@azure/msal-browser - npm Package Compare versions

Comparing version 2.23.0 to 2.24.0-beta.0

dist/_virtual/_tslib.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ /*! *****************************************************************************

dist/app/ClientApplication.d.ts

 import { AccountInfo, INetworkModule, AuthenticationResult, Logger, CommonSilentFlowRequest, ICrypto, PerformanceCallbackFunction, IPerformanceClient, BaseAuthRequest } from "@azure/msal-common";
 import { BrowserCacheManager } from "../cache/BrowserCacheManager";
 import { BrowserConfiguration, Configuration } from "../config/Configuration";
-import { InteractionType, WrapperSKU } from "../utils/BrowserConstants";
+import { InteractionType, ApiId, WrapperSKU } from "../utils/BrowserConstants";
 import { RedirectRequest } from "../request/RedirectRequest";
@@ -13,3 +13,11 @@ import { PopupRequest } from "../request/PopupRequest";
 import { EventHandler } from "../event/EventHandler";
+import { PopupClient } from "../interaction_client/PopupClient";
+import { RedirectClient } from "../interaction_client/RedirectClient";
+import { SilentIframeClient } from "../interaction_client/SilentIframeClient";
+import { SilentRefreshClient } from "../interaction_client/SilentRefreshClient";
 import { ITokenCache } from "../cache/ITokenCache";
+import { NativeMessageHandler } from "../broker/nativeBroker/NativeMessageHandler";
+import { SilentRequest } from "../request/SilentRequest";
+import { SilentCacheClient } from "../interaction_client/SilentCacheClient";
+import { SilentAuthCodeClient } from "../interaction_client/SilentAuthCodeClient";
 import { AuthorizationCodeRequest } from "../request/AuthorizationCodeRequest";
@@ -27,4 +35,6 @@ export declare abstract class ClientApplication {
     protected redirectResponse: Map<string, Promise<AuthenticationResult | null>>;
+    protected nativeExtensionProvider: NativeMessageHandler | undefined;
     private hybridAuthCodeResponses;
     protected performanceClient: IPerformanceClient;
+    protected initialized: boolean;
     /**
@@ -53,2 +63,6 @@ * @constructor
     /**
+     * Initializer function to perform async startup tasks such as connecting to WAM extension
+     */
+    initialize(): Promise<void>;
+    /**
      * Event handler function which allows users to fire events after the PublicClientApplication object
@@ -194,2 +208,45 @@ * has loaded during redirect flows. This should be invoked on all page loads involved in redirect
     /**
+     * Acquire a token from native device (e.g. WAM)
+     * @param request
+     */
+    protected acquireTokenNative(request: PopupRequest | SilentRequest | SsoSilentRequest, apiId: ApiId, accountId?: string): Promise<AuthenticationResult>;
+    /**
+     * Returns boolean indicating if this request can use the native broker
+     * @param request
+     */
+    protected canUseNative(request: RedirectRequest | PopupRequest | SsoSilentRequest, accountId?: string): boolean;
+    /**
+     * Get the native accountId from the account
+     * @param request
+     * @returns
+     */
+    protected getNativeAccountId(request: RedirectRequest | PopupRequest | SsoSilentRequest): string;
+    /**
+     * Returns new instance of the Popup Interaction Client
+     * @param correlationId
+     */
+    protected createPopupClient(correlationId?: string): PopupClient;
+    /**
+     * Returns new instance of the Popup Interaction Client
+     * @param correlationId
+     */
+    protected createRedirectClient(correlationId?: string): RedirectClient;
+    /**
+     * Returns new instance of the Silent Iframe Interaction Client
+     * @param correlationId
+     */
+    protected createSilentIframeClient(correlationId?: string): SilentIframeClient;
+    /**
+     * Returns new instance of the Silent Cache Interaction Client
+     */
+    protected createSilentCacheClient(correlationId?: string): SilentCacheClient;
+    /**
+     * Returns new instance of the Silent Refresh Interaction Client
+     */
+    protected createSilentRefreshClient(correlationId?: string): SilentRefreshClient;
+    /**
+     * Returns new instance of the Silent AuthCode Interaction Client
+     */
+    protected createSilentAuthCodeClient(correlationId?: string): SilentAuthCodeClient;
+    /**
      * Adds event callbacks to array
@@ -196,0 +253,0 @@ * @param callback

dist/app/ClientApplication.js

@@ -1,9 +0,9 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
 import { __awaiter, __generator, __assign } from '../_virtual/_tslib.js';
 import { CryptoOps } from '../crypto/CryptoOps.js';
-import { Constants, PerformanceEvents, StringUtils, Logger, StubPerformanceClient, DEFAULT_CRYPTO_IMPLEMENTATION, ServerError, InteractionRequiredAuthError } from '@azure/msal-common';
+import { Constants, PerformanceEvents, PromptValue, StringUtils, Logger, StubPerformanceClient, DEFAULT_CRYPTO_IMPLEMENTATION, ServerError, InteractionRequiredAuthError } from '@azure/msal-common';
 import { BrowserCacheManager, DEFAULT_BROWSER_CACHE_MANAGER } from '../cache/BrowserCacheManager.js';
 import { buildConfiguration } from '../config/Configuration.js';
-import { InteractionType, TemporaryCacheKeys, ApiId, BrowserCacheLocation, BrowserConstants } from '../utils/BrowserConstants.js';
+import { InteractionType, ApiId, TemporaryCacheKeys, BrowserCacheLocation, BrowserConstants } from '../utils/BrowserConstants.js';
 import { BrowserUtils } from '../utils/BrowserUtils.js';
@@ -19,2 +19,6 @@ import { name, version } from '../packageMetadata.js';
 import { TokenCache } from '../cache/TokenCache.js';
+import { NativeInteractionClient } from '../interaction_client/NativeInteractionClient.js';
+import { NativeMessageHandler } from '../broker/nativeBroker/NativeMessageHandler.js';
+import { NativeAuthError } from '../error/NativeAuthError.js';
+import { SilentCacheClient } from '../interaction_client/SilentCacheClient.js';
 import { SilentAuthCodeClient } from '../interaction_client/SilentAuthCodeClient.js';
@@ -59,2 +63,3 @@ import { BrowserAuthError } from '../error/BrowserAuthError.js';
         this.config = buildConfiguration(configuration, this.isBrowserEnvironment);
+        this.initialized = false;
         // Initialize logger
@@ -84,2 +89,38 @@ this.logger = new Logger(this.config.system.loggerOptions, name, version);
     }
+    /**
+     * Initializer function to perform async startup tasks such as connecting to WAM extension
+     */
+    ClientApplication.prototype.initialize = function () {
+        return __awaiter(this, void 0, void 0, function () {
+            var _a, e_1;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
+                    case 0:
+                        this.logger.trace("initialize called");
+                        if (this.initialized) {
+                            this.logger.warning("initialize has already been called. This function only needs to be run once.");
+                            return [2 /*return*/];
+                        }
+                        this.eventHandler.emitEvent(EventType.INITIALIZE_START);
+                        if (!this.config.system.allowNativeBroker) return [3 /*break*/, 4];
+                        _b.label = 1;
+                    case 1:
+                        _b.trys.push([1, 3, , 4]);
+                        _a = this;
+                        return [4 /*yield*/, NativeMessageHandler.createProvider(this.logger, this.config.system.nativeBrokerHandshakeTimeout)];
+                    case 2:
+                        _a.nativeExtensionProvider = _b.sent();
+                        return [3 /*break*/, 4];
+                    case 3:
+                        e_1 = _b.sent();
+                        this.logger.verbose(e_1);
+                        return [3 /*break*/, 4];
+                    case 4:
+                        this.initialized = true;
+                        this.eventHandler.emitEvent(EventType.INITIALIZE_END);
+                        return [2 /*return*/];
+                }
+            });
+        });
+    };
     // #region Redirect Flow
@@ -95,6 +136,8 @@ /**
         return __awaiter(this, void 0, void 0, function () {
-            var loggedInAccounts, redirectResponseKey, response, correlationId, redirectClient;
+            var loggedInAccounts, redirectResponseKey, response, request, redirectResponse, nativeClient, correlationId, redirectClient;
             var _this = this;
             return __generator(this, function (_a) {
                 this.logger.verbose("handleRedirectPromise called");
+                // Block token acquisition before initialize has been called if native brokering is enabled
+                BrowserUtils.blockNativeBrokerCalledBeforeInitialized(this.config.system.allowNativeBroker, this.initialized);
                 loggedInAccounts = this.getAllAccounts();
@@ -107,6 +150,16 @@ if (this.isBrowserEnvironment) {
                         this.logger.verbose("handleRedirectPromise has been called for the first time, storing the promise");
-                        correlationId = this.browserStorage.getTemporaryCache(TemporaryCacheKeys.CORRELATION_ID, true) || Constants.EMPTY_STRING;
-                        redirectClient = new RedirectClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, correlationId);
-                        response = redirectClient.handleRedirectPromise(hash)
-                            .then(function (result) {
+                        request = this.browserStorage.getCachedNativeRequest();
+                        redirectResponse = void 0;
+                        if (request && NativeMessageHandler.isNativeAvailable(this.config, this.logger, this.nativeExtensionProvider) && this.nativeExtensionProvider && !hash) {
+                            this.logger.trace("handleRedirectPromise - acquiring token from native platform");
+                            nativeClient = new NativeInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.handleRedirectPromise, this.performanceClient, this.nativeExtensionProvider, request.accountId, request.correlationId);
+                            redirectResponse = nativeClient.handleRedirectPromise();
+                        }
+                        else {
+                            this.logger.trace("handleRedirectPromise - acquiring token from web flow");
+                            correlationId = this.browserStorage.getTemporaryCache(TemporaryCacheKeys.CORRELATION_ID, true) || Constants.EMPTY_STRING;
+                            redirectClient = this.createRedirectClient(correlationId);
+                            redirectResponse = redirectClient.handleRedirectPromise(hash);
+                        }
+                        response = redirectResponse.then(function (result) {
                             if (result) {
@@ -126,4 +179,3 @@ // Emit login event if number of accounts change
                             return result;
-                        })
-                            .catch(function (e) {
+                        }).catch(function (e) {
                             // Emit login event if there is an account
@@ -162,3 +214,3 @@ if (loggedInAccounts.length > 0) {
         return __awaiter(this, void 0, void 0, function () {
-            var correlationId, isLoggedIn, redirectClient;
+            var correlationId, isLoggedIn, result, nativeClient, redirectClient;
             var _this = this;
@@ -176,4 +228,18 @@ return __generator(this, function (_a) {
                 }
-                redirectClient = new RedirectClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, correlationId);
-                return [2 /*return*/, redirectClient.acquireToken(__assign(__assign({}, request), { correlationId: correlationId })).catch(function (e) {
+                if (this.nativeExtensionProvider && this.canUseNative(request)) {
+                    nativeClient = new NativeInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.acquireTokenRedirect, this.performanceClient, this.nativeExtensionProvider, this.getNativeAccountId(request), request.correlationId);
+                    result = nativeClient.acquireTokenRedirect(request).catch(function (e) {
+                        if (e instanceof NativeAuthError && e.isFatal()) {
+                            _this.nativeExtensionProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
+                            var redirectClient = _this.createRedirectClient(request.correlationId);
+                            return redirectClient.acquireToken(request);
+                        }
+                        throw e;
+                    });
+                }
+                else {
+                    redirectClient = this.createRedirectClient(request.correlationId);
+                    result = redirectClient.acquireToken(request);
+                }
+                return [2 /*return*/, result.catch(function (e) {
                         // If logged in, emit acquire token events
@@ -203,2 +269,3 @@ if (isLoggedIn) {
         var correlationId = this.getRequestCorrelationId(request);
+        var atPopupMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.AcquireTokenPopup, correlationId);
         try {
@@ -220,4 +287,26 @@ this.logger.verbose("acquireTokenPopup called", correlationId);
         }
-        var popupClient = new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, correlationId);
-        return popupClient.acquireToken(__assign(__assign({}, request), { correlationId: correlationId })).then(function (result) {
+        var result;
+        if (this.canUseNative(request)) {
+            result = this.acquireTokenNative(request, ApiId.acquireTokenPopup).then(function (response) {
+                _this.browserStorage.setInteractionInProgress(false);
+                atPopupMeasurement.endMeasurement({
+                    success: true,
+                    isNativeBroker: true
+                });
+                atPopupMeasurement.flushMeasurement();
+                return response;
+            }).catch(function (e) {
+                if (e instanceof NativeAuthError && e.isFatal()) {
+                    _this.nativeExtensionProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
+                    var popupClient = _this.createPopupClient(request.correlationId);
+                    return popupClient.acquireToken(request);
+                }
+                throw e;
+            });
+        }
+        else {
+            var popupClient = this.createPopupClient(request.correlationId);
+            result = popupClient.acquireToken(request);
+        }
+        return result.then(function (result) {
             // If logged in, emit acquire token events
@@ -231,2 +320,6 @@ var isLoggingIn = loggedInAccounts.length < _this.getAllAccounts().length;
             }
+            atPopupMeasurement.endMeasurement({
+                success: true
+            });
+            atPopupMeasurement.flushMeasurement();
             return result;
@@ -240,2 +333,6 @@ }).catch(function (e) {
             }
+            atPopupMeasurement.endMeasurement({
+                success: false
+            });
+            atPopupMeasurement.flushMeasurement();
             // Since this function is syncronous we need to reject
@@ -264,19 +361,28 @@ return Promise.reject(e);
         return __awaiter(this, void 0, void 0, function () {
-            var correlationId, ssoSilentMeasurement, silentIframeClient, silentTokenResult, e_1;
+            var correlationId, validRequest, ssoSilentMeasurement, result, silentIframeClient;
+            var _this = this;
             return __generator(this, function (_a) {
-                switch (_a.label) {
-                    case 0:
-                        correlationId = this.getRequestCorrelationId(request);
-                        this.preflightBrowserEnvironmentCheck(InteractionType.Silent);
-                        ssoSilentMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.SsoSilent, correlationId);
-                        this.logger.verbose("ssoSilent called", correlationId);
-                        this.eventHandler.emitEvent(EventType.SSO_SILENT_START, InteractionType.Silent, request);
-                        _a.label = 1;
-                    case 1:
-                        _a.trys.push([1, 3, , 4]);
-                        silentIframeClient = new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, correlationId);
-                        return [4 /*yield*/, silentIframeClient.acquireToken(__assign(__assign({}, request), { correlationId: correlationId }))];
-                    case 2:
-                        silentTokenResult = _a.sent();
-                        this.eventHandler.emitEvent(EventType.SSO_SILENT_SUCCESS, InteractionType.Silent, silentTokenResult);
+                correlationId = this.getRequestCorrelationId(request);
+                validRequest = __assign(__assign({}, request), { prompt: PromptValue.NONE, correlationId: correlationId });
+                this.preflightBrowserEnvironmentCheck(InteractionType.Silent);
+                ssoSilentMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.SsoSilent, correlationId);
+                this.logger.verbose("ssoSilent called", correlationId);
+                this.eventHandler.emitEvent(EventType.SSO_SILENT_START, InteractionType.Silent, validRequest);
+                if (this.canUseNative(validRequest)) {
+                    result = this.acquireTokenNative(validRequest, ApiId.ssoSilent).catch(function (e) {
+                        // If native token acquisition fails for availability reasons fallback to standard flow
+                        if (e instanceof NativeAuthError && e.isFatal()) {
+                            _this.nativeExtensionProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
+                            var silentIframeClient = _this.createSilentIframeClient(validRequest.correlationId);
+                            return silentIframeClient.acquireToken(validRequest);
+                        }
+                        throw e;
+                    });
+                }
+                else {
+                    silentIframeClient = this.createSilentIframeClient(validRequest.correlationId);
+                    result = silentIframeClient.acquireToken(validRequest);
+                }
+                return [2 /*return*/, result.then(function (response) {
+                        _this.eventHandler.emitEvent(EventType.SSO_SILENT_SUCCESS, InteractionType.Silent, response);
                         ssoSilentMeasurement.endMeasurement({
@@ -286,6 +392,5 @@ success: true
                         ssoSilentMeasurement.flushMeasurement();
-                        return [2 /*return*/, silentTokenResult];
-                    case 3:
-                        e_1 = _a.sent();
-                        this.eventHandler.emitEvent(EventType.SSO_SILENT_FAILURE, InteractionType.Silent, null, e_1);
+                        return response;
+                    }).catch(function (e) {
+                        _this.eventHandler.emitEvent(EventType.SSO_SILENT_FAILURE, InteractionType.Silent, null, e);
                         ssoSilentMeasurement.endMeasurement({
@@ -295,5 +400,4 @@ success: false
                         ssoSilentMeasurement.flushMeasurement();
-                        throw e_1;
-                    case 4: return [2 /*return*/];
-                }
+                        throw e;
+                    })];
             });
@@ -314,3 +418,3 @@ });
         return __awaiter(this, void 0, void 0, function () {
-            var correlationId, atbcMeasurement, response;
+            var correlationId, atbcMeasurement, hybridAuthCode_1, response;
             var _this = this;
@@ -324,37 +428,54 @@ return __generator(this, function (_a) {
                 try {
-                    if (!request.code) {
-                        throw BrowserAuthError.createAuthCodeRequiredError();
-                    }
-                    response = this.hybridAuthCodeResponses.get(request.code);
-                    if (!response) {
-                        this.logger.verbose("Initiating new acquireTokenByCode request", correlationId);
-                        response = this.acquireTokenByCodeAsync(__assign(__assign({}, request), { correlationId: correlationId }))
-                            .then(function (result) {
-                            _this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_BY_CODE_SUCCESS, InteractionType.Silent, result);
-                            _this.hybridAuthCodeResponses.delete(request.code);
+                    if (request.code) {
+                        hybridAuthCode_1 = request.code;
+                        response = this.hybridAuthCodeResponses.get(hybridAuthCode_1);
+                        if (!response) {
+                            this.logger.verbose("Initiating new acquireTokenByCode request", correlationId);
+                            response = this.acquireTokenByCodeAsync(__assign(__assign({}, request), { correlationId: correlationId }))
+                                .then(function (result) {
+                                _this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_BY_CODE_SUCCESS, InteractionType.Silent, result);
+                                _this.hybridAuthCodeResponses.delete(hybridAuthCode_1);
+                                atbcMeasurement.endMeasurement({
+                                    success: true
+                                });
+                                atbcMeasurement.flushMeasurement();
+                                return result;
+                            })
+                                .catch(function (error) {
+                                _this.hybridAuthCodeResponses.delete(hybridAuthCode_1);
+                                _this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_BY_CODE_FAILURE, InteractionType.Silent, null, error);
+                                atbcMeasurement.endMeasurement({
+                                    success: false
+                                });
+                                atbcMeasurement.flushMeasurement();
+                                throw error;
+                            });
+                            this.hybridAuthCodeResponses.set(hybridAuthCode_1, response);
+                        }
+                        else {
+                            this.logger.verbose("Existing acquireTokenByCode request found", request.correlationId);
                             atbcMeasurement.endMeasurement({
                                 success: true
                             });
-                            atbcMeasurement.flushMeasurement();
-                            return result;
-                        })
-                            .catch(function (error) {
-                            _this.hybridAuthCodeResponses.delete(request.code);
-                            _this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_BY_CODE_FAILURE, InteractionType.Silent, null, error);
-                            atbcMeasurement.endMeasurement({
-                                success: false
-                            });
-                            atbcMeasurement.flushMeasurement();
-                            throw error;
-                        });
-                        this.hybridAuthCodeResponses.set(request.code, response);
+                            atbcMeasurement.discardMeasurement();
+                        }
+                        return [2 /*return*/, response];
                     }
+                    else if (request.nativeAccountId) {
+                        if (this.canUseNative(request, request.nativeAccountId)) {
+                            return [2 /*return*/, this.acquireTokenNative(request, ApiId.acquireTokenByCode, request.nativeAccountId).catch(function (e) {
+                                    // If native token acquisition fails for availability reasons fallback to standard flow
+                                    if (e instanceof NativeAuthError && e.isFatal()) {
+                                        _this.nativeExtensionProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt
+                                    }
+                                    throw e;
+                                })];
+                        }
+                        else {
+                            throw BrowserAuthError.createUnableToAcquireTokenFromNativePlatformError();
+                        }
+                    }
                     else {
-                        this.logger.verbose("Existing acquireTokenByCode request found", request.correlationId);
-                        atbcMeasurement.endMeasurement({
-                            success: true
-                        });
-                        atbcMeasurement.discardMeasurement();
+                        throw BrowserAuthError.createAuthCodeOrNativeAccountIdRequiredError();
                     }
-                    return [2 /*return*/, response];
                 }
@@ -384,3 +505,3 @@ catch (e) {
                         this.logger.trace("acquireTokenByCodeAsync called", request.correlationId);
-                        silentAuthCodeClient = new SilentAuthCodeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.acquireTokenByCode, this.performanceClient, request.correlationId);
+                        silentAuthCodeClient = this.createSilentAuthCodeClient(request.correlationId);
                         return [4 /*yield*/, silentAuthCodeClient.acquireToken(request)];
@@ -414,3 +535,3 @@ case 1:
                 this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_NETWORK_START, InteractionType.Silent, request);
-                silentRefreshClient = new SilentRefreshClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, request.correlationId);
+                silentRefreshClient = this.createSilentRefreshClient(request.correlationId);
                 return [2 /*return*/, silentRefreshClient.acquireToken(request)
@@ -430,3 +551,3 @@ .then(function (result) {
                             _this.logger.verbose("Refresh token expired or invalid, attempting acquire token by iframe", request.correlationId);
-                            var silentIframeClient = new SilentIframeClient(_this.config, _this.browserStorage, _this.browserCrypto, _this.logger, _this.eventHandler, _this.navigationClient, ApiId.acquireTokenSilent_authCode, _this.performanceClient, request.correlationId);
+                            var silentIframeClient = _this.createSilentIframeClient(request.correlationId);
                             return silentIframeClient.acquireToken(request)
@@ -483,4 +604,4 @@ .then(function (result) {
                 this.preflightBrowserEnvironmentCheck(InteractionType.Redirect);
-                redirectClient = new RedirectClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, correlationId);
-                return [2 /*return*/, redirectClient.logout(__assign({ correlationId: correlationId }, logoutRequest))];
+                redirectClient = this.createRedirectClient(correlationId);
+                return [2 /*return*/, redirectClient.logout(logoutRequest)];
             });
@@ -497,4 +618,4 @@ });
             this.preflightBrowserEnvironmentCheck(InteractionType.Popup);
-            var popupClient = new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, correlationId);
-            return popupClient.logout(__assign({ correlationId: correlationId }, logoutRequest));
+            var popupClient = this.createPopupClient(correlationId);
+            return popupClient.logout(logoutRequest);
         }
@@ -605,2 +726,4 @@ catch (e) {
         BrowserUtils.blockAcquireTokenInPopups();
+        // Block token acquisition before initialize has been called if native brokering is enabled
+        BrowserUtils.blockNativeBrokerCalledBeforeInitialized(this.config.system.allowNativeBroker, this.initialized);
         // Block redirects if memory storage is enabled but storeAuthStateInCookie is not
@@ -629,2 +752,94 @@ if (interactionType === InteractionType.Redirect &&
     /**
+     * Acquire a token from native device (e.g. WAM)
+     * @param request
+     */
+    ClientApplication.prototype.acquireTokenNative = function (request, apiId, accountId) {
+        return __awaiter(this, void 0, void 0, function () {
+            var nativeClient;
+            return __generator(this, function (_a) {
+                this.logger.trace("acquireTokenNative called");
+                if (!this.nativeExtensionProvider) {
+                    throw BrowserAuthError.createNativeConnectionNotEstablishedError();
+                }
+                nativeClient = new NativeInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, apiId, this.performanceClient, this.nativeExtensionProvider, accountId || this.getNativeAccountId(request), request.correlationId);
+                return [2 /*return*/, nativeClient.acquireToken(request)];
+            });
+        });
+    };
+    /**
+     * Returns boolean indicating if this request can use the native broker
+     * @param request
+     */
+    ClientApplication.prototype.canUseNative = function (request, accountId) {
+        this.logger.trace("canUseNative called");
+        if (!NativeMessageHandler.isNativeAvailable(this.config, this.logger, this.nativeExtensionProvider, request.authenticationScheme)) {
+            this.logger.trace("canUseNative: isNativeAvailable returned false, returning false");
+            return false;
+        }
+        if (request.prompt) {
+            switch (request.prompt) {
+                case PromptValue.NONE:
+                case PromptValue.CONSENT:
+                    this.logger.trace("canUseNative: prompt is compatible with native flow");
+                    break;
+                default:
+                    this.logger.trace("canUseNative: prompt = " + request.prompt + " is not compatible with native flow, returning false");
+                    return false;
+            }
+        }
+        if (!accountId && !this.getNativeAccountId(request)) {
+            this.logger.trace("canUseNative: nativeAccountId is not available, returning false");
+            return false;
+        }
+        return true;
+    };
+    /**
+     * Get the native accountId from the account
+     * @param request
+     * @returns
+     */
+    ClientApplication.prototype.getNativeAccountId = function (request) {
+        var account = request.account || this.browserStorage.getAccountInfoByHints(request.loginHint, request.sid) || this.getActiveAccount();
+        return account && account.nativeAccountId || "";
+    };
+    /**
+     * Returns new instance of the Popup Interaction Client
+     * @param correlationId
+     */
+    ClientApplication.prototype.createPopupClient = function (correlationId) {
+        return new PopupClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeExtensionProvider, correlationId);
+    };
+    /**
+     * Returns new instance of the Popup Interaction Client
+     * @param correlationId
+     */
+    ClientApplication.prototype.createRedirectClient = function (correlationId) {
+        return new RedirectClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeExtensionProvider, correlationId);
+    };
+    /**
+     * Returns new instance of the Silent Iframe Interaction Client
+     * @param correlationId
+     */
+    ClientApplication.prototype.createSilentIframeClient = function (correlationId) {
+        return new SilentIframeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.ssoSilent, this.performanceClient, this.nativeExtensionProvider, correlationId);
+    };
+    /**
+     * Returns new instance of the Silent Cache Interaction Client
+     */
+    ClientApplication.prototype.createSilentCacheClient = function (correlationId) {
+        return new SilentCacheClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeExtensionProvider, correlationId);
+    };
+    /**
+     * Returns new instance of the Silent Refresh Interaction Client
+     */
+    ClientApplication.prototype.createSilentRefreshClient = function (correlationId) {
+        return new SilentRefreshClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, this.nativeExtensionProvider, correlationId);
+    };
+    /**
+     * Returns new instance of the Silent AuthCode Interaction Client
+     */
+    ClientApplication.prototype.createSilentAuthCodeClient = function (correlationId) {
+        return new SilentAuthCodeClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.acquireTokenByCode, this.performanceClient, this.nativeExtensionProvider, correlationId);
+    };
+    /**
      * Adds event callbacks to array
@@ -631,0 +846,0 @@ * @param callback

dist/app/IPublicClientApplication.d.ts

@@ -14,2 +14,3 @@ import { AuthenticationResult, AccountInfo, Logger, PerformanceCallbackFunction } from "@azure/msal-common";
 export interface IPublicClientApplication {
+    initialize(): Promise<void>;
     acquireTokenPopup(request: PopupRequest): Promise<AuthenticationResult>;
@@ -16,0 +17,0 @@ acquireTokenRedirect(request: RedirectRequest): Promise<void>;

dist/app/IPublicClientApplication.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -10,2 +10,5 @@ import { BrowserConfigurationAuthError } from '../error/BrowserConfigurationAuthError.js';
 var stubbedPublicClientApplication = {
+    initialize: function () {
+        return Promise.reject(BrowserConfigurationAuthError.createStubPcaInstanceCalledError());
+    },
     acquireTokenPopup: function () {
@@ -12,0 +15,0 @@ return Promise.reject(BrowserConfigurationAuthError.createStubPcaInstanceCalledError());

dist/app/PublicClientApplication.js

@@ -1,10 +0,11 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
 import { __extends, __awaiter, __generator, __assign } from '../_virtual/_tslib.js';
 import { PerformanceEvents, Constants } from '@azure/msal-common';
-import { DEFAULT_REQUEST, InteractionType } from '../utils/BrowserConstants.js';
+import { DEFAULT_REQUEST, InteractionType, ApiId } from '../utils/BrowserConstants.js';
 import { ClientApplication } from './ClientApplication.js';
 import { EventType } from '../event/EventType.js';
 import { BrowserAuthError } from '../error/BrowserAuthError.js';
-import { SilentCacheClient } from '../interaction_client/SilentCacheClient.js';
+import { NativeAuthError } from '../error/NativeAuthError.js';
+import { NativeMessageHandler } from '../broker/nativeBroker/NativeMessageHandler.js';
 
@@ -154,3 +155,3 @@ /*
         return __awaiter(this, void 0, void 0, function () {
-            var astsAsyncMeasurement, silentCacheClient, silentRequest;
+            var astsAsyncMeasurement, result, silentRequest, silentCacheClient, silentRequest_1;
             var _this = this;
@@ -160,42 +161,47 @@ return __generator(this, function (_a) {
                     case 0:
+                        this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, InteractionType.Silent, request);
                         astsAsyncMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.AcquireTokenSilentAsync, request.correlationId);
-                        silentCacheClient = new SilentCacheClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.performanceClient, request.correlationId);
+                        if (!(NativeMessageHandler.isNativeAvailable(this.config, this.logger, this.nativeExtensionProvider, request.authenticationScheme) && account.nativeAccountId)) return [3 /*break*/, 1];
+                        this.logger.verbose("acquireTokenSilent - attempting to acquire token from native platform");
+                        silentRequest = __assign(__assign({}, request), { account: account });
+                        result = this.acquireTokenNative(silentRequest, ApiId.acquireTokenSilent_silentFlow).catch(function (e) { return __awaiter(_this, void 0, void 0, function () {
+                            var silentIframeClient;
+                            return __generator(this, function (_a) {
+                                // If native token acquisition fails for availability reasons fallback to web flow
+                                if (e instanceof NativeAuthError && e.isFatal()) {
+                                    this.logger.verbose("acquireTokenSilent - native platform unavailable, falling back to web flow");
+                                    this.nativeExtensionProvider = undefined; // Prevent future requests from continuing to attempt 
+                                    silentIframeClient = this.createSilentIframeClient(request.correlationId);
+                                    return [2 /*return*/, silentIframeClient.acquireToken(request)];
+                                }
+                                throw e;
+                            });
+                        }); });
+                        return [3 /*break*/, 3];
+                    case 1:
+                        this.logger.verbose("acquireTokenSilent - attempting to acquire token from web flow");
+                        silentCacheClient = this.createSilentCacheClient(request.correlationId);
                         return [4 /*yield*/, silentCacheClient.initializeSilentRequest(request, account)];
-                    case 1:
-                        silentRequest = _a.sent();
-                        this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_START, InteractionType.Silent, request);
-                        return [2 /*return*/, silentCacheClient.acquireToken(silentRequest)
-                                .then(function (result) {
-                                astsAsyncMeasurement.endMeasurement({
-                                    success: true,
-                                    fromCache: result.fromCache
-                                });
-                                return result;
-                            })
-                                .catch(function () { return __awaiter(_this, void 0, void 0, function () {
-                                var tokenRenewalResult, tokenRenewalError_1;
-                                return __generator(this, function (_a) {
-                                    switch (_a.label) {
-                                        case 0:
-                                            _a.trys.push([0, 2, , 3]);
-                                            return [4 /*yield*/, this.acquireTokenByRefreshToken(silentRequest)];
-                                        case 1:
-                                            tokenRenewalResult = _a.sent();
-                                            this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_SUCCESS, InteractionType.Silent, tokenRenewalResult);
-                                            astsAsyncMeasurement.endMeasurement({
-                                                success: true,
-                                                fromCache: tokenRenewalResult.fromCache
-                                            });
-                                            return [2 /*return*/, tokenRenewalResult];
-                                        case 2:
-                                            tokenRenewalError_1 = _a.sent();
-                                            this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_FAILURE, InteractionType.Silent, null, tokenRenewalError_1);
-                                            astsAsyncMeasurement.endMeasurement({
-                                                success: false
-                                            });
-                                            throw tokenRenewalError_1;
-                                        case 3: return [2 /*return*/];
-                                    }
-                                });
-                            }); })];
+                    case 2:
+                        silentRequest_1 = _a.sent();
+                        result = silentCacheClient.acquireToken(silentRequest_1).catch(function () { return __awaiter(_this, void 0, void 0, function () {
+                            return __generator(this, function (_a) {
+                                return [2 /*return*/, this.acquireTokenByRefreshToken(silentRequest_1)];
+                            });
+                        }); });
+                        _a.label = 3;
+                    case 3: return [2 /*return*/, result.then(function (response) {
+                            _this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_SUCCESS, InteractionType.Silent, response);
+                            astsAsyncMeasurement.endMeasurement({
+                                success: true,
+                                fromCache: response.fromCache
+                            });
+                            return response;
+                        }).catch(function (tokenRenewalError) {
+                            _this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_FAILURE, InteractionType.Silent, null, tokenRenewalError);
+                            astsAsyncMeasurement.endMeasurement({
+                                success: false
+                            });
+                            throw tokenRenewalError;
+                        })];
                 }
@@ -202,0 +208,0 @@ });

dist/cache/AsyncMemoryStorage.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { __awaiter, __generator } from '../_virtual/_tslib.js';

dist/cache/BrowserCacheManager.d.ts

@@ -6,2 +6,3 @@ import { CommonAuthorizationCodeRequest, ICrypto, AccountEntity, IdTokenEntity, AccessTokenEntity, RefreshTokenEntity, AppMetadataEntity, CacheManager, ServerTelemetryEntity, ThrottlingEntity, Logger, AuthorityMetadataEntity, AccountInfo, ValidCredentialType } from "@azure/msal-common";
 import { IWindowStorage } from "./IWindowStorage";
+import { NativeTokenRequest } from "../broker/nativeBroker/NativeRequest";
 /**
@@ -158,2 +159,8 @@ * This class implements the cache storage interface for MSAL through browser local or session storage.
     /**
+     * Checks the cache for accounts matching loginHint or SID
+     * @param loginHint
+     * @param sid
+     */
+    getAccountInfoByHints(loginHint?: string, sid?: string): AccountInfo | null;
+    /**
      * fetch throttling entity from the platform cache
@@ -288,2 +295,6 @@ * @param throttlingCacheKey
     getCachedRequest(state: string, browserCrypto: ICrypto): CommonAuthorizationCodeRequest;
+    /**
+     * Gets cached native request for redirect flows
+     */
+    getCachedNativeRequest(): NativeTokenRequest | null;
     isInteractionInProgress(matchClientId?: boolean): boolean;
@@ -290,0 +301,0 @@ getInteractionInProgress(): string | null;

dist/cache/BrowserCacheManager.js

@@ -1,5 +0,5 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
 import { __extends, __spread, __awaiter, __generator } from '../_virtual/_tslib.js';
-import { AccountEntity, CacheManager, IdTokenEntity, AccessTokenEntity, RefreshTokenEntity, AppMetadataEntity, ServerTelemetryEntity, AuthorityMetadataEntity, Constants, PersistentCacheKeys, ThrottlingEntity, StringUtils, ProtocolUtils, CcsCredentialType, IdToken, DEFAULT_CRYPTO_IMPLEMENTATION } from '@azure/msal-common';
+import { AccountEntity, CacheManager, IdTokenEntity, AccessTokenEntity, RefreshTokenEntity, AppMetadataEntity, ServerTelemetryEntity, AuthorityMetadataEntity, Constants, PersistentCacheKeys, ClientAuthError, ThrottlingEntity, StringUtils, ProtocolUtils, CcsCredentialType, IdToken, DEFAULT_CRYPTO_IMPLEMENTATION } from '@azure/msal-common';
 import { BrowserAuthError } from '../error/BrowserAuthError.js';
@@ -402,2 +402,26 @@ import { BrowserCacheLocation, InMemoryCacheKeys, TemporaryCacheKeys } from '../utils/BrowserConstants.js';
     /**
+     * Checks the cache for accounts matching loginHint or SID
+     * @param loginHint
+     * @param sid
+     */
+    BrowserCacheManager.prototype.getAccountInfoByHints = function (loginHint, sid) {
+        var matchingAccounts = this.getAllAccounts().filter(function (accountInfo) {
+            if (sid) {
+                var accountSid = accountInfo.idTokenClaims && accountInfo.idTokenClaims["sid"];
+                return sid === accountSid;
+            }
+            if (loginHint) {
+                return loginHint === accountInfo.username;
+            }
+            return false;
+        });
+        if (matchingAccounts.length === 1) {
+            return matchingAccounts[0];
+        }
+        else if (matchingAccounts.length > 1) {
+            throw ClientAuthError.createMultipleMatchingAccountsInCacheError();
+        }
+        return null;
+    };
+    /**
      * fetch throttling entity from the platform cache
@@ -719,2 +743,3 @@ * @param throttlingCacheKey
         this.removeItem(this.generateCacheKey(TemporaryCacheKeys.CCS_CREDENTIAL));
+        this.removeItem(this.generateCacheKey(TemporaryCacheKeys.NATIVE_REQUEST));
         this.setInteractionInProgress(false);
@@ -797,2 +822,19 @@ };
     };
+    /**
+     * Gets cached native request for redirect flows
+     */
+    BrowserCacheManager.prototype.getCachedNativeRequest = function () {
+        this.logger.trace("BrowserCacheManager.getCachedNativeRequest called");
+        var cachedRequest = this.getTemporaryCache(TemporaryCacheKeys.NATIVE_REQUEST, true);
+        if (!cachedRequest) {
+            this.logger.trace("BrowserCacheManager.getCachedNativeRequest: No cached native request found");
+            return null;
+        }
+        var parsedRequest = this.validateAndParseJson(cachedRequest);
+        if (!parsedRequest) {
+            this.logger.error("BrowserCacheManager.getCachedNativeRequest: Unable to parse native request");
+            return null;
+        }
+        return parsedRequest;
+    };
     BrowserCacheManager.prototype.isInteractionInProgress = function (matchClientId) {
@@ -799,0 +841,0 @@ var clientId = this.getInteractionInProgress();

dist/cache/BrowserStorage.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { BrowserConfigurationAuthError } from '../error/BrowserConfigurationAuthError.js';

dist/cache/DatabaseStorage.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { __awaiter, __generator } from '../_virtual/_tslib.js';

dist/cache/MemoryStorage.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ /*

dist/cache/TokenCache.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { Authority, IdTokenEntity, AuthToken, AccountEntity, ScopeSet, AccessTokenEntity } from '@azure/msal-common';

dist/config/Configuration.d.ts

@@ -7,26 +7,50 @@ import { SystemOptions, LoggerOptions, INetworkModule, ProtocolMode, AzureCloudOptions, ApplicationTelemetry } from "@azure/msal-common";
 export declare const DEFAULT_REDIRECT_TIMEOUT_MS = 30000;
+export declare const DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS = 2000;
 /**
  * Use this to configure the auth options in the Configuration object
- *
- * - clientId                    - Client ID of your app registered with our Application registration portal : https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview in Microsoft Identity Platform
- * - authority                   - You can configure a specific authority, defaults to " " or "https://login.microsoftonline.com/common"
- * - knownAuthorities            - An array of URIs that are known to be valid. Used in B2C scenarios.
- * - cloudDiscoveryMetadata      - A string containing the cloud discovery response. Used in AAD scenarios.
- * - redirectUri                 - The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal.
- * - postLogoutRedirectUri       - The redirect URI where the window navigates after a successful logout.
- * - navigateToLoginRequestUrl   - Boolean indicating whether to navigate to the original request URL after the auth server navigates to the redirect URL.
- * - clientCapabilities          - Array of capabilities which will be added to the claims.access_token.xms_cc request property on every network request.
- * - protocolMode                - Enum that represents the protocol that msal follows. Used for configuring proper endpoints.
  */
 export declare type BrowserAuthOptions = {
+    /**
+     * Client ID of your app registered with our Application registration portal : https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview in Microsoft Identity Platform
+     */
     clientId: string;
+    /**
+     * You can configure a specific authority, defaults to " " or "https://login.microsoftonline.com/common"
+     */
     authority?: string;
+    /**
+     * An array of URIs that are known to be valid. Used in B2C scenarios.
+     */
     knownAuthorities?: Array<string>;
+    /**
+     * A string containing the cloud discovery response. Used in AAD scenarios.
+     */
     cloudDiscoveryMetadata?: string;
+    /**
+     * A string containing the .well-known/openid-configuration endpoint response
+     */
     authorityMetadata?: string;
+    /**
+     * The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal.
+     */
     redirectUri?: string;
+    /**
+     * The redirect URI where the window navigates after a successful logout.
+     */
     postLogoutRedirectUri?: string | null;
+    /**
+     * Boolean indicating whether to navigate to the original request URL after the auth server navigates to the redirect URL.
+     */
     navigateToLoginRequestUrl?: boolean;
+    /**
+     * Array of capabilities which will be added to the claims.access_token.xms_cc request property on every network request.
+     */
     clientCapabilities?: Array<string>;
+    /**
+     * Enum that represents the protocol that msal follows. Used for configuring proper endpoints.
+     */
     protocolMode?: ProtocolMode;
+    /**
+     * Enum that represents the Azure Cloud to use.
+     */
     azureCloudOptions?: AzureCloudOptions;
@@ -36,60 +60,97 @@ };
  * Use this to configure the below cache configuration options:
- *
- * - cacheLocation              - Used to specify the cacheLocation user wants to set. Valid values are "localStorage" and "sessionStorage"
- * - storeAuthStateInCookie     - If set, MSAL stores the auth request state required for validation of the auth flows in the browser cookies. By default this flag is set to false.
- * - secureCookies              - If set, MSAL sets the "Secure" flag on cookies so they can only be sent over HTTPS. By default this flag is set to false.
  */
 export declare type CacheOptions = {
+    /**
+     * Used to specify the cacheLocation user wants to set. Valid values are "localStorage" and "sessionStorage"
+     */
     cacheLocation?: BrowserCacheLocation | string;
+    /**
+     * If set, MSAL stores the auth request state required for validation of the auth flows in the browser cookies. By default this flag is set to false.
+     */
     storeAuthStateInCookie?: boolean;
+    /**
+     * If set, MSAL sets the "Secure" flag on cookies so they can only be sent over HTTPS. By default this flag is set to false.
+     */
     secureCookies?: boolean;
 };
-/**
- * Library Specific Options
- *
- * - tokenRenewalOffsetSeconds    - Sets the window of offset needed to renew the token before expiry
- * - loggerOptions                - Used to initialize the Logger object (See ClientConfiguration.ts)
- * - networkClient                - Network interface implementation
- * - windowHashTimeout            - Sets the timeout for waiting for a response hash in a popup. Will take precedence over loadFrameTimeout if both are set.
- * - iframeHashTimeout            - Sets the timeout for waiting for a response hash in an iframe. Will take precedence over loadFrameTimeout if both are set.
- * - loadFrameTimeout             - Sets the timeout for waiting for a response hash in an iframe or popup
- * - navigateFrameWait            - Maximum time the library should wait for a frame to load
- * - redirectNavigationTimeout    - Time to wait for redirection to occur before resolving promise
- * - asyncPopups                  - Sets whether popups are opened asynchronously. By default, this flag is set to false. When set to false, blank popups are opened before anything else happens. When set to true, popups are opened when making the network request.
- * - allowRedirectInIframe        - Flag to enable redirect opertaions when the app is rendered in an iframe (to support scenarios such as embedded B2C login).
- */
 export declare type BrowserSystemOptions = SystemOptions & {
+    /**
+     * Used to initialize the Logger object (See ClientConfiguration.ts)
+     */
     loggerOptions?: LoggerOptions;
+    /**
+     * Network interface implementation
+     */
     networkClient?: INetworkModule;
+    /**
+     * Override the methods used to navigate to other webpages. Particularly useful if you are using a client-side router
+     */
     navigationClient?: INavigationClient;
+    /**
+     * Sets the timeout for waiting for a response hash in a popup. Will take precedence over loadFrameTimeout if both are set.
+     */
     windowHashTimeout?: number;
+    /**
+     * Sets the timeout for waiting for a response hash in an iframe. Will take precedence over loadFrameTimeout if both are set.
+     */
     iframeHashTimeout?: number;
+    /**
+     * Sets the timeout for waiting for a response hash in an iframe or popup
+     */
     loadFrameTimeout?: number;
+    /**
+     * Maximum time the library should wait for a frame to load
+     */
     navigateFrameWait?: number;
+    /**
+     * Time to wait for redirection to occur before resolving promise
+     */
     redirectNavigationTimeout?: number;
+    /**
+     * Sets whether popups are opened asynchronously. By default, this flag is set to false. When set to false, blank popups are opened before anything else happens. When set to true, popups are opened when making the network request.
+     */
     asyncPopups?: boolean;
+    /**
+     * Flag to enable redirect opertaions when the app is rendered in an iframe (to support scenarios such as embedded B2C login).
+     */
     allowRedirectInIframe?: boolean;
+    /**
+     * Flag to enable native broker support (e.g. acquiring tokens from WAM on Windows)
+     */
+    allowNativeBroker?: boolean;
+    /**
+     * Sets the timeout for waiting for the native broker handshake to resolve
+     */
+    nativeBrokerHandshakeTimeout?: number;
 };
 /**
  * Telemetry Options
- * - application: Telemetry information sent on request
- *     - appName: Unique string name of an application
- *     - appVersion: Version of the application using MSAL
  */
 export declare type BrowserTelemetryOptions = {
+    /**
+     * Telemetry information sent on request
+     * - appName: Unique string name of an application
+     * - appVersion: Version of the application using MSAL
+     */
     application?: ApplicationTelemetry;
 };
 /**
- * Use the configuration object to configure MSAL and initialize the UserAgentApplication.
- *
- * This object allows you to configure important elements of MSAL functionality:
- * - auth: this is where you configure auth elements like clientID, authority used for authenticating against the Microsoft Identity Platform
- * - cache: this is where you configure cache location and whether to store cache in cookies
- * - system: this is where you can configure the network client, logger, token renewal offset
- * - telemetry: this is where you can configure telemetry data and options
+ * This object allows you to configure important elements of MSAL functionality and is passed into the constructor of PublicClientApplication
  */
 export declare type Configuration = {
+    /**
+     * This is where you configure auth elements like clientID, authority used for authenticating against the Microsoft Identity Platform
+     */
     auth: BrowserAuthOptions;
+    /**
+     * This is where you configure cache location and whether to store cache in cookies
+     */
     cache?: CacheOptions;
+    /**
+     * This is where you can configure the network client, logger, token renewal offset
+     */
     system?: BrowserSystemOptions;
+    /**
+     * This is where you can configure telemetry data and options
+     */
     telemetry?: BrowserTelemetryOptions;
@@ -96,0 +157,0 @@ };

dist/config/Configuration.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -17,2 +17,3 @@ import { __assign } from '../_virtual/_tslib.js';
 var DEFAULT_REDIRECT_TIMEOUT_MS = 30000;
+var DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS = 2000;
 /**
@@ -62,3 +63,3 @@ * MSAL function that sets the default options when not explicitly configured from app developer
         // If loadFrameTimeout is provided, use that as default.
-        windowHashTimeout: (userInputSystem && userInputSystem.loadFrameTimeout) || DEFAULT_POPUP_TIMEOUT_MS, iframeHashTimeout: (userInputSystem && userInputSystem.loadFrameTimeout) || DEFAULT_IFRAME_TIMEOUT_MS, navigateFrameWait: isBrowserEnvironment && BrowserUtils.detectIEOrEdge() ? 500 : 0, redirectNavigationTimeout: DEFAULT_REDIRECT_TIMEOUT_MS, asyncPopups: false, allowRedirectInIframe: false });
+        windowHashTimeout: (userInputSystem === null || userInputSystem === void 0 ? void 0 : userInputSystem.loadFrameTimeout) || DEFAULT_POPUP_TIMEOUT_MS, iframeHashTimeout: (userInputSystem === null || userInputSystem === void 0 ? void 0 : userInputSystem.loadFrameTimeout) || DEFAULT_IFRAME_TIMEOUT_MS, navigateFrameWait: isBrowserEnvironment && BrowserUtils.detectIEOrEdge() ? 500 : 0, redirectNavigationTimeout: DEFAULT_REDIRECT_TIMEOUT_MS, asyncPopups: false, allowRedirectInIframe: false, allowNativeBroker: false, nativeBrokerHandshakeTimeout: (userInputSystem === null || userInputSystem === void 0 ? void 0 : userInputSystem.nativeBrokerHandshakeTimeout) || DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS });
     var DEFAULT_TELEMETRY_OPTIONS = {
@@ -79,3 +80,3 @@ application: {
 
-export { DEFAULT_IFRAME_TIMEOUT_MS, DEFAULT_POPUP_TIMEOUT_MS, DEFAULT_REDIRECT_TIMEOUT_MS, buildConfiguration };
+export { DEFAULT_IFRAME_TIMEOUT_MS, DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS, DEFAULT_POPUP_TIMEOUT_MS, DEFAULT_REDIRECT_TIMEOUT_MS, buildConfiguration };
 //# sourceMappingURL=Configuration.js.map

dist/crypto/BrowserCrypto.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { __awaiter, __generator } from '../_virtual/_tslib.js';

dist/crypto/CryptoOps.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { __awaiter, __generator } from '../_virtual/_tslib.js';

dist/crypto/GuidGenerator.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { Constants } from '@azure/msal-common';

dist/crypto/PkceGenerator.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { __awaiter, __generator } from '../_virtual/_tslib.js';

dist/crypto/SignedHttpRequest.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { __awaiter, __generator } from '../_virtual/_tslib.js';

dist/encode/Base64Decode.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { Constants } from '@azure/msal-common';

dist/encode/Base64Encode.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { Constants } from '@azure/msal-common';

dist/error/BrowserAuthError.d.ts

@@ -150,2 +150,6 @@ import { AuthError } from "@azure/msal-common";
     };
+    authCodeOrNativeAccountRequired: {
+        code: string;
+        desc: string;
+    };
     databaseUnavailable: {
@@ -155,2 +159,26 @@ code: string;
     };
+    unableToAcquireTokenFromNativePlatform: {
+        code: string;
+        desc: string;
+    };
+    nativeHandshakeTimeout: {
+        code: string;
+        desc: string;
+    };
+    nativeExtensionNotInstalled: {
+        code: string;
+        desc: string;
+    };
+    nativeConnectionNotEstablished: {
+        code: string;
+        desc: string;
+    };
+    nativeBrokerCalledBeforeInitialize: {
+        code: string;
+        desc: string;
+    };
+    nativePromptNotSupported: {
+        code: string;
+        desc: string;
+    };
 };
@@ -315,6 +343,36 @@ /**
     /**
+     * Create an error when an authorization code or native account ID is required but not provided
+     */
+    static createAuthCodeOrNativeAccountIdRequiredError(): BrowserAuthError;
+    /**
      * Create an error when IndexedDB is unavailable
      */
     static createDatabaseUnavailableError(): BrowserAuthError;
+    /**
+     * Create an error when native token acquisition is not possible
+     */
+    static createUnableToAcquireTokenFromNativePlatformError(): BrowserAuthError;
+    /**
+     * Create an error thrown when Handshake with browser extension times out
+     */
+    static createNativeHandshakeTimeoutError(): BrowserAuthError;
+    /**
+     * Create an error thrown when browser extension is not installed
+     */
+    static createNativeExtensionNotInstalledError(): BrowserAuthError;
+    /**
+     * Create an error when native connection has not been established
+     * @returns
+     */
+    static createNativeConnectionNotEstablishedError(): BrowserAuthError;
+    /**
+     * Create an error thrown when the initialize function hasn't been called
+     */
+    static createNativeBrokerCalledBeforeInitialize(): BrowserAuthError;
+    /**
+     * Create an error thrown when requesting a token directly from the native platform with an unsupported prompt parameter e.g. select_account, login or create
+     * These requests must go through eSTS to ensure eSTS is aware of the new account
+     */
+    static createNativePromptParameterNotSupportedError(): BrowserAuthError;
 }
 //# sourceMappingURL=BrowserAuthError.d.ts.map

dist/error/BrowserAuthError.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -158,5 +158,33 @@ import { __extends } from '../_virtual/_tslib.js';
     },
+    authCodeOrNativeAccountRequired: {
+        code: "auth_code_or_nativeAccountId_required",
+        desc: "An authorization code or nativeAccountId must be provided to this flow."
+    },
     databaseUnavailable: {
         code: "database_unavailable",
         desc: "IndexedDB, which is required for persistent cryptographic key storage, is unavailable. This may be caused by browser privacy features which block persistent storage in third-party contexts."
+    },
+    unableToAcquireTokenFromNativePlatform: {
+        code: "unable_to_acquire_token_from_native_platform",
+        desc: "Unable to acquire token from native platform. For a list of possible reasons visit aka.ms/msaljs/browser-errors."
+    },
+    nativeHandshakeTimeout: {
+        code: "native_handshake_timeout",
+        desc: "Timed out while attempting to establish connection to browser extension"
+    },
+    nativeExtensionNotInstalled: {
+        code: "native_extension_not_installed",
+        desc: "Native extension is not installed. If you think this is a mistake call the initialize function."
+    },
+    nativeConnectionNotEstablished: {
+        code: "native_connection_not_established",
+        desc: "Connection to native platform has not been established. Please install a compatible browser extension and run initialize(). For more please visit aka.ms/msaljs/browser-errors."
+    },
+    nativeBrokerCalledBeforeInitialize: {
+        code: "native_broker_called_before_initialize",
+        desc: "You must call and await the initialize function before attempting to call any other MSAL API when native brokering is enabled. For more please visit aka.ms/msaljs/browser-errors."
+    },
+    nativePromptNotSupported: {
+        code: "native_prompt_not_supported",
+        desc: "The provided prompt is not supported by the native platform. This request should be routed to the web based flow."
     }
@@ -402,2 +430,8 @@ };
     /**
+     * Create an error when an authorization code or native account ID is required but not provided
+     */
+    BrowserAuthError.createAuthCodeOrNativeAccountIdRequiredError = function () {
+        return new BrowserAuthError(BrowserAuthErrorMessage.authCodeOrNativeAccountRequired.code, BrowserAuthErrorMessage.authCodeOrNativeAccountRequired.desc);
+    };
+    /**
      * Create an error when IndexedDB is unavailable
@@ -408,2 +442,40 @@ */
     };
+    /**
+     * Create an error when native token acquisition is not possible
+     */
+    BrowserAuthError.createUnableToAcquireTokenFromNativePlatformError = function () {
+        return new BrowserAuthError(BrowserAuthErrorMessage.unableToAcquireTokenFromNativePlatform.code, BrowserAuthErrorMessage.unableToAcquireTokenFromNativePlatform.desc);
+    };
+    /**
+     * Create an error thrown when Handshake with browser extension times out
+     */
+    BrowserAuthError.createNativeHandshakeTimeoutError = function () {
+        return new BrowserAuthError(BrowserAuthErrorMessage.nativeHandshakeTimeout.code, BrowserAuthErrorMessage.nativeHandshakeTimeout.desc);
+    };
+    /**
+     * Create an error thrown when browser extension is not installed
+     */
+    BrowserAuthError.createNativeExtensionNotInstalledError = function () {
+        return new BrowserAuthError(BrowserAuthErrorMessage.nativeExtensionNotInstalled.code, BrowserAuthErrorMessage.nativeExtensionNotInstalled.desc);
+    };
+    /**
+     * Create an error when native connection has not been established
+     * @returns
+     */
+    BrowserAuthError.createNativeConnectionNotEstablishedError = function () {
+        return new BrowserAuthError(BrowserAuthErrorMessage.nativeConnectionNotEstablished.code, BrowserAuthErrorMessage.nativeConnectionNotEstablished.desc);
+    };
+    /**
+     * Create an error thrown when the initialize function hasn't been called
+     */
+    BrowserAuthError.createNativeBrokerCalledBeforeInitialize = function () {
+        return new BrowserAuthError(BrowserAuthErrorMessage.nativeBrokerCalledBeforeInitialize.code, BrowserAuthErrorMessage.nativeBrokerCalledBeforeInitialize.desc);
+    };
+    /**
+     * Create an error thrown when requesting a token directly from the native platform with an unsupported prompt parameter e.g. select_account, login or create
+     * These requests must go through eSTS to ensure eSTS is aware of the new account
+     */
+    BrowserAuthError.createNativePromptParameterNotSupportedError = function () {
+        return new BrowserAuthError(BrowserAuthErrorMessage.nativePromptNotSupported.code, BrowserAuthErrorMessage.nativePromptNotSupported.desc);
+    };
     return BrowserAuthError;
@@ -410,0 +482,0 @@ }(AuthError));

dist/error/BrowserConfigurationAuthError.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { __extends } from '../_virtual/_tslib.js';

dist/event/EventHandler.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { AccountEntity, CacheManager } from '@azure/msal-common';

dist/event/EventMessage.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { EventType } from './EventType.js';

dist/event/EventType.d.ts

 export declare enum EventType {
+    INITIALIZE_START = "msal:initializeStart",
+    INITIALIZE_END = "msal:initializeEnd",
     ACCOUNT_ADDED = "msal:accountAdded",
@@ -3,0 +5,0 @@ ACCOUNT_REMOVED = "msal:accountRemoved",

dist/event/EventType.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -9,2 +9,4 @@ /*
 (function (EventType) {
+    EventType["INITIALIZE_START"] = "msal:initializeStart";
+    EventType["INITIALIZE_END"] = "msal:initializeEnd";
     EventType["ACCOUNT_ADDED"] = "msal:accountAdded";
@@ -11,0 +13,0 @@ EventType["ACCOUNT_REMOVED"] = "msal:accountRemoved";

dist/index.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ export { PublicClientApplication } from './app/PublicClientApplication.js';

dist/interaction_client/BaseInteractionClient.d.ts

@@ -1,2 +0,2 @@
-import { ICrypto, INetworkModule, Logger, AuthenticationResult, AccountInfo, BaseAuthRequest, ServerTelemetryManager, IPerformanceClient } from "@azure/msal-common";
+import { ICrypto, INetworkModule, Logger, AuthenticationResult, AccountInfo, BaseAuthRequest, ServerTelemetryManager, Authority, IPerformanceClient } from "@azure/msal-common";
 import { BrowserConfiguration } from "../config/Configuration";
@@ -9,2 +9,4 @@ import { BrowserCacheManager } from "../cache/BrowserCacheManager";
 import { SsoSilentRequest } from "../request/SsoSilentRequest";
+import { INavigationClient } from "../navigation/INavigationClient";
+import { NativeMessageHandler } from "../broker/nativeBroker/NativeMessageHandler";
 export declare abstract class BaseInteractionClient {
@@ -17,5 +19,7 @@ protected config: BrowserConfiguration;
     protected eventHandler: EventHandler;
+    protected navigationClient: INavigationClient;
+    protected nativeMessageHandler: NativeMessageHandler | undefined;
     protected correlationId: string;
     protected performanceClient: IPerformanceClient;
-    constructor(config: BrowserConfiguration, storageImpl: BrowserCacheManager, browserCrypto: ICrypto, logger: Logger, eventHandler: EventHandler, performanceClient: IPerformanceClient, correlationId?: string);
+    constructor(config: BrowserConfiguration, storageImpl: BrowserCacheManager, browserCrypto: ICrypto, logger: Logger, eventHandler: EventHandler, navigationClient: INavigationClient, performanceClient: IPerformanceClient, nativeMessageHandler?: NativeMessageHandler, correlationId?: string);
     abstract acquireToken(request: RedirectRequest | PopupRequest | SsoSilentRequest): Promise<AuthenticationResult | void>;
@@ -44,3 +48,9 @@ abstract logout(request: EndSessionRequest): Promise<void>;
     protected initializeServerTelemetryManager(apiId: number, forceRefresh?: boolean): ServerTelemetryManager;
+    /**
+     * Used to get a discovered version of the default authority.
+     * @param requestAuthority
+     * @param requestCorrelationId
+     */
+    protected getDiscoveredAuthority(requestAuthority?: string): Promise<Authority>;
 }
 //# sourceMappingURL=BaseInteractionClient.d.ts.map

dist/interaction_client/BaseInteractionClient.js

@@ -1,5 +0,5 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
 import { __awaiter, __generator, __spread, __assign } from '../_virtual/_tslib.js';
-import { AccountEntity, AuthenticationScheme, ClientConfigurationError, StringUtils, UrlString, ServerTelemetryManager } from '@azure/msal-common';
+import { AccountEntity, AuthenticationScheme, ClientConfigurationError, StringUtils, UrlString, ServerTelemetryManager, AuthorityFactory } from '@azure/msal-common';
 import { version } from '../packageMetadata.js';
@@ -14,3 +14,3 @@ import { BrowserConstants } from '../utils/BrowserConstants.js';
 var BaseInteractionClient = /** @class */ (function () {
-    function BaseInteractionClient(config, storageImpl, browserCrypto, logger, eventHandler, performanceClient, correlationId) {
+    function BaseInteractionClient(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeMessageHandler, correlationId) {
         this.config = config;
@@ -21,2 +21,4 @@ this.browserStorage = storageImpl;
         this.eventHandler = eventHandler;
+        this.navigationClient = navigationClient;
+        this.nativeMessageHandler = nativeMessageHandler;
         this.correlationId = correlationId || this.browserCrypto.createNewGuid();
@@ -144,2 +146,32 @@ this.logger = logger.clone(BrowserConstants.MSAL_SKU, version, this.correlationId);
     };
+    /**
+     * Used to get a discovered version of the default authority.
+     * @param requestAuthority
+     * @param requestCorrelationId
+     */
+    BaseInteractionClient.prototype.getDiscoveredAuthority = function (requestAuthority) {
+        return __awaiter(this, void 0, void 0, function () {
+            var authorityOptions;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        this.logger.verbose("getDiscoveredAuthority called");
+                        authorityOptions = {
+                            protocolMode: this.config.auth.protocolMode,
+                            knownAuthorities: this.config.auth.knownAuthorities,
+                            cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata,
+                            authorityMetadata: this.config.auth.authorityMetadata
+                        };
+                        if (!requestAuthority) return [3 /*break*/, 2];
+                        this.logger.verbose("Creating discovered authority with request authority");
+                        return [4 /*yield*/, AuthorityFactory.createDiscoveredInstance(requestAuthority, this.config.system.networkClient, this.browserStorage, authorityOptions)];
+                    case 1: return [2 /*return*/, _a.sent()];
+                    case 2:
+                        this.logger.verbose("Creating discovered authority with configured authority");
+                        return [4 /*yield*/, AuthorityFactory.createDiscoveredInstance(this.config.auth.authority, this.config.system.networkClient, this.browserStorage, authorityOptions)];
+                    case 3: return [2 /*return*/, _a.sent()];
+                }
+            });
+        });
+    };
     return BaseInteractionClient;
@@ -146,0 +178,0 @@ }());

dist/interaction_client/HybridSpaAuthorizationCodeClient.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { __extends } from '../_virtual/_tslib.js';

dist/interaction_client/PopupClient.js

@@ -1,5 +0,5 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
-import { __extends, __awaiter, __generator } from '../_virtual/_tslib.js';
-import { OIDC_DEFAULT_SCOPES, AuthError, ThrottlingUtils, Constants, UrlString } from '@azure/msal-common';
+import { __extends, __awaiter, __generator, __assign } from '../_virtual/_tslib.js';
+import { OIDC_DEFAULT_SCOPES, AuthError, UrlString, ThrottlingUtils, ProtocolUtils, PerformanceEvents, Constants } from '@azure/msal-common';
 import { StandardInteractionClient } from './StandardInteractionClient.js';
@@ -11,2 +11,5 @@ import { PopupUtils } from '../utils/PopupUtils.js';
 import { BrowserUtils } from '../utils/BrowserUtils.js';
+import { NativeInteractionClient } from './NativeInteractionClient.js';
+import { NativeMessageHandler } from '../broker/nativeBroker/NativeMessageHandler.js';
+import { BrowserAuthError } from '../error/BrowserAuthError.js';
 
@@ -88,3 +91,4 @@ /*
         return __awaiter(this, void 0, void 0, function () {
-            var serverTelemetryManager, validRequest, authCodeRequest, authClient, navigateUrl, interactionHandler, popupParameters, popupWindow, hash, state, result, e_1;
+            var serverTelemetryManager, validRequest, authCodeRequest, authClient, isNativeBroker, fetchNativeAccountIdMeasurement, navigateUrl, interactionHandler, popupParameters, popupWindow, hash, serverParams, state_1, nativeInteractionClient, userRequestState, result, e_1;
+            var _this = this;
             return __generator(this, function (_a) {
@@ -109,3 +113,8 @@ switch (_a.label) {
                         this.logger.verbose("Auth code client created");
-                        return [4 /*yield*/, authClient.getAuthCodeUrl(validRequest)];
+                        isNativeBroker = NativeMessageHandler.isNativeAvailable(this.config, this.logger, this.nativeMessageHandler, request.authenticationScheme);
+                        fetchNativeAccountIdMeasurement = void 0;
+                        if (isNativeBroker) {
+                            fetchNativeAccountIdMeasurement = this.performanceClient.startMeasurement(PerformanceEvents.FetchAccountIdWithNativeBroker, request.correlationId);
+                        }
+                        return [4 /*yield*/, authClient.getAuthCodeUrl(__assign(__assign({}, validRequest), { nativeBroker: isNativeBroker }))];
                     case 5:
@@ -124,6 +133,26 @@ navigateUrl = _a.sent();
                         hash = _a.sent();
-                        state = this.validateAndExtractStateFromHash(hash, InteractionType.Popup, validRequest.correlationId);
+                        serverParams = UrlString.getDeserializedHash(hash);
+                        state_1 = this.validateAndExtractStateFromHash(serverParams, InteractionType.Popup, validRequest.correlationId);
                         // Remove throttle if it exists
                         ThrottlingUtils.removeThrottle(this.browserStorage, this.config.auth.clientId, authCodeRequest);
-                        return [4 /*yield*/, interactionHandler.handleCodeResponseFromHash(hash, state, authClient.authority, this.networkClient)];
+                        if (serverParams.accountId) {
+                            this.logger.verbose("Account id found in hash, calling WAM for token");
+                            // end measurement for server call with native brokering enabled
+                            if (fetchNativeAccountIdMeasurement) {
+                                fetchNativeAccountIdMeasurement.endMeasurement({
+                                    success: true,
+                                    isNativeBroker: true
+                                });
+                            }
+                            if (!this.nativeMessageHandler) {
+                                throw BrowserAuthError.createNativeConnectionNotEstablishedError();
+                            }
+                            nativeInteractionClient = new NativeInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.acquireTokenPopup, this.performanceClient, this.nativeMessageHandler, serverParams.accountId, validRequest.correlationId);
+                            userRequestState = ProtocolUtils.parseRequestState(this.browserCrypto, state_1).userRequestState;
+                            return [2 /*return*/, nativeInteractionClient.acquireToken(__assign(__assign({}, validRequest), { state: userRequestState, prompt: undefined // Server should handle the prompt, ideally native broker can do this part silently
+                                 })).finally(function () {
+                                    _this.browserStorage.cleanRequestByState(state_1);
+                                })];
+                        }
+                        return [4 /*yield*/, interactionHandler.handleCodeResponseFromHash(hash, state_1, authClient.authority, this.networkClient)];
                     case 7:
@@ -130,0 +159,0 @@ result = _a.sent();

dist/interaction_client/RedirectClient.js

@@ -1,5 +0,5 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
-import { __extends, __awaiter, __generator } from '../_virtual/_tslib.js';
-import { UrlString, AuthError, Constants } from '@azure/msal-common';
+import { __extends, __awaiter, __generator, __assign } from '../_virtual/_tslib.js';
+import { UrlString, AuthError, Constants, ThrottlingUtils, ProtocolUtils } from '@azure/msal-common';
 import { StandardInteractionClient } from './StandardInteractionClient.js';
@@ -11,2 +11,4 @@ import { TemporaryCacheKeys, ApiId, InteractionType } from '../utils/BrowserConstants.js';
 import { BrowserAuthError } from '../error/BrowserAuthError.js';
+import { NativeInteractionClient } from './NativeInteractionClient.js';
+import { NativeMessageHandler } from '../broker/nativeBroker/NativeMessageHandler.js';
 
@@ -55,3 +57,3 @@ /*
                         interactionHandler = new RedirectHandler(authClient, this.browserStorage, authCodeRequest, this.logger, this.browserCrypto);
-                        return [4 /*yield*/, authClient.getAuthCodeUrl(validRequest)];
+                        return [4 /*yield*/, authClient.getAuthCodeUrl(__assign(__assign({}, validRequest), { nativeBroker: NativeMessageHandler.isNativeAvailable(this.config, this.logger, this.nativeMessageHandler, request.authenticationScheme) }))];
                     case 5:
@@ -94,3 +96,3 @@ navigateUrl = _a.sent();
         return __awaiter(this, void 0, void 0, function () {
-            var serverTelemetryManager, responseHash, state, loginRequestUrl, loginRequestUrlNormalized, currentUrlNormalized, handleHashResult, navigationOptions, processHashOnRedirect, homepage, e_2;
+            var serverTelemetryManager, responseHash, state, serverParams, loginRequestUrl, loginRequestUrlNormalized, currentUrlNormalized, handleHashResult, navigationOptions, processHashOnRedirect, homepage, e_2;
             return __generator(this, function (_a) {
@@ -116,3 +118,4 @@ switch (_a.label) {
                         try {
-                            state = this.validateAndExtractStateFromHash(responseHash, InteractionType.Redirect);
+                            serverParams = UrlString.getDeserializedHash(responseHash);
+                            state = this.validateAndExtractStateFromHash(serverParams, InteractionType.Redirect);
                             this.logger.verbose("State extracted from hash");
@@ -218,3 +221,4 @@ }
         return __awaiter(this, void 0, void 0, function () {
-            var cachedRequest, currentAuthority, authClient, interactionHandler;
+            var cachedRequest, serverParams, nativeInteractionClient, userRequestState, currentAuthority, authClient, interactionHandler;
+            var _this = this;
             return __generator(this, function (_a) {
@@ -225,2 +229,15 @@ switch (_a.label) {
                         this.logger.verbose("handleHash called, retrieved cached request");
+                        serverParams = UrlString.getDeserializedHash(hash);
+                        if (serverParams.accountId) {
+                            this.logger.verbose("Account id found in hash, calling WAM for token");
+                            if (!this.nativeMessageHandler) {
+                                throw BrowserAuthError.createNativeConnectionNotEstablishedError();
+                            }
+                            nativeInteractionClient = new NativeInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, ApiId.acquireTokenPopup, this.performanceClient, this.nativeMessageHandler, serverParams.accountId, cachedRequest.correlationId);
+                            userRequestState = ProtocolUtils.parseRequestState(this.browserCrypto, state).userRequestState;
+                            return [2 /*return*/, nativeInteractionClient.acquireToken(__assign(__assign({}, cachedRequest), { state: userRequestState, prompt: undefined // Server should handle the prompt, ideally native broker can do this part silently
+                                 })).finally(function () {
+                                    _this.browserStorage.cleanRequestByState(state);
+                                })];
+                        }
                         currentAuthority = this.browserStorage.getCachedAuthority(state);
@@ -234,4 +251,5 @@ if (!currentAuthority) {
                         this.logger.verbose("Auth code client created");
+                        ThrottlingUtils.removeThrottle(this.browserStorage, this.config.auth.clientId, cachedRequest);
                         interactionHandler = new RedirectHandler(authClient, this.browserStorage, cachedRequest, this.logger, this.browserCrypto);
-                        return [4 /*yield*/, interactionHandler.handleCodeResponseFromHash(hash, state, authClient.authority, this.networkClient, this.config.auth.clientId)];
+                        return [4 /*yield*/, interactionHandler.handleCodeResponseFromHash(hash, state, authClient.authority, this.networkClient)];
                     case 2: return [2 /*return*/, _a.sent()];
@@ -238,0 +256,0 @@ }

dist/interaction_client/SilentAuthCodeClient.d.ts

@@ -9,5 +9,6 @@ import { AuthenticationResult, ICrypto, Logger, IPerformanceClient } from "@azure/msal-common";
 import { AuthorizationCodeRequest } from "../request/AuthorizationCodeRequest";
+import { NativeMessageHandler } from "../broker/nativeBroker/NativeMessageHandler";
 export declare class SilentAuthCodeClient extends StandardInteractionClient {
     private apiId;
-    constructor(config: BrowserConfiguration, storageImpl: BrowserCacheManager, browserCrypto: ICrypto, logger: Logger, eventHandler: EventHandler, navigationClient: INavigationClient, apiId: ApiId, performanceClient: IPerformanceClient, correlationId?: string);
+    constructor(config: BrowserConfiguration, storageImpl: BrowserCacheManager, browserCrypto: ICrypto, logger: Logger, eventHandler: EventHandler, navigationClient: INavigationClient, apiId: ApiId, performanceClient: IPerformanceClient, nativeMessageHandler?: NativeMessageHandler, correlationId?: string);
     /**
@@ -14,0 +15,0 @@ * Acquires a token silently by redeeming an authorization code against the /token endpoint

dist/interaction_client/SilentAuthCodeClient.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -17,4 +17,4 @@ import { __extends, __awaiter, __generator, __assign } from '../_virtual/_tslib.js';
     __extends(SilentAuthCodeClient, _super);
-    function SilentAuthCodeClient(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, correlationId) {
-        var _this = _super.call(this, config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId) || this;
+    function SilentAuthCodeClient(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeMessageHandler, correlationId) {
+        var _this = _super.call(this, config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeMessageHandler, correlationId) || this;
         _this.apiId = apiId;
@@ -21,0 +21,0 @@ return _this;

dist/interaction_client/SilentCacheClient.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -6,4 +6,3 @@ import { __extends, __awaiter, __generator, __assign } from '../_virtual/_tslib.js';
 import { PerformanceEvents, SilentFlowClient } from '@azure/msal-common';
-import { EventType } from '../event/EventType.js';
-import { InteractionType, ApiId } from '../utils/BrowserConstants.js';
+import { ApiId } from '../utils/BrowserConstants.js';
 import { BrowserAuthError, BrowserAuthErrorMessage } from '../error/BrowserAuthError.js';
@@ -42,3 +41,2 @@
                         cachedToken = _a.sent();
-                        this.eventHandler.emitEvent(EventType.ACQUIRE_TOKEN_SUCCESS, InteractionType.Silent, cachedToken);
                         acquireTokenMeasurement.endMeasurement({
@@ -45,0 +43,0 @@ success: true,

dist/interaction_client/SilentIframeClient.d.ts

@@ -1,3 +0,4 @@
-import { AuthenticationResult, ICrypto, Logger, CommonAuthorizationCodeRequest, AuthorizationCodeClient, IPerformanceClient } from "@azure/msal-common";
+import { AuthenticationResult, ICrypto, Logger, AuthorizationCodeClient, IPerformanceClient } from "@azure/msal-common";
 import { StandardInteractionClient } from "./StandardInteractionClient";
+import { AuthorizationUrlRequest } from "../request/AuthorizationUrlRequest";
 import { BrowserConfiguration } from "../config/Configuration";
@@ -9,5 +10,6 @@ import { BrowserCacheManager } from "../cache/BrowserCacheManager";
 import { SsoSilentRequest } from "../request/SsoSilentRequest";
+import { NativeMessageHandler } from "../broker/nativeBroker/NativeMessageHandler";
 export declare class SilentIframeClient extends StandardInteractionClient {
     protected apiId: ApiId;
-    constructor(config: BrowserConfiguration, storageImpl: BrowserCacheManager, browserCrypto: ICrypto, logger: Logger, eventHandler: EventHandler, navigationClient: INavigationClient, apiId: ApiId, performanceClient: IPerformanceClient, correlationId?: string);
+    constructor(config: BrowserConfiguration, storageImpl: BrowserCacheManager, browserCrypto: ICrypto, logger: Logger, eventHandler: EventHandler, navigationClient: INavigationClient, apiId: ApiId, performanceClient: IPerformanceClient, nativeMessageHandler?: NativeMessageHandler, correlationId?: string);
     /**
@@ -28,4 +30,4 @@ * Acquires a token silently by opening a hidden iframe to the /authorize endpoint with prompt=none
      */
-    protected silentTokenHelper(navigateUrl: string, authCodeRequest: CommonAuthorizationCodeRequest, authClient: AuthorizationCodeClient, browserRequestLogger: Logger): Promise<AuthenticationResult>;
+    protected silentTokenHelper(authClient: AuthorizationCodeClient, silentRequest: AuthorizationUrlRequest): Promise<AuthenticationResult>;
 }
 //# sourceMappingURL=SilentIframeClient.d.ts.map

dist/interaction_client/SilentIframeClient.js

@@ -1,5 +0,5 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
 import { __extends, __awaiter, __generator, __assign } from '../_virtual/_tslib.js';
-import { AuthError, Constants, PerformanceEvents, StringUtils, PromptValue } from '@azure/msal-common';
+import { AuthError, Constants, PerformanceEvents, StringUtils, PromptValue, UrlString, ProtocolUtils } from '@azure/msal-common';
 import { StandardInteractionClient } from './StandardInteractionClient.js';
@@ -9,2 +9,4 @@ import { BrowserAuthError } from '../error/BrowserAuthError.js';
 import { SilentHandler } from '../interaction_handler/SilentHandler.js';
+import { NativeMessageHandler } from '../broker/nativeBroker/NativeMessageHandler.js';
+import { NativeInteractionClient } from './NativeInteractionClient.js';
 
@@ -17,4 +19,4 @@ /*
     __extends(SilentIframeClient, _super);
-    function SilentIframeClient(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, correlationId) {
-        var _this = _super.call(this, config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId) || this;
+    function SilentIframeClient(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, apiId, performanceClient, nativeMessageHandler, correlationId) {
+        var _this = _super.call(this, config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, nativeMessageHandler, correlationId) || this;
         _this.apiId = apiId;
@@ -29,3 +31,3 @@ return _this;
         return __awaiter(this, void 0, void 0, function () {
-            var acquireTokenMeasurement, silentRequest, serverTelemetryManager, authCodeRequest, authClient, navigateUrl, e_1;
+            var acquireTokenMeasurement, silentRequest, serverTelemetryManager, authClient, e_1;
             return __generator(this, function (_a) {
@@ -54,15 +56,8 @@ switch (_a.label) {
                     case 2:
-                        _a.trys.push([2, 7, , 8]);
-                        return [4 /*yield*/, this.initializeAuthorizationCodeRequest(silentRequest)];
+                        _a.trys.push([2, 5, , 6]);
+                        return [4 /*yield*/, this.createAuthCodeClient(serverTelemetryManager, silentRequest.authority, silentRequest.azureCloudOptions)];
                     case 3:
-                        authCodeRequest = _a.sent();
-                        return [4 /*yield*/, this.createAuthCodeClient(serverTelemetryManager, silentRequest.authority, silentRequest.azureCloudOptions)];
-                    case 4:
                         authClient = _a.sent();
                         this.logger.verbose("Auth code client created");
-                        return [4 /*yield*/, authClient.getAuthCodeUrl(silentRequest)];
-                    case 5:
-                        navigateUrl = _a.sent();
-                        return [4 /*yield*/, this.silentTokenHelper(navigateUrl, authCodeRequest, authClient, this.logger)
-                                .then(function (result) {
+                        return [4 /*yield*/, this.silentTokenHelper(authClient, silentRequest).then(function (result) {
                                 acquireTokenMeasurement.endMeasurement({
@@ -74,4 +69,4 @@ success: true,
                             })];
-                    case 6: return [2 /*return*/, _a.sent()];
-                    case 7:
+                    case 4: return [2 /*return*/, _a.sent()];
+                    case 5:
                         e_1 = _a.sent();
@@ -87,3 +82,3 @@ if (e_1 instanceof AuthError) {
                         throw e_1;
-                    case 8: return [2 /*return*/];
+                    case 6: return [2 /*return*/];
                 }
@@ -106,16 +101,34 @@ });
      */
-    SilentIframeClient.prototype.silentTokenHelper = function (navigateUrl, authCodeRequest, authClient, browserRequestLogger) {
+    SilentIframeClient.prototype.silentTokenHelper = function (authClient, silentRequest) {
         return __awaiter(this, void 0, void 0, function () {
-            var silentHandler, msalFrame, hash, state;
+            var authCodeRequest, navigateUrl, silentHandler, msalFrame, hash, serverParams, state, nativeInteractionClient, userRequestState;
+            var _this = this;
             return __generator(this, function (_a) {
                 switch (_a.label) {
-                    case 0:
-                        silentHandler = new SilentHandler(authClient, this.browserStorage, authCodeRequest, browserRequestLogger, this.config.system.navigateFrameWait);
+                    case 0: return [4 /*yield*/, this.initializeAuthorizationCodeRequest(silentRequest)];
+                    case 1:
+                        authCodeRequest = _a.sent();
+                        return [4 /*yield*/, authClient.getAuthCodeUrl(__assign(__assign({}, silentRequest), { nativeBroker: NativeMessageHandler.isNativeAvailable(this.config, this.logger, this.nativeMessageHandler, silentRequest.authenticationScheme) }))];
+                    case 2:
+                        navigateUrl = _a.sent();
+                        silentHandler = new SilentHandler(authClient, this.browserStorage, authCodeRequest, this.logger, this.config.system.navigateFrameWait);
                         return [4 /*yield*/, silentHandler.initiateAuthRequest(navigateUrl)];
-                    case 1:
+                    case 3:
                         msalFrame = _a.sent();
                         return [4 /*yield*/, silentHandler.monitorIframeForHash(msalFrame, this.config.system.iframeHashTimeout)];
-                    case 2:
+                    case 4:
                         hash = _a.sent();
-                        state = this.validateAndExtractStateFromHash(hash, InteractionType.Silent, authCodeRequest.correlationId);
+                        serverParams = UrlString.getDeserializedHash(hash);
+                        state = this.validateAndExtractStateFromHash(serverParams, InteractionType.Silent, authCodeRequest.correlationId);
+                        if (serverParams.accountId) {
+                            this.logger.verbose("Account id found in hash, calling WAM for token");
+                            if (!this.nativeMessageHandler) {
+                                throw BrowserAuthError.createNativeConnectionNotEstablishedError();
+                            }
+                            nativeInteractionClient = new NativeInteractionClient(this.config, this.browserStorage, this.browserCrypto, this.logger, this.eventHandler, this.navigationClient, this.apiId, this.performanceClient, this.nativeMessageHandler, serverParams.accountId, this.correlationId);
+                            userRequestState = ProtocolUtils.parseRequestState(this.browserCrypto, state).userRequestState;
+                            return [2 /*return*/, nativeInteractionClient.acquireToken(__assign(__assign({}, silentRequest), { state: userRequestState, prompt: PromptValue.NONE })).finally(function () {
+                                    _this.browserStorage.cleanRequestByState(state);
+                                })];
+                        }
                         // Handle response from hash string
@@ -122,0 +135,0 @@ return [2 /*return*/, silentHandler.handleCodeResponseFromHash(hash, state, authClient.authority, this.networkClient)];

dist/interaction_client/SilentRefreshClient.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { __extends, __awaiter, __generator, __assign } from '../_virtual/_tslib.js';

dist/interaction_client/StandardInteractionClient.d.ts

@@ -1,10 +0,6 @@
-import { ICrypto, Logger, ServerTelemetryManager, CommonAuthorizationCodeRequest, AuthorizationCodeClient, ClientConfiguration, Authority, CommonEndSessionRequest, AccountInfo, AzureCloudOptions, IPerformanceClient } from "@azure/msal-common";
+import { ServerTelemetryManager, CommonAuthorizationCodeRequest, AuthorizationCodeClient, ClientConfiguration, Authority, ServerAuthorizationCodeResponse, CommonEndSessionRequest, AccountInfo, AzureCloudOptions } from "@azure/msal-common";
 import { BaseInteractionClient } from "./BaseInteractionClient";
-import { BrowserConfiguration } from "../config/Configuration";
 import { AuthorizationUrlRequest } from "../request/AuthorizationUrlRequest";
-import { BrowserCacheManager } from "../cache/BrowserCacheManager";
-import { EventHandler } from "../event/EventHandler";
 import { InteractionType } from "../utils/BrowserConstants";
 import { EndSessionRequest } from "../request/EndSessionRequest";
-import { INavigationClient } from "../navigation/INavigationClient";
 import { RedirectRequest } from "../request/RedirectRequest";
@@ -17,4 +13,2 @@ import { PopupRequest } from "../request/PopupRequest";
 export declare abstract class StandardInteractionClient extends BaseInteractionClient {
-    protected navigationClient: INavigationClient;
-    constructor(config: BrowserConfiguration, storageImpl: BrowserCacheManager, browserCrypto: ICrypto, logger: Logger, eventHandler: EventHandler, navigationClient: INavigationClient, performanceClient: IPerformanceClient, correlationId?: string);
     /**
@@ -53,3 +47,3 @@ * Generates an auth code request tied to the url request.
      */
-    protected validateAndExtractStateFromHash(hash: string, interactionType: InteractionType, requestCorrelationId?: string): string;
+    protected validateAndExtractStateFromHash(serverParams: ServerAuthorizationCodeResponse, interactionType: InteractionType, requestCorrelationId?: string): string;
     /**
@@ -56,0 +50,0 @@ * Used to get a discovered version of the default authority.

dist/interaction_client/StandardInteractionClient.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -21,6 +21,4 @@ import { __extends, __awaiter, __generator, __assign } from '../_virtual/_tslib.js';
     __extends(StandardInteractionClient, _super);
-    function StandardInteractionClient(config, storageImpl, browserCrypto, logger, eventHandler, navigationClient, performanceClient, correlationId) {
-        var _this = _super.call(this, config, storageImpl, browserCrypto, logger, eventHandler, performanceClient, correlationId) || this;
-        _this.navigationClient = navigationClient;
-        return _this;
+    function StandardInteractionClient() {
+        return _super !== null && _super.apply(this, arguments) || this;
     }
@@ -55,3 +53,3 @@ /**
         this.logger.verbose("initializeLogoutRequest called", logoutRequest === null || logoutRequest === void 0 ? void 0 : logoutRequest.correlationId);
-        var validLogoutRequest = __assign({ correlationId: this.browserCrypto.createNewGuid() }, logoutRequest);
+        var validLogoutRequest = __assign({ correlationId: this.correlationId || this.browserCrypto.createNewGuid() }, logoutRequest);
         /**
@@ -198,6 +196,4 @@ * Set logout_hint to be login_hint from ID Token Claims if present
      */
-    StandardInteractionClient.prototype.validateAndExtractStateFromHash = function (hash, interactionType, requestCorrelationId) {
+    StandardInteractionClient.prototype.validateAndExtractStateFromHash = function (serverParams, interactionType, requestCorrelationId) {
         this.logger.verbose("validateAndExtractStateFromHash called", requestCorrelationId);
-        // Deserialize hash fragment response parameters.
-        var serverParams = UrlString.getDeserializedHash(hash);
         if (!serverParams.state) {
@@ -204,0 +200,0 @@ throw BrowserAuthError.createHashDoesNotContainStateError();

dist/interaction_handler/InteractionHandler.js

@@ -1,6 +0,6 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
 import { __awaiter, __generator } from '../_virtual/_tslib.js';
-import { StringUtils, ClientAuthError, AuthorityFactory } from '@azure/msal-common';
-import { BrowserAuthError } from '../error/BrowserAuthError.js';
+import { StringUtils, ClientAuthError, ServerError, AuthorityFactory } from '@azure/msal-common';
+import { BrowserAuthError, BrowserAuthErrorMessage } from '../error/BrowserAuthError.js';
 import { TemporaryCacheKeys } from '../utils/BrowserConstants.js';
@@ -40,3 +40,14 @@
                 }
-                authCodeResponse = this.authModule.handleFragmentResponse(locationHash, requestState);
+                try {
+                    authCodeResponse = this.authModule.handleFragmentResponse(locationHash, requestState);
+                }
+                catch (e) {
+                    if (e instanceof ServerError && e.subError === BrowserAuthErrorMessage.userCancelledError.code) {
+                        // Translate server error caused by user closing native prompt to corresponding first class MSAL error
+                        throw BrowserAuthError.createUserCancelledError();
+                    }
+                    else {
+                        throw e;
+                    }
+                }
                 return [2 /*return*/, this.handleCodeResponseFromServer(authCodeResponse, state, authority, networkModule)];
@@ -43,0 +54,0 @@ });

dist/interaction_handler/PopupHandler.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { __extends } from '../_virtual/_tslib.js';

dist/interaction_handler/RedirectHandler.d.ts

@@ -23,4 +23,4 @@ import { AuthorizationCodeClient, CommonAuthorizationCodeRequest, ICrypto, AuthenticationResult, Authority, INetworkModule, Logger } from "@azure/msal-common";
      */
-    handleCodeResponseFromHash(locationHash: string, state: string, authority: Authority, networkModule: INetworkModule, clientId?: string): Promise<AuthenticationResult>;
+    handleCodeResponseFromHash(locationHash: string, state: string, authority: Authority, networkModule: INetworkModule): Promise<AuthenticationResult>;
 }
 //# sourceMappingURL=RedirectHandler.d.ts.map

dist/interaction_handler/RedirectHandler.js

@@ -1,6 +0,6 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
 import { __extends, __awaiter, __generator } from '../_virtual/_tslib.js';
-import { StringUtils, ThrottlingUtils, ClientAuthError } from '@azure/msal-common';
-import { BrowserAuthError } from '../error/BrowserAuthError.js';
+import { StringUtils, ClientAuthError, ServerError } from '@azure/msal-common';
+import { BrowserAuthError, BrowserAuthErrorMessage } from '../error/BrowserAuthError.js';
 import { TemporaryCacheKeys, ApiId } from '../utils/BrowserConstants.js';
@@ -80,3 +80,3 @@ import { InteractionHandler } from './InteractionHandler.js';
      */
-    RedirectHandler.prototype.handleCodeResponseFromHash = function (locationHash, state, authority, networkModule, clientId) {
+    RedirectHandler.prototype.handleCodeResponseFromHash = function (locationHash, state, authority, networkModule) {
         return __awaiter(this, void 0, void 0, function () {
@@ -99,3 +99,14 @@ var stateKey, requestState, authCodeResponse, nonceKey, cachedNonce, cachedCcsCred, tokenResponse;
                         }
-                        authCodeResponse = this.authModule.handleFragmentResponse(locationHash, requestState);
+                        try {
+                            authCodeResponse = this.authModule.handleFragmentResponse(locationHash, requestState);
+                        }
+                        catch (e) {
+                            if (e instanceof ServerError && e.subError === BrowserAuthErrorMessage.userCancelledError.code) {
+                                // Translate server error caused by user closing native prompt to corresponding first class MSAL error
+                                throw BrowserAuthError.createUserCancelledError();
+                            }
+                            else {
+                                throw e;
+                            }
+                        }
                         nonceKey = this.browserStorage.generateNonceKey(requestState);
@@ -123,6 +134,2 @@ cachedNonce = this.browserStorage.getTemporaryCache(nonceKey);
                         }
-                        // Remove throttle if it exists
-                        if (clientId) {
-                            ThrottlingUtils.removeThrottle(this.browserStorage, clientId, this.authCodeRequest);
-                        }
                         return [4 /*yield*/, this.authModule.acquireToken(this.authCodeRequest, authCodeResponse)];
@@ -129,0 +136,0 @@ case 3:

dist/interaction_handler/SilentHandler.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { __extends, __awaiter, __generator } from '../_virtual/_tslib.js';

dist/navigation/NavigationClient.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ /*

dist/network/FetchClient.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { __awaiter, __generator } from '../_virtual/_tslib.js';

dist/network/XhrClient.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { __awaiter, __generator } from '../_virtual/_tslib.js';

dist/packageMetadata.d.ts

 export declare const name = "@azure/msal-browser";
-export declare const version = "2.23.0";
+export declare const version = "2.24.0-beta.0";
 //# sourceMappingURL=packageMetadata.d.ts.map

dist/packageMetadata.js

@@ -1,8 +0,8 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
 /* eslint-disable header/header */
 var name = "@azure/msal-browser";
-var version = "2.23.0";
+var version = "2.24.0-beta.0";
 
 export { name, version };
 //# sourceMappingURL=packageMetadata.js.map

dist/request/AuthorizationCodeRequest.d.ts

 import { CommonAuthorizationCodeRequest } from "@azure/msal-common";
 export declare type AuthorizationCodeRequest = Partial<Omit<CommonAuthorizationCodeRequest, "code" | "enableSpaAuthorizationCode" | "requestedClaimsHash">> & {
-    code: string;
+    code?: string;
+    nativeAccountId?: string;
     cloudGraphHostName?: string;
@@ -5,0 +6,0 @@ msGraphHost?: string;

dist/request/AuthorizationUrlRequest.d.ts

@@ -5,3 +5,3 @@ import { CommonAuthorizationUrlRequest } from "@azure/msal-common";
  */
-export declare type AuthorizationUrlRequest = Omit<CommonAuthorizationUrlRequest, "state" | "nonce" | "requestedClaimsHash"> & {
+export declare type AuthorizationUrlRequest = Omit<CommonAuthorizationUrlRequest, "state" | "nonce" | "requestedClaimsHash" | "nativeBroker"> & {
     state: string;
@@ -8,0 +8,0 @@ nonce: string;

dist/request/PopupRequest.d.ts

@@ -28,3 +28,3 @@ import { CommonAuthorizationUrlRequest } from "@azure/msal-common";
  */
-export declare type PopupRequest = Partial<Omit<CommonAuthorizationUrlRequest, "responseMode" | "scopes" | "codeChallenge" | "codeChallengeMethod" | "requestedClaimsHash">> & {
+export declare type PopupRequest = Partial<Omit<CommonAuthorizationUrlRequest, "responseMode" | "scopes" | "codeChallenge" | "codeChallengeMethod" | "requestedClaimsHash" | "nativeBroker">> & {
     scopes: Array<string>;
@@ -31,0 +31,0 @@ popupWindowAttributes?: PopupWindowAttributes;

dist/request/RedirectRequest.d.ts

@@ -28,3 +28,3 @@ import { CommonAuthorizationUrlRequest } from "@azure/msal-common";
  */
-export declare type RedirectRequest = Partial<Omit<CommonAuthorizationUrlRequest, "responseMode" | "scopes" | "codeChallenge" | "codeChallengeMethod" | "requestedClaimsHash">> & {
+export declare type RedirectRequest = Partial<Omit<CommonAuthorizationUrlRequest, "responseMode" | "scopes" | "codeChallenge" | "codeChallengeMethod" | "requestedClaimsHash" | "nativeBroker">> & {
     scopes: Array<string>;
@@ -31,0 +31,0 @@ redirectStartPage?: string;

dist/request/SsoSilentRequest.d.ts

@@ -25,3 +25,3 @@ import { CommonAuthorizationUrlRequest } from "@azure/msal-common";
  */
-export declare type SsoSilentRequest = Partial<Omit<CommonAuthorizationUrlRequest, "responseMode" | "codeChallenge" | "codeChallengeMethod" | "requestedClaimsHash">>;
+export declare type SsoSilentRequest = Partial<Omit<CommonAuthorizationUrlRequest, "responseMode" | "codeChallenge" | "codeChallengeMethod" | "requestedClaimsHash" | "nativeBroker">>;
 //# sourceMappingURL=SsoSilentRequest.d.ts.map

dist/telemetry/BrowserPerformanceClient.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { __extends, __assign } from '../_virtual/_tslib.js';

dist/telemetry/BrowserPerformanceMeasurement.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ /*

dist/utils/BrowserConstants.d.ts

@@ -36,2 +36,12 @@ import { PopupRequest } from "../request/PopupRequest";
 };
+export declare const NativeConstants: {
+    CHANNEL_ID: string;
+    PREFERRED_EXTENSION_ID: string;
+};
+export declare enum NativeExtensionMethod {
+    HandshakeRequest = "Handshake",
+    HandshakeResponse = "HandshakeResponse",
+    GetToken = "GetToken",
+    Response = "Response"
+}
 export declare enum BrowserCacheLocation {
@@ -65,3 +75,4 @@ LocalStorage = "localStorage",
     CCS_CREDENTIAL = "ccs.credential",
-    CORRELATION_ID = "request.correlationId"
+    CORRELATION_ID = "request.correlationId",
+    NATIVE_REQUEST = "request.native"
 }
@@ -68,0 +79,0 @@ /**

dist/utils/BrowserConstants.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -42,2 +42,13 @@ import { OIDC_DEFAULT_SCOPES } from '@azure/msal-common';
 };
+var NativeConstants = {
+    CHANNEL_ID: "53ee284d-920a-4b59-9d30-a60315b26836",
+    PREFERRED_EXTENSION_ID: "ppnbnpeolgkicgegkbkbjmhlideopiji"
+};
+var NativeExtensionMethod;
+(function (NativeExtensionMethod) {
+    NativeExtensionMethod["HandshakeRequest"] = "Handshake";
+    NativeExtensionMethod["HandshakeResponse"] = "HandshakeResponse";
+    NativeExtensionMethod["GetToken"] = "GetToken";
+    NativeExtensionMethod["Response"] = "Response";
+})(NativeExtensionMethod || (NativeExtensionMethod = {}));
 var BrowserCacheLocation;
@@ -75,2 +86,3 @@ (function (BrowserCacheLocation) {
     TemporaryCacheKeys["CORRELATION_ID"] = "request.correlationId";
+    TemporaryCacheKeys["NATIVE_REQUEST"] = "request.native";
 })(TemporaryCacheKeys || (TemporaryCacheKeys = {}));
@@ -166,3 +178,3 @@ /**
 
-export { ApiId, BrowserCacheLocation, BrowserConstants, DB_NAME, DB_TABLE_NAME, DB_VERSION, DEFAULT_REQUEST, HTTP_REQUEST_TYPE, InMemoryCacheKeys, InteractionStatus, InteractionType, KEY_FORMAT_JWK, TemporaryCacheKeys, WrapperSKU };
+export { ApiId, BrowserCacheLocation, BrowserConstants, DB_NAME, DB_TABLE_NAME, DB_VERSION, DEFAULT_REQUEST, HTTP_REQUEST_TYPE, InMemoryCacheKeys, InteractionStatus, InteractionType, KEY_FORMAT_JWK, NativeConstants, NativeExtensionMethod, TemporaryCacheKeys, WrapperSKU };
 //# sourceMappingURL=BrowserConstants.js.map

dist/utils/BrowserProtocolUtils.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { StringUtils, ProtocolUtils, ClientAuthError, UrlString } from '@azure/msal-common';

dist/utils/BrowserStringUtils.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { Constants } from '@azure/msal-common';

dist/utils/BrowserUtils.d.ts

@@ -56,2 +56,8 @@ import { INetworkModule } from "@azure/msal-common";
     /**
+     * Throws error if native brokering is enabled but initialize hasn't been called
+     * @param allowNativeBroker
+     * @param initialized
+     */
+    static blockNativeBrokerCalledBeforeInitialized(allowNativeBroker: boolean, initialized: boolean): void;
+    /**
      * Returns boolean of whether current browser is an Internet Explorer or Edge browser.
@@ -58,0 +64,0 @@ */

dist/utils/BrowserUtils.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -122,2 +122,12 @@ import { Constants, UrlString } from '@azure/msal-common';
     /**
+     * Throws error if native brokering is enabled but initialize hasn't been called
+     * @param allowNativeBroker
+     * @param initialized
+     */
+    BrowserUtils.blockNativeBrokerCalledBeforeInitialized = function (allowNativeBroker, initialized) {
+        if (allowNativeBroker && !initialized) {
+            throw BrowserAuthError.createNativeBrokerCalledBeforeInitialize();
+        }
+    };
+    /**
      * Returns boolean of whether current browser is an Internet Explorer or Edge browser.
@@ -124,0 +134,0 @@ */

dist/utils/MathUtils.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ /*

dist/utils/PopupUtils.js

@@ -1,2 +0,2 @@
-/*! @azure/msal-browser v2.23.0 2022-04-04 */
+/*! @azure/msal-browser v2.24.0-beta.0 2022-04-27 */
 'use strict';
@@ -3,0 +3,0 @@ import { StringUtils, Constants } from '@azure/msal-common';

package.json

@@ -13,3 +13,3 @@ {
   },
-  "version": "2.23.0",
+  "version": "2.24.0-beta.0",
   "description": "Microsoft Authentication Library for js",
@@ -95,4 +95,4 @@ "keywords": [
   "dependencies": {
-    "@azure/msal-common": "^6.2.0"
+    "@azure/msal-common": "^6.3.0-beta.0"
   }
 }

README.md

@@ -0,0 +0,0 @@ # Microsoft Authentication Library for JavaScript (MSAL.js) 2.0 for Browser-Based Single-Page Applications

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

5559922

increased by11.9%

Number of package files

244

increased by7.02%

Lines of code

44067

increased by10.1%

Worsened metrics

Number of low quality alerts

2

increased by100%

Dependency changes

• Updated@azure/msal-common@^6.3.0-beta.0