AzureAD/microsoft-authentication-library-for-js msal-browser-v5.0.2

@azure/msal-browser v5.0.2

on GitHub

5.0.2

Sat, 17 Jan 2026 03:11:36 GMT

Major changes

• Remove onRedirectNavigate from endSessionRequest #8066 (shylasummers@microsoft.com)
• Remove getAccountBy APIs at controller level #7807 (hemoral@microsoft.com)
• Bump @azure/msal-common to v16.0.0-beta.0 (beachball)
• Refactor event types and InteractionStatus to be more concise #8009 (shylasummers@microsoft.com)
• Changes asyncPopups to navigatePopups in Configuration #7812 (joarroyo@microsoft.com)
• Move navigateToLoginRequestUrl to request config (hemoral@microsoft.com)
• Remove encodeExtraQueryParams from config #7701 (shylasummers@microsoft.com)
• Remove claims-based caching cleanup code (hemoral@microsoft.com)
• Move loadExternalTokens out of PCA. #7828 (shylasummers@microsoft.com)
• Configuration changes to CacheOptions #7697 (joarroyo@microsoft.com)
• Configuration changes to BrowserAuthOptions #7695 (joarroyo@microsoft.com)
• Remove deprecated functions and parameters (shylasummers@microsoft.com)
• Bump @azure/msal-common to v16.0.0-alpha.0 (beachball)
• Bump eslint-config-msal to v0.0.0 (beachball)
• Bump msal-test-utils to v0.0.1 (beachball)
• Bump rollup-msal to v0.0.0 (beachball)

Minor changes

• Remove redundant perf client logging #8079 (kshabelko@microsoft.com)
• Minify logging strings with rollup plugin #8000 (kshabelko@microsoft.com)
• Implement redirect bridge to support COOP #8118 (kshabelko@microsoft.com)
• Add support for authorize call using method POST #7997 (hemoral@microsoft.com)
• Add changes in network and interaction client layers to support MFA (shen.jian@live.com)
• Instrument data boundary claim #8074 (kshabelko@microsoft.com)
• [Native Auth] Add MFA related state and results (shen.jian@live.com)
• [Native Auth] Enable the MFA and JIT (SMS) in the public interfaces #8069 (shen.jian@live.com)
• Add PCAFactory and correlation id optional params to createNestablePublicClientApplication #8093 (kshabelko@microsoft.com)
• Add extraQueryParams for api calls #7974 (yongdiwang@microsoft.com)
• Move auth error messages out of the bundle #7744 (kshabelko@microsoft.com)
• Pass forceRefresh param to NAA bridge #8052 (kshabelko@microsoft.com)
• Instrument timed out and cancelled redirects #7989 (kshabelko@microsoft.com)
• Cache upgrade & rollback support (thomas.norling@microsoft.com)
• Remove queue time instrumentation #7747 (kshabelko@microsoft.com)
• Update AccountInfo construction to include tenant-specific claims #7978 (hemoral@microsoft.com)
• Format logging strings for future minification #7999 (kshabelko@microsoft.com)
• Add support for custom claims and password change required error, #7955 (yongdiwang@microsoft.com)
• Decompose nested telemetry events #7818 (kshabelko@microsoft.com)
• Remove access tokens when cache quota is exceeded #7865 (thomas.norling@microsoft.com)
• Support authentication method registration during Sign-In, #8007 (shen.jian@live.com)
• Decompose nested constants #7782 (kshabelko@microsoft.com)
• Refactor AccountEntity into type #7674 (shylasummers@microsoft.com)
• Add native authentication feaetures for the external ID (shen.jian@live.com)
• Make correlation id mandatory for Logger calls #8071 (kshabelko@microsoft.com)

Patches

• Bump @azure/msal-browser to match @azure/msal-browser-1p (msaljsbuilds@microsoft.com)
• Bump @azure/msal-common to v16.0.2 (beachball)
• Add telemetry support for loading external tokens and related events #8221 (kshabelko@microsoft.com)
• Use cross-env for environment variable management in build scripts #8191 (kshabelko@microsoft.com)
• Remove beta tag (joarroyo@microsoft.com)
• Bump @azure/msal-common to v16.0.1 (beachball)
• Bump eslint-config-msal to v0.0.0 (beachball)
• Bump msal-test-utils to v0.0.1 (beachball)
• Bump rollup-msal to v0.0.0 (beachball)
• Update the logic for detecting phone blocked error #8087 (shen.jian@live.com)
• EAR flow falls back to auth code when /authorize returns code #8156 (thomas.norling@microsoft.com)
• [Native Auth] Fix the correlation id issue #8078 (shen.jian@live.com)
• Refactor BaseClient usage #8119 (thomas.norling@microsoft.com)
• Introduce the stateType property in state classes for the type detection #8090 (shen.jian@live.com)
• Add pageException to native fatal errors (#8065) (sameera.gajjarapu@microsoft.com)
• Add allow=local-network-access * attribute to iframe for Chrome 142 compatibility #8132 (198982749+Copilot@users.noreply.github.com)
• Export client capabilities helper (thomas.norling@microsoft.com)
• Upgrade/rollback telemetry #7738 (thomas.norling@microsoft.com)
• remove access tokens synchronously (thomas.norling@microsoft.com)
• Adding new UX_NOT_ALLOWED suberror under InteractionRequired error type #7844 (lalimasharda@microsoft.com)
• Clean up BroadcastChannel resources to fix hanging tests #8045 (kshabelko@microsoft.com)
• Add BrokerConnectionEvent to exports (thomas.norling@microsoft.com)
• Throw timeout error in acquireTokenRedirect if the redirect doesnt happen #7867 (thomas.norling@microsoft.com)
• add brokered_request_success event type (shylasummers@microsoft.com)
• Fix exception when using claims with Nested App Auth in JS Runtime environment (#8053) (dasau@microsoft.com)
• Fix redirect loop when URLs contain encoded apostrophes in MSAL Angular standalone components (#7636) (copilot@github.com)
• Rename fromNativeBroker to fromPlatformBroker #7940 (shylasummers@microsoft.com)
• Logger statements updated #7825 (lalimasharda@microsoft.com)
• Backward compatibility support #7962 (yongdiwang@microsoft.com)
• Standalone functions in PCA #7810 (hemoral@microsoft.com)
• Fix v4 merge errors #7726 (joarroyo@microsoft.com)
• Address standalone function refactoring feedback #7992 (hemoral@microsoft.com)

Changes

• Mark package for prerelease (beta) (msaljsbuilds@microsoft.com)
• Stop exporting PublicClientNext, UrlString, StringUtils, AccountEntity and AccountEntityUtils #8122 (thomas.norling@microsoft.com)
• KMSI Support #8123 (thomas.norling@microsoft.com)
• Bump to pre-release alpha (hemoral@microsoft.com)