npm - @openclaw/msteams - Versions diffs - 2026.6.5 → 2026.6.6-beta.1 - Mend

@openclaw/msteams 2026.6.5 → 2026.6.6-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1196) hide show

package/node_modules/@azure/msal-browser/lib/msal-browser.js CHANGED Viewed

@@ -1,4 +1,4 @@
-/*! @azure/msal-browser v5.11.0 2026-05-19 */
+/*! @azure/msal-browser v5.12.0 2026-06-05 */
 'use strict';
 (function (global, factory) {
     typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
@@ -6,7 +6,7 @@
     (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msal = {}));
 })(this, (function (exports) { 'use strict';
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -238,7 +238,7 @@
     // Token renewal offset default in seconds
     const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -290,7 +290,7 @@
     const RESOURCE = "resource";
     const CLI_DATA = "clidata";
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -321,7 +321,7 @@
         return new AuthError(code, additionalMessage || getDefaultErrorMessage$1(code));
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -341,7 +341,7 @@
         return new ClientConfigurationError(errorCode);
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -421,7 +421,7 @@
         }
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -444,7 +444,7 @@
         return new ClientAuthError(errorCode, additionalMessage);
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -502,7 +502,7 @@
         urlParseError: urlParseError
     });
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -590,7 +590,7 @@
         userCanceled: userCanceled
     });
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -785,7 +785,7 @@
         }
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1174,7 +1174,7 @@
         }
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1283,7 +1283,7 @@
         }
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1322,7 +1322,7 @@
         },
     };
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -1597,12 +1597,12 @@
         }
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /* eslint-disable header/header */
     const name$1 = "@azure/msal-common";
-    const version$1 = "16.6.2";
+    const version$1 = "16.7.0";
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -1622,7 +1622,7 @@
         AzureUsGovernment: "https://login.microsoftonline.us",
     };
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -1705,7 +1705,7 @@
         return updatedAccountInfo;
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1785,7 +1785,7 @@
         }
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1942,7 +1942,7 @@
         }
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2108,7 +2108,7 @@
         return null;
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -2116,7 +2116,7 @@
     const cacheQuotaExceeded = "cache_quota_exceeded";
     const cacheErrorUnknown = "cache_error_unknown";
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2154,7 +2154,7 @@
         }
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2192,7 +2192,7 @@
         };
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -2207,7 +2207,7 @@
         Ciam: 3,
     };
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -2229,7 +2229,7 @@
         return null;
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -2253,7 +2253,7 @@
         EAR: "EAR",
     };
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /**
      * Returns the AccountInfo interface for this account.
      */
@@ -2428,7 +2428,7 @@
             entity.hasOwnProperty("authorityType"));
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -2568,8 +2568,8 @@
                 return false;
             }
             if (!!tenantProfileFilter.username &&
-                !(this.matchUsername(tenantProfile.username, tenantProfileFilter.username) ||
-                    !this.matchUsername(tenantProfile.upn, tenantProfileFilter.username))) {
+                !this.matchUsername(tenantProfile.username, tenantProfileFilter.username) &&
+                !this.matchUsername(tenantProfile.upn, tenantProfileFilter.username)) {
                 return false;
             }
             if (!!tenantProfileFilter.loginHint &&
@@ -3560,7 +3560,7 @@
         }
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -3611,7 +3611,7 @@
         "redirectBridgeMessageVersion",
     ]);
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3666,7 +3666,7 @@
         }
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -3761,7 +3761,7 @@
         return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -3788,7 +3788,7 @@
         }
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -3853,7 +3853,7 @@
         return cachedAtSec > nowSeconds();
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4112,7 +4112,7 @@
         return metadata.expiresAt <= nowSeconds();
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -4183,7 +4183,7 @@
     const CacheManagerGetRefreshToken = "cacheManagerGetRefreshToken";
     const SetUserData = "setUserData";
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -4276,7 +4276,7 @@
         };
     };
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4356,7 +4356,7 @@
         }
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -4380,7 +4380,7 @@
      * MSAL-defined error code indicating UI/UX is not allowed (e.g., blocked by policy), requiring alternate interaction.
      * @public
      */
-    const uxNotAllowed = "ux_not_allowed";
+    const uiNotAllowed = "ui_not_allowed";
     /**
      * Server-originated error code indicating interaction is required to complete the request.
      * @public
@@ -4417,10 +4417,10 @@
         nativeAccountUnavailable: nativeAccountUnavailable,
         noTokensFound: noTokensFound,
         refreshTokenExpired: refreshTokenExpired,
-        uxNotAllowed: uxNotAllowed
+        uiNotAllowed: uiNotAllowed
     });
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4434,7 +4434,7 @@
         consentRequired,
         loginRequired,
         badToken,
-        uxNotAllowed,
+        uiNotAllowed,
         interruptedUser,
     ];
     const InteractionRequiredAuthSubErrorMessage = [
@@ -4444,7 +4444,7 @@
         "user_password_expired",
         "consent_required",
         "bad_token",
-        "ux_not_allowed",
+        "ui_not_allowed",
         "interrupted_user",
     ];
     /**
@@ -4488,7 +4488,7 @@
         return new InteractionRequiredAuthError(errorCode, errorMessage);
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4507,7 +4507,7 @@
         }
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4575,7 +4575,7 @@
         }
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4923,7 +4923,7 @@
         return baseAccount;
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -4933,7 +4933,7 @@
         UPN: "UPN",
     };
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -4951,7 +4951,7 @@
         }
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -4972,7 +4972,7 @@
         };
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5058,7 +5058,7 @@
         }
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5089,7 +5089,7 @@
         return new NetworkError(error, httpStatus, responseHeaders);
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5203,7 +5203,7 @@
         return response;
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -5215,7 +5215,7 @@
             response.hasOwnProperty("jwks_uri"));
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -5225,7 +5225,7 @@
             response.hasOwnProperty("metadata"));
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -5235,7 +5235,7 @@
             response.hasOwnProperty("error_description"));
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5340,7 +5340,7 @@
         },
     };
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5897,7 +5897,7 @@
                 }
             }
             // If cloudDiscoveryMetadata is empty or does not contain the host, check knownAuthorities
-            if (this.isInKnownAuthorities()) {
+            if (this.isInKnownAuthorities(this.hostnameAndPort)) {
                 this.logger.verbose("0mt9al", this.correlationId);
                 return Authority.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);
             }
@@ -5964,13 +5964,14 @@
             return match;
         }
         /**
-         * Helper function to determine if this host is included in the knownAuthorities config option
+         * Helper function to determine if a host is included in the knownAuthorities config option.
          */
-        isInKnownAuthorities() {
+        isInKnownAuthorities(host) {
+            const normalizedHost = host.toLowerCase();
             const matches = this.authorityOptions.knownAuthorities.filter((authority) => {
                 return (authority &&
                     UrlString.getDomainFromUrl(authority).toLowerCase() ===
-                        this.hostnameAndPort);
+                        normalizedHost);
             });
             return matches.length > 0;
         }
@@ -6047,6 +6048,10 @@
          *  4. Same as (2), but the issuer host matches the CIAM tenant pattern
          *     `{tenant}.ciamlogin.com` with an optional `/{tenant}[.onmicrosoft.com][/v2.0]`
          *     path.
+         *  5. The issuer host is HTTPS and is explicitly listed in the
+         *     developer-configured `knownAuthorities`. This covers scenarios where
+         *     the OIDC discovery document returns an issuer host that differs from
+         *     the authority (e.g., a GUID-based issuer for a name-based CIAM authority).
          *
          * @param issuer The `issuer` value returned in the OIDC discovery document.
          * @throws ClientConfigurationError("issuer_validation_failed") on failure.
@@ -6083,11 +6088,19 @@
              * have "{tenant}.ciamlogin.com" as the host, even when using a custom domain.
              */
             const matchesCiamTenantPattern = this.matchesCiamTenantPattern(issuerUrl, authorityHost, this.canonicalAuthorityUrlComponents.PathSegments);
+            /*
+             * Rule 5: The issuer host is explicitly listed in the developer-configured
+             * knownAuthorities. This covers scenarios where the OIDC discovery document
+             * returns an issuer with a different host than the authority
+             * (e.g., a GUID-based issuer for a name-based authority).
+             */
+            const matchesKnownAuthority = issuerScheme === "https:" && this.isInKnownAuthorities(issuerHost);
             // Each rule is an independent boolean; the issuer is valid if ANY rule matches.
             if (matchesAuthorityOrigin ||
                 matchesKnownMicrosoftHost ||
                 matchesRegionalMicrosoftHost ||
-                matchesCiamTenantPattern) {
+                matchesCiamTenantPattern ||
+                matchesKnownAuthority) {
                 return;
             }
             // issuer validation fails if none of the above rules are satisfied
@@ -6295,7 +6308,7 @@
         };
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6329,7 +6342,7 @@
         }
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6586,7 +6599,7 @@
         }
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6807,7 +6820,7 @@
         }
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6923,7 +6936,7 @@
         }
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -6938,7 +6951,7 @@
         },
     };
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7161,7 +7174,7 @@
         return account.loginHint || account.idTokenClaims?.login_hint || null;
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7194,7 +7207,7 @@
         return Object.prototype.hasOwnProperty.call(params, "resource");
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7252,7 +7265,7 @@
         }
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -7269,7 +7282,7 @@
         unexpectedError: unexpectedError
     });
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7530,7 +7543,7 @@
         }
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7551,7 +7564,7 @@
         return new JoseHeaderError(code);
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -7559,7 +7572,7 @@
     const missingKidError = "missing_kid_error";
     const missingAlgError = "missing_alg_error";
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -7599,7 +7612,7 @@
         }
     }
-    /*! @azure/msal-common v16.6.2 2026-05-19 */
+    /*! @azure/msal-common v16.7.0 2026-06-05 */
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -8394,6 +8407,43 @@
         return new BrowserAuthError(errorCode, subError);
     }
+    /*
+     * Copyright (c) Microsoft Corporation. All rights reserved.
+     * Licensed under the MIT License.
+     */
+    /**
+     * Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
+     * https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
+     */
+    /**
+     * Returns a URL-safe plaintext decoded string from b64 encoded input.
+     * @param input
+     */
+    function base64Decode(input) {
+        return new TextDecoder().decode(base64DecToArr(input));
+    }
+    /**
+     * Decodes base64 into Uint8Array
+     * @param base64String
+     */
+    function base64DecToArr(base64String) {
+        let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
+        switch (encodedString.length % 4) {
+            case 0:
+                break;
+            case 2:
+                encodedString += "==";
+                break;
+            case 3:
+                encodedString += "=";
+                break;
+            default:
+                throw createBrowserAuthError(invalidBase64String);
+        }
+        const binString = atob(encodedString);
+        return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
+    }
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -8653,43 +8703,6 @@
         return btoa(binString);
     }
-    /*
-     * Copyright (c) Microsoft Corporation. All rights reserved.
-     * Licensed under the MIT License.
-     */
-    /**
-     * Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:
-     * https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem
-     */
-    /**
-     * Returns a URL-safe plaintext decoded string from b64 encoded input.
-     * @param input
-     */
-    function base64Decode(input) {
-        return new TextDecoder().decode(base64DecToArr(input));
-    }
-    /**
-     * Decodes base64 into Uint8Array
-     * @param base64String
-     */
-    function base64DecToArr(base64String) {
-        let encodedString = base64String.replace(/-/g, "+").replace(/_/g, "/");
-        switch (encodedString.length % 4) {
-            case 0:
-                break;
-            case 2:
-                encodedString += "==";
-                break;
-            case 3:
-                encodedString += "=";
-                break;
-            default:
-                throw createBrowserAuthError(invalidBase64String);
-        }
-        const binString = atob(encodedString);
-        return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);
-    }
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
      * Licensed under the MIT License.
@@ -9108,6 +9121,16 @@
             contentWindow.history.replaceState(null, "", `${contentWindow.location.origin}${contentWindow.location.pathname}${contentWindow.location.search}`);
         }
     }
+    /**
+     * Strips both hash and query string from the given window's URL by replacing
+     * with origin + pathname only. Used to remove auth response parameters
+     * (auth code, state, etc.) before the window is closed or navigated away.
+     */
+    function clearAuthResponseFromUrl(contentWindow) {
+        if (typeof contentWindow.history?.replaceState === "function") {
+            contentWindow.history.replaceState(null, "", `${contentWindow.location.origin}${contentWindow.location.pathname}`);
+        }
+    }
     /**
      * Replaces current hash with hash from provided url
      */
@@ -9166,7 +9189,7 @@
             activeBridgeMonitor = null;
         }
     }
-    async function waitForBridgeResponse(timeoutMs, logger, browserCrypto, request, performanceClient, experimentalConfig) {
+    async function waitForBridgeResponse(timeoutMs, logger, request, performanceClient, experimentalConfig) {
         return new Promise((resolve, reject) => {
             logger.verbose("1rf6em", request.correlationId);
             const correlationId = request.correlationId;
@@ -9174,7 +9197,7 @@
                 redirectBridgeTimeoutMs: timeoutMs,
                 lateResponseExperimentEnabled: experimentalConfig?.iframeTimeoutTelemetry || false,
             }, correlationId);
-            const { libraryState } = parseRequestState(browserCrypto.base64Decode, request.state || "");
+            const { libraryState } = parseRequestState(base64Decode, request.state || "");
             const channel = new BroadcastChannel(libraryState.id);
             let responseString = undefined;
             let timedOut$1 = false;
@@ -9362,6 +9385,7 @@
         blockRedirectInIframe: blockRedirectInIframe,
         blockReloadInHiddenIframes: blockReloadInHiddenIframes,
         cancelPendingBridgeResponse: cancelPendingBridgeResponse,
+        clearAuthResponseFromUrl: clearAuthResponseFromUrl,
         clearHash: clearHash,
         createGuid: createGuid,
         getCurrentUri: getCurrentUri,
@@ -10536,7 +10560,7 @@
     /* eslint-disable header/header */
     const name = "@azure/msal-browser";
-    const version = "5.11.0";
+    const version = "5.12.0";
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -10643,6 +10667,7 @@
                 ? await this.browserStorage.decryptData(key, parsedValue, correlationId)
                 : parsedValue;
             if (!decryptedData || !isCredentialEntity(decryptedData)) {
+                this.browserStorage.removeItem(key);
                 this.performanceClient.incrementFields({ invalidCacheCount: 1 }, correlationId);
                 return null;
             }
@@ -10673,6 +10698,7 @@
                 const rawValue = this.browserStorage.getItem(accountKey);
                 const parsedValue = this.validateAndParseJson(rawValue || "");
                 if (!parsedValue) {
+                    this.browserStorage.removeItem(accountKey);
                     removeElementFromArray(accountKeysToCheck, accountKey);
                     continue;
                 }
@@ -10687,6 +10713,15 @@
                     await this.removeAccountOldSchema(accountKey, parsedValue, credentialSchema, correlationId);
                     removeElementFromArray(accountKeysToCheck, accountKey);
                 }
+                else if (isEncrypted(parsedValue)) {
+                    // Remove accounts encrypted with a different key (session cookie expired/changed)
+                    const decrypted = await this.browserStorage.decryptData(accountKey, parsedValue, correlationId);
+                    if (!decrypted) {
+                        this.browserStorage.removeItem(accountKey);
+                        this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
+                        removeElementFromArray(accountKeysToCheck, accountKey);
+                    }
+                }
             }
             this.setAccountKeys(accountKeysToCheck, correlationId, accountSchema);
         }
@@ -12630,7 +12665,7 @@
     const NO_NETWORK = "NO_NETWORK";
     const DISABLED = "DISABLED";
     const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
-    const UX_NOT_ALLOWED = "UX_NOT_ALLOWED";
+    const UI_NOT_ALLOWED = "UI_NOT_ALLOWED";
     /*
      * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -12685,8 +12720,8 @@
                     return createBrowserAuthError(userCancelled);
                 case NO_NETWORK:
                     return createBrowserAuthError(noNetworkConnectivity);
-                case UX_NOT_ALLOWED:
-                    return createInteractionRequiredAuthError(uxNotAllowed);
+                case UI_NOT_ALLOWED:
+                    return createInteractionRequiredAuthError(uiNotAllowed);
             }
         }
         return new NativeAuthError(code, description, ext);
@@ -12917,7 +12952,7 @@
                 noHistory: false,
             };
             const redirectUri = navigateToLoginRequestUrl
-                ? window.location.href
+                ? UrlString.getAbsoluteUrl(request.redirectStartPage || window.location.href, getCurrentUri())
                 : getRedirectUri(request.redirectUri, this.config.auth.redirectUri, this.logger, this.correlationId);
             rootMeasurement.end({ success: true });
             await this.navigationClient.navigateExternal(redirectUri, navigationOptions); // Need to treat this as external to ensure handleRedirectPromise is run again
@@ -14503,10 +14538,11 @@
      * Licensed under the MIT License.
      */
     class PopupClient extends StandardInteractionClient {
-        constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler) {
+        constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeStorageImpl, correlationId, platformAuthHandler, waitForPopupResponseHook) {
             super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthHandler);
             this.nativeStorage = nativeStorageImpl;
             this.eventHandler = eventHandler;
+            this.waitForPopupResponseHook = waitForPopupResponseHook;
         }
         /**
          * Acquires tokens by opening a popup window to the /authorize endpoint of the authority
@@ -14640,7 +14676,7 @@
                     const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
                     this.eventHandler.emitEvent(EventType.POPUP_OPENED, correlationId, exports.InteractionType.Popup, { popupWindow }, null);
                     // Wait for the redirect bridge response
-                    const responseString = await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
+                    const responseString = await this.waitForPopupResponse(request, popupWindow, popupParams.popupWindowParent);
                     const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
                     return await invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkce.verifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
                 }
@@ -14675,7 +14711,7 @@
             const form = await getEARForm(popupWindow.document, this.config, discoveredAuthority, popupRequest, this.logger, this.performanceClient);
             form.submit();
             // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
-            const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, popupRequest, this.performanceClient);
+            const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(popupRequest, popupWindow, popupParams.popupWindowParent);
             const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
             if (!serverParams.ear_jwe && serverParams.code) {
                 const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, correlationId)({
@@ -14700,7 +14736,7 @@
             const form = await getCodeForm(popupWindow.document, this.config, discoveredAuthority, request, this.logger, this.performanceClient);
             form.submit();
             // Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
-            const responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient);
+            const responseString = await invokeAsync(this.waitForPopupResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(request, popupWindow, popupParams.popupWindowParent);
             const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.responseMode, this.logger, this.correlationId);
             return invokeAsync(handleResponseCode, HandleResponseCode, this.logger, this.performanceClient, correlationId)(request, serverParams, pkceVerifier, ApiId.acquireTokenPopup, this.config, authClient, this.browserStorage, this.nativeStorage, this.eventHandler, this.logger, this.performanceClient, this.platformAuthProvider);
         }
@@ -14757,7 +14793,7 @@
                 // Open the popup window to requestUrl.
                 const popupWindow = this.openPopup(logoutUri, popupParams);
                 this.eventHandler.emitEvent(EventType.POPUP_OPENED, validRequest.correlationId, exports.InteractionType.Popup, { popupWindow }, null);
-                await waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, this.browserCrypto, validRequest, this.performanceClient).catch(() => {
+                await this.waitForPopupResponse(validRequest, popupWindow, popupParams.popupWindowParent).catch(() => {
                     // Swallow any errors related to monitoring the window. Server logout is best effort
                 });
                 if (mainWindowRedirectUri) {
@@ -14836,6 +14872,19 @@
                 if (!popupWindow) {
                     throw createBrowserAuthError(emptyWindowError);
                 }
+                try {
+                    popupWindow.document.title = "Microsoft Authentication";
+                }
+                catch (e) {
+                    if (typeof DOMException !== "undefined" &&
+                        e instanceof DOMException &&
+                        e.name === "SecurityError") {
+                        // Cross-origin - title cannot be set
+                    }
+                    else {
+                        this.logger.verbose("1s1yfs", this.correlationId);
+                    }
+                }
                 if (popupWindow.focus) {
                     popupWindow.focus();
                 }
@@ -14914,6 +14963,12 @@
             const homeAccountId = request.account && request.account.homeAccountId;
             return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${homeAccountId}.${this.correlationId}`;
         }
+        async waitForPopupResponse(request, popupWindow, popupWindowParent) {
+            if (this.waitForPopupResponseHook) {
+                return this.waitForPopupResponseHook(request, popupWindow, popupWindowParent);
+            }
+            return waitForBridgeResponse(this.config.system.popupBridgeTimeout, this.logger, request, this.performanceClient);
+        }
     }
     /*
@@ -15067,6 +15122,8 @@
          * @param options {HandleRedirectPromiseOptions} options for handling redirect promise
          */
         async handleRedirectPromise(request, pkceVerifier, parentMeasurement, options) {
+            const originalTitle = document.title;
+            document.title = "Microsoft Authentication";
             const serverTelemetryManager = initializeServerTelemetryManager(ApiId.handleRedirectPromise, this.config.auth.clientId, this.correlationId, this.browserStorage, this.logger);
             const navigateToLoginRequestUrl = options?.navigateToLoginRequestUrl ?? true;
             try {
@@ -15149,6 +15206,9 @@
                 }
                 throw e;
             }
+            finally {
+                document.title = originalTitle;
+            }
         }
         /**
          * Gets the response hash for a redirect request
@@ -15404,6 +15464,7 @@
     function createHiddenIframe() {
         const authFrame = document.createElement("iframe");
         authFrame.className = "msalSilentIframe";
+        authFrame.title = "Microsoft Authentication";
         authFrame.style.visibility = "hidden";
         authFrame.style.position = "absolute";
         authFrame.style.width = authFrame.style.height = "0";
@@ -15429,10 +15490,11 @@
      * Licensed under the MIT License.
      */
     class SilentIframeClient extends StandardInteractionClient {
-        constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider) {
+        constructor(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeStorageImpl, correlationId, platformAuthProvider, waitForIframeResponseHook) {
             super(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId, platformAuthProvider);
             this.apiId = apiId;
             this.nativeStorage = nativeStorageImpl;
+            this.waitForIframeResponseHook = waitForIframeResponseHook;
         }
         /**
          * Acquires a token silently by opening a hidden iframe to the /authorize endpoint with prompt=none or prompt=no_session
@@ -15521,7 +15583,7 @@
             const responseType = this.config.auth.OIDCOptions.responseMode;
             let responseString;
             try {
-                responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
+                responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
             }
             finally {
                 invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
@@ -15619,7 +15681,7 @@
             // Wait for response from the redirect bridge.
             let responseString;
             try {
-                responseString = await invokeAsync(waitForBridgeResponse, SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(this.config.system.iframeBridgeTimeout, this.logger, this.browserCrypto, request, this.performanceClient, this.config.experimental);
+                responseString = await invokeAsync(this.waitForIframeResponse.bind(this), SilentHandlerMonitorIframeForHash, this.logger, this.performanceClient, correlationId)(iframe, request);
             }
             finally {
                 invoke(removeHiddenIframe, RemoveHiddenIframe, this.logger, this.performanceClient, correlationId)(iframe);
@@ -15627,6 +15689,12 @@
             const serverParams = invoke(deserializeResponse, DeserializeResponse, this.logger, this.performanceClient, correlationId)(responseString, responseType, this.logger, this.correlationId);
             return { serverParams, pkceCodes, silentRequest };
         }
+        async waitForIframeResponse(iframe, request) {
+            if (this.waitForIframeResponseHook) {
+                return this.waitForIframeResponseHook(iframe, request);
+            }
+            return waitForBridgeResponse(this.config.system.iframeBridgeTimeout, this.logger, request, this.performanceClient, this.config.experimental);
+        }
     }
     /*
@@ -16840,7 +16908,7 @@
          * @param correlationId
          */
         createPopupClient(correlationId) {
-            return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
+            return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForPopupResponse);
         }
         /**
          * Returns new instance of the Redirect Interaction Client
@@ -16854,7 +16922,7 @@
          * @param correlationId
          */
         createSilentIframeClient(correlationId) {
-            return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider);
+            return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeInternalStorage, correlationId, this.platformAuthProvider, this.operatingContext.getResponseHandlers()?.waitForIframeResponse);
         }
         /**
          * Returns new instance of the Silent Cache Interaction Client
@@ -17328,7 +17396,7 @@
                     return;
             }
         }
-        constructor(config) {
+        constructor(config, responseHandlers) {
             /*
              * If loaded in an environment where window is not available,
              * set internal flag to false so that further requests fail.
@@ -17336,6 +17404,7 @@
              */
             this.browserEnvironment = typeof window !== "undefined";
             this.config = buildConfiguration(config, this.browserEnvironment);
+            this.responseHandlers = responseHandlers;
             let sessionStorage;
             try {
                 sessionStorage = window[BrowserCacheLocation.SessionStorage];
@@ -17372,6 +17441,13 @@
         getConfig() {
             return this.config;
         }
+        /**
+         * Returns the internal response handlers supplied by PublicClientApplication, if any.
+         * @returns AuthResponseHandlers | undefined
+         */
+        getResponseHandlers() {
+            return this.responseHandlers;
+        }
         /**
          * Returns the MSAL Logger
          * @returns Logger
@@ -18393,7 +18469,48 @@
         constructor(configuration, controller) {
             this.controller =
                 controller ||
-                    new StandardController(new StandardOperatingContext(configuration));
+                    new StandardController(new StandardOperatingContext(configuration, {
+                        waitForPopupResponse: this.waitForPopupResponse.bind(this),
+                        waitForIframeResponse: this.waitForIframeResponse.bind(this),
+                    }));
+        }
+        /**
+         * Waits for the auth response from a popup window opened by MSAL.
+         *
+         * The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
+         * Subclasses must return the raw response string (hash/query/fragment), or reject
+         * with an `AuthError` on failure.
+         *
+         * @internal
+         * @param request The in-flight authorization or end-session request.
+         * @param popupWindow The popup window opened by MSAL.
+         * @param popupWindowParent The parent window that opened the popup.
+         */
+        async waitForPopupResponse(request,
+        // eslint-disable-next-line @typescript-eslint/no-unused-vars
+        popupWindow,
+        // eslint-disable-next-line @typescript-eslint/no-unused-vars
+        popupWindowParent) {
+            const controller = this.controller;
+            return waitForBridgeResponse(controller.getConfiguration().system.popupBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient());
+        }
+        /**
+         * Waits for the auth response from a hidden iframe used by MSAL silent flows.
+         *
+         * The default implementation delegates to MSAL's `BroadcastChannel`-based bridge.
+         * Subclasses must return the raw response string (hash/query/fragment), or reject
+         * with an `AuthError` on failure.
+         *
+         * @internal
+         * @param iframe The hidden iframe MSAL attached to the document.
+         * @param request The in-flight authorization request.
+         */
+        async waitForIframeResponse(
+        // eslint-disable-next-line @typescript-eslint/no-unused-vars
+        iframe, request) {
+            const controller = this.controller;
+            const config = controller.getConfiguration();
+            return waitForBridgeResponse(config.system.iframeBridgeTimeout, controller.getLogger(), request, controller.getPerformanceClient(), config.experimental);
         }
         /**
          * Initializer function to perform async startup tasks such as connecting to WAM extension