@openclaw/msteams 2026.6.5 → 2026.6.6-beta.1

package/node_modules/@azure/msal-browser/lib/custom-auth-path/msal-custom-auth.cjs

@@ -1,8 +1,8 @@
-/*! @azure/msal-browser v5.11.0 2026-05-19 */
+/*! @azure/msal-browser v5.12.0 2026-06-05 */
 'use strict';
 'use strict';
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -229,7 +229,7 @@ const JsonWebTokenTypes = {
 // Token renewal offset default in seconds
 const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -281,7 +281,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
 const RESOURCE = "resource";
 const CLI_DATA = "clidata";
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -312,7 +312,7 @@ function createAuthError(code, additionalMessage) {
     return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -332,7 +332,7 @@ function createClientConfigurationError(errorCode) {
     return new ClientConfigurationError(errorCode);
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -412,7 +412,7 @@ class StringUtils {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -435,7 +435,7 @@ function createClientAuthError(errorCode, additionalMessage) {
     return new ClientAuthError(errorCode, additionalMessage);
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -461,7 +461,7 @@ const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
 const invalidPlatformBrokerConfiguration = "invalid_platform_broker_configuration";
 const issuerValidationFailed = "issuer_validation_failed";
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -500,7 +500,7 @@ const methodNotImplemented = "method_not_implemented";
 const resourceParameterRequired = "resource_parameter_required";
 const misplacedResourceParam = "misplaced_resource_parameter";
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -695,7 +695,7 @@ class ScopeSet {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1084,7 +1084,7 @@ function addResource(parameters, resource) {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1193,7 +1193,7 @@ function normalizeUrlForComparison(url) {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1232,7 +1232,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
     },
 };
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -1493,12 +1493,12 @@ class Logger {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /* eslint-disable header/header */
 const name$1 = "@azure/msal-common";
-const version$1 = "16.6.2";
+const version$1 = "16.7.0";
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -1507,7 +1507,7 @@ const AzureCloudInstance = {
     // AzureCloudInstance is not specified.
     None: "none"};
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -1590,7 +1590,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
     return updatedAccountInfo;
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1670,7 +1670,7 @@ function checkMaxAge(authTime, maxAge) {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1827,7 +1827,7 @@ class UrlString {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1993,7 +1993,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
     return null;
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -2001,7 +2001,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
 const cacheQuotaExceeded = "cache_quota_exceeded";
 const cacheErrorUnknown = "cache_error_unknown";
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2039,7 +2039,7 @@ function createCacheError(e) {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2077,7 +2077,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
     };
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -2092,7 +2092,7 @@ const AuthorityType = {
     Ciam: 3,
 };
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -2114,7 +2114,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
     return null;
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -2138,7 +2138,7 @@ const ProtocolMode = {
     EAR: "EAR",
 };
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /**
  * Returns the AccountInfo interface for this account.
  */
@@ -2313,7 +2313,7 @@ function isAccountEntity(entity) {
         entity.hasOwnProperty("authorityType"));
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2453,8 +2453,8 @@ class CacheManager {
             return false;
         }
         if (!!tenantProfileFilter.username &&
-            !(this.matchUsername(tenantProfile.username, tenantProfileFilter.username) ||
-                !this.matchUsername(tenantProfile.upn, tenantProfileFilter.username))) {
+            !this.matchUsername(tenantProfile.username, tenantProfileFilter.username) &&
+            !this.matchUsername(tenantProfile.upn, tenantProfileFilter.username)) {
             return false;
         }
         if (!!tenantProfileFilter.loginHint &&
@@ -3444,7 +3444,7 @@ class DefaultStorageClass extends CacheManager {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -3458,7 +3458,7 @@ class DefaultStorageClass extends CacheManager {
 const PerformanceEventStatus = {
     InProgress: 1};
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3513,7 +3513,7 @@ class StubPerformanceClient {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3608,7 +3608,7 @@ function isOidcProtocolMode(config) {
     return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -3635,7 +3635,7 @@ function isOidcProtocolMode(config) {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -3700,7 +3700,7 @@ function wasClockTurnedBack(cachedAt) {
     return cachedAtSec > nowSeconds();
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3959,7 +3959,7 @@ function isAuthorityMetadataExpired(metadata) {
     return metadata.expiresAt <= nowSeconds();
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -4030,7 +4030,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
 const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
 const SetUserData = "setUserData";
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -4123,7 +4123,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
     };
 };
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4203,7 +4203,7 @@ class PopTokenGenerator {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -4227,7 +4227,7 @@ const refreshTokenExpired = "refresh_token_expired";
  * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
  * @public
  */
-const uxNotAllowed = "ux_not_allowed";
+const uiNotAllowed = "ui_not_allowed";
 /**
  * Server-originated error code indicating interaction is required to complete the request.
  * @public
@@ -4254,7 +4254,7 @@ const badToken = "bad_token";
  */
 const interruptedUser = "interrupted_user";
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4268,7 +4268,7 @@ const InteractionRequiredServerErrorMessage = [
     consentRequired,
     loginRequired,
     badToken,
-    uxNotAllowed,
+    uiNotAllowed,
     interruptedUser,
 ];
 const InteractionRequiredAuthSubErrorMessage = [
@@ -4278,7 +4278,7 @@ const InteractionRequiredAuthSubErrorMessage = [
     "user_password_expired",
     "consent_required",
     "bad_token",
-    "ux_not_allowed",
+    "ui_not_allowed",
     "interrupted_user",
 ];
 /**
@@ -4322,7 +4322,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
     return new InteractionRequiredAuthError(errorCode, errorMessage);
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4341,7 +4341,7 @@ class ServerError extends AuthError {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4409,7 +4409,7 @@ function parseRequestState(base64Decode, state) {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4757,7 +4757,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
     return baseAccount;
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -4767,7 +4767,7 @@ const CcsCredentialType = {
     UPN: "UPN",
 };
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -4785,7 +4785,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -4806,7 +4806,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
     };
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4892,7 +4892,7 @@ class ThrottlingUtils {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4923,7 +4923,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
     return new NetworkError(error, httpStatus, responseHeaders);
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5037,7 +5037,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
     return response;
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -5049,7 +5049,7 @@ function isOpenIdConfigResponse(response) {
         response.hasOwnProperty("jwks_uri"));
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -5059,7 +5059,7 @@ function isCloudInstanceDiscoveryResponse(response) {
         response.hasOwnProperty("metadata"));
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -5069,7 +5069,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
         response.hasOwnProperty("error_description"));
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5174,7 +5174,7 @@ RegionDiscovery.IMDS_OPTIONS = {
     },
 };
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5731,7 +5731,7 @@ class Authority {
             }
         }
         // If cloudDiscoveryMetadata is empty or does not contain the host, check knownAuthorities
-        if (this.isInKnownAuthorities()) {
+        if (this.isInKnownAuthorities(this.hostnameAndPort)) {
             this.logger.verbose("0mt9al", this.correlationId);
             return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);
         }
@@ -5798,13 +5798,14 @@ class Authority {
         return match;
     }
     /**
-     * Helper function to determine if this host is included in the knownAuthorities config option
+     * Helper function to determine if a host is included in the knownAuthorities config option.
      */
-    isInKnownAuthorities() {
+    isInKnownAuthorities(host) {
+        const normalizedHost = host.toLowerCase();
         const matches = this.authorityOptions.knownAuthorities.filter((authority) => {
             return (authority &&
                 UrlString.getDomainFromUrl(authority).toLowerCase() ===
-                    this.hostnameAndPort);
+                    normalizedHost);
         });
         return matches.length > 0;
     }
@@ -5881,6 +5882,10 @@ class Authority {
      *  4. Same as (2), but the issuer host matches the CIAM tenant pattern
      *     `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
      *     path.
+     *  5. The issuer host is HTTPS and is explicitly listed in the
+     *     developer-configured `knownAuthorities`. This covers scenarios where
+     *     the OIDC discovery document returns an issuer host that differs from
+     *     the authority (e.g., a GUID-based issuer for a name-based CIAM authority).
      *
      * @param issuer The `issuer` value returned in the OIDC discovery document.
      * @throws ClientConfigurationError("issuer_validation_failed") on failure.
@@ -5917,11 +5922,19 @@ class Authority {
          * have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
          */
         const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
+        /*
+         * Rule 5: The issuer host is explicitly listed in the developer-configured
+         * knownAuthorities. This covers scenarios where the OIDC discovery document
+         * returns an issuer with a different host than the authority
+         * (e.g., a GUID-based issuer for a name-based authority).
+         */
+        const matchesKnownAuthority = issuerScheme === "https:" && this.isInKnownAuthorities(issuerHost);
         // Each rule is an independent boolean; the issuer is valid if ANY rule matches.
         if (matchesAuthorityOrigin ||
             matchesKnownMicrosoftHost ||
             matchesRegionalMicrosoftHost ||
-            matchesCiamTenantPattern) {
+            matchesCiamTenantPattern ||
+            matchesKnownAuthority) {
             return;
         }
         // issuer validation fails if none of the above rules are satisfied
@@ -6129,7 +6142,7 @@ function buildStaticAuthorityOptions(authOptions) {
     };
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6163,7 +6176,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6420,7 +6433,7 @@ class AuthorizationCodeClient {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6641,7 +6654,7 @@ class RefreshTokenClient {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6757,7 +6770,7 @@ class SilentFlowClient {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6772,7 +6785,7 @@ const StubbedNetworkModule = {
     },
 };
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6995,7 +7008,7 @@ function extractLoginHint(account) {
     return account.loginHint || account.idTokenClaims?.login_hint || null;
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7028,7 +7041,7 @@ function containsResourceParam(params) {
     return Object.prototype.hasOwnProperty.call(params, "resource");
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -7038,7 +7051,7 @@ function containsResourceParam(params) {
  */
 const unexpectedError = "unexpected_error";
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7299,7 +7312,7 @@ class ServerTelemetryManager {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7320,7 +7333,7 @@ function createJoseHeaderError(code) {
     return new JoseHeaderError(code);
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -7328,7 +7341,7 @@ function createJoseHeaderError(code) {
 const missingKidError = "missing_kid_error";
 const missingAlgError = "missing_alg_error";
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7763,7 +7776,7 @@ function ensureArgumentIsJSONString(argName, argValue, correlationId) {
 
 /* eslint-disable header/header */
 const name = "@azure/msal-browser";
-const version = "5.11.0";
+const version = "5.12.0";
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8657,6 +8670,43 @@ function createBrowserAuthError(errorCode, subError) {
     return new BrowserAuthError(errorCode, subError);
 }
 
+/*
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+/**
+ * Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
+ * https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
+ */
+/**
+ * Returns a URL-safe plaintext decoded string from b64 encoded input.
+ * @param input
+ */
+function base64Decode(input) {
+    return new TextDecoder().decode(base64DecToArr(input));
+}
+/**
+ * Decodes base64 into Uint8Array
+ * @param base64String
+ */
+function base64DecToArr(base64String) {
+    let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
+    switch (encodedString.length % 4) {
+        case 0:
+            break;
+        case 2:
+            encodedString += "==";
+            break;
+        case 3:
+            encodedString += "=";
+            break;
+        default:
+            throw createBrowserAuthError(invalidBase64String);
+    }
+    const binString = atob(encodedString);
+    return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
+}
+
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -8701,43 +8751,6 @@ function base64EncArr(aBytes) {
     return btoa(binString);
 }
 
-/*
- * Copyright (c) Microsoft Corporation. All rights reserved.
- * Licensed under the MIT License.
- */
-/**
- * Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
- * https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
- */
-/**
- * Returns a URL-safe plaintext decoded string from b64 encoded input.
- * @param input
- */
-function base64Decode(input) {
-    return new TextDecoder().decode(base64DecToArr(input));
-}
-/**
- * Decodes base64 into Uint8Array
- * @param base64String
- */
-function base64DecToArr(base64String) {
-    let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
-    switch (encodedString.length % 4) {
-        case 0:
-            break;
-        case 2:
-            encodedString += "==";
-            break;
-        case 3:
-            encodedString += "=";
-            break;
-        default:
-            throw createBrowserAuthError(invalidBase64String);
-    }
-    const binString = atob(encodedString);
-    return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
-}
-
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -9206,7 +9219,7 @@ function cancelPendingBridgeResponse(logger, correlationId) {
         activeBridgeMonitor = null;
     }
 }
-async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient, experimentalConfig) {
+async function waitForBridgeResponse(timeoutMs, logger, request, performanceClient, experimentalConfig) {
     return new Promise((resolve, reject) => {
         logger.verbose("1rf6em", request.correlationId);
         const correlationId = request.correlationId;
@@ -9214,7 +9227,7 @@ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request,
             redirectBridgeTimeoutMs: timeoutMs,
             lateResponseExperimentEnabled: experimentalConfig?.iframeTimeoutTelemetry || false,
         }, correlationId);
-        const { libraryState } = parseRequestState(browserCrypto.base64Decode, request.state || "");
+        const { libraryState } = parseRequestState(base64Decode, request.state || "");
         const channel = new BroadcastChannel(libraryState.id);
         let responseString = undefined;
         let timedOut$1 = false;
@@ -15079,6 +15092,7 @@ class BrowserCacheManager extends CacheManager {
             ? await this.browserStorage.decryptData(key, parsedValue, correlationId)
             : parsedValue;
         if (!decryptedData || !isCredentialEntity(decryptedData)) {
+            this.browserStorage.removeItem(key);
             this.performanceClient.incrementFields({ invalidCacheCount: 1 }, correlationId);
             return null;
         }
@@ -15109,6 +15123,7 @@ class BrowserCacheManager extends CacheManager {
             const rawValue = this.browserStorage.getItem(accountKey);
             const parsedValue = this.validateAndParseJson(rawValue || "");
             if (!parsedValue) {
+                this.browserStorage.removeItem(accountKey);
                 removeElementFromArray(accountKeysToCheck, accountKey);
                 continue;
             }
@@ -15123,6 +15138,15 @@ class BrowserCacheManager extends CacheManager {
                 await this.removeAccountOldSchema(accountKey, parsedValue, credentialSchema, correlationId);
                 removeElementFromArray(accountKeysToCheck, accountKey);
             }
+            else if (isEncrypted(parsedValue)) {
+                // Remove accounts encrypted with a different key (session cookie expired/changed)
+                const decrypted = await this.browserStorage.decryptData(accountKey, parsedValue, correlationId);
+                if (!decrypted) {
+                    this.browserStorage.removeItem(accountKey);
+                    this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
+                    removeElementFromArray(accountKeysToCheck, accountKey);
+                }
+            }
         }
         this.setAccountKeys(accountKeysToCheck, correlationId, accountSchema);
     }
@@ -16652,7 +16676,7 @@ const USER_CANCEL = "USER_CANCEL";
 const NO_NETWORK = "NO_NETWORK";
 const DISABLED = "DISABLED";
 const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
-const UX_NOT_ALLOWED = "UX_NOT_ALLOWED";
+const UI_NOT_ALLOWED = "UI_NOT_ALLOWED";
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -16707,8 +16731,8 @@ function createNativeAuthError(code, description, ext) {
                 return createBrowserAuthError(userCancelled);
             case NO_NETWORK:
                 return createBrowserAuthError(noNetworkConnectivity);
-            case UX_NOT_ALLOWED:
-                return createInteractionRequiredAuthError(uxNotAllowed);
+            case UI_NOT_ALLOWED:
+                return createInteractionRequiredAuthError(uiNotAllowed);
         }
     }
     return new NativeAuthError(code, description, ext);
@@ -16939,7 +16963,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
             noHistory: false,
         };
         const redirectUri = navigateToLoginRequestUrl
-            ? window.location.href
+            ? UrlString.getAbsoluteUrl(request.redirectStartPage || window.location.href, getCurrentUri())
             : getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
         rootMeasurement.end({ success: true });
         await this.navigationClient.navigateExternal(redirectUri, navigationOptions); // Need to treat this as external to ensure handleRedirectPromise is run again
@@ -18508,10 +18532,11 @@ function isPlatformAuthAllowed(config, logger, correlationId, platformAuthProvid
  * Licensed under the MIT License.
  */
 class PopupClient extends StandardInteractionClient {
-    constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler) {
+    constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler, waitForPopupResponseHook) {
         super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthHandler);
         this.nativeStorage = nativeStorageImpl;
         this.eventHandler = eventHandler;
+        this.waitForPopupResponseHook = waitForPopupResponseHook;
     }
     /**
      * Acquires tokens by opening a popup window to the /authorize endpoint of the authority
@@ -18645,7 +18670,7 @@ class PopupClient extends StandardInteractionClient {
                 const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
                 this.eventHandler.emitEvent(EventType.POPUP_OPENED, correlationId, InteractionType.Popup, { popupWindow }, null);
                 // Wait for the redirect bridge response
-                const responseString = await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
+                const responseString = await this.waitForPopupResponse(request, popupWindow, popupParams.popupWindowParent);
                 const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
                 return await invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
             }
@@ -18680,7 +18705,7 @@ class PopupClient extends StandardInteractionClient {
         const form = await getEARForm(popupWindow.document, this.config, discoveredAuthority, popupRequest, this.logger, this.performanceClient);
         form.submit();
         // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
-        const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, popupRequest, this.performanceClient);
+        const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(popupRequest, popupWindow, popupParams.popupWindowParent);
         const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
         if (!serverParams.ear_jwe && serverParams.code) {
             const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
@@ -18705,7 +18730,7 @@ class PopupClient extends StandardInteractionClient {
         const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
         form.submit();
         // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
-        const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
+        const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(request, popupWindow, popupParams.popupWindowParent);
         const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
         return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
     }
@@ -18762,7 +18787,7 @@ class PopupClient extends StandardInteractionClient {
             // Open the popup window to requestUrl.
             const popupWindow = this.openPopup(logoutUri, popupParams);
             this.eventHandler.emitEvent(EventType.POPUP_OPENED, validRequest.correlationId, InteractionType.Popup, { popupWindow }, null);
-            await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, validRequest, this.performanceClient).catch(() => {
+            await this.waitForPopupResponse(validRequest, popupWindow, popupParams.popupWindowParent).catch(() => {
                 // Swallow any errors related to monitoring the window. Server logout is best effort
             });
             if (mainWindowRedirectUri) {
@@ -18841,6 +18866,19 @@ class PopupClient extends StandardInteractionClient {
             if (!popupWindow) {
                 throw createBrowserAuthError(emptyWindowError);
             }
+            try {
+                popupWindow.document.title = "Microsoft Authentication";
+            }
+            catch (e) {
+                if (typeof DOMException !== "undefined" &&
+                    e instanceof DOMException &&
+                    e.name === "SecurityError") {
+                    // Cross-origin - title cannot be set
+                }
+                else {
+                    this.logger.verbose("1s1yfs", this.correlationId);
+                }
+            }
             if (popupWindow.focus) {
                 popupWindow.focus();
             }
@@ -18919,6 +18957,12 @@ class PopupClient extends StandardInteractionClient {
         const homeAccountId = request.account && request.account.homeAccountId;
         return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${homeAccountId}.${this.correlationId}`;
     }
+    async waitForPopupResponse(request, popupWindow, popupWindowParent) {
+        if (this.waitForPopupResponseHook) {
+            return this.waitForPopupResponseHook(request, popupWindow, popupWindowParent);
+        }
+        return waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, request, this.performanceClient);
+    }
 }
 
 /*
@@ -19072,6 +19116,8 @@ class RedirectClient extends StandardInteractionClient {
      * @param options {HandleRedirectPromiseOptions} options for handling redirect promise
      */
     async handleRedirectPromise(request, pkceVerifier, parentMeasurement, options) {
+        const originalTitle = document.title;
+        document.title = "Microsoft Authentication";
         const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
         const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
         try {
@@ -19154,6 +19200,9 @@ class RedirectClient extends StandardInteractionClient {
             }
             throw e;
         }
+        finally {
+            document.title = originalTitle;
+        }
     }
     /**
      * Gets the response hash for a redirect request
@@ -19409,6 +19458,7 @@ function loadFrameSync(urlNavigate) {
 function createHiddenIframe() {
     const authFrame = document.createElement("iframe");
     authFrame.className = "msalSilentIframe";
+    authFrame.title = "Microsoft Authentication";
     authFrame.style.visibility = "hidden";
     authFrame.style.position = "absolute";
     authFrame.style.width = authFrame.style.height = "0";
@@ -19434,10 +19484,11 @@ function removeHiddenIframe(iframe) {
  * Licensed under the MIT License.
  */
 class SilentIframeClient extends StandardInteractionClient {
-    constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider) {
+    constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider, waitForIframeResponseHook) {
         super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthProvider);
         this.apiId = apiId;
         this.nativeStorage = nativeStorageImpl;
+        this.waitForIframeResponseHook = waitForIframeResponseHook;
     }
     /**
      * Acquires a token silently by opening a hidden iframe to the /authorize endpoint with prompt=none or prompt=no_session
@@ -19526,7 +19577,7 @@ class SilentIframeClient extends StandardInteractionClient {
         const responseType = this.config.auth.OIDCOptions.responseMode;
         let responseString;
         try {
-            responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
+            responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
         }
         finally {
             invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
@@ -19624,7 +19675,7 @@ class SilentIframeClient extends StandardInteractionClient {
         // Wait for response from the redirect bridge.
         let responseString;
         try {
-            responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
+            responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
         }
         finally {
             invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
@@ -19632,6 +19683,12 @@ class SilentIframeClient extends StandardInteractionClient {
         const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
         return { serverParams, pkceCodes, silentRequest };
     }
+    async waitForIframeResponse(iframe, request) {
+        if (this.waitForIframeResponseHook) {
+            return this.waitForIframeResponseHook(iframe, request);
+        }
+        return waitForBridgeResponse(this.config.system.iframeBridgeTimeout, this.logger, request, this.performanceClient, this.config.experimental);
+    }
 }
 
 /*
@@ -20833,7 +20890,7 @@ class StandardController {
      * @param correlationId
      */
     createPopupClient(correlationId) {
-        return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
+        return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForPopupResponse);
     }
     /**
      * Returns new instance of the Redirect Interaction Client
@@ -20847,7 +20904,7 @@ class StandardController {
      * @param correlationId
      */
     createSilentIframeClient(correlationId) {
-        return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
+        return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForIframeResponse);
     }
     /**
      * Returns new instance of the Silent Cache Interaction Client
@@ -21616,7 +21673,7 @@ class BaseOperatingContext {
                 return;
         }
     }
-    constructor(config) {
+    constructor(config, responseHandlers) {
         /*
          * If loaded in an environment where window is not available,
          * set internal flag to false so that further requests fail.
@@ -21624,6 +21681,7 @@ class BaseOperatingContext {
          */
         this.browserEnvironment = typeof window !== "undefined";
         this.config = buildConfiguration(config, this.browserEnvironment);
+        this.responseHandlers = responseHandlers;
         let sessionStorage;
         try {
             sessionStorage = window[BrowserCacheLocation.SessionStorage];
@@ -21660,6 +21718,13 @@ class BaseOperatingContext {
     getConfig() {
         return this.config;
     }
+    /**
+     * Returns the internal response handlers supplied by PublicClientApplication, if any.
+     * @returns AuthResponseHandlers | undefined
+     */
+    getResponseHandlers() {
+        return this.responseHandlers;
+    }
     /**
      * Returns the MSAL Logger
      * @returns Logger
@@ -22024,7 +22089,48 @@ class PublicClientApplication {
     constructor(configuration, controller) {
         this.controller =
             controller ||
-                new StandardController(new StandardOperatingContext(configuration));
+                new StandardController(new StandardOperatingContext(configuration, {
+                    waitForPopupResponse: this.waitForPopupResponse.bind(this),
+                    waitForIframeResponse: this.waitForIframeResponse.bind(this),
+                }));
+    }
+    /**
+     * Waits for the auth response from a popup window opened by MSAL.
+     *
+     * The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
+     * Subclasses must return the raw response string (hash/query/fragment), or reject
+     * with an `AuthError` on failure.
+     *
+     * @internal
+     * @param request The in-flight authorization or end-session request.
+     * @param popupWindow The popup window opened by MSAL.
+     * @param popupWindowParent The parent window that opened the popup.
+     */
+    async waitForPopupResponse(request, 
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    popupWindow, 
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    popupWindowParent) {
+        const controller = this.controller;
+        return waitForBridgeResponse(controller.getConfiguration().system.popupBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient());
+    }
+    /**
+     * Waits for the auth response from a hidden iframe used by MSAL silent flows.
+     *
+     * The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
+     * Subclasses must return the raw response string (hash/query/fragment), or reject
+     * with an `AuthError` on failure.
+     *
+     * @internal
+     * @param iframe The hidden iframe MSAL attached to the document.
+     * @param request The in-flight authorization request.
+     */
+    async waitForIframeResponse(
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    iframe, request) {
+        const controller = this.controller;
+        const config = controller.getConfiguration();
+        return waitForBridgeResponse(config.system.iframeBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient(), config.experimental);
     }
     /**
      * Initializer function to perform async startup tasks such as connecting to WAM extension