@azure/msal-node-extensions 1.5.24 → 5.0.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. package/bin/arm64/dpapi.node +0 -0
  2. package/bin/ia32/dpapi.node +0 -0
  3. package/bin/x64/dpapi.node +0 -0
  4. package/dist/Dpapi.mjs +1 -1
  5. package/dist/Dpapi.mjs.map +1 -1
  6. package/dist/broker/NativeBrokerPlugin.mjs +30 -42
  7. package/dist/broker/NativeBrokerPlugin.mjs.map +1 -1
  8. package/dist/error/NativeAuthError.d.ts +1 -1
  9. package/dist/error/NativeAuthError.mjs +2 -3
  10. package/dist/error/NativeAuthError.mjs.map +1 -1
  11. package/dist/error/PersistenceError.mjs +1 -1
  12. package/dist/error/PersistenceError.mjs.map +1 -1
  13. package/dist/index.d.ts +0 -1
  14. package/dist/index.mjs +1 -2
  15. package/dist/index.mjs.map +1 -1
  16. package/dist/lib/msal-common/dist/constants/AADServerParamKeys.mjs +2 -2
  17. package/dist/lib/msal-common/dist/constants/AADServerParamKeys.mjs.map +1 -1
  18. package/dist/lib/msal-common/dist/error/AuthError.mjs +16 -11
  19. package/dist/lib/msal-common/dist/error/AuthError.mjs.map +1 -1
  20. package/dist/lib/msal-common/dist/error/ClientAuthError.mjs +4 -56
  21. package/dist/lib/msal-common/dist/error/ClientAuthError.mjs.map +1 -1
  22. package/dist/lib/msal-common/dist/error/ClientAuthErrorCodes.mjs +4 -49
  23. package/dist/lib/msal-common/dist/error/ClientAuthErrorCodes.mjs.map +1 -1
  24. package/dist/lib/msal-common/dist/error/ClientConfigurationError.mjs +4 -30
  25. package/dist/lib/msal-common/dist/error/ClientConfigurationError.mjs.map +1 -1
  26. package/dist/lib/msal-common/dist/error/ClientConfigurationErrorCodes.mjs +4 -30
  27. package/dist/lib/msal-common/dist/error/ClientConfigurationErrorCodes.mjs.map +1 -1
  28. package/dist/lib/msal-common/dist/error/InteractionRequiredAuthError.mjs +6 -7
  29. package/dist/lib/msal-common/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
  30. package/dist/lib/msal-common/dist/error/ServerError.mjs +2 -2
  31. package/dist/lib/msal-common/dist/error/ServerError.mjs.map +1 -1
  32. package/dist/lib/msal-common/dist/logger/Logger.mjs +17 -23
  33. package/dist/lib/msal-common/dist/logger/Logger.mjs.map +1 -1
  34. package/dist/lib/msal-common/dist/telemetry/server/ServerTelemetryManager.mjs +29 -31
  35. package/dist/lib/msal-common/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
  36. package/dist/lib/msal-common/dist/utils/Constants.mjs +15 -79
  37. package/dist/lib/msal-common/dist/utils/Constants.mjs.map +1 -1
  38. package/dist/lib/msal-common/dist/utils/TimeUtils.mjs +2 -2
  39. package/dist/lib/msal-common/dist/utils/TimeUtils.mjs.map +1 -1
  40. package/dist/lock/CrossPlatformLock.mjs +10 -10
  41. package/dist/lock/CrossPlatformLock.mjs.map +1 -1
  42. package/dist/packageMetadata.d.ts +1 -1
  43. package/dist/packageMetadata.mjs +2 -2
  44. package/dist/persistence/BasePersistence.mjs +1 -1
  45. package/dist/persistence/BasePersistence.mjs.map +1 -1
  46. package/dist/persistence/DataProtectionScope.mjs +1 -1
  47. package/dist/persistence/DataProtectionScope.mjs.map +1 -1
  48. package/dist/persistence/FilePersistence.mjs +5 -5
  49. package/dist/persistence/FilePersistence.mjs.map +1 -1
  50. package/dist/persistence/FilePersistenceWithDataProtection.mjs +2 -2
  51. package/dist/persistence/FilePersistenceWithDataProtection.mjs.map +1 -1
  52. package/dist/persistence/KeychainPersistence.mjs +1 -1
  53. package/dist/persistence/KeychainPersistence.mjs.map +1 -1
  54. package/dist/persistence/LibSecretPersistence.mjs +1 -1
  55. package/dist/persistence/LibSecretPersistence.mjs.map +1 -1
  56. package/dist/persistence/PersistenceCachePlugin.mjs +12 -12
  57. package/dist/persistence/PersistenceCachePlugin.mjs.map +1 -1
  58. package/dist/persistence/PersistenceCreator.mjs +1 -1
  59. package/dist/persistence/PersistenceCreator.mjs.map +1 -1
  60. package/dist/utils/Constants.mjs +1 -1
  61. package/dist/utils/Constants.mjs.map +1 -1
  62. package/dist/utils/Environment.mjs +1 -1
  63. package/dist/utils/Environment.mjs.map +1 -1
  64. package/dist/utils/TypeGuards.mjs +1 -1
  65. package/dist/utils/TypeGuards.mjs.map +1 -1
  66. package/lib/msal-node-extensions.cjs +180 -430
  67. package/lib/msal-node-extensions.cjs.map +1 -1
  68. package/lib/types/error/NativeAuthError.d.ts +1 -1
  69. package/lib/types/index.d.ts +0 -1
  70. package/lib/types/packageMetadata.d.ts +1 -1
  71. package/package.json +86 -88
  72. package/dist/utils/StringUtils.d.ts +0 -8
  73. package/dist/utils/StringUtils.mjs +0 -32
  74. package/dist/utils/StringUtils.mjs.map +0 -1
  75. package/lib/types/utils/StringUtils.d.ts +0 -8
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-node-extensions v1.5.24 2025-10-29 */
1
+ /*! @azure/msal-node-extensions v5.0.0-alpha.0 2025-10-07 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
@@ -14,7 +14,7 @@ var _documentCurrentScript = typeof document !== 'undefined' ? document.currentS
14
14
  * Copyright (c) Microsoft Corporation. All rights reserved.
15
15
  * Licensed under the MIT License.
16
16
  */
17
- const Constants$1 = {
17
+ const Constants = {
18
18
  /**
19
19
  * An existing file was the target of an operation that required that the target not exist
20
20
  */
@@ -188,21 +188,21 @@ class CrossPlatformLock {
188
188
  async lock() {
189
189
  for (let tryCount = 0; tryCount < this.retryNumber; tryCount++) {
190
190
  try {
191
- this.logger.info(`Pid ${process$1.pid} trying to acquire lock`);
191
+ this.logger.info(`Pid ${process$1.pid} trying to acquire lock`, "");
192
192
  this.lockFileHandle = await fs.promises.open(this.lockFilePath, "wx+");
193
- this.logger.info(`Pid ${process$1.pid} acquired lock`);
193
+ this.logger.info(`Pid ${process$1.pid} acquired lock`, "");
194
194
  await this.lockFileHandle.write(process$1.pid.toString());
195
195
  return;
196
196
  }
197
197
  catch (err) {
198
198
  if (isNodeError(err)) {
199
- if (err.code === Constants$1.EEXIST_ERROR ||
200
- err.code === Constants$1.EPERM_ERROR) {
201
- this.logger.info(err.message);
199
+ if (err.code === Constants.EEXIST_ERROR ||
200
+ err.code === Constants.EPERM_ERROR) {
201
+ this.logger.info(err.message, "");
202
202
  await this.sleep(this.retryDelay);
203
203
  }
204
204
  else {
205
- this.logger.error(`${process$1.pid} was not able to acquire lock. Ran into error: ${err.message}`);
205
+ this.logger.error(`${process$1.pid} was not able to acquire lock. Ran into error: ${err.message}`, "");
206
206
  throw PersistenceError.createCrossPlatformLockError(err.message);
207
207
  }
208
208
  }
@@ -211,7 +211,7 @@ class CrossPlatformLock {
211
211
  }
212
212
  }
213
213
  }
214
- this.logger.error(`${process$1.pid} was not able to acquire lock. Exceeded amount of retries set in the options`);
214
+ this.logger.error(`${process$1.pid} was not able to acquire lock. Exceeded amount of retries set in the options`, "");
215
215
  throw PersistenceError.createCrossPlatformLockError("Not able to acquire lock. Exceeded amount of retries set in options");
216
216
  }
217
217
  /**
@@ -223,19 +223,19 @@ class CrossPlatformLock {
223
223
  // if we have a file handle to the .lockfile, delete lock file
224
224
  await fs.promises.unlink(this.lockFilePath);
225
225
  await this.lockFileHandle.close();
226
- this.logger.info("lockfile deleted");
226
+ this.logger.info("lockfile deleted", "");
227
227
  }
228
228
  else {
229
- this.logger.warning("lockfile handle does not exist, so lockfile could not be deleted");
229
+ this.logger.warning("lockfile handle does not exist, so lockfile could not be deleted", "");
230
230
  }
231
231
  }
232
232
  catch (err) {
233
233
  if (isNodeError(err)) {
234
- if (err.code === Constants$1.ENOENT_ERROR) {
235
- this.logger.info("Tried to unlock but lockfile does not exist");
234
+ if (err.code === Constants.ENOENT_ERROR) {
235
+ this.logger.info("Tried to unlock but lockfile does not exist", "");
236
236
  }
237
237
  else {
238
- this.logger.error(`${process$1.pid} was not able to release lock. Ran into error: ${err.message}`);
238
+ this.logger.error(`${process$1.pid} was not able to release lock. Ran into error: ${err.message}`, "");
239
239
  throw PersistenceError.createCrossPlatformLockError(err.message);
240
240
  }
241
241
  }
@@ -289,17 +289,17 @@ class PersistenceCachePlugin {
289
289
  * beforeCacheAccess() and afterCacheAccess().
290
290
  */
291
291
  async beforeCacheAccess(cacheContext) {
292
- this.logger.info("Executing before cache access");
292
+ this.logger.info("Executing before cache access", "");
293
293
  const reloadNecessary = await this.persistence.reloadNecessary(this.lastSync);
294
294
  if (!reloadNecessary && this.currentCache !== null) {
295
295
  if (cacheContext.cacheHasChanged) {
296
- this.logger.verbose("Cache context has changed");
296
+ this.logger.verbose("Cache context has changed", "");
297
297
  await this.crossPlatformLock.lock();
298
298
  }
299
299
  return;
300
300
  }
301
301
  try {
302
- this.logger.info(`Reload necessary. Last sync time: ${this.lastSync}`);
302
+ this.logger.info(`Reload necessary. Last sync time: ${this.lastSync}`, "");
303
303
  await this.crossPlatformLock.lock();
304
304
  this.currentCache = await this.persistence.load();
305
305
  this.lastSync = new Date().getTime();
@@ -307,17 +307,17 @@ class PersistenceCachePlugin {
307
307
  cacheContext.tokenCache.deserialize(this.currentCache);
308
308
  }
309
309
  else {
310
- this.logger.info("Cache empty.");
310
+ this.logger.info("Cache empty.", "");
311
311
  }
312
- this.logger.info(`Last sync time updated to: ${this.lastSync}`);
312
+ this.logger.info(`Last sync time updated to: ${this.lastSync}`, "");
313
313
  }
314
314
  finally {
315
315
  if (!cacheContext.cacheHasChanged) {
316
316
  await this.crossPlatformLock.unlock();
317
- this.logger.info(`Pid ${process$1.pid} released lock`);
317
+ this.logger.info(`Pid ${process$1.pid} released lock`, "");
318
318
  }
319
319
  else {
320
- this.logger.info(`Pid ${process$1.pid} beforeCacheAccess did not release lock`);
320
+ this.logger.info(`Pid ${process$1.pid} beforeCacheAccess did not release lock`, "");
321
321
  }
322
322
  }
323
323
  }
@@ -325,139 +325,45 @@ class PersistenceCachePlugin {
325
325
  * Writes to storage if MSAL in memory copy of cache has been changed.
326
326
  */
327
327
  async afterCacheAccess(cacheContext) {
328
- this.logger.info("Executing after cache access");
328
+ this.logger.info("Executing after cache access", "");
329
329
  try {
330
330
  if (cacheContext.cacheHasChanged) {
331
- this.logger.info("Msal in-memory cache has changed. Writing changes to persistence");
331
+ this.logger.info("Msal in-memory cache has changed. Writing changes to persistence", "");
332
332
  this.currentCache = cacheContext.tokenCache.serialize();
333
333
  await this.persistence.save(this.currentCache);
334
334
  }
335
335
  else {
336
- this.logger.info("Msal in-memory cache has not changed. Did not write to persistence");
336
+ this.logger.info("Msal in-memory cache has not changed. Did not write to persistence", "");
337
337
  }
338
338
  }
339
339
  finally {
340
340
  await this.crossPlatformLock.unlock();
341
- this.logger.info(`Pid ${process$1.pid} afterCacheAccess released lock`);
341
+ this.logger.info(`Pid ${process$1.pid} afterCacheAccess released lock`, "");
342
342
  }
343
343
  }
344
344
  }
345
345
 
346
- /*! @azure/msal-common v15.13.1 2025-10-29 */
346
+ /*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
347
347
  /*
348
348
  * Copyright (c) Microsoft Corporation. All rights reserved.
349
349
  * Licensed under the MIT License.
350
350
  */
351
- const Constants = {
352
- LIBRARY_NAME: "MSAL.JS",
353
- SKU: "msal.js.common",
354
- // default authority
355
- DEFAULT_AUTHORITY: "https://login.microsoftonline.com/common/",
356
- DEFAULT_AUTHORITY_HOST: "login.microsoftonline.com",
357
- DEFAULT_COMMON_TENANT: "common",
358
- // ADFS String
359
- ADFS: "adfs",
360
- DSTS: "dstsv2",
361
- // Default AAD Instance Discovery Endpoint
362
- AAD_INSTANCE_DISCOVERY_ENDPT: "https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=",
363
- // CIAM URL
364
- CIAM_AUTH_URL: ".ciamlogin.com",
365
- AAD_TENANT_DOMAIN_SUFFIX: ".onmicrosoft.com",
366
- // Resource delimiter - used for certain cache entries
367
- RESOURCE_DELIM: "|",
368
- // Placeholder for non-existent account ids/objects
369
- NO_ACCOUNT: "NO_ACCOUNT",
370
- // Claims
371
- CLAIMS: "claims",
372
- // Consumer UTID
373
- CONSUMER_UTID: "9188040d-6c67-4c5b-b112-36a304b66dad",
374
- // Default scopes
375
- OPENID_SCOPE: "openid",
376
- PROFILE_SCOPE: "profile",
377
- OFFLINE_ACCESS_SCOPE: "offline_access",
378
- EMAIL_SCOPE: "email",
379
- CODE_GRANT_TYPE: "authorization_code",
380
- RT_GRANT_TYPE: "refresh_token",
381
- S256_CODE_CHALLENGE_METHOD: "S256",
382
- URL_FORM_CONTENT_TYPE: "application/x-www-form-urlencoded;charset=utf-8",
383
- AUTHORIZATION_PENDING: "authorization_pending",
384
- NOT_DEFINED: "not_defined",
385
- EMPTY_STRING: "",
386
- NOT_APPLICABLE: "N/A",
387
- NOT_AVAILABLE: "Not Available",
388
- FORWARD_SLASH: "/",
389
- IMDS_ENDPOINT: "http://169.254.169.254/metadata/instance/compute/location",
390
- IMDS_VERSION: "2020-06-01",
391
- IMDS_TIMEOUT: 2000,
392
- AZURE_REGION_AUTO_DISCOVER_FLAG: "TryAutoDetect",
393
- REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX: "login.microsoft.com",
394
- KNOWN_PUBLIC_CLOUDS: [
395
- "login.microsoftonline.com",
396
- "login.windows.net",
397
- "login.microsoft.com",
398
- "sts.windows.net",
399
- ],
400
- SHR_NONCE_VALIDITY: 240,
401
- INVALID_INSTANCE: "invalid_instance",
402
- };
403
- /**
404
- * we considered making this "enum" in the request instead of string, however it looks like the allowed list of
405
- * prompt values kept changing over past couple of years. There are some undocumented prompt values for some
406
- * internal partners too, hence the choice of generic "string" type instead of the "enum"
407
- */
408
- const PromptValue = {
409
- LOGIN: "login",
410
- SELECT_ACCOUNT: "select_account",
411
- CONSENT: "consent",
412
- NONE: "none",
413
- CREATE: "create",
414
- NO_SESSION: "no_session",
415
- };
416
- /**
417
- * Separators used in cache
418
- */
419
- const Separators = {
420
- CACHE_KEY_SEPARATOR: "-"};
421
- const SERVER_TELEM_CONSTANTS = {
422
- SCHEMA_VERSION: 5,
423
- MAX_LAST_HEADER_BYTES: 330,
424
- MAX_CACHED_ERRORS: 50,
425
- CACHE_KEY: "server-telemetry",
426
- CATEGORY_SEPARATOR: "|",
427
- VALUE_SEPARATOR: ",",
428
- OVERFLOW_TRUE: "1",
429
- OVERFLOW_FALSE: "0",
430
- UNKNOWN_ERROR: "unknown_error",
431
- };
432
- /**
433
- * Type of the authentication request
434
- */
435
- const AuthenticationScheme = {
436
- BEARER: "Bearer",
437
- POP: "pop",
438
- SSH: "ssh-cert",
439
- };
440
- /**
441
- * Specifies the reason for fetching the access token from the identity provider
442
- */
443
- const CacheOutcome = {
444
- // When a token is found in the cache or the cache is not supposed to be hit when making the request
445
- NOT_APPLICABLE: "0"};
446
-
447
- /*! @azure/msal-common v15.13.1 2025-10-29 */
351
+ function getDefaultErrorMessage(code) {
352
+ return `See https://aka.ms/msal.js.errors#${code} for details`;
353
+ }
448
354
  /**
449
355
  * General error class thrown by the MSAL.js library.
450
356
  */
451
357
  class AuthError extends Error {
452
358
  constructor(errorCode, errorMessage, suberror) {
453
- const errorString = errorMessage
454
- ? `${errorCode}: ${errorMessage}`
455
- : errorCode;
359
+ const message = errorMessage ||
360
+ (errorCode ? getDefaultErrorMessage(errorCode) : "");
361
+ const errorString = message ? `${errorCode}: ${message}` : errorCode;
456
362
  super(errorString);
457
363
  Object.setPrototypeOf(this, AuthError.prototype);
458
- this.errorCode = errorCode || Constants.EMPTY_STRING;
459
- this.errorMessage = errorMessage || Constants.EMPTY_STRING;
460
- this.subError = suberror || Constants.EMPTY_STRING;
364
+ this.errorCode = errorCode || "";
365
+ this.errorMessage = message || "";
366
+ this.subError = suberror || "";
461
367
  this.name = "AuthError";
462
368
  }
463
369
  setCorrelationId(correlationId) {
@@ -465,57 +371,7 @@ class AuthError extends Error {
465
371
  }
466
372
  }
467
373
 
468
- /*! @azure/msal-common v15.13.1 2025-10-29 */
469
- /*
470
- * Copyright (c) Microsoft Corporation. All rights reserved.
471
- * Licensed under the MIT License.
472
- */
473
- const clientInfoDecodingError = "client_info_decoding_error";
474
- const clientInfoEmptyError = "client_info_empty_error";
475
- const tokenParsingError = "token_parsing_error";
476
- const nullOrEmptyToken = "null_or_empty_token";
477
- const endpointResolutionError = "endpoints_resolution_error";
478
- const networkError = "network_error";
479
- const openIdConfigError = "openid_config_error";
480
- const hashNotDeserialized = "hash_not_deserialized";
481
- const invalidState = "invalid_state";
482
- const stateMismatch = "state_mismatch";
483
- const stateNotFound = "state_not_found";
484
- const nonceMismatch = "nonce_mismatch";
485
- const authTimeNotFound = "auth_time_not_found";
486
- const maxAgeTranspired = "max_age_transpired";
487
- const multipleMatchingTokens = "multiple_matching_tokens";
488
- const multipleMatchingAccounts = "multiple_matching_accounts";
489
- const multipleMatchingAppMetadata = "multiple_matching_appMetadata";
490
- const requestCannotBeMade = "request_cannot_be_made";
491
- const cannotRemoveEmptyScope = "cannot_remove_empty_scope";
492
- const cannotAppendScopeSet = "cannot_append_scopeset";
493
- const emptyInputScopeSet = "empty_input_scopeset";
494
- const deviceCodePollingCancelled = "device_code_polling_cancelled";
495
- const deviceCodeExpired = "device_code_expired";
496
- const deviceCodeUnknownError = "device_code_unknown_error";
497
- const noAccountInSilentRequest = "no_account_in_silent_request";
498
- const invalidCacheRecord = "invalid_cache_record";
499
- const invalidCacheEnvironment = "invalid_cache_environment";
500
- const noAccountFound = "no_account_found";
501
- const noCryptoObject = "no_crypto_object";
502
- const unexpectedCredentialType = "unexpected_credential_type";
503
- const invalidAssertion = "invalid_assertion";
504
- const invalidClientCredential = "invalid_client_credential";
505
- const tokenRefreshRequired = "token_refresh_required";
506
- const userTimeoutReached = "user_timeout_reached";
507
- const tokenClaimsCnfRequiredForSignedJwt = "token_claims_cnf_required_for_signedjwt";
508
- const authorizationCodeMissingFromServerResponse = "authorization_code_missing_from_server_response";
509
- const bindingKeyNotRemoved = "binding_key_not_removed";
510
- const endSessionEndpointNotSupported = "end_session_endpoint_not_supported";
511
- const keyIdMissing = "key_id_missing";
512
- const noNetworkConnectivity = "no_network_connectivity";
513
- const userCanceled = "user_canceled";
514
- const missingTenantIdError = "missing_tenant_id_error";
515
- const methodNotImplemented = "method_not_implemented";
516
- const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled";
517
-
518
- /*! @azure/msal-common v15.13.1 2025-10-29 */
374
+ /*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
519
375
 
520
376
  /*
521
377
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -524,63 +380,12 @@ const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled";
524
380
  /**
525
381
  * ClientAuthErrorMessage class containing string constants used by error codes and messages.
526
382
  */
527
- const ClientAuthErrorMessages = {
528
- [clientInfoDecodingError]: "The client info could not be parsed/decoded correctly",
529
- [clientInfoEmptyError]: "The client info was empty",
530
- [tokenParsingError]: "Token cannot be parsed",
531
- [nullOrEmptyToken]: "The token is null or empty",
532
- [endpointResolutionError]: "Endpoints cannot be resolved",
533
- [networkError]: "Network request failed",
534
- [openIdConfigError]: "Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints.",
535
- [hashNotDeserialized]: "The hash parameters could not be deserialized",
536
- [invalidState]: "State was not the expected format",
537
- [stateMismatch]: "State mismatch error",
538
- [stateNotFound]: "State not found",
539
- [nonceMismatch]: "Nonce mismatch error",
540
- [authTimeNotFound]: "Max Age was requested and the ID token is missing the auth_time variable." +
541
- " auth_time is an optional claim and is not enabled by default - it must be enabled." +
542
- " See https://aka.ms/msaljs/optional-claims for more information.",
543
- [maxAgeTranspired]: "Max Age is set to 0, or too much time has elapsed since the last end-user authentication.",
544
- [multipleMatchingTokens]: "The cache contains multiple tokens satisfying the requirements. " +
545
- "Call AcquireToken again providing more requirements such as authority or account.",
546
- [multipleMatchingAccounts]: "The cache contains multiple accounts satisfying the given parameters. Please pass more info to obtain the correct account",
547
- [multipleMatchingAppMetadata]: "The cache contains multiple appMetadata satisfying the given parameters. Please pass more info to obtain the correct appMetadata",
548
- [requestCannotBeMade]: "Token request cannot be made without authorization code or refresh token.",
549
- [cannotRemoveEmptyScope]: "Cannot remove null or empty scope from ScopeSet",
550
- [cannotAppendScopeSet]: "Cannot append ScopeSet",
551
- [emptyInputScopeSet]: "Empty input ScopeSet cannot be processed",
552
- [deviceCodePollingCancelled]: "Caller has cancelled token endpoint polling during device code flow by setting DeviceCodeRequest.cancel = true.",
553
- [deviceCodeExpired]: "Device code is expired.",
554
- [deviceCodeUnknownError]: "Device code stopped polling for unknown reasons.",
555
- [noAccountInSilentRequest]: "Please pass an account object, silent flow is not supported without account information",
556
- [invalidCacheRecord]: "Cache record object was null or undefined.",
557
- [invalidCacheEnvironment]: "Invalid environment when attempting to create cache entry",
558
- [noAccountFound]: "No account found in cache for given key.",
559
- [noCryptoObject]: "No crypto object detected.",
560
- [unexpectedCredentialType]: "Unexpected credential type.",
561
- [invalidAssertion]: "Client assertion must meet requirements described in https://tools.ietf.org/html/rfc7515",
562
- [invalidClientCredential]: "Client credential (secret, certificate, or assertion) must not be empty when creating a confidential client. An application should at most have one credential",
563
- [tokenRefreshRequired]: "Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.",
564
- [userTimeoutReached]: "User defined timeout for device code polling reached",
565
- [tokenClaimsCnfRequiredForSignedJwt]: "Cannot generate a POP jwt if the token_claims are not populated",
566
- [authorizationCodeMissingFromServerResponse]: "Server response does not contain an authorization code to proceed",
567
- [bindingKeyNotRemoved]: "Could not remove the credential's binding key from storage.",
568
- [endSessionEndpointNotSupported]: "The provided authority does not support logout",
569
- [keyIdMissing]: "A keyId value is missing from the requested bound token's cache record and is required to match the token to it's stored binding key.",
570
- [noNetworkConnectivity]: "No network connectivity. Check your internet connection.",
571
- [userCanceled]: "User cancelled the flow.",
572
- [missingTenantIdError]: "A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.",
573
- [methodNotImplemented]: "This method has not been implemented",
574
- [nestedAppAuthBridgeDisabled]: "The nested app auth bridge is disabled",
575
- };
576
383
  /**
577
384
  * Error thrown when there is an error in the client code running on the browser.
578
385
  */
579
386
  class ClientAuthError extends AuthError {
580
387
  constructor(errorCode, additionalMessage) {
581
- super(errorCode, additionalMessage
582
- ? `${ClientAuthErrorMessages[errorCode]}: ${additionalMessage}`
583
- : ClientAuthErrorMessages[errorCode]);
388
+ super(errorCode, additionalMessage);
584
389
  this.name = "ClientAuthError";
585
390
  Object.setPrototypeOf(this, ClientAuthError.prototype);
586
391
  }
@@ -589,8 +394,12 @@ function createClientAuthError(errorCode, additionalMessage) {
589
394
  return new ClientAuthError(errorCode, additionalMessage);
590
395
  }
591
396
 
592
- /*! @azure/msal-common v15.13.1 2025-10-29 */
397
+ /*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
398
+ const noAccountFound = "no_account_found";
399
+ const noNetworkConnectivity = "no_network_connectivity";
400
+ const userCanceled = "user_canceled";
593
401
 
402
+ /*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
594
403
  /*
595
404
  * Copyright (c) Microsoft Corporation. All rights reserved.
596
405
  * Licensed under the MIT License.
@@ -624,10 +433,8 @@ class Logger {
624
433
  typeof setLoggerOptions.logLevel === "number"
625
434
  ? setLoggerOptions.logLevel
626
435
  : LogLevel.Info;
627
- this.correlationId =
628
- setLoggerOptions.correlationId || Constants.EMPTY_STRING;
629
- this.packageName = packageName || Constants.EMPTY_STRING;
630
- this.packageVersion = packageVersion || Constants.EMPTY_STRING;
436
+ this.packageName = packageName || "";
437
+ this.packageVersion = packageVersion || "";
631
438
  }
632
439
  static createDefaultLoggerOptions() {
633
440
  return {
@@ -641,12 +448,11 @@ class Logger {
641
448
  /**
642
449
  * Create new Logger with existing configurations.
643
450
  */
644
- clone(packageName, packageVersion, correlationId) {
451
+ clone(packageName, packageVersion) {
645
452
  return new Logger({
646
453
  loggerCallback: this.localCallback,
647
454
  piiLoggingEnabled: this.piiLoggingEnabled,
648
455
  logLevel: this.level,
649
- correlationId: correlationId || this.correlationId,
650
456
  }, packageName, packageVersion);
651
457
  }
652
458
  /**
@@ -659,9 +465,9 @@ class Logger {
659
465
  }
660
466
  const timestamp = new Date().toUTCString();
661
467
  // Add correlationId to logs if set, correlationId provided on log messages take precedence
662
- const logHeader = `[${timestamp}] : [${options.correlationId || this.correlationId || ""}]`;
468
+ const logHeader = `[${timestamp}] : [${options.correlationId}]`;
663
469
  const log = `${logHeader} : ${this.packageName}@${this.packageVersion} : ${LogLevel[options.logLevel]} - ${logMessage}`;
664
- // debug(`msal:${LogLevel[options.logLevel]}${options.containsPii ? "-Pii": Constants.EMPTY_STRING}${options.context ? `:${options.context}` : Constants.EMPTY_STRING}`)(logMessage);
470
+ // debug(`msal:${LogLevel[options.logLevel]}${options.containsPii ? "-Pii": Constants.""}${options.context ? `:${options.context}` : Constants.""}`)(logMessage);
665
471
  this.executeCallback(options.logLevel, log, options.containsPii || false);
666
472
  }
667
473
  /**
@@ -679,7 +485,7 @@ class Logger {
679
485
  this.logMessage(message, {
680
486
  logLevel: LogLevel.Error,
681
487
  containsPii: false,
682
- correlationId: correlationId || Constants.EMPTY_STRING,
488
+ correlationId: correlationId,
683
489
  });
684
490
  }
685
491
  /**
@@ -689,7 +495,7 @@ class Logger {
689
495
  this.logMessage(message, {
690
496
  logLevel: LogLevel.Error,
691
497
  containsPii: true,
692
- correlationId: correlationId || Constants.EMPTY_STRING,
498
+ correlationId: correlationId,
693
499
  });
694
500
  }
695
501
  /**
@@ -699,7 +505,7 @@ class Logger {
699
505
  this.logMessage(message, {
700
506
  logLevel: LogLevel.Warning,
701
507
  containsPii: false,
702
- correlationId: correlationId || Constants.EMPTY_STRING,
508
+ correlationId: correlationId,
703
509
  });
704
510
  }
705
511
  /**
@@ -709,7 +515,7 @@ class Logger {
709
515
  this.logMessage(message, {
710
516
  logLevel: LogLevel.Warning,
711
517
  containsPii: true,
712
- correlationId: correlationId || Constants.EMPTY_STRING,
518
+ correlationId: correlationId,
713
519
  });
714
520
  }
715
521
  /**
@@ -719,7 +525,7 @@ class Logger {
719
525
  this.logMessage(message, {
720
526
  logLevel: LogLevel.Info,
721
527
  containsPii: false,
722
- correlationId: correlationId || Constants.EMPTY_STRING,
528
+ correlationId: correlationId,
723
529
  });
724
530
  }
725
531
  /**
@@ -729,7 +535,7 @@ class Logger {
729
535
  this.logMessage(message, {
730
536
  logLevel: LogLevel.Info,
731
537
  containsPii: true,
732
- correlationId: correlationId || Constants.EMPTY_STRING,
538
+ correlationId: correlationId,
733
539
  });
734
540
  }
735
541
  /**
@@ -739,7 +545,7 @@ class Logger {
739
545
  this.logMessage(message, {
740
546
  logLevel: LogLevel.Verbose,
741
547
  containsPii: false,
742
- correlationId: correlationId || Constants.EMPTY_STRING,
548
+ correlationId: correlationId,
743
549
  });
744
550
  }
745
551
  /**
@@ -749,7 +555,7 @@ class Logger {
749
555
  this.logMessage(message, {
750
556
  logLevel: LogLevel.Verbose,
751
557
  containsPii: true,
752
- correlationId: correlationId || Constants.EMPTY_STRING,
558
+ correlationId: correlationId,
753
559
  });
754
560
  }
755
561
  /**
@@ -759,7 +565,7 @@ class Logger {
759
565
  this.logMessage(message, {
760
566
  logLevel: LogLevel.Trace,
761
567
  containsPii: false,
762
- correlationId: correlationId || Constants.EMPTY_STRING,
568
+ correlationId: correlationId,
763
569
  });
764
570
  }
765
571
  /**
@@ -769,7 +575,7 @@ class Logger {
769
575
  this.logMessage(message, {
770
576
  logLevel: LogLevel.Trace,
771
577
  containsPii: true,
772
- correlationId: correlationId || Constants.EMPTY_STRING,
578
+ correlationId: correlationId,
773
579
  });
774
580
  }
775
581
  /**
@@ -780,72 +586,55 @@ class Logger {
780
586
  }
781
587
  }
782
588
 
783
- /*! @azure/msal-common v15.13.1 2025-10-29 */
784
- /*
785
- * Copyright (c) Microsoft Corporation. All rights reserved.
786
- * Licensed under the MIT License.
589
+ /*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
590
+ /**
591
+ * we considered making this "enum" in the request instead of string, however it looks like the allowed list of
592
+ * prompt values kept changing over past couple of years. There are some undocumented prompt values for some
593
+ * internal partners too, hence the choice of generic "string" type instead of the "enum"
787
594
  */
788
- const redirectUriEmpty = "redirect_uri_empty";
789
- const claimsRequestParsingError = "claims_request_parsing_error";
790
- const authorityUriInsecure = "authority_uri_insecure";
791
- const urlParseError = "url_parse_error";
792
- const urlEmptyError = "empty_url_error";
793
- const emptyInputScopesError = "empty_input_scopes_error";
794
- const invalidClaims = "invalid_claims";
795
- const tokenRequestEmpty = "token_request_empty";
796
- const logoutRequestEmpty = "logout_request_empty";
797
- const invalidCodeChallengeMethod = "invalid_code_challenge_method";
798
- const pkceParamsMissing = "pkce_params_missing";
799
- const invalidCloudDiscoveryMetadata = "invalid_cloud_discovery_metadata";
800
- const invalidAuthorityMetadata = "invalid_authority_metadata";
801
- const untrustedAuthority = "untrusted_authority";
802
- const missingSshJwk = "missing_ssh_jwk";
803
- const missingSshKid = "missing_ssh_kid";
804
- const missingNonceAuthenticationHeader = "missing_nonce_authentication_header";
805
- const invalidAuthenticationHeader = "invalid_authentication_header";
806
- const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
807
- const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
808
- const authorityMismatch = "authority_mismatch";
809
- const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
810
- const invalidAuthorizePostBodyParameters = "invalid_authorize_post_body_parameters";
595
+ const PromptValue = {
596
+ LOGIN: "login",
597
+ SELECT_ACCOUNT: "select_account",
598
+ NONE: "none",
599
+ CREATE: "create"};
600
+ /**
601
+ * Separators used in cache
602
+ */
603
+ const CACHE_KEY_SEPARATOR = "-";
604
+ const SERVER_TELEM_SCHEMA_VERSION = 5;
605
+ const SERVER_TELEM_MAX_LAST_HEADER_BYTES = 330; // ESTS limit is 350B, set to 330 to provide a 20B buffer,
606
+ const SERVER_TELEM_MAX_CACHED_ERRORS = 50; // Limit the number of errors that can be stored to prevent uncontrolled size gains
607
+ const SERVER_TELEM_CACHE_KEY = "server-telemetry";
608
+ const SERVER_TELEM_CATEGORY_SEPARATOR = "|";
609
+ const SERVER_TELEM_VALUE_SEPARATOR = ",";
610
+ const SERVER_TELEM_OVERFLOW_TRUE = "1";
611
+ const SERVER_TELEM_OVERFLOW_FALSE = "0";
612
+ const SERVER_TELEM_UNKNOWN_ERROR = "unknown_error";
613
+ /**
614
+ * Type of the authentication request
615
+ */
616
+ const AuthenticationScheme = {
617
+ BEARER: "Bearer",
618
+ POP: "pop"};
619
+ /**
620
+ * Specifies the reason for fetching the access token from the identity provider
621
+ */
622
+ const CacheOutcome = {
623
+ // When a token is found in the cache or the cache is not supposed to be hit when making the request
624
+ NOT_APPLICABLE: "0"};
811
625
 
812
- /*! @azure/msal-common v15.13.1 2025-10-29 */
626
+ /*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
813
627
 
814
628
  /*
815
629
  * Copyright (c) Microsoft Corporation. All rights reserved.
816
630
  * Licensed under the MIT License.
817
631
  */
818
- const ClientConfigurationErrorMessages = {
819
- [redirectUriEmpty]: "A redirect URI is required for all calls, and none has been set.",
820
- [claimsRequestParsingError]: "Could not parse the given claims request object.",
821
- [authorityUriInsecure]: "Authority URIs must use https. Please see here for valid authority configuration options: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-initializing-client-applications#configuration-options",
822
- [urlParseError]: "URL could not be parsed into appropriate segments.",
823
- [urlEmptyError]: "URL was empty or null.",
824
- [emptyInputScopesError]: "Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token.",
825
- [invalidClaims]: "Given claims parameter must be a stringified JSON object.",
826
- [tokenRequestEmpty]: "Token request was empty and not found in cache.",
827
- [logoutRequestEmpty]: "The logout request was null or undefined.",
828
- [invalidCodeChallengeMethod]: 'code_challenge_method passed is invalid. Valid values are "plain" and "S256".',
829
- [pkceParamsMissing]: "Both params: code_challenge and code_challenge_method are to be passed if to be sent in the request",
830
- [invalidCloudDiscoveryMetadata]: "Invalid cloudDiscoveryMetadata provided. Must be a stringified JSON object containing tenant_discovery_endpoint and metadata fields",
831
- [invalidAuthorityMetadata]: "Invalid authorityMetadata provided. Must by a stringified JSON object containing authorization_endpoint, token_endpoint, issuer fields.",
832
- [untrustedAuthority]: "The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter.",
833
- [missingSshJwk]: "Missing sshJwk in SSH certificate request. A stringified JSON Web Key is required when using the SSH authentication scheme.",
834
- [missingSshKid]: "Missing sshKid in SSH certificate request. A string that uniquely identifies the public SSH key is required when using the SSH authentication scheme.",
835
- [missingNonceAuthenticationHeader]: "Unable to find an authentication header containing server nonce. Either the Authentication-Info or WWW-Authenticate headers must be present in order to obtain a server nonce.",
836
- [invalidAuthenticationHeader]: "Invalid authentication header provided",
837
- [cannotSetOIDCOptions]: "Cannot set OIDCOptions parameter. Please change the protocol mode to OIDC or use a non-Microsoft authority.",
838
- [cannotAllowPlatformBroker]: "Cannot set allowPlatformBroker parameter to true when not in AAD protocol mode.",
839
- [authorityMismatch]: "Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority.",
840
- [invalidAuthorizePostBodyParameters]: "Invalid authorize post body parameters provided. If you are using authorizePostBodyParameters, the request method must be POST. Please check the request method and parameters.",
841
- [invalidRequestMethodForEAR]: "Invalid request method for EAR protocol mode. The request method cannot be GET when using EAR protocol mode. Please change the request method to POST.",
842
- };
843
632
  /**
844
633
  * Error thrown when there is an error in configuration of the MSAL.js library.
845
634
  */
846
635
  class ClientConfigurationError extends AuthError {
847
636
  constructor(errorCode) {
848
- super(errorCode, ClientConfigurationErrorMessages[errorCode]);
637
+ super(errorCode);
849
638
  this.name = "ClientConfigurationError";
850
639
  Object.setPrototypeOf(this, ClientConfigurationError.prototype);
851
640
  }
@@ -854,10 +643,13 @@ function createClientConfigurationError(errorCode) {
854
643
  return new ClientConfigurationError(errorCode);
855
644
  }
856
645
 
857
- /*! @azure/msal-common v15.13.1 2025-10-29 */
646
+ /*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
647
+ const untrustedAuthority = "untrusted_authority";
648
+
649
+ /*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
858
650
  const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
859
651
 
860
- /*! @azure/msal-common v15.13.1 2025-10-29 */
652
+ /*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
861
653
  /**
862
654
  * Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
863
655
  * @param seconds
@@ -869,7 +661,7 @@ function toDateFromSeconds(seconds) {
869
661
  return new Date();
870
662
  }
871
663
 
872
- /*! @azure/msal-common v15.13.1 2025-10-29 */
664
+ /*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
873
665
 
874
666
  /*
875
667
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -888,7 +680,7 @@ class ServerError extends AuthError {
888
680
  }
889
681
  }
890
682
 
891
- /*! @azure/msal-common v15.13.1 2025-10-29 */
683
+ /*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
892
684
  /**
893
685
  * Error thrown when user interaction is required.
894
686
  */
@@ -896,16 +688,16 @@ class InteractionRequiredAuthError extends AuthError {
896
688
  constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
897
689
  super(errorCode, errorMessage, subError);
898
690
  Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
899
- this.timestamp = timestamp || Constants.EMPTY_STRING;
900
- this.traceId = traceId || Constants.EMPTY_STRING;
901
- this.correlationId = correlationId || Constants.EMPTY_STRING;
902
- this.claims = claims || Constants.EMPTY_STRING;
691
+ this.timestamp = timestamp || "";
692
+ this.traceId = traceId || "";
693
+ this.correlationId = correlationId || "";
694
+ this.claims = claims || "";
903
695
  this.name = "InteractionRequiredAuthError";
904
696
  this.errorNo = errorNo;
905
697
  }
906
698
  }
907
699
 
908
- /*! @azure/msal-common v15.13.1 2025-10-29 */
700
+ /*! @azure/msal-common v16.0.0-alpha.0 2025-10-07 */
909
701
 
910
702
  /*
911
703
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -956,34 +748,34 @@ class ServerTelemetryManager {
956
748
  this.cacheManager = cacheManager;
957
749
  this.apiId = telemetryRequest.apiId;
958
750
  this.correlationId = telemetryRequest.correlationId;
959
- this.wrapperSKU = telemetryRequest.wrapperSKU || Constants.EMPTY_STRING;
960
- this.wrapperVer = telemetryRequest.wrapperVer || Constants.EMPTY_STRING;
751
+ this.wrapperSKU = telemetryRequest.wrapperSKU || "";
752
+ this.wrapperVer = telemetryRequest.wrapperVer || "";
961
753
  this.telemetryCacheKey =
962
- SERVER_TELEM_CONSTANTS.CACHE_KEY +
963
- Separators.CACHE_KEY_SEPARATOR +
754
+ SERVER_TELEM_CACHE_KEY +
755
+ CACHE_KEY_SEPARATOR +
964
756
  telemetryRequest.clientId;
965
757
  }
966
758
  /**
967
759
  * API to add MSER Telemetry to request
968
760
  */
969
761
  generateCurrentRequestHeaderValue() {
970
- const request = `${this.apiId}${SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR}${this.cacheOutcome}`;
762
+ const request = `${this.apiId}${SERVER_TELEM_VALUE_SEPARATOR}${this.cacheOutcome}`;
971
763
  const platformFieldsArr = [this.wrapperSKU, this.wrapperVer];
972
764
  const nativeBrokerErrorCode = this.getNativeBrokerErrorCode();
973
765
  if (nativeBrokerErrorCode?.length) {
974
766
  platformFieldsArr.push(`broker_error=${nativeBrokerErrorCode}`);
975
767
  }
976
- const platformFields = platformFieldsArr.join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR);
768
+ const platformFields = platformFieldsArr.join(SERVER_TELEM_VALUE_SEPARATOR);
977
769
  const regionDiscoveryFields = this.getRegionDiscoveryFields();
978
770
  const requestWithRegionDiscoveryFields = [
979
771
  request,
980
772
  regionDiscoveryFields,
981
- ].join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR);
773
+ ].join(SERVER_TELEM_VALUE_SEPARATOR);
982
774
  return [
983
- SERVER_TELEM_CONSTANTS.SCHEMA_VERSION,
775
+ SERVER_TELEM_SCHEMA_VERSION,
984
776
  requestWithRegionDiscoveryFields,
985
777
  platformFields,
986
- ].join(SERVER_TELEM_CONSTANTS.CATEGORY_SEPARATOR);
778
+ ].join(SERVER_TELEM_CATEGORY_SEPARATOR);
987
779
  }
988
780
  /**
989
781
  * API to add MSER Telemetry for the last failed request
@@ -993,23 +785,23 @@ class ServerTelemetryManager {
993
785
  const maxErrors = ServerTelemetryManager.maxErrorsToSend(lastRequests);
994
786
  const failedRequests = lastRequests.failedRequests
995
787
  .slice(0, 2 * maxErrors)
996
- .join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR);
788
+ .join(SERVER_TELEM_VALUE_SEPARATOR);
997
789
  const errors = lastRequests.errors
998
790
  .slice(0, maxErrors)
999
- .join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR);
791
+ .join(SERVER_TELEM_VALUE_SEPARATOR);
1000
792
  const errorCount = lastRequests.errors.length;
1001
793
  // Indicate whether this header contains all data or partial data
1002
794
  const overflow = maxErrors < errorCount
1003
- ? SERVER_TELEM_CONSTANTS.OVERFLOW_TRUE
1004
- : SERVER_TELEM_CONSTANTS.OVERFLOW_FALSE;
1005
- const platformFields = [errorCount, overflow].join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR);
795
+ ? SERVER_TELEM_OVERFLOW_TRUE
796
+ : SERVER_TELEM_OVERFLOW_FALSE;
797
+ const platformFields = [errorCount, overflow].join(SERVER_TELEM_VALUE_SEPARATOR);
1006
798
  return [
1007
- SERVER_TELEM_CONSTANTS.SCHEMA_VERSION,
799
+ SERVER_TELEM_SCHEMA_VERSION,
1008
800
  lastRequests.cacheHits,
1009
801
  failedRequests,
1010
802
  errors,
1011
803
  platformFields,
1012
- ].join(SERVER_TELEM_CONSTANTS.CATEGORY_SEPARATOR);
804
+ ].join(SERVER_TELEM_CATEGORY_SEPARATOR);
1013
805
  }
1014
806
  /**
1015
807
  * API to cache token failures for MSER data capture
@@ -1018,7 +810,7 @@ class ServerTelemetryManager {
1018
810
  cacheFailedRequest(error) {
1019
811
  const lastRequests = this.getLastRequests();
1020
812
  if (lastRequests.errors.length >=
1021
- SERVER_TELEM_CONSTANTS.MAX_CACHED_ERRORS) {
813
+ SERVER_TELEM_MAX_CACHED_ERRORS) {
1022
814
  // Remove a cached error to make room, first in first out
1023
815
  lastRequests.failedRequests.shift(); // apiId
1024
816
  lastRequests.failedRequests.shift(); // correlationId
@@ -1042,7 +834,7 @@ class ServerTelemetryManager {
1042
834
  }
1043
835
  }
1044
836
  else {
1045
- lastRequests.errors.push(SERVER_TELEM_CONSTANTS.UNKNOWN_ERROR);
837
+ lastRequests.errors.push(SERVER_TELEM_UNKNOWN_ERROR);
1046
838
  }
1047
839
  this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
1048
840
  return;
@@ -1065,7 +857,7 @@ class ServerTelemetryManager {
1065
857
  errors: [],
1066
858
  cacheHits: 0,
1067
859
  };
1068
- const lastRequests = this.cacheManager.getServerTelemetry(this.telemetryCacheKey);
860
+ const lastRequests = this.cacheManager.getServerTelemetry(this.telemetryCacheKey, this.correlationId);
1069
861
  return lastRequests || initialValue;
1070
862
  }
1071
863
  /**
@@ -1100,18 +892,16 @@ class ServerTelemetryManager {
1100
892
  const errorCount = serverTelemetryEntity.errors.length;
1101
893
  for (i = 0; i < errorCount; i++) {
1102
894
  // failedRequests parameter contains pairs of apiId and correlationId, multiply index by 2 to preserve pairs
1103
- const apiId = serverTelemetryEntity.failedRequests[2 * i] ||
1104
- Constants.EMPTY_STRING;
1105
- const correlationId = serverTelemetryEntity.failedRequests[2 * i + 1] ||
1106
- Constants.EMPTY_STRING;
1107
- const errorCode = serverTelemetryEntity.errors[i] || Constants.EMPTY_STRING;
895
+ const apiId = serverTelemetryEntity.failedRequests[2 * i] || "";
896
+ const correlationId = serverTelemetryEntity.failedRequests[2 * i + 1] || "";
897
+ const errorCode = serverTelemetryEntity.errors[i] || "";
1108
898
  // Count number of characters that would be added to header, each character is 1 byte. Add 3 at the end to account for separators
1109
899
  dataSize +=
1110
900
  apiId.toString().length +
1111
901
  correlationId.toString().length +
1112
902
  errorCode.length +
1113
903
  3;
1114
- if (dataSize < SERVER_TELEM_CONSTANTS.MAX_LAST_HEADER_BYTES) {
904
+ if (dataSize < SERVER_TELEM_MAX_LAST_HEADER_BYTES) {
1115
905
  // Adding this entry to the header would still keep header size below the limit
1116
906
  maxErrors += 1;
1117
907
  }
@@ -1128,9 +918,9 @@ class ServerTelemetryManager {
1128
918
  */
1129
919
  getRegionDiscoveryFields() {
1130
920
  const regionDiscoveryFields = [];
1131
- regionDiscoveryFields.push(this.regionUsed || Constants.EMPTY_STRING);
1132
- regionDiscoveryFields.push(this.regionSource || Constants.EMPTY_STRING);
1133
- regionDiscoveryFields.push(this.regionOutcome || Constants.EMPTY_STRING);
921
+ regionDiscoveryFields.push(this.regionUsed || "");
922
+ regionDiscoveryFields.push(this.regionSource || "");
923
+ regionDiscoveryFields.push(this.regionOutcome || "");
1134
924
  return regionDiscoveryFields.join(",");
1135
925
  }
1136
926
  /**
@@ -1177,15 +967,15 @@ class BasePersistence {
1177
967
  // We are using a different location for the test to avoid overriding the functional cache
1178
968
  const persistenceValidator = await this.createForPersistenceValidation();
1179
969
  try {
1180
- await persistenceValidator.save(Constants$1.PERSISTENCE_TEST_DATA);
970
+ await persistenceValidator.save(Constants.PERSISTENCE_TEST_DATA);
1181
971
  const retrievedDummyData = await persistenceValidator.load();
1182
972
  if (!retrievedDummyData) {
1183
973
  throw PersistenceError.createCachePersistenceError("Persistence check failed. Data was written but it could not be read. " +
1184
974
  "Possible cause: on Linux, LibSecret is installed but D-Bus isn't running \
1185
975
  because it cannot be started over SSH.");
1186
976
  }
1187
- if (retrievedDummyData !== Constants$1.PERSISTENCE_TEST_DATA) {
1188
- throw PersistenceError.createCachePersistenceError(`Persistence check failed. Data written ${Constants$1.PERSISTENCE_TEST_DATA} is different \
977
+ if (retrievedDummyData !== Constants.PERSISTENCE_TEST_DATA) {
978
+ throw PersistenceError.createCachePersistenceError(`Persistence check failed. Data written ${Constants.PERSISTENCE_TEST_DATA} is different \
1189
979
  from data read ${retrievedDummyData}`);
1190
980
  }
1191
981
  await persistenceValidator.delete();
@@ -1278,9 +1068,9 @@ class FilePersistence extends BasePersistence {
1278
1068
  }
1279
1069
  catch (err) {
1280
1070
  if (isNodeError(err)) {
1281
- if (err.code === Constants$1.ENOENT_ERROR) {
1071
+ if (err.code === Constants.ENOENT_ERROR) {
1282
1072
  // file does not exist, so it was not deleted
1283
- this.logger.warning("Cache file does not exist, so it could not be deleted");
1073
+ this.logger.warning("Cache file does not exist, so it could not be deleted", "");
1284
1074
  return false;
1285
1075
  }
1286
1076
  throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
@@ -1319,9 +1109,9 @@ class FilePersistence extends BasePersistence {
1319
1109
  }
1320
1110
  catch (err) {
1321
1111
  if (isNodeError(err)) {
1322
- if (err.code === Constants$1.ENOENT_ERROR) {
1112
+ if (err.code === Constants.ENOENT_ERROR) {
1323
1113
  // file does not exist, so it's never been modified
1324
- this.logger.verbose("Cache file does not exist");
1114
+ this.logger.verbose("Cache file does not exist", "");
1325
1115
  return 0;
1326
1116
  }
1327
1117
  throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
@@ -1336,7 +1126,7 @@ class FilePersistence extends BasePersistence {
1336
1126
  // File is created only if it does not exist
1337
1127
  const fileHandle = await fs.promises.open(this.filePath, "a");
1338
1128
  await fileHandle.close();
1339
- this.logger.info(`File created at ${this.filePath}`);
1129
+ this.logger.info(`File created at ${this.filePath}`, "");
1340
1130
  }
1341
1131
  async createFileDirectory() {
1342
1132
  try {
@@ -1344,8 +1134,8 @@ class FilePersistence extends BasePersistence {
1344
1134
  }
1345
1135
  catch (err) {
1346
1136
  if (isNodeError(err)) {
1347
- if (err.code === Constants$1.EEXIST_ERROR) {
1348
- this.logger.info(`Directory ${path.dirname(this.filePath)} already exists`);
1137
+ if (err.code === Constants.EEXIST_ERROR) {
1138
+ this.logger.info(`Directory ${path.dirname(this.filePath)} already exists`, "");
1349
1139
  }
1350
1140
  else {
1351
1141
  throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
@@ -1456,7 +1246,7 @@ class FilePersistenceWithDataProtection extends BasePersistence {
1456
1246
  0 === encryptedContents.length) {
1457
1247
  this.filePersistence
1458
1248
  .getLogger()
1459
- .info("Encrypted contents loaded from file were null or empty");
1249
+ .info("Encrypted contents loaded from file were null or empty", "");
1460
1250
  return null;
1461
1251
  }
1462
1252
  return Dpapi.unprotectData(encryptedContents, this.optionalEntropy, this.scope.toString()).toString();
@@ -1653,19 +1443,19 @@ class LibSecretPersistence extends BasePersistence {
1653
1443
  */
1654
1444
  class Environment {
1655
1445
  static get homeEnvVar() {
1656
- return this.getEnvironmentVariable(Constants$1.ENVIRONMENT.HOME);
1446
+ return this.getEnvironmentVariable(Constants.ENVIRONMENT.HOME);
1657
1447
  }
1658
1448
  static get lognameEnvVar() {
1659
- return this.getEnvironmentVariable(Constants$1.ENVIRONMENT.LOGNAME);
1449
+ return this.getEnvironmentVariable(Constants.ENVIRONMENT.LOGNAME);
1660
1450
  }
1661
1451
  static get userEnvVar() {
1662
- return this.getEnvironmentVariable(Constants$1.ENVIRONMENT.USER);
1452
+ return this.getEnvironmentVariable(Constants.ENVIRONMENT.USER);
1663
1453
  }
1664
1454
  static get lnameEnvVar() {
1665
- return this.getEnvironmentVariable(Constants$1.ENVIRONMENT.LNAME);
1455
+ return this.getEnvironmentVariable(Constants.ENVIRONMENT.LNAME);
1666
1456
  }
1667
1457
  static get usernameEnvVar() {
1668
- return this.getEnvironmentVariable(Constants$1.ENVIRONMENT.USERNAME);
1458
+ return this.getEnvironmentVariable(Constants.ENVIRONMENT.USERNAME);
1669
1459
  }
1670
1460
  static getEnvironmentVariable(name) {
1671
1461
  return process.env[name] || "";
@@ -1686,7 +1476,7 @@ class Environment {
1686
1476
  if (typeof process.getuid !== "function") {
1687
1477
  return false;
1688
1478
  }
1689
- return process.getuid() === Constants$1.LINUX_ROOT_USER_GUID;
1479
+ return process.getuid() === Constants.LINUX_ROOT_USER_GUID;
1690
1480
  }
1691
1481
  static getUserRootDirectory() {
1692
1482
  return !this.isWindowsPlatform()
@@ -1694,7 +1484,7 @@ class Environment {
1694
1484
  : this.getUserHomeDirOnWindows();
1695
1485
  }
1696
1486
  static getUserHomeDirOnWindows() {
1697
- return this.getEnvironmentVariable(Constants$1.ENVIRONMENT.LOCAL_APPLICATION_DATA);
1487
+ return this.getEnvironmentVariable(Constants.ENVIRONMENT.LOCAL_APPLICATION_DATA);
1698
1488
  }
1699
1489
  static getUserHomeDirOnUnix() {
1700
1490
  if (this.isWindowsPlatform()) {
@@ -1789,34 +1579,6 @@ class PersistenceCreator {
1789
1579
  }
1790
1580
  }
1791
1581
 
1792
- /*
1793
- * Copyright (c) Microsoft Corporation. All rights reserved.
1794
- * Licensed under the MIT License.
1795
- */
1796
- class StringUtils {
1797
- /**
1798
- * Converts a numeric tag to a string representation
1799
- * @param tag - The numeric tag to convert
1800
- * @returns The string representation of the tag
1801
- */
1802
- static tagToString(tag) {
1803
- if (tag === 0) {
1804
- return "UNTAG";
1805
- }
1806
- const tagSymbolSpace = "abcdefghijklmnopqrstuvwxyz0123456789****************************";
1807
- let tagBuffer = "*****";
1808
- const chars = [
1809
- tagSymbolSpace[(tag >> 24) & 0x3f],
1810
- tagSymbolSpace[(tag >> 18) & 0x3f],
1811
- tagSymbolSpace[(tag >> 12) & 0x3f],
1812
- tagSymbolSpace[(tag >> 6) & 0x3f],
1813
- tagSymbolSpace[(tag >> 0) & 0x3f],
1814
- ];
1815
- tagBuffer = chars.join("");
1816
- return tagBuffer;
1817
- }
1818
- }
1819
-
1820
1582
  /*
1821
1583
  * Copyright (c) Microsoft Corporation. All rights reserved.
1822
1584
  * Licensed under the MIT License.
@@ -1826,14 +1588,14 @@ class NativeAuthError extends AuthError {
1826
1588
  super(errorStatus, errorContext);
1827
1589
  this.name = "NativeAuthError";
1828
1590
  this.statusCode = errorCode;
1829
- this.tag = StringUtils.tagToString(errorTag);
1591
+ this.tag = errorTag;
1830
1592
  Object.setPrototypeOf(this, NativeAuthError.prototype);
1831
1593
  }
1832
1594
  }
1833
1595
 
1834
1596
  /* eslint-disable header/header */
1835
1597
  const name = "@azure/msal-node-extensions";
1836
- const version = "1.5.24";
1598
+ const version = "5.0.0-alpha.0";
1837
1599
 
1838
1600
  /*
1839
1601
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1852,62 +1614,62 @@ class NativeBrokerPlugin {
1852
1614
  }
1853
1615
  setLogger(loggerOptions) {
1854
1616
  this.logger = new Logger(loggerOptions, name, version);
1855
- const logCallback = (message, logLevel, containsPii) => {
1617
+ const logCallback = (message, logLevel, containsPii, correlationId = "") => {
1856
1618
  switch (logLevel) {
1857
1619
  case msalNodeRuntime.LogLevel.Trace:
1858
1620
  if (containsPii) {
1859
- this.logger.tracePii(message);
1621
+ this.logger.tracePii(message, correlationId);
1860
1622
  }
1861
1623
  else {
1862
- this.logger.trace(message);
1624
+ this.logger.trace(message, correlationId);
1863
1625
  }
1864
1626
  break;
1865
1627
  case msalNodeRuntime.LogLevel.Debug:
1866
1628
  if (containsPii) {
1867
- this.logger.tracePii(message);
1629
+ this.logger.tracePii(message, correlationId);
1868
1630
  }
1869
1631
  else {
1870
- this.logger.trace(message);
1632
+ this.logger.trace(message, correlationId);
1871
1633
  }
1872
1634
  break;
1873
1635
  case msalNodeRuntime.LogLevel.Info:
1874
1636
  if (containsPii) {
1875
- this.logger.infoPii(message);
1637
+ this.logger.infoPii(message, correlationId);
1876
1638
  }
1877
1639
  else {
1878
- this.logger.info(message);
1640
+ this.logger.info(message, correlationId);
1879
1641
  }
1880
1642
  break;
1881
1643
  case msalNodeRuntime.LogLevel.Warning:
1882
1644
  if (containsPii) {
1883
- this.logger.warningPii(message);
1645
+ this.logger.warningPii(message, correlationId);
1884
1646
  }
1885
1647
  else {
1886
- this.logger.warning(message);
1648
+ this.logger.warning(message, correlationId);
1887
1649
  }
1888
1650
  break;
1889
1651
  case msalNodeRuntime.LogLevel.Error:
1890
1652
  if (containsPii) {
1891
- this.logger.errorPii(message);
1653
+ this.logger.errorPii(message, correlationId);
1892
1654
  }
1893
1655
  else {
1894
- this.logger.error(message);
1656
+ this.logger.error(message, correlationId);
1895
1657
  }
1896
1658
  break;
1897
1659
  case msalNodeRuntime.LogLevel.Fatal:
1898
1660
  if (containsPii) {
1899
- this.logger.errorPii(message);
1661
+ this.logger.errorPii(message, correlationId);
1900
1662
  }
1901
1663
  else {
1902
- this.logger.error(message);
1664
+ this.logger.error(message, correlationId);
1903
1665
  }
1904
1666
  break;
1905
1667
  default:
1906
1668
  if (containsPii) {
1907
- this.logger.infoPii(message);
1669
+ this.logger.infoPii(message, correlationId);
1908
1670
  }
1909
1671
  else {
1910
- this.logger.info(message);
1672
+ this.logger.info(message, correlationId);
1911
1673
  }
1912
1674
  break;
1913
1675
  }
@@ -1961,13 +1723,10 @@ class NativeBrokerPlugin {
1961
1723
  async acquireTokenSilent(request) {
1962
1724
  this.logger.trace("NativeBrokerPlugin - acquireTokenSilent called", request.correlationId);
1963
1725
  const platformRequest = request;
1964
- if (!platformRequest.redirectUri) {
1965
- platformRequest.redirectUri =
1966
- this.chooseRedirectUriByPlatform(platformRequest);
1967
- this.logger.info("NativeBrokerPlugin - No Redirect URI provided, using default", platformRequest.correlationId);
1968
- }
1969
1726
  const authParams = this.generateRequestParameters(platformRequest);
1970
1727
  const account = await this.getAccount(platformRequest);
1728
+ platformRequest.redirectUri =
1729
+ this.chooseRedirectUriByPlatform(platformRequest);
1971
1730
  return new Promise((resolve, reject) => {
1972
1731
  const resultCallback = (result) => {
1973
1732
  try {
@@ -2002,12 +1761,9 @@ class NativeBrokerPlugin {
2002
1761
  async acquireTokenInteractive(request, providedWindowHandle) {
2003
1762
  this.logger.trace("NativeBrokerPlugin - acquireTokenInteractive called", request.correlationId);
2004
1763
  const platformRequest = request;
2005
- if (!platformRequest.redirectUri) {
2006
- platformRequest.redirectUri =
2007
- this.chooseRedirectUriByPlatform(platformRequest);
2008
- this.logger.info("NativeBrokerPlugin - No Redirect URI provided, using default", platformRequest.correlationId);
2009
- }
2010
1764
  const authParams = this.generateRequestParameters(platformRequest);
1765
+ platformRequest.redirectUri =
1766
+ this.chooseRedirectUriByPlatform(platformRequest);
2011
1767
  const account = await this.getAccount(platformRequest);
2012
1768
  const windowHandle = providedWindowHandle || Buffer.from([0]);
2013
1769
  return new Promise((resolve, reject) => {
@@ -2031,8 +1787,7 @@ class NativeBrokerPlugin {
2031
1787
  case PromptValue.SELECT_ACCOUNT:
2032
1788
  case PromptValue.CREATE:
2033
1789
  this.logger.info("Calling native interop SignInInteractively API", platformRequest.correlationId);
2034
- const loginHint = platformRequest.loginHint ||
2035
- Constants.EMPTY_STRING;
1790
+ const loginHint = platformRequest.loginHint || "";
2036
1791
  msalNodeRuntime.msalNodeRuntime.SignInInteractivelyAsync(windowHandle, authParams, platformRequest.correlationId, loginHint, resultCallback);
2037
1792
  break;
2038
1793
  case PromptValue.NONE:
@@ -2052,8 +1807,7 @@ class NativeBrokerPlugin {
2052
1807
  }
2053
1808
  else {
2054
1809
  this.logger.info("Calling native interop SignIn API", platformRequest.correlationId);
2055
- const loginHint = platformRequest.loginHint ||
2056
- Constants.EMPTY_STRING;
1810
+ const loginHint = platformRequest.loginHint || "";
2057
1811
  msalNodeRuntime.msalNodeRuntime.SignInAsync(windowHandle, authParams, platformRequest.correlationId, loginHint, resultCallback);
2058
1812
  }
2059
1813
  break;
@@ -2137,12 +1891,13 @@ class NativeBrokerPlugin {
2137
1891
  const authParams = new msalNodeRuntime.msalNodeRuntime.AuthParameters();
2138
1892
  try {
2139
1893
  authParams.CreateAuthParameters(request.clientId, request.authority);
2140
- authParams.SetRedirectUri(request.redirectUri);
1894
+ authParams.SetRedirectUri(this.chooseRedirectUriByPlatform(request));
2141
1895
  authParams.SetRequestedScopes(request.scopes.join(" "));
2142
1896
  if (request.claims) {
2143
1897
  authParams.SetDecodedClaims(request.claims);
2144
1898
  }
2145
- if (request.authenticationScheme === AuthenticationScheme.POP) {
1899
+ if (request.authenticationScheme ===
1900
+ AuthenticationScheme.POP) {
2146
1901
  if (!request.resourceRequestMethod ||
2147
1902
  !request.resourceRequestUri) {
2148
1903
  throw new Error("Authentication Scheme set to POP but one or more of the following parameters are missing: resourceRequestMethod, resourceRequestUri");
@@ -2233,12 +1988,12 @@ class NativeBrokerPlugin {
2233
1988
  expiresOn: toDateFromSeconds(authResult.expiresOn),
2234
1989
  tokenType: tokenType,
2235
1990
  correlationId: request.correlationId,
2236
- fromNativeBroker: true,
1991
+ fromPlatformBroker: true,
2237
1992
  };
2238
1993
  return result;
2239
1994
  }
2240
1995
  generateAccountInfo(account, idTokenClaims) {
2241
- this.logger.trace("NativeBrokerPlugin - generateAccountInfo called");
1996
+ this.logger.trace("NativeBrokerPlugin - generateAccountInfo called", "");
2242
1997
  const accountInfo = {
2243
1998
  homeAccountId: account.homeAccountId,
2244
1999
  environment: account.environment,
@@ -2262,14 +2017,10 @@ class NativeBrokerPlugin {
2262
2017
  typeof error === "object" &&
2263
2018
  this.isMsalRuntimeError(error)) {
2264
2019
  const { errorCode, errorStatus, errorContext, errorTag } = error;
2265
- const tagString = StringUtils.tagToString(errorTag);
2266
- const enhancedErrorContext = errorContext
2267
- ? `${errorContext} (Error Code: ${errorCode}, Tag: ${tagString})`
2268
- : `(Error Code: ${errorCode}, Tag: ${tagString})`;
2269
2020
  switch (errorStatus) {
2270
2021
  case msalNodeRuntime.ErrorStatus.InteractionRequired:
2271
2022
  case msalNodeRuntime.ErrorStatus.AccountUnusable:
2272
- return new InteractionRequiredAuthError(ErrorCodes.INTERATION_REQUIRED_ERROR_CODE, enhancedErrorContext);
2023
+ return new InteractionRequiredAuthError(ErrorCodes.INTERATION_REQUIRED_ERROR_CODE, errorContext);
2273
2024
  case msalNodeRuntime.ErrorStatus.NoNetwork:
2274
2025
  case msalNodeRuntime.ErrorStatus.NetworkTemporarilyUnavailable:
2275
2026
  return createClientAuthError(noNetworkConnectivity);
@@ -2285,7 +2036,7 @@ class NativeBrokerPlugin {
2285
2036
  case msalNodeRuntime.ErrorStatus.AccountNotFound:
2286
2037
  return createClientAuthError(noAccountFound);
2287
2038
  default:
2288
- return new NativeAuthError(msalNodeRuntime.ErrorStatus[errorStatus], enhancedErrorContext, errorCode, errorTag);
2039
+ return new NativeAuthError(msalNodeRuntime.ErrorStatus[errorStatus], errorContext, errorCode, errorTag);
2289
2040
  }
2290
2041
  }
2291
2042
  throw error;
@@ -2301,5 +2052,4 @@ exports.LibSecretPersistence = LibSecretPersistence;
2301
2052
  exports.NativeBrokerPlugin = NativeBrokerPlugin;
2302
2053
  exports.PersistenceCachePlugin = PersistenceCachePlugin;
2303
2054
  exports.PersistenceCreator = PersistenceCreator;
2304
- exports.StringUtils = StringUtils;
2305
2055
  //# sourceMappingURL=msal-node-extensions.cjs.map