@azure/msal-browser package

General error class thrown by the MSAL.js library.

This is a helper class that parses supported HTTP response authentication headers to extract and return header challenge values that can be used outside the basic authorization flows.

Browser library error class thrown by the MSAL.js library for SPAs

Browser library error class thrown by the MSAL.js library for SPAs

Error thrown when there is an error in the client code running on the browser.

Error thrown when there is an error in configuration of the MSAL.js library.

Error thrown when user interaction is required.

Class which facilitates logging of messages to a specific place.

The PublicClientApplication class is the object exposed by the library to perform authentication and authorization functions in Single Page Applications to obtain JWT tokens as described in the OAuth 2.0 Authorization Code Flow with PKCE specification.

Error thrown when there is an error with the server code, for example, unavailability.

Base class for the action requried state in an authentication flow.

Base class for the state of an authentication flow.

Error that occurred during authentication method challenge request.

Result of challenging an authentication method for registration. Uses base state type to avoid circular dependencies.

State indicating that the auth method registration flow has completed successfully.

State indicating that the auth method registration flow has failed.

State indicating that authentication method registration is required.

Error that occurred during authentication method challenge submission.

Result of submitting a challenge for authentication method registration.

State indicating that verification is required for the challenged authentication method.

Custom Auth API error.

The error class for get account errors.

The error class for getting the current account access token errors.

State indicating that MFA is required and awaiting user action. This state allows the developer to pause execution before sending the code to the user's email.

State indicating that the MFA flow has completed successfully.

State indicating that the MFA flow has failed.

Error that occurred during MFA challenge request.

Result of requesting an MFA challenge. Uses base state type to avoid circular dependencies.

Error that occurred during MFA challenge submission.

Result of submitting an MFA challenge.

State indicating that MFA verification is required. The challenge has been sent and the user needs to provide the code.

Base class for the action requried state in an authentication flow.

Represents the state that indicates the successful completion of a password reset operation.

State of a reset password operation that has failed.

Base class for the action requried state in an authentication flow.

Base class for the action requried state in an authentication flow.

Base class for the action requried state in an authentication flow.

Represents the completed state of the sign-in operation. This state indicates that the sign-in process has finished successfully.

Base class for the action requried state in an authentication flow.

Represents the state of a sign-in operation that has been failed.

Base class for the action requried state in an authentication flow.

Base class for the action requried state in an authentication flow.

The error class for sign-out errors.

Base class for the action requried state in an authentication flow.

Base class for the action requried state in an authentication flow.

Represents the state of a sign-up operation that has been completed successfully.

Represents the state of a sign-up operation that has failed.

Base class for the action requried state in an authentication flow.

Base class for the action requried state in an authentication flow.

Client network interface to send backend requests.

Details for an authentication method to be registered.

Account object with the following signature:

• homeAccountId - Home account identifier for this account object
• environment - Entity which issued the token represented by the domain of the issuer (e.g. login.microsoftonline.com)
• tenantId - Full tenant or organizational id that this account belongs to
• username - preferred_username claim of the id_token that represents this account
• localAccountId - Local, tenant-specific account identifer for this account object, usually used in legacy cases
• name - Full name for the account, including given name and family name
• idToken - raw ID token
• idTokenClaims - Object contains claims from ID token
• nativeAccountId - The user's native account ID
• tenantProfiles - Map of tenant profile objects for each tenant that the account has authenticated with in the browser
• dataBoundary - Data boundary extracted from clientInfo

AuthorizationCodeRequest: Request object passed by browser clients to exchange an authorization code for tokens.

AzureCloudInstance specific options

• azureCloudInstance - string enum providing short notation for soverign and public cloud authorities
• tenant - provision to provide the tenant info

Payload for the BrokerConnectionEstablished event

Use this to configure the auth options in the Configuration object

Telemetry Options

Use this to configure the below cache configuration options:

ClearCacheRequest

This object allows you to configure important elements of MSAL functionality and is passed into the constructor of PublicClientApplication

EndSessionPopupRequest

EndSessionRequest

Response object used for loading external tokens to cache.

• token_type: Indicates the token type value. The only type that Azure AD supports is Bearer.
• scope: The scopes that the access_token is valid for.
• expires_in: How long the access token is valid (in seconds).
• id_token: A JSON Web Token (JWT). The app can decode the segments of this token to request information about the user who signed in.
• refresh_token: An OAuth 2.0 refresh token. The app can use this token acquire additional access tokens after the current access token expires.
• access_token: The requested access token. The app can use this token to authenticate to the secured resource, such as a web API.
• client_info: Client info object

Type which describes Id Token claims known by MSAL.

InitializeApplicationRequest: Request object passed by user to initialize application

Additional information passed to the navigateInternal and navigateExternal functions

Options allowed by network request APIs.

Performance measurement taken by the library, including metadata about the request and application.

PopupRequest: Request object passed by user to retrieve a Code from the server (first leg of authorization code grant flow) with a popup window.

Popup configurations for setting dimensions and position of popup window

RedirectRequest: Request object passed by user to retrieve a Code from the server (first leg of authorization code grant flow) with a full page redirect.

SilentRequest: Request object passed by user to retrieve tokens from the cache, renew an expired token with a refresh token, or retrieve a code (first leg of authorization code grant flow) in a hidden iframe.

Request object passed by user to ssoSilent to retrieve a Code from the server (first leg of authorization code grant flow)

Account details that vary across tenants for the same user

Type definition for possible states in AuthMethodRegistrationChallengeMethodResult.

Type definition for possible states in AuthMethodRegistrationSubmitChallengeResult.

The possible states for the GetAccessTokenResult. This includes:

• GetAccessTokenCompletedState: The access token was successfully retrieved.
• GetAccessTokenFailedState: The access token retrieval failed.

The possible states for the GetAccountResult. This includes:

• GetAccountCompletedState: The account was successfully retrieved.
• GetAccountFailedState: The account retrieval failed.

The possible states for the MfaRequestChallengeResult. This includes:

• MfaVerificationRequiredState: The user needs to verify their challenge.
• MfaFailedState: The MFA request failed.

The possible states for the ResetPasswordResendCodeResult. This includes:

• ResetPasswordCodeRequiredState: The reset password process requires a code.
• ResetPasswordFailedState: The reset password process has failed.

The possible states for the ResetPasswordStartResult. This includes:

• ResetPasswordCodeRequiredState: The reset password process requires a code.
• ResetPasswordFailedState: The reset password process has failed.

The possible states for the ResetPasswordSubmitCodeResult. This includes:

• ResetPasswordPasswordRequiredState: The reset password process requires a password.
• ResetPasswordFailedState: The reset password process has failed.

The possible states for the ResetPasswordSubmitPasswordResult. This includes:

• ResetPasswordCompletedState: The reset password process has completed successfully.
• ResetPasswordFailedState: The reset password process has failed.

The possible states for the SignInResendCodeResult. This includes:

• SignInCodeRequiredState: The sign-in process requires a code.
• SignInFailedState: The sign-in process has failed.

The possible states for the SignInResult. This includes:

• SignInCodeRequiredState: The sign-in process requires a code.
• SignInPasswordRequiredState: The sign-in process requires a password.
• SignInFailedState: The sign-in process has failed.
• SignInCompletedState: The sign-in process is completed.
• AuthMethodRegistrationRequiredState: The sign-in process requires authentication method registration.
• MfaAwaitingState: The sign-in process requires MFA.

The possible states of the SignInSubmitCodeResult. This includes:

• SignInCompletedState: The sign-in process has completed successfully.
• SignInFailedState: The sign-in process has failed.
• AuthMethodRegistrationRequiredState: The user needs to register an authentication method.
• MfaAwaitingState: The user is in a multi-factor authentication (MFA) waiting state.

The possible states of the SignInSubmitPasswordResult. This includes:

• SignInCompletedState: The sign-in process has completed successfully.
• SignInFailedState: The sign-in process has failed.
• AuthMethodRegistrationRequiredState: The sign-in process requires authentication method registration.
• MfaAwaitingState: The sign-in process requires MFA.

The possible states for the SignOutResult. This includes:

• SignOutCompletedState: The sign-out operation was successful.
• SignOutFailedState: The sign-out operation failed.

The possible states for the SignUpResendCodeResult. This includes:

• SignUpCodeRequiredState: The sign-up process requires a code.
• SignUpFailedState: The sign-up process has failed.

The possible states for the SignUpResult. This includes:

• SignUpCodeRequiredState: The sign-up process requires a code.
• SignUpPasswordRequiredState: The sign-up process requires a password.
• SignUpAttributesRequiredState: The sign-up process requires additional attributes.
• SignUpFailedState: The sign-up process has failed.

The possible states for the SignUpSubmitAttributesResult. This includes:

• SignUpCompletedState: The sign-up process has completed successfully.
• SignUpFailedState: The sign-up process has failed.

The possible states for the SignUpSubmitCodeResult. This includes:

• SignUpPasswordRequiredState: The sign-up process requires a password.
• SignUpAttributesRequiredState: The sign-up process requires additional attributes.
• SignUpCompletedState: The sign-up process has completed successfully.
• SignUpFailedState: The sign-up process has failed.

The possible states for the SignUpSubmitPasswordResult. This includes:

• SignUpAttributesRequiredState: The sign-up process requires additional attributes.
• SignUpCompletedState: The sign-up process has completed successfully.
• SignUpFailedState: The sign-up process has failed.

Log message level.

creates NestedAppAuthController and passes it to the PublicClientApplication, falls back to StandardController if NestedAppAuthController is not available

creates PublicClientApplication using StandardController

Checks if the platform broker is available in the current environment.

API to load tokens to msal-browser cache.

Processes the authentication response from the redirect URL For SSO and popup scenarios broadcasts it to the main frame For redirect scenario navigates to the home page

API Codes for Telemetry purposes. Before adding a new code you must claim it in the MSAL Telemetry tracker as these number spaces are shared across all MSALs 0-99 Silent Flow 800-899 Auth Code Flow 900-999 Misc

Types of interaction currently in progress. Used in events in wrapper libraries to invoke functions when certain interaction is in progress or all interactions are complete.

Protocol modes supported by MSAL.