientConfigurationError.mjs +5 -5
  189. package/dist-browser/error/ClientConfigurationError.mjs.map +1 -1
  190. package/dist-browser/error/ClientConfigurationErrorCodes.mjs +1 -1
  191. package/dist-browser/error/InteractionRequiredAuthError.mjs +5 -6
  192. package/dist-browser/error/InteractionRequiredAuthError.mjs.map +1 -1
  193. package/dist-browser/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  194. package/dist-browser/error/JoseHeaderError.mjs +5 -5
  195. package/dist-browser/error/JoseHeaderError.mjs.map +1 -1
  196. package/dist-browser/error/JoseHeaderErrorCodes.mjs +1 -1
  197. package/dist-browser/error/NetworkError.mjs +2 -2
  198. package/dist-browser/error/NetworkError.mjs.map +1 -1
  199. package/dist-browser/error/PlatformBrokerError.mjs +3 -3
  200. package/dist-browser/error/PlatformBrokerError.mjs.map +1 -1
  201. package/dist-browser/error/ServerError.mjs +3 -3
  202. package/dist-browser/error/ServerError.mjs.map +1 -1
  203. package/dist-browser/index-browser.mjs +55 -55
  204. package/dist-browser/index.mjs +59 -59
  205. package/dist-browser/log-strings-mapping.json +2 -2
  206. package/dist-browser/logger/Logger.mjs +1 -1
  207. package/dist-browser/logger/Logger.mjs.map +1 -1
  208. package/dist-browser/network/INetworkModule.mjs +4 -3
  209. package/dist-browser/network/INetworkModule.mjs.map +1 -1
  210. package/dist-browser/network/RequestThumbprint.mjs +2 -1
  211. package/dist-browser/network/RequestThumbprint.mjs.map +1 -1
  212. package/dist-browser/network/ThrottlingUtils.mjs +2 -2
  213. package/dist-browser/network/ThrottlingUtils.mjs.map +1 -1
  214. package/dist-browser/packageMetadata.mjs +2 -2
  215. package/dist-browser/protocol/Authorize.mjs +16 -14
  216. package/dist-browser/protocol/Authorize.mjs.map +1 -1
  217. package/dist-browser/protocol/Token.mjs +2 -2
  218. package/dist-browser/protocol/Token.mjs.map +1 -1
  219. package/dist-browser/request/AuthenticationHeaderParser.mjs +4 -4
  220. package/dist-browser/request/AuthenticationHeaderParser.mjs.map +1 -1
  221. package/dist-browser/request/BaseAuthRequest.mjs +3 -3
  222. package/dist-browser/request/BaseAuthRequest.mjs.map +1 -1
  223. package/dist-browser/request/RequestParameterBuilder.mjs +51 -33
  224. package/dist-browser/request/RequestParameterBuilder.mjs.map +1 -1
  225. package/dist-browser/request/ScopeSet.mjs +13 -12
  226. package/dist-browser/request/ScopeSet.mjs.map +1 -1
  227. package/dist-browser/response/ResponseHandler.mjs +29 -27
  228. package/dist-browser/response/ResponseHandler.mjs.map +1 -1
  229. package/dist-browser/telemetry/performance/PerformanceClient.mjs +20 -1
  230. package/dist-browser/telemetry/performance/PerformanceClient.mjs.map +1 -1
  231. package/dist-browser/telemetry/performance/PerformanceEvent.mjs +1 -1
  232. package/dist-browser/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  233. package/dist-browser/telemetry/performance/PerformanceEvents.mjs +1 -1
  234. package/dist-browser/telemetry/performance/StubPerformanceClient.mjs +4 -1
  235. package/dist-browser/telemetry/performance/StubPerformanceClient.mjs.map +1 -1
  236. package/dist-browser/telemetry/server/ServerTelemetryManager.mjs +2 -2
  237. package/dist-browser/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
  238. package/dist-browser/url/UrlString.mjs +15 -14
  239. package/dist-browser/url/UrlString.mjs.map +1 -1
  240. package/dist-browser/utils/ClientAssertionUtils.mjs +3 -2
  241. package/dist-browser/utils/ClientAssertionUtils.mjs.map +1 -1
  242. package/dist-browser/utils/Constants.mjs +7 -3
  243. package/dist-browser/utils/Constants.mjs.map +1 -1
  244. package/dist-browser/utils/FunctionWrappers.mjs +1 -1
  245. package/dist-browser/utils/FunctionWrappers.mjs.map +1 -1
  246. package/dist-browser/utils/ProtocolUtils.mjs +12 -9
  247. package/dist-browser/utils/ProtocolUtils.mjs.map +1 -1
  248. package/dist-browser/utils/StringUtils.mjs +1 -1
  249. package/dist-browser/utils/StringUtils.mjs.map +1 -1
  250. package/dist-browser/utils/TimeUtils.mjs +1 -1
  251. package/dist-browser/utils/TimeUtils.mjs.map +1 -1
  252. package/dist-browser/utils/UrlUtils.mjs +4 -4
  253. package/dist-browser/utils/UrlUtils.mjs.map +1 -1
  254. package/lib/index-browser.cjs +27 -8
  255. package/lib/index-browser.cjs.map +1 -1
  256. package/lib/{index-node-CcOYLhxB.js → index-node-C_uKaUiZ.js} +368 -312
  257. package/lib/index-node-C_uKaUiZ.js.map +1 -0
  258. package/lib/index-node.cjs +2 -2
  259. package/lib/index.cjs +2 -2
  260. package/package.json +1 -1
  261. package/src/account/AccountInfo.ts +19 -1
  262. package/src/account/AuthToken.ts +19 -21
  263. package/src/account/ClientCredentials.ts +1 -0
  264. package/src/account/ClientInfo.ts +8 -3
  265. package/src/authority/Authority.ts +72 -37
  266. package/src/authority/AuthorityFactory.ts +4 -2
  267. package/src/authority/AuthorityMetadata.ts +2 -1
  268. package/src/authority/RegionDiscovery.ts +18 -11
  269. package/src/cache/CacheManager.ts +160 -57
  270. package/src/cache/entities/AccountEntity.ts +4 -0
  271. package/src/cache/entities/CredentialEntity.ts +2 -0
  272. package/src/cache/utils/AccountEntityUtils.ts +23 -3
  273. package/src/cache/utils/CacheHelpers.ts +15 -3
  274. package/src/cache/utils/CacheTypes.ts +2 -0
  275. package/src/client/AuthorizationCodeClient.ts +10 -4
  276. package/src/client/RefreshTokenClient.ts +12 -5
  277. package/src/client/SilentFlowClient.ts +17 -20
  278. package/src/config/ClientConfiguration.ts +8 -2
  279. package/src/constants/AADServerParamKeys.ts +5 -0
  280. package/src/crypto/ICrypto.ts +40 -10
  281. package/src/crypto/JoseHeader.ts +8 -2
  282. package/src/crypto/PopTokenGenerator.ts +1 -1
  283. package/src/error/AuthError.ts +9 -5
  284. package/src/error/ClientAuthError.ts +8 -3
  285. package/src/error/ClientAuthErrorCodes.ts +0 -2
  286. package/src/error/ClientConfigurationError.ts +5 -4
  287. package/src/error/InteractionRequiredAuthError.ts +9 -5
  288. package/src/error/JoseHeaderError.ts +11 -4
  289. package/src/error/NetworkError.ts +6 -1
  290. package/src/error/PlatformBrokerError.ts +2 -1
  291. package/src/error/ServerError.ts +3 -2
  292. package/src/network/INetworkModule.ts +3 -2
  293. package/src/network/RequestThumbprint.ts +2 -0
  294. package/src/network/ThrottlingUtils.ts +1 -0
  295. package/src/packageMetadata.ts +1 -1
  296. package/src/protocol/Authorize.ts +21 -6
  297. package/src/protocol/Token.ts +4 -1
  298. package/src/request/AuthenticationHeaderParser.ts +6 -3
  299. package/src/request/BaseAuthRequest.ts +8 -2
  300. package/src/request/RequestParameterBuilder.ts +66 -43
  301. package/src/request/ScopeSet.ts +27 -11
  302. package/src/response/ImdsComputeResponse.ts +14 -0
  303. package/src/response/ResponseHandler.ts +45 -32
  304. package/src/telemetry/performance/IPerformanceClient.ts +1 -0
  305. package/src/telemetry/performance/PerformanceClient.ts +28 -0
  306. package/src/telemetry/performance/StubPerformanceClient.ts +4 -0
  307. package/src/url/UrlString.ts +32 -13
  308. package/src/utils/ClientAssertionUtils.ts +3 -1
  309. package/src/utils/Constants.ts +6 -3
  310. package/src/utils/ProtocolUtils.ts +26 -8
  311. package/src/utils/UrlUtils.ts +8 -3
  312. package/types/account/AccountInfo.d.ts +8 -2
  313. package/types/account/AccountInfo.d.ts.map +1 -1
  314. package/types/account/AuthToken.d.ts +2 -6
  315. package/types/account/AuthToken.d.ts.map +1 -1
  316. package/types/account/ClientCredentials.d.ts +1 -0
  317. package/types/account/ClientCredentials.d.ts.map +1 -1
  318. package/types/account/ClientInfo.d.ts.map +1 -1
  319. package/types/authority/Authority.d.ts +4 -4
  320. package/types/authority/Authority.d.ts.map +1 -1
  321. package/types/authority/AuthorityFactory.d.ts.map +1 -1
  322. package/types/authority/AuthorityMetadata.d.ts.map +1 -1
  323. package/types/authority/RegionDiscovery.d.ts +3 -2
  324. package/types/authority/RegionDiscovery.d.ts.map +1 -1
  325. package/types/cache/CacheManager.d.ts +0 -7
  326. package/types/cache/CacheManager.d.ts.map +1 -1
  327. package/types/cache/entities/AccountEntity.d.ts +4 -0
  328. package/types/cache/entities/AccountEntity.d.ts.map +1 -1
  329. package/types/cache/entities/CredentialEntity.d.ts +2 -0
  330. package/types/cache/entities/CredentialEntity.d.ts.map +1 -1
  331. package/types/cache/utils/AccountEntityUtils.d.ts +1 -1
  332. package/types/cache/utils/AccountEntityUtils.d.ts.map +1 -1
  333. package/types/cache/utils/CacheHelpers.d.ts +1 -1
  334. package/types/cache/utils/CacheHelpers.d.ts.map +1 -1
  335. package/types/cache/utils/CacheTypes.d.ts +2 -1
  336. package/types/cache/utils/CacheTypes.d.ts.map +1 -1
  337. package/types/client/AuthorizationCodeClient.d.ts.map +1 -1
  338. package/types/client/RefreshTokenClient.d.ts.map +1 -1
  339. package/types/client/SilentFlowClient.d.ts.map +1 -1
  340. package/types/config/ClientConfiguration.d.ts.map +1 -1
  341. package/types/constants/AADServerParamKeys.d.ts +4 -0
  342. package/types/constants/AADServerParamKeys.d.ts.map +1 -1
  343. package/types/crypto/ICrypto.d.ts.map +1 -1
  344. package/types/crypto/JoseHeader.d.ts.map +1 -1
  345. package/types/error/AuthError.d.ts +2 -3
  346. package/types/error/AuthError.d.ts.map +1 -1
  347. package/types/error/ClientAuthError.d.ts +2 -2
  348. package/types/error/ClientAuthError.d.ts.map +1 -1
  349. package/types/error/ClientAuthErrorCodes.d.ts +0 -2
  350. package/types/error/ClientAuthErrorCodes.d.ts.map +1 -1
  351. package/types/error/ClientConfigurationError.d.ts +2 -2
  352. package/types/error/ClientConfigurationError.d.ts.map +1 -1
  353. package/types/error/InteractionRequiredAuthError.d.ts +2 -2
  354. package/types/error/InteractionRequiredAuthError.d.ts.map +1 -1
  355. package/types/error/JoseHeaderError.d.ts +2 -2
  356. package/types/error/JoseHeaderError.d.ts.map +1 -1
  357. package/types/error/NetworkError.d.ts.map +1 -1
  358. package/types/error/PlatformBrokerError.d.ts +1 -1
  359. package/types/error/PlatformBrokerError.d.ts.map +1 -1
  360. package/types/error/ServerError.d.ts +1 -1
  361. package/types/error/ServerError.d.ts.map +1 -1
  362. package/types/network/INetworkModule.d.ts.map +1 -1
  363. package/types/network/RequestThumbprint.d.ts +1 -0
  364. package/types/network/RequestThumbprint.d.ts.map +1 -1
  365. package/types/network/ThrottlingUtils.d.ts.map +1 -1
  366. package/types/packageMetadata.d.ts +1 -1
  367. package/types/packageMetadata.d.ts.map +1 -1
  368. package/types/protocol/Authorize.d.ts +4 -2
  369. package/types/protocol/Authorize.d.ts.map +1 -1
  370. package/types/protocol/Token.d.ts.map +1 -1
  371. package/types/request/AuthenticationHeaderParser.d.ts.map +1 -1
  372. package/types/request/BaseAuthRequest.d.ts +4 -0
  373. package/types/request/BaseAuthRequest.d.ts.map +1 -1
  374. package/types/request/RequestParameterBuilder.d.ts +12 -3
  375. package/types/request/RequestParameterBuilder.d.ts.map +1 -1
  376. package/types/request/ScopeSet.d.ts +4 -3
  377. package/types/request/ScopeSet.d.ts.map +1 -1
  378. package/types/response/ImdsComputeResponse.d.ts +10 -0
  379. package/types/response/ImdsComputeResponse.d.ts.map +1 -0
  380. package/types/response/ResponseHandler.d.ts +1 -1
  381. package/types/response/ResponseHandler.d.ts.map +1 -1
  382. package/types/telemetry/performance/IPerformanceClient.d.ts +3 -0
  383. package/types/telemetry/performance/IPerformanceClient.d.ts.map +1 -1
  384. package/types/telemetry/performance/PerformanceClient.d.ts +18 -0
  385. package/types/telemetry/performance/PerformanceClient.d.ts.map +1 -1
  386. package/types/telemetry/performance/StubPerformanceClient.d.ts +1 -0
  387. package/types/telemetry/performance/StubPerformanceClient.d.ts.map +1 -1
  388. package/types/url/UrlString.d.ts +5 -4
  389. package/types/url/UrlString.d.ts.map +1 -1
  390. package/types/utils/ClientAssertionUtils.d.ts +1 -1
  391. package/types/utils/ClientAssertionUtils.d.ts.map +1 -1
  392. package/types/utils/Constants.d.ts +6 -2
  393. package/types/utils/Constants.d.ts.map +1 -1
  394. package/types/utils/ProtocolUtils.d.ts +6 -3
  395. package/types/utils/ProtocolUtils.d.ts.map +1 -1
  396. package/types/utils/UrlUtils.d.ts.map +1 -1
  397. package/lib/index-node-CcOYLhxB.js.map +0 -1
@@ -69,6 +69,10 @@ export type BaseAuthRequest = {
69
69
  azureCloudOptions?: AzureCloudOptions;
70
70
  /**
71
71
  * Maximum allowed age, in milliseconds, of the user's authentication before a new sign-in is required.
72
+ * @deprecated This option no longer has any effect and will be removed in a future major version.
73
+ * MSAL does not validate the authentication age of returned tokens. To enforce the OIDC `max_age`
74
+ * parameter, send it via `extraQueryParameters` and validate the `auth_time` claim of the returned
75
+ * token yourself.
72
76
  */
73
77
  maxAge?: number;
74
78
  /**
@@ -130,13 +134,15 @@ export function enforceResourceParameter(
130
134
  containsResourceParam(request.extraQueryParameters))
131
135
  ) {
132
136
  throw createClientAuthError(
133
- ClientAuthErrorCodes.misplacedResourceParam
137
+ ClientAuthErrorCodes.misplacedResourceParam,
138
+ request.correlationId || ""
134
139
  );
135
140
  }
136
141
 
137
142
  if (!request.resource) {
138
143
  throw createClientAuthError(
139
- ClientAuthErrorCodes.resourceParameterRequired
144
+ ClientAuthErrorCodes.resourceParameterRequired,
145
+ request.correlationId || ""
140
146
  );
141
147
  }
142
148
  }
@@ -18,7 +18,6 @@ import {
18
18
  import { ServerTelemetryManager } from "../telemetry/server/ServerTelemetryManager.js";
19
19
  import { ClientInfo } from "../account/ClientInfo.js";
20
20
  import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
21
- import { StringUtils } from "../utils/StringUtils.js";
22
21
 
23
22
  export function instrumentBrokerParams(
24
23
  parameters: Map<string, string>,
@@ -84,6 +83,7 @@ export function addNativeBroker(parameters: Map<string, string>): void {
84
83
  export function addScopes(
85
84
  parameters: Map<string, string>,
86
85
  scopes: string[],
86
+ correlationId: string,
87
87
  addOidcScopes: boolean = true,
88
88
  defaultScopes: Array<string> = Constants.OIDC_DEFAULT_SCOPES
89
89
  ): void {
@@ -98,7 +98,7 @@ export function addScopes(
98
98
  const requestScopes = addOidcScopes
99
99
  ? [...(scopes || []), ...defaultScopes]
100
100
  : scopes || [];
101
- const scopeSet = new ScopeSet(requestScopes);
101
+ const scopeSet = new ScopeSet(requestScopes, correlationId);
102
102
  parameters.set(AADServerParamKeys.SCOPE, scopeSet.printScopes());
103
103
  }
104
104
 
@@ -205,12 +205,14 @@ export function addSid(parameters: Map<string, string>, sid: string): void {
205
205
  * Adds claims to request parameters, conditionally excluding clientCapabilities
206
206
  * when skipBrokerClaims is true and a brokered flow is in effect.
207
207
  * @param parameters - The request parameters map
208
+ * @param correlationId - The request correlation id
208
209
  * @param claims - The claims string from the request
209
210
  * @param clientCapabilities - The client capabilities from configuration
210
211
  * @param skipBrokerClaims - When true and BROKER_CLIENT_ID is present, excludes clientCapabilities from claims
211
212
  */
212
213
  export function addClaims(
213
214
  parameters: Map<string, string>,
215
+ correlationId: string,
214
216
  claims?: string,
215
217
  clientCapabilities?: Array<string>,
216
218
  skipBrokerClaims?: boolean
@@ -221,23 +223,8 @@ export function addClaims(
221
223
  ? undefined
222
224
  : clientCapabilities;
223
225
 
224
- if (
225
- !StringUtils.isEmptyObj(claims) ||
226
- (configClaims && configClaims.length > 0)
227
- ) {
228
- const mergedClaims = addClientCapabilitiesToClaims(
229
- claims,
230
- configClaims
231
- );
232
- try {
233
- JSON.parse(mergedClaims);
234
- } catch (e) {
235
- throw createClientConfigurationError(
236
- ClientConfigurationErrorCodes.invalidClaims
237
- );
238
- }
239
- parameters.set(AADServerParamKeys.CLAIMS, mergedClaims);
240
- }
226
+ const mergedClaims = buildMergedClaims(claims, configClaims, correlationId);
227
+ parameters.set(AADServerParamKeys.CLAIMS, mergedClaims);
241
228
  }
242
229
 
243
230
  /**
@@ -335,7 +322,8 @@ export function addCodeChallengeParams(
335
322
  );
336
323
  } else {
337
324
  throw createClientConfigurationError(
338
- ClientConfigurationErrorCodes.pkceParamsMissing
325
+ ClientConfigurationErrorCodes.pkceParamsMissing,
326
+ ""
339
327
  );
340
328
  }
341
329
  }
@@ -493,9 +481,27 @@ export function addExtraParameters(
493
481
  });
494
482
  }
495
483
 
496
- export function addClientCapabilitiesToClaims(
484
+ /**
485
+ * Default optional idToken claims requested on all auth requests.
486
+ * signin_state enables KMSI detection; login_hint enables login hint propagation.
487
+ */
488
+ const DEFAULT_ID_TOKEN_CLAIMS: Record<string, { essential: false }> = {
489
+ [Constants.ClaimsRequestKeys.SIGNIN_STATE]: { essential: false },
490
+ [Constants.ClaimsRequestKeys.LOGIN_HINT]: { essential: false },
491
+ };
492
+
493
+ /**
494
+ * Parses claims JSON, merges default optional idToken claims (signin_state, login_hint),
495
+ * and appends client capabilities (xms_cc) to the access_token section.
496
+ * Does not overwrite idToken claims already specified by the caller.
497
+ * @param claims - Existing claims JSON string from the request (may be undefined)
498
+ * @param clientCapabilities - Client capabilities array from configuration
499
+ * @returns Merged claims JSON string
500
+ */
501
+ export function buildMergedClaims(
497
502
  claims?: string,
498
- clientCapabilities?: Array<string>
503
+ clientCapabilities?: Array<string>,
504
+ correlationId: string = ""
499
505
  ): string {
500
506
  let mergedClaims: object;
501
507
 
@@ -504,17 +510,44 @@ export function addClientCapabilitiesToClaims(
504
510
  mergedClaims = {};
505
511
  } else {
506
512
  try {
507
- mergedClaims = JSON.parse(claims);
513
+ const parsed = JSON.parse(claims);
514
+ if (
515
+ typeof parsed !== "object" ||
516
+ parsed === null ||
517
+ Array.isArray(parsed)
518
+ ) {
519
+ throw new Error("Claims must be a JSON object");
520
+ }
521
+ mergedClaims = parsed;
508
522
  } catch (e) {
509
523
  throw createClientConfigurationError(
510
- ClientConfigurationErrorCodes.invalidClaims
524
+ ClientConfigurationErrorCodes.invalidClaims,
525
+ correlationId
511
526
  );
512
527
  }
513
528
  }
514
529
 
530
+ // Add default optional idToken claims
531
+ if (
532
+ !Object.prototype.hasOwnProperty.call(
533
+ mergedClaims,
534
+ Constants.ClaimsRequestKeys.ID_TOKEN
535
+ )
536
+ ) {
537
+ mergedClaims[Constants.ClaimsRequestKeys.ID_TOKEN] = {};
538
+ }
539
+ const idTokenClaims = mergedClaims[Constants.ClaimsRequestKeys.ID_TOKEN];
540
+ for (const [key, value] of Object.entries(DEFAULT_ID_TOKEN_CLAIMS)) {
541
+ if (!(key in idTokenClaims)) {
542
+ idTokenClaims[key] = value;
543
+ }
544
+ }
545
+
546
+ // Add client capabilities
515
547
  if (clientCapabilities && clientCapabilities.length > 0) {
516
548
  if (
517
- !mergedClaims.hasOwnProperty(
549
+ !Object.prototype.hasOwnProperty.call(
550
+ mergedClaims,
518
551
  Constants.ClaimsRequestKeys.ACCESS_TOKEN
519
552
  )
520
553
  ) {
@@ -597,24 +630,14 @@ export function addServerTelemetry(
597
630
  parameters: Map<string, string>,
598
631
  serverTelemetryManager: ServerTelemetryManager
599
632
  ): void {
600
- const currentTelemetryHeader =
601
- serverTelemetryManager.generateCurrentRequestHeaderValue();
602
- const lastTelemetryHeader =
603
- serverTelemetryManager.generateLastRequestHeaderValue();
604
-
605
- if (currentTelemetryHeader) {
606
- parameters.set(
607
- AADServerParamKeys.X_CLIENT_CURR_TELEM,
608
- currentTelemetryHeader
609
- );
610
- }
611
-
612
- if (lastTelemetryHeader) {
613
- parameters.set(
614
- AADServerParamKeys.X_CLIENT_LAST_TELEM,
615
- lastTelemetryHeader
616
- );
617
- }
633
+ parameters.set(
634
+ AADServerParamKeys.X_CLIENT_CURR_TELEM,
635
+ serverTelemetryManager.generateCurrentRequestHeaderValue()
636
+ );
637
+ parameters.set(
638
+ AADServerParamKeys.X_CLIENT_LAST_TELEM,
639
+ serverTelemetryManager.generateLastRequestHeaderValue()
640
+ );
618
641
  }
619
642
 
620
643
  /**
@@ -26,8 +26,10 @@ import {
26
26
  export class ScopeSet {
27
27
  // Scopes as a Set of strings
28
28
  private scopes: Set<string>;
29
+ private correlationId: string;
29
30
 
30
- constructor(inputScopes: Array<string>) {
31
+ constructor(inputScopes: Array<string>, correlationId: string) {
32
+ this.correlationId = correlationId;
31
33
  // Filter empty string and null/undefined array items
32
34
  const scopeArr = inputScopes
33
35
  ? StringUtils.trimArrayEntries([...inputScopes])
@@ -39,7 +41,8 @@ export class ScopeSet {
39
41
  // Check if scopes array has at least one member
40
42
  if (!filteredInput || !filteredInput.length) {
41
43
  throw createClientConfigurationError(
42
- ClientConfigurationErrorCodes.emptyInputScopesError
44
+ ClientConfigurationErrorCodes.emptyInputScopesError,
45
+ correlationId
43
46
  );
44
47
  }
45
48
 
@@ -53,10 +56,13 @@ export class ScopeSet {
53
56
  * @param appClientId
54
57
  * @param scopesRequired
55
58
  */
56
- static fromString(inputScopeString: string): ScopeSet {
59
+ static fromString(
60
+ inputScopeString: string,
61
+ correlationId: string
62
+ ): ScopeSet {
57
63
  const scopeString = inputScopeString || "";
58
64
  const inputScopes: Array<string> = scopeString.split(" ");
59
- return new ScopeSet(inputScopes);
65
+ return new ScopeSet(inputScopes, correlationId);
60
66
  }
61
67
 
62
68
  /**
@@ -64,14 +70,17 @@ export class ScopeSet {
64
70
  * @param inputScopeString
65
71
  * @returns
66
72
  */
67
- static createSearchScopes(inputScopeString: Array<string>): ScopeSet {
73
+ static createSearchScopes(
74
+ inputScopeString: Array<string>,
75
+ correlationId: string
76
+ ): ScopeSet {
68
77
  // Handle empty scopes by using default OIDC scopes for cache lookup
69
78
  const scopesToUse =
70
79
  inputScopeString && inputScopeString.length > 0
71
80
  ? inputScopeString
72
81
  : [...OIDC_DEFAULT_SCOPES];
73
82
 
74
- const scopeSet = new ScopeSet(scopesToUse);
83
+ const scopeSet = new ScopeSet(scopesToUse, correlationId);
75
84
  if (!scopeSet.containsOnlyOIDCScopes()) {
76
85
  scopeSet.removeOIDCScopes();
77
86
  } else {
@@ -87,7 +96,10 @@ export class ScopeSet {
87
96
  */
88
97
  containsScope(scope: string): boolean {
89
98
  const lowerCaseScopes = this.printScopesLowerCase().split(" ");
90
- const lowerCaseScopesSet = new ScopeSet(lowerCaseScopes);
99
+ const lowerCaseScopesSet = new ScopeSet(
100
+ lowerCaseScopes,
101
+ this.correlationId
102
+ );
91
103
  // compare lowercase scopes
92
104
  return scope
93
105
  ? lowerCaseScopesSet.scopes.has(scope.toLowerCase())
@@ -142,7 +154,8 @@ export class ScopeSet {
142
154
  newScopes.forEach((newScope) => this.appendScope(newScope));
143
155
  } catch (e) {
144
156
  throw createClientAuthError(
145
- ClientAuthErrorCodes.cannotAppendScopeSet
157
+ ClientAuthErrorCodes.cannotAppendScopeSet,
158
+ this.correlationId
146
159
  );
147
160
  }
148
161
  }
@@ -154,7 +167,8 @@ export class ScopeSet {
154
167
  removeScope(scope: string): void {
155
168
  if (!scope) {
156
169
  throw createClientAuthError(
157
- ClientAuthErrorCodes.cannotRemoveEmptyScope
170
+ ClientAuthErrorCodes.cannotRemoveEmptyScope,
171
+ this.correlationId
158
172
  );
159
173
  }
160
174
  this.scopes.delete(scope.trim());
@@ -177,7 +191,8 @@ export class ScopeSet {
177
191
  unionScopeSets(otherScopes: ScopeSet): Set<string> {
178
192
  if (!otherScopes) {
179
193
  throw createClientAuthError(
180
- ClientAuthErrorCodes.emptyInputScopeSet
194
+ ClientAuthErrorCodes.emptyInputScopeSet,
195
+ this.correlationId
181
196
  );
182
197
  }
183
198
  const unionScopes = new Set<string>(); // Iterator in constructor not supported in IE11
@@ -195,7 +210,8 @@ export class ScopeSet {
195
210
  intersectingScopeSets(otherScopes: ScopeSet): boolean {
196
211
  if (!otherScopes) {
197
212
  throw createClientAuthError(
198
- ClientAuthErrorCodes.emptyInputScopeSet
213
+ ClientAuthErrorCodes.emptyInputScopeSet,
214
+ this.correlationId
199
215
  );
200
216
  }
201
217
 
@@ -0,0 +1,14 @@
1
+ /*
2
+ * Copyright (c) Microsoft Corporation. All rights reserved.
3
+ * Licensed under the MIT License.
4
+ */
5
+
6
+ /**
7
+ * Response body returned by the IMDS compute metadata endpoint
8
+ * (http://169.254.169.254/metadata/instance/compute). Only the `location`
9
+ * field is used for region auto-discovery. `location` is optional because the
10
+ * IMDS response can legitimately omit it or return `null`.
11
+ */
12
+ export type ImdsComputeResponse = {
13
+ location?: string;
14
+ };
@@ -8,11 +8,7 @@ import {
8
8
  buildTenantProfile,
9
9
  updateAccountTenantProfileData,
10
10
  } from "../account/AccountInfo.js";
11
- import {
12
- checkMaxAge,
13
- extractTokenClaims,
14
- isKmsi,
15
- } from "../account/AuthToken.js";
11
+ import { extractTokenClaims, isKmsi } from "../account/AuthToken.js";
16
12
  import {
17
13
  TokenClaims,
18
14
  getTenantIdFromIdTokenClaims,
@@ -117,7 +113,8 @@ export class ResponseHandler {
117
113
  ? serverResponse.error_codes[0]
118
114
  : undefined;
119
115
  const serverError = new ServerError(
120
- serverResponse.error,
116
+ serverResponse.error || "",
117
+ serverResponse.correlation_id || "",
121
118
  errString,
122
119
  serverResponse.suberror,
123
120
  serverErrorNo,
@@ -164,12 +161,12 @@ export class ResponseHandler {
164
161
  )
165
162
  ) {
166
163
  throw new InteractionRequiredAuthError(
167
- serverResponse.error,
164
+ serverResponse.error || "",
165
+ serverResponse.correlation_id || "",
168
166
  serverResponse.error_description,
169
167
  serverResponse.suberror,
170
168
  serverResponse.timestamp || "",
171
169
  serverResponse.trace_id || "",
172
- serverResponse.correlation_id || "",
173
170
  serverResponse.claims || "",
174
171
  serverErrorNo
175
172
  );
@@ -194,35 +191,26 @@ export class ResponseHandler {
194
191
  userAssertionHash?: string,
195
192
  handlingRefreshTokenResponse?: boolean,
196
193
  forceCacheRefreshTokenResponse?: boolean,
197
- serverRequestId?: string
194
+ serverRequestId?: string,
195
+ additionalCacheKeyComponents?: Record<string, string>
198
196
  ): Promise<AuthenticationResult> {
199
197
  // create an idToken object (not entity)
200
198
  let idTokenClaims: TokenClaims | undefined;
201
199
  if (serverTokenResponse.id_token) {
202
200
  idTokenClaims = extractTokenClaims(
203
201
  serverTokenResponse.id_token || "",
204
- this.cryptoObj.base64Decode
202
+ this.cryptoObj.base64Decode,
203
+ request.correlationId
205
204
  );
206
205
 
207
206
  // token nonce check (TODO: Add a warning if no nonce is given?)
208
207
  if (authCodePayload && authCodePayload.nonce) {
209
208
  if (idTokenClaims.nonce !== authCodePayload.nonce) {
210
209
  throw createClientAuthError(
211
- ClientAuthErrorCodes.nonceMismatch
212
- );
213
- }
214
- }
215
-
216
- // token max_age check
217
- if (request.maxAge || request.maxAge === 0) {
218
- const authTime = idTokenClaims.auth_time;
219
- if (!authTime) {
220
- throw createClientAuthError(
221
- ClientAuthErrorCodes.authTimeNotFound
210
+ ClientAuthErrorCodes.nonceMismatch,
211
+ request.correlationId
222
212
  );
223
213
  }
224
-
225
- checkMaxAge(authTime, request.maxAge);
226
214
  }
227
215
  }
228
216
 
@@ -241,7 +229,8 @@ export class ResponseHandler {
241
229
  if (!!authCodePayload && !!authCodePayload.state) {
242
230
  requestStateObj = ProtocolUtils.parseRequestState(
243
231
  this.cryptoObj.base64Decode,
244
- authCodePayload.state
232
+ authCodePayload.state,
233
+ request.correlationId
245
234
  );
246
235
  }
247
236
 
@@ -256,7 +245,8 @@ export class ResponseHandler {
256
245
  request,
257
246
  idTokenClaims,
258
247
  userAssertionHash,
259
- authCodePayload
248
+ authCodePayload,
249
+ additionalCacheKeyComponents
260
250
  );
261
251
  let cacheContext;
262
252
  try {
@@ -363,12 +353,14 @@ export class ResponseHandler {
363
353
  request: BaseAuthRequest,
364
354
  idTokenClaims?: TokenClaims,
365
355
  userAssertionHash?: string,
366
- authCodePayload?: AuthorizationCodePayload
356
+ authCodePayload?: AuthorizationCodePayload,
357
+ additionalCacheKeyComponents?: Record<string, string>
367
358
  ): CacheRecord {
368
359
  const env = authority.getPreferredCache();
369
360
  if (!env) {
370
361
  throw createClientAuthError(
371
- ClientAuthErrorCodes.invalidCacheEnvironment
362
+ ClientAuthErrorCodes.invalidCacheEnvironment,
363
+ request.correlationId
372
364
  );
373
365
  }
374
366
 
@@ -408,8 +400,11 @@ export class ResponseHandler {
408
400
  if (serverTokenResponse.access_token) {
409
401
  // If scopes not returned in server response, use request scopes
410
402
  const responseScopes = serverTokenResponse.scope
411
- ? ScopeSet.fromString(serverTokenResponse.scope)
412
- : new ScopeSet(request.scopes || []);
403
+ ? ScopeSet.fromString(
404
+ serverTokenResponse.scope,
405
+ request.correlationId
406
+ )
407
+ : new ScopeSet(request.scopes || [], request.correlationId);
413
408
 
414
409
  /*
415
410
  * Use timestamp calculated before request
@@ -446,10 +441,12 @@ export class ResponseHandler {
446
441
  tokenExpirationSeconds,
447
442
  extendedTokenExpirationSeconds,
448
443
  this.cryptoObj.base64Decode,
444
+ request.correlationId,
449
445
  refreshOnSeconds,
450
446
  serverTokenResponse.token_type,
451
447
  userAssertionHash,
452
- serverTokenResponse.key_id
448
+ serverTokenResponse.key_id,
449
+ additionalCacheKeyComponents
453
450
  );
454
451
  // Set resource (to be used for MCP scenarios)
455
452
  const resource = request.resource || null;
@@ -553,7 +550,8 @@ export class ResponseHandler {
553
550
 
554
551
  if (!keyId) {
555
552
  throw createClientAuthError(
556
- ClientAuthErrorCodes.keyIdMissing
553
+ ClientAuthErrorCodes.keyIdMissing,
554
+ request.correlationId
557
555
  );
558
556
  }
559
557
 
@@ -566,7 +564,8 @@ export class ResponseHandler {
566
564
  accessToken = cacheRecord.accessToken.secret;
567
565
  }
568
566
  responseScopes = ScopeSet.fromString(
569
- cacheRecord.accessToken.target
567
+ cacheRecord.accessToken.target,
568
+ request.correlationId
570
569
  ).asArray();
571
570
  // Access token expiresOn cached in seconds, converting to Date for AuthenticationResult
572
571
  expiresOn = TimeUtils.toDateFromSeconds(
@@ -593,8 +592,20 @@ export class ResponseHandler {
593
592
 
594
593
  // for hybrid + native bridge enablement, send back the native account Id
595
594
  if (serverTokenResponse?.spa_accountid && !!cacheRecord.account) {
595
+ // Set on deprecated top-level for downgrade compat
596
596
  cacheRecord.account.nativeAccountId =
597
597
  serverTokenResponse?.spa_accountid;
598
+ // Set on the matching tenant profile (source of truth)
599
+ const targetTenantId = tid || cacheRecord.account.realm;
600
+ if (cacheRecord.account.tenantProfiles) {
601
+ const matchingProfile = cacheRecord.account.tenantProfiles.find(
602
+ (tp) => tp.tenantId === targetTenantId
603
+ );
604
+ if (matchingProfile) {
605
+ matchingProfile.nativeAccountId =
606
+ serverTokenResponse.spa_accountid;
607
+ }
608
+ }
598
609
  }
599
610
 
600
611
  const accountInfo: AccountInfo | null = cacheRecord.account
@@ -692,6 +703,7 @@ export function buildAccountToCache(
692
703
  nativeAccountId: nativeAccountId,
693
704
  },
694
705
  authority,
706
+ correlationId,
695
707
  base64Decode
696
708
  );
697
709
 
@@ -707,6 +719,7 @@ export function buildAccountToCache(
707
719
  homeAccountId,
708
720
  baseAccount.localAccountId,
709
721
  tenantId,
722
+ nativeAccountId,
710
723
  idTokenClaims
711
724
  );
712
725
  tenantProfiles.push(newTenantProfile);
@@ -31,6 +31,7 @@ export interface IPerformanceClient {
31
31
  fields: { [key: string]: {} | undefined },
32
32
  correlationId: string
33
33
  ): void;
34
+ addGlobalFields(fields: { [key: string]: {} | undefined }): void;
34
35
  incrementFields(
35
36
  fields: { [key: string]: number | undefined },
36
37
  correlationId: string
@@ -279,6 +279,14 @@ export abstract class PerformanceClient implements IPerformanceClient {
279
279
  protected logger: Logger;
280
280
  protected callbacks: Map<string, PerformanceCallbackFunction>;
281
281
 
282
+ /**
283
+ * Fields stamped onto every event emitted by this client (e.g. previousLibraryVersion).
284
+ * Unlike addFields, these are not scoped to a single correlationId and persist for the
285
+ * lifetime of the client. Set imperatively after construction via addGlobalFields.
286
+ * @protected
287
+ */
288
+ protected globalFields: { [key: string]: {} | undefined };
289
+
282
290
  /**
283
291
  * Multiple events with the same correlation id.
284
292
  * @protected
@@ -320,6 +328,7 @@ export abstract class PerformanceClient implements IPerformanceClient {
320
328
  this.authority = authority;
321
329
  this.libraryName = libraryName;
322
330
  this.libraryVersion = libraryVersion;
331
+ this.globalFields = {};
323
332
  this.applicationTelemetry = applicationTelemetry;
324
333
  this.clientId = clientId;
325
334
  this.logger = logger;
@@ -507,6 +516,12 @@ export abstract class PerformanceClient implements IPerformanceClient {
507
516
  incompleteSubsCount,
508
517
  context,
509
518
  logs: formattedLogs,
519
+ /*
520
+ * Global fields are spread last so they are always present on the
521
+ * emitted event and never overridden, even when registered after
522
+ * the measurement started.
523
+ */
524
+ ...this.globalFields,
510
525
  };
511
526
  if (account) {
512
527
  finalEvent.accountType = getAccountType(account);
@@ -568,6 +583,19 @@ export abstract class PerformanceClient implements IPerformanceClient {
568
583
  }
569
584
  }
570
585
 
586
+ /**
587
+ * Saves fields to be emitted on every event measured by this client.
588
+ * Unlike addFields, these are not scoped to a single correlationId and persist for the
589
+ * lifetime of the client (e.g. previousLibraryVersion for upgrade/downgrade telemetry).
590
+ * @param fields
591
+ */
592
+ addGlobalFields(fields: { [key: string]: {} | undefined }): void {
593
+ this.globalFields = {
594
+ ...this.globalFields,
595
+ ...fields,
596
+ };
597
+ }
598
+
571
599
  /**
572
600
  * Increment counters to be emitted when the measurements are flushed
573
601
  * @param fields {string[]}
@@ -77,6 +77,10 @@ export class StubPerformanceClient implements IPerformanceClient {
77
77
  return;
78
78
  }
79
79
 
80
+ addGlobalFields(): void {
81
+ return;
82
+ }
83
+
80
84
  incrementFields(): void {
81
85
  return;
82
86
  }