@azure/msal-node-extensions 5.2.3 → 5.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (50) hide show
  1. package/bin/arm64/dpapi.node +0 -0
  2. package/bin/ia32/dpapi.node +0 -0
  3. package/bin/x64/dpapi.node +0 -0
  4. package/dist/Dpapi.mjs +1 -1
  5. package/dist/broker/NativeBrokerPlugin.mjs +1 -1
  6. package/dist/error/PersistenceError.mjs +1 -1
  7. package/dist/index.mjs +1 -1
  8. package/dist/lib/msal-common/dist/constants/AADServerParamKeys.mjs +2 -2
  9. package/dist/lib/msal-common/dist/constants/AADServerParamKeys.mjs.map +1 -1
  10. package/dist/lib/msal-common/dist/error/AuthError.mjs +2 -2
  11. package/dist/lib/msal-common/dist/error/AuthError.mjs.map +1 -1
  12. package/dist/lib/msal-common/dist/error/ClientAuthError.mjs +2 -2
  13. package/dist/lib/msal-common/dist/error/ClientAuthError.mjs.map +1 -1
  14. package/dist/lib/msal-common/dist/error/ClientAuthErrorCodes.mjs +2 -2
  15. package/dist/lib/msal-common/dist/error/ClientAuthErrorCodes.mjs.map +1 -1
  16. package/dist/lib/msal-common/dist/error/ClientConfigurationError.mjs +2 -2
  17. package/dist/lib/msal-common/dist/error/ClientConfigurationError.mjs.map +1 -1
  18. package/dist/lib/msal-common/dist/error/ClientConfigurationErrorCodes.mjs +2 -2
  19. package/dist/lib/msal-common/dist/error/ClientConfigurationErrorCodes.mjs.map +1 -1
  20. package/dist/lib/msal-common/dist/error/InteractionRequiredAuthError.mjs +2 -2
  21. package/dist/lib/msal-common/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
  22. package/dist/lib/msal-common/dist/error/PlatformBrokerError.mjs +2 -2
  23. package/dist/lib/msal-common/dist/error/PlatformBrokerError.mjs.map +1 -1
  24. package/dist/lib/msal-common/dist/error/ServerError.mjs +2 -2
  25. package/dist/lib/msal-common/dist/error/ServerError.mjs.map +1 -1
  26. package/dist/lib/msal-common/dist/logger/Logger.mjs +3 -3
  27. package/dist/lib/msal-common/dist/logger/Logger.mjs.map +1 -1
  28. package/dist/lib/msal-common/dist/telemetry/server/ServerTelemetryManager.mjs +27 -22
  29. package/dist/lib/msal-common/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
  30. package/dist/lib/msal-common/dist/utils/Constants.mjs +2 -2
  31. package/dist/lib/msal-common/dist/utils/Constants.mjs.map +1 -1
  32. package/dist/lib/msal-common/dist/utils/TimeUtils.mjs +2 -2
  33. package/dist/lib/msal-common/dist/utils/TimeUtils.mjs.map +1 -1
  34. package/dist/lock/CrossPlatformLock.mjs +1 -1
  35. package/dist/packageMetadata.mjs +2 -2
  36. package/dist/persistence/BasePersistence.mjs +1 -1
  37. package/dist/persistence/DataProtectionScope.mjs +1 -1
  38. package/dist/persistence/FilePersistence.mjs +1 -1
  39. package/dist/persistence/FilePersistenceWithDataProtection.mjs +1 -1
  40. package/dist/persistence/KeychainPersistence.mjs +1 -1
  41. package/dist/persistence/LibSecretPersistence.mjs +1 -1
  42. package/dist/persistence/PersistenceCachePlugin.mjs +1 -1
  43. package/dist/persistence/PersistenceCreator.mjs +1 -1
  44. package/dist/utils/Constants.mjs +1 -1
  45. package/dist/utils/Environment.mjs +1 -1
  46. package/dist/utils/TypeGuards.mjs +1 -1
  47. package/lib/msal-node-extensions.cjs +41 -36
  48. package/lib/msal-node-extensions.cjs.map +1 -1
  49. package/package.json +2 -2
  50. package/types/packageMetadata.d.ts +1 -1
@@ -1 +1 @@
1
- {"version":3,"file":"Constants.mjs","sources":["../../../../../../../lib/msal-common/dist/utils/Constants.mjs"],"sourcesContent":["/*! @azure/msal-common v16.7.0 2026-06-05 */\n'use strict';\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\nconst SKU = \"msal.js.common\";\r\n// default authority\r\nconst DEFAULT_AUTHORITY = \"https://login.microsoftonline.com/common/\";\r\nconst DEFAULT_AUTHORITY_HOST = \"login.microsoftonline.com\";\r\nconst DEFAULT_COMMON_TENANT = \"common\";\r\n// ADFS String\r\nconst ADFS = \"adfs\";\r\nconst DSTS = \"dstsv2\";\r\n// Default AAD Instance Discovery Endpoint\r\nconst AAD_INSTANCE_DISCOVERY_ENDPT = `${DEFAULT_AUTHORITY}discovery/instance?api-version=1.1&authorization_endpoint=`;\r\n// CIAM URL\r\nconst CIAM_AUTH_URL = \".ciamlogin.com\";\r\nconst AAD_TENANT_DOMAIN_SUFFIX = \".onmicrosoft.com\";\r\n// Resource delimiter - used for certain cache entries\r\nconst RESOURCE_DELIM = \"|\";\r\n// Consumer UTID\r\nconst CONSUMER_UTID = \"9188040d-6c67-4c5b-b112-36a304b66dad\";\r\n// Default scopes\r\nconst OPENID_SCOPE = \"openid\";\r\nconst PROFILE_SCOPE = \"profile\";\r\nconst OFFLINE_ACCESS_SCOPE = \"offline_access\";\r\nconst EMAIL_SCOPE = \"email\";\r\nconst CODE_GRANT_TYPE = \"authorization_code\";\r\nconst S256_CODE_CHALLENGE_METHOD = \"S256\";\r\nconst URL_FORM_CONTENT_TYPE = \"application/x-www-form-urlencoded;charset=utf-8\";\r\nconst AUTHORIZATION_PENDING = \"authorization_pending\";\r\nconst NOT_APPLICABLE = \"N/A\";\r\nconst NOT_AVAILABLE = \"Not Available\";\r\nconst FORWARD_SLASH = \"/\";\r\nconst IMDS_ENDPOINT = \"http://169.254.169.254/metadata/instance/compute/location\";\r\nconst IMDS_VERSION = \"2020-06-01\";\r\nconst IMDS_TIMEOUT = 2000;\r\nconst AZURE_REGION_AUTO_DISCOVER_FLAG = \"TryAutoDetect\";\r\nconst REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX = \"login.microsoft.com\";\r\nconst KNOWN_PUBLIC_CLOUDS = [\r\n \"login.microsoftonline.com\",\r\n \"login.windows.net\",\r\n \"login.microsoft.com\",\r\n \"sts.windows.net\",\r\n];\r\nconst SHR_NONCE_VALIDITY = 240;\r\nconst INVALID_INSTANCE = \"invalid_instance\";\r\nconst HTTP_SUCCESS = 200;\r\nconst HTTP_SUCCESS_RANGE_START = 200;\r\nconst HTTP_SUCCESS_RANGE_END = 299;\r\nconst HTTP_REDIRECT = 302;\r\nconst HTTP_CLIENT_ERROR = 400;\r\nconst HTTP_CLIENT_ERROR_RANGE_START = 400;\r\nconst HTTP_BAD_REQUEST = 400;\r\nconst HTTP_UNAUTHORIZED = 401;\r\nconst HTTP_NOT_FOUND = 404;\r\nconst HTTP_REQUEST_TIMEOUT = 408;\r\nconst HTTP_GONE = 410;\r\nconst HTTP_TOO_MANY_REQUESTS = 429;\r\nconst HTTP_CLIENT_ERROR_RANGE_END = 499;\r\nconst HTTP_SERVER_ERROR = 500;\r\nconst HTTP_SERVER_ERROR_RANGE_START = 500;\r\nconst HTTP_SERVICE_UNAVAILABLE = 503;\r\nconst HTTP_GATEWAY_TIMEOUT = 504;\r\nconst HTTP_SERVER_ERROR_RANGE_END = 599;\r\nconst HTTP_MULTI_SIDED_ERROR = 600;\r\nconst HttpMethod = {\r\n GET: \"GET\",\r\n POST: \"POST\",\r\n};\r\nconst OIDC_DEFAULT_SCOPES = [\r\n OPENID_SCOPE,\r\n PROFILE_SCOPE,\r\n OFFLINE_ACCESS_SCOPE,\r\n];\r\nconst OIDC_SCOPES = [...OIDC_DEFAULT_SCOPES, EMAIL_SCOPE];\r\n/**\r\n * Request header names\r\n */\r\nconst HeaderNames = {\r\n CONTENT_TYPE: \"Content-Type\",\r\n CONTENT_LENGTH: \"Content-Length\",\r\n RETRY_AFTER: \"Retry-After\",\r\n CCS_HEADER: \"X-AnchorMailbox\",\r\n WWWAuthenticate: \"WWW-Authenticate\",\r\n AuthenticationInfo: \"Authentication-Info\",\r\n X_MS_REQUEST_ID: \"x-ms-request-id\",\r\n X_MS_HTTP_VERSION: \"x-ms-httpver\",\r\n};\r\n/**\r\n * Persistent cache keys MSAL which stay while user is logged in.\r\n */\r\nconst PersistentCacheKeys = {\r\n ACTIVE_ACCOUNT_FILTERS: \"active-account-filters\", // new cache entry for active_account for a more robust version for browser\r\n};\r\n/**\r\n * String constants related to AAD Authority\r\n */\r\nconst AADAuthority = {\r\n COMMON: \"common\",\r\n ORGANIZATIONS: \"organizations\",\r\n CONSUMERS: \"consumers\",\r\n};\r\n/**\r\n * Claims request keys\r\n */\r\nconst ClaimsRequestKeys = {\r\n ACCESS_TOKEN: \"access_token\",\r\n XMS_CC: \"xms_cc\",\r\n};\r\n/**\r\n * we considered making this \"enum\" in the request instead of string, however it looks like the allowed list of\r\n * prompt values kept changing over past couple of years. There are some undocumented prompt values for some\r\n * internal partners too, hence the choice of generic \"string\" type instead of the \"enum\"\r\n */\r\nconst PromptValue = {\r\n LOGIN: \"login\",\r\n SELECT_ACCOUNT: \"select_account\",\r\n CONSENT: \"consent\",\r\n NONE: \"none\",\r\n CREATE: \"create\",\r\n NO_SESSION: \"no_session\",\r\n};\r\n/**\r\n * allowed values for codeVerifier\r\n */\r\nconst CodeChallengeMethodValues = {\r\n PLAIN: \"plain\",\r\n S256: \"S256\",\r\n};\r\n/**\r\n * Allowed values for response_type\r\n */\r\nconst OAuthResponseType = {\r\n CODE: \"code\",\r\n IDTOKEN_TOKEN: \"id_token token\",\r\n IDTOKEN_TOKEN_REFRESHTOKEN: \"id_token token refresh_token\",\r\n};\r\n/**\r\n * allowed values for response_mode\r\n */\r\nconst ResponseMode = {\r\n QUERY: \"query\",\r\n FRAGMENT: \"fragment\",\r\n FORM_POST: \"form_post\",\r\n};\r\n/**\r\n * allowed grant_type\r\n */\r\nconst GrantType = {\r\n IMPLICIT_GRANT: \"implicit\",\r\n AUTHORIZATION_CODE_GRANT: \"authorization_code\",\r\n CLIENT_CREDENTIALS_GRANT: \"client_credentials\",\r\n RESOURCE_OWNER_PASSWORD_GRANT: \"password\",\r\n REFRESH_TOKEN_GRANT: \"refresh_token\",\r\n DEVICE_CODE_GRANT: \"device_code\",\r\n JWT_BEARER: \"urn:ietf:params:oauth:grant-type:jwt-bearer\",\r\n};\r\n/**\r\n * Account types in Cache\r\n */\r\nconst CACHE_ACCOUNT_TYPE_MSSTS = \"MSSTS\";\r\nconst CACHE_ACCOUNT_TYPE_ADFS = \"ADFS\";\r\nconst CACHE_ACCOUNT_TYPE_MSAV1 = \"MSA\";\r\nconst CACHE_ACCOUNT_TYPE_GENERIC = \"Generic\";\r\n/**\r\n * Separators used in cache\r\n */\r\nconst CACHE_KEY_SEPARATOR = \"-\";\r\nconst CLIENT_INFO_SEPARATOR = \".\";\r\n/**\r\n * Credential Type stored in the cache\r\n */\r\nconst CredentialType = {\r\n ID_TOKEN: \"IdToken\",\r\n ACCESS_TOKEN: \"AccessToken\",\r\n ACCESS_TOKEN_WITH_AUTH_SCHEME: \"AccessToken_With_AuthScheme\",\r\n REFRESH_TOKEN: \"RefreshToken\",\r\n};\r\n/**\r\n * Combine all cache types\r\n */\r\nconst CacheType = {\r\n ADFS: 1001,\r\n MSA: 1002,\r\n MSSTS: 1003,\r\n GENERIC: 1004,\r\n ACCESS_TOKEN: 2001,\r\n REFRESH_TOKEN: 2002,\r\n ID_TOKEN: 2003,\r\n APP_METADATA: 3001,\r\n UNDEFINED: 9999,\r\n};\r\n/**\r\n * More Cache related constants\r\n */\r\nconst APP_METADATA = \"appmetadata\";\r\nconst CLIENT_INFO = \"client_info\";\r\nconst THE_FAMILY_ID = \"1\";\r\nconst AUTHORITY_METADATA_CACHE_KEY = \"authority-metadata\";\r\nconst AUTHORITY_METADATA_REFRESH_TIME_SECONDS = 3600 * 24; // 24 Hours\r\nconst AuthorityMetadataSource = {\r\n CONFIG: \"config\",\r\n CACHE: \"cache\",\r\n NETWORK: \"network\",\r\n HARDCODED_VALUES: \"hardcoded_values\",\r\n};\r\nconst SERVER_TELEM_SCHEMA_VERSION = 5;\r\nconst SERVER_TELEM_MAX_CUR_HEADER_BYTES = 80; // ESTS limit is 100B, set to 80 to provide a 20B buffer\r\nconst SERVER_TELEM_MAX_LAST_HEADER_BYTES = 330; // ESTS limit is 350B, set to 330 to provide a 20B buffer,\r\nconst SERVER_TELEM_MAX_CACHED_ERRORS = 50; // Limit the number of errors that can be stored to prevent uncontrolled size gains\r\nconst SERVER_TELEM_CACHE_KEY = \"server-telemetry\";\r\nconst SERVER_TELEM_CATEGORY_SEPARATOR = \"|\";\r\nconst SERVER_TELEM_VALUE_SEPARATOR = \",\";\r\nconst SERVER_TELEM_OVERFLOW_TRUE = \"1\";\r\nconst SERVER_TELEM_OVERFLOW_FALSE = \"0\";\r\nconst SERVER_TELEM_UNKNOWN_ERROR = \"unknown_error\";\r\n/**\r\n * Type of the authentication request\r\n */\r\nconst AuthenticationScheme = {\r\n BEARER: \"Bearer\",\r\n POP: \"pop\",\r\n SSH: \"ssh-cert\",\r\n};\r\n/**\r\n * Constants related to throttling\r\n */\r\nconst DEFAULT_THROTTLE_TIME_SECONDS = 60;\r\n// Default maximum time to throttle in seconds, overrides what the server sends back\r\nconst DEFAULT_MAX_THROTTLE_TIME_SECONDS = 3600;\r\n// Prefix for storing throttling entries\r\nconst THROTTLING_PREFIX = \"throttling\";\r\n// Value assigned to the x-ms-lib-capability header to indicate to the server the library supports throttling\r\nconst X_MS_LIB_CAPABILITY_VALUE = \"retry-after, h429\";\r\n/**\r\n * Errors\r\n */\r\nconst INVALID_GRANT_ERROR = \"invalid_grant\";\r\nconst CLIENT_MISMATCH_ERROR = \"client_mismatch\";\r\n/**\r\n * Password grant parameters\r\n */\r\nconst PasswordGrantConstants = {\r\n username: \"username\",\r\n password: \"password\",\r\n};\r\n/**\r\n * Region Discovery Sources\r\n */\r\nconst RegionDiscoverySources = {\r\n FAILED_AUTO_DETECTION: \"1\",\r\n INTERNAL_CACHE: \"2\",\r\n ENVIRONMENT_VARIABLE: \"3\",\r\n IMDS: \"4\",\r\n};\r\n/**\r\n * Region Discovery Outcomes\r\n */\r\nconst RegionDiscoveryOutcomes = {\r\n CONFIGURED_MATCHES_DETECTED: \"1\",\r\n CONFIGURED_NO_AUTO_DETECTION: \"2\",\r\n CONFIGURED_NOT_DETECTED: \"3\",\r\n AUTO_DETECTION_REQUESTED_SUCCESSFUL: \"4\",\r\n AUTO_DETECTION_REQUESTED_FAILED: \"5\",\r\n};\r\n/**\r\n * Specifies the reason for fetching the access token from the identity provider\r\n */\r\nconst CacheOutcome = {\r\n // When a token is found in the cache or the cache is not supposed to be hit when making the request\r\n NOT_APPLICABLE: \"0\",\r\n // When the token request goes to the identity provider because force_refresh was set to true. Also occurs if claims were requested\r\n FORCE_REFRESH_OR_CLAIMS: \"1\",\r\n // When the token request goes to the identity provider because no cached access token exists\r\n NO_CACHED_ACCESS_TOKEN: \"2\",\r\n // When the token request goes to the identity provider because cached access token expired\r\n CACHED_ACCESS_TOKEN_EXPIRED: \"3\",\r\n // When the token request goes to the identity provider because refresh_in was used and the existing token needs to be refreshed\r\n PROACTIVELY_REFRESHED: \"4\",\r\n};\r\nconst JsonWebTokenTypes = {\r\n Jwt: \"JWT\",\r\n Jwk: \"JWK\",\r\n Pop: \"pop\",\r\n};\r\nconst ONE_DAY_IN_MS = 86400000;\r\n// Token renewal offset default in seconds\r\nconst DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;\r\nconst EncodingTypes = {\r\n BASE64: \"base64\",\r\n HEX: \"hex\",\r\n UTF8: \"utf-8\",\r\n};\n\nexport { AADAuthority, AAD_INSTANCE_DISCOVERY_ENDPT, AAD_TENANT_DOMAIN_SUFFIX, ADFS, APP_METADATA, AUTHORITY_METADATA_CACHE_KEY, AUTHORITY_METADATA_REFRESH_TIME_SECONDS, AUTHORIZATION_PENDING, AZURE_REGION_AUTO_DISCOVER_FLAG, AuthenticationScheme, AuthorityMetadataSource, CACHE_ACCOUNT_TYPE_ADFS, CACHE_ACCOUNT_TYPE_GENERIC, CACHE_ACCOUNT_TYPE_MSAV1, CACHE_ACCOUNT_TYPE_MSSTS, CACHE_KEY_SEPARATOR, CIAM_AUTH_URL, CLIENT_INFO, CLIENT_INFO_SEPARATOR, CLIENT_MISMATCH_ERROR, CODE_GRANT_TYPE, CONSUMER_UTID, CacheOutcome, CacheType, ClaimsRequestKeys, CodeChallengeMethodValues, CredentialType, DEFAULT_AUTHORITY, DEFAULT_AUTHORITY_HOST, DEFAULT_COMMON_TENANT, DEFAULT_MAX_THROTTLE_TIME_SECONDS, DEFAULT_THROTTLE_TIME_SECONDS, DEFAULT_TOKEN_RENEWAL_OFFSET_SEC, DSTS, EMAIL_SCOPE, EncodingTypes, FORWARD_SLASH, GrantType, HTTP_BAD_REQUEST, HTTP_CLIENT_ERROR, HTTP_CLIENT_ERROR_RANGE_END, HTTP_CLIENT_ERROR_RANGE_START, HTTP_GATEWAY_TIMEOUT, HTTP_GONE, HTTP_MULTI_SIDED_ERROR, HTTP_NOT_FOUND, HTTP_REDIRECT, HTTP_REQUEST_TIMEOUT, HTTP_SERVER_ERROR, HTTP_SERVER_ERROR_RANGE_END, HTTP_SERVER_ERROR_RANGE_START, HTTP_SERVICE_UNAVAILABLE, HTTP_SUCCESS, HTTP_SUCCESS_RANGE_END, HTTP_SUCCESS_RANGE_START, HTTP_TOO_MANY_REQUESTS, HTTP_UNAUTHORIZED, HeaderNames, HttpMethod, IMDS_ENDPOINT, IMDS_TIMEOUT, IMDS_VERSION, INVALID_GRANT_ERROR, INVALID_INSTANCE, JsonWebTokenTypes, KNOWN_PUBLIC_CLOUDS, NOT_APPLICABLE, NOT_AVAILABLE, OAuthResponseType, OFFLINE_ACCESS_SCOPE, OIDC_DEFAULT_SCOPES, OIDC_SCOPES, ONE_DAY_IN_MS, OPENID_SCOPE, PROFILE_SCOPE, PasswordGrantConstants, PersistentCacheKeys, PromptValue, REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX, RESOURCE_DELIM, RegionDiscoveryOutcomes, RegionDiscoverySources, ResponseMode, S256_CODE_CHALLENGE_METHOD, SERVER_TELEM_CACHE_KEY, SERVER_TELEM_CATEGORY_SEPARATOR, SERVER_TELEM_MAX_CACHED_ERRORS, SERVER_TELEM_MAX_CUR_HEADER_BYTES, SERVER_TELEM_MAX_LAST_HEADER_BYTES, SERVER_TELEM_OVERFLOW_FALSE, SERVER_TELEM_OVERFLOW_TRUE, SERVER_TELEM_SCHEMA_VERSION, SERVER_TELEM_UNKNOWN_ERROR, SERVER_TELEM_VALUE_SEPARATOR, SHR_NONCE_VALIDITY, SKU, THE_FAMILY_ID, THROTTLING_PREFIX, URL_FORM_CONTENT_TYPE, X_MS_LIB_CAPABILITY_VALUE };\n//# sourceMappingURL=Constants.mjs.map\n"],"names":[],"mappings":";;AAAA;AA+GA;AACA;AACA;AACA;AACA;AACK,MAAC,WAAW,GAAG;AACpB,IAAI,KAAK,EAAE,OAAO;AAClB,IAAI,cAAc,EAAE,gBAAgB;AACpC,IACI,IAAI,EAAE,MAAM;AAChB,IAAI,MAAM,EAAE,QAEZ,EAAE;AA2CF;AACA;AACA;AACK,MAAC,mBAAmB,GAAG,IAAI;AAuC3B,MAAC,2BAA2B,GAAG,EAAE;AAEjC,MAAC,kCAAkC,GAAG,IAAI;AAC1C,MAAC,8BAA8B,GAAG,GAAG;AACrC,MAAC,sBAAsB,GAAG,mBAAmB;AAC7C,MAAC,+BAA+B,GAAG,IAAI;AACvC,MAAC,4BAA4B,GAAG,IAAI;AACpC,MAAC,0BAA0B,GAAG,IAAI;AAClC,MAAC,2BAA2B,GAAG,IAAI;AACnC,MAAC,0BAA0B,GAAG,gBAAgB;AACnD;AACA;AACA;AACK,MAAC,oBAAoB,GAAG;AAC7B,IAAI,MAAM,EAAE,QAAQ;AACpB,IAAI,GAAG,EAAE,KAET,EAAE;AA0CF;AACA;AACA;AACK,MAAC,YAAY,GAAG;AACrB;AACA,IAAI,cAAc,EAAE,GASpB;;;;"}
1
+ {"version":3,"file":"Constants.mjs","sources":["../../../../../../../lib/msal-common/dist/utils/Constants.mjs"],"sourcesContent":["/*! @azure/msal-common v16.8.0 2026-06-10 */\n'use strict';\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\nconst SKU = \"msal.js.common\";\r\n// default authority\r\nconst DEFAULT_AUTHORITY = \"https://login.microsoftonline.com/common/\";\r\nconst DEFAULT_AUTHORITY_HOST = \"login.microsoftonline.com\";\r\nconst DEFAULT_COMMON_TENANT = \"common\";\r\n// ADFS String\r\nconst ADFS = \"adfs\";\r\nconst DSTS = \"dstsv2\";\r\n// Default AAD Instance Discovery Endpoint\r\nconst AAD_INSTANCE_DISCOVERY_ENDPT = `${DEFAULT_AUTHORITY}discovery/instance?api-version=1.1&authorization_endpoint=`;\r\n// CIAM URL\r\nconst CIAM_AUTH_URL = \".ciamlogin.com\";\r\nconst AAD_TENANT_DOMAIN_SUFFIX = \".onmicrosoft.com\";\r\n// Resource delimiter - used for certain cache entries\r\nconst RESOURCE_DELIM = \"|\";\r\n// Consumer UTID\r\nconst CONSUMER_UTID = \"9188040d-6c67-4c5b-b112-36a304b66dad\";\r\n// Default scopes\r\nconst OPENID_SCOPE = \"openid\";\r\nconst PROFILE_SCOPE = \"profile\";\r\nconst OFFLINE_ACCESS_SCOPE = \"offline_access\";\r\nconst EMAIL_SCOPE = \"email\";\r\nconst CODE_GRANT_TYPE = \"authorization_code\";\r\nconst S256_CODE_CHALLENGE_METHOD = \"S256\";\r\nconst URL_FORM_CONTENT_TYPE = \"application/x-www-form-urlencoded;charset=utf-8\";\r\nconst AUTHORIZATION_PENDING = \"authorization_pending\";\r\nconst NOT_APPLICABLE = \"N/A\";\r\nconst NOT_AVAILABLE = \"Not Available\";\r\nconst FORWARD_SLASH = \"/\";\r\nconst IMDS_ENDPOINT = \"http://169.254.169.254/metadata/instance/compute/location\";\r\nconst IMDS_VERSION = \"2020-06-01\";\r\nconst IMDS_TIMEOUT = 2000;\r\nconst AZURE_REGION_AUTO_DISCOVER_FLAG = \"TryAutoDetect\";\r\nconst REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX = \"login.microsoft.com\";\r\nconst KNOWN_PUBLIC_CLOUDS = [\r\n \"login.microsoftonline.com\",\r\n \"login.windows.net\",\r\n \"login.microsoft.com\",\r\n \"sts.windows.net\",\r\n];\r\nconst SHR_NONCE_VALIDITY = 240;\r\nconst INVALID_INSTANCE = \"invalid_instance\";\r\nconst HTTP_SUCCESS = 200;\r\nconst HTTP_SUCCESS_RANGE_START = 200;\r\nconst HTTP_SUCCESS_RANGE_END = 299;\r\nconst HTTP_REDIRECT = 302;\r\nconst HTTP_CLIENT_ERROR = 400;\r\nconst HTTP_CLIENT_ERROR_RANGE_START = 400;\r\nconst HTTP_BAD_REQUEST = 400;\r\nconst HTTP_UNAUTHORIZED = 401;\r\nconst HTTP_NOT_FOUND = 404;\r\nconst HTTP_REQUEST_TIMEOUT = 408;\r\nconst HTTP_GONE = 410;\r\nconst HTTP_TOO_MANY_REQUESTS = 429;\r\nconst HTTP_CLIENT_ERROR_RANGE_END = 499;\r\nconst HTTP_SERVER_ERROR = 500;\r\nconst HTTP_SERVER_ERROR_RANGE_START = 500;\r\nconst HTTP_SERVICE_UNAVAILABLE = 503;\r\nconst HTTP_GATEWAY_TIMEOUT = 504;\r\nconst HTTP_SERVER_ERROR_RANGE_END = 599;\r\nconst HTTP_MULTI_SIDED_ERROR = 600;\r\nconst HttpMethod = {\r\n GET: \"GET\",\r\n POST: \"POST\",\r\n};\r\nconst OIDC_DEFAULT_SCOPES = [\r\n OPENID_SCOPE,\r\n PROFILE_SCOPE,\r\n OFFLINE_ACCESS_SCOPE,\r\n];\r\nconst OIDC_SCOPES = [...OIDC_DEFAULT_SCOPES, EMAIL_SCOPE];\r\n/**\r\n * Request header names\r\n */\r\nconst HeaderNames = {\r\n CONTENT_TYPE: \"Content-Type\",\r\n CONTENT_LENGTH: \"Content-Length\",\r\n RETRY_AFTER: \"Retry-After\",\r\n CCS_HEADER: \"X-AnchorMailbox\",\r\n WWWAuthenticate: \"WWW-Authenticate\",\r\n AuthenticationInfo: \"Authentication-Info\",\r\n X_MS_REQUEST_ID: \"x-ms-request-id\",\r\n X_MS_HTTP_VERSION: \"x-ms-httpver\",\r\n};\r\n/**\r\n * Persistent cache keys MSAL which stay while user is logged in.\r\n */\r\nconst PersistentCacheKeys = {\r\n ACTIVE_ACCOUNT_FILTERS: \"active-account-filters\", // new cache entry for active_account for a more robust version for browser\r\n};\r\n/**\r\n * String constants related to AAD Authority\r\n */\r\nconst AADAuthority = {\r\n COMMON: \"common\",\r\n ORGANIZATIONS: \"organizations\",\r\n CONSUMERS: \"consumers\",\r\n};\r\n/**\r\n * Claims request keys\r\n */\r\nconst ClaimsRequestKeys = {\r\n ACCESS_TOKEN: \"access_token\",\r\n XMS_CC: \"xms_cc\",\r\n};\r\n/**\r\n * we considered making this \"enum\" in the request instead of string, however it looks like the allowed list of\r\n * prompt values kept changing over past couple of years. There are some undocumented prompt values for some\r\n * internal partners too, hence the choice of generic \"string\" type instead of the \"enum\"\r\n */\r\nconst PromptValue = {\r\n LOGIN: \"login\",\r\n SELECT_ACCOUNT: \"select_account\",\r\n CONSENT: \"consent\",\r\n NONE: \"none\",\r\n CREATE: \"create\",\r\n NO_SESSION: \"no_session\",\r\n};\r\n/**\r\n * allowed values for codeVerifier\r\n */\r\nconst CodeChallengeMethodValues = {\r\n PLAIN: \"plain\",\r\n S256: \"S256\",\r\n};\r\n/**\r\n * Allowed values for response_type\r\n */\r\nconst OAuthResponseType = {\r\n CODE: \"code\",\r\n IDTOKEN_TOKEN: \"id_token token\",\r\n IDTOKEN_TOKEN_REFRESHTOKEN: \"id_token token refresh_token\",\r\n};\r\n/**\r\n * allowed values for response_mode\r\n */\r\nconst ResponseMode = {\r\n QUERY: \"query\",\r\n FRAGMENT: \"fragment\",\r\n FORM_POST: \"form_post\",\r\n};\r\n/**\r\n * allowed grant_type\r\n */\r\nconst GrantType = {\r\n IMPLICIT_GRANT: \"implicit\",\r\n AUTHORIZATION_CODE_GRANT: \"authorization_code\",\r\n CLIENT_CREDENTIALS_GRANT: \"client_credentials\",\r\n RESOURCE_OWNER_PASSWORD_GRANT: \"password\",\r\n REFRESH_TOKEN_GRANT: \"refresh_token\",\r\n DEVICE_CODE_GRANT: \"device_code\",\r\n JWT_BEARER: \"urn:ietf:params:oauth:grant-type:jwt-bearer\",\r\n};\r\n/**\r\n * Account types in Cache\r\n */\r\nconst CACHE_ACCOUNT_TYPE_MSSTS = \"MSSTS\";\r\nconst CACHE_ACCOUNT_TYPE_ADFS = \"ADFS\";\r\nconst CACHE_ACCOUNT_TYPE_MSAV1 = \"MSA\";\r\nconst CACHE_ACCOUNT_TYPE_GENERIC = \"Generic\";\r\n/**\r\n * Separators used in cache\r\n */\r\nconst CACHE_KEY_SEPARATOR = \"-\";\r\nconst CLIENT_INFO_SEPARATOR = \".\";\r\n/**\r\n * Credential Type stored in the cache\r\n */\r\nconst CredentialType = {\r\n ID_TOKEN: \"IdToken\",\r\n ACCESS_TOKEN: \"AccessToken\",\r\n ACCESS_TOKEN_WITH_AUTH_SCHEME: \"AccessToken_With_AuthScheme\",\r\n REFRESH_TOKEN: \"RefreshToken\",\r\n};\r\n/**\r\n * Combine all cache types\r\n */\r\nconst CacheType = {\r\n ADFS: 1001,\r\n MSA: 1002,\r\n MSSTS: 1003,\r\n GENERIC: 1004,\r\n ACCESS_TOKEN: 2001,\r\n REFRESH_TOKEN: 2002,\r\n ID_TOKEN: 2003,\r\n APP_METADATA: 3001,\r\n UNDEFINED: 9999,\r\n};\r\n/**\r\n * More Cache related constants\r\n */\r\nconst APP_METADATA = \"appmetadata\";\r\nconst CLIENT_INFO = \"client_info\";\r\nconst THE_FAMILY_ID = \"1\";\r\nconst AUTHORITY_METADATA_CACHE_KEY = \"authority-metadata\";\r\nconst AUTHORITY_METADATA_REFRESH_TIME_SECONDS = 3600 * 24; // 24 Hours\r\nconst AuthorityMetadataSource = {\r\n CONFIG: \"config\",\r\n CACHE: \"cache\",\r\n NETWORK: \"network\",\r\n HARDCODED_VALUES: \"hardcoded_values\",\r\n};\r\nconst SERVER_TELEM_SCHEMA_VERSION = 5;\r\nconst SERVER_TELEM_MAX_CUR_HEADER_BYTES = 80; // ESTS limit is 100B, set to 80 to provide a 20B buffer\r\nconst SERVER_TELEM_MAX_LAST_HEADER_BYTES = 330; // ESTS limit is 350B, set to 330 to provide a 20B buffer,\r\nconst SERVER_TELEM_MAX_CACHED_ERRORS = 50; // Limit the number of errors that can be stored to prevent uncontrolled size gains\r\nconst SERVER_TELEM_CACHE_KEY = \"server-telemetry\";\r\nconst SERVER_TELEM_CATEGORY_SEPARATOR = \"|\";\r\nconst SERVER_TELEM_VALUE_SEPARATOR = \",\";\r\nconst SERVER_TELEM_OVERFLOW_TRUE = \"1\";\r\nconst SERVER_TELEM_OVERFLOW_FALSE = \"0\";\r\nconst SERVER_TELEM_UNKNOWN_ERROR = \"unknown_error\";\r\n/**\r\n * Type of the authentication request\r\n */\r\nconst AuthenticationScheme = {\r\n BEARER: \"Bearer\",\r\n POP: \"pop\",\r\n SSH: \"ssh-cert\",\r\n};\r\n/**\r\n * Constants related to throttling\r\n */\r\nconst DEFAULT_THROTTLE_TIME_SECONDS = 60;\r\n// Default maximum time to throttle in seconds, overrides what the server sends back\r\nconst DEFAULT_MAX_THROTTLE_TIME_SECONDS = 3600;\r\n// Prefix for storing throttling entries\r\nconst THROTTLING_PREFIX = \"throttling\";\r\n// Value assigned to the x-ms-lib-capability header to indicate to the server the library supports throttling\r\nconst X_MS_LIB_CAPABILITY_VALUE = \"retry-after, h429\";\r\n/**\r\n * Errors\r\n */\r\nconst INVALID_GRANT_ERROR = \"invalid_grant\";\r\nconst CLIENT_MISMATCH_ERROR = \"client_mismatch\";\r\n/**\r\n * Password grant parameters\r\n */\r\nconst PasswordGrantConstants = {\r\n username: \"username\",\r\n password: \"password\",\r\n};\r\n/**\r\n * Region Discovery Sources\r\n */\r\nconst RegionDiscoverySources = {\r\n FAILED_AUTO_DETECTION: \"1\",\r\n INTERNAL_CACHE: \"2\",\r\n ENVIRONMENT_VARIABLE: \"3\",\r\n IMDS: \"4\",\r\n};\r\n/**\r\n * Region Discovery Outcomes\r\n */\r\nconst RegionDiscoveryOutcomes = {\r\n CONFIGURED_MATCHES_DETECTED: \"1\",\r\n CONFIGURED_NO_AUTO_DETECTION: \"2\",\r\n CONFIGURED_NOT_DETECTED: \"3\",\r\n AUTO_DETECTION_REQUESTED_SUCCESSFUL: \"4\",\r\n AUTO_DETECTION_REQUESTED_FAILED: \"5\",\r\n};\r\n/**\r\n * Specifies the reason for fetching the access token from the identity provider\r\n */\r\nconst CacheOutcome = {\r\n // When a token is found in the cache or the cache is not supposed to be hit when making the request\r\n NOT_APPLICABLE: \"0\",\r\n // When the token request goes to the identity provider because force_refresh was set to true. Also occurs if claims were requested\r\n FORCE_REFRESH_OR_CLAIMS: \"1\",\r\n // When the token request goes to the identity provider because no cached access token exists\r\n NO_CACHED_ACCESS_TOKEN: \"2\",\r\n // When the token request goes to the identity provider because cached access token expired\r\n CACHED_ACCESS_TOKEN_EXPIRED: \"3\",\r\n // When the token request goes to the identity provider because refresh_in was used and the existing token needs to be refreshed\r\n PROACTIVELY_REFRESHED: \"4\",\r\n};\r\nconst JsonWebTokenTypes = {\r\n Jwt: \"JWT\",\r\n Jwk: \"JWK\",\r\n Pop: \"pop\",\r\n};\r\nconst ONE_DAY_IN_MS = 86400000;\r\n// Token renewal offset default in seconds\r\nconst DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;\r\nconst EncodingTypes = {\r\n BASE64: \"base64\",\r\n HEX: \"hex\",\r\n UTF8: \"utf-8\",\r\n};\n\nexport { AADAuthority, AAD_INSTANCE_DISCOVERY_ENDPT, AAD_TENANT_DOMAIN_SUFFIX, ADFS, APP_METADATA, AUTHORITY_METADATA_CACHE_KEY, AUTHORITY_METADATA_REFRESH_TIME_SECONDS, AUTHORIZATION_PENDING, AZURE_REGION_AUTO_DISCOVER_FLAG, AuthenticationScheme, AuthorityMetadataSource, CACHE_ACCOUNT_TYPE_ADFS, CACHE_ACCOUNT_TYPE_GENERIC, CACHE_ACCOUNT_TYPE_MSAV1, CACHE_ACCOUNT_TYPE_MSSTS, CACHE_KEY_SEPARATOR, CIAM_AUTH_URL, CLIENT_INFO, CLIENT_INFO_SEPARATOR, CLIENT_MISMATCH_ERROR, CODE_GRANT_TYPE, CONSUMER_UTID, CacheOutcome, CacheType, ClaimsRequestKeys, CodeChallengeMethodValues, CredentialType, DEFAULT_AUTHORITY, DEFAULT_AUTHORITY_HOST, DEFAULT_COMMON_TENANT, DEFAULT_MAX_THROTTLE_TIME_SECONDS, DEFAULT_THROTTLE_TIME_SECONDS, DEFAULT_TOKEN_RENEWAL_OFFSET_SEC, DSTS, EMAIL_SCOPE, EncodingTypes, FORWARD_SLASH, GrantType, HTTP_BAD_REQUEST, HTTP_CLIENT_ERROR, HTTP_CLIENT_ERROR_RANGE_END, HTTP_CLIENT_ERROR_RANGE_START, HTTP_GATEWAY_TIMEOUT, HTTP_GONE, HTTP_MULTI_SIDED_ERROR, HTTP_NOT_FOUND, HTTP_REDIRECT, HTTP_REQUEST_TIMEOUT, HTTP_SERVER_ERROR, HTTP_SERVER_ERROR_RANGE_END, HTTP_SERVER_ERROR_RANGE_START, HTTP_SERVICE_UNAVAILABLE, HTTP_SUCCESS, HTTP_SUCCESS_RANGE_END, HTTP_SUCCESS_RANGE_START, HTTP_TOO_MANY_REQUESTS, HTTP_UNAUTHORIZED, HeaderNames, HttpMethod, IMDS_ENDPOINT, IMDS_TIMEOUT, IMDS_VERSION, INVALID_GRANT_ERROR, INVALID_INSTANCE, JsonWebTokenTypes, KNOWN_PUBLIC_CLOUDS, NOT_APPLICABLE, NOT_AVAILABLE, OAuthResponseType, OFFLINE_ACCESS_SCOPE, OIDC_DEFAULT_SCOPES, OIDC_SCOPES, ONE_DAY_IN_MS, OPENID_SCOPE, PROFILE_SCOPE, PasswordGrantConstants, PersistentCacheKeys, PromptValue, REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX, RESOURCE_DELIM, RegionDiscoveryOutcomes, RegionDiscoverySources, ResponseMode, S256_CODE_CHALLENGE_METHOD, SERVER_TELEM_CACHE_KEY, SERVER_TELEM_CATEGORY_SEPARATOR, SERVER_TELEM_MAX_CACHED_ERRORS, SERVER_TELEM_MAX_CUR_HEADER_BYTES, SERVER_TELEM_MAX_LAST_HEADER_BYTES, SERVER_TELEM_OVERFLOW_FALSE, SERVER_TELEM_OVERFLOW_TRUE, SERVER_TELEM_SCHEMA_VERSION, SERVER_TELEM_UNKNOWN_ERROR, SERVER_TELEM_VALUE_SEPARATOR, SHR_NONCE_VALIDITY, SKU, THE_FAMILY_ID, THROTTLING_PREFIX, URL_FORM_CONTENT_TYPE, X_MS_LIB_CAPABILITY_VALUE };\n//# sourceMappingURL=Constants.mjs.map\n"],"names":[],"mappings":";;AAAA;AA+GA;AACA;AACA;AACA;AACA;AACK,MAAC,WAAW,GAAG;AACpB,IAAI,KAAK,EAAE,OAAO;AAClB,IAAI,cAAc,EAAE,gBAAgB;AACpC,IACI,IAAI,EAAE,MAAM;AAChB,IAAI,MAAM,EAAE,QAEZ,EAAE;AA2CF;AACA;AACA;AACK,MAAC,mBAAmB,GAAG,IAAI;AAuC3B,MAAC,2BAA2B,GAAG,EAAE;AAEjC,MAAC,kCAAkC,GAAG,IAAI;AAC1C,MAAC,8BAA8B,GAAG,GAAG;AACrC,MAAC,sBAAsB,GAAG,mBAAmB;AAC7C,MAAC,+BAA+B,GAAG,IAAI;AACvC,MAAC,4BAA4B,GAAG,IAAI;AACpC,MAAC,0BAA0B,GAAG,IAAI;AAClC,MAAC,2BAA2B,GAAG,IAAI;AACnC,MAAC,0BAA0B,GAAG,gBAAgB;AACnD;AACA;AACA;AACK,MAAC,oBAAoB,GAAG;AAC7B,IAAI,MAAM,EAAE,QAAQ;AACpB,IAAI,GAAG,EAAE,KAET,EAAE;AA0CF;AACA;AACA;AACK,MAAC,YAAY,GAAG;AACrB;AACA,IAAI,cAAc,EAAE,GASpB;;;;"}
@@ -1,6 +1,6 @@
1
- /*! @azure/msal-node-extensions v5.2.3 2026-06-05 */
1
+ /*! @azure/msal-node-extensions v5.2.4 2026-06-10 */
2
2
  'use strict';
3
- /*! @azure/msal-common v16.7.0 2026-06-05 */
3
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
4
4
  /**
5
5
  * Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
6
6
  * @param seconds
@@ -1 +1 @@
1
- {"version":3,"file":"TimeUtils.mjs","sources":["../../../../../../../lib/msal-common/dist/utils/TimeUtils.mjs"],"sourcesContent":["/*! @azure/msal-common v16.7.0 2026-06-05 */\n'use strict';\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * Utility functions for managing date and time operations.\r\n */\r\n/**\r\n * return the current time in Unix time (seconds).\r\n */\r\nfunction nowSeconds() {\r\n // Date.getTime() returns in milliseconds.\r\n return Math.round(new Date().getTime() / 1000.0);\r\n}\r\n/**\r\n * Converts JS Date object to seconds\r\n * @param date Date\r\n */\r\nfunction toSecondsFromDate(date) {\r\n // Convert date to seconds\r\n return date.getTime() / 1000;\r\n}\r\n/**\r\n * Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).\r\n * @param seconds\r\n */\r\nfunction toDateFromSeconds(seconds) {\r\n if (seconds) {\r\n return new Date(Number(seconds) * 1000);\r\n }\r\n return new Date();\r\n}\r\n/**\r\n * check if a token is expired based on given UTC time in seconds.\r\n * @param expiresOn\r\n */\r\nfunction isTokenExpired(expiresOn, offset) {\r\n // check for access token expiry\r\n const expirationSec = Number(expiresOn) || 0;\r\n const offsetCurrentTimeSec = nowSeconds() + offset;\r\n // If current time + offset is greater than token expiration time, then token is expired.\r\n return offsetCurrentTimeSec > expirationSec;\r\n}\r\n/**\r\n * Checks if a cache entry is expired based on the last updated time and cache retention days.\r\n * @param lastUpdatedAt\r\n * @param cacheRetentionDays\r\n * @returns\r\n */\r\nfunction isCacheExpired(lastUpdatedAt, cacheRetentionDays) {\r\n const cacheExpirationTimestamp = Number(lastUpdatedAt) + cacheRetentionDays * 24 * 60 * 60 * 1000;\r\n return Date.now() > cacheExpirationTimestamp;\r\n}\r\n/**\r\n * If the current time is earlier than the time that a token was cached at, we must discard the token\r\n * i.e. The system clock was turned back after acquiring the cached token\r\n * @param cachedAt\r\n * @param offset\r\n */\r\nfunction wasClockTurnedBack(cachedAt) {\r\n const cachedAtSec = Number(cachedAt);\r\n return cachedAtSec > nowSeconds();\r\n}\r\n/**\r\n * Waits for t number of milliseconds\r\n * @param t number\r\n * @param value T\r\n */\r\nfunction delay(t, value) {\r\n return new Promise((resolve) => setTimeout(() => resolve(value), t));\r\n}\n\nexport { delay, isCacheExpired, isTokenExpired, nowSeconds, toDateFromSeconds, toSecondsFromDate, wasClockTurnedBack };\n//# sourceMappingURL=TimeUtils.mjs.map\n"],"names":[],"mappings":";;AAAA;AAwBA;AACA;AACA;AACA;AACA,SAAS,iBAAiB,CAAC,OAAO,EAAE;AACpC,IAAI,IAAI,OAAO,EAAE;AACjB,QAAQ,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;AAChD,KAAK;AACL,IAAI,OAAO,IAAI,IAAI,EAAE,CAAC;AACtB;;;;"}
1
+ {"version":3,"file":"TimeUtils.mjs","sources":["../../../../../../../lib/msal-common/dist/utils/TimeUtils.mjs"],"sourcesContent":["/*! @azure/msal-common v16.8.0 2026-06-10 */\n'use strict';\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * Utility functions for managing date and time operations.\r\n */\r\n/**\r\n * return the current time in Unix time (seconds).\r\n */\r\nfunction nowSeconds() {\r\n // Date.getTime() returns in milliseconds.\r\n return Math.round(new Date().getTime() / 1000.0);\r\n}\r\n/**\r\n * Converts JS Date object to seconds\r\n * @param date Date\r\n */\r\nfunction toSecondsFromDate(date) {\r\n // Convert date to seconds\r\n return date.getTime() / 1000;\r\n}\r\n/**\r\n * Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).\r\n * @param seconds\r\n */\r\nfunction toDateFromSeconds(seconds) {\r\n if (seconds) {\r\n return new Date(Number(seconds) * 1000);\r\n }\r\n return new Date();\r\n}\r\n/**\r\n * check if a token is expired based on given UTC time in seconds.\r\n * @param expiresOn\r\n */\r\nfunction isTokenExpired(expiresOn, offset) {\r\n // check for access token expiry\r\n const expirationSec = Number(expiresOn) || 0;\r\n const offsetCurrentTimeSec = nowSeconds() + offset;\r\n // If current time + offset is greater than token expiration time, then token is expired.\r\n return offsetCurrentTimeSec > expirationSec;\r\n}\r\n/**\r\n * Checks if a cache entry is expired based on the last updated time and cache retention days.\r\n * @param lastUpdatedAt\r\n * @param cacheRetentionDays\r\n * @returns\r\n */\r\nfunction isCacheExpired(lastUpdatedAt, cacheRetentionDays) {\r\n const cacheExpirationTimestamp = Number(lastUpdatedAt) + cacheRetentionDays * 24 * 60 * 60 * 1000;\r\n return Date.now() > cacheExpirationTimestamp;\r\n}\r\n/**\r\n * If the current time is earlier than the time that a token was cached at, we must discard the token\r\n * i.e. The system clock was turned back after acquiring the cached token\r\n * @param cachedAt\r\n * @param offset\r\n */\r\nfunction wasClockTurnedBack(cachedAt) {\r\n const cachedAtSec = Number(cachedAt);\r\n return cachedAtSec > nowSeconds();\r\n}\r\n/**\r\n * Waits for t number of milliseconds\r\n * @param t number\r\n * @param value T\r\n */\r\nfunction delay(t, value) {\r\n return new Promise((resolve) => setTimeout(() => resolve(value), t));\r\n}\n\nexport { delay, isCacheExpired, isTokenExpired, nowSeconds, toDateFromSeconds, toSecondsFromDate, wasClockTurnedBack };\n//# sourceMappingURL=TimeUtils.mjs.map\n"],"names":[],"mappings":";;AAAA;AAwBA;AACA;AACA;AACA;AACA,SAAS,iBAAiB,CAAC,OAAO,EAAE;AACpC,IAAI,IAAI,OAAO,EAAE;AACjB,QAAQ,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;AAChD,KAAK;AACL,IAAI,OAAO,IAAI,IAAI,EAAE,CAAC;AACtB;;;;"}
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-node-extensions v5.2.3 2026-06-05 */
1
+ /*! @azure/msal-node-extensions v5.2.4 2026-06-10 */
2
2
  'use strict';
3
3
  import { promises } from 'fs';
4
4
  import { pid } from 'process';
@@ -1,8 +1,8 @@
1
- /*! @azure/msal-node-extensions v5.2.3 2026-06-05 */
1
+ /*! @azure/msal-node-extensions v5.2.4 2026-06-10 */
2
2
  'use strict';
3
3
  /* eslint-disable header/header */
4
4
  const name = "@azure/msal-node-extensions";
5
- const version = "5.2.3";
5
+ const version = "5.2.4";
6
6
 
7
7
  export { name, version };
8
8
  //# sourceMappingURL=packageMetadata.mjs.map
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-node-extensions v5.2.3 2026-06-05 */
1
+ /*! @azure/msal-node-extensions v5.2.4 2026-06-10 */
2
2
  'use strict';
3
3
  import { PersistenceError } from '../error/PersistenceError.mjs';
4
4
  import { Constants } from '../utils/Constants.mjs';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-node-extensions v5.2.3 2026-06-05 */
1
+ /*! @azure/msal-node-extensions v5.2.4 2026-06-10 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-node-extensions v5.2.3 2026-06-05 */
1
+ /*! @azure/msal-node-extensions v5.2.4 2026-06-10 */
2
2
  'use strict';
3
3
  import { promises } from 'fs';
4
4
  import { dirname } from 'path';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-node-extensions v5.2.3 2026-06-05 */
1
+ /*! @azure/msal-node-extensions v5.2.4 2026-06-10 */
2
2
  'use strict';
3
3
  import { FilePersistence } from './FilePersistence.mjs';
4
4
  import { PersistenceError } from '../error/PersistenceError.mjs';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-node-extensions v5.2.3 2026-06-05 */
1
+ /*! @azure/msal-node-extensions v5.2.4 2026-06-10 */
2
2
  'use strict';
3
3
  import keytar from 'keytar';
4
4
  import { FilePersistence } from './FilePersistence.mjs';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-node-extensions v5.2.3 2026-06-05 */
1
+ /*! @azure/msal-node-extensions v5.2.4 2026-06-10 */
2
2
  'use strict';
3
3
  import keytar from 'keytar';
4
4
  import { FilePersistence } from './FilePersistence.mjs';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-node-extensions v5.2.3 2026-06-05 */
1
+ /*! @azure/msal-node-extensions v5.2.4 2026-06-10 */
2
2
  'use strict';
3
3
  import { CrossPlatformLock } from '../lock/CrossPlatformLock.mjs';
4
4
  import { pid } from 'process';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-node-extensions v5.2.3 2026-06-05 */
1
+ /*! @azure/msal-node-extensions v5.2.4 2026-06-10 */
2
2
  'use strict';
3
3
  import { FilePersistenceWithDataProtection } from './FilePersistenceWithDataProtection.mjs';
4
4
  import { LibSecretPersistence } from './LibSecretPersistence.mjs';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-node-extensions v5.2.3 2026-06-05 */
1
+ /*! @azure/msal-node-extensions v5.2.4 2026-06-10 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-node-extensions v5.2.3 2026-06-05 */
1
+ /*! @azure/msal-node-extensions v5.2.4 2026-06-10 */
2
2
  'use strict';
3
3
  import path from 'path';
4
4
  import { Constants, Platform } from './Constants.mjs';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-node-extensions v5.2.3 2026-06-05 */
1
+ /*! @azure/msal-node-extensions v5.2.4 2026-06-10 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-node-extensions v5.2.3 2026-06-05 */
1
+ /*! @azure/msal-node-extensions v5.2.4 2026-06-10 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
@@ -343,7 +343,7 @@ class PersistenceCachePlugin {
343
343
  }
344
344
  }
345
345
 
346
- /*! @azure/msal-common v16.7.0 2026-06-05 */
346
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
347
347
  /**
348
348
  * we considered making this "enum" in the request instead of string, however it looks like the allowed list of
349
349
  * prompt values kept changing over past couple of years. There are some undocumented prompt values for some
@@ -380,11 +380,11 @@ const CacheOutcome = {
380
380
  // When a token is found in the cache or the cache is not supposed to be hit when making the request
381
381
  NOT_APPLICABLE: "0"};
382
382
 
383
- /*! @azure/msal-common v16.7.0 2026-06-05 */
383
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
384
384
  const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
385
385
  const RESOURCE = "resource";
386
386
 
387
- /*! @azure/msal-common v16.7.0 2026-06-05 */
387
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
388
388
  /*
389
389
  * Copyright (c) Microsoft Corporation. All rights reserved.
390
390
  * Licensed under the MIT License.
@@ -412,7 +412,7 @@ class AuthError extends Error {
412
412
  }
413
413
  }
414
414
 
415
- /*! @azure/msal-common v16.7.0 2026-06-05 */
415
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
416
416
 
417
417
  /*
418
418
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -432,7 +432,7 @@ function createClientConfigurationError(errorCode) {
432
432
  return new ClientConfigurationError(errorCode);
433
433
  }
434
434
 
435
- /*! @azure/msal-common v16.7.0 2026-06-05 */
435
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
436
436
 
437
437
  /*
438
438
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -455,16 +455,16 @@ function createClientAuthError(errorCode, additionalMessage) {
455
455
  return new ClientAuthError(errorCode, additionalMessage);
456
456
  }
457
457
 
458
- /*! @azure/msal-common v16.7.0 2026-06-05 */
458
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
459
459
  const untrustedAuthority = "untrusted_authority";
460
460
 
461
- /*! @azure/msal-common v16.7.0 2026-06-05 */
461
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
462
462
  const noAccountFound = "no_account_found";
463
463
  const noNetworkConnectivity = "no_network_connectivity";
464
464
  const userCanceled = "user_canceled";
465
465
  const platformBrokerError = "platform_broker_error";
466
466
 
467
- /*! @azure/msal-common v16.7.0 2026-06-05 */
467
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
468
468
  /*
469
469
  * Copyright (c) Microsoft Corporation. All rights reserved.
470
470
  * Licensed under the MIT License.
@@ -512,7 +512,7 @@ function addLogToCache(correlationId, loggedMessage) {
512
512
  // Remove LRU (first entry) if capacity exceeded
513
513
  if (correlationCache.size > CACHE_CAPACITY) {
514
514
  const firstKey = correlationCache.keys().next().value;
515
- if (firstKey) {
515
+ if (firstKey !== undefined) {
516
516
  correlationCache.delete(firstKey);
517
517
  }
518
518
  }
@@ -725,7 +725,7 @@ class Logger {
725
725
  }
726
726
  }
727
727
 
728
- /*! @azure/msal-common v16.7.0 2026-06-05 */
728
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
729
729
  /**
730
730
  * Convert seconds to JS Date object. Seconds can be in a number or string format or undefined (will still return a date).
731
731
  * @param seconds
@@ -737,7 +737,7 @@ function toDateFromSeconds(seconds) {
737
737
  return new Date();
738
738
  }
739
739
 
740
- /*! @azure/msal-common v16.7.0 2026-06-05 */
740
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
741
741
  /**
742
742
  * Error thrown when user interaction is required.
743
743
  */
@@ -754,7 +754,7 @@ class InteractionRequiredAuthError extends AuthError {
754
754
  }
755
755
  }
756
756
 
757
- /*! @azure/msal-common v16.7.0 2026-06-05 */
757
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
758
758
 
759
759
  /*
760
760
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -773,7 +773,7 @@ class ServerError extends AuthError {
773
773
  }
774
774
  }
775
775
 
776
- /*! @azure/msal-common v16.7.0 2026-06-05 */
776
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
777
777
 
778
778
  /*
779
779
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -818,7 +818,7 @@ class PlatformBrokerError extends AuthError {
818
818
  }
819
819
  }
820
820
 
821
- /*! @azure/msal-common v16.7.0 2026-06-05 */
821
+ /*! @azure/msal-common v16.8.0 2026-06-10 */
822
822
 
823
823
  /*
824
824
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -929,35 +929,40 @@ class ServerTelemetryManager {
929
929
  * @param error
930
930
  */
931
931
  cacheFailedRequest(error) {
932
- const lastRequests = this.getLastRequests();
933
- if (lastRequests.errors.length >=
934
- SERVER_TELEM_MAX_CACHED_ERRORS) {
935
- // Remove a cached error to make room, first in first out
936
- lastRequests.failedRequests.shift(); // apiId
937
- lastRequests.failedRequests.shift(); // correlationId
938
- lastRequests.errors.shift();
939
- }
940
- lastRequests.failedRequests.push(this.apiId, this.correlationId);
941
- if (error instanceof Error && !!error && error.toString()) {
942
- if (error instanceof AuthError) {
943
- if (error.subError) {
944
- lastRequests.errors.push(error.subError);
945
- }
946
- else if (error.errorCode) {
947
- lastRequests.errors.push(error.errorCode);
932
+ try {
933
+ const lastRequests = this.getLastRequests();
934
+ if (lastRequests.errors.length >=
935
+ SERVER_TELEM_MAX_CACHED_ERRORS) {
936
+ // Remove a cached error to make room, first in first out
937
+ lastRequests.failedRequests.shift(); // apiId
938
+ lastRequests.failedRequests.shift(); // correlationId
939
+ lastRequests.errors.shift();
940
+ }
941
+ lastRequests.failedRequests.push(this.apiId, this.correlationId);
942
+ if (error instanceof Error && !!error && error.toString()) {
943
+ if (error instanceof AuthError) {
944
+ if (error.subError) {
945
+ lastRequests.errors.push(error.subError);
946
+ }
947
+ else if (error.errorCode) {
948
+ lastRequests.errors.push(error.errorCode);
949
+ }
950
+ else {
951
+ lastRequests.errors.push(error.toString());
952
+ }
948
953
  }
949
954
  else {
950
955
  lastRequests.errors.push(error.toString());
951
956
  }
952
957
  }
953
958
  else {
954
- lastRequests.errors.push(error.toString());
959
+ lastRequests.errors.push(SERVER_TELEM_UNKNOWN_ERROR);
955
960
  }
961
+ this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
956
962
  }
957
- else {
958
- lastRequests.errors.push(SERVER_TELEM_UNKNOWN_ERROR);
963
+ catch {
964
+ // Ignore telemetry cache failures to avoid masking the original auth error path.
959
965
  }
960
- this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
961
966
  return;
962
967
  }
963
968
  /**
@@ -1729,7 +1734,7 @@ class PersistenceCreator {
1729
1734
 
1730
1735
  /* eslint-disable header/header */
1731
1736
  const name = "@azure/msal-node-extensions";
1732
- const version = "5.2.3";
1737
+ const version = "5.2.4";
1733
1738
 
1734
1739
  /*
1735
1740
  * Copyright (c) Microsoft Corporation. All rights reserved.