@azure/msal-node-extensions 1.5.26 → 5.0.0-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (56) hide show
  1. package/bin/arm64/dpapi.node +0 -0
  2. package/bin/ia32/dpapi.node +0 -0
  3. package/bin/x64/dpapi.node +0 -0
  4. package/dist/Dpapi.mjs +1 -1
  5. package/dist/broker/NativeBrokerPlugin.mjs +24 -25
  6. package/dist/broker/NativeBrokerPlugin.mjs.map +1 -1
  7. package/dist/error/PersistenceError.mjs +1 -1
  8. package/dist/index.mjs +1 -1
  9. package/dist/lib/msal-common/dist/constants/AADServerParamKeys.mjs +2 -2
  10. package/dist/lib/msal-common/dist/constants/AADServerParamKeys.mjs.map +1 -1
  11. package/dist/lib/msal-common/dist/error/AuthError.mjs +16 -11
  12. package/dist/lib/msal-common/dist/error/AuthError.mjs.map +1 -1
  13. package/dist/lib/msal-common/dist/error/ClientAuthError.mjs +4 -57
  14. package/dist/lib/msal-common/dist/error/ClientAuthError.mjs.map +1 -1
  15. package/dist/lib/msal-common/dist/error/ClientAuthErrorCodes.mjs +3 -48
  16. package/dist/lib/msal-common/dist/error/ClientAuthErrorCodes.mjs.map +1 -1
  17. package/dist/lib/msal-common/dist/error/ClientConfigurationError.mjs +4 -31
  18. package/dist/lib/msal-common/dist/error/ClientConfigurationError.mjs.map +1 -1
  19. package/dist/lib/msal-common/dist/error/ClientConfigurationErrorCodes.mjs +4 -31
  20. package/dist/lib/msal-common/dist/error/ClientConfigurationErrorCodes.mjs.map +1 -1
  21. package/dist/lib/msal-common/dist/error/InteractionRequiredAuthError.mjs +6 -7
  22. package/dist/lib/msal-common/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
  23. package/dist/lib/msal-common/dist/error/PlatformBrokerError.mjs +4 -3
  24. package/dist/lib/msal-common/dist/error/PlatformBrokerError.mjs.map +1 -1
  25. package/dist/lib/msal-common/dist/error/ServerError.mjs +2 -2
  26. package/dist/lib/msal-common/dist/error/ServerError.mjs.map +1 -1
  27. package/dist/lib/msal-common/dist/logger/Logger.mjs +91 -23
  28. package/dist/lib/msal-common/dist/logger/Logger.mjs.map +1 -1
  29. package/dist/lib/msal-common/dist/telemetry/server/ServerTelemetryManager.mjs +29 -31
  30. package/dist/lib/msal-common/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
  31. package/dist/lib/msal-common/dist/utils/Constants.mjs +15 -79
  32. package/dist/lib/msal-common/dist/utils/Constants.mjs.map +1 -1
  33. package/dist/lib/msal-common/dist/utils/TimeUtils.mjs +2 -2
  34. package/dist/lib/msal-common/dist/utils/TimeUtils.mjs.map +1 -1
  35. package/dist/lock/CrossPlatformLock.mjs +10 -10
  36. package/dist/lock/CrossPlatformLock.mjs.map +1 -1
  37. package/dist/packageMetadata.d.ts +1 -1
  38. package/dist/packageMetadata.mjs +2 -2
  39. package/dist/persistence/BasePersistence.mjs +1 -1
  40. package/dist/persistence/DataProtectionScope.mjs +1 -1
  41. package/dist/persistence/FilePersistence.mjs +5 -5
  42. package/dist/persistence/FilePersistence.mjs.map +1 -1
  43. package/dist/persistence/FilePersistenceWithDataProtection.mjs +2 -2
  44. package/dist/persistence/FilePersistenceWithDataProtection.mjs.map +1 -1
  45. package/dist/persistence/KeychainPersistence.mjs +1 -1
  46. package/dist/persistence/LibSecretPersistence.mjs +1 -1
  47. package/dist/persistence/PersistenceCachePlugin.mjs +12 -12
  48. package/dist/persistence/PersistenceCachePlugin.mjs.map +1 -1
  49. package/dist/persistence/PersistenceCreator.mjs +1 -1
  50. package/dist/utils/Constants.mjs +1 -1
  51. package/dist/utils/Environment.mjs +1 -1
  52. package/dist/utils/TypeGuards.mjs +1 -1
  53. package/lib/msal-node-extensions.cjs +259 -398
  54. package/lib/msal-node-extensions.cjs.map +1 -1
  55. package/lib/types/packageMetadata.d.ts +1 -1
  56. package/package.json +4 -6
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-node-extensions v1.5.26 2025-12-04 */
1
+ /*! @azure/msal-node-extensions v5.0.0-beta.0 2025-12-05 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
@@ -14,7 +14,7 @@ var _documentCurrentScript = typeof document !== 'undefined' ? document.currentS
14
14
  * Copyright (c) Microsoft Corporation. All rights reserved.
15
15
  * Licensed under the MIT License.
16
16
  */
17
- const Constants$1 = {
17
+ const Constants = {
18
18
  /**
19
19
  * An existing file was the target of an operation that required that the target not exist
20
20
  */
@@ -188,21 +188,21 @@ class CrossPlatformLock {
188
188
  async lock() {
189
189
  for (let tryCount = 0; tryCount < this.retryNumber; tryCount++) {
190
190
  try {
191
- this.logger.info(`Pid ${process$1.pid} trying to acquire lock`);
191
+ this.logger.info(`Pid ${process$1.pid} trying to acquire lock`, "");
192
192
  this.lockFileHandle = await fs.promises.open(this.lockFilePath, "wx+");
193
- this.logger.info(`Pid ${process$1.pid} acquired lock`);
193
+ this.logger.info(`Pid ${process$1.pid} acquired lock`, "");
194
194
  await this.lockFileHandle.write(process$1.pid.toString());
195
195
  return;
196
196
  }
197
197
  catch (err) {
198
198
  if (isNodeError(err)) {
199
- if (err.code === Constants$1.EEXIST_ERROR ||
200
- err.code === Constants$1.EPERM_ERROR) {
201
- this.logger.info(err.message);
199
+ if (err.code === Constants.EEXIST_ERROR ||
200
+ err.code === Constants.EPERM_ERROR) {
201
+ this.logger.info(err.message, "");
202
202
  await this.sleep(this.retryDelay);
203
203
  }
204
204
  else {
205
- this.logger.error(`${process$1.pid} was not able to acquire lock. Ran into error: ${err.message}`);
205
+ this.logger.error(`${process$1.pid} was not able to acquire lock. Ran into error: ${err.message}`, "");
206
206
  throw PersistenceError.createCrossPlatformLockError(err.message);
207
207
  }
208
208
  }
@@ -211,7 +211,7 @@ class CrossPlatformLock {
211
211
  }
212
212
  }
213
213
  }
214
- this.logger.error(`${process$1.pid} was not able to acquire lock. Exceeded amount of retries set in the options`);
214
+ this.logger.error(`${process$1.pid} was not able to acquire lock. Exceeded amount of retries set in the options`, "");
215
215
  throw PersistenceError.createCrossPlatformLockError("Not able to acquire lock. Exceeded amount of retries set in options");
216
216
  }
217
217
  /**
@@ -223,19 +223,19 @@ class CrossPlatformLock {
223
223
  // if we have a file handle to the .lockfile, delete lock file
224
224
  await fs.promises.unlink(this.lockFilePath);
225
225
  await this.lockFileHandle.close();
226
- this.logger.info("lockfile deleted");
226
+ this.logger.info("lockfile deleted", "");
227
227
  }
228
228
  else {
229
- this.logger.warning("lockfile handle does not exist, so lockfile could not be deleted");
229
+ this.logger.warning("lockfile handle does not exist, so lockfile could not be deleted", "");
230
230
  }
231
231
  }
232
232
  catch (err) {
233
233
  if (isNodeError(err)) {
234
- if (err.code === Constants$1.ENOENT_ERROR) {
235
- this.logger.info("Tried to unlock but lockfile does not exist");
234
+ if (err.code === Constants.ENOENT_ERROR) {
235
+ this.logger.info("Tried to unlock but lockfile does not exist", "");
236
236
  }
237
237
  else {
238
- this.logger.error(`${process$1.pid} was not able to release lock. Ran into error: ${err.message}`);
238
+ this.logger.error(`${process$1.pid} was not able to release lock. Ran into error: ${err.message}`, "");
239
239
  throw PersistenceError.createCrossPlatformLockError(err.message);
240
240
  }
241
241
  }
@@ -289,17 +289,17 @@ class PersistenceCachePlugin {
289
289
  * beforeCacheAccess() and afterCacheAccess().
290
290
  */
291
291
  async beforeCacheAccess(cacheContext) {
292
- this.logger.info("Executing before cache access");
292
+ this.logger.info("Executing before cache access", "");
293
293
  const reloadNecessary = await this.persistence.reloadNecessary(this.lastSync);
294
294
  if (!reloadNecessary && this.currentCache !== null) {
295
295
  if (cacheContext.cacheHasChanged) {
296
- this.logger.verbose("Cache context has changed");
296
+ this.logger.verbose("Cache context has changed", "");
297
297
  await this.crossPlatformLock.lock();
298
298
  }
299
299
  return;
300
300
  }
301
301
  try {
302
- this.logger.info(`Reload necessary. Last sync time: ${this.lastSync}`);
302
+ this.logger.info(`Reload necessary. Last sync time: ${this.lastSync}`, "");
303
303
  await this.crossPlatformLock.lock();
304
304
  this.currentCache = await this.persistence.load();
305
305
  this.lastSync = new Date().getTime();
@@ -307,17 +307,17 @@ class PersistenceCachePlugin {
307
307
  cacheContext.tokenCache.deserialize(this.currentCache);
308
308
  }
309
309
  else {
310
- this.logger.info("Cache empty.");
310
+ this.logger.info("Cache empty.", "");
311
311
  }
312
- this.logger.info(`Last sync time updated to: ${this.lastSync}`);
312
+ this.logger.info(`Last sync time updated to: ${this.lastSync}`, "");
313
313
  }
314
314
  finally {
315
315
  if (!cacheContext.cacheHasChanged) {
316
316
  await this.crossPlatformLock.unlock();
317
- this.logger.info(`Pid ${process$1.pid} released lock`);
317
+ this.logger.info(`Pid ${process$1.pid} released lock`, "");
318
318
  }
319
319
  else {
320
- this.logger.info(`Pid ${process$1.pid} beforeCacheAccess did not release lock`);
320
+ this.logger.info(`Pid ${process$1.pid} beforeCacheAccess did not release lock`, "");
321
321
  }
322
322
  }
323
323
  }
@@ -325,81 +325,25 @@ class PersistenceCachePlugin {
325
325
  * Writes to storage if MSAL in memory copy of cache has been changed.
326
326
  */
327
327
  async afterCacheAccess(cacheContext) {
328
- this.logger.info("Executing after cache access");
328
+ this.logger.info("Executing after cache access", "");
329
329
  try {
330
330
  if (cacheContext.cacheHasChanged) {
331
- this.logger.info("Msal in-memory cache has changed. Writing changes to persistence");
331
+ this.logger.info("Msal in-memory cache has changed. Writing changes to persistence", "");
332
332
  this.currentCache = cacheContext.tokenCache.serialize();
333
333
  await this.persistence.save(this.currentCache);
334
334
  }
335
335
  else {
336
- this.logger.info("Msal in-memory cache has not changed. Did not write to persistence");
336
+ this.logger.info("Msal in-memory cache has not changed. Did not write to persistence", "");
337
337
  }
338
338
  }
339
339
  finally {
340
340
  await this.crossPlatformLock.unlock();
341
- this.logger.info(`Pid ${process$1.pid} afterCacheAccess released lock`);
341
+ this.logger.info(`Pid ${process$1.pid} afterCacheAccess released lock`, "");
342
342
  }
343
343
  }
344
344
  }
345
345
 
346
- /*! @azure/msal-common v15.13.3 2025-12-04 */
347
- /*
348
- * Copyright (c) Microsoft Corporation. All rights reserved.
349
- * Licensed under the MIT License.
350
- */
351
- const Constants = {
352
- LIBRARY_NAME: "MSAL.JS",
353
- SKU: "msal.js.common",
354
- // default authority
355
- DEFAULT_AUTHORITY: "https://login.microsoftonline.com/common/",
356
- DEFAULT_AUTHORITY_HOST: "login.microsoftonline.com",
357
- DEFAULT_COMMON_TENANT: "common",
358
- // ADFS String
359
- ADFS: "adfs",
360
- DSTS: "dstsv2",
361
- // Default AAD Instance Discovery Endpoint
362
- AAD_INSTANCE_DISCOVERY_ENDPT: "https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=",
363
- // CIAM URL
364
- CIAM_AUTH_URL: ".ciamlogin.com",
365
- AAD_TENANT_DOMAIN_SUFFIX: ".onmicrosoft.com",
366
- // Resource delimiter - used for certain cache entries
367
- RESOURCE_DELIM: "|",
368
- // Placeholder for non-existent account ids/objects
369
- NO_ACCOUNT: "NO_ACCOUNT",
370
- // Claims
371
- CLAIMS: "claims",
372
- // Consumer UTID
373
- CONSUMER_UTID: "9188040d-6c67-4c5b-b112-36a304b66dad",
374
- // Default scopes
375
- OPENID_SCOPE: "openid",
376
- PROFILE_SCOPE: "profile",
377
- OFFLINE_ACCESS_SCOPE: "offline_access",
378
- EMAIL_SCOPE: "email",
379
- CODE_GRANT_TYPE: "authorization_code",
380
- RT_GRANT_TYPE: "refresh_token",
381
- S256_CODE_CHALLENGE_METHOD: "S256",
382
- URL_FORM_CONTENT_TYPE: "application/x-www-form-urlencoded;charset=utf-8",
383
- AUTHORIZATION_PENDING: "authorization_pending",
384
- NOT_DEFINED: "not_defined",
385
- EMPTY_STRING: "",
386
- NOT_APPLICABLE: "N/A",
387
- NOT_AVAILABLE: "Not Available",
388
- FORWARD_SLASH: "/",
389
- IMDS_ENDPOINT: "http://169.254.169.254/metadata/instance/compute/location",
390
- IMDS_VERSION: "2020-06-01",
391
- IMDS_TIMEOUT: 2000,
392
- AZURE_REGION_AUTO_DISCOVER_FLAG: "TryAutoDetect",
393
- REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX: "login.microsoft.com",
394
- KNOWN_PUBLIC_CLOUDS: [
395
- "login.microsoftonline.com",
396
- "login.windows.net",
397
- "login.microsoft.com",
398
- "sts.windows.net",
399
- ],
400
- SHR_NONCE_VALIDITY: 240,
401
- INVALID_INSTANCE: "invalid_instance",
402
- };
346
+ /*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
403
347
  /**
404
348
  * we considered making this "enum" in the request instead of string, however it looks like the allowed list of
405
349
  * prompt values kept changing over past couple of years. There are some undocumented prompt values for some
@@ -408,35 +352,27 @@ const Constants = {
408
352
  const PromptValue = {
409
353
  LOGIN: "login",
410
354
  SELECT_ACCOUNT: "select_account",
411
- CONSENT: "consent",
412
355
  NONE: "none",
413
- CREATE: "create",
414
- NO_SESSION: "no_session",
415
- };
356
+ CREATE: "create"};
416
357
  /**
417
358
  * Separators used in cache
418
359
  */
419
- const Separators = {
420
- CACHE_KEY_SEPARATOR: "-"};
421
- const SERVER_TELEM_CONSTANTS = {
422
- SCHEMA_VERSION: 5,
423
- MAX_LAST_HEADER_BYTES: 330,
424
- MAX_CACHED_ERRORS: 50,
425
- CACHE_KEY: "server-telemetry",
426
- CATEGORY_SEPARATOR: "|",
427
- VALUE_SEPARATOR: ",",
428
- OVERFLOW_TRUE: "1",
429
- OVERFLOW_FALSE: "0",
430
- UNKNOWN_ERROR: "unknown_error",
431
- };
360
+ const CACHE_KEY_SEPARATOR = "-";
361
+ const SERVER_TELEM_SCHEMA_VERSION = 5;
362
+ const SERVER_TELEM_MAX_LAST_HEADER_BYTES = 330; // ESTS limit is 350B, set to 330 to provide a 20B buffer,
363
+ const SERVER_TELEM_MAX_CACHED_ERRORS = 50; // Limit the number of errors that can be stored to prevent uncontrolled size gains
364
+ const SERVER_TELEM_CACHE_KEY = "server-telemetry";
365
+ const SERVER_TELEM_CATEGORY_SEPARATOR = "|";
366
+ const SERVER_TELEM_VALUE_SEPARATOR = ",";
367
+ const SERVER_TELEM_OVERFLOW_TRUE = "1";
368
+ const SERVER_TELEM_OVERFLOW_FALSE = "0";
369
+ const SERVER_TELEM_UNKNOWN_ERROR = "unknown_error";
432
370
  /**
433
371
  * Type of the authentication request
434
372
  */
435
373
  const AuthenticationScheme = {
436
374
  BEARER: "Bearer",
437
- POP: "pop",
438
- SSH: "ssh-cert",
439
- };
375
+ POP: "pop"};
440
376
  /**
441
377
  * Specifies the reason for fetching the access token from the identity provider
442
378
  */
@@ -444,20 +380,30 @@ const CacheOutcome = {
444
380
  // When a token is found in the cache or the cache is not supposed to be hit when making the request
445
381
  NOT_APPLICABLE: "0"};
446
382
 
447
- /*! @azure/msal-common v15.13.3 2025-12-04 */
383
+ /*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
384
+ const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
385
+
386
+ /*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
387
+ /*
388
+ * Copyright (c) Microsoft Corporation. All rights reserved.
389
+ * Licensed under the MIT License.
390
+ */
391
+ function getDefaultErrorMessage(code) {
392
+ return `See https://aka.ms/msal.js.errors#${code} for details`;
393
+ }
448
394
  /**
449
395
  * General error class thrown by the MSAL.js library.
450
396
  */
451
397
  class AuthError extends Error {
452
398
  constructor(errorCode, errorMessage, suberror) {
453
- const errorString = errorMessage
454
- ? `${errorCode}: ${errorMessage}`
455
- : errorCode;
399
+ const message = errorMessage ||
400
+ (errorCode ? getDefaultErrorMessage(errorCode) : "");
401
+ const errorString = message ? `${errorCode}: ${message}` : errorCode;
456
402
  super(errorString);
457
403
  Object.setPrototypeOf(this, AuthError.prototype);
458
- this.errorCode = errorCode || Constants.EMPTY_STRING;
459
- this.errorMessage = errorMessage || Constants.EMPTY_STRING;
460
- this.subError = suberror || Constants.EMPTY_STRING;
404
+ this.errorCode = errorCode || "";
405
+ this.errorMessage = message || "";
406
+ this.subError = suberror || "";
461
407
  this.name = "AuthError";
462
408
  }
463
409
  setCorrelationId(correlationId) {
@@ -465,58 +411,27 @@ class AuthError extends Error {
465
411
  }
466
412
  }
467
413
 
468
- /*! @azure/msal-common v15.13.3 2025-12-04 */
414
+ /*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
415
+
469
416
  /*
470
417
  * Copyright (c) Microsoft Corporation. All rights reserved.
471
418
  * Licensed under the MIT License.
472
419
  */
473
- const clientInfoDecodingError = "client_info_decoding_error";
474
- const clientInfoEmptyError = "client_info_empty_error";
475
- const tokenParsingError = "token_parsing_error";
476
- const nullOrEmptyToken = "null_or_empty_token";
477
- const endpointResolutionError = "endpoints_resolution_error";
478
- const networkError = "network_error";
479
- const openIdConfigError = "openid_config_error";
480
- const hashNotDeserialized = "hash_not_deserialized";
481
- const invalidState = "invalid_state";
482
- const stateMismatch = "state_mismatch";
483
- const stateNotFound = "state_not_found";
484
- const nonceMismatch = "nonce_mismatch";
485
- const authTimeNotFound = "auth_time_not_found";
486
- const maxAgeTranspired = "max_age_transpired";
487
- const multipleMatchingTokens = "multiple_matching_tokens";
488
- const multipleMatchingAccounts = "multiple_matching_accounts";
489
- const multipleMatchingAppMetadata = "multiple_matching_appMetadata";
490
- const requestCannotBeMade = "request_cannot_be_made";
491
- const cannotRemoveEmptyScope = "cannot_remove_empty_scope";
492
- const cannotAppendScopeSet = "cannot_append_scopeset";
493
- const emptyInputScopeSet = "empty_input_scopeset";
494
- const deviceCodePollingCancelled = "device_code_polling_cancelled";
495
- const deviceCodeExpired = "device_code_expired";
496
- const deviceCodeUnknownError = "device_code_unknown_error";
497
- const noAccountInSilentRequest = "no_account_in_silent_request";
498
- const invalidCacheRecord = "invalid_cache_record";
499
- const invalidCacheEnvironment = "invalid_cache_environment";
500
- const noAccountFound = "no_account_found";
501
- const noCryptoObject = "no_crypto_object";
502
- const unexpectedCredentialType = "unexpected_credential_type";
503
- const invalidAssertion = "invalid_assertion";
504
- const invalidClientCredential = "invalid_client_credential";
505
- const tokenRefreshRequired = "token_refresh_required";
506
- const userTimeoutReached = "user_timeout_reached";
507
- const tokenClaimsCnfRequiredForSignedJwt = "token_claims_cnf_required_for_signedjwt";
508
- const authorizationCodeMissingFromServerResponse = "authorization_code_missing_from_server_response";
509
- const bindingKeyNotRemoved = "binding_key_not_removed";
510
- const endSessionEndpointNotSupported = "end_session_endpoint_not_supported";
511
- const keyIdMissing = "key_id_missing";
512
- const noNetworkConnectivity = "no_network_connectivity";
513
- const userCanceled = "user_canceled";
514
- const missingTenantIdError = "missing_tenant_id_error";
515
- const methodNotImplemented = "method_not_implemented";
516
- const nestedAppAuthBridgeDisabled = "nested_app_auth_bridge_disabled";
517
- const platformBrokerError = "platform_broker_error";
420
+ /**
421
+ * Error thrown when there is an error in configuration of the MSAL.js library.
422
+ */
423
+ class ClientConfigurationError extends AuthError {
424
+ constructor(errorCode) {
425
+ super(errorCode);
426
+ this.name = "ClientConfigurationError";
427
+ Object.setPrototypeOf(this, ClientConfigurationError.prototype);
428
+ }
429
+ }
430
+ function createClientConfigurationError(errorCode) {
431
+ return new ClientConfigurationError(errorCode);
432
+ }
518
433
 
519
- /*! @azure/msal-common v15.13.3 2025-12-04 */
434
+ /*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
520
435
 
521
436
  /*
522
437
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -525,64 +440,12 @@ const platformBrokerError = "platform_broker_error";
525
440
  /**
526
441
  * ClientAuthErrorMessage class containing string constants used by error codes and messages.
527
442
  */
528
- const ClientAuthErrorMessages = {
529
- [clientInfoDecodingError]: "The client info could not be parsed/decoded correctly",
530
- [clientInfoEmptyError]: "The client info was empty",
531
- [tokenParsingError]: "Token cannot be parsed",
532
- [nullOrEmptyToken]: "The token is null or empty",
533
- [endpointResolutionError]: "Endpoints cannot be resolved",
534
- [networkError]: "Network request failed",
535
- [openIdConfigError]: "Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints.",
536
- [hashNotDeserialized]: "The hash parameters could not be deserialized",
537
- [invalidState]: "State was not the expected format",
538
- [stateMismatch]: "State mismatch error",
539
- [stateNotFound]: "State not found",
540
- [nonceMismatch]: "Nonce mismatch error",
541
- [authTimeNotFound]: "Max Age was requested and the ID token is missing the auth_time variable." +
542
- " auth_time is an optional claim and is not enabled by default - it must be enabled." +
543
- " See https://aka.ms/msaljs/optional-claims for more information.",
544
- [maxAgeTranspired]: "Max Age is set to 0, or too much time has elapsed since the last end-user authentication.",
545
- [multipleMatchingTokens]: "The cache contains multiple tokens satisfying the requirements. " +
546
- "Call AcquireToken again providing more requirements such as authority or account.",
547
- [multipleMatchingAccounts]: "The cache contains multiple accounts satisfying the given parameters. Please pass more info to obtain the correct account",
548
- [multipleMatchingAppMetadata]: "The cache contains multiple appMetadata satisfying the given parameters. Please pass more info to obtain the correct appMetadata",
549
- [requestCannotBeMade]: "Token request cannot be made without authorization code or refresh token.",
550
- [cannotRemoveEmptyScope]: "Cannot remove null or empty scope from ScopeSet",
551
- [cannotAppendScopeSet]: "Cannot append ScopeSet",
552
- [emptyInputScopeSet]: "Empty input ScopeSet cannot be processed",
553
- [deviceCodePollingCancelled]: "Caller has cancelled token endpoint polling during device code flow by setting DeviceCodeRequest.cancel = true.",
554
- [deviceCodeExpired]: "Device code is expired.",
555
- [deviceCodeUnknownError]: "Device code stopped polling for unknown reasons.",
556
- [noAccountInSilentRequest]: "Please pass an account object, silent flow is not supported without account information",
557
- [invalidCacheRecord]: "Cache record object was null or undefined.",
558
- [invalidCacheEnvironment]: "Invalid environment when attempting to create cache entry",
559
- [noAccountFound]: "No account found in cache for given key.",
560
- [noCryptoObject]: "No crypto object detected.",
561
- [unexpectedCredentialType]: "Unexpected credential type.",
562
- [invalidAssertion]: "Client assertion must meet requirements described in https://tools.ietf.org/html/rfc7515",
563
- [invalidClientCredential]: "Client credential (secret, certificate, or assertion) must not be empty when creating a confidential client. An application should at most have one credential",
564
- [tokenRefreshRequired]: "Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.",
565
- [userTimeoutReached]: "User defined timeout for device code polling reached",
566
- [tokenClaimsCnfRequiredForSignedJwt]: "Cannot generate a POP jwt if the token_claims are not populated",
567
- [authorizationCodeMissingFromServerResponse]: "Server response does not contain an authorization code to proceed",
568
- [bindingKeyNotRemoved]: "Could not remove the credential's binding key from storage.",
569
- [endSessionEndpointNotSupported]: "The provided authority does not support logout",
570
- [keyIdMissing]: "A keyId value is missing from the requested bound token's cache record and is required to match the token to it's stored binding key.",
571
- [noNetworkConnectivity]: "No network connectivity. Check your internet connection.",
572
- [userCanceled]: "User cancelled the flow.",
573
- [missingTenantIdError]: "A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.",
574
- [methodNotImplemented]: "This method has not been implemented",
575
- [nestedAppAuthBridgeDisabled]: "The nested app auth bridge is disabled",
576
- [platformBrokerError]: "An error occurred in the native broker. See the platformBrokerError property for details.",
577
- };
578
443
  /**
579
444
  * Error thrown when there is an error in the client code running on the browser.
580
445
  */
581
446
  class ClientAuthError extends AuthError {
582
447
  constructor(errorCode, additionalMessage) {
583
- super(errorCode, additionalMessage
584
- ? `${ClientAuthErrorMessages[errorCode]}: ${additionalMessage}`
585
- : ClientAuthErrorMessages[errorCode]);
448
+ super(errorCode, additionalMessage);
586
449
  this.name = "ClientAuthError";
587
450
  Object.setPrototypeOf(this, ClientAuthError.prototype);
588
451
  }
@@ -591,8 +454,16 @@ function createClientAuthError(errorCode, additionalMessage) {
591
454
  return new ClientAuthError(errorCode, additionalMessage);
592
455
  }
593
456
 
594
- /*! @azure/msal-common v15.13.3 2025-12-04 */
457
+ /*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
458
+ const untrustedAuthority = "untrusted_authority";
459
+
460
+ /*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
461
+ const noAccountFound = "no_account_found";
462
+ const noNetworkConnectivity = "no_network_connectivity";
463
+ const userCanceled = "user_canceled";
464
+ const platformBrokerError = "platform_broker_error";
595
465
 
466
+ /*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
596
467
  /*
597
468
  * Copyright (c) Microsoft Corporation. All rights reserved.
598
469
  * Licensed under the MIT License.
@@ -608,6 +479,70 @@ var LogLevel;
608
479
  LogLevel[LogLevel["Verbose"] = 3] = "Verbose";
609
480
  LogLevel[LogLevel["Trace"] = 4] = "Trace";
610
481
  })(LogLevel || (LogLevel = {}));
482
+ // Shared cache state for better minification - using Map's insertion order for LRU
483
+ const CACHE_CAPACITY = 50;
484
+ const MAX_LOGS_PER_CORRELATION = 500;
485
+ const correlationCache = new Map();
486
+ /**
487
+ * Mark correlation ID as recently used by moving it to end of Map
488
+ * @param correlationId
489
+ * @param {CorrelationLogData} data
490
+ */
491
+ function markAsRecentlyUsed(correlationId, data) {
492
+ correlationCache.delete(correlationId);
493
+ correlationCache.set(correlationId, data);
494
+ }
495
+ /**
496
+ * Add log message to cache for specific correlation ID
497
+ * @param correlationId
498
+ * @param {LoggedMessage} loggedMessage
499
+ */
500
+ function addLogToCache(correlationId, loggedMessage) {
501
+ const currentTime = Date.now();
502
+ let data = correlationCache.get(correlationId);
503
+ if (data) {
504
+ // Mark as recently used
505
+ markAsRecentlyUsed(correlationId, data);
506
+ }
507
+ else {
508
+ // Create new entry
509
+ data = { logs: [], firstEventTime: currentTime };
510
+ correlationCache.set(correlationId, data);
511
+ // Remove LRU (first entry) if capacity exceeded
512
+ if (correlationCache.size > CACHE_CAPACITY) {
513
+ const firstKey = correlationCache.keys().next().value;
514
+ if (firstKey) {
515
+ correlationCache.delete(firstKey);
516
+ }
517
+ }
518
+ }
519
+ // Add log to the data, maintaining max logs per correlation
520
+ data.logs.push({
521
+ ...loggedMessage,
522
+ milliseconds: currentTime - data.firstEventTime,
523
+ });
524
+ if (data.logs.length > MAX_LOGS_PER_CORRELATION) {
525
+ data.logs.shift(); // Remove oldest log
526
+ }
527
+ }
528
+ /**
529
+ * Checks if a string is already a hashed logging string (6 alphanumeric characters)
530
+ */
531
+ function isHashedString(str) {
532
+ if (str.length !== 6) {
533
+ return false;
534
+ }
535
+ for (let i = 0; i < str.length; i++) {
536
+ const char = str[i];
537
+ const isAlphaNumeric = (char >= "a" && char <= "z") ||
538
+ (char >= "A" && char <= "Z") ||
539
+ (char >= "0" && char <= "9");
540
+ if (!isAlphaNumeric) {
541
+ return false;
542
+ }
543
+ }
544
+ return true;
545
+ }
611
546
  /**
612
547
  * Class which facilitates logging of messages to a specific place.
613
548
  */
@@ -626,10 +561,8 @@ class Logger {
626
561
  typeof setLoggerOptions.logLevel === "number"
627
562
  ? setLoggerOptions.logLevel
628
563
  : LogLevel.Info;
629
- this.correlationId =
630
- setLoggerOptions.correlationId || Constants.EMPTY_STRING;
631
- this.packageName = packageName || Constants.EMPTY_STRING;
632
- this.packageVersion = packageVersion || Constants.EMPTY_STRING;
564
+ this.packageName = packageName || "";
565
+ this.packageVersion = packageVersion || "";
633
566
  }
634
567
  static createDefaultLoggerOptions() {
635
568
  return {
@@ -643,27 +576,36 @@ class Logger {
643
576
  /**
644
577
  * Create new Logger with existing configurations.
645
578
  */
646
- clone(packageName, packageVersion, correlationId) {
579
+ clone(packageName, packageVersion) {
647
580
  return new Logger({
648
581
  loggerCallback: this.localCallback,
649
582
  piiLoggingEnabled: this.piiLoggingEnabled,
650
583
  logLevel: this.level,
651
- correlationId: correlationId || this.correlationId,
652
584
  }, packageName, packageVersion);
653
585
  }
654
586
  /**
655
587
  * Log message with required options.
656
588
  */
657
589
  logMessage(logMessage, options) {
590
+ const correlationId = options.correlationId;
591
+ const isHashedInput = isHashedString(logMessage);
592
+ if (isHashedInput) {
593
+ const loggedMessage = {
594
+ hash: logMessage,
595
+ level: options.logLevel,
596
+ containsPii: options.containsPii || false,
597
+ milliseconds: 0, // Will be calculated in addLogToCache
598
+ };
599
+ addLogToCache(correlationId, loggedMessage);
600
+ }
658
601
  if (options.logLevel > this.level ||
659
602
  (!this.piiLoggingEnabled && options.containsPii)) {
660
603
  return;
661
604
  }
662
605
  const timestamp = new Date().toUTCString();
663
606
  // Add correlationId to logs if set, correlationId provided on log messages take precedence
664
- const logHeader = `[${timestamp}] : [${options.correlationId || this.correlationId || ""}]`;
607
+ const logHeader = `[${timestamp}] : [${correlationId}]`;
665
608
  const log = `${logHeader} : ${this.packageName}@${this.packageVersion} : ${LogLevel[options.logLevel]} - ${logMessage}`;
666
- // debug(`msal:${LogLevel[options.logLevel]}${options.containsPii ? "-Pii": Constants.EMPTY_STRING}${options.context ? `:${options.context}` : Constants.EMPTY_STRING}`)(logMessage);
667
609
  this.executeCallback(options.logLevel, log, options.containsPii || false);
668
610
  }
669
611
  /**
@@ -681,7 +623,7 @@ class Logger {
681
623
  this.logMessage(message, {
682
624
  logLevel: LogLevel.Error,
683
625
  containsPii: false,
684
- correlationId: correlationId || Constants.EMPTY_STRING,
626
+ correlationId: correlationId,
685
627
  });
686
628
  }
687
629
  /**
@@ -691,7 +633,7 @@ class Logger {
691
633
  this.logMessage(message, {
692
634
  logLevel: LogLevel.Error,
693
635
  containsPii: true,
694
- correlationId: correlationId || Constants.EMPTY_STRING,
636
+ correlationId: correlationId,
695
637
  });
696
638
  }
697
639
  /**
@@ -701,7 +643,7 @@ class Logger {
701
643
  this.logMessage(message, {
702
644
  logLevel: LogLevel.Warning,
703
645
  containsPii: false,
704
- correlationId: correlationId || Constants.EMPTY_STRING,
646
+ correlationId: correlationId,
705
647
  });
706
648
  }
707
649
  /**
@@ -711,7 +653,7 @@ class Logger {
711
653
  this.logMessage(message, {
712
654
  logLevel: LogLevel.Warning,
713
655
  containsPii: true,
714
- correlationId: correlationId || Constants.EMPTY_STRING,
656
+ correlationId: correlationId,
715
657
  });
716
658
  }
717
659
  /**
@@ -721,7 +663,7 @@ class Logger {
721
663
  this.logMessage(message, {
722
664
  logLevel: LogLevel.Info,
723
665
  containsPii: false,
724
- correlationId: correlationId || Constants.EMPTY_STRING,
666
+ correlationId: correlationId,
725
667
  });
726
668
  }
727
669
  /**
@@ -731,7 +673,7 @@ class Logger {
731
673
  this.logMessage(message, {
732
674
  logLevel: LogLevel.Info,
733
675
  containsPii: true,
734
- correlationId: correlationId || Constants.EMPTY_STRING,
676
+ correlationId: correlationId,
735
677
  });
736
678
  }
737
679
  /**
@@ -741,7 +683,7 @@ class Logger {
741
683
  this.logMessage(message, {
742
684
  logLevel: LogLevel.Verbose,
743
685
  containsPii: false,
744
- correlationId: correlationId || Constants.EMPTY_STRING,
686
+ correlationId: correlationId,
745
687
  });
746
688
  }
747
689
  /**
@@ -751,7 +693,7 @@ class Logger {
751
693
  this.logMessage(message, {
752
694
  logLevel: LogLevel.Verbose,
753
695
  containsPii: true,
754
- correlationId: correlationId || Constants.EMPTY_STRING,
696
+ correlationId: correlationId,
755
697
  });
756
698
  }
757
699
  /**
@@ -761,7 +703,7 @@ class Logger {
761
703
  this.logMessage(message, {
762
704
  logLevel: LogLevel.Trace,
763
705
  containsPii: false,
764
- correlationId: correlationId || Constants.EMPTY_STRING,
706
+ correlationId: correlationId,
765
707
  });
766
708
  }
767
709
  /**
@@ -771,7 +713,7 @@ class Logger {
771
713
  this.logMessage(message, {
772
714
  logLevel: LogLevel.Trace,
773
715
  containsPii: true,
774
- correlationId: correlationId || Constants.EMPTY_STRING,
716
+ correlationId: correlationId,
775
717
  });
776
718
  }
777
719
  /**
@@ -782,98 +724,7 @@ class Logger {
782
724
  }
783
725
  }
784
726
 
785
- /*! @azure/msal-common v15.13.3 2025-12-04 */
786
- /*
787
- * Copyright (c) Microsoft Corporation. All rights reserved.
788
- * Licensed under the MIT License.
789
- */
790
- const redirectUriEmpty = "redirect_uri_empty";
791
- const claimsRequestParsingError = "claims_request_parsing_error";
792
- const authorityUriInsecure = "authority_uri_insecure";
793
- const urlParseError = "url_parse_error";
794
- const urlEmptyError = "empty_url_error";
795
- const emptyInputScopesError = "empty_input_scopes_error";
796
- const invalidClaims = "invalid_claims";
797
- const tokenRequestEmpty = "token_request_empty";
798
- const logoutRequestEmpty = "logout_request_empty";
799
- const invalidCodeChallengeMethod = "invalid_code_challenge_method";
800
- const pkceParamsMissing = "pkce_params_missing";
801
- const invalidCloudDiscoveryMetadata = "invalid_cloud_discovery_metadata";
802
- const invalidAuthorityMetadata = "invalid_authority_metadata";
803
- const untrustedAuthority = "untrusted_authority";
804
- const missingSshJwk = "missing_ssh_jwk";
805
- const missingSshKid = "missing_ssh_kid";
806
- const missingNonceAuthenticationHeader = "missing_nonce_authentication_header";
807
- const invalidAuthenticationHeader = "invalid_authentication_header";
808
- const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
809
- const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
810
- const authorityMismatch = "authority_mismatch";
811
- const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
812
- const invalidAuthorizePostBodyParameters = "invalid_authorize_post_body_parameters";
813
- const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
814
-
815
- /*! @azure/msal-common v15.13.3 2025-12-04 */
816
-
817
- /*
818
- * Copyright (c) Microsoft Corporation. All rights reserved.
819
- * Licensed under the MIT License.
820
- */
821
- const ClientConfigurationErrorMessages = {
822
- [redirectUriEmpty]: "A redirect URI is required for all calls, and none has been set.",
823
- [claimsRequestParsingError]: "Could not parse the given claims request object.",
824
- [authorityUriInsecure]: "Authority URIs must use https. Please see here for valid authority configuration options: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-initializing-client-applications#configuration-options",
825
- [urlParseError]: "URL could not be parsed into appropriate segments.",
826
- [urlEmptyError]: "URL was empty or null.",
827
- [emptyInputScopesError]: "Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token.",
828
- [invalidClaims]: "Given claims parameter must be a stringified JSON object.",
829
- [tokenRequestEmpty]: "Token request was empty and not found in cache.",
830
- [logoutRequestEmpty]: "The logout request was null or undefined.",
831
- [invalidCodeChallengeMethod]: 'code_challenge_method passed is invalid. Valid values are "plain" and "S256".',
832
- [pkceParamsMissing]: "Both params: code_challenge and code_challenge_method are to be passed if to be sent in the request",
833
- [invalidCloudDiscoveryMetadata]: "Invalid cloudDiscoveryMetadata provided. Must be a stringified JSON object containing tenant_discovery_endpoint and metadata fields",
834
- [invalidAuthorityMetadata]: "Invalid authorityMetadata provided. Must by a stringified JSON object containing authorization_endpoint, token_endpoint, issuer fields.",
835
- [untrustedAuthority]: "The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter.",
836
- [missingSshJwk]: "Missing sshJwk in SSH certificate request. A stringified JSON Web Key is required when using the SSH authentication scheme.",
837
- [missingSshKid]: "Missing sshKid in SSH certificate request. A string that uniquely identifies the public SSH key is required when using the SSH authentication scheme.",
838
- [missingNonceAuthenticationHeader]: "Unable to find an authentication header containing server nonce. Either the Authentication-Info or WWW-Authenticate headers must be present in order to obtain a server nonce.",
839
- [invalidAuthenticationHeader]: "Invalid authentication header provided",
840
- [cannotSetOIDCOptions]: "Cannot set OIDCOptions parameter. Please change the protocol mode to OIDC or use a non-Microsoft authority.",
841
- [cannotAllowPlatformBroker]: "Cannot set allowPlatformBroker parameter to true when not in AAD protocol mode.",
842
- [authorityMismatch]: "Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority.",
843
- [invalidAuthorizePostBodyParameters]: "Invalid authorize post body parameters provided. If you are using authorizePostBodyParameters, the request method must be POST. Please check the request method and parameters.",
844
- [invalidRequestMethodForEAR]: "Invalid request method for EAR protocol mode. The request method cannot be GET when using EAR protocol mode. Please change the request method to POST.",
845
- [invalidPlatformBrokerConfiguration]: "Invalid platform broker configuration. `allowPlatformBrokerWithDOM` can only be enabled when `allowPlatformBroker` is enabled.",
846
- };
847
- /**
848
- * Error thrown when there is an error in configuration of the MSAL.js library.
849
- */
850
- class ClientConfigurationError extends AuthError {
851
- constructor(errorCode) {
852
- super(errorCode, ClientConfigurationErrorMessages[errorCode]);
853
- this.name = "ClientConfigurationError";
854
- Object.setPrototypeOf(this, ClientConfigurationError.prototype);
855
- }
856
- }
857
- function createClientConfigurationError(errorCode) {
858
- return new ClientConfigurationError(errorCode);
859
- }
860
-
861
- /*! @azure/msal-common v15.13.3 2025-12-04 */
862
- const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
863
-
864
- /*! @azure/msal-common v15.13.3 2025-12-04 */
865
- /**
866
- * Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
867
- * @param seconds
868
- */
869
- function toDateFromSeconds(seconds) {
870
- if (seconds) {
871
- return new Date(Number(seconds) * 1000);
872
- }
873
- return new Date();
874
- }
875
-
876
- /*! @azure/msal-common v15.13.3 2025-12-04 */
727
+ /*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
877
728
 
878
729
  /*
879
730
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -892,7 +743,7 @@ class ServerError extends AuthError {
892
743
  }
893
744
  }
894
745
 
895
- /*! @azure/msal-common v15.13.3 2025-12-04 */
746
+ /*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
896
747
  /**
897
748
  * Error thrown when user interaction is required.
898
749
  */
@@ -900,23 +751,36 @@ class InteractionRequiredAuthError extends AuthError {
900
751
  constructor(errorCode, errorMessage, subError, timestamp, traceId, correlationId, claims, errorNo) {
901
752
  super(errorCode, errorMessage, subError);
902
753
  Object.setPrototypeOf(this, InteractionRequiredAuthError.prototype);
903
- this.timestamp = timestamp || Constants.EMPTY_STRING;
904
- this.traceId = traceId || Constants.EMPTY_STRING;
905
- this.correlationId = correlationId || Constants.EMPTY_STRING;
906
- this.claims = claims || Constants.EMPTY_STRING;
754
+ this.timestamp = timestamp || "";
755
+ this.traceId = traceId || "";
756
+ this.correlationId = correlationId || "";
757
+ this.claims = claims || "";
907
758
  this.name = "InteractionRequiredAuthError";
908
759
  this.errorNo = errorNo;
909
760
  }
910
761
  }
911
762
 
912
- /*! @azure/msal-common v15.13.3 2025-12-04 */
763
+ /*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
764
+ /**
765
+ * Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
766
+ * @param seconds
767
+ */
768
+ function toDateFromSeconds(seconds) {
769
+ if (seconds) {
770
+ return new Date(Number(seconds) * 1000);
771
+ }
772
+ return new Date();
773
+ }
774
+
775
+ /*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
913
776
 
914
777
  /*
915
778
  * Copyright (c) Microsoft Corporation. All rights reserved.
916
779
  * Licensed under the MIT License.
917
780
  */
918
781
  /**
919
- * Converts a numeric tag to a string representation
782
+ * Converts a numeric tag from MSAL Runtime to a 5-character string representation.
783
+ * Tags are encoded as 30-bit values (6 bits per character) using a custom symbol space.
920
784
  * @param tag - The numeric tag to convert
921
785
  * @returns The string representation of the tag
922
786
  */
@@ -953,7 +817,7 @@ class PlatformBrokerError extends AuthError {
953
817
  }
954
818
  }
955
819
 
956
- /*! @azure/msal-common v15.13.3 2025-12-04 */
820
+ /*! @azure/msal-common v16.0.0-beta.0 2025-12-05 */
957
821
 
958
822
  /*
959
823
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1004,34 +868,34 @@ class ServerTelemetryManager {
1004
868
  this.cacheManager = cacheManager;
1005
869
  this.apiId = telemetryRequest.apiId;
1006
870
  this.correlationId = telemetryRequest.correlationId;
1007
- this.wrapperSKU = telemetryRequest.wrapperSKU || Constants.EMPTY_STRING;
1008
- this.wrapperVer = telemetryRequest.wrapperVer || Constants.EMPTY_STRING;
871
+ this.wrapperSKU = telemetryRequest.wrapperSKU || "";
872
+ this.wrapperVer = telemetryRequest.wrapperVer || "";
1009
873
  this.telemetryCacheKey =
1010
- SERVER_TELEM_CONSTANTS.CACHE_KEY +
1011
- Separators.CACHE_KEY_SEPARATOR +
874
+ SERVER_TELEM_CACHE_KEY +
875
+ CACHE_KEY_SEPARATOR +
1012
876
  telemetryRequest.clientId;
1013
877
  }
1014
878
  /**
1015
879
  * API to add MSER Telemetry to request
1016
880
  */
1017
881
  generateCurrentRequestHeaderValue() {
1018
- const request = `${this.apiId}${SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR}${this.cacheOutcome}`;
882
+ const request = `${this.apiId}${SERVER_TELEM_VALUE_SEPARATOR}${this.cacheOutcome}`;
1019
883
  const platformFieldsArr = [this.wrapperSKU, this.wrapperVer];
1020
884
  const nativeBrokerErrorCode = this.getNativeBrokerErrorCode();
1021
885
  if (nativeBrokerErrorCode?.length) {
1022
886
  platformFieldsArr.push(`broker_error=${nativeBrokerErrorCode}`);
1023
887
  }
1024
- const platformFields = platformFieldsArr.join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR);
888
+ const platformFields = platformFieldsArr.join(SERVER_TELEM_VALUE_SEPARATOR);
1025
889
  const regionDiscoveryFields = this.getRegionDiscoveryFields();
1026
890
  const requestWithRegionDiscoveryFields = [
1027
891
  request,
1028
892
  regionDiscoveryFields,
1029
- ].join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR);
893
+ ].join(SERVER_TELEM_VALUE_SEPARATOR);
1030
894
  return [
1031
- SERVER_TELEM_CONSTANTS.SCHEMA_VERSION,
895
+ SERVER_TELEM_SCHEMA_VERSION,
1032
896
  requestWithRegionDiscoveryFields,
1033
897
  platformFields,
1034
- ].join(SERVER_TELEM_CONSTANTS.CATEGORY_SEPARATOR);
898
+ ].join(SERVER_TELEM_CATEGORY_SEPARATOR);
1035
899
  }
1036
900
  /**
1037
901
  * API to add MSER Telemetry for the last failed request
@@ -1041,23 +905,23 @@ class ServerTelemetryManager {
1041
905
  const maxErrors = ServerTelemetryManager.maxErrorsToSend(lastRequests);
1042
906
  const failedRequests = lastRequests.failedRequests
1043
907
  .slice(0, 2 * maxErrors)
1044
- .join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR);
908
+ .join(SERVER_TELEM_VALUE_SEPARATOR);
1045
909
  const errors = lastRequests.errors
1046
910
  .slice(0, maxErrors)
1047
- .join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR);
911
+ .join(SERVER_TELEM_VALUE_SEPARATOR);
1048
912
  const errorCount = lastRequests.errors.length;
1049
913
  // Indicate whether this header contains all data or partial data
1050
914
  const overflow = maxErrors < errorCount
1051
- ? SERVER_TELEM_CONSTANTS.OVERFLOW_TRUE
1052
- : SERVER_TELEM_CONSTANTS.OVERFLOW_FALSE;
1053
- const platformFields = [errorCount, overflow].join(SERVER_TELEM_CONSTANTS.VALUE_SEPARATOR);
915
+ ? SERVER_TELEM_OVERFLOW_TRUE
916
+ : SERVER_TELEM_OVERFLOW_FALSE;
917
+ const platformFields = [errorCount, overflow].join(SERVER_TELEM_VALUE_SEPARATOR);
1054
918
  return [
1055
- SERVER_TELEM_CONSTANTS.SCHEMA_VERSION,
919
+ SERVER_TELEM_SCHEMA_VERSION,
1056
920
  lastRequests.cacheHits,
1057
921
  failedRequests,
1058
922
  errors,
1059
923
  platformFields,
1060
- ].join(SERVER_TELEM_CONSTANTS.CATEGORY_SEPARATOR);
924
+ ].join(SERVER_TELEM_CATEGORY_SEPARATOR);
1061
925
  }
1062
926
  /**
1063
927
  * API to cache token failures for MSER data capture
@@ -1066,7 +930,7 @@ class ServerTelemetryManager {
1066
930
  cacheFailedRequest(error) {
1067
931
  const lastRequests = this.getLastRequests();
1068
932
  if (lastRequests.errors.length >=
1069
- SERVER_TELEM_CONSTANTS.MAX_CACHED_ERRORS) {
933
+ SERVER_TELEM_MAX_CACHED_ERRORS) {
1070
934
  // Remove a cached error to make room, first in first out
1071
935
  lastRequests.failedRequests.shift(); // apiId
1072
936
  lastRequests.failedRequests.shift(); // correlationId
@@ -1090,7 +954,7 @@ class ServerTelemetryManager {
1090
954
  }
1091
955
  }
1092
956
  else {
1093
- lastRequests.errors.push(SERVER_TELEM_CONSTANTS.UNKNOWN_ERROR);
957
+ lastRequests.errors.push(SERVER_TELEM_UNKNOWN_ERROR);
1094
958
  }
1095
959
  this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
1096
960
  return;
@@ -1113,7 +977,7 @@ class ServerTelemetryManager {
1113
977
  errors: [],
1114
978
  cacheHits: 0,
1115
979
  };
1116
- const lastRequests = this.cacheManager.getServerTelemetry(this.telemetryCacheKey);
980
+ const lastRequests = this.cacheManager.getServerTelemetry(this.telemetryCacheKey, this.correlationId);
1117
981
  return lastRequests || initialValue;
1118
982
  }
1119
983
  /**
@@ -1148,18 +1012,16 @@ class ServerTelemetryManager {
1148
1012
  const errorCount = serverTelemetryEntity.errors.length;
1149
1013
  for (i = 0; i < errorCount; i++) {
1150
1014
  // failedRequests parameter contains pairs of apiId and correlationId, multiply index by 2 to preserve pairs
1151
- const apiId = serverTelemetryEntity.failedRequests[2 * i] ||
1152
- Constants.EMPTY_STRING;
1153
- const correlationId = serverTelemetryEntity.failedRequests[2 * i + 1] ||
1154
- Constants.EMPTY_STRING;
1155
- const errorCode = serverTelemetryEntity.errors[i] || Constants.EMPTY_STRING;
1015
+ const apiId = serverTelemetryEntity.failedRequests[2 * i] || "";
1016
+ const correlationId = serverTelemetryEntity.failedRequests[2 * i + 1] || "";
1017
+ const errorCode = serverTelemetryEntity.errors[i] || "";
1156
1018
  // Count number of characters that would be added to header, each character is 1 byte. Add 3 at the end to account for separators
1157
1019
  dataSize +=
1158
1020
  apiId.toString().length +
1159
1021
  correlationId.toString().length +
1160
1022
  errorCode.length +
1161
1023
  3;
1162
- if (dataSize < SERVER_TELEM_CONSTANTS.MAX_LAST_HEADER_BYTES) {
1024
+ if (dataSize < SERVER_TELEM_MAX_LAST_HEADER_BYTES) {
1163
1025
  // Adding this entry to the header would still keep header size below the limit
1164
1026
  maxErrors += 1;
1165
1027
  }
@@ -1176,9 +1038,9 @@ class ServerTelemetryManager {
1176
1038
  */
1177
1039
  getRegionDiscoveryFields() {
1178
1040
  const regionDiscoveryFields = [];
1179
- regionDiscoveryFields.push(this.regionUsed || Constants.EMPTY_STRING);
1180
- regionDiscoveryFields.push(this.regionSource || Constants.EMPTY_STRING);
1181
- regionDiscoveryFields.push(this.regionOutcome || Constants.EMPTY_STRING);
1041
+ regionDiscoveryFields.push(this.regionUsed || "");
1042
+ regionDiscoveryFields.push(this.regionSource || "");
1043
+ regionDiscoveryFields.push(this.regionOutcome || "");
1182
1044
  return regionDiscoveryFields.join(",");
1183
1045
  }
1184
1046
  /**
@@ -1225,15 +1087,15 @@ class BasePersistence {
1225
1087
  // We are using a different location for the test to avoid overriding the functional cache
1226
1088
  const persistenceValidator = await this.createForPersistenceValidation();
1227
1089
  try {
1228
- await persistenceValidator.save(Constants$1.PERSISTENCE_TEST_DATA);
1090
+ await persistenceValidator.save(Constants.PERSISTENCE_TEST_DATA);
1229
1091
  const retrievedDummyData = await persistenceValidator.load();
1230
1092
  if (!retrievedDummyData) {
1231
1093
  throw PersistenceError.createCachePersistenceError("Persistence check failed. Data was written but it could not be read. " +
1232
1094
  "Possible cause: on Linux, LibSecret is installed but D-Bus isn't running \
1233
1095
  because it cannot be started over SSH.");
1234
1096
  }
1235
- if (retrievedDummyData !== Constants$1.PERSISTENCE_TEST_DATA) {
1236
- throw PersistenceError.createCachePersistenceError(`Persistence check failed. Data written ${Constants$1.PERSISTENCE_TEST_DATA} is different \
1097
+ if (retrievedDummyData !== Constants.PERSISTENCE_TEST_DATA) {
1098
+ throw PersistenceError.createCachePersistenceError(`Persistence check failed. Data written ${Constants.PERSISTENCE_TEST_DATA} is different \
1237
1099
  from data read ${retrievedDummyData}`);
1238
1100
  }
1239
1101
  await persistenceValidator.delete();
@@ -1326,9 +1188,9 @@ class FilePersistence extends BasePersistence {
1326
1188
  }
1327
1189
  catch (err) {
1328
1190
  if (isNodeError(err)) {
1329
- if (err.code === Constants$1.ENOENT_ERROR) {
1191
+ if (err.code === Constants.ENOENT_ERROR) {
1330
1192
  // file does not exist, so it was not deleted
1331
- this.logger.warning("Cache file does not exist, so it could not be deleted");
1193
+ this.logger.warning("Cache file does not exist, so it could not be deleted", "");
1332
1194
  return false;
1333
1195
  }
1334
1196
  throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
@@ -1367,9 +1229,9 @@ class FilePersistence extends BasePersistence {
1367
1229
  }
1368
1230
  catch (err) {
1369
1231
  if (isNodeError(err)) {
1370
- if (err.code === Constants$1.ENOENT_ERROR) {
1232
+ if (err.code === Constants.ENOENT_ERROR) {
1371
1233
  // file does not exist, so it's never been modified
1372
- this.logger.verbose("Cache file does not exist");
1234
+ this.logger.verbose("Cache file does not exist", "");
1373
1235
  return 0;
1374
1236
  }
1375
1237
  throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
@@ -1384,7 +1246,7 @@ class FilePersistence extends BasePersistence {
1384
1246
  // File is created only if it does not exist
1385
1247
  const fileHandle = await fs.promises.open(this.filePath, "a");
1386
1248
  await fileHandle.close();
1387
- this.logger.info(`File created at ${this.filePath}`);
1249
+ this.logger.info(`File created at ${this.filePath}`, "");
1388
1250
  }
1389
1251
  async createFileDirectory() {
1390
1252
  try {
@@ -1392,8 +1254,8 @@ class FilePersistence extends BasePersistence {
1392
1254
  }
1393
1255
  catch (err) {
1394
1256
  if (isNodeError(err)) {
1395
- if (err.code === Constants$1.EEXIST_ERROR) {
1396
- this.logger.info(`Directory ${path.dirname(this.filePath)} already exists`);
1257
+ if (err.code === Constants.EEXIST_ERROR) {
1258
+ this.logger.info(`Directory ${path.dirname(this.filePath)} already exists`, "");
1397
1259
  }
1398
1260
  else {
1399
1261
  throw PersistenceError.createFileSystemError(err.code || ErrorCodes.UNKNOWN, err.message);
@@ -1504,7 +1366,7 @@ class FilePersistenceWithDataProtection extends BasePersistence {
1504
1366
  0 === encryptedContents.length) {
1505
1367
  this.filePersistence
1506
1368
  .getLogger()
1507
- .info("Encrypted contents loaded from file were null or empty");
1369
+ .info("Encrypted contents loaded from file were null or empty", "");
1508
1370
  return null;
1509
1371
  }
1510
1372
  return Dpapi.unprotectData(encryptedContents, this.optionalEntropy, this.scope.toString()).toString();
@@ -1701,19 +1563,19 @@ class LibSecretPersistence extends BasePersistence {
1701
1563
  */
1702
1564
  class Environment {
1703
1565
  static get homeEnvVar() {
1704
- return this.getEnvironmentVariable(Constants$1.ENVIRONMENT.HOME);
1566
+ return this.getEnvironmentVariable(Constants.ENVIRONMENT.HOME);
1705
1567
  }
1706
1568
  static get lognameEnvVar() {
1707
- return this.getEnvironmentVariable(Constants$1.ENVIRONMENT.LOGNAME);
1569
+ return this.getEnvironmentVariable(Constants.ENVIRONMENT.LOGNAME);
1708
1570
  }
1709
1571
  static get userEnvVar() {
1710
- return this.getEnvironmentVariable(Constants$1.ENVIRONMENT.USER);
1572
+ return this.getEnvironmentVariable(Constants.ENVIRONMENT.USER);
1711
1573
  }
1712
1574
  static get lnameEnvVar() {
1713
- return this.getEnvironmentVariable(Constants$1.ENVIRONMENT.LNAME);
1575
+ return this.getEnvironmentVariable(Constants.ENVIRONMENT.LNAME);
1714
1576
  }
1715
1577
  static get usernameEnvVar() {
1716
- return this.getEnvironmentVariable(Constants$1.ENVIRONMENT.USERNAME);
1578
+ return this.getEnvironmentVariable(Constants.ENVIRONMENT.USERNAME);
1717
1579
  }
1718
1580
  static getEnvironmentVariable(name) {
1719
1581
  return process.env[name] || "";
@@ -1734,7 +1596,7 @@ class Environment {
1734
1596
  if (typeof process.getuid !== "function") {
1735
1597
  return false;
1736
1598
  }
1737
- return process.getuid() === Constants$1.LINUX_ROOT_USER_GUID;
1599
+ return process.getuid() === Constants.LINUX_ROOT_USER_GUID;
1738
1600
  }
1739
1601
  static getUserRootDirectory() {
1740
1602
  return !this.isWindowsPlatform()
@@ -1742,7 +1604,7 @@ class Environment {
1742
1604
  : this.getUserHomeDirOnWindows();
1743
1605
  }
1744
1606
  static getUserHomeDirOnWindows() {
1745
- return this.getEnvironmentVariable(Constants$1.ENVIRONMENT.LOCAL_APPLICATION_DATA);
1607
+ return this.getEnvironmentVariable(Constants.ENVIRONMENT.LOCAL_APPLICATION_DATA);
1746
1608
  }
1747
1609
  static getUserHomeDirOnUnix() {
1748
1610
  if (this.isWindowsPlatform()) {
@@ -1839,7 +1701,7 @@ class PersistenceCreator {
1839
1701
 
1840
1702
  /* eslint-disable header/header */
1841
1703
  const name = "@azure/msal-node-extensions";
1842
- const version = "1.5.26";
1704
+ const version = "5.0.0-beta.0";
1843
1705
 
1844
1706
  /*
1845
1707
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1858,62 +1720,62 @@ class NativeBrokerPlugin {
1858
1720
  }
1859
1721
  setLogger(loggerOptions) {
1860
1722
  this.logger = new Logger(loggerOptions, name, version);
1861
- const logCallback = (message, logLevel, containsPii) => {
1723
+ const logCallback = (message, logLevel, containsPii, correlationId = "") => {
1862
1724
  switch (logLevel) {
1863
1725
  case msalNodeRuntime.LogLevel.Trace:
1864
1726
  if (containsPii) {
1865
- this.logger.tracePii(message);
1727
+ this.logger.tracePii(message, correlationId);
1866
1728
  }
1867
1729
  else {
1868
- this.logger.trace(message);
1730
+ this.logger.trace(message, correlationId);
1869
1731
  }
1870
1732
  break;
1871
1733
  case msalNodeRuntime.LogLevel.Debug:
1872
1734
  if (containsPii) {
1873
- this.logger.tracePii(message);
1735
+ this.logger.tracePii(message, correlationId);
1874
1736
  }
1875
1737
  else {
1876
- this.logger.trace(message);
1738
+ this.logger.trace(message, correlationId);
1877
1739
  }
1878
1740
  break;
1879
1741
  case msalNodeRuntime.LogLevel.Info:
1880
1742
  if (containsPii) {
1881
- this.logger.infoPii(message);
1743
+ this.logger.infoPii(message, correlationId);
1882
1744
  }
1883
1745
  else {
1884
- this.logger.info(message);
1746
+ this.logger.info(message, correlationId);
1885
1747
  }
1886
1748
  break;
1887
1749
  case msalNodeRuntime.LogLevel.Warning:
1888
1750
  if (containsPii) {
1889
- this.logger.warningPii(message);
1751
+ this.logger.warningPii(message, correlationId);
1890
1752
  }
1891
1753
  else {
1892
- this.logger.warning(message);
1754
+ this.logger.warning(message, correlationId);
1893
1755
  }
1894
1756
  break;
1895
1757
  case msalNodeRuntime.LogLevel.Error:
1896
1758
  if (containsPii) {
1897
- this.logger.errorPii(message);
1759
+ this.logger.errorPii(message, correlationId);
1898
1760
  }
1899
1761
  else {
1900
- this.logger.error(message);
1762
+ this.logger.error(message, correlationId);
1901
1763
  }
1902
1764
  break;
1903
1765
  case msalNodeRuntime.LogLevel.Fatal:
1904
1766
  if (containsPii) {
1905
- this.logger.errorPii(message);
1767
+ this.logger.errorPii(message, correlationId);
1906
1768
  }
1907
1769
  else {
1908
- this.logger.error(message);
1770
+ this.logger.error(message, correlationId);
1909
1771
  }
1910
1772
  break;
1911
1773
  default:
1912
1774
  if (containsPii) {
1913
- this.logger.infoPii(message);
1775
+ this.logger.infoPii(message, correlationId);
1914
1776
  }
1915
1777
  else {
1916
- this.logger.info(message);
1778
+ this.logger.info(message, correlationId);
1917
1779
  }
1918
1780
  break;
1919
1781
  }
@@ -2037,8 +1899,7 @@ class NativeBrokerPlugin {
2037
1899
  case PromptValue.SELECT_ACCOUNT:
2038
1900
  case PromptValue.CREATE:
2039
1901
  this.logger.info("Calling native interop SignInInteractively API", platformRequest.correlationId);
2040
- const loginHint = platformRequest.loginHint ||
2041
- Constants.EMPTY_STRING;
1902
+ const loginHint = platformRequest.loginHint || "";
2042
1903
  msalNodeRuntime.msalNodeRuntime.SignInInteractivelyAsync(windowHandle, authParams, platformRequest.correlationId, loginHint, resultCallback);
2043
1904
  break;
2044
1905
  case PromptValue.NONE:
@@ -2058,8 +1919,7 @@ class NativeBrokerPlugin {
2058
1919
  }
2059
1920
  else {
2060
1921
  this.logger.info("Calling native interop SignIn API", platformRequest.correlationId);
2061
- const loginHint = platformRequest.loginHint ||
2062
- Constants.EMPTY_STRING;
1922
+ const loginHint = platformRequest.loginHint || "";
2063
1923
  msalNodeRuntime.msalNodeRuntime.SignInAsync(windowHandle, authParams, platformRequest.correlationId, loginHint, resultCallback);
2064
1924
  }
2065
1925
  break;
@@ -2148,7 +2008,8 @@ class NativeBrokerPlugin {
2148
2008
  if (request.claims) {
2149
2009
  authParams.SetDecodedClaims(request.claims);
2150
2010
  }
2151
- if (request.authenticationScheme === AuthenticationScheme.POP) {
2011
+ if (request.authenticationScheme ===
2012
+ AuthenticationScheme.POP) {
2152
2013
  if (!request.resourceRequestMethod ||
2153
2014
  !request.resourceRequestUri) {
2154
2015
  throw new Error("Authentication Scheme set to POP but one or more of the following parameters are missing: resourceRequestMethod, resourceRequestUri");
@@ -2239,12 +2100,12 @@ class NativeBrokerPlugin {
2239
2100
  expiresOn: toDateFromSeconds(authResult.expiresOn),
2240
2101
  tokenType: tokenType,
2241
2102
  correlationId: request.correlationId,
2242
- fromNativeBroker: true,
2103
+ fromPlatformBroker: true,
2243
2104
  };
2244
2105
  return result;
2245
2106
  }
2246
2107
  generateAccountInfo(account, idTokenClaims) {
2247
- this.logger.trace("NativeBrokerPlugin - generateAccountInfo called");
2108
+ this.logger.trace("NativeBrokerPlugin - generateAccountInfo called", "");
2248
2109
  const accountInfo = {
2249
2110
  homeAccountId: account.homeAccountId,
2250
2111
  environment: account.environment,
@@ -2280,7 +2141,7 @@ class NativeBrokerPlugin {
2280
2141
  wrappedError = createClientAuthError(noNetworkConnectivity);
2281
2142
  break;
2282
2143
  case msalNodeRuntime.ErrorStatus.ServerTemporarilyUnavailable:
2283
- wrappedError = new ServerError(ErrorCodes.SERVER_UNAVAILABLE, errorContext);
2144
+ wrappedError = new ServerError(ErrorCodes.SERVER_UNAVAILABLE, msalNodeRuntimeError.message);
2284
2145
  break;
2285
2146
  case msalNodeRuntime.ErrorStatus.UserCanceled:
2286
2147
  wrappedError = createClientAuthError(userCanceled);