@openclaw/msteams 2026.6.5 → 2026.6.6-beta.1

package/node_modules/@azure/msal-browser/lib/msal-browser.cjs

@@ -1,8 +1,8 @@
-/*! @azure/msal-browser v5.11.0 2026-05-19 */
+/*! @azure/msal-browser v5.12.0 2026-06-05 */
 'use strict';
 'use strict';
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -234,7 +234,7 @@ const JsonWebTokenTypes$1 = {
 // Token renewal offset default in seconds
 const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -286,7 +286,7 @@ const EAR_JWE_CRYPTO = "ear_jwe_crypto";
 const RESOURCE = "resource";
 const CLI_DATA = "clidata";
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -317,7 +317,7 @@ function createAuthError(code, additionalMessage) {
     return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -337,7 +337,7 @@ function createClientConfigurationError(errorCode) {
     return new ClientConfigurationError(errorCode);
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -417,7 +417,7 @@ class StringUtils {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -440,7 +440,7 @@ function createClientAuthError(errorCode, additionalMessage) {
     return new ClientAuthError(errorCode, additionalMessage);
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -498,7 +498,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
     urlParseError: urlParseError
 });
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -586,7 +586,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
     userCanceled: userCanceled
 });
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -781,7 +781,7 @@ class ScopeSet {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1170,7 +1170,7 @@ function addResource(parameters, resource) {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1279,7 +1279,7 @@ function normalizeUrlForComparison(url) {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1318,7 +1318,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
     },
 };
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -1593,12 +1593,12 @@ class Logger {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /* eslint-disable header/header */
 const name$1 = "@azure/msal-common";
-const version$1 = "16.6.2";
+const version$1 = "16.7.0";
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -1618,7 +1618,7 @@ const AzureCloudInstance = {
     AzureUsGovernment: "https://login.microsoftonline.us",
 };
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -1701,7 +1701,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
     return updatedAccountInfo;
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1781,7 +1781,7 @@ function checkMaxAge(authTime, maxAge) {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1938,7 +1938,7 @@ class UrlString {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2104,7 +2104,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
     return null;
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -2112,7 +2112,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
 const cacheQuotaExceeded = "cache_quota_exceeded";
 const cacheErrorUnknown = "cache_error_unknown";
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2150,7 +2150,7 @@ function createCacheError(e) {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2188,7 +2188,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
     };
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -2203,7 +2203,7 @@ const AuthorityType = {
     Ciam: 3,
 };
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -2225,7 +2225,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
     return null;
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -2249,7 +2249,7 @@ const ProtocolMode = {
     EAR: "EAR",
 };
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /**
  * Returns the AccountInfo interface for this account.
  */
@@ -2424,7 +2424,7 @@ function isAccountEntity(entity) {
         entity.hasOwnProperty("authorityType"));
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2564,8 +2564,8 @@ class CacheManager {
             return false;
         }
         if (!!tenantProfileFilter.username &&
-            !(this.matchUsername(tenantProfile.username, tenantProfileFilter.username) ||
-                !this.matchUsername(tenantProfile.upn, tenantProfileFilter.username))) {
+            !this.matchUsername(tenantProfile.username, tenantProfileFilter.username) &&
+            !this.matchUsername(tenantProfile.upn, tenantProfileFilter.username)) {
             return false;
         }
         if (!!tenantProfileFilter.loginHint &&
@@ -3556,7 +3556,7 @@ class DefaultStorageClass extends CacheManager {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -3607,7 +3607,7 @@ const IntFields = new Set([
     "redirectBridgeMessageVersion",
 ]);
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3662,7 +3662,7 @@ class StubPerformanceClient {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3757,7 +3757,7 @@ function isOidcProtocolMode(config) {
     return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -3784,7 +3784,7 @@ function isOidcProtocolMode(config) {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -3849,7 +3849,7 @@ function wasClockTurnedBack(cachedAt) {
     return cachedAtSec > nowSeconds();
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4108,7 +4108,7 @@ function isAuthorityMetadataExpired(metadata) {
     return metadata.expiresAt <= nowSeconds();
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -4179,7 +4179,7 @@ const RegionDiscoveryGetCurrentVersion = "regionDiscoveryGetCurrentVersion";
 const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
 const SetUserData = "setUserData";
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -4272,7 +4272,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
     };
 };
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4352,7 +4352,7 @@ class PopTokenGenerator {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -4376,7 +4376,7 @@ const refreshTokenExpired = "refresh_token_expired";
  * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
  * @public
  */
-const uxNotAllowed = "ux_not_allowed";
+const uiNotAllowed = "ui_not_allowed";
 /**
  * Server-originated error code indicating interaction is required to complete the request.
  * @public
@@ -4413,10 +4413,10 @@ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
     nativeAccountUnavailable: nativeAccountUnavailable,
     noTokensFound: noTokensFound,
     refreshTokenExpired: refreshTokenExpired,
-    uxNotAllowed: uxNotAllowed
+    uiNotAllowed: uiNotAllowed
 });
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4430,7 +4430,7 @@ const InteractionRequiredServerErrorMessage = [
     consentRequired,
     loginRequired,
     badToken,
-    uxNotAllowed,
+    uiNotAllowed,
     interruptedUser,
 ];
 const InteractionRequiredAuthSubErrorMessage = [
@@ -4440,7 +4440,7 @@ const InteractionRequiredAuthSubErrorMessage = [
     "user_password_expired",
     "consent_required",
     "bad_token",
-    "ux_not_allowed",
+    "ui_not_allowed",
     "interrupted_user",
 ];
 /**
@@ -4484,7 +4484,7 @@ function createInteractionRequiredAuthError(errorCode, errorMessage) {
     return new InteractionRequiredAuthError(errorCode, errorMessage);
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4503,7 +4503,7 @@ class ServerError extends AuthError {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4571,7 +4571,7 @@ function parseRequestState(base64Decode, state) {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4919,7 +4919,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
     return baseAccount;
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -4929,7 +4929,7 @@ const CcsCredentialType = {
     UPN: "UPN",
 };
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -4947,7 +4947,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -4968,7 +4968,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
     };
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5054,7 +5054,7 @@ class ThrottlingUtils {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5085,7 +5085,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
     return new NetworkError(error, httpStatus, responseHeaders);
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5199,7 +5199,7 @@ async function sendPostRequest(thumbprint, tokenEndpoint, options, correlationId
     return response;
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -5211,7 +5211,7 @@ function isOpenIdConfigResponse(response) {
         response.hasOwnProperty("jwks_uri"));
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -5221,7 +5221,7 @@ function isCloudInstanceDiscoveryResponse(response) {
         response.hasOwnProperty("metadata"));
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -5231,7 +5231,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
         response.hasOwnProperty("error_description"));
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5336,7 +5336,7 @@ RegionDiscovery.IMDS_OPTIONS = {
     },
 };
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5893,7 +5893,7 @@ class Authority {
             }
         }
         // If cloudDiscoveryMetadata is empty or does not contain the host, check knownAuthorities
-        if (this.isInKnownAuthorities()) {
+        if (this.isInKnownAuthorities(this.hostnameAndPort)) {
             this.logger.verbose("0mt9al", this.correlationId);
             return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);
         }
@@ -5960,13 +5960,14 @@ class Authority {
         return match;
     }
     /**
-     * Helper function to determine if this host is included in the knownAuthorities config option
+     * Helper function to determine if a host is included in the knownAuthorities config option.
      */
-    isInKnownAuthorities() {
+    isInKnownAuthorities(host) {
+        const normalizedHost = host.toLowerCase();
         const matches = this.authorityOptions.knownAuthorities.filter((authority) => {
             return (authority &&
                 UrlString.getDomainFromUrl(authority).toLowerCase() ===
-                    this.hostnameAndPort);
+                    normalizedHost);
         });
         return matches.length > 0;
     }
@@ -6043,6 +6044,10 @@ class Authority {
      *  4. Same as (2), but the issuer host matches the CIAM tenant pattern
      *     `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
      *     path.
+     *  5. The issuer host is HTTPS and is explicitly listed in the
+     *     developer-configured `knownAuthorities`. This covers scenarios where
+     *     the OIDC discovery document returns an issuer host that differs from
+     *     the authority (e.g., a GUID-based issuer for a name-based CIAM authority).
      *
      * @param issuer The `issuer` value returned in the OIDC discovery document.
      * @throws ClientConfigurationError("issuer_validation_failed") on failure.
@@ -6079,11 +6084,19 @@ class Authority {
          * have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
          */
         const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
+        /*
+         * Rule 5: The issuer host is explicitly listed in the developer-configured
+         * knownAuthorities. This covers scenarios where the OIDC discovery document
+         * returns an issuer with a different host than the authority
+         * (e.g., a GUID-based issuer for a name-based authority).
+         */
+        const matchesKnownAuthority = issuerScheme === "https:" && this.isInKnownAuthorities(issuerHost);
         // Each rule is an independent boolean; the issuer is valid if ANY rule matches.
         if (matchesAuthorityOrigin ||
             matchesKnownMicrosoftHost ||
             matchesRegionalMicrosoftHost ||
-            matchesCiamTenantPattern) {
+            matchesCiamTenantPattern ||
+            matchesKnownAuthority) {
             return;
         }
         // issuer validation fails if none of the above rules are satisfied
@@ -6291,7 +6304,7 @@ function buildStaticAuthorityOptions(authOptions) {
     };
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6325,7 +6338,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6582,7 +6595,7 @@ class AuthorizationCodeClient {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6803,7 +6816,7 @@ class RefreshTokenClient {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6919,7 +6932,7 @@ class SilentFlowClient {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6934,7 +6947,7 @@ const StubbedNetworkModule = {
     },
 };
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7157,7 +7170,7 @@ function extractLoginHint(account) {
     return account.loginHint || account.idTokenClaims?.login_hint || null;
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7190,7 +7203,7 @@ function containsResourceParam(params) {
     return Object.prototype.hasOwnProperty.call(params, "resource");
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7248,7 +7261,7 @@ class AuthenticationHeaderParser {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -7265,7 +7278,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
     unexpectedError: unexpectedError
 });
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7526,7 +7539,7 @@ class ServerTelemetryManager {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7547,7 +7560,7 @@ function createJoseHeaderError(code) {
     return new JoseHeaderError(code);
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -7555,7 +7568,7 @@ function createJoseHeaderError(code) {
 const missingKidError = "missing_kid_error";
 const missingAlgError = "missing_alg_error";
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7595,7 +7608,7 @@ class JoseHeader {
     }
 }
 
-/*! @azure/msal-common v16.6.2 2026-05-19 */
+/*! @azure/msal-common v16.7.0 2026-06-05 */
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8390,6 +8403,43 @@ function createBrowserAuthError(errorCode, subError) {
     return new BrowserAuthError(errorCode, subError);
 }
 
+/*
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+/**
+ * Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
+ * https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
+ */
+/**
+ * Returns a URL-safe plaintext decoded string from b64 encoded input.
+ * @param input
+ */
+function base64Decode(input) {
+    return new TextDecoder().decode(base64DecToArr(input));
+}
+/**
+ * Decodes base64 into Uint8Array
+ * @param base64String
+ */
+function base64DecToArr(base64String) {
+    let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
+    switch (encodedString.length % 4) {
+        case 0:
+            break;
+        case 2:
+            encodedString += "==";
+            break;
+        case 3:
+            encodedString += "=";
+            break;
+        default:
+            throw createBrowserAuthError(invalidBase64String);
+    }
+    const binString = atob(encodedString);
+    return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
+}
+
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -8649,43 +8699,6 @@ function base64EncArr(aBytes) {
     return btoa(binString);
 }
 
-/*
- * Copyright (c) Microsoft Corporation. All rights reserved.
- * Licensed under the MIT License.
- */
-/**
- * Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
- * https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
- */
-/**
- * Returns a URL-safe plaintext decoded string from b64 encoded input.
- * @param input
- */
-function base64Decode(input) {
-    return new TextDecoder().decode(base64DecToArr(input));
-}
-/**
- * Decodes base64 into Uint8Array
- * @param base64String
- */
-function base64DecToArr(base64String) {
-    let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
-    switch (encodedString.length % 4) {
-        case 0:
-            break;
-        case 2:
-            encodedString += "==";
-            break;
-        case 3:
-            encodedString += "=";
-            break;
-        default:
-            throw createBrowserAuthError(invalidBase64String);
-    }
-    const binString = atob(encodedString);
-    return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
-}
-
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
@@ -9104,6 +9117,16 @@ function clearHash(contentWindow) {
         contentWindow.history.replaceState(null, "", `${contentWindow.location.origin}${contentWindow.location.pathname}${contentWindow.location.search}`);
     }
 }
+/**
+ * Strips both hash and query string from the given window's URL by replacing
+ * with origin + pathname only. Used to remove auth response parameters
+ * (auth code, state, etc.) before the window is closed or navigated away.
+ */
+function clearAuthResponseFromUrl(contentWindow) {
+    if (typeof contentWindow.history?.replaceState === "function") {
+        contentWindow.history.replaceState(null, "", `${contentWindow.location.origin}${contentWindow.location.pathname}`);
+    }
+}
 /**
  * Replaces current hash with hash from provided url
  */
@@ -9162,7 +9185,7 @@ function cancelPendingBridgeResponse(logger, correlationId) {
         activeBridgeMonitor = null;
     }
 }
-async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient, experimentalConfig) {
+async function waitForBridgeResponse(timeoutMs, logger, request, performanceClient, experimentalConfig) {
     return new Promise((resolve, reject) => {
         logger.verbose("1rf6em", request.correlationId);
         const correlationId = request.correlationId;
@@ -9170,7 +9193,7 @@ async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request,
             redirectBridgeTimeoutMs: timeoutMs,
             lateResponseExperimentEnabled: experimentalConfig?.iframeTimeoutTelemetry || false,
         }, correlationId);
-        const { libraryState } = parseRequestState(browserCrypto.base64Decode, request.state || "");
+        const { libraryState } = parseRequestState(base64Decode, request.state || "");
         const channel = new BroadcastChannel(libraryState.id);
         let responseString = undefined;
         let timedOut$1 = false;
@@ -9358,6 +9381,7 @@ var BrowserUtils = /*#__PURE__*/Object.freeze({
     blockRedirectInIframe: blockRedirectInIframe,
     blockReloadInHiddenIframes: blockReloadInHiddenIframes,
     cancelPendingBridgeResponse: cancelPendingBridgeResponse,
+    clearAuthResponseFromUrl: clearAuthResponseFromUrl,
     clearHash: clearHash,
     createGuid: createGuid,
     getCurrentUri: getCurrentUri,
@@ -10532,7 +10556,7 @@ const EventType = {
 
 /* eslint-disable header/header */
 const name = "@azure/msal-browser";
-const version = "5.11.0";
+const version = "5.12.0";
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -10639,6 +10663,7 @@ class BrowserCacheManager extends CacheManager {
             ? await this.browserStorage.decryptData(key, parsedValue, correlationId)
             : parsedValue;
         if (!decryptedData || !isCredentialEntity(decryptedData)) {
+            this.browserStorage.removeItem(key);
             this.performanceClient.incrementFields({ invalidCacheCount: 1 }, correlationId);
             return null;
         }
@@ -10669,6 +10694,7 @@ class BrowserCacheManager extends CacheManager {
             const rawValue = this.browserStorage.getItem(accountKey);
             const parsedValue = this.validateAndParseJson(rawValue || "");
             if (!parsedValue) {
+                this.browserStorage.removeItem(accountKey);
                 removeElementFromArray(accountKeysToCheck, accountKey);
                 continue;
             }
@@ -10683,6 +10709,15 @@ class BrowserCacheManager extends CacheManager {
                 await this.removeAccountOldSchema(accountKey, parsedValue, credentialSchema, correlationId);
                 removeElementFromArray(accountKeysToCheck, accountKey);
             }
+            else if (isEncrypted(parsedValue)) {
+                // Remove accounts encrypted with a different key (session cookie expired/changed)
+                const decrypted = await this.browserStorage.decryptData(accountKey, parsedValue, correlationId);
+                if (!decrypted) {
+                    this.browserStorage.removeItem(accountKey);
+                    this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
+                    removeElementFromArray(accountKeysToCheck, accountKey);
+                }
+            }
         }
         this.setAccountKeys(accountKeysToCheck, correlationId, accountSchema);
     }
@@ -12626,7 +12661,7 @@ const USER_CANCEL = "USER_CANCEL";
 const NO_NETWORK = "NO_NETWORK";
 const DISABLED = "DISABLED";
 const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
-const UX_NOT_ALLOWED = "UX_NOT_ALLOWED";
+const UI_NOT_ALLOWED = "UI_NOT_ALLOWED";
 
 /*
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -12681,8 +12716,8 @@ function createNativeAuthError(code, description, ext) {
                 return createBrowserAuthError(userCancelled);
             case NO_NETWORK:
                 return createBrowserAuthError(noNetworkConnectivity);
-            case UX_NOT_ALLOWED:
-                return createInteractionRequiredAuthError(uxNotAllowed);
+            case UI_NOT_ALLOWED:
+                return createInteractionRequiredAuthError(uiNotAllowed);
         }
     }
     return new NativeAuthError(code, description, ext);
@@ -12913,7 +12948,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
             noHistory: false,
         };
         const redirectUri = navigateToLoginRequestUrl
-            ? window.location.href
+            ? UrlString.getAbsoluteUrl(request.redirectStartPage || window.location.href, getCurrentUri())
             : getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
         rootMeasurement.end({ success: true });
         await this.navigationClient.navigateExternal(redirectUri, navigationOptions); // Need to treat this as external to ensure handleRedirectPromise is run again
@@ -14499,10 +14534,11 @@ function isPlatformAuthAllowed(config, logger, correlationId, platformAuthProvid
  * Licensed under the MIT License.
  */
 class PopupClient extends StandardInteractionClient {
-    constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler) {
+    constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler, waitForPopupResponseHook) {
         super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthHandler);
         this.nativeStorage = nativeStorageImpl;
         this.eventHandler = eventHandler;
+        this.waitForPopupResponseHook = waitForPopupResponseHook;
     }
     /**
      * Acquires tokens by opening a popup window to the /authorize endpoint of the authority
@@ -14636,7 +14672,7 @@ class PopupClient extends StandardInteractionClient {
                 const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
                 this.eventHandler.emitEvent(EventType.POPUP_OPENED, correlationId, exports.InteractionType.Popup, { popupWindow }, null);
                 // Wait for the redirect bridge response
-                const responseString = await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
+                const responseString = await this.waitForPopupResponse(request, popupWindow, popupParams.popupWindowParent);
                 const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
                 return await invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
             }
@@ -14671,7 +14707,7 @@ class PopupClient extends StandardInteractionClient {
         const form = await getEARForm(popupWindow.document, this.config, discoveredAuthority, popupRequest, this.logger, this.performanceClient);
         form.submit();
         // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
-        const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, popupRequest, this.performanceClient);
+        const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(popupRequest, popupWindow, popupParams.popupWindowParent);
         const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
         if (!serverParams.ear_jwe && serverParams.code) {
             const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
@@ -14696,7 +14732,7 @@ class PopupClient extends StandardInteractionClient {
         const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
         form.submit();
         // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
-        const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
+        const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(request, popupWindow, popupParams.popupWindowParent);
         const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
         return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
     }
@@ -14753,7 +14789,7 @@ class PopupClient extends StandardInteractionClient {
             // Open the popup window to requestUrl.
             const popupWindow = this.openPopup(logoutUri, popupParams);
             this.eventHandler.emitEvent(EventType.POPUP_OPENED, validRequest.correlationId, exports.InteractionType.Popup, { popupWindow }, null);
-            await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, validRequest, this.performanceClient).catch(() => {
+            await this.waitForPopupResponse(validRequest, popupWindow, popupParams.popupWindowParent).catch(() => {
                 // Swallow any errors related to monitoring the window. Server logout is best effort
             });
             if (mainWindowRedirectUri) {
@@ -14832,6 +14868,19 @@ class PopupClient extends StandardInteractionClient {
             if (!popupWindow) {
                 throw createBrowserAuthError(emptyWindowError);
             }
+            try {
+                popupWindow.document.title = "Microsoft Authentication";
+            }
+            catch (e) {
+                if (typeof DOMException !== "undefined" &&
+                    e instanceof DOMException &&
+                    e.name === "SecurityError") {
+                    // Cross-origin - title cannot be set
+                }
+                else {
+                    this.logger.verbose("1s1yfs", this.correlationId);
+                }
+            }
             if (popupWindow.focus) {
                 popupWindow.focus();
             }
@@ -14910,6 +14959,12 @@ class PopupClient extends StandardInteractionClient {
         const homeAccountId = request.account && request.account.homeAccountId;
         return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${homeAccountId}.${this.correlationId}`;
     }
+    async waitForPopupResponse(request, popupWindow, popupWindowParent) {
+        if (this.waitForPopupResponseHook) {
+            return this.waitForPopupResponseHook(request, popupWindow, popupWindowParent);
+        }
+        return waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, request, this.performanceClient);
+    }
 }
 
 /*
@@ -15063,6 +15118,8 @@ class RedirectClient extends StandardInteractionClient {
      * @param options {HandleRedirectPromiseOptions} options for handling redirect promise
      */
     async handleRedirectPromise(request, pkceVerifier, parentMeasurement, options) {
+        const originalTitle = document.title;
+        document.title = "Microsoft Authentication";
         const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
         const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
         try {
@@ -15145,6 +15202,9 @@ class RedirectClient extends StandardInteractionClient {
             }
             throw e;
         }
+        finally {
+            document.title = originalTitle;
+        }
     }
     /**
      * Gets the response hash for a redirect request
@@ -15400,6 +15460,7 @@ function loadFrameSync(urlNavigate) {
 function createHiddenIframe() {
     const authFrame = document.createElement("iframe");
     authFrame.className = "msalSilentIframe";
+    authFrame.title = "Microsoft Authentication";
     authFrame.style.visibility = "hidden";
     authFrame.style.position = "absolute";
     authFrame.style.width = authFrame.style.height = "0";
@@ -15425,10 +15486,11 @@ function removeHiddenIframe(iframe) {
  * Licensed under the MIT License.
  */
 class SilentIframeClient extends StandardInteractionClient {
-    constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider) {
+    constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider, waitForIframeResponseHook) {
         super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthProvider);
         this.apiId = apiId;
         this.nativeStorage = nativeStorageImpl;
+        this.waitForIframeResponseHook = waitForIframeResponseHook;
     }
     /**
      * Acquires a token silently by opening a hidden iframe to the /authorize endpoint with prompt=none or prompt=no_session
@@ -15517,7 +15579,7 @@ class SilentIframeClient extends StandardInteractionClient {
         const responseType = this.config.auth.OIDCOptions.responseMode;
         let responseString;
         try {
-            responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
+            responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
         }
         finally {
             invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
@@ -15615,7 +15677,7 @@ class SilentIframeClient extends StandardInteractionClient {
         // Wait for response from the redirect bridge.
         let responseString;
         try {
-            responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
+            responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
         }
         finally {
             invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
@@ -15623,6 +15685,12 @@ class SilentIframeClient extends StandardInteractionClient {
         const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
         return { serverParams, pkceCodes, silentRequest };
     }
+    async waitForIframeResponse(iframe, request) {
+        if (this.waitForIframeResponseHook) {
+            return this.waitForIframeResponseHook(iframe, request);
+        }
+        return waitForBridgeResponse(this.config.system.iframeBridgeTimeout, this.logger, request, this.performanceClient, this.config.experimental);
+    }
 }
 
 /*
@@ -16836,7 +16904,7 @@ class StandardController {
      * @param correlationId
      */
     createPopupClient(correlationId) {
-        return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
+        return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForPopupResponse);
     }
     /**
      * Returns new instance of the Redirect Interaction Client
@@ -16850,7 +16918,7 @@ class StandardController {
      * @param correlationId
      */
     createSilentIframeClient(correlationId) {
-        return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
+        return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForIframeResponse);
     }
     /**
      * Returns new instance of the Silent Cache Interaction Client
@@ -17324,7 +17392,7 @@ class BaseOperatingContext {
                 return;
         }
     }
-    constructor(config) {
+    constructor(config, responseHandlers) {
         /*
          * If loaded in an environment where window is not available,
          * set internal flag to false so that further requests fail.
@@ -17332,6 +17400,7 @@ class BaseOperatingContext {
          */
         this.browserEnvironment = typeof window !== "undefined";
         this.config = buildConfiguration(config, this.browserEnvironment);
+        this.responseHandlers = responseHandlers;
         let sessionStorage;
         try {
             sessionStorage = window[BrowserCacheLocation.SessionStorage];
@@ -17368,6 +17437,13 @@ class BaseOperatingContext {
     getConfig() {
         return this.config;
     }
+    /**
+     * Returns the internal response handlers supplied by PublicClientApplication, if any.
+     * @returns AuthResponseHandlers | undefined
+     */
+    getResponseHandlers() {
+        return this.responseHandlers;
+    }
     /**
      * Returns the MSAL Logger
      * @returns Logger
@@ -18389,7 +18465,48 @@ class PublicClientApplication {
     constructor(configuration, controller) {
         this.controller =
             controller ||
-                new StandardController(new StandardOperatingContext(configuration));
+                new StandardController(new StandardOperatingContext(configuration, {
+                    waitForPopupResponse: this.waitForPopupResponse.bind(this),
+                    waitForIframeResponse: this.waitForIframeResponse.bind(this),
+                }));
+    }
+    /**
+     * Waits for the auth response from a popup window opened by MSAL.
+     *
+     * The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
+     * Subclasses must return the raw response string (hash/query/fragment), or reject
+     * with an `AuthError` on failure.
+     *
+     * @internal
+     * @param request The in-flight authorization or end-session request.
+     * @param popupWindow The popup window opened by MSAL.
+     * @param popupWindowParent The parent window that opened the popup.
+     */
+    async waitForPopupResponse(request, 
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    popupWindow, 
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    popupWindowParent) {
+        const controller = this.controller;
+        return waitForBridgeResponse(controller.getConfiguration().system.popupBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient());
+    }
+    /**
+     * Waits for the auth response from a hidden iframe used by MSAL silent flows.
+     *
+     * The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
+     * Subclasses must return the raw response string (hash/query/fragment), or reject
+     * with an `AuthError` on failure.
+     *
+     * @internal
+     * @param iframe The hidden iframe MSAL attached to the document.
+     * @param request The in-flight authorization request.
+     */
+    async waitForIframeResponse(
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    iframe, request) {
+        const controller = this.controller;
+        const config = controller.getConfiguration();
+        return waitForBridgeResponse(config.system.iframeBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient(), config.experimental);
     }
     /**
      * Initializer function to perform async startup tasks such as connecting to WAM extension