@microsoft/teams-js 2.35.0-beta.2 → 2.36.0

package/dist/umd/MicrosoftTeams.js

@@ -1060,6 +1060,7 @@ __webpack_require__.d(__webpack_exports__, {
   navigateCrossDomain: () => (/* reexport */ navigation_navigateCrossDomain),
   navigateToTab: () => (/* reexport */ navigation_navigateToTab),
   nestedAppAuth: () => (/* reexport */ nestedAppAuth_namespaceObject),
+  nestedAppAuthBridge: () => (/* reexport */ nestedAppAuthBridge_namespaceObject),
   notifications: () => (/* reexport */ notifications_namespaceObject),
   openFilePreview: () => (/* reexport */ openFilePreview),
   otherAppStateChange: () => (/* reexport */ otherAppStateChange_namespaceObject),
@@ -1485,6 +1486,14 @@ __webpack_require__.d(messageChannels_namespaceObject, {
   telemetry: () => (messageChannels_telemetry_namespaceObject)
 });
 
+// NAMESPACE OBJECT: ./src/private/nestedAppAuth/nestedAppAuthBridge.ts
+var nestedAppAuthBridge_namespaceObject = {};
+__webpack_require__.r(nestedAppAuthBridge_namespaceObject);
+__webpack_require__.d(nestedAppAuthBridge_namespaceObject, {
+  initialize: () => (nestedAppAuthBridge_initialize),
+  version: () => (nestedAppAuthBridge_version)
+});
+
 // NAMESPACE OBJECT: ./src/private/notifications.ts
 var notifications_namespaceObject = {};
 __webpack_require__.r(notifications_namespaceObject);
@@ -1691,6 +1700,11 @@ __webpack_require__.d(clipboard_namespaceObject, {
 var nestedAppAuth_namespaceObject = {};
 __webpack_require__.r(nestedAppAuth_namespaceObject);
 __webpack_require__.d(nestedAppAuth_namespaceObject, {
+  addNAATrustedOrigins: () => (addNAATrustedOrigins),
+  canParentManageNAATrustedOrigins: () => (canParentManageNAATrustedOrigins),
+  deleteNAATrustedOrigins: () => (deleteNAATrustedOrigins),
+  getParentOrigin: () => (getParentOrigin),
+  isDeeplyNestedAuthSupported: () => (isDeeplyNestedAuthSupported),
   isNAAChannelRecommended: () => (isNAAChannelRecommended)
 });
 
@@ -2358,20 +2372,6 @@ const errorRuntimeNotSupported = 'The runtime version is not supported';
 /** @hidden */
 const errorCallNotStarted = 'The call was not properly started';
 
-;// ./src/internal/globalVars.ts
-class GlobalVars {
-}
-GlobalVars.initializeCalled = false;
-GlobalVars.initializeCompleted = false;
-GlobalVars.additionalValidOrigins = [];
-GlobalVars.initializePromise = undefined;
-GlobalVars.isFramelessWindow = false;
-GlobalVars.frameContext = undefined;
-GlobalVars.hostClientType = undefined;
-GlobalVars.printCapabilityEnabled = false;
-
-// EXTERNAL MODULE: ../../node_modules/.pnpm/debug@4.3.5/node_modules/debug/src/browser.js
-var browser = __webpack_require__(815);
 // EXTERNAL MODULE: ../../node_modules/.pnpm/base64-js@1.5.1/node_modules/base64-js/index.js
 var base64_js = __webpack_require__(933);
 ;// ../../node_modules/.pnpm/skeleton-buffer@file+skeleton-buffer/node_modules/skeleton-buffer/index.js
@@ -4062,6 +4062,22 @@ function validateUuidInstance(id) {
     }
 }
 
+;// ./src/internal/globalVars.ts
+
+class GlobalVars {
+}
+GlobalVars.initializeCalled = false;
+GlobalVars.initializeCompleted = false;
+GlobalVars.additionalValidOrigins = [];
+GlobalVars.initializePromise = undefined;
+GlobalVars.isFramelessWindow = false;
+GlobalVars.frameContext = undefined;
+GlobalVars.hostClientType = undefined;
+GlobalVars.printCapabilityEnabled = false;
+GlobalVars.teamsJsInstanceId = new UUID().toString();
+
+// EXTERNAL MODULE: ../../node_modules/.pnpm/debug@4.3.5/node_modules/debug/src/browser.js
+var browser = __webpack_require__(815);
 ;// ./src/internal/telemetry.ts
 // We are directly referencing the browser implementation of `debug` to resolve an issue with polyfilling. For a full write-up on the bug please see ADO Bug #9619161
 
@@ -4182,6 +4198,7 @@ let runtime = _uninitializedRuntime;
 const versionAndPlatformAgnosticTeamsRuntimeConfig = {
     apiVersion: 4,
     isNAAChannelRecommended: false,
+    isDeeplyNestedAuthSupported: false,
     hostVersionsInfo: teamsMinAdaptiveCardVersion,
     isLegacyTeams: true,
     supports: {
@@ -4518,7 +4535,7 @@ function isSerializable(arg) {
  * @hidden
  *  Package version.
  */
-const version = "2.35.0-beta.2";
+const version = "2.36.0";
 
 ;// ./src/public/featureFlags.ts
 // All build feature flags are defined inside this object. Any build feature flag must have its own unique getter and setter function. This pattern allows for client apps to treeshake unused code and avoid including code guarded by this feature flags in the final bundle. If this property isn't desired, use the below runtime feature flags object.
@@ -7752,7 +7769,8 @@ function handleIncomingMessage(evt, sendMessageToParentHelper, setCallbackForReq
  * Limited to Microsoft-internal use
  */
 function sendChildMessageToParent(message, sendMessageToParentHelper, setCallbackForRequest) {
-    const request = sendMessageToParentHelper(getApiVersionTag("v2" /* ApiVersionNumber.V_2 */, "tasks.startTask" /* ApiName.Tasks_StartTask */), message.func, message.args, true);
+    const request = sendMessageToParentHelper(getApiVersionTag("v2" /* ApiVersionNumber.V_2 */, "tasks.startTask" /* ApiName.Tasks_StartTask */), message.func, message.args, true, // Tags message as proxied from child
+    message.teamsJsInstanceId);
     // Copy variable to new pointer
     const requestChildWindowOrigin = ChildCommunication.origin;
     setCallbackForRequest(request.uuid, (...args) => {
@@ -7920,6 +7938,7 @@ HostToAppMessageDelayTelemetry.callbackInformation = new Map();
 
 const nestedAppAuthLogger = getLogger('nestedAppAuthUtils');
 const tryPolyfillWithNestedAppAuthBridgeLogger = nestedAppAuthLogger.extend('tryPolyfillWithNestedAppAuthBridge');
+const nestedAppAuthTelemetryVersionNumber = "v2" /* ApiVersionNumber.V_2 */;
 /**
  * @hidden
  * Attempt to polyfill the nestedAppAuthBridge object on the given window
@@ -7938,6 +7957,11 @@ function tryPolyfillWithNestedAppAuthBridge(clientSupportedSDKVersion, window, h
         logger('Cannot polyfill nestedAppAuthBridge as current window does not exist');
         return;
     }
+    // Skip injection if this is a nested iframe (i.e., not the top-most app)
+    if (window.parent !== window.top) {
+        logger('Default NAA bridge injection not supported in nested iframe. Use standalone NAA bridge instead.');
+        return;
+    }
     const parsedClientSupportedSDKVersion = (() => {
         try {
             return JSON.parse(clientSupportedSDKVersion);
@@ -8008,8 +8032,9 @@ function createNestedAppAuthBridge(window, bridgeHandlers) {
                 logger('Unrecognized data format received by app, message being ignored. Message: %o', message);
                 return;
             }
+            const apiVersionTag = getApiVersionTag(nestedAppAuthTelemetryVersionNumber, "nestedAppAuth.execute" /* ApiName.NestedAppAuth_Execute */);
             // Post the message to the top window
-            sendPostMessage(message);
+            sendPostMessage(message, apiVersionTag);
         },
         removeEventListener: (eventName, callback) => {
             window.removeEventListener(eventName, nestedAppAuthBridgeHandler(callback));
@@ -8350,10 +8375,10 @@ const sendNestedAuthRequestToTopWindowLogger = communication_communicationLogger
  * @internal
  * Limited to Microsoft-internal use
  */
-function sendNestedAuthRequestToTopWindow(message) {
+function sendNestedAuthRequestToTopWindow(message, apiVersionTag) {
     const logger = sendNestedAuthRequestToTopWindowLogger;
     const targetWindow = Communication.topWindow;
-    const request = createNestedAppAuthRequest(message);
+    const request = createNestedAppAuthRequest(message, apiVersionTag);
     logger('Message %s information: %o', getMessageIdsAsLogString(request), {
         actionName: request.func,
     });
@@ -8394,10 +8419,10 @@ const sendMessageToParentHelperLogger = communication_communicationLogger.extend
  * @internal
  * Limited to Microsoft-internal use
  */
-function sendMessageToParentHelper(apiVersionTag, actionName, args, isProxiedFromChild) {
+function sendMessageToParentHelper(apiVersionTag, actionName, args, isProxiedFromChild, teamsJsInstanceId) {
     const logger = sendMessageToParentHelperLogger;
     const targetWindow = Communication.parentWindow;
-    const request = createMessageRequest(apiVersionTag, actionName, args, isProxiedFromChild);
+    const request = createMessageRequest(apiVersionTag, actionName, args, isProxiedFromChild, teamsJsInstanceId);
     HostToAppMessageDelayTelemetry.storeCallbackInformation(request.uuid, {
         name: actionName,
         calledAt: request.timestamp,
@@ -8772,10 +8797,16 @@ function waitForMessageQueue(targetWindow, callback) {
  * @internal
  * Limited to Microsoft-internal use
  */
-function createMessageRequest(apiVersionTag, func, args, isProxiedFromChild) {
+function createMessageRequest(apiVersionTag, func, args, isProxiedFromChild, teamsJsInstanceId) {
     const messageId = CommunicationPrivate.nextMessageId++;
     const messageUuid = new UUID();
     CommunicationPrivate.legacyMessageIdsToUuidMap[messageId] = messageUuid;
+    /**
+     * Only when `isProxiedFromChild` is explicitly set to be true, the message request is created and relayed for child app
+     * Parent app needs to create and relay message request with whatever child app sent to it,
+     * and parent app's TeamsJS instance ID can NOT be used in this case.
+     */
+    const tjsInstanceIdToAttach = isProxiedFromChild === true ? teamsJsInstanceId : GlobalVars.teamsJsInstanceId;
     return {
         id: messageId,
         uuid: messageUuid,
@@ -8785,6 +8816,7 @@ function createMessageRequest(apiVersionTag, func, args, isProxiedFromChild) {
         args: args || [],
         apiVersionTag: apiVersionTag,
         isProxiedFromChild: isProxiedFromChild !== null && isProxiedFromChild !== void 0 ? isProxiedFromChild : false,
+        teamsJsInstanceId: tjsInstanceIdToAttach,
     };
 }
 /**
@@ -8798,7 +8830,7 @@ function createMessageRequest(apiVersionTag, func, args, isProxiedFromChild) {
  *
  * @returns {NestedAppAuthRequest} Returns a NestedAppAuthRequest object with a unique id, the function name set to 'nestedAppAuthRequest', the current timestamp, an empty args array, and the provided message as data.
  */
-function createNestedAppAuthRequest(message) {
+function createNestedAppAuthRequest(message, apiVersionTag) {
     const messageId = CommunicationPrivate.nextMessageId++;
     const messageUuid = new UUID();
     CommunicationPrivate.legacyMessageIdsToUuidMap[messageId] = messageUuid;
@@ -8808,6 +8840,7 @@ function createNestedAppAuthRequest(message) {
         func: 'nestedAppAuth.execute',
         timestamp: Date.now(),
         monotonicTimestamp: getCurrentTimestamp(),
+        apiVersionTag: apiVersionTag,
         // Since this is a nested app auth request, we don't need to send any args.
         // We avoid overloading the args array with the message to avoid potential issues processing of these messages on the hubSDK.
         args: [],
@@ -10941,6 +10974,240 @@ function messageChannels_isSupported() {
 }
 
 
+;// ./src/private/nestedAppAuth/nestedAppAuthBridge.ts
+
+/**
+ * @beta
+ * @hidden
+ * Local version of the Nested App Auth Bridge module.
+ *
+ * This version is specific to this standalone module and is not tied to the overall TeamsJS SDK version.
+ * It allows developers to track changes within this module and handle version-based compatibility if needed.
+ *
+ * While not strictly required today, having a version provides flexibility for future updates,
+ * especially if breaking changes are introduced later.
+ *
+ * Example:
+ *   if (nestedAppAuthBridge.version.startsWith('1.')) {
+ *     // Safe to use with current logic
+ *   }
+ *
+ * @internal
+ * Limited to Microsoft-internal use
+ */
+const nestedAppAuthBridge_version = '1.0.0';
+/**
+ * Bridge handlers used for processing messages.
+ */
+const bridgeHandlers = {
+    onMessage: nestedAppAuthBridge_processAuthBridgeMessage,
+};
+let topOriginForNAA = null;
+let isNAALoggerEnabled = false;
+/**
+ * @beta
+ * @hidden
+ * Initializes the Nested App Auth Bridge.
+ * @param window The window object where the bridge will be attached.
+ * @param topOrigin The origin of the top-level frame.
+ * @param enableLogging - Optional flag to enable internal debug and error logging. Defaults to false.
+ *
+ * @internal
+ * Limited to Microsoft-internal use
+ */
+function nestedAppAuthBridge_initialize(window, topOrigin, enableLogging = false) {
+    isNAALoggerEnabled = enableLogging;
+    if (!window) {
+        throw new Error('Cannot polyfill nestedAppAuthBridge as the current window does not exist');
+    }
+    if (!topOrigin) {
+        throw new Error('Top origin is required to initialize the Nested App Auth Bridge');
+    }
+    try {
+        const parsedOrigin = new URL(topOrigin);
+        if (parsedOrigin.protocol !== 'https:') {
+            throw new Error(`Invalid top origin: ${topOrigin}. Only HTTPS origins are allowed.`);
+        }
+        topOriginForNAA = parsedOrigin.origin;
+    }
+    catch (error) {
+        throw new Error(`Failed to initialize bridge: invalid top origin: ${topOrigin}`);
+    }
+    const extendedWindow = window;
+    // If the bridge is already present, return.
+    if (extendedWindow.nestedAppAuthBridge) {
+        log('Nested App Auth Bridge is already present');
+        return;
+    }
+    // Create and assign the bridge to the window.
+    const nestedAppAuthBridge = nestedAppAuthBridge_createNestedAppAuthBridge(extendedWindow);
+    if (nestedAppAuthBridge) {
+        extendedWindow.nestedAppAuthBridge = nestedAppAuthBridge;
+    }
+}
+/**
+ * Creates the Nested App Auth Bridge.
+ * @param window The window object where the bridge is being injected.
+ * @returns A NestedAppAuthBridge instance.
+ */
+function nestedAppAuthBridge_createNestedAppAuthBridge(window) {
+    const messageHandlers = new WeakMap();
+    const { onMessage } = bridgeHandlers;
+    const nestedAppAuthBridgeHandler = (callback) => (evt) => onMessage(evt, callback);
+    return {
+        /**
+         * Adds an event listener for message events.
+         */
+        addEventListener: (eventName, callback) => {
+            if (eventName === 'message') {
+                const handler = nestedAppAuthBridgeHandler(callback);
+                messageHandlers.set(callback, handler);
+                window.addEventListener(eventName, handler);
+            }
+            else {
+                log(`Event ${eventName} is not supported by nestedAppAuthBridge`);
+            }
+        },
+        /**
+         * Sends a message using postMessage.
+         */
+        postMessage: (message) => {
+            if (window.top) {
+                try {
+                    const parsedMessage = JSON.parse(message);
+                    if (typeof parsedMessage === 'object' &&
+                        parsedMessage.messageType === "NestedAppAuthRequest" /* NestedAppAuthMessageEventNames.Request */) {
+                        const request = nestedAppAuthBridge_createNestedAppAuthRequest(message);
+                        if (window !== window.top && topOriginForNAA) {
+                            window.top.postMessage(request, topOriginForNAA);
+                        }
+                        else {
+                            logError('Not in an embedded iframe; skipping postMessage.');
+                            return;
+                        }
+                    }
+                }
+                catch (error) {
+                    logError('Failed to parse message:', error, 'Original message:', message);
+                    return;
+                }
+            }
+            else {
+                throw new Error('window.top is not available for posting messages');
+            }
+        },
+        /**
+         * Removes a previously attached event listener.
+         */
+        removeEventListener: (eventName, callback) => {
+            const handler = messageHandlers.get(callback);
+            if (handler) {
+                window.removeEventListener(eventName, handler);
+                messageHandlers.delete(callback);
+            }
+        },
+    };
+}
+/**
+ * Processes messages received through the auth bridge.
+ * @param evt The message event containing the response.
+ * @param onMessageReceived Callback function to handle the received message.
+ */
+function nestedAppAuthBridge_processAuthBridgeMessage(evt, onMessageReceived) {
+    if (!evt || !evt.data || typeof evt.data !== 'object' || evt.data === null) {
+        log('Invalid message format, ignoring. Message: %o', evt);
+        return;
+    }
+    // Validate message source before processing
+    if (!nestedAppAuthBridge_shouldProcessIncomingMessage(evt.source, evt.origin)) {
+        log('Message source/origin not allowed, ignoring.');
+        return;
+    }
+    const { args } = evt.data;
+    const [, message] = args !== null && args !== void 0 ? args : [];
+    const parsedData = (() => {
+        try {
+            return JSON.parse(message);
+        }
+        catch (error) {
+            logError('Failed to parse response message:', error);
+            return null;
+        }
+    })();
+    if (!parsedData || parsedData.messageType !== "NestedAppAuthResponse" /* NestedAppAuthMessageEventNames.Response */) {
+        log('Invalid response format, ignoring. Message: %o', evt);
+        return;
+    }
+    onMessageReceived(message);
+}
+function nestedAppAuthBridge_shouldProcessIncomingMessage(messageSource, messageOrigin) {
+    // Reject messages if they are not from the top window
+    if (messageSource && messageSource !== window.top) {
+        log('Should not process message because it is not coming from the top window');
+        return false;
+    }
+    // Check if messageOrigin matches topOriginForNAA
+    if (messageOrigin === topOriginForNAA) {
+        try {
+            return new URL(messageOrigin).protocol === 'https:';
+        }
+        catch (error) {
+            logError('Invalid message origin URL:', error);
+            return false;
+        }
+    }
+    return false;
+}
+/**
+ * Creates a NAA request with a unique ID and timestamp.
+ * @param data The data to be included in the request.
+ * @returns A stringified JSON request object.
+ */
+function nestedAppAuthBridge_createNestedAppAuthRequest(data) {
+    const timestamp = Date.now();
+    return {
+        id: generateUniqueId(),
+        uuid: esm_browser_v4(),
+        func: 'nestedAppAuth.execute',
+        timestamp: timestamp,
+        apiVersionTag: 'v2_nestedAppAuth.execute',
+        monotonicTimestamp: timestamp,
+        args: [],
+        data,
+    };
+}
+/**
+ * Generates a unique ID for NAA auth requests.
+ * @returns A randomly generated unique string.
+ */
+function generateUniqueId() {
+    return typeof crypto !== 'undefined' && crypto.randomUUID
+        ? crypto.randomUUID()
+        : Math.random().toString(36).substring(2, 11);
+}
+/**
+ * Logs informational messages to the console if logging is enabled.
+ * Used internally for non-critical debug output.
+ *
+ * @param args - The data to be logged.
+ */
+function log(...args) {
+    if (isNAALoggerEnabled) {
+        console.log(...args);
+    }
+}
+/**
+ * Logs error messages to the console if logging is enabled.
+ * Used internally for debugging and error tracing.
+ *
+ * @param args - The error data to be logged.
+ */
+function logError(...args) {
+    if (isNAALoggerEnabled) {
+        console.error(...args);
+    }
+}
+
 ;// ./src/private/notifications.ts
 /**
  * @hidden
@@ -13234,6 +13501,8 @@ function serializeValidSize(size) {
 
 
 
+
+
 
 
 
@@ -14596,6 +14865,15 @@ function clipboard_isSupported() {
 }
 
 ;// ./src/public/nestedAppAuth.ts
+var nestedAppAuth_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
 /**
  * @beta
  * Nested app auth capabilities
@@ -14605,6 +14883,24 @@ function clipboard_isSupported() {
 
 
 
+
+
+/**
+ * v2 APIs telemetry file: All of APIs in this capability file should send out API version v2 ONLY
+ */
+const nestedAppAuth_hostEntityTelemetryVersionNumber = "v2" /* ApiVersionNumber.V_2 */;
+/**
+ * Response handler for managing NAA Trusted Origins.
+ */
+const trustedOriginResponseHandler = {
+    validate: (response) => Array.isArray(response) || typeof response === 'object',
+    deserialize: (response) => response,
+};
+var TrustedOriginAction;
+(function (TrustedOriginAction) {
+    TrustedOriginAction["ADD"] = "ADD";
+    TrustedOriginAction["DELETE"] = "DELETE";
+})(TrustedOriginAction || (TrustedOriginAction = {}));
 /**
  * Checks if MSAL-NAA channel recommended by the host
  * @returns true if host is recommending NAA channel and false otherwise
@@ -14618,6 +14914,47 @@ function isNAAChannelRecommended() {
     return ((_a = (ensureInitialized(runtime) &&
         (runtime.isNAAChannelRecommended || isNAAChannelRecommendedForLegacyTeamsMobile()))) !== null && _a !== void 0 ? _a : false);
 }
+/**
+ * Gets the origin of the parent window if available.
+ * This will be the top-level origin in the case of a parent app.
+ * It is used to pass to the embedded child app to initialize the Nested App Auth bridge.
+
+ * @returns The origin string if available, otherwise null
+ *
+ * @throws Error if {@linkcode app.initialize} has not successfully completed
+ *
+ * @beta
+ */
+function getParentOrigin() {
+    ensureInitialized(runtime);
+    return Communication.parentOrigin;
+}
+/**
+ * Checks if the parent has the capability to manage its list of trusted child origins
+ * for Nested App Auth (NAA).
+ *
+ * @returns true if parent can manage NAA TrustedOrigins, false otherwise
+ *
+ * @throws Error if {@linkcode app.initialize} has not successfully completed
+ *
+ * @beta
+ */
+function canParentManageNAATrustedOrigins() {
+    var _a;
+    return (_a = (ensureInitialized(runtime) && runtime.canParentManageNAATrustedOrigins)) !== null && _a !== void 0 ? _a : false;
+}
+/**
+ * Checks if NAA deeply nested scenario supported by the host
+ * @returns true if host supports
+ *
+ * @throws Error if {@linkcode app.initialize} has not successfully completed
+ *
+ * @beta
+ */
+function isDeeplyNestedAuthSupported() {
+    var _a;
+    return (_a = (ensureInitialized(runtime) && runtime.isDeeplyNestedAuthSupported)) !== null && _a !== void 0 ? _a : false;
+}
 function isNAAChannelRecommendedForLegacyTeamsMobile() {
     return ensureInitialized(runtime) &&
         isHostAndroidOrIOSOrIPadOSOrVisionOS() &&
@@ -14632,6 +14969,103 @@ function isHostAndroidOrIOSOrIPadOSOrVisionOS() {
         GlobalVars.hostClientType === HostClientType.ipados ||
         GlobalVars.hostClientType === HostClientType.visionOS);
 }
+/**
+ * Registers the origins of child apps as trusted for Nested App Auth (NAA).
+ *
+ * This allows a top-level parent app to specify which child app origins are considered trusted
+ *
+ * @param appOrigins - An array of child app origins to trust (must be a non-empty array).
+ * @returns A Promise resolving with the result of the action.
+ * @throws Error if called from a non-top-level parent or if parameters are invalid.
+ *
+ * @beta
+ */
+function addNAATrustedOrigins(appOrigins) {
+    return nestedAppAuth_awaiter(this, void 0, void 0, function* () {
+        if (!canParentManageNAATrustedOrigins()) {
+            throw errorNotSupportedOnPlatform;
+        }
+        const normalizedOrigins = appOrigins.map(normalizeOrigin);
+        return manageNAATrustedOrigins(TrustedOriginAction.ADD, normalizedOrigins);
+    });
+}
+/**
+ * Removes previously trusted child app origins from Nested App Auth (NAA).
+ *
+ * The specified origins will no longer be considered trusted.
+ *
+ * @param appOrigins - An array of child app origins to remove from the trusted list (must be a non-empty array).
+ * @returns A Promise resolving with the result of the action.
+ * @throws Error if called from a non-top-level parent or if parameters are invalid.
+ *
+ * @beta
+ */
+function deleteNAATrustedOrigins(appOrigins) {
+    return nestedAppAuth_awaiter(this, void 0, void 0, function* () {
+        if (!canParentManageNAATrustedOrigins()) {
+            throw errorNotSupportedOnPlatform;
+        }
+        const normalizedOrigins = appOrigins.map(normalizeOrigin);
+        return manageNAATrustedOrigins(TrustedOriginAction.DELETE, normalizedOrigins);
+    });
+}
+/**
+ * Performs the specified action (add or delete) on the list of trusted child app origins for Nested App Auth (NAA).
+ *
+ * This function is intended to be called by a top-level parent app to manage which child app origins are considered trusted.
+ *
+ * @param action - The action to perform: 'ADD' or 'DELETE'.
+ * @param appOrigins - An array of origins to add or remove (must be a non-empty array).
+ * @returns A Promise resolving with the result of the action.
+ * @throws Error if called from a non-top-level parent or if parameters are invalid.
+ */
+function manageNAATrustedOrigins(action, appOrigins) {
+    return nestedAppAuth_awaiter(this, void 0, void 0, function* () {
+        if (window.parent !== window.top) {
+            throw new Error('This API is only available in the top-level parent.');
+        }
+        if (!Array.isArray(appOrigins) || appOrigins.length === 0) {
+            throw new Error(`The '${appOrigins}' parameter is required and must be a non-empty array.`);
+        }
+        const args = [new SerializableManageNAATrustedOriginArgs(action, appOrigins)];
+        return callFunctionInHostAndHandleResponse('nestedAppAuth.manageNAATrustedOrigins', args, trustedOriginResponseHandler, getApiVersionTag(nestedAppAuth_hostEntityTelemetryVersionNumber, "nestedAppAuth.manageNAATrustedOrigins" /* ApiName.NestedAppAuth_ManageNAATrustedOrigins */));
+    });
+}
+/**
+ * Normalizes a given origin string by converting it to lowercase and extracting only the origin part.
+ *
+ * @param origin - A string representing a full URL.
+ * @returns The normalized origin (scheme + host + port) in lowercase.
+ * @throws Error if the input is not a valid URL.
+ */
+function normalizeOrigin(origin) {
+    try {
+        const url = new URL(origin);
+        return url.origin.toLowerCase(); // Normalize and return only the origin part
+    }
+    catch (error) {
+        throw new Error(`Invalid origin provided: ${origin}`);
+    }
+}
+/**
+ * Serializable arguments for manageNAATrustedOrigins.
+ */
+class SerializableManageNAATrustedOriginArgs {
+    constructor(action, appOrigins) {
+        this.action = action;
+        this.appOrigins = appOrigins;
+    }
+    /**
+     * Serializes the object to a JSON-compliant format.
+     * @returns JSON representation of the arguments.
+     */
+    serialize() {
+        return {
+            action: this.action,
+            appOrigins: this.appOrigins, // No need for conditional check, always included
+        };
+    }
+}
 
 ;// ./src/public/geoLocation/map.ts
 /**