Oliver/semblance-dev
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
semblance-dev/node_modules/@azure/msal-browser/lib/msal-browser.min.js
Michael Clervi 893b537b67 changed permissions
2025-12-19 19:26:16 +00:00

68 lines
307 KiB
JavaScript
Executable file
Raw Permalink Blame History

/*! @azure/msal-browser v4.19.0 2025-08-05 */
"use strict";!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).msal={})}(this,(function(e){
/*! @azure/msal-common v15.10.0 2025-08-05 */
const t={LIBRARY_NAME:"MSAL.JS",SKU:"msal.js.common",DEFAULT_AUTHORITY:"https://login.microsoftonline.com/common/",DEFAULT_AUTHORITY_HOST:"login.microsoftonline.com",DEFAULT_COMMON_TENANT:"common",ADFS:"adfs",DSTS:"dstsv2",AAD_INSTANCE_DISCOVERY_ENDPT:"https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=",CIAM_AUTH_URL:".ciamlogin.com",AAD_TENANT_DOMAIN_SUFFIX:".onmicrosoft.com",RESOURCE_DELIM:"|",NO_ACCOUNT:"NO_ACCOUNT",CLAIMS:"claims",CONSUMER_UTID:"9188040d-6c67-4c5b-b112-36a304b66dad",OPENID_SCOPE:"openid",PROFILE_SCOPE:"profile",OFFLINE_ACCESS_SCOPE:"offline_access",EMAIL_SCOPE:"email",CODE_GRANT_TYPE:"authorization_code",RT_GRANT_TYPE:"refresh_token",S256_CODE_CHALLENGE_METHOD:"S256",URL_FORM_CONTENT_TYPE:"application/x-www-form-urlencoded;charset=utf-8",AUTHORIZATION_PENDING:"authorization_pending",NOT_DEFINED:"not_defined",EMPTY_STRING:"",NOT_APPLICABLE:"N/A",NOT_AVAILABLE:"Not Available",FORWARD_SLASH:"/",IMDS_ENDPOINT:"http://169.254.169.254/metadata/instance/compute/location",IMDS_VERSION:"2020-06-01",IMDS_TIMEOUT:2e3,AZURE_REGION_AUTO_DISCOVER_FLAG:"TryAutoDetect",REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX:"login.microsoft.com",KNOWN_PUBLIC_CLOUDS:["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"],SHR_NONCE_VALIDITY:240,INVALID_INSTANCE:"invalid_instance"},r=200,n=400,o=400,i=499,s=500,a=599,c="GET",l="POST",h=[t.OPENID_SCOPE,t.PROFILE_SCOPE,t.OFFLINE_ACCESS_SCOPE],d=[...h,t.EMAIL_SCOPE],u="Content-Type",g="Content-Length",p="Retry-After",m="X-AnchorMailbox",f="WWW-Authenticate",y="Authentication-Info",C="x-ms-request-id",v="x-ms-httpver",w="active-account-filters",I="common",T="organizations",A="consumers",k="access_token",S="xms_cc",b={LOGIN:"login",SELECT_ACCOUNT:"select_account",CONSENT:"consent",NONE:"none",CREATE:"create",NO_SESSION:"no_session"},E="code",R="id_token token refresh_token",_={QUERY:"query",FRAGMENT:"fragment"},P="query",M="authorization_code",O="refresh_token",q="MSSTS",N="ADFS",U="Generic",L="-",H=".",x={ID_TOKEN:"IdToken",ACCESS_TOKEN:"AccessToken",ACCESS_TOKEN_WITH_AUTH_SCHEME:"AccessToken_With_AuthScheme",REFRESH_TOKEN:"RefreshToken"},D="appmetadata",B="1",F="authority-metadata",z=86400,K="config",G="cache",$="network",Q="hardcoded_values",j={SCHEMA_VERSION:5,MAX_LAST_HEADER_BYTES:330,MAX_CACHED_ERRORS:50,CACHE_KEY:"server-telemetry",CATEGORY_SEPARATOR:"|",VALUE_SEPARATOR:",",OVERFLOW_TRUE:"1",OVERFLOW_FALSE:"0",UNKNOWN_ERROR:"unknown_error"},W={BEARER:"Bearer",POP:"pop",SSH:"ssh-cert"},V=60,J=3600,Y="throttling",X="retry-after, h429",Z="invalid_grant",ee="client_mismatch",te="1",re="3",ne="4",oe="2",ie="4",se="5",ae="0",ce="1",le="2",he="3",de="4",ue={Jwt:"JWT",Jwk:"JWK",Pop:"pop"},ge="unexpected_error",pe="post_request_failed";var me=Object.freeze({__proto__:null,postRequestFailed:pe,unexpectedError:ge});
/*! @azure/msal-common v15.10.0 2025-08-05 */const fe={[ge]:"Unexpected error in authentication.",[pe]:"Post request failed from the network, could be a 4xx/5xx or a network unavailability. Please check the exact error code for details."},ye={unexpectedError:{code:ge,desc:fe[ge]},postRequestFailed:{code:pe,desc:fe[pe]}};class Ce extends Error{constructor(e,r,n){super(r?`${e}: ${r}`:e),Object.setPrototypeOf(this,Ce.prototype),this.errorCode=e||t.EMPTY_STRING,this.errorMessage=r||t.EMPTY_STRING,this.subError=n||t.EMPTY_STRING,this.name="AuthError"}setCorrelationId(e){this.correlationId=e}}function ve(e,t){return new Ce(e,t?`${fe[e]} ${t}`:fe[e])}
/*! @azure/msal-common v15.10.0 2025-08-05 */const we="client_info_decoding_error",Ie="client_info_empty_error",Te="token_parsing_error",Ae="null_or_empty_token",ke="endpoints_resolution_error",Se="network_error",be="openid_config_error",Ee="hash_not_deserialized",Re="invalid_state",_e="state_mismatch",Pe="state_not_found",Me="nonce_mismatch",Oe="auth_time_not_found",qe="max_age_transpired",Ne="multiple_matching_tokens",Ue="multiple_matching_accounts",Le="multiple_matching_appMetadata",He="request_cannot_be_made",xe="cannot_remove_empty_scope",De="cannot_append_scopeset",Be="empty_input_scopeset",Fe="device_code_polling_cancelled",ze="device_code_expired",Ke="device_code_unknown_error",Ge="no_account_in_silent_request",$e="invalid_cache_record",Qe="invalid_cache_environment",je="no_account_found",We="no_crypto_object",Ve="unexpected_credential_type",Je="invalid_assertion",Ye="invalid_client_credential",Xe="token_refresh_required",Ze="user_timeout_reached",et="token_claims_cnf_required_for_signedjwt",tt="authorization_code_missing_from_server_response",rt="binding_key_not_removed",nt="end_session_endpoint_not_supported",ot="key_id_missing",it="no_network_connectivity",st="user_canceled",at="missing_tenant_id_error",ct="method_not_implemented",lt="nested_app_auth_bridge_disabled";var ht=Object.freeze({__proto__:null,authTimeNotFound:Oe,authorizationCodeMissingFromServerResponse:tt,bindingKeyNotRemoved:rt,cannotAppendScopeSet:De,cannotRemoveEmptyScope:xe,clientInfoDecodingError:we,clientInfoEmptyError:Ie,deviceCodeExpired:ze,deviceCodePollingCancelled:Fe,deviceCodeUnknownError:Ke,emptyInputScopeSet:Be,endSessionEndpointNotSupported:nt,endpointResolutionError:ke,hashNotDeserialized:Ee,invalidAssertion:Je,invalidCacheEnvironment:Qe,invalidCacheRecord:$e,invalidClientCredential:Ye,invalidState:Re,keyIdMissing:ot,maxAgeTranspired:qe,methodNotImplemented:ct,missingTenantIdError:at,multipleMatchingAccounts:Ue,multipleMatchingAppMetadata:Le,multipleMatchingTokens:Ne,nestedAppAuthBridgeDisabled:lt,networkError:Se,noAccountFound:je,noAccountInSilentRequest:Ge,noCryptoObject:We,noNetworkConnectivity:it,nonceMismatch:Me,nullOrEmptyToken:Ae,openIdConfigError:be,requestCannotBeMade:He,stateMismatch:_e,stateNotFound:Pe,tokenClaimsCnfRequiredForSignedJwt:et,tokenParsingError:Te,tokenRefreshRequired:Xe,unexpectedCredentialType:Ve,userCanceled:st,userTimeoutReached:Ze});
/*! @azure/msal-common v15.10.0 2025-08-05 */const dt={[we]:"The client info could not be parsed/decoded correctly",[Ie]:"The client info was empty",[Te]:"Token cannot be parsed",[Ae]:"The token is null or empty",[ke]:"Endpoints cannot be resolved",[Se]:"Network request failed",[be]:"Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints.",[Ee]:"The hash parameters could not be deserialized",[Re]:"State was not the expected format",[_e]:"State mismatch error",[Pe]:"State not found",[Me]:"Nonce mismatch error",[Oe]:"Max Age was requested and the ID token is missing the auth_time variable. auth_time is an optional claim and is not enabled by default - it must be enabled. See https://aka.ms/msaljs/optional-claims for more information.",[qe]:"Max Age is set to 0, or too much time has elapsed since the last end-user authentication.",[Ne]:"The cache contains multiple tokens satisfying the requirements. Call AcquireToken again providing more requirements such as authority or account.",[Ue]:"The cache contains multiple accounts satisfying the given parameters. Please pass more info to obtain the correct account",[Le]:"The cache contains multiple appMetadata satisfying the given parameters. Please pass more info to obtain the correct appMetadata",[He]:"Token request cannot be made without authorization code or refresh token.",[xe]:"Cannot remove null or empty scope from ScopeSet",[De]:"Cannot append ScopeSet",[Be]:"Empty input ScopeSet cannot be processed",[Fe]:"Caller has cancelled token endpoint polling during device code flow by setting DeviceCodeRequest.cancel = true.",[ze]:"Device code is expired.",[Ke]:"Device code stopped polling for unknown reasons.",[Ge]:"Please pass an account object, silent flow is not supported without account information",[$e]:"Cache record object was null or undefined.",[Qe]:"Invalid environment when attempting to create cache entry",[je]:"No account found in cache for given key.",[We]:"No crypto object detected.",[Ve]:"Unexpected credential type.",[Je]:"Client assertion must meet requirements described in https://tools.ietf.org/html/rfc7515",[Ye]:"Client credential (secret, certificate, or assertion) must not be empty when creating a confidential client. An application should at most have one credential",[Xe]:"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.",[Ze]:"User defined timeout for device code polling reached",[et]:"Cannot generate a POP jwt if the token_claims are not populated",[tt]:"Server response does not contain an authorization code to proceed",[rt]:"Could not remove the credential's binding key from storage.",[nt]:"The provided authority does not support logout",[ot]:"A keyId value is missing from the requested bound token's cache record and is required to match the token to it's stored binding key.",[it]:"No network connectivity. Check your internet connection.",[st]:"User cancelled the flow.",[at]:"A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.",[ct]:"This method has not been implemented",[lt]:"The nested app auth bridge is disabled"},ut={clientInfoDecodingError:{code:we,desc:dt[we]},clientInfoEmptyError:{code:Ie,desc:dt[Ie]},tokenParsingError:{code:Te,desc:dt[Te]},nullOrEmptyToken:{code:Ae,desc:dt[Ae]},endpointResolutionError:{code:ke,desc:dt[ke]},networkError:{code:Se,desc:dt[Se]},unableToGetOpenidConfigError:{code:be,desc:dt[be]},hashNotDeserialized:{code:Ee,desc:dt[Ee]},invalidStateError:{code:Re,desc:dt[Re]},stateMismatchError:{code:_e,desc:dt[_e]},stateNotFoundError:{code:Pe,desc:dt[Pe]},nonceMismatchError:{code:Me,desc:dt[Me]},authTimeNotFoundError:{code:Oe,desc:dt[Oe]},maxAgeTranspired:{code:qe,desc:dt[qe]},multipleMatchingTokens:{code:Ne,desc:dt[Ne]},multipleMatchingAccounts:{code:Ue,desc:dt[Ue]},multipleMatchingAppMetadata:{code:Le,desc:dt[Le]},tokenRequestCannotBeMade:{code:He,desc:dt[He]},removeEmptyScopeError:{code:xe,desc:dt[xe]},appendScopeSetError:{code:De,desc:dt[De]},emptyInputScopeSetError:{code:Be,desc:dt[Be]},DeviceCodePollingCancelled:{code:Fe,desc:dt[Fe]},DeviceCodeExpired:{code:ze,desc:dt[ze]},DeviceCodeUnknownError:{code:Ke,desc:dt[Ke]},NoAccountInSilentRequest:{code:Ge,desc:dt[Ge]},invalidCacheRecord:{code:$e,desc:dt[$e]},invalidCacheEnvironment:{code:Qe,desc:dt[Qe]},noAccountFound:{code:je,desc:dt[je]},noCryptoObj:{code:We,desc:dt[We]},unexpectedCredentialType:{code:Ve,desc:dt[Ve]},invalidAssertion:{code:Je,desc:dt[Je]},invalidClientCredential:{code:Ye,desc:dt[Ye]},tokenRefreshRequired:{code:Xe,desc:dt[Xe]},userTimeoutReached:{code:Ze,desc:dt[Ze]},tokenClaimsRequired:{code:et,desc:dt[et]},noAuthorizationCodeFromServer:{code:tt,desc:dt[tt]},bindingKeyNotRemovedError:{code:rt,desc:dt[rt]},logoutNotSupported:{code:nt,desc:dt[nt]},keyIdMissing:{code:ot,desc:dt[ot]},noNetworkConnectivity:{code:it,desc:dt[it]},userCanceledError:{code:st,desc:dt[st]},missingTenantIdError:{code:at,desc:dt[at]},nestedAppAuthBridgeDisabled:{code:lt,desc:dt[lt]}};class gt extends Ce{constructor(e,t){super(e,t?`${dt[e]}: ${t}`:dt[e]),this.name="ClientAuthError",Object.setPrototypeOf(this,gt.prototype)}}function pt(e,t){return new gt(e,t)}
/*! @azure/msal-common v15.10.0 2025-08-05 */const mt={createNewGuid:()=>{throw pt(ct)},base64Decode:()=>{throw pt(ct)},base64Encode:()=>{throw pt(ct)},base64UrlEncode:()=>{throw pt(ct)},encodeKid:()=>{throw pt(ct)},async getPublicKeyThumbprint(){throw pt(ct)},async removeTokenBindingKey(){throw pt(ct)},async clearKeystore(){throw pt(ct)},async signJwt(){throw pt(ct)},async hashString(){throw pt(ct)}};
/*! @azure/msal-common v15.10.0 2025-08-05 */var ft;e.LogLevel=void 0,(ft=e.LogLevel||(e.LogLevel={}))[ft.Error=0]="Error",ft[ft.Warning=1]="Warning",ft[ft.Info=2]="Info",ft[ft.Verbose=3]="Verbose",ft[ft.Trace=4]="Trace";class yt{constructor(r,n,o){this.level=e.LogLevel.Info;const i=r||yt.createDefaultLoggerOptions();this.localCallback=i.loggerCallback||(()=>{}),this.piiLoggingEnabled=i.piiLoggingEnabled||!1,this.level="number"==typeof i.logLevel?i.logLevel:e.LogLevel.Info,this.correlationId=i.correlationId||t.EMPTY_STRING,this.packageName=n||t.EMPTY_STRING,this.packageVersion=o||t.EMPTY_STRING}static createDefaultLoggerOptions(){return{loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:e.LogLevel.Info}}clone(e,t,r){return new yt({loggerCallback:this.localCallback,piiLoggingEnabled:this.piiLoggingEnabled,logLevel:this.level,correlationId:r||this.correlationId},e,t)}logMessage(t,r){if(r.logLevel>this.level||!this.piiLoggingEnabled&&r.containsPii)return;const n=`${`[${(new Date).toUTCString()}] : [${r.correlationId||this.correlationId||""}]`} : ${this.packageName}@${this.packageVersion} : ${e.LogLevel[r.logLevel]} - ${t}`;this.executeCallback(r.logLevel,n,r.containsPii||!1)}executeCallback(e,t,r){this.localCallback&&this.localCallback(e,t,r)}error(r,n){this.logMessage(r,{logLevel:e.LogLevel.Error,containsPii:!1,correlationId:n||t.EMPTY_STRING})}errorPii(r,n){this.logMessage(r,{logLevel:e.LogLevel.Error,containsPii:!0,correlationId:n||t.EMPTY_STRING})}warning(r,n){this.logMessage(r,{logLevel:e.LogLevel.Warning,containsPii:!1,correlationId:n||t.EMPTY_STRING})}warningPii(r,n){this.logMessage(r,{logLevel:e.LogLevel.Warning,containsPii:!0,correlationId:n||t.EMPTY_STRING})}info(r,n){this.logMessage(r,{logLevel:e.LogLevel.Info,containsPii:!1,correlationId:n||t.EMPTY_STRING})}infoPii(r,n){this.logMessage(r,{logLevel:e.LogLevel.Info,containsPii:!0,correlationId:n||t.EMPTY_STRING})}verbose(r,n){this.logMessage(r,{logLevel:e.LogLevel.Verbose,containsPii:!1,correlationId:n||t.EMPTY_STRING})}verbosePii(r,n){this.logMessage(r,{logLevel:e.LogLevel.Verbose,containsPii:!0,correlationId:n||t.EMPTY_STRING})}trace(r,n){this.logMessage(r,{logLevel:e.LogLevel.Trace,containsPii:!1,correlationId:n||t.EMPTY_STRING})}tracePii(r,n){this.logMessage(r,{logLevel:e.LogLevel.Trace,containsPii:!0,correlationId:n||t.EMPTY_STRING})}isPiiLoggingEnabled(){return this.piiLoggingEnabled||!1}}
/*! @azure/msal-common v15.10.0 2025-08-05 */const Ct="@azure/msal-common",vt="15.10.0",wt={None:"none",AzurePublic:"https://login.microsoftonline.com",AzurePpe:"https://login.windows-ppe.net",AzureChina:"https://login.chinacloudapi.cn",AzureGermany:"https://login.microsoftonline.de",AzureUsGovernment:"https://login.microsoftonline.us"},It="redirect_uri_empty",Tt="claims_request_parsing_error",At="authority_uri_insecure",kt="url_parse_error",St="empty_url_error",bt="empty_input_scopes_error",Et="invalid_claims",Rt="token_request_empty",_t="logout_request_empty",Pt="invalid_code_challenge_method",Mt="pkce_params_missing",Ot="invalid_cloud_discovery_metadata",qt="invalid_authority_metadata",Nt="untrusted_authority",Ut="missing_ssh_jwk",Lt="missing_ssh_kid",Ht="missing_nonce_authentication_header",xt="invalid_authentication_header",Dt="cannot_set_OIDCOptions",Bt="cannot_allow_platform_broker",Ft="authority_mismatch",zt="invalid_request_method_for_EAR",Kt="invalid_authorize_post_body_parameters";var Gt=Object.freeze({__proto__:null,authorityMismatch:Ft,authorityUriInsecure:At,cannotAllowPlatformBroker:Bt,cannotSetOIDCOptions:Dt,claimsRequestParsingError:Tt,emptyInputScopesError:bt,invalidAuthenticationHeader:xt,invalidAuthorityMetadata:qt,invalidAuthorizePostBodyParameters:Kt,invalidClaims:Et,invalidCloudDiscoveryMetadata:Ot,invalidCodeChallengeMethod:Pt,invalidRequestMethodForEAR:zt,logoutRequestEmpty:_t,missingNonceAuthenticationHeader:Ht,missingSshJwk:Ut,missingSshKid:Lt,pkceParamsMissing:Mt,redirectUriEmpty:It,tokenRequestEmpty:Rt,untrustedAuthority:Nt,urlEmptyError:St,urlParseError:kt});
/*! @azure/msal-common v15.10.0 2025-08-05 */const $t={[It]:"A redirect URI is required for all calls, and none has been set.",[Tt]:"Could not parse the given claims request object.",[At]:"Authority URIs must use https. Please see here for valid authority configuration options: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-initializing-client-applications#configuration-options",[kt]:"URL could not be parsed into appropriate segments.",[St]:"URL was empty or null.",[bt]:"Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token.",[Et]:"Given claims parameter must be a stringified JSON object.",[Rt]:"Token request was empty and not found in cache.",[_t]:"The logout request was null or undefined.",[Pt]:'code_challenge_method passed is invalid. Valid values are "plain" and "S256".',[Mt]:"Both params: code_challenge and code_challenge_method are to be passed if to be sent in the request",[Ot]:"Invalid cloudDiscoveryMetadata provided. Must be a stringified JSON object containing tenant_discovery_endpoint and metadata fields",[qt]:"Invalid authorityMetadata provided. Must by a stringified JSON object containing authorization_endpoint, token_endpoint, issuer fields.",[Nt]:"The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter.",[Ut]:"Missing sshJwk in SSH certificate request. A stringified JSON Web Key is required when using the SSH authentication scheme.",[Lt]:"Missing sshKid in SSH certificate request. A string that uniquely identifies the public SSH key is required when using the SSH authentication scheme.",[Ht]:"Unable to find an authentication header containing server nonce. Either the Authentication-Info or WWW-Authenticate headers must be present in order to obtain a server nonce.",[xt]:"Invalid authentication header provided",[Dt]:"Cannot set OIDCOptions parameter. Please change the protocol mode to OIDC or use a non-Microsoft authority.",[Bt]:"Cannot set allowPlatformBroker parameter to true when not in AAD protocol mode.",[Ft]:"Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority.",[Kt]:"Invalid authorize post body parameters provided. If you are using authorizePostBodyParameters, the request method must be POST. Please check the request method and parameters.",[zt]:"Invalid request method for EAR protocol mode. The request method cannot be GET when using EAR protocol mode. Please change the request method to POST."},Qt={redirectUriNotSet:{code:It,desc:$t[It]},claimsRequestParsingError:{code:Tt,desc:$t[Tt]},authorityUriInsecure:{code:At,desc:$t[At]},urlParseError:{code:kt,desc:$t[kt]},urlEmptyError:{code:St,desc:$t[St]},emptyScopesError:{code:bt,desc:$t[bt]},invalidClaimsRequest:{code:Et,desc:$t[Et]},tokenRequestEmptyError:{code:Rt,desc:$t[Rt]},logoutRequestEmptyError:{code:_t,desc:$t[_t]},invalidCodeChallengeMethod:{code:Pt,desc:$t[Pt]},invalidCodeChallengeParams:{code:Mt,desc:$t[Mt]},invalidCloudDiscoveryMetadata:{code:Ot,desc:$t[Ot]},invalidAuthorityMetadata:{code:qt,desc:$t[qt]},untrustedAuthority:{code:Nt,desc:$t[Nt]},missingSshJwk:{code:Ut,desc:$t[Ut]},missingSshKid:{code:Lt,desc:$t[Lt]},missingNonceAuthenticationHeader:{code:Ht,desc:$t[Ht]},invalidAuthenticationHeader:{code:xt,desc:$t[xt]},cannotSetOIDCOptions:{code:Dt,desc:$t[Dt]},cannotAllowPlatformBroker:{code:Bt,desc:$t[Bt]},authorityMismatch:{code:Ft,desc:$t[Ft]},invalidAuthorizePostBodyParameters:{code:Kt,desc:$t[Kt]},invalidRequestMethodForEAR:{code:zt,desc:$t[zt]}};class jt extends Ce{constructor(e){super(e,$t[e]),this.name="ClientConfigurationError",Object.setPrototypeOf(this,jt.prototype)}}function Wt(e){return new jt(e)}
/*! @azure/msal-common v15.10.0 2025-08-05 */class Vt{static isEmptyObj(e){if(e)try{const t=JSON.parse(e);return 0===Object.keys(t).length}catch(e){}return!0}static startsWith(e,t){return 0===e.indexOf(t)}static endsWith(e,t){return e.length>=t.length&&e.lastIndexOf(t)===e.length-t.length}static queryStringToObject(e){const t={},r=e.split("&"),n=e=>decodeURIComponent(e.replace(/\+/g," "));return r.forEach((e=>{if(e.trim()){const[r,o]=e.split(/=(.+)/g,2);r&&o&&(t[n(r)]=n(o))}})),t}static trimArrayEntries(e){return e.map((e=>e.trim()))}static removeEmptyStringsFromArray(e){return e.filter((e=>!!e))}static jsonParseHelper(e){try{return JSON.parse(e)}catch(e){return null}}static matchPattern(e,t){return new RegExp(e.replace(/\\/g,"\\\\").replace(/\*/g,"[^ ]*").replace(/\?/g,"\\?")).test(t)}}
/*! @azure/msal-common v15.10.0 2025-08-05 */class Jt{constructor(e){const t=e?Vt.trimArrayEntries([...e]):[],r=t?Vt.removeEmptyStringsFromArray(t):[];if(!r||!r.length)throw Wt(bt);this.scopes=new Set,r.forEach((e=>this.scopes.add(e)))}static fromString(e){const r=(e||t.EMPTY_STRING).split(" ");return new Jt(r)}static createSearchScopes(e){const r=new Jt(e);return r.containsOnlyOIDCScopes()?r.removeScope(t.OFFLINE_ACCESS_SCOPE):r.removeOIDCScopes(),r}containsScope(e){const t=this.printScopesLowerCase().split(" "),r=new Jt(t);return!!e&&r.scopes.has(e.toLowerCase())}containsScopeSet(e){return!(!e||e.scopes.size<=0)&&(this.scopes.size>=e.scopes.size&&e.asArray().every((e=>this.containsScope(e))))}containsOnlyOIDCScopes(){let e=0;return d.forEach((t=>{this.containsScope(t)&&(e+=1)})),this.scopes.size===e}appendScope(e){e&&this.scopes.add(e.trim())}appendScopes(e){try{e.forEach((e=>this.appendScope(e)))}catch(e){throw pt(De)}}removeScope(e){if(!e)throw pt(xe);this.scopes.delete(e.trim())}removeOIDCScopes(){d.forEach((e=>{this.scopes.delete(e)}))}unionScopeSets(e){if(!e)throw pt(Be);const t=new Set;return e.scopes.forEach((e=>t.add(e.toLowerCase()))),this.scopes.forEach((e=>t.add(e.toLowerCase()))),t}intersectingScopeSets(e){if(!e)throw pt(Be);e.containsOnlyOIDCScopes()||e.removeOIDCScopes();const t=this.unionScopeSets(e),r=e.getScopeCount(),n=this.getScopeCount();return t.size<n+r}getScopeCount(){return this.scopes.size}asArray(){const e=[];return this.scopes.forEach((t=>e.push(t))),e}printScopes(){if(this.scopes){return this.asArray().join(" ")}return t.EMPTY_STRING}printScopesLowerCase(){return this.printScopes().toLowerCase()}}
/*! @azure/msal-common v15.10.0 2025-08-05 */function Yt(e,t){return!!e&&!!t&&e===t.split(".")[1]}function Xt(e,t,r,n){if(n){const{oid:t,sub:r,tid:o,name:i,tfp:s,acr:a,preferred_username:c,upn:l,login_hint:h}=n,d=o||s||a||"";return{tenantId:d,localAccountId:t||r||"",name:i,username:c||l||"",loginHint:h,isHomeTenant:Yt(d,e)}}return{tenantId:r,localAccountId:t,username:"",isHomeTenant:Yt(r,e)}}function Zt(e,t,r,n){let o=e;if(t){const{isHomeTenant:r,...n}=t;o={...e,...n}}if(r){const{isHomeTenant:t,...i}=Xt(e.homeAccountId,e.localAccountId,e.tenantId,r);return o={...o,...i,idTokenClaims:r,idToken:n},o}return o}
/*! @azure/msal-common v15.10.0 2025-08-05 */function er(e,t){const r=function(e){if(!e)throw pt(Ae);const t=/^([^\.\s]*)\.([^\.\s]+)\.([^\.\s]*)$/.exec(e);if(!t||t.length<4)throw pt(Te);return t[2]}(e);try{const e=t(r);return JSON.parse(e)}catch(e){throw pt(Te)}}function tr(e,t){if(0===t||Date.now()-3e5>e+t)throw pt(qe)}
/*! @azure/msal-common v15.10.0 2025-08-05 */function rr(e){return e.startsWith("#/")?e.substring(2):e.startsWith("#")||e.startsWith("?")?e.substring(1):e}function nr(e){if(!e||e.indexOf("=")<0)return null;try{const t=rr(e),r=Object.fromEntries(new URLSearchParams(t));if(r.code||r.ear_jwe||r.error||r.error_description||r.state)return r}catch(e){throw pt(Ee)}return null}function or(e,t=!0,r){const n=new Array;return e.forEach(((e,o)=>{!t&&r&&o in r?n.push(`${o}=${e}`):n.push(`${o}=${encodeURIComponent(e)}`)})),n.join("&")}
/*! @azure/msal-common v15.10.0 2025-08-05 */class ir{get urlString(){return this._urlString}constructor(e){if(this._urlString=e,!this._urlString)throw Wt(St);e.includes("#")||(this._urlString=ir.canonicalizeUri(e))}static canonicalizeUri(e){if(e){let t=e.toLowerCase();return Vt.endsWith(t,"?")?t=t.slice(0,-1):Vt.endsWith(t,"?/")&&(t=t.slice(0,-2)),Vt.endsWith(t,"/")||(t+="/"),t}return e}validateAsUri(){let e;try{e=this.getUrlComponents()}catch(e){throw Wt(kt)}if(!e.HostNameAndPort||!e.PathSegments)throw Wt(kt);if(!e.Protocol||"https:"!==e.Protocol.toLowerCase())throw Wt(At)}static appendQueryString(e,t){return t?e.indexOf("?")<0?`${e}?${t}`:`${e}&${t}`:e}static removeHashFromUrl(e){return ir.canonicalizeUri(e.split("#")[0])}replaceTenantPath(e){const t=this.getUrlComponents(),r=t.PathSegments;return!e||0===r.length||r[0]!==I&&r[0]!==T||(r[0]=e),ir.constructAuthorityUriFromObject(t)}getUrlComponents(){const e=RegExp("^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?"),t=this.urlString.match(e);if(!t)throw Wt(kt);const r={Protocol:t[1],HostNameAndPort:t[4],AbsolutePath:t[5],QueryString:t[7]};let n=r.AbsolutePath.split("/");return n=n.filter((e=>e&&e.length>0)),r.PathSegments=n,r.QueryString&&r.QueryString.endsWith("/")&&(r.QueryString=r.QueryString.substring(0,r.QueryString.length-1)),r}static getDomainFromUrl(e){const t=RegExp("^([^:/?#]+://)?([^/?#]*)"),r=e.match(t);if(!r)throw Wt(kt);return r[2]}static getAbsoluteUrl(e,r){if(e[0]===t.FORWARD_SLASH){const t=new ir(r).getUrlComponents();return t.Protocol+"//"+t.HostNameAndPort+e}return e}static constructAuthorityUriFromObject(e){return new ir(e.Protocol+"//"+e.HostNameAndPort+"/"+e.PathSegments.join("/"))}static hashContainsKnownProperties(e){return!!nr(e)}}
/*! @azure/msal-common v15.10.0 2025-08-05 */const sr={"login.microsoftonline.com":{token_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.microsoftonline.com/{tenantid}/discovery/v2.0/keys",issuer:"https://login.microsoftonline.com/{tenantid}/v2.0",authorization_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/logout"},"login.chinacloudapi.cn":{token_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.chinacloudapi.cn/{tenantid}/discovery/v2.0/keys",issuer:"https://login.partner.microsoftonline.cn/{tenantid}/v2.0",authorization_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/logout"},"login.microsoftonline.us":{token_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.microsoftonline.us/{tenantid}/discovery/v2.0/keys",issuer:"https://login.microsoftonline.us/{tenantid}/v2.0",authorization_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/logout"}},ar={metadata:[{preferred_network:"login.microsoftonline.com",preferred_cache:"login.windows.net",aliases:["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"]},{preferred_network:"login.partner.microsoftonline.cn",preferred_cache:"login.partner.microsoftonline.cn",aliases:["login.partner.microsoftonline.cn","login.chinacloudapi.cn"]},{preferred_network:"login.microsoftonline.de",preferred_cache:"login.microsoftonline.de",aliases:["login.microsoftonline.de"]},{preferred_network:"login.microsoftonline.us",preferred_cache:"login.microsoftonline.us",aliases:["login.microsoftonline.us","login.usgovcloudapi.net"]},{preferred_network:"login-us.microsoftonline.com",preferred_cache:"login-us.microsoftonline.com",aliases:["login-us.microsoftonline.com"]}]},cr=new Set;function lr(e,t,r,n){if(n?.trace(`getAliasesFromMetadata called with source: ${r}`),e&&t){const o=hr(t,e);if(o)return n?.trace(`getAliasesFromMetadata: found cloud discovery metadata in ${r}, returning aliases`),o.aliases;n?.trace(`getAliasesFromMetadata: did not find cloud discovery metadata in ${r}`)}return null}function hr(e,t){for(let r=0;r<e.length;r++){const n=e[r];if(n.aliases.includes(t))return n}return null}
/*! @azure/msal-common v15.10.0 2025-08-05 */ar.metadata.forEach((e=>{e.aliases.forEach((e=>{cr.add(e)}))}));const dr="cache_quota_exceeded",ur="cache_error_unknown",gr={[dr]:"Exceeded cache storage capacity.",[ur]:"Unexpected error occurred when using cache storage."};class pr extends Ce{constructor(e,t){const r=t||(gr[e]?gr[e]:gr[ur]);super(`${e}: ${r}`),Object.setPrototypeOf(this,pr.prototype),this.name="CacheError",this.errorCode=e,this.errorMessage=r}}function mr(e){return e instanceof Error?"QuotaExceededError"===e.name||"NS_ERROR_DOM_QUOTA_REACHED"===e.name||e.message.includes("exceeded the quota")?new pr(dr):new pr(e.name,e.message):new pr(ur)}
/*! @azure/msal-common v15.10.0 2025-08-05 */class fr{constructor(e,t,r,n,o){this.clientId=e,this.cryptoImpl=t,this.commonLogger=r.clone(Ct,vt),this.staticAuthorityOptions=o,this.performanceClient=n}getAllAccounts(e,t){return this.buildTenantProfiles(this.getAccountsFilteredBy(e,t),t,e)}getAccountInfoFilteredBy(e,t){const r=this.getAllAccounts(e,t);if(r.length>1){return r.sort((e=>e.idTokenClaims?-1:1))[0]}return 1===r.length?r[0]:null}getBaseAccountInfo(e,t){const r=this.getAccountsFilteredBy(e,t);return r.length>0?r[0].getAccountInfo():null}buildTenantProfiles(e,t,r){return e.flatMap((e=>this.getTenantProfilesFromAccountEntity(e,t,r?.tenantId,r)))}getTenantedAccountInfoByFilter(e,t,r,n,o){let i,s=null;if(o&&!this.tenantProfileMatchesFilter(r,o))return null;const a=this.getIdToken(e,n,t,r.tenantId);return a&&(i=er(a.secret,this.cryptoImpl.base64Decode),!this.idTokenClaimsMatchTenantProfileFilter(i,o))?null:(s=Zt(e,r,i,a?.secret),s)}getTenantProfilesFromAccountEntity(e,t,r,n){const o=e.getAccountInfo();let i=o.tenantProfiles||new Map;const s=this.getTokenKeys();if(r){const e=i.get(r);if(!e)return[];i=new Map([[r,e]])}const a=[];return i.forEach((e=>{const r=this.getTenantedAccountInfoByFilter(o,s,e,t,n);r&&a.push(r)})),a}tenantProfileMatchesFilter(e,t){return!(t.localAccountId&&!this.matchLocalAccountIdFromTenantProfile(e,t.localAccountId))&&((!t.name||e.name===t.name)&&(void 0===t.isHomeTenant||e.isHomeTenant===t.isHomeTenant))}idTokenClaimsMatchTenantProfileFilter(e,t){if(t){if(t.localAccountId&&!this.matchLocalAccountIdFromTokenClaims(e,t.localAccountId))return!1;if(t.loginHint&&!this.matchLoginHintFromTokenClaims(e,t.loginHint))return!1;if(t.username&&!this.matchUsername(e.preferred_username,t.username))return!1;if(t.name&&!this.matchName(e,t.name))return!1;if(t.sid&&!this.matchSid(e,t.sid))return!1}return!0}async saveCacheRecord(e,t,r){if(!e)throw pt($e);try{e.account&&await this.setAccount(e.account,t),e.idToken&&!1!==r?.idToken&&await this.setIdTokenCredential(e.idToken,t),e.accessToken&&!1!==r?.accessToken&&await this.saveAccessToken(e.accessToken,t),e.refreshToken&&!1!==r?.refreshToken&&await this.setRefreshTokenCredential(e.refreshToken,t),e.appMetadata&&this.setAppMetadata(e.appMetadata,t)}catch(e){throw this.commonLogger?.error("CacheManager.saveCacheRecord: failed"),e instanceof Ce?e:mr(e)}}async saveAccessToken(e,t){const r={clientId:e.clientId,credentialType:e.credentialType,environment:e.environment,homeAccountId:e.homeAccountId,realm:e.realm,tokenType:e.tokenType,requestedClaimsHash:e.requestedClaimsHash},n=this.getTokenKeys(),o=Jt.fromString(e.target);n.accessToken.forEach((e=>{if(!this.accessTokenKeyMatchesFilter(e,r,!1))return;const n=this.getAccessTokenCredential(e,t);if(n&&this.credentialMatchesFilter(n,r)){Jt.fromString(n.target).intersectingScopeSets(o)&&this.removeAccessToken(e,t)}})),await this.setAccessTokenCredential(e,t)}getAccountsFilteredBy(e,t){const r=this.getAccountKeys(),n=[];return r.forEach((r=>{const o=this.getAccount(r,t);if(!o)return;if(e.homeAccountId&&!this.matchHomeAccountId(o,e.homeAccountId))return;if(e.username&&!this.matchUsername(o.username,e.username))return;if(e.environment&&!this.matchEnvironment(o,e.environment))return;if(e.realm&&!this.matchRealm(o,e.realm))return;if(e.nativeAccountId&&!this.matchNativeAccountId(o,e.nativeAccountId))return;if(e.authorityType&&!this.matchAuthorityType(o,e.authorityType))return;const i={localAccountId:e?.localAccountId,name:e?.name},s=o.tenantProfiles?.filter((e=>this.tenantProfileMatchesFilter(e,i)));s&&0===s.length||n.push(o)})),n}credentialMatchesFilter(e,t){if(t.clientId&&!this.matchClientId(e,t.clientId))return!1;if(t.userAssertionHash&&!this.matchUserAssertionHash(e,t.userAssertionHash))return!1;if("string"==typeof t.homeAccountId&&!this.matchHomeAccountId(e,t.homeAccountId))return!1;if(t.environment&&!this.matchEnvironment(e,t.environment))return!1;if(t.realm&&!this.matchRealm(e,t.realm))return!1;if(t.credentialType&&!this.matchCredentialType(e,t.credentialType))return!1;if(t.familyId&&!this.matchFamilyId(e,t.familyId))return!1;if(t.target&&!this.matchTarget(e,t.target))return!1;if((t.requestedClaimsHash||e.requestedClaimsHash)&&e.requestedClaimsHash!==t.requestedClaimsHash)return!1;if(e.credentialType===x.ACCESS_TOKEN_WITH_AUTH_SCHEME){if(t.tokenType&&!this.matchTokenType(e,t.tokenType))return!1;if(t.tokenType===W.SSH&&t.keyId&&!this.matchKeyId(e,t.keyId))return!1}return!0}getAppMetadataFilteredBy(e){const t=this.getKeys(),r={};return t.forEach((t=>{if(!this.isAppMetadata(t))return;const n=this.getAppMetadata(t);n&&(e.environment&&!this.matchEnvironment(n,e.environment)||e.clientId&&!this.matchClientId(n,e.clientId)||(r[t]=n))})),r}getAuthorityMetadataByAlias(e){const t=this.getAuthorityMetadataKeys();let r=null;return t.forEach((t=>{if(!this.isAuthorityMetadata(t)||-1===t.indexOf(this.clientId))return;const n=this.getAuthorityMetadata(t);n&&-1!==n.aliases.indexOf(e)&&(r=n)})),r}removeAllAccounts(e){this.getAllAccounts({},e).forEach((t=>{this.removeAccount(t,e)}))}removeAccount(e,t){this.removeAccountContext(e,t);this.getAccountKeys().filter((t=>t.includes(e.homeAccountId)&&t.includes(e.environment))).forEach((e=>{this.removeItem(e,t),this.performanceClient.incrementFields({accountsRemoved:1},t)}))}removeAccountContext(e,t){const r=this.getTokenKeys(),n=t=>t.includes(e.homeAccountId)&&t.includes(e.environment);r.idToken.filter(n).forEach((e=>{this.removeIdToken(e,t)})),r.accessToken.filter(n).forEach((e=>{this.removeAccessToken(e,t)})),r.refreshToken.filter(n).forEach((e=>{this.removeRefreshToken(e,t)}))}removeAccessToken(e,t){const r=this.getAccessTokenCredential(e,t);if(this.removeItem(e,t),this.performanceClient.incrementFields({accessTokensRemoved:1},t),!r||r.credentialType.toLowerCase()!==x.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()||r.tokenType!==W.POP)return;const n=r.keyId;n&&this.cryptoImpl.removeTokenBindingKey(n).catch((()=>{this.commonLogger.error(`Failed to remove token binding key ${n}`,t),this.performanceClient?.incrementFields({removeTokenBindingKeyFailure:1},t)}))}removeAppMetadata(e){return this.getKeys().forEach((t=>{this.isAppMetadata(t)&&this.removeItem(t,e)})),!0}getIdToken(e,t,r,n,o){this.commonLogger.trace("CacheManager - getIdToken called");const i={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:x.ID_TOKEN,clientId:this.clientId,realm:n},s=this.getIdTokensByFilter(i,t,r),a=s.size;if(a<1)return this.commonLogger.info("CacheManager:getIdToken - No token found"),null;if(a>1){let r=s;if(!n){const t=new Map;s.forEach(((r,n)=>{r.realm===e.tenantId&&t.set(n,r)}));const n=t.size;if(n<1)return this.commonLogger.info("CacheManager:getIdToken - Multiple ID tokens found for account but none match account entity tenant id, returning first result"),s.values().next().value;if(1===n)return this.commonLogger.info("CacheManager:getIdToken - Multiple ID tokens found for account, defaulting to home tenant profile"),t.values().next().value;r=t}return this.commonLogger.info("CacheManager:getIdToken - Multiple matching ID tokens found, clearing them"),r.forEach(((e,r)=>{this.removeIdToken(r,t)})),o&&t&&o.addFields({multiMatchedID:s.size},t),null}return this.commonLogger.info("CacheManager:getIdToken - Returning ID token"),s.values().next().value}getIdTokensByFilter(e,t,r){const n=r&&r.idToken||this.getTokenKeys().idToken,o=new Map;return n.forEach((r=>{if(!this.idTokenKeyMatchesFilter(r,{clientId:this.clientId,...e}))return;const n=this.getIdTokenCredential(r,t);n&&this.credentialMatchesFilter(n,e)&&o.set(r,n)})),o}idTokenKeyMatchesFilter(e,t){const r=e.toLowerCase();return(!t.clientId||-1!==r.indexOf(t.clientId.toLowerCase()))&&(!t.homeAccountId||-1!==r.indexOf(t.homeAccountId.toLowerCase()))}removeIdToken(e,t){this.removeItem(e,t)}removeRefreshToken(e,t){this.removeItem(e,t)}getAccessToken(e,t,r,n){const o=t.correlationId;this.commonLogger.trace("CacheManager - getAccessToken called",o);const i=Jt.createSearchScopes(t.scopes),s=t.authenticationScheme||W.BEARER,a=s&&s.toLowerCase()!==W.BEARER.toLowerCase()?x.ACCESS_TOKEN_WITH_AUTH_SCHEME:x.ACCESS_TOKEN,c={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:a,clientId:this.clientId,realm:n||e.tenantId,target:i,tokenType:s,keyId:t.sshKid,requestedClaimsHash:t.requestedClaimsHash},l=r&&r.accessToken||this.getTokenKeys().accessToken,h=[];l.forEach((e=>{if(this.accessTokenKeyMatchesFilter(e,c,!0)){const t=this.getAccessTokenCredential(e,o);t&&this.credentialMatchesFilter(t,c)&&h.push(t)}}));const d=h.length;return d<1?(this.commonLogger.info("CacheManager:getAccessToken - No token found",o),null):d>1?(this.commonLogger.info("CacheManager:getAccessToken - Multiple access tokens found, clearing them",o),h.forEach((e=>{this.removeAccessToken(this.generateCredentialKey(e),o)})),this.performanceClient.addFields({multiMatchedAT:h.length},o),null):(this.commonLogger.info("CacheManager:getAccessToken - Returning access token",o),h[0])}accessTokenKeyMatchesFilter(e,t,r){const n=e.toLowerCase();if(t.clientId&&-1===n.indexOf(t.clientId.toLowerCase()))return!1;if(t.homeAccountId&&-1===n.indexOf(t.homeAccountId.toLowerCase()))return!1;if(t.realm&&-1===n.indexOf(t.realm.toLowerCase()))return!1;if(t.requestedClaimsHash&&-1===n.indexOf(t.requestedClaimsHash.toLowerCase()))return!1;if(t.target){const e=t.target.asArray();for(let t=0;t<e.length;t++){if(r&&!n.includes(e[t].toLowerCase()))return!1;if(!r&&n.includes(e[t].toLowerCase()))return!0}}return!0}getAccessTokensByFilter(e,t){const r=this.getTokenKeys(),n=[];return r.accessToken.forEach((r=>{if(!this.accessTokenKeyMatchesFilter(r,e,!0))return;const o=this.getAccessTokenCredential(r,t);o&&this.credentialMatchesFilter(o,e)&&n.push(o)})),n}getRefreshToken(e,t,r,n,o){this.commonLogger.trace("CacheManager - getRefreshToken called");const i=t?B:void 0,s={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:x.REFRESH_TOKEN,clientId:this.clientId,familyId:i},a=n&&n.refreshToken||this.getTokenKeys().refreshToken,c=[];a.forEach((e=>{if(this.refreshTokenKeyMatchesFilter(e,s)){const t=this.getRefreshTokenCredential(e,r);t&&this.credentialMatchesFilter(t,s)&&c.push(t)}}));const l=c.length;return l<1?(this.commonLogger.info("CacheManager:getRefreshToken - No refresh token found."),null):(l>1&&o&&r&&o.addFields({multiMatchedRT:l},r),this.commonLogger.info("CacheManager:getRefreshToken - returning refresh token"),c[0])}refreshTokenKeyMatchesFilter(e,t){const r=e.toLowerCase();return(!t.familyId||-1!==r.indexOf(t.familyId.toLowerCase()))&&(!(!t.familyId&&t.clientId&&-1===r.indexOf(t.clientId.toLowerCase()))&&(!t.homeAccountId||-1!==r.indexOf(t.homeAccountId.toLowerCase())))}readAppMetadataFromCache(e){const t={environment:e,clientId:this.clientId},r=this.getAppMetadataFilteredBy(t),n=Object.keys(r).map((e=>r[e])),o=n.length;if(o<1)return null;if(o>1)throw pt(Le);return n[0]}isAppMetadataFOCI(e){const t=this.readAppMetadataFromCache(e);return!(!t||t.familyId!==B)}matchHomeAccountId(e,t){return!("string"!=typeof e.homeAccountId||t!==e.homeAccountId)}matchLocalAccountIdFromTokenClaims(e,t){return t===(e.oid||e.sub)}matchLocalAccountIdFromTenantProfile(e,t){return e.localAccountId===t}matchName(e,t){return!(t.toLowerCase()!==e.name?.toLowerCase())}matchUsername(e,t){return!(!e||"string"!=typeof e||t?.toLowerCase()!==e.toLowerCase())}matchUserAssertionHash(e,t){return!(!e.userAssertionHash||t!==e.userAssertionHash)}matchEnvironment(e,t){if(this.staticAuthorityOptions){const r=function(e,t){let r;const n=e.canonicalAuthority;if(n){const o=new ir(n).getUrlComponents().HostNameAndPort;r=lr(o,e.cloudDiscoveryMetadata?.metadata,K,t)||lr(o,ar.metadata,Q,t)||e.knownAuthorities}return r||[]}(this.staticAuthorityOptions,this.commonLogger);if(r.includes(t)&&r.includes(e.environment))return!0}const r=this.getAuthorityMetadataByAlias(t);return!!(r&&r.aliases.indexOf(e.environment)>-1)}matchCredentialType(e,t){return e.credentialType&&t.toLowerCase()===e.credentialType.toLowerCase()}matchClientId(e,t){return!(!e.clientId||t!==e.clientId)}matchFamilyId(e,t){return!(!e.familyId||t!==e.familyId)}matchRealm(e,t){return!(e.realm?.toLowerCase()!==t.toLowerCase())}matchNativeAccountId(e,t){return!(!e.nativeAccountId||t!==e.nativeAccountId)}matchLoginHintFromTokenClaims(e,t){return e.login_hint===t||(e.preferred_username===t||e.upn===t)}matchSid(e,t){return e.sid===t}matchAuthorityType(e,t){return!(!e.authorityType||t.toLowerCase()!==e.authorityType.toLowerCase())}matchTarget(e,t){if(e.credentialType!==x.ACCESS_TOKEN&&e.credentialType!==x.ACCESS_TOKEN_WITH_AUTH_SCHEME||!e.target)return!1;return Jt.fromString(e.target).containsScopeSet(t)}matchTokenType(e,t){return!(!e.tokenType||e.tokenType!==t)}matchKeyId(e,t){return!(!e.keyId||e.keyId!==t)}isAppMetadata(e){return-1!==e.indexOf(D)}isAuthorityMetadata(e){return-1!==e.indexOf(F)}generateAuthorityMetadataCacheKey(e){return`${F}-${this.clientId}-${e}`}static toObject(e,t){for(const r in t)e[r]=t[r];return e}}class yr extends fr{async setAccount(){throw pt(ct)}getAccount(){throw pt(ct)}async setIdTokenCredential(){throw pt(ct)}getIdTokenCredential(){throw pt(ct)}async setAccessTokenCredential(){throw pt(ct)}getAccessTokenCredential(){throw pt(ct)}async setRefreshTokenCredential(){throw pt(ct)}getRefreshTokenCredential(){throw pt(ct)}setAppMetadata(){throw pt(ct)}getAppMetadata(){throw pt(ct)}setServerTelemetry(){throw pt(ct)}getServerTelemetry(){throw pt(ct)}setAuthorityMetadata(){throw pt(ct)}getAuthorityMetadata(){throw pt(ct)}getAuthorityMetadataKeys(){throw pt(ct)}setThrottlingCache(){throw pt(ct)}getThrottlingCache(){throw pt(ct)}removeItem(){throw pt(ct)}getKeys(){throw pt(ct)}getAccountKeys(){throw pt(ct)}getTokenKeys(){throw pt(ct)}generateCredentialKey(){throw pt(ct)}generateAccountKey(){throw pt(ct)}}
/*! @azure/msal-common v15.10.0 2025-08-05 */const Cr={AAD:"AAD",OIDC:"OIDC",EAR:"EAR"},vr={AcquireTokenByCode:"acquireTokenByCode",AcquireTokenByRefreshToken:"acquireTokenByRefreshToken",AcquireTokenSilent:"acquireTokenSilent",AcquireTokenSilentAsync:"acquireTokenSilentAsync",AcquireTokenPopup:"acquireTokenPopup",AcquireTokenPreRedirect:"acquireTokenPreRedirect",AcquireTokenRedirect:"acquireTokenRedirect",CryptoOptsGetPublicKeyThumbprint:"cryptoOptsGetPublicKeyThumbprint",CryptoOptsSignJwt:"cryptoOptsSignJwt",SilentCacheClientAcquireToken:"silentCacheClientAcquireToken",SilentIframeClientAcquireToken:"silentIframeClientAcquireToken",AwaitConcurrentIframe:"awaitConcurrentIframe",SilentRefreshClientAcquireToken:"silentRefreshClientAcquireToken",SsoSilent:"ssoSilent",StandardInteractionClientGetDiscoveredAuthority:"standardInteractionClientGetDiscoveredAuthority",FetchAccountIdWithNativeBroker:"fetchAccountIdWithNativeBroker",NativeInteractionClientAcquireToken:"nativeInteractionClientAcquireToken",BaseClientCreateTokenRequestHeaders:"baseClientCreateTokenRequestHeaders",NetworkClientSendPostRequestAsync:"networkClientSendPostRequestAsync",RefreshTokenClientExecutePostToTokenEndpoint:"refreshTokenClientExecutePostToTokenEndpoint",AuthorizationCodeClientExecutePostToTokenEndpoint:"authorizationCodeClientExecutePostToTokenEndpoint",BrokerHandhshake:"brokerHandshake",AcquireTokenByRefreshTokenInBroker:"acquireTokenByRefreshTokenInBroker",AcquireTokenByBroker:"acquireTokenByBroker",RefreshTokenClientExecuteTokenRequest:"refreshTokenClientExecuteTokenRequest",RefreshTokenClientAcquireToken:"refreshTokenClientAcquireToken",RefreshTokenClientAcquireTokenWithCachedRefreshToken:"refreshTokenClientAcquireTokenWithCachedRefreshToken",RefreshTokenClientAcquireTokenByRefreshToken:"refreshTokenClientAcquireTokenByRefreshToken",RefreshTokenClientCreateTokenRequestBody:"refreshTokenClientCreateTokenRequestBody",AcquireTokenFromCache:"acquireTokenFromCache",SilentFlowClientAcquireCachedToken:"silentFlowClientAcquireCachedToken",SilentFlowClientGenerateResultFromCacheRecord:"silentFlowClientGenerateResultFromCacheRecord",AcquireTokenBySilentIframe:"acquireTokenBySilentIframe",InitializeBaseRequest:"initializeBaseRequest",InitializeSilentRequest:"initializeSilentRequest",InitializeClientApplication:"initializeClientApplication",InitializeCache:"initializeCache",SilentIframeClientTokenHelper:"silentIframeClientTokenHelper",SilentHandlerInitiateAuthRequest:"silentHandlerInitiateAuthRequest",SilentHandlerMonitorIframeForHash:"silentHandlerMonitorIframeForHash",SilentHandlerLoadFrame:"silentHandlerLoadFrame",SilentHandlerLoadFrameSync:"silentHandlerLoadFrameSync",StandardInteractionClientCreateAuthCodeClient:"standardInteractionClientCreateAuthCodeClient",StandardInteractionClientGetClientConfiguration:"standardInteractionClientGetClientConfiguration",StandardInteractionClientInitializeAuthorizationRequest:"standardInteractionClientInitializeAuthorizationRequest",GetAuthCodeUrl:"getAuthCodeUrl",GetStandardParams:"getStandardParams",HandleCodeResponseFromServer:"handleCodeResponseFromServer",HandleCodeResponse:"handleCodeResponse",HandleResponseEar:"handleResponseEar",HandleResponsePlatformBroker:"handleResponsePlatformBroker",HandleResponseCode:"handleResponseCode",UpdateTokenEndpointAuthority:"updateTokenEndpointAuthority",AuthClientAcquireToken:"authClientAcquireToken",AuthClientExecuteTokenRequest:"authClientExecuteTokenRequest",AuthClientCreateTokenRequestBody:"authClientCreateTokenRequestBody",PopTokenGenerateCnf:"popTokenGenerateCnf",PopTokenGenerateKid:"popTokenGenerateKid",HandleServerTokenResponse:"handleServerTokenResponse",DeserializeResponse:"deserializeResponse",AuthorityFactoryCreateDiscoveredInstance:"authorityFactoryCreateDiscoveredInstance",AuthorityResolveEndpointsAsync:"authorityResolveEndpointsAsync",AuthorityResolveEndpointsFromLocalSources:"authorityResolveEndpointsFromLocalSources",AuthorityGetCloudDiscoveryMetadataFromNetwork:"authorityGetCloudDiscoveryMetadataFromNetwork",AuthorityUpdateCloudDiscoveryMetadata:"authorityUpdateCloudDiscoveryMetadata",AuthorityGetEndpointMetadataFromNetwork:"authorityGetEndpointMetadataFromNetwork",AuthorityUpdateEndpointMetadata:"authorityUpdateEndpointMetadata",AuthorityUpdateMetadataWithRegionalInformation:"authorityUpdateMetadataWithRegionalInformation",RegionDiscoveryDetectRegion:"regionDiscoveryDetectRegion",RegionDiscoveryGetRegionFromIMDS:"regionDiscoveryGetRegionFromIMDS",RegionDiscoveryGetCurrentVersion:"regionDiscoveryGetCurrentVersion",AcquireTokenByCodeAsync:"acquireTokenByCodeAsync",GetEndpointMetadataFromNetwork:"getEndpointMetadataFromNetwork",GetCloudDiscoveryMetadataFromNetworkMeasurement:"getCloudDiscoveryMetadataFromNetworkMeasurement",HandleRedirectPromiseMeasurement:"handleRedirectPromise",HandleNativeRedirectPromiseMeasurement:"handleNativeRedirectPromise",UpdateCloudDiscoveryMetadataMeasurement:"updateCloudDiscoveryMetadataMeasurement",UsernamePasswordClientAcquireToken:"usernamePasswordClientAcquireToken",NativeMessageHandlerHandshake:"nativeMessageHandlerHandshake",NativeGenerateAuthResult:"nativeGenerateAuthResult",RemoveHiddenIframe:"removeHiddenIframe",ClearTokensAndKeysWithClaims:"clearTokensAndKeysWithClaims",CacheManagerGetRefreshToken:"cacheManagerGetRefreshToken",ImportExistingCache:"importExistingCache",SetUserData:"setUserData",LocalStorageUpdated:"localStorageUpdated",GeneratePkceCodes:"generatePkceCodes",GenerateCodeVerifier:"generateCodeVerifier",GenerateCodeChallengeFromVerifier:"generateCodeChallengeFromVerifier",Sha256Digest:"sha256Digest",GetRandomValues:"getRandomValues",GenerateHKDF:"generateHKDF",GenerateBaseKey:"generateBaseKey",Base64Decode:"base64Decode",UrlEncodeArr:"urlEncodeArr",Encrypt:"encrypt",Decrypt:"decrypt",GenerateEarKey:"generateEarKey",DecryptEarResponse:"decryptEarResponse"},wr=new Map([[vr.AcquireTokenByCode,"ATByCode"],[vr.AcquireTokenByRefreshToken,"ATByRT"],[vr.AcquireTokenSilent,"ATS"],[vr.AcquireTokenSilentAsync,"ATSAsync"],[vr.AcquireTokenPopup,"ATPopup"],[vr.AcquireTokenRedirect,"ATRedirect"],[vr.CryptoOptsGetPublicKeyThumbprint,"CryptoGetPKThumb"],[vr.CryptoOptsSignJwt,"CryptoSignJwt"],[vr.SilentCacheClientAcquireToken,"SltCacheClientAT"],[vr.SilentIframeClientAcquireToken,"SltIframeClientAT"],[vr.SilentRefreshClientAcquireToken,"SltRClientAT"],[vr.SsoSilent,"SsoSlt"],[vr.StandardInteractionClientGetDiscoveredAuthority,"StdIntClientGetDiscAuth"],[vr.FetchAccountIdWithNativeBroker,"FetchAccIdWithNtvBroker"],[vr.NativeInteractionClientAcquireToken,"NtvIntClientAT"],[vr.BaseClientCreateTokenRequestHeaders,"BaseClientCreateTReqHead"],[vr.NetworkClientSendPostRequestAsync,"NetClientSendPost"],[vr.RefreshTokenClientExecutePostToTokenEndpoint,"RTClientExecPost"],[vr.AuthorizationCodeClientExecutePostToTokenEndpoint,"AuthCodeClientExecPost"],[vr.BrokerHandhshake,"BrokerHandshake"],[vr.AcquireTokenByRefreshTokenInBroker,"ATByRTInBroker"],[vr.AcquireTokenByBroker,"ATByBroker"],[vr.RefreshTokenClientExecuteTokenRequest,"RTClientExecTReq"],[vr.RefreshTokenClientAcquireToken,"RTClientAT"],[vr.RefreshTokenClientAcquireTokenWithCachedRefreshToken,"RTClientATWithCachedRT"],[vr.RefreshTokenClientAcquireTokenByRefreshToken,"RTClientATByRT"],[vr.RefreshTokenClientCreateTokenRequestBody,"RTClientCreateTReqBody"],[vr.AcquireTokenFromCache,"ATFromCache"],[vr.SilentFlowClientAcquireCachedToken,"SltFlowClientATCached"],[vr.SilentFlowClientGenerateResultFromCacheRecord,"SltFlowClientGenResFromCache"],[vr.AcquireTokenBySilentIframe,"ATBySltIframe"],[vr.InitializeBaseRequest,"InitBaseReq"],[vr.InitializeSilentRequest,"InitSltReq"],[vr.InitializeClientApplication,"InitClientApplication"],[vr.InitializeCache,"InitCache"],[vr.ImportExistingCache,"importCache"],[vr.SetUserData,"setUserData"],[vr.LocalStorageUpdated,"localStorageUpdated"],[vr.SilentIframeClientTokenHelper,"SIClientTHelper"],[vr.SilentHandlerInitiateAuthRequest,"SHandlerInitAuthReq"],[vr.SilentHandlerMonitorIframeForHash,"SltHandlerMonitorIframeForHash"],[vr.SilentHandlerLoadFrame,"SHandlerLoadFrame"],[vr.SilentHandlerLoadFrameSync,"SHandlerLoadFrameSync"],[vr.StandardInteractionClientCreateAuthCodeClient,"StdIntClientCreateAuthCodeClient"],[vr.StandardInteractionClientGetClientConfiguration,"StdIntClientGetClientConf"],[vr.StandardInteractionClientInitializeAuthorizationRequest,"StdIntClientInitAuthReq"],[vr.GetAuthCodeUrl,"GetAuthCodeUrl"],[vr.HandleCodeResponseFromServer,"HandleCodeResFromServer"],[vr.HandleCodeResponse,"HandleCodeResp"],[vr.HandleResponseEar,"HandleRespEar"],[vr.HandleResponseCode,"HandleRespCode"],[vr.HandleResponsePlatformBroker,"HandleRespPlatBroker"],[vr.UpdateTokenEndpointAuthority,"UpdTEndpointAuth"],[vr.AuthClientAcquireToken,"AuthClientAT"],[vr.AuthClientExecuteTokenRequest,"AuthClientExecTReq"],[vr.AuthClientCreateTokenRequestBody,"AuthClientCreateTReqBody"],[vr.PopTokenGenerateCnf,"PopTGenCnf"],[vr.PopTokenGenerateKid,"PopTGenKid"],[vr.HandleServerTokenResponse,"HandleServerTRes"],[vr.DeserializeResponse,"DeserializeRes"],[vr.AuthorityFactoryCreateDiscoveredInstance,"AuthFactCreateDiscInst"],[vr.AuthorityResolveEndpointsAsync,"AuthResolveEndpointsAsync"],[vr.AuthorityResolveEndpointsFromLocalSources,"AuthResolveEndpointsFromLocal"],[vr.AuthorityGetCloudDiscoveryMetadataFromNetwork,"AuthGetCDMetaFromNet"],[vr.AuthorityUpdateCloudDiscoveryMetadata,"AuthUpdCDMeta"],[vr.AuthorityGetEndpointMetadataFromNetwork,"AuthUpdCDMetaFromNet"],[vr.AuthorityUpdateEndpointMetadata,"AuthUpdEndpointMeta"],[vr.AuthorityUpdateMetadataWithRegionalInformation,"AuthUpdMetaWithRegInfo"],[vr.RegionDiscoveryDetectRegion,"RegDiscDetectReg"],[vr.RegionDiscoveryGetRegionFromIMDS,"RegDiscGetRegFromIMDS"],[vr.RegionDiscoveryGetCurrentVersion,"RegDiscGetCurrentVer"],[vr.AcquireTokenByCodeAsync,"ATByCodeAsync"],[vr.GetEndpointMetadataFromNetwork,"GetEndpointMetaFromNet"],[vr.GetCloudDiscoveryMetadataFromNetworkMeasurement,"GetCDMetaFromNet"],[vr.HandleRedirectPromiseMeasurement,"HandleRedirectPromise"],[vr.HandleNativeRedirectPromiseMeasurement,"HandleNtvRedirectPromise"],[vr.UpdateCloudDiscoveryMetadataMeasurement,"UpdateCDMeta"],[vr.UsernamePasswordClientAcquireToken,"UserPassClientAT"],[vr.NativeMessageHandlerHandshake,"NtvMsgHandlerHandshake"],[vr.NativeGenerateAuthResult,"NtvGenAuthRes"],[vr.RemoveHiddenIframe,"RemoveHiddenIframe"],[vr.ClearTokensAndKeysWithClaims,"ClearTAndKeysWithClaims"],[vr.CacheManagerGetRefreshToken,"CacheManagerGetRT"],[vr.GeneratePkceCodes,"GenPkceCodes"],[vr.GenerateCodeVerifier,"GenCodeVerifier"],[vr.GenerateCodeChallengeFromVerifier,"GenCodeChallengeFromVerifier"],[vr.Sha256Digest,"Sha256Digest"],[vr.GetRandomValues,"GetRandomValues"],[vr.GenerateHKDF,"genHKDF"],[vr.GenerateBaseKey,"genBaseKey"],[vr.Base64Decode,"b64Decode"],[vr.UrlEncodeArr,"urlEncArr"],[vr.Encrypt,"encrypt"],[vr.Decrypt,"decrypt"],[vr.GenerateEarKey,"genEarKey"],[vr.DecryptEarResponse,"decryptEarResp"]]),Ir=1,Tr=2,Ar=new Set(["accessTokenSize","durationMs","idTokenSize","matsSilentStatus","matsHttpStatus","refreshTokenSize","queuedTimeMs","startTimeMs","status","multiMatchedAT","multiMatchedID","multiMatchedRT","unencryptedCacheCount","encryptedCacheExpiredCount","oldAccountCount","oldAccessCount","oldIdCount","oldRefreshCount","currAccountCount","currAccessCount","currIdCount","currRefreshCount","expiredCacheRemovedCount","upgradedCacheCount"]);
/*! @azure/msal-common v15.10.0 2025-08-05 */
/*! @azure/msal-common v15.10.0 2025-08-05 */
class kr{startMeasurement(){}endMeasurement(){}flushMeasurement(){return null}}class Sr{generateId(){return"callback-id"}startMeasurement(e,t){return{end:()=>null,discard:()=>{},add:()=>{},increment:()=>{},event:{eventId:this.generateId(),status:Ir,authority:"",libraryName:"",libraryVersion:"",clientId:"",name:e,startTimeMs:Date.now(),correlationId:t||""},measurement:new kr}}startPerformanceMeasurement(){return new kr}calculateQueuedTime(){return 0}addQueueMeasurement(){}setPreQueueTime(){}endMeasurement(){return null}discardMeasurements(){}removePerformanceCallback(){return!0}addPerformanceCallback(){return""}emitEvents(){}addFields(){}incrementFields(){}cacheEventByCorrelationId(){}}
/*! @azure/msal-common v15.10.0 2025-08-05 */const br={tokenRenewalOffsetSeconds:300,preventCorsPreflight:!1},Er={loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:e.LogLevel.Info,correlationId:t.EMPTY_STRING},Rr={claimsBasedCachingEnabled:!1},_r={async sendGetRequestAsync(){throw pt(ct)},async sendPostRequestAsync(){throw pt(ct)}},Pr={sku:t.SKU,version:vt,cpu:t.EMPTY_STRING,os:t.EMPTY_STRING},Mr={clientSecret:t.EMPTY_STRING,clientAssertion:void 0},Or={azureCloudInstance:wt.None,tenant:`${t.DEFAULT_COMMON_TENANT}`},qr={application:{appName:"",appVersion:""}};function Nr(e){return e.authOptions.authority.options.protocolMode===Cr.OIDC}
/*! @azure/msal-common v15.10.0 2025-08-05 */const Ur="home_account_id",Lr="UPN";
/*! @azure/msal-common v15.10.0 2025-08-05 */function Hr(e,t){if(!e)throw pt(Ie);try{const r=t(e);return JSON.parse(r)}catch(e){throw pt(we)}}function xr(e){if(!e)throw pt(we);const r=e.split(H,2);return{uid:r[0],utid:r.length<2?t.EMPTY_STRING:r[1]}}
/*! @azure/msal-common v15.10.0 2025-08-05 */const Dr="client_id",Br="redirect_uri",Fr="token_type",zr="req_cnf",Kr="return_spa_code",Gr="x-client-xtra-sku",$r="brk_client_id",Qr="brk_redirect_uri",jr="instance_aware";
/*! @azure/msal-common v15.10.0 2025-08-05 */
function Wr(e,t,r){if(!t)return;const n=e.get(Dr);n&&e.has($r)&&r?.addFields({embeddedClientId:n,embeddedRedirectUri:e.get(Br)},t)}function Vr(e,t){e.set("response_type",t)}function Jr(e,t,r=!0,n=h){!r||n.includes("openid")||t.includes("openid")||n.push("openid");const o=r?[...t||[],...n]:t||[],i=new Jt(o);e.set("scope",i.printScopes())}function Yr(e,t){e.set(Dr,t)}function Xr(e,t){e.set(Br,t)}function Zr(e,t){e.set("login_hint",t)}function en(e,t){e.set(m,`UPN:${t}`)}function tn(e,t){e.set(m,`Oid:${t.uid}@${t.utid}`)}function rn(e,t){e.set("sid",t)}function nn(e,t,r){const n=yn(t,r);try{JSON.parse(n)}catch(e){throw Wt(Et)}e.set("claims",n)}function on(e,t){e.set("client-request-id",t)}function sn(e,t){e.set("x-client-SKU",t.sku),e.set("x-client-VER",t.version),t.os&&e.set("x-client-OS",t.os),t.cpu&&e.set("x-client-CPU",t.cpu)}function an(e,t){t?.appName&&e.set("x-app-name",t.appName),t?.appVersion&&e.set("x-app-ver",t.appVersion)}function cn(e,t){t&&e.set("state",t)}function ln(e,t,r){if(!t||!r)throw Wt(Mt);e.set("code_challenge",t),e.set("code_challenge_method",r)}function hn(e,t){e.set("client_secret",t)}function dn(e,t){t&&e.set("client_assertion",t)}function un(e,t){t&&e.set("client_assertion_type",t)}function gn(e,t){e.set("grant_type",t)}function pn(e){e.set("client_info","1")}function mn(e){e.has(jr)||e.set(jr,"true")}function fn(e,t){Object.entries(t).forEach((([t,r])=>{!e.has(t)&&r&&e.set(t,r)}))}function yn(e,t){let r;if(e)try{r=JSON.parse(e)}catch(e){throw Wt(Et)}else r={};return t&&t.length>0&&(r.hasOwnProperty(k)||(r[k]={}),r[k][S]={values:t}),JSON.stringify(r)}function Cn(e,t){t&&(e.set(Fr,W.POP),e.set(zr,t))}function vn(e,t){t&&(e.set(Fr,W.SSH),e.set(zr,t))}function wn(e,t){e.set("x-client-current-telemetry",t.generateCurrentRequestHeaderValue()),e.set("x-client-last-telemetry",t.generateLastRequestHeaderValue())}function In(e){e.set("x-ms-lib-capability",X)}function Tn(e,t,r){e.has($r)||e.set($r,t),e.has(Qr)||e.set(Qr,r)}
/*! @azure/msal-common v15.10.0 2025-08-05 */
const An=0,kn=1,Sn=2,bn=3;
/*! @azure/msal-common v15.10.0 2025-08-05 */
/*! @azure/msal-common v15.10.0 2025-08-05 */
const En=(e,t,r,n,o)=>(...i)=>{r.trace(`Executing function ${t}`);const s=n?.startMeasurement(t,o);if(o){const e=t+"CallCount";n?.incrementFields({[e]:1},o)}try{const n=e(...i);return s?.end({success:!0}),r.trace(`Returning result from ${t}`),n}catch(e){r.trace(`Error occurred in ${t}`);try{r.trace(JSON.stringify(e))}catch(e){r.trace("Unable to print error message.")}throw s?.end({success:!1},e),e}},Rn=(e,t,r,n,o)=>(...i)=>{r.trace(`Executing function ${t}`);const s=n?.startMeasurement(t,o);if(o){const e=t+"CallCount";n?.incrementFields({[e]:1},o)}return n?.setPreQueueTime(t,o),e(...i).then((e=>(r.trace(`Returning result from ${t}`),s?.end({success:!0}),e))).catch((e=>{r.trace(`Error occurred in ${t}`);try{r.trace(JSON.stringify(e))}catch(e){r.trace("Unable to print error message.")}throw s?.end({success:!1},e),e}))};
/*! @azure/msal-common v15.10.0 2025-08-05 */
class _n{constructor(e,t,r,n){this.networkInterface=e,this.logger=t,this.performanceClient=r,this.correlationId=n}async detectRegion(e,n){this.performanceClient?.addQueueMeasurement(vr.RegionDiscoveryDetectRegion,this.correlationId);let i=e;if(i)n.region_source=re;else{const e=_n.IMDS_OPTIONS;try{const s=await Rn(this.getRegionFromIMDS.bind(this),vr.RegionDiscoveryGetRegionFromIMDS,this.logger,this.performanceClient,this.correlationId)(t.IMDS_VERSION,e);if(s.status===r&&(i=s.body,n.region_source=ne),s.status===o){const t=await Rn(this.getCurrentVersion.bind(this),vr.RegionDiscoveryGetCurrentVersion,this.logger,this.performanceClient,this.correlationId)(e);if(!t)return n.region_source=te,null;const o=await Rn(this.getRegionFromIMDS.bind(this),vr.RegionDiscoveryGetRegionFromIMDS,this.logger,this.performanceClient,this.correlationId)(t,e);o.status===r&&(i=o.body,n.region_source=ne)}}catch(e){return n.region_source=te,null}}return i||(n.region_source=te),i||null}async getRegionFromIMDS(e,r){return this.performanceClient?.addQueueMeasurement(vr.RegionDiscoveryGetRegionFromIMDS,this.correlationId),this.networkInterface.sendGetRequestAsync(`${t.IMDS_ENDPOINT}?api-version=${e}&format=text`,r,t.IMDS_TIMEOUT)}async getCurrentVersion(e){this.performanceClient?.addQueueMeasurement(vr.RegionDiscoveryGetCurrentVersion,this.correlationId);try{const r=await this.networkInterface.sendGetRequestAsync(`${t.IMDS_ENDPOINT}?format=json`,e);return r.status===o&&r.body&&r.body["newest-versions"]&&r.body["newest-versions"].length>0?r.body["newest-versions"][0]:null}catch(e){return null}}}
/*! @azure/msal-common v15.10.0 2025-08-05 */
function Pn(){return Math.round((new Date).getTime()/1e3)}function Mn(e){return e.getTime()/1e3}function On(e){return e?new Date(1e3*Number(e)):new Date}function qn(e,t){const r=Number(e)||0;return Pn()+t>r}function Nn(e,t){const r=Number(e)+24*t*60*60*1e3;return Date.now()>r}function Un(e){return Number(e)>Pn()}
/*! @azure/msal-common v15.10.0 2025-08-05 */function Ln(e,t,r,n,o){return{credentialType:x.ID_TOKEN,homeAccountId:e,environment:t,clientId:n,secret:r,realm:o,lastUpdatedAt:Date.now().toString()}}function Hn(e,t,r,n,o,i,s,a,c,l,h,d,u,g,p){const m={homeAccountId:e,credentialType:x.ACCESS_TOKEN,secret:r,cachedAt:Pn().toString(),expiresOn:s.toString(),extendedExpiresOn:a.toString(),environment:t,clientId:n,realm:o,target:i,tokenType:h||W.BEARER,lastUpdatedAt:Date.now().toString()};if(d&&(m.userAssertionHash=d),l&&(m.refreshOn=l.toString()),g&&(m.requestedClaims=g,m.requestedClaimsHash=p),m.tokenType?.toLowerCase()!==W.BEARER.toLowerCase())switch(m.credentialType=x.ACCESS_TOKEN_WITH_AUTH_SCHEME,m.tokenType){case W.POP:const e=er(r,c);if(!e?.cnf?.kid)throw pt(et);m.keyId=e.cnf.kid;break;case W.SSH:m.keyId=u}return m}function xn(e,t,r,n,o,i,s){const a={credentialType:x.REFRESH_TOKEN,homeAccountId:e,environment:t,clientId:n,secret:r,lastUpdatedAt:Date.now().toString()};return i&&(a.userAssertionHash=i),o&&(a.familyId=o),s&&(a.expiresOn=s.toString()),a}function Dn(e){return e.hasOwnProperty("homeAccountId")&&e.hasOwnProperty("environment")&&e.hasOwnProperty("credentialType")&&e.hasOwnProperty("clientId")&&e.hasOwnProperty("secret")}function Bn(e){return!!e&&(Dn(e)&&e.hasOwnProperty("realm")&&e.hasOwnProperty("target")&&(e.credentialType===x.ACCESS_TOKEN||e.credentialType===x.ACCESS_TOKEN_WITH_AUTH_SCHEME))}function Fn(e){return!!e&&(Dn(e)&&e.credentialType===x.REFRESH_TOKEN)}function zn(){return Pn()+z}function Kn(e,t,r){e.authorization_endpoint=t.authorization_endpoint,e.token_endpoint=t.token_endpoint,e.end_session_endpoint=t.end_session_endpoint,e.issuer=t.issuer,e.endpointsFromNetwork=r,e.jwks_uri=t.jwks_uri}function Gn(e,t,r){e.aliases=t.aliases,e.preferred_cache=t.preferred_cache,e.preferred_network=t.preferred_network,e.aliasesFromNetwork=r}function $n(e){return e.expiresAt<=Pn()}
/*! @azure/msal-common v15.10.0 2025-08-05 */_n.IMDS_OPTIONS={headers:{Metadata:"true"}};class Qn{constructor(e,t,r,n,o,i,s,a){this.canonicalAuthority=e,this._canonicalAuthority.validateAsUri(),this.networkInterface=t,this.cacheManager=r,this.authorityOptions=n,this.regionDiscoveryMetadata={region_used:void 0,region_source:void 0,region_outcome:void 0},this.logger=o,this.performanceClient=s,this.correlationId=i,this.managedIdentity=a||!1,this.regionDiscovery=new _n(t,this.logger,this.performanceClient,this.correlationId)}getAuthorityType(e){if(e.HostNameAndPort.endsWith(t.CIAM_AUTH_URL))return bn;const r=e.PathSegments;if(r.length)switch(r[0].toLowerCase()){case t.ADFS:return kn;case t.DSTS:return Sn}return An}get authorityType(){return this.getAuthorityType(this.canonicalAuthorityUrlComponents)}get protocolMode(){return this.authorityOptions.protocolMode}get options(){return this.authorityOptions}get canonicalAuthority(){return this._canonicalAuthority.urlString}set canonicalAuthority(e){this._canonicalAuthority=new ir(e),this._canonicalAuthority.validateAsUri(),this._canonicalAuthorityUrlComponents=null}get canonicalAuthorityUrlComponents(){return this._canonicalAuthorityUrlComponents||(this._canonicalAuthorityUrlComponents=this._canonicalAuthority.getUrlComponents()),this._canonicalAuthorityUrlComponents}get hostnameAndPort(){return this.canonicalAuthorityUrlComponents.HostNameAndPort.toLowerCase()}get tenant(){return this.canonicalAuthorityUrlComponents.PathSegments[0]}get authorizationEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.authorization_endpoint);throw pt(ke)}get tokenEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.token_endpoint);throw pt(ke)}get deviceCodeEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.token_endpoint.replace("/token","/devicecode"));throw pt(ke)}get endSessionEndpoint(){if(this.discoveryComplete()){if(!this.metadata.end_session_endpoint)throw pt(nt);return this.replacePath(this.metadata.end_session_endpoint)}throw pt(ke)}get selfSignedJwtAudience(){if(this.discoveryComplete())return this.replacePath(this.metadata.issuer);throw pt(ke)}get jwksUri(){if(this.discoveryComplete())return this.replacePath(this.metadata.jwks_uri);throw pt(ke)}canReplaceTenant(e){return 1===e.PathSegments.length&&!Qn.reservedTenantDomains.has(e.PathSegments[0])&&this.getAuthorityType(e)===An&&this.protocolMode!==Cr.OIDC}replaceTenant(e){return e.replace(/{tenant}|{tenantid}/g,this.tenant)}replacePath(e){let t=e;const r=new ir(this.metadata.canonical_authority).getUrlComponents(),n=r.PathSegments;return this.canonicalAuthorityUrlComponents.PathSegments.forEach(((e,o)=>{let i=n[o];if(0===o&&this.canReplaceTenant(r)){const e=new ir(this.metadata.authorization_endpoint).getUrlComponents().PathSegments[0];i!==e&&(this.logger.verbose(`Replacing tenant domain name ${i} with id ${e}`),i=e)}e!==i&&(t=t.replace(`/${i}/`,`/${e}/`))})),this.replaceTenant(t)}get defaultOpenIdConfigurationEndpoint(){const e=this.hostnameAndPort;return this.canonicalAuthority.endsWith("v2.0/")||this.authorityType===kn||this.protocolMode===Cr.OIDC&&!this.isAliasOfKnownMicrosoftAuthority(e)?`${this.canonicalAuthority}.well-known/openid-configuration`:`${this.canonicalAuthority}v2.0/.well-known/openid-configuration`}discoveryComplete(){return!!this.metadata}async resolveEndpointsAsync(){this.performanceClient?.addQueueMeasurement(vr.AuthorityResolveEndpointsAsync,this.correlationId);const e=this.getCurrentMetadataEntity(),t=await Rn(this.updateCloudDiscoveryMetadata.bind(this),vr.AuthorityUpdateCloudDiscoveryMetadata,this.logger,this.performanceClient,this.correlationId)(e);this.canonicalAuthority=this.canonicalAuthority.replace(this.hostnameAndPort,e.preferred_network);const r=await Rn(this.updateEndpointMetadata.bind(this),vr.AuthorityUpdateEndpointMetadata,this.logger,this.performanceClient,this.correlationId)(e);this.updateCachedMetadata(e,t,{source:r}),this.performanceClient?.addFields({cloudDiscoverySource:t,authorityEndpointSource:r},this.correlationId)}getCurrentMetadataEntity(){let e=this.cacheManager.getAuthorityMetadataByAlias(this.hostnameAndPort);return e||(e={aliases:[],preferred_cache:this.hostnameAndPort,preferred_network:this.hostnameAndPort,canonical_authority:this.canonicalAuthority,authorization_endpoint:"",token_endpoint:"",end_session_endpoint:"",issuer:"",aliasesFromNetwork:!1,endpointsFromNetwork:!1,expiresAt:zn(),jwks_uri:""}),e}updateCachedMetadata(e,t,r){t!==G&&r?.source!==G&&(e.expiresAt=zn(),e.canonical_authority=this.canonicalAuthority);const n=this.cacheManager.generateAuthorityMetadataCacheKey(e.preferred_cache);this.cacheManager.setAuthorityMetadata(n,e),this.metadata=e}async updateEndpointMetadata(e){this.performanceClient?.addQueueMeasurement(vr.AuthorityUpdateEndpointMetadata,this.correlationId);const t=this.updateEndpointMetadataFromLocalSources(e);if(t){if(t.source===Q&&this.authorityOptions.azureRegionConfiguration?.azureRegion&&t.metadata){Kn(e,await Rn(this.updateMetadataWithRegionalInformation.bind(this),vr.AuthorityUpdateMetadataWithRegionalInformation,this.logger,this.performanceClient,this.correlationId)(t.metadata),!1),e.canonical_authority=this.canonicalAuthority}return t.source}let r=await Rn(this.getEndpointMetadataFromNetwork.bind(this),vr.AuthorityGetEndpointMetadataFromNetwork,this.logger,this.performanceClient,this.correlationId)();if(r)return this.authorityOptions.azureRegionConfiguration?.azureRegion&&(r=await Rn(this.updateMetadataWithRegionalInformation.bind(this),vr.AuthorityUpdateMetadataWithRegionalInformation,this.logger,this.performanceClient,this.correlationId)(r)),Kn(e,r,!0),$;throw pt(be,this.defaultOpenIdConfigurationEndpoint)}updateEndpointMetadataFromLocalSources(e){this.logger.verbose("Attempting to get endpoint metadata from authority configuration");const t=this.getEndpointMetadataFromConfig();if(t)return this.logger.verbose("Found endpoint metadata in authority configuration"),Kn(e,t,!1),{source:K};if(this.logger.verbose("Did not find endpoint metadata in the config... Attempting to get endpoint metadata from the hardcoded values."),this.authorityOptions.skipAuthorityMetadataCache)this.logger.verbose("Skipping hardcoded metadata cache since skipAuthorityMetadataCache is set to true. Attempting to get endpoint metadata from the network metadata cache.");else{const t=this.getEndpointMetadataFromHardcodedValues();if(t)return Kn(e,t,!1),{source:Q,metadata:t};this.logger.verbose("Did not find endpoint metadata in hardcoded values... Attempting to get endpoint metadata from the network metadata cache.")}const r=$n(e);return this.isAuthoritySameType(e)&&e.endpointsFromNetwork&&!r?(this.logger.verbose("Found endpoint metadata in the cache."),{source:G}):(r&&this.logger.verbose("The metadata entity is expired."),null)}isAuthoritySameType(e){return new ir(e.canonical_authority).getUrlComponents().PathSegments.length===this.canonicalAuthorityUrlComponents.PathSegments.length}getEndpointMetadataFromConfig(){if(this.authorityOptions.authorityMetadata)try{return JSON.parse(this.authorityOptions.authorityMetadata)}catch(e){throw Wt(qt)}return null}async getEndpointMetadataFromNetwork(){this.performanceClient?.addQueueMeasurement(vr.AuthorityGetEndpointMetadataFromNetwork,this.correlationId);const e={},t=this.defaultOpenIdConfigurationEndpoint;this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: attempting to retrieve OAuth endpoints from ${t}`);try{const r=await this.networkInterface.sendGetRequestAsync(t,e),n=function(e){return e.hasOwnProperty("authorization_endpoint")&&e.hasOwnProperty("token_endpoint")&&e.hasOwnProperty("issuer")&&e.hasOwnProperty("jwks_uri")}
/*! @azure/msal-common v15.10.0 2025-08-05 */(r.body);return n?r.body:(this.logger.verbose("Authority.getEndpointMetadataFromNetwork: could not parse response as OpenID configuration"),null)}catch(e){return this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: ${e}`),null}}getEndpointMetadataFromHardcodedValues(){return this.hostnameAndPort in sr?sr[this.hostnameAndPort]:null}async updateMetadataWithRegionalInformation(e){this.performanceClient?.addQueueMeasurement(vr.AuthorityUpdateMetadataWithRegionalInformation,this.correlationId);const r=this.authorityOptions.azureRegionConfiguration?.azureRegion;if(r){if(r!==t.AZURE_REGION_AUTO_DISCOVER_FLAG)return this.regionDiscoveryMetadata.region_outcome=oe,this.regionDiscoveryMetadata.region_used=r,Qn.replaceWithRegionalInformation(e,r);const n=await Rn(this.regionDiscovery.detectRegion.bind(this.regionDiscovery),vr.RegionDiscoveryDetectRegion,this.logger,this.performanceClient,this.correlationId)(this.authorityOptions.azureRegionConfiguration?.environmentRegion,this.regionDiscoveryMetadata);if(n)return this.regionDiscoveryMetadata.region_outcome=ie,this.regionDiscoveryMetadata.region_used=n,Qn.replaceWithRegionalInformation(e,n);this.regionDiscoveryMetadata.region_outcome=se}return e}async updateCloudDiscoveryMetadata(e){this.performanceClient?.addQueueMeasurement(vr.AuthorityUpdateCloudDiscoveryMetadata,this.correlationId);const t=this.updateCloudDiscoveryMetadataFromLocalSources(e);if(t)return t;const r=await Rn(this.getCloudDiscoveryMetadataFromNetwork.bind(this),vr.AuthorityGetCloudDiscoveryMetadataFromNetwork,this.logger,this.performanceClient,this.correlationId)();if(r)return Gn(e,r,!0),$;throw Wt(Nt)}updateCloudDiscoveryMetadataFromLocalSources(e){this.logger.verbose("Attempting to get cloud discovery metadata from authority configuration"),this.logger.verbosePii(`Known Authorities: ${this.authorityOptions.knownAuthorities||t.NOT_APPLICABLE}`),this.logger.verbosePii(`Authority Metadata: ${this.authorityOptions.authorityMetadata||t.NOT_APPLICABLE}`),this.logger.verbosePii(`Canonical Authority: ${e.canonical_authority||t.NOT_APPLICABLE}`);const r=this.getCloudDiscoveryMetadataFromConfig();if(r)return this.logger.verbose("Found cloud discovery metadata in authority configuration"),Gn(e,r,!1),K;if(this.logger.verbose("Did not find cloud discovery metadata in the config... Attempting to get cloud discovery metadata from the hardcoded values."),this.options.skipAuthorityMetadataCache)this.logger.verbose("Skipping hardcoded cloud discovery metadata cache since skipAuthorityMetadataCache is set to true. Attempting to get cloud discovery metadata from the network metadata cache.");else{const t=(n=this.hostnameAndPort,hr(ar.metadata,n));if(t)return this.logger.verbose("Found cloud discovery metadata from hardcoded values."),Gn(e,t,!1),Q;this.logger.verbose("Did not find cloud discovery metadata in hardcoded values... Attempting to get cloud discovery metadata from the network metadata cache.")}var n;const o=$n(e);return this.isAuthoritySameType(e)&&e.aliasesFromNetwork&&!o?(this.logger.verbose("Found cloud discovery metadata in the cache."),G):(o&&this.logger.verbose("The metadata entity is expired."),null)}getCloudDiscoveryMetadataFromConfig(){if(this.authorityType===bn)return this.logger.verbose("CIAM authorities do not support cloud discovery metadata, generate the aliases from authority host."),Qn.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);if(this.authorityOptions.cloudDiscoveryMetadata){this.logger.verbose("The cloud discovery metadata has been provided as a network response, in the config.");try{this.logger.verbose("Attempting to parse the cloud discovery metadata.");const e=hr(JSON.parse(this.authorityOptions.cloudDiscoveryMetadata).metadata,this.hostnameAndPort);if(this.logger.verbose("Parsed the cloud discovery metadata."),e)return this.logger.verbose("There is returnable metadata attached to the parsed cloud discovery metadata."),e;this.logger.verbose("There is no metadata attached to the parsed cloud discovery metadata.")}catch(e){throw this.logger.verbose("Unable to parse the cloud discovery metadata. Throwing Invalid Cloud Discovery Metadata Error."),Wt(Ot)}}return this.isInKnownAuthorities()?(this.logger.verbose("The host is included in knownAuthorities. Creating new cloud discovery metadata from the host."),Qn.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort)):null}async getCloudDiscoveryMetadataFromNetwork(){this.performanceClient?.addQueueMeasurement(vr.AuthorityGetCloudDiscoveryMetadataFromNetwork,this.correlationId);const e=`${t.AAD_INSTANCE_DISCOVERY_ENDPT}${this.canonicalAuthority}oauth2/v2.0/authorize`,r={};let n=null;try{const o=await this.networkInterface.sendGetRequestAsync(e,r);let i,s;if(function(e){return e.hasOwnProperty("tenant_discovery_endpoint")&&e.hasOwnProperty("metadata")}
/*! @azure/msal-common v15.10.0 2025-08-05 */(o.body))i=o.body,s=i.metadata,this.logger.verbosePii(`tenant_discovery_endpoint is: ${i.tenant_discovery_endpoint}`);else{if(!function(e){return e.hasOwnProperty("error")&&e.hasOwnProperty("error_description")}(o.body))return this.logger.error("AAD did not return a CloudInstanceDiscoveryResponse or CloudInstanceDiscoveryErrorResponse"),null;if(this.logger.warning(`A CloudInstanceDiscoveryErrorResponse was returned. The cloud instance discovery network request's status code is: ${o.status}`),i=o.body,i.error===t.INVALID_INSTANCE)return this.logger.error("The CloudInstanceDiscoveryErrorResponse error is invalid_instance."),null;this.logger.warning(`The CloudInstanceDiscoveryErrorResponse error is ${i.error}`),this.logger.warning(`The CloudInstanceDiscoveryErrorResponse error description is ${i.error_description}`),this.logger.warning("Setting the value of the CloudInstanceDiscoveryMetadata (returned from the network) to []"),s=[]}this.logger.verbose("Attempting to find a match between the developer's authority and the CloudInstanceDiscoveryMetadata returned from the network request."),n=hr(s,this.hostnameAndPort)}catch(e){if(e instanceof Ce)this.logger.error(`There was a network error while attempting to get the cloud discovery instance metadata.\nError: ${e.errorCode}\nError Description: ${e.errorMessage}`);else{const t=e;this.logger.error(`A non-MSALJS error was thrown while attempting to get the cloud instance discovery metadata.\nError: ${t.name}\nError Description: ${t.message}`)}return null}return n||(this.logger.warning("The developer's authority was not found within the CloudInstanceDiscoveryMetadata returned from the network request."),this.logger.verbose("Creating custom Authority for custom domain scenario."),n=Qn.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort)),n}isInKnownAuthorities(){return this.authorityOptions.knownAuthorities.filter((e=>e&&ir.getDomainFromUrl(e).toLowerCase()===this.hostnameAndPort)).length>0}static generateAuthority(e,r){let n;if(r&&r.azureCloudInstance!==wt.None){const e=r.tenant?r.tenant:t.DEFAULT_COMMON_TENANT;n=`${r.azureCloudInstance}/${e}/`}return n||e}static createCloudDiscoveryMetadataFromHost(e){return{preferred_network:e,preferred_cache:e,aliases:[e]}}getPreferredCache(){if(this.managedIdentity)return t.DEFAULT_AUTHORITY_HOST;if(this.discoveryComplete())return this.metadata.preferred_cache;throw pt(ke)}isAlias(e){return this.metadata.aliases.indexOf(e)>-1}isAliasOfKnownMicrosoftAuthority(e){return cr.has(e)}static isPublicCloudAuthority(e){return t.KNOWN_PUBLIC_CLOUDS.indexOf(e)>=0}static buildRegionalAuthorityString(e,r,n){const o=new ir(e);o.validateAsUri();const i=o.getUrlComponents();let s=`${r}.${i.HostNameAndPort}`;this.isPublicCloudAuthority(i.HostNameAndPort)&&(s=`${r}.${t.REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX}`);const a=ir.constructAuthorityUriFromObject({...o.getUrlComponents(),HostNameAndPort:s}).urlString;return n?`${a}?${n}`:a}static replaceWithRegionalInformation(e,t){const r={...e};return r.authorization_endpoint=Qn.buildRegionalAuthorityString(r.authorization_endpoint,t),r.token_endpoint=Qn.buildRegionalAuthorityString(r.token_endpoint,t),r.end_session_endpoint&&(r.end_session_endpoint=Qn.buildRegionalAuthorityString(r.end_session_endpoint,t)),r}static transformCIAMAuthority(e){let r=e;const n=new ir(e).getUrlComponents();if(0===n.PathSegments.length&&n.HostNameAndPort.endsWith(t.CIAM_AUTH_URL)){r=`${r}${n.HostNameAndPort.split(".")[0]}${t.AAD_TENANT_DOMAIN_SUFFIX}`}return r}}function jn(e){return e.endsWith(t.FORWARD_SLASH)?e:`${e}${t.FORWARD_SLASH}`}function Wn(e){const t=e.cloudDiscoveryMetadata;let r;if(t)try{r=JSON.parse(t)}catch(e){throw Wt(Ot)}return{canonicalAuthority:e.authority?jn(e.authority):void 0,knownAuthorities:e.knownAuthorities,cloudDiscoveryMetadata:r}}
/*! @azure/msal-common v15.10.0 2025-08-05 */async function Vn(e,t,r,n,o,i,s){s?.addQueueMeasurement(vr.AuthorityFactoryCreateDiscoveredInstance,i);const a=Qn.transformCIAMAuthority(jn(e)),c=new Qn(a,t,r,n,o,i,s);try{return await Rn(c.resolveEndpointsAsync.bind(c),vr.AuthorityResolveEndpointsAsync,o,s,i)(),c}catch(e){throw pt(ke)}}
/*! @azure/msal-common v15.10.0 2025-08-05 */Qn.reservedTenantDomains=new Set(["{tenant}","{tenantid}",I,A,T]);class Jn extends Ce{constructor(e,t,r,n,o){super(e,t,r),this.name="ServerError",this.errorNo=n,this.status=o,Object.setPrototypeOf(this,Jn.prototype)}}
/*! @azure/msal-common v15.10.0 2025-08-05 */function Yn(e,t,r){return{clientId:e,authority:t.authority,scopes:t.scopes,homeAccountIdentifier:r,claims:t.claims,authenticationScheme:t.authenticationScheme,resourceRequestMethod:t.resourceRequestMethod,resourceRequestUri:t.resourceRequestUri,shrClaims:t.shrClaims,sshKid:t.sshKid,embeddedClientId:t.embeddedClientId||t.tokenBodyParameters?.clientId}}
/*! @azure/msal-common v15.10.0 2025-08-05 */class Xn{static generateThrottlingStorageKey(e){return`${Y}.${JSON.stringify(e)}`}static preProcess(e,r,n){const o=Xn.generateThrottlingStorageKey(r),i=e.getThrottlingCache(o);if(i){if(i.throttleTime<Date.now())return void e.removeItem(o,n);throw new Jn(i.errorCodes?.join(" ")||t.EMPTY_STRING,i.errorMessage,i.subError)}}static postProcess(e,t,r,n){if(Xn.checkResponseStatus(r)||Xn.checkResponseForRetryAfter(r)){const o={throttleTime:Xn.calculateThrottleTime(parseInt(r.headers[p])),error:r.body.error,errorCodes:r.body.error_codes,errorMessage:r.body.error_description,subError:r.body.suberror};e.setThrottlingCache(Xn.generateThrottlingStorageKey(t),o,n)}}static checkResponseStatus(e){return 429===e.status||e.status>=500&&e.status<600}static checkResponseForRetryAfter(e){return!!e.headers&&(e.headers.hasOwnProperty(p)&&(e.status<200||e.status>=300))}static calculateThrottleTime(e){const t=e<=0?0:e,r=Date.now()/1e3;return Math.floor(1e3*Math.min(r+(t||V),r+J))}static removeThrottle(e,t,r,n){const o=Yn(t,r,n),i=this.generateThrottlingStorageKey(o);e.removeItem(i,r.correlationId)}}
/*! @azure/msal-common v15.10.0 2025-08-05 */class Zn extends Ce{constructor(e,t,r){super(e.errorCode,e.errorMessage,e.subError),Object.setPrototypeOf(this,Zn.prototype),this.name="NetworkError",this.error=e,this.httpStatus=t,this.responseHeaders=r}}function eo(e,t,r,n){return e.errorMessage=`${e.errorMessage}, additionalErrorInfo: error.name:${n?.name}, error.message:${n?.message}`,new Zn(e,t,r)}
/*! @azure/msal-common v15.10.0 2025-08-05 */class to{constructor(e,t){this.config=function({authOptions:e,systemOptions:t,loggerOptions:r,cacheOptions:n,storageInterface:o,networkInterface:i,cryptoInterface:s,clientCredentials:a,libraryInfo:c,telemetry:l,serverTelemetryManager:h,persistencePlugin:d,serializableCache:u}){const g={...Er,...r};return{authOptions:(p=e,{clientCapabilities:[],azureCloudOptions:Or,skipAuthorityMetadataCache:!1,instanceAware:!1,encodeExtraQueryParams:!1,...p}),systemOptions:{...br,...t},loggerOptions:g,cacheOptions:{...Rr,...n},storageInterface:o||new yr(e.clientId,mt,new yt(g),new Sr),networkInterface:i||_r,cryptoInterface:s||mt,clientCredentials:a||Mr,libraryInfo:{...Pr,...c},telemetry:{...qr,...l},serverTelemetryManager:h||null,persistencePlugin:d||null,serializableCache:u||null};var p}(e),this.logger=new yt(this.config.loggerOptions,Ct,vt),this.cryptoUtils=this.config.cryptoInterface,this.cacheManager=this.config.storageInterface,this.networkClient=this.config.networkInterface,this.serverTelemetryManager=this.config.serverTelemetryManager,this.authority=this.config.authOptions.authority,this.performanceClient=t}createTokenRequestHeaders(e){const r={};if(r[u]=t.URL_FORM_CONTENT_TYPE,!this.config.systemOptions.preventCorsPreflight&&e)switch(e.type){case Ur:try{const t=xr(e.credential);r[m]=`Oid:${t.uid}@${t.utid}`}catch(e){this.logger.verbose("Could not parse home account ID for CCS Header: "+e)}break;case Lr:r[m]=`UPN: ${e.credential}`}return r}async executePostToTokenEndpoint(e,t,r,n,o,i){i&&this.performanceClient?.addQueueMeasurement(i,o);const s=await this.sendPostRequest(n,e,{body:t,headers:r},o);return this.config.serverTelemetryManager&&s.status<500&&429!==s.status&&this.config.serverTelemetryManager.clearTelemetryCache(),s}async sendPostRequest(e,t,r,n){let o;Xn.preProcess(this.cacheManager,e,n);try{o=await Rn(this.networkClient.sendPostRequestAsync.bind(this.networkClient),vr.NetworkClientSendPostRequestAsync,this.logger,this.performanceClient,n)(t,r);const e=o.headers||{};this.performanceClient?.addFields({refreshTokenSize:o.body.refresh_token?.length||0,httpVerToken:e[v]||"",requestId:e[C]||""},n)}catch(e){if(e instanceof Zn){const t=e.responseHeaders;throw t&&this.performanceClient?.addFields({httpVerToken:t[v]||"",requestId:t[C]||"",contentTypeHeader:t[u]||void 0,contentLengthHeader:t[g]||void 0,httpStatus:e.httpStatus},n),e.error}throw e instanceof Ce?e:pt(Se)}return Xn.postProcess(this.cacheManager,e,o,n),o}async updateAuthority(e,t){this.performanceClient?.addQueueMeasurement(vr.UpdateTokenEndpointAuthority,t);const r=`https://${e}/${this.authority.tenant}/`,n=await Vn(r,this.networkClient,this.cacheManager,this.authority.options,this.logger,t,this.performanceClient);this.authority=n}createTokenQueryParameters(e){const t=new Map;return e.embeddedClientId&&Tn(t,this.config.authOptions.clientId,this.config.authOptions.redirectUri),e.tokenQueryParameters&&fn(t,e.tokenQueryParameters),on(t,e.correlationId),Wr(t,e.correlationId,this.performanceClient),or(t)}}
/*! @azure/msal-common v15.10.0 2025-08-05 */function ro(e){if(e){return e.tid||e.tfp||e.acr||null}return null}
/*! @azure/msal-common v15.10.0 2025-08-05 */class no{getAccountInfo(){return{homeAccountId:this.homeAccountId,environment:this.environment,tenantId:this.realm,username:this.username,localAccountId:this.localAccountId,loginHint:this.loginHint,name:this.name,nativeAccountId:this.nativeAccountId,authorityType:this.authorityType,tenantProfiles:new Map((this.tenantProfiles||[]).map((e=>[e.tenantId,e])))}}isSingleTenant(){return!this.tenantProfiles}static createAccount(e,t,r){const n=new no;let o;t.authorityType===kn?n.authorityType=N:t.protocolMode===Cr.OIDC?n.authorityType=U:n.authorityType=q,e.clientInfo&&r&&(o=Hr(e.clientInfo,r)),n.clientInfo=e.clientInfo,n.homeAccountId=e.homeAccountId,n.nativeAccountId=e.nativeAccountId;const i=e.environment||t&&t.getPreferredCache();if(!i)throw pt(Qe);n.environment=i,n.realm=o?.utid||ro(e.idTokenClaims)||"",n.localAccountId=o?.uid||e.idTokenClaims?.oid||e.idTokenClaims?.sub||"";const s=e.idTokenClaims?.preferred_username||e.idTokenClaims?.upn,a=e.idTokenClaims?.emails?e.idTokenClaims.emails[0]:null;if(n.username=s||a||"",n.loginHint=e.idTokenClaims?.login_hint,n.name=e.idTokenClaims?.name||"",n.cloudGraphHostName=e.cloudGraphHostName,n.msGraphHost=e.msGraphHost,e.tenantProfiles)n.tenantProfiles=e.tenantProfiles;else{const t=Xt(e.homeAccountId,n.localAccountId,n.realm,e.idTokenClaims);n.tenantProfiles=[t]}return n}static createFromAccountInfo(e,t,r){const n=new no;return n.authorityType=e.authorityType||U,n.homeAccountId=e.homeAccountId,n.localAccountId=e.localAccountId,n.nativeAccountId=e.nativeAccountId,n.realm=e.tenantId,n.environment=e.environment,n.username=e.username,n.name=e.name,n.loginHint=e.loginHint,n.cloudGraphHostName=t,n.msGraphHost=r,n.tenantProfiles=Array.from(e.tenantProfiles?.values()||[]),n}static generateHomeAccountId(e,t,r,n,o){if(t!==kn&&t!==Sn){if(e)try{const t=Hr(e,n.base64Decode);if(t.uid&&t.utid)return`${t.uid}.${t.utid}`}catch(e){}r.warning("No client info in response")}return o?.sub||""}static isAccountEntity(e){return!!e&&(e.hasOwnProperty("homeAccountId")&&e.hasOwnProperty("environment")&&e.hasOwnProperty("realm")&&e.hasOwnProperty("localAccountId")&&e.hasOwnProperty("username")&&e.hasOwnProperty("authorityType"))}static accountInfoIsEqual(e,t,r){if(!e||!t)return!1;let n=!0;if(r){const r=e.idTokenClaims||{},o=t.idTokenClaims||{};n=r.iat===o.iat&&r.nonce===o.nonce}return e.homeAccountId===t.homeAccountId&&e.localAccountId===t.localAccountId&&e.username===t.username&&e.tenantId===t.tenantId&&e.loginHint===t.loginHint&&e.environment===t.environment&&e.nativeAccountId===t.nativeAccountId&&n}}
/*! @azure/msal-common v15.10.0 2025-08-05 */const oo="no_tokens_found",io="native_account_unavailable",so="refresh_token_expired",ao="ux_not_allowed",co="interaction_required",lo="consent_required",ho="login_required",uo="bad_token";var go=Object.freeze({__proto__:null,badToken:uo,consentRequired:lo,interactionRequired:co,loginRequired:ho,nativeAccountUnavailable:io,noTokensFound:oo,refreshTokenExpired:so,uxNotAllowed:ao});
/*! @azure/msal-common v15.10.0 2025-08-05 */const po=[co,lo,ho,uo,ao],mo=["message_only","additional_action","basic_action","user_password_expired","consent_required","bad_token"],fo={[oo]:"No refresh token found in the cache. Please sign-in.",[io]:"The requested account is not available in the native broker. It may have been deleted or logged out. Please sign-in again using an interactive API.",[so]:"Refresh token has expired.",[uo]:"Identity provider returned bad_token due to an expired or invalid refresh token. Please invoke an interactive API to resolve.",[ao]:"`canShowUI` flag in Edge was set to false. User interaction required on web page. Please invoke an interactive API to resolve."},yo={noTokensFoundError:{code:oo,desc:fo[oo]},native_account_unavailable:{code:io,desc:fo[io]},bad_token:{code:uo,desc:fo[uo]}};class Co extends Ce{constructor(e,r,n,o,i,s,a,c){super(e,r,n),Object.setPrototypeOf(this,Co.prototype),this.timestamp=o||t.EMPTY_STRING,this.traceId=i||t.EMPTY_STRING,this.correlationId=s||t.EMPTY_STRING,this.claims=a||t.EMPTY_STRING,this.name="InteractionRequiredAuthError",this.errorNo=c}}function vo(e,t,r){const n=!!e&&po.indexOf(e)>-1,o=!!r&&mo.indexOf(r)>-1,i=!!t&&po.some((e=>t.indexOf(e)>-1));return n||i||o}function wo(e){return new Co(e,fo[e])}
/*! @azure/msal-common v15.10.0 2025-08-05 */class Io{static setRequestState(e,r,n){const o=Io.generateLibraryState(e,n);return r?`${o}${t.RESOURCE_DELIM}${r}`:o}static generateLibraryState(e,t){if(!e)throw pt(We);const r={id:e.createNewGuid()};t&&(r.meta=t);const n=JSON.stringify(r);return e.base64Encode(n)}static parseRequestState(e,r){if(!e)throw pt(We);if(!r)throw pt(Re);try{const n=r.split(t.RESOURCE_DELIM),o=n[0],i=n.length>1?n.slice(1).join(t.RESOURCE_DELIM):t.EMPTY_STRING,s=e.base64Decode(o),a=JSON.parse(s);return{userRequestState:i||t.EMPTY_STRING,libraryState:a}}catch(e){throw pt(Re)}}}
/*! @azure/msal-common v15.10.0 2025-08-05 */const To="sw";class Ao{constructor(e,t){this.cryptoUtils=e,this.performanceClient=t}async generateCnf(e,t){this.performanceClient?.addQueueMeasurement(vr.PopTokenGenerateCnf,e.correlationId);const r=await Rn(this.generateKid.bind(this),vr.PopTokenGenerateCnf,t,this.performanceClient,e.correlationId)(e),n=this.cryptoUtils.base64UrlEncode(JSON.stringify(r));return{kid:r.kid,reqCnfString:n}}async generateKid(e){this.performanceClient?.addQueueMeasurement(vr.PopTokenGenerateKid,e.correlationId);return{kid:await this.cryptoUtils.getPublicKeyThumbprint(e),xms_ksl:To}}async signPopToken(e,t,r){return this.signPayload(e,t,r)}async signPayload(e,t,r,n){const{resourceRequestMethod:o,resourceRequestUri:i,shrClaims:s,shrNonce:a,shrOptions:c}=r,l=i?new ir(i):void 0,h=l?.getUrlComponents();return this.cryptoUtils.signJwt({at:e,ts:Pn(),m:o?.toUpperCase(),u:h?.HostNameAndPort,nonce:a||this.cryptoUtils.createNewGuid(),p:h?.AbsolutePath,q:h?.QueryString?[[],h.QueryString]:void 0,client_claims:s||void 0,...n},t,c,r.correlationId)}}
/*! @azure/msal-common v15.10.0 2025-08-05 */class ko{constructor(e,t){this.cache=e,this.hasChanged=t}get cacheHasChanged(){return this.hasChanged}get tokenCache(){return this.cache}}
/*! @azure/msal-common v15.10.0 2025-08-05 */class So{constructor(e,t,r,n,o,i,s){this.clientId=e,this.cacheStorage=t,this.cryptoObj=r,this.logger=n,this.serializableCache=o,this.persistencePlugin=i,this.performanceClient=s}validateTokenResponse(e,r){if(e.error||e.error_description||e.suberror){const o=`Error(s): ${e.error_codes||t.NOT_AVAILABLE} - Timestamp: ${e.timestamp||t.NOT_AVAILABLE} - Description: ${e.error_description||t.NOT_AVAILABLE} - Correlation ID: ${e.correlation_id||t.NOT_AVAILABLE} - Trace ID: ${e.trace_id||t.NOT_AVAILABLE}`,c=e.error_codes?.length?e.error_codes[0]:void 0,l=new Jn(e.error,o,e.suberror,c,e.status);if(r&&e.status&&e.status>=s&&e.status<=a)return void this.logger.warning(`executeTokenRequest:validateTokenResponse - AAD is currently unavailable and the access token is unable to be refreshed.\n${l}`);if(r&&e.status&&e.status>=n&&e.status<=i)return void this.logger.warning(`executeTokenRequest:validateTokenResponse - AAD is currently available but is unable to refresh the access token.\n${l}`);if(vo(e.error,e.error_description,e.suberror))throw new Co(e.error,e.error_description,e.suberror,e.timestamp||t.EMPTY_STRING,e.trace_id||t.EMPTY_STRING,e.correlation_id||t.EMPTY_STRING,e.claims||t.EMPTY_STRING,c);throw l}}async handleServerTokenResponse(e,r,n,o,i,s,a,c,l){let h,d;if(this.performanceClient?.addQueueMeasurement(vr.HandleServerTokenResponse,e.correlation_id),e.id_token){if(h=er(e.id_token||t.EMPTY_STRING,this.cryptoObj.base64Decode),i&&i.nonce&&h.nonce!==i.nonce)throw pt(Me);if(o.maxAge||0===o.maxAge){const e=h.auth_time;if(!e)throw pt(Oe);tr(e,o.maxAge)}}this.homeAccountIdentifier=no.generateHomeAccountId(e.client_info||t.EMPTY_STRING,r.authorityType,this.logger,this.cryptoObj,h),i&&i.state&&(d=Io.parseRequestState(this.cryptoObj,i.state)),e.key_id=e.key_id||o.sshKid||void 0;const u=this.generateCacheRecord(e,r,n,o,h,s,i);let g;try{if(this.persistencePlugin&&this.serializableCache&&(this.logger.verbose("Persistence enabled, calling beforeCacheAccess"),g=new ko(this.serializableCache,!0),await this.persistencePlugin.beforeCacheAccess(g)),a&&!c&&u.account){const e=this.cacheStorage.generateAccountKey(u.account.getAccountInfo());if(!this.cacheStorage.getAccount(e,o.correlationId))return this.logger.warning("Account used to refresh tokens not in persistence, refreshed tokens will not be stored in the cache"),await So.generateAuthenticationResult(this.cryptoObj,r,u,!1,o,h,d,void 0,l)}await this.cacheStorage.saveCacheRecord(u,o.correlationId,o.storeInCache)}finally{this.persistencePlugin&&this.serializableCache&&g&&(this.logger.verbose("Persistence enabled, calling afterCacheAccess"),await this.persistencePlugin.afterCacheAccess(g))}return So.generateAuthenticationResult(this.cryptoObj,r,u,!1,o,h,d,e,l)}generateCacheRecord(e,t,r,n,o,i,s){const a=t.getPreferredCache();if(!a)throw pt(Qe);const c=ro(o);let l,h;e.id_token&&o&&(l=Ln(this.homeAccountIdentifier,a,e.id_token,this.clientId,c||""),h=bo(this.cacheStorage,t,this.homeAccountIdentifier,this.cryptoObj.base64Decode,n.correlationId,o,e.client_info,a,c,s,void 0,this.logger));let d=null;if(e.access_token){const o=e.scope?Jt.fromString(e.scope):new Jt(n.scopes||[]),s=("string"==typeof e.expires_in?parseInt(e.expires_in,10):e.expires_in)||0,l=("string"==typeof e.ext_expires_in?parseInt(e.ext_expires_in,10):e.ext_expires_in)||0,h=("string"==typeof e.refresh_in?parseInt(e.refresh_in,10):e.refresh_in)||void 0,u=r+s,g=u+l,p=h&&h>0?r+h:void 0;d=Hn(this.homeAccountIdentifier,a,e.access_token,this.clientId,c||t.tenant||"",o.printScopes(),u,g,this.cryptoObj.base64Decode,p,e.token_type,i,e.key_id,n.claims,n.requestedClaimsHash)}let u=null;if(e.refresh_token){let t;if(e.refresh_token_expires_in){t=r+("string"==typeof e.refresh_token_expires_in?parseInt(e.refresh_token_expires_in,10):e.refresh_token_expires_in)}u=xn(this.homeAccountIdentifier,a,e.refresh_token,this.clientId,e.foci,i,t)}let g=null;return e.foci&&(g={clientId:this.clientId,environment:a,familyId:e.foci}),{account:h,idToken:l,accessToken:d,refreshToken:u,appMetadata:g}}static async generateAuthenticationResult(e,r,n,o,i,s,a,c,l){let h,d,u=t.EMPTY_STRING,g=[],p=null,m=t.EMPTY_STRING;if(n.accessToken){if(n.accessToken.tokenType!==W.POP||i.popKid)u=n.accessToken.secret;else{const t=new Ao(e),{secret:r,keyId:o}=n.accessToken;if(!o)throw pt(ot);u=await t.signPopToken(r,o,i)}g=Jt.fromString(n.accessToken.target).asArray(),p=On(n.accessToken.expiresOn),h=On(n.accessToken.extendedExpiresOn),n.accessToken.refreshOn&&(d=On(n.accessToken.refreshOn))}n.appMetadata&&(m=n.appMetadata.familyId===B?B:"");const f=s?.oid||s?.sub||"",y=s?.tid||"";c?.spa_accountid&&n.account&&(n.account.nativeAccountId=c?.spa_accountid);const C=n.account?Zt(n.account.getAccountInfo(),void 0,s,n.idToken?.secret):null;return{authority:r.canonicalAuthority,uniqueId:f,tenantId:y,scopes:g,account:C,idToken:n?.idToken?.secret||"",idTokenClaims:s||{},accessToken:u,fromCache:o,expiresOn:p,extExpiresOn:h,refreshOn:d,correlationId:i.correlationId,requestId:l||t.EMPTY_STRING,familyId:m,tokenType:n.accessToken?.tokenType||t.EMPTY_STRING,state:a?a.userRequestState:t.EMPTY_STRING,cloudGraphHostName:n.account?.cloudGraphHostName||t.EMPTY_STRING,msGraphHost:n.account?.msGraphHost||t.EMPTY_STRING,code:c?.spa_code,fromNativeBroker:!1}}}function bo(e,t,r,n,o,i,s,a,c,l,h,d){d?.verbose("setCachedAccount called");const u=e.getAccountKeys().find((e=>e.startsWith(r)));let g=null;u&&(g=e.getAccount(u,o));const p=g||no.createAccount({homeAccountId:r,idTokenClaims:i,clientInfo:s,environment:a,cloudGraphHostName:l?.cloud_graph_host_name,msGraphHost:l?.msgraph_host,nativeAccountId:h},t,n),m=p.tenantProfiles||[],f=c||p.realm;if(f&&!m.find((e=>e.tenantId===f))){const e=Xt(r,p.localAccountId,f,i);m.push(e)}return p.tenantProfiles=m,p}
/*! @azure/msal-common v15.10.0 2025-08-05 */async function Eo(e,t,r){if("string"==typeof e)return e;return e({clientId:t,tokenEndpoint:r})}
/*! @azure/msal-common v15.10.0 2025-08-05 */class Ro extends to{constructor(e,t){super(e,t),this.includeRedirectUri=!0,this.oidcDefaultScopes=this.config.authOptions.authority.options.OIDCOptions?.defaultScopes}async acquireToken(e,t){if(this.performanceClient?.addQueueMeasurement(vr.AuthClientAcquireToken,e.correlationId),!e.code)throw pt(He);const r=Pn(),n=await Rn(this.executeTokenRequest.bind(this),vr.AuthClientExecuteTokenRequest,this.logger,this.performanceClient,e.correlationId)(this.authority,e),o=n.headers?.[C],i=new So(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.config.serializableCache,this.config.persistencePlugin,this.performanceClient);return i.validateTokenResponse(n.body),Rn(i.handleServerTokenResponse.bind(i),vr.HandleServerTokenResponse,this.logger,this.performanceClient,e.correlationId)(n.body,this.authority,r,e,t,void 0,void 0,void 0,o)}getLogoutUri(e){if(!e)throw Wt(_t);const t=this.createLogoutUrlQueryString(e);return ir.appendQueryString(this.authority.endSessionEndpoint,t)}async executeTokenRequest(e,t){this.performanceClient?.addQueueMeasurement(vr.AuthClientExecuteTokenRequest,t.correlationId);const r=this.createTokenQueryParameters(t),n=ir.appendQueryString(e.tokenEndpoint,r),o=await Rn(this.createTokenRequestBody.bind(this),vr.AuthClientCreateTokenRequestBody,this.logger,this.performanceClient,t.correlationId)(t);let i;if(t.clientInfo)try{const e=Hr(t.clientInfo,this.cryptoUtils.base64Decode);i={credential:`${e.uid}${H}${e.utid}`,type:Ur}}catch(e){this.logger.verbose("Could not parse client info for CCS Header: "+e)}const s=this.createTokenRequestHeaders(i||t.ccsCredential),a=Yn(this.config.authOptions.clientId,t);return Rn(this.executePostToTokenEndpoint.bind(this),vr.AuthorizationCodeClientExecutePostToTokenEndpoint,this.logger,this.performanceClient,t.correlationId)(n,o,s,a,t.correlationId,vr.AuthorizationCodeClientExecutePostToTokenEndpoint)}async createTokenRequestBody(e){this.performanceClient?.addQueueMeasurement(vr.AuthClientCreateTokenRequestBody,e.correlationId);const t=new Map;if(Yr(t,e.embeddedClientId||e.tokenBodyParameters?.[Dr]||this.config.authOptions.clientId),this.includeRedirectUri)Xr(t,e.redirectUri);else if(!e.redirectUri)throw Wt(It);if(Jr(t,e.scopes,!0,this.oidcDefaultScopes),function(e,t){e.set("code",t)}(t,e.code),sn(t,this.config.libraryInfo),an(t,this.config.telemetry.application),In(t),this.serverTelemetryManager&&!Nr(this.config)&&wn(t,this.serverTelemetryManager),e.codeVerifier&&function(e,t){e.set("code_verifier",t)}(t,e.codeVerifier),this.config.clientCredentials.clientSecret&&hn(t,this.config.clientCredentials.clientSecret),this.config.clientCredentials.clientAssertion){const r=this.config.clientCredentials.clientAssertion;dn(t,await Eo(r.assertion,this.config.authOptions.clientId,e.resourceRequestUri)),un(t,r.assertionType)}if(gn(t,M),pn(t),e.authenticationScheme===W.POP){const r=new Ao(this.cryptoUtils,this.performanceClient);let n;if(e.popKid)n=this.cryptoUtils.encodeKid(e.popKid);else{n=(await Rn(r.generateCnf.bind(r),vr.PopTokenGenerateCnf,this.logger,this.performanceClient,e.correlationId)(e,this.logger)).reqCnfString}Cn(t,n)}else if(e.authenticationScheme===W.SSH){if(!e.sshJwk)throw Wt(Ut);vn(t,e.sshJwk)}let r;if((!Vt.isEmptyObj(e.claims)||this.config.authOptions.clientCapabilities&&this.config.authOptions.clientCapabilities.length>0)&&nn(t,e.claims,this.config.authOptions.clientCapabilities),e.clientInfo)try{const t=Hr(e.clientInfo,this.cryptoUtils.base64Decode);r={credential:`${t.uid}${H}${t.utid}`,type:Ur}}catch(e){this.logger.verbose("Could not parse client info for CCS Header: "+e)}else r=e.ccsCredential;if(this.config.systemOptions.preventCorsPreflight&&r)switch(r.type){case Ur:try{tn(t,xr(r.credential))}catch(e){this.logger.verbose("Could not parse home account ID for CCS Header: "+e)}break;case Lr:en(t,r.credential)}return e.embeddedClientId&&Tn(t,this.config.authOptions.clientId,this.config.authOptions.redirectUri),e.tokenBodyParameters&&fn(t,e.tokenBodyParameters),!e.enableSpaAuthorizationCode||e.tokenBodyParameters&&e.tokenBodyParameters[Kr]||fn(t,{[Kr]:"1"}),Wr(t,e.correlationId,this.performanceClient),or(t)}createLogoutUrlQueryString(e){const t=new Map;return e.postLogoutRedirectUri&&function(e,t){e.set("post_logout_redirect_uri",t)}(t,e.postLogoutRedirectUri),e.correlationId&&on(t,e.correlationId),e.idTokenHint&&function(e,t){e.set("id_token_hint",t)}(t,e.idTokenHint),e.state&&cn(t,e.state),e.logoutHint&&function(e,t){e.set("logout_hint",t)}(t,e.logoutHint),e.extraQueryParameters&&fn(t,e.extraQueryParameters),this.config.authOptions.instanceAware&&mn(t),or(t,this.config.authOptions.encodeExtraQueryParams,e.extraQueryParameters)}}
/*! @azure/msal-common v15.10.0 2025-08-05 */class _o extends to{constructor(e,t){super(e,t)}async acquireToken(e){this.performanceClient?.addQueueMeasurement(vr.RefreshTokenClientAcquireToken,e.correlationId);const t=Pn(),r=await Rn(this.executeTokenRequest.bind(this),vr.RefreshTokenClientExecuteTokenRequest,this.logger,this.performanceClient,e.correlationId)(e,this.authority),n=r.headers?.[C],o=new So(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.config.serializableCache,this.config.persistencePlugin);return o.validateTokenResponse(r.body),Rn(o.handleServerTokenResponse.bind(o),vr.HandleServerTokenResponse,this.logger,this.performanceClient,e.correlationId)(r.body,this.authority,t,e,void 0,void 0,!0,e.forceCache,n)}async acquireTokenByRefreshToken(e){if(!e)throw Wt(Rt);if(this.performanceClient?.addQueueMeasurement(vr.RefreshTokenClientAcquireTokenByRefreshToken,e.correlationId),!e.account)throw pt(Ge);if(this.cacheManager.isAppMetadataFOCI(e.account.environment))try{return await Rn(this.acquireTokenWithCachedRefreshToken.bind(this),vr.RefreshTokenClientAcquireTokenWithCachedRefreshToken,this.logger,this.performanceClient,e.correlationId)(e,!0)}catch(t){const r=t instanceof Co&&t.errorCode===oo,n=t instanceof Jn&&t.errorCode===Z&&t.subError===ee;if(r||n)return Rn(this.acquireTokenWithCachedRefreshToken.bind(this),vr.RefreshTokenClientAcquireTokenWithCachedRefreshToken,this.logger,this.performanceClient,e.correlationId)(e,!1);throw t}return Rn(this.acquireTokenWithCachedRefreshToken.bind(this),vr.RefreshTokenClientAcquireTokenWithCachedRefreshToken,this.logger,this.performanceClient,e.correlationId)(e,!1)}async acquireTokenWithCachedRefreshToken(e,t){this.performanceClient?.addQueueMeasurement(vr.RefreshTokenClientAcquireTokenWithCachedRefreshToken,e.correlationId);const r=En(this.cacheManager.getRefreshToken.bind(this.cacheManager),vr.CacheManagerGetRefreshToken,this.logger,this.performanceClient,e.correlationId)(e.account,t,e.correlationId,void 0,this.performanceClient);if(!r)throw wo(oo);if(r.expiresOn&&qn(r.expiresOn,e.refreshTokenExpirationOffsetSeconds||300))throw this.performanceClient?.addFields({rtExpiresOnMs:Number(r.expiresOn)},e.correlationId),wo(so);const n={...e,refreshToken:r.secret,authenticationScheme:e.authenticationScheme||W.BEARER,ccsCredential:{credential:e.account.homeAccountId,type:Ur}};try{return await Rn(this.acquireToken.bind(this),vr.RefreshTokenClientAcquireToken,this.logger,this.performanceClient,e.correlationId)(n)}catch(t){if(t instanceof Co&&(this.performanceClient?.addFields({rtExpiresOnMs:Number(r.expiresOn)},e.correlationId),t.subError===uo)){this.logger.verbose("acquireTokenWithRefreshToken: bad refresh token, removing from cache");const t=this.cacheManager.generateCredentialKey(r);this.cacheManager.removeRefreshToken(t,e.correlationId)}throw t}}async executeTokenRequest(e,t){this.performanceClient?.addQueueMeasurement(vr.RefreshTokenClientExecuteTokenRequest,e.correlationId);const r=this.createTokenQueryParameters(e),n=ir.appendQueryString(t.tokenEndpoint,r),o=await Rn(this.createTokenRequestBody.bind(this),vr.RefreshTokenClientCreateTokenRequestBody,this.logger,this.performanceClient,e.correlationId)(e),i=this.createTokenRequestHeaders(e.ccsCredential),s=Yn(this.config.authOptions.clientId,e);return Rn(this.executePostToTokenEndpoint.bind(this),vr.RefreshTokenClientExecutePostToTokenEndpoint,this.logger,this.performanceClient,e.correlationId)(n,o,i,s,e.correlationId,vr.RefreshTokenClientExecutePostToTokenEndpoint)}async createTokenRequestBody(e){this.performanceClient?.addQueueMeasurement(vr.RefreshTokenClientCreateTokenRequestBody,e.correlationId);const t=new Map;if(Yr(t,e.embeddedClientId||e.tokenBodyParameters?.[Dr]||this.config.authOptions.clientId),e.redirectUri&&Xr(t,e.redirectUri),Jr(t,e.scopes,!0,this.config.authOptions.authority.options.OIDCOptions?.defaultScopes),gn(t,O),pn(t),sn(t,this.config.libraryInfo),an(t,this.config.telemetry.application),In(t),this.serverTelemetryManager&&!Nr(this.config)&&wn(t,this.serverTelemetryManager),function(e,t){e.set("refresh_token",t)}(t,e.refreshToken),this.config.clientCredentials.clientSecret&&hn(t,this.config.clientCredentials.clientSecret),this.config.clientCredentials.clientAssertion){const r=this.config.clientCredentials.clientAssertion;dn(t,await Eo(r.assertion,this.config.authOptions.clientId,e.resourceRequestUri)),un(t,r.assertionType)}if(e.authenticationScheme===W.POP){const r=new Ao(this.cryptoUtils,this.performanceClient);let n;if(e.popKid)n=this.cryptoUtils.encodeKid(e.popKid);else{n=(await Rn(r.generateCnf.bind(r),vr.PopTokenGenerateCnf,this.logger,this.performanceClient,e.correlationId)(e,this.logger)).reqCnfString}Cn(t,n)}else if(e.authenticationScheme===W.SSH){if(!e.sshJwk)throw Wt(Ut);vn(t,e.sshJwk)}if((!Vt.isEmptyObj(e.claims)||this.config.authOptions.clientCapabilities&&this.config.authOptions.clientCapabilities.length>0)&&nn(t,e.claims,this.config.authOptions.clientCapabilities),this.config.systemOptions.preventCorsPreflight&&e.ccsCredential)switch(e.ccsCredential.type){case Ur:try{tn(t,xr(e.ccsCredential.credential))}catch(e){this.logger.verbose("Could not parse home account ID for CCS Header: "+e)}break;case Lr:en(t,e.ccsCredential.credential)}return e.embeddedClientId&&Tn(t,this.config.authOptions.clientId,this.config.authOptions.redirectUri),e.tokenBodyParameters&&fn(t,e.tokenBodyParameters),Wr(t,e.correlationId,this.performanceClient),or(t)}}
/*! @azure/msal-common v15.10.0 2025-08-05 */class Po extends to{constructor(e,t){super(e,t)}async acquireCachedToken(e){this.performanceClient?.addQueueMeasurement(vr.SilentFlowClientAcquireCachedToken,e.correlationId);let t=ae;if(e.forceRefresh||!this.config.cacheOptions.claimsBasedCachingEnabled&&!Vt.isEmptyObj(e.claims))throw this.setCacheOutcome(ce,e.correlationId),pt(Xe);if(!e.account)throw pt(Ge);const r=e.account.tenantId||function(e){const t=new ir(e).getUrlComponents(),r=t.PathSegments.slice(-1)[0]?.toLowerCase();switch(r){case I:case T:case A:return;default:return r}}(e.authority),n=this.cacheManager.getTokenKeys(),o=this.cacheManager.getAccessToken(e.account,e,n,r);if(!o)throw this.setCacheOutcome(le,e.correlationId),pt(Xe);if(Un(o.cachedAt)||qn(o.expiresOn,this.config.systemOptions.tokenRenewalOffsetSeconds))throw this.setCacheOutcome(he,e.correlationId),pt(Xe);o.refreshOn&&qn(o.refreshOn,0)&&(t=de);const i=e.authority||this.authority.getPreferredCache(),s={account:this.cacheManager.getAccount(this.cacheManager.generateAccountKey(e.account),e.correlationId),accessToken:o,idToken:this.cacheManager.getIdToken(e.account,e.correlationId,n,r,this.performanceClient),refreshToken:null,appMetadata:this.cacheManager.readAppMetadataFromCache(i)};return this.setCacheOutcome(t,e.correlationId),this.config.serverTelemetryManager&&this.config.serverTelemetryManager.incrementCacheHits(),[await Rn(this.generateResultFromCacheRecord.bind(this),vr.SilentFlowClientGenerateResultFromCacheRecord,this.logger,this.performanceClient,e.correlationId)(s,e),t]}setCacheOutcome(e,t){this.serverTelemetryManager?.setCacheOutcome(e),this.performanceClient?.addFields({cacheOutcome:e},t),e!==ae&&this.logger.info(`Token refresh is required due to cache outcome: ${e}`)}async generateResultFromCacheRecord(e,t){let r;if(this.performanceClient?.addQueueMeasurement(vr.SilentFlowClientGenerateResultFromCacheRecord,t.correlationId),e.idToken&&(r=er(e.idToken.secret,this.config.cryptoInterface.base64Decode)),t.maxAge||0===t.maxAge){const e=r?.auth_time;if(!e)throw pt(Oe);tr(e,t.maxAge)}return So.generateAuthenticationResult(this.cryptoUtils,this.authority,e,!0,t,r)}}
/*! @azure/msal-common v15.10.0 2025-08-05 */const Mo={sendGetRequestAsync:()=>Promise.reject(pt(ct)),sendPostRequestAsync:()=>Promise.reject(pt(ct))};
/*! @azure/msal-common v15.10.0 2025-08-05 */function Oo(e,t,r,n){const o=t.correlationId,i=new Map;Yr(i,t.embeddedClientId||t.extraQueryParameters?.[Dr]||e.clientId);if(Jr(i,[...t.scopes||[],...t.extraScopesToConsent||[]],!0,e.authority.options.OIDCOptions?.defaultScopes),Xr(i,t.redirectUri),on(i,o),function(e,t){e.set("response_mode",t||P)}(i,t.responseMode),pn(i),t.prompt&&(!function(e,t){e.set("prompt",t)}(i,t.prompt),n?.addFields({prompt:t.prompt},o)),t.domainHint&&(!function(e,t){e.set("domain_hint",t)}(i,t.domainHint),n?.addFields({domainHintFromRequest:!0},o)),t.prompt!==b.SELECT_ACCOUNT)if(t.sid&&t.prompt===b.NONE)r.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from request"),rn(i,t.sid),n?.addFields({sidFromRequest:!0},o);else if(t.account){const e=(s=t.account,s.idTokenClaims?.sid||null);let a=function(e){return e.loginHint||e.idTokenClaims?.login_hint||null}
/*! @azure/msal-common v15.10.0 2025-08-05 */(t.account);if(a&&t.domainHint&&(r.warning('AuthorizationCodeClient.createAuthCodeUrlQueryString: "domainHint" param is set, skipping opaque "login_hint" claim. Please consider not passing domainHint'),a=null),a){r.verbose("createAuthCodeUrlQueryString: login_hint claim present on account"),Zr(i,a),n?.addFields({loginHintFromClaim:!0},o);try{tn(i,xr(t.account.homeAccountId))}catch(e){r.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header")}}else if(e&&t.prompt===b.NONE){r.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from account"),rn(i,e),n?.addFields({sidFromClaim:!0},o);try{tn(i,xr(t.account.homeAccountId))}catch(e){r.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header")}}else if(t.loginHint)r.verbose("createAuthCodeUrlQueryString: Adding login_hint from request"),Zr(i,t.loginHint),en(i,t.loginHint),n?.addFields({loginHintFromRequest:!0},o);else if(t.account.username){r.verbose("createAuthCodeUrlQueryString: Adding login_hint from account"),Zr(i,t.account.username),n?.addFields({loginHintFromUpn:!0},o);try{tn(i,xr(t.account.homeAccountId))}catch(e){r.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header")}}}else t.loginHint&&(r.verbose("createAuthCodeUrlQueryString: No account, adding login_hint from request"),Zr(i,t.loginHint),en(i,t.loginHint),n?.addFields({loginHintFromRequest:!0},o));else r.verbose("createAuthCodeUrlQueryString: Prompt is select_account, ignoring account hints");var s;return t.nonce&&function(e,t){e.set("nonce",t)}(i,t.nonce),t.state&&cn(i,t.state),(t.claims||e.clientCapabilities&&e.clientCapabilities.length>0)&&nn(i,t.claims,e.clientCapabilities),t.embeddedClientId&&Tn(i,e.clientId,e.redirectUri),!e.instanceAware||t.extraQueryParameters&&Object.keys(t.extraQueryParameters).includes(jr)||mn(i),i}function qo(e,t,r,n){const o=or(t,r,n);return ir.appendQueryString(e.authorizationEndpoint,o)}function No(e,t){if(!e.state||!t)throw e.state?pt(Pe,"Cached State"):pt(Pe,"Server State");let r,n;try{r=decodeURIComponent(e.state)}catch(t){throw pt(Re,e.state)}try{n=decodeURIComponent(t)}catch(t){throw pt(Re,e.state)}if(r!==n)throw pt(_e);if(e.error||e.error_description||e.suberror){const t=function(e){const t="code=",r=e.error_uri?.lastIndexOf(t);return r&&r>=0?e.error_uri?.substring(r+t.length):void 0}(e);if(vo(e.error,e.error_description,e.suberror))throw new Co(e.error||"",e.error_description,e.suberror,e.timestamp||"",e.trace_id||"",e.correlation_id||"",e.claims||"",t);throw new Jn(e.error||"",e.error_description,e.suberror,t)}}function Uo(e){const{skus:t,libraryName:r,libraryVersion:n,extensionName:o,extensionVersion:i}=e,s=new Map([[0,[r,n]],[2,[o,i]]]);let a=[];if(t?.length){if(a=t.split(","),a.length<4)return t}else a=Array.from({length:4},(()=>"|"));return s.forEach(((e,t)=>{2===e.length&&e[0]?.length&&e[1]?.length&&function(e){const{skuArr:t,index:r,skuName:n,skuVersion:o}=e;if(r>=t.length)return;t[r]=[n,o].join("|")}({skuArr:a,index:t,skuName:e[0],skuVersion:e[1]})})),a.join(",")}class Lo{constructor(e,r){this.cacheOutcome=ae,this.cacheManager=r,this.apiId=e.apiId,this.correlationId=e.correlationId,this.wrapperSKU=e.wrapperSKU||t.EMPTY_STRING,this.wrapperVer=e.wrapperVer||t.EMPTY_STRING,this.telemetryCacheKey=j.CACHE_KEY+L+e.clientId}generateCurrentRequestHeaderValue(){const e=`${this.apiId}${j.VALUE_SEPARATOR}${this.cacheOutcome}`,t=[this.wrapperSKU,this.wrapperVer],r=this.getNativeBrokerErrorCode();r?.length&&t.push(`broker_error=${r}`);const n=t.join(j.VALUE_SEPARATOR),o=[e,this.getRegionDiscoveryFields()].join(j.VALUE_SEPARATOR);return[j.SCHEMA_VERSION,o,n].join(j.CATEGORY_SEPARATOR)}generateLastRequestHeaderValue(){const e=this.getLastRequests(),t=Lo.maxErrorsToSend(e),r=e.failedRequests.slice(0,2*t).join(j.VALUE_SEPARATOR),n=e.errors.slice(0,t).join(j.VALUE_SEPARATOR),o=e.errors.length,i=[o,t<o?j.OVERFLOW_TRUE:j.OVERFLOW_FALSE].join(j.VALUE_SEPARATOR);return[j.SCHEMA_VERSION,e.cacheHits,r,n,i].join(j.CATEGORY_SEPARATOR)}cacheFailedRequest(e){const t=this.getLastRequests();t.errors.length>=j.MAX_CACHED_ERRORS&&(t.failedRequests.shift(),t.failedRequests.shift(),t.errors.shift()),t.failedRequests.push(this.apiId,this.correlationId),e instanceof Error&&e&&e.toString()?e instanceof Ce?e.subError?t.errors.push(e.subError):e.errorCode?t.errors.push(e.errorCode):t.errors.push(e.toString()):t.errors.push(e.toString()):t.errors.push(j.UNKNOWN_ERROR),this.cacheManager.setServerTelemetry(this.telemetryCacheKey,t,this.correlationId)}incrementCacheHits(){const e=this.getLastRequests();return e.cacheHits+=1,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,e,this.correlationId),e.cacheHits}getLastRequests(){return this.cacheManager.getServerTelemetry(this.telemetryCacheKey)||{failedRequests:[],errors:[],cacheHits:0}}clearTelemetryCache(){const e=this.getLastRequests(),t=Lo.maxErrorsToSend(e);if(t===e.errors.length)this.cacheManager.removeItem(this.telemetryCacheKey,this.correlationId);else{const r={failedRequests:e.failedRequests.slice(2*t),errors:e.errors.slice(t),cacheHits:0};this.cacheManager.setServerTelemetry(this.telemetryCacheKey,r,this.correlationId)}}static maxErrorsToSend(e){let r,n=0,o=0;const i=e.errors.length;for(r=0;r<i;r++){const i=e.failedRequests[2*r]||t.EMPTY_STRING,s=e.failedRequests[2*r+1]||t.EMPTY_STRING,a=e.errors[r]||t.EMPTY_STRING;if(o+=i.toString().length+s.toString().length+a.length+3,!(o<j.MAX_LAST_HEADER_BYTES))break;n+=1}return n}getRegionDiscoveryFields(){const e=[];return e.push(this.regionUsed||t.EMPTY_STRING),e.push(this.regionSource||t.EMPTY_STRING),e.push(this.regionOutcome||t.EMPTY_STRING),e.join(",")}updateRegionDiscoveryMetadata(e){this.regionUsed=e.region_used,this.regionSource=e.region_source,this.regionOutcome=e.region_outcome}setCacheOutcome(e){this.cacheOutcome=e}setNativeBrokerErrorCode(e){const t=this.getLastRequests();t.nativeBrokerErrorCode=e,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,t,this.correlationId)}getNativeBrokerErrorCode(){return this.getLastRequests().nativeBrokerErrorCode}clearNativeBrokerErrorCode(){const e=this.getLastRequests();delete e.nativeBrokerErrorCode,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,e,this.correlationId)}static makeExtraSkuString(e){return Uo(e)}}
/*! @azure/msal-common v15.10.0 2025-08-05 */const Ho="missing_kid_error",xo="missing_alg_error",Do={[Ho]:"The JOSE Header for the requested JWT, JWS or JWK object requires a keyId to be configured as the 'kid' header claim. No 'kid' value was provided.",[xo]:"The JOSE Header for the requested JWT, JWS or JWK object requires an algorithm to be specified as the 'alg' header claim. No 'alg' value was provided."};class Bo extends Ce{constructor(e,t){super(e,t),this.name="JoseHeaderError",Object.setPrototypeOf(this,Bo.prototype)}}function Fo(e){return new Bo(e,Do[e])}
/*! @azure/msal-common v15.10.0 2025-08-05 */class zo{constructor(e){this.typ=e.typ,this.alg=e.alg,this.kid=e.kid}static getShrHeaderString(e){if(!e.kid)throw Fo(Ho);if(!e.alg)throw Fo(xo);const t=new zo({typ:e.typ||ue.Pop,kid:e.kid,alg:e.alg});return JSON.stringify(t)}}
/*! @azure/msal-common v15.10.0 2025-08-05 */function Ko(e,t,r,n=5){if(e instanceof Error)return e instanceof Ce?(r.errorCode=e.errorCode,r.subErrorCode=e.subError,void((e instanceof Jn||e instanceof Co)&&(r.serverErrorNo=e.errorNo))):void(e instanceof pr?r.errorCode=e.errorCode:r.errorStack?.length?t.trace("PerformanceClient.addErrorStack: Stack already exist",r.correlationId):e.stack?.length?(e.stack&&(r.errorStack=function(e,t){if(t<0)return[];const r=e.split("\n")||[],n=[],o=r[0];o.startsWith("TypeError: Cannot read property")||o.startsWith("TypeError: Cannot read properties of")||o.startsWith("TypeError: Cannot set property")||o.startsWith("TypeError: Cannot set properties of")||o.endsWith("is not a function")?n.push(Go(o)):(o.startsWith("SyntaxError")||o.startsWith("TypeError"))&&n.push(Go(o.replace(/['].*[']|["].*["]/g,"<redacted>")));for(let e=1;e<r.length&&!(n.length>=t);e++){const t=r[e];n.push(Go(t))}return n}(e.stack,n)),r.errorName=e.name):t.trace("PerformanceClient.addErrorStack: Input stack is empty",r.correlationId));t.trace("PerformanceClient.addErrorStack: Input error is not instance of Error",r.correlationId)}function Go(e){const t=e.lastIndexOf(" ")+1;if(t<1)return e;const r=e.substring(t);let n=r.lastIndexOf("/");return n=n<0?r.lastIndexOf("\\"):n,n>=0?(e.substring(0,t)+"("+r.substring(n+1)+(")"===r.charAt(r.length-1)?"":")")).trimStart():e.trimStart()}class $o{constructor(e,t,r,n,o,i,s,a){this.authority=t,this.libraryName=n,this.libraryVersion=o,this.applicationTelemetry=i,this.clientId=e,this.logger=r,this.callbacks=new Map,this.eventsByCorrelationId=new Map,this.eventStack=new Map,this.queueMeasurements=new Map,this.preQueueTimeByCorrelationId=new Map,this.intFields=s||new Set;for(const e of Ar)this.intFields.add(e);this.abbreviations=a||new Map;for(const[e,t]of wr)this.abbreviations.set(e,t)}startPerformanceMeasurement(e,t){return{}}getPreQueueTime(e,t){const r=this.preQueueTimeByCorrelationId.get(t);if(r){if(r.name===e)return r.time;this.logger.trace(`PerformanceClient.getPreQueueTime: no pre-queue time found for ${e}, unable to add queue measurement`)}else this.logger.trace(`PerformanceClient.getPreQueueTime: no pre-queue times found for correlationId: ${t}, unable to add queue measurement`)}calculateQueuedTime(e,t){return e<1?(this.logger.trace(`PerformanceClient: preQueueTime should be a positive integer and not ${e}`),0):t<1?(this.logger.trace(`PerformanceClient: currentTime should be a positive integer and not ${t}`),0):t<e?(this.logger.trace("PerformanceClient: currentTime is less than preQueueTime, check how time is being retrieved"),0):t-e}addQueueMeasurement(e,t,r,n){if(!t)return void this.logger.trace(`PerformanceClient.addQueueMeasurement: correlationId not provided for ${e}, cannot add queue measurement`);if(0===r)this.logger.trace(`PerformanceClient.addQueueMeasurement: queue time provided for ${e} is ${r}`);else if(!r)return void this.logger.trace(`PerformanceClient.addQueueMeasurement: no queue time provided for ${e}`);const o={eventName:e,queueTime:n?0:r,manuallyCompleted:n},i=this.queueMeasurements.get(t);if(i)i.push(o),this.queueMeasurements.set(t,i);else{this.logger.trace(`PerformanceClient.addQueueMeasurement: adding correlationId ${t} to queue measurements`);const e=[o];this.queueMeasurements.set(t,e)}this.preQueueTimeByCorrelationId.delete(t)}startMeasurement(e,t){const r=t||this.generateId();t||this.logger.info(`PerformanceClient: No correlation id provided for ${e}, generating`,r),this.logger.trace(`PerformanceClient: Performance measurement started for ${e}`,r);const n={eventId:this.generateId(),status:Ir,authority:this.authority,libraryName:this.libraryName,libraryVersion:this.libraryVersion,clientId:this.clientId,name:e,startTimeMs:Date.now(),correlationId:r,appName:this.applicationTelemetry?.appName,appVersion:this.applicationTelemetry?.appVersion};var o,i,s;return this.cacheEventByCorrelationId(n),o=n,i=this.abbreviations,(s=this.eventStack.get(r))&&s.push({name:i.get(o.name)||o.name}),{end:(e,t)=>this.endMeasurement({...n,...e},t),discard:()=>this.discardMeasurements(n.correlationId),add:e=>this.addFields(e,n.correlationId),increment:e=>this.incrementFields(e,n.correlationId),event:n,measurement:new kr}}endMeasurement(e,t){const r=this.eventsByCorrelationId.get(e.correlationId);if(!r)return this.logger.trace(`PerformanceClient: Measurement not found for ${e.eventId}`,e.correlationId),null;const n=e.eventId===r.eventId;let o={totalQueueTime:0,totalQueueCount:0,manuallyCompletedCount:0};e.durationMs=Math.round(e.durationMs||this.getDurationMs(e.startTimeMs));const i=JSON.stringify(function(e,t,r,n){if(!r?.length)return;const o=e=>e.length?e[e.length-1]:void 0,i=t.get(e.name)||e.name,s=o(r);if(s?.name!==i)return;const a=r?.pop();if(!a)return;const c=n instanceof Ce?n.errorCode:n instanceof Error?n.name:void 0,l=n instanceof Ce?n.subError:void 0;c&&a.childErr!==c&&(a.err=c,l&&(a.subErr=l)),delete a.name,delete a.childErr;const h={...a,dur:e.durationMs};e.success||(h.fail=1);const d=o(r);if(!d)return{[i]:h};let u;if(c&&(d.childErr=c),d[i]){const e=Object.keys(d).filter((e=>e.startsWith(i))).length;u=`${i}_${e+1}`}else u=i;return d[u]=h,d}(e,this.abbreviations,this.eventStack.get(r.correlationId),t));if(n?(o=this.getQueueInfo(e.correlationId),this.discardMeasurements(r.correlationId)):r.incompleteSubMeasurements?.delete(e.eventId),this.logger.trace(`PerformanceClient: Performance measurement ended for ${e.name}: ${e.durationMs} ms`,e.correlationId),t&&Ko(t,this.logger,r),!n)return r[e.name+"DurationMs"]=Math.floor(e.durationMs),{...r};n&&!t&&(r.errorCode||r.subErrorCode)&&(this.logger.trace(`PerformanceClient: Remove error and sub-error codes for root event ${e.name} as intermediate error was successfully handled`,e.correlationId),r.errorCode=void 0,r.subErrorCode=void 0);let s={...r,...e},a=0;return s.incompleteSubMeasurements?.forEach((t=>{this.logger.trace(`PerformanceClient: Incomplete submeasurement ${t.name} found for ${e.name}`,s.correlationId),a++})),s.incompleteSubMeasurements=void 0,s={...s,queuedTimeMs:o.totalQueueTime,queuedCount:o.totalQueueCount,queuedManuallyCompletedCount:o.manuallyCompletedCount,status:Tr,incompleteSubsCount:a,context:i},this.truncateIntegralFields(s),this.emitEvents([s],e.correlationId),s}addFields(e,t){this.logger.trace("PerformanceClient: Updating static fields");const r=this.eventsByCorrelationId.get(t);r?this.eventsByCorrelationId.set(t,{...r,...e}):this.logger.trace("PerformanceClient: Event not found for",t)}incrementFields(e,t){this.logger.trace("PerformanceClient: Updating counters");const r=this.eventsByCorrelationId.get(t);if(r)for(const t in e){if(r.hasOwnProperty(t)){if(isNaN(Number(r[t])))return}else r[t]=0;r[t]+=e[t]}else this.logger.trace("PerformanceClient: Event not found for",t)}cacheEventByCorrelationId(e){const t=this.eventsByCorrelationId.get(e.correlationId);t?(this.logger.trace(`PerformanceClient: Performance measurement for ${e.name} added/updated`,e.correlationId),t.incompleteSubMeasurements=t.incompleteSubMeasurements||new Map,t.incompleteSubMeasurements.set(e.eventId,{name:e.name,startTimeMs:e.startTimeMs})):(this.logger.trace(`PerformanceClient: Performance measurement for ${e.name} started`,e.correlationId),this.eventsByCorrelationId.set(e.correlationId,{...e}),this.eventStack.set(e.correlationId,[]))}getQueueInfo(e){const t=this.queueMeasurements.get(e);t||this.logger.trace(`PerformanceClient: no queue measurements found for for correlationId: ${e}`);let r=0,n=0,o=0;return t?.forEach((e=>{r+=e.queueTime,n++,o+=e.manuallyCompleted?1:0})),{totalQueueTime:r,totalQueueCount:n,manuallyCompletedCount:o}}discardMeasurements(e){this.logger.trace("PerformanceClient: Performance measurements discarded",e),this.eventsByCorrelationId.delete(e),this.logger.trace("PerformanceClient: QueueMeasurements discarded",e),this.queueMeasurements.delete(e),this.logger.trace("PerformanceClient: Pre-queue times discarded",e),this.preQueueTimeByCorrelationId.delete(e),this.logger.trace("PerformanceClient: Event stack discarded",e),this.eventStack.delete(e)}addPerformanceCallback(e){for(const[t,r]of this.callbacks)if(r.toString()===e.toString())return this.logger.warning(`PerformanceClient: Performance callback is already registered with id: ${t}`),t;const t=this.generateId();return this.callbacks.set(t,e),this.logger.verbose(`PerformanceClient: Performance callback registered with id: ${t}`),t}removePerformanceCallback(e){const t=this.callbacks.delete(e);return t?this.logger.verbose(`PerformanceClient: Performance callback ${e} removed.`):this.logger.verbose(`PerformanceClient: Performance callback ${e} not removed.`),t}emitEvents(e,t){this.logger.verbose("PerformanceClient: Emitting performance events",t),this.callbacks.forEach(((r,n)=>{this.logger.trace(`PerformanceClient: Emitting event to callback ${n}`,t),r.apply(null,[e])}))}truncateIntegralFields(e){this.intFields.forEach((t=>{t in e&&"number"==typeof e[t]&&(e[t]=Math.floor(e[t]))}))}getDurationMs(e){const t=Date.now()-e;return t<0?t:0}}const Qo="pkce_not_created",jo="ear_jwk_empty",Wo="ear_jwe_empty",Vo="crypto_nonexistent",Jo="empty_navigate_uri",Yo="hash_empty_error",Xo="no_state_in_hash",Zo="hash_does_not_contain_known_properties",ei="unable_to_parse_state",ti="state_interaction_type_mismatch",ri="interaction_in_progress",ni="popup_window_error",oi="empty_window_error",ii="user_cancelled",si="monitor_popup_timeout",ai="monitor_window_timeout",ci="redirect_in_iframe",li="block_iframe_reload",hi="block_nested_popups",di="iframe_closed_prematurely",ui="silent_logout_unsupported",gi="no_account_error",pi="silent_prompt_value_error",mi="no_token_request_cache_error",fi="unable_to_parse_token_request_cache_error",yi="auth_request_not_set_error",Ci="invalid_cache_type",vi="non_browser_environment",wi="database_not_open",Ii="no_network_connectivity",Ti="post_request_failed",Ai="get_request_failed",ki="failed_to_parse_response",Si="unable_to_load_token",bi="crypto_key_not_found",Ei="auth_code_required",Ri="auth_code_or_nativeAccountId_required",_i="spa_code_and_nativeAccountId_present",Pi="database_unavailable",Mi="unable_to_acquire_token_from_native_platform",Oi="native_handshake_timeout",qi="native_extension_not_installed",Ni="native_connection_not_established",Ui="uninitialized_public_client_application",Li="native_prompt_not_supported",Hi="invalid_base64_string",xi="invalid_pop_token_request",Di="failed_to_build_headers",Bi="failed_to_parse_headers",Fi="failed_to_decrypt_ear_response",zi="timed_out";var Ki=Object.freeze({__proto__:null,authCodeOrNativeAccountIdRequired:Ri,authCodeRequired:Ei,authRequestNotSetError:yi,blockIframeReload:li,blockNestedPopups:hi,cryptoKeyNotFound:bi,cryptoNonExistent:Vo,databaseNotOpen:wi,databaseUnavailable:Pi,earJweEmpty:Wo,earJwkEmpty:jo,emptyNavigateUri:Jo,emptyWindowError:oi,failedToBuildHeaders:Di,failedToDecryptEarResponse:Fi,failedToParseHeaders:Bi,failedToParseResponse:ki,getRequestFailed:Ai,hashDoesNotContainKnownProperties:Zo,hashEmptyError:Yo,iframeClosedPrematurely:di,interactionInProgress:ri,invalidBase64String:Hi,invalidCacheType:Ci,invalidPopTokenRequest:xi,monitorPopupTimeout:si,monitorWindowTimeout:ai,nativeConnectionNotEstablished:Ni,nativeExtensionNotInstalled:qi,nativeHandshakeTimeout:Oi,nativePromptNotSupported:Li,noAccountError:gi,noNetworkConnectivity:Ii,noStateInHash:Xo,noTokenRequestCacheError:mi,nonBrowserEnvironment:vi,pkceNotCreated:Qo,popupWindowError:ni,postRequestFailed:Ti,redirectInIframe:ci,silentLogoutUnsupported:ui,silentPromptValueError:pi,spaCodeAndNativeAccountIdPresent:_i,stateInteractionTypeMismatch:ti,timedOut:zi,unableToAcquireTokenFromNativePlatform:Mi,unableToLoadToken:Si,unableToParseState:ei,unableToParseTokenRequestCacheError:fi,uninitializedPublicClientApplication:Ui,userCancelled:ii});const Gi="For more visit: aka.ms/msaljs/browser-errors",$i={[Qo]:"The PKCE code challenge and verifier could not be generated.",[jo]:"No EAR encryption key provided. This is unexpected.",[Wo]:"Server response does not contain ear_jwe property. This is unexpected.",[Vo]:"The crypto object or function is not available.",[Jo]:"Navigation URI is empty. Please check stack trace for more info.",[Yo]:`Hash value cannot be processed because it is empty. Please verify that your redirectUri is not clearing the hash. ${Gi}`,[Xo]:"Hash does not contain state. Please verify that the request originated from msal.",[Zo]:`Hash does not contain known properites. Please verify that your redirectUri is not changing the hash. ${Gi}`,[ei]:"Unable to parse state. Please verify that the request originated from msal.",[ti]:"Hash contains state but the interaction type does not match the caller.",[ri]:`Interaction is currently in progress. Please ensure that this interaction has been completed before calling an interactive API. ${Gi}`,[ni]:"Error opening popup window. This can happen if you are using IE or if popups are blocked in the browser.",[oi]:"window.open returned null or undefined window object.",[ii]:"User cancelled the flow.",[si]:`Token acquisition in popup failed due to timeout. ${Gi}`,[ai]:`Token acquisition in iframe failed due to timeout. ${Gi}`,[ci]:"Redirects are not supported for iframed or brokered applications. Please ensure you are using MSAL.js in a top frame of the window if using the redirect APIs, or use the popup APIs.",[li]:`Request was blocked inside an iframe because MSAL detected an authentication response. ${Gi}`,[hi]:"Request was blocked inside a popup because MSAL detected it was running in a popup.",[di]:"The iframe being monitored was closed prematurely.",[ui]:"Silent logout not supported. Please call logoutRedirect or logoutPopup instead.",[gi]:"No account object provided to acquireTokenSilent and no active account has been set. Please call setActiveAccount or provide an account on the request.",[pi]:"The value given for the prompt value is not valid for silent requests - must be set to 'none' or 'no_session'.",[mi]:"No token request found in cache.",[fi]:"The cached token request could not be parsed.",[yi]:"Auth Request not set. Please ensure initiateAuthRequest was called from the InteractionHandler",[Ci]:"Invalid cache type",[vi]:"Login and token requests are not supported in non-browser environments.",[wi]:"Database is not open!",[Ii]:"No network connectivity. Check your internet connection.",[Ti]:"Network request failed: If the browser threw a CORS error, check that the redirectUri is registered in the Azure App Portal as type 'SPA'",[Ai]:"Network request failed. Please check the network trace to determine root cause.",[ki]:"Failed to parse network response. Check network trace.",[Si]:"Error loading token to cache.",[bi]:"Cryptographic Key or Keypair not found in browser storage.",[Ei]:"An authorization code must be provided (as the `code` property on the request) to this flow.",[Ri]:"An authorization code or nativeAccountId must be provided to this flow.",[_i]:"Request cannot contain both spa code and native account id.",[Pi]:"IndexedDB, which is required for persistent cryptographic key storage, is unavailable. This may be caused by browser privacy features which block persistent storage in third-party contexts.",[Mi]:`Unable to acquire token from native platform. ${Gi}`,[Oi]:"Timed out while attempting to establish connection to browser extension",[qi]:"Native extension is not installed. If you think this is a mistake call the initialize function.",[Ni]:`Connection to native platform has not been established. Please install a compatible browser extension and run initialize(). ${Gi}`,[Ui]:`You must call and await the initialize function before attempting to call any other MSAL API. ${Gi}`,[Li]:"The provided prompt is not supported by the native platform. This request should be routed to the web based flow.",[Hi]:"Invalid base64 encoded string.",[xi]:"Invalid PoP token request. The request should not have both a popKid value and signPopToken set to true.",[Di]:"Failed to build request headers object.",[Bi]:"Failed to parse response headers",[Fi]:"Failed to decrypt ear response",[zi]:"The request timed out."},Qi={pkceNotGenerated:{code:Qo,desc:$i[Qo]},cryptoDoesNotExist:{code:Vo,desc:$i[Vo]},emptyNavigateUriError:{code:Jo,desc:$i[Jo]},hashEmptyError:{code:Yo,desc:$i[Yo]},hashDoesNotContainStateError:{code:Xo,desc:$i[Xo]},hashDoesNotContainKnownPropertiesError:{code:Zo,desc:$i[Zo]},unableToParseStateError:{code:ei,desc:$i[ei]},stateInteractionTypeMismatchError:{code:ti,desc:$i[ti]},interactionInProgress:{code:ri,desc:$i[ri]},popupWindowError:{code:ni,desc:$i[ni]},emptyWindowError:{code:oi,desc:$i[oi]},userCancelledError:{code:ii,desc:$i[ii]},monitorPopupTimeoutError:{code:si,desc:$i[si]},monitorIframeTimeoutError:{code:ai,desc:$i[ai]},redirectInIframeError:{code:ci,desc:$i[ci]},blockTokenRequestsInHiddenIframeError:{code:li,desc:$i[li]},blockAcquireTokenInPopupsError:{code:hi,desc:$i[hi]},iframeClosedPrematurelyError:{code:di,desc:$i[di]},silentLogoutUnsupportedError:{code:ui,desc:$i[ui]},noAccountError:{code:gi,desc:$i[gi]},silentPromptValueError:{code:pi,desc:$i[pi]},noTokenRequestCacheError:{code:mi,desc:$i[mi]},unableToParseTokenRequestCacheError:{code:fi,desc:$i[fi]},authRequestNotSet:{code:yi,desc:$i[yi]},invalidCacheType:{code:Ci,desc:$i[Ci]},notInBrowserEnvironment:{code:vi,desc:$i[vi]},databaseNotOpen:{code:wi,desc:$i[wi]},noNetworkConnectivity:{code:Ii,desc:$i[Ii]},postRequestFailed:{code:Ti,desc:$i[Ti]},getRequestFailed:{code:Ai,desc:$i[Ai]},failedToParseNetworkResponse:{code:ki,desc:$i[ki]},unableToLoadTokenError:{code:Si,desc:$i[Si]},signingKeyNotFoundInStorage:{code:bi,desc:$i[bi]},authCodeRequired:{code:Ei,desc:$i[Ei]},authCodeOrNativeAccountRequired:{code:Ri,desc:$i[Ri]},spaCodeAndNativeAccountPresent:{code:_i,desc:$i[_i]},databaseUnavailable:{code:Pi,desc:$i[Pi]},unableToAcquireTokenFromNativePlatform:{code:Mi,desc:$i[Mi]},nativeHandshakeTimeout:{code:Oi,desc:$i[Oi]},nativeExtensionNotInstalled:{code:qi,desc:$i[qi]},nativeConnectionNotEstablished:{code:Ni,desc:$i[Ni]},uninitializedPublicClientApplication:{code:Ui,desc:$i[Ui]},nativePromptNotSupported:{code:Li,desc:$i[Li]},invalidBase64StringError:{code:Hi,desc:$i[Hi]},invalidPopTokenRequest:{code:xi,desc:$i[xi]}};class ji extends Ce{constructor(e,t){super(e,$i[e],t),Object.setPrototypeOf(this,ji.prototype),this.name="BrowserAuthError"}}function Wi(e,t){return new ji(e,t)}const Vi="invalid_grant",Ji=483,Yi=600,Xi="msal",Zi=30,es="msal.js.browser",ts="53ee284d-920a-4b59-9d30-a60315b26836",rs="ppnbnpeolgkicgegkbkbjmhlideopiji",ns="MATS",os="MicrosoftEntra",is="DOM API",ss="get-token-and-sign-out",as="PlatformAuthDOMHandler",cs="PlatformAuthExtensionHandler",ls="Handshake",hs="HandshakeResponse",ds="GetToken",us="Response",gs={LocalStorage:"localStorage",SessionStorage:"sessionStorage",MemoryStorage:"memoryStorage"},ps="GET",ms="POST",fs="signin",ys="signout",Cs="request.origin",vs="urlHash",ws="request.params",Is="code.verifier",Ts="interaction.status",As="request.native",ks="wrapper.sku",Ss="wrapper.version",bs={acquireTokenRedirect:861,acquireTokenPopup:862,ssoSilent:863,acquireTokenSilent_authCode:864,handleRedirectPromise:865,acquireTokenByCode:866,acquireTokenSilent_silentFlow:61,logout:961,logoutPopup:962};var Es;e.InteractionType=void 0,(Es=e.InteractionType||(e.InteractionType={})).Redirect="redirect",Es.Popup="popup",Es.Silent="silent",Es.None="none";const Rs={Startup:"startup",Login:"login",Logout:"logout",AcquireToken:"acquireToken",SsoSilent:"ssoSilent",HandleRedirect:"handleRedirect",None:"none"},_s={scopes:h},Ps="msal.db",Ms=`${Ps}.keys`,Os={Default:0,AccessToken:1,AccessTokenAndRefreshToken:2,RefreshToken:3,RefreshTokenAndNetwork:4,Skip:5},qs=[Os.Default,Os.Skip,Os.RefreshTokenAndNetwork];function Ns(e){return encodeURIComponent(Ls(e).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_"))}function Us(e){return Hs(e).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")}function Ls(e){return Hs((new TextEncoder).encode(e))}function Hs(e){const t=Array.from(e,(e=>String.fromCodePoint(e))).join("");return btoa(t)}function xs(e){return(new TextDecoder).decode(Ds(e))}function Ds(e){let t=e.replace(/-/g,"+").replace(/_/g,"/");switch(t.length%4){case 0:break;case 2:t+="==";break;case 3:t+="=";break;default:throw Wi(Hi)}const r=atob(t);return Uint8Array.from(r,(e=>e.codePointAt(0)||0))}const Bs="AES-GCM",Fs="HKDF",zs="SHA-256",Ks=new Uint8Array([1,0,1]),Gs="0123456789abcdef",$s=new Uint32Array(1),Qs="raw",js="encrypt",Ws="decrypt",Vs={name:"RSASSA-PKCS1-v1_5",hash:zs,modulusLength:2048,publicExponent:Ks};async function Js(e,t,r){t?.addQueueMeasurement(vr.Sha256Digest,r);const n=(new TextEncoder).encode(e);return window.crypto.subtle.digest(zs,n)}function Ys(e){return window.crypto.getRandomValues(e)}function Xs(){return window.crypto.getRandomValues($s),$s[0]}function Zs(){const e=Date.now(),t=1024*Xs()+(1023&Xs()),r=new Uint8Array(16),n=Math.trunc(t/2**30),o=t&2**30-1,i=Xs();r[0]=e/2**40,r[1]=e/2**32,r[2]=e/2**24,r[3]=e/65536,r[4]=e/256,r[5]=e,r[6]=112|n>>>8,r[7]=n,r[8]=128|o>>>24,r[9]=o>>>16,r[10]=o>>>8,r[11]=o,r[12]=i>>>24,r[13]=i>>>16,r[14]=i>>>8,r[15]=i;let s="";for(let e=0;e<r.length;e++)s+=Gs.charAt(r[e]>>>4),s+=Gs.charAt(15&r[e]),3!==e&&5!==e&&7!==e&&9!==e||(s+="-");return s}async function ea(e){return window.crypto.subtle.exportKey("jwk",e)}async function ta(){const e=await na(),t={alg:"dir",kty:"oct",k:Us(new Uint8Array(e))};return Ls(JSON.stringify(t))}async function ra(e,t){const r=t.split(".");if(5!==r.length)throw Wi(Fi,"jwe_length");const n=await async function(e){const t=xs(e),r=Ds(JSON.parse(t).k);return window.crypto.subtle.importKey(Qs,r,Bs,!1,[Ws])}(e).catch((()=>{throw Wi(Fi,"import_key")}));try{const e=(new TextEncoder).encode(r[0]),t=Ds(r[2]),o=Ds(r[3]),i=Ds(r[4]),s=8*i.byteLength,a=new Uint8Array(o.length+i.length);a.set(o),a.set(i,o.length);const c=await window.crypto.subtle.decrypt({name:Bs,iv:t,tagLength:s,additionalData:e},n,a);return(new TextDecoder).decode(c)}catch(e){throw Wi(Fi,"decrypt")}}async function na(){const e=await window.crypto.subtle.generateKey({name:Bs,length:256},!0,[js,Ws]);return window.crypto.subtle.exportKey(Qs,e)}async function oa(e){return window.crypto.subtle.importKey(Qs,e,Fs,!1,["deriveKey"])}async function ia(e,t,r){return window.crypto.subtle.deriveKey({name:Fs,salt:t,hash:zs,info:(new TextEncoder).encode(r)},e,{name:Bs,length:256},!1,[js,Ws])}async function sa(e,t,r){const n=(new TextEncoder).encode(t),o=window.crypto.getRandomValues(new Uint8Array(16)),i=await ia(e,o,r),s=await window.crypto.subtle.encrypt({name:Bs,iv:new Uint8Array(12)},i,n);return{data:Us(new Uint8Array(s)),nonce:Us(o)}}async function aa(e,t,r,n){const o=Ds(n),i=await ia(e,Ds(t),r),s=await window.crypto.subtle.decrypt({name:Bs,iv:new Uint8Array(12)},i,o);return(new TextDecoder).decode(s)}async function ca(e){const t=await Js(e);return Us(new Uint8Array(t))}const la="storage_not_supported",ha="stubbed_public_client_application_called",da="in_mem_redirect_unavailable";var ua=Object.freeze({__proto__:null,inMemRedirectUnavailable:da,storageNotSupported:la,stubbedPublicClientApplicationCalled:ha});const ga={[la]:"Given storage configuration option was not supported.",[ha]:"Stub instance of Public Client Application was called. If using msal-react, please ensure context is not used without a provider. For more visit: aka.ms/msaljs/browser-errors",[da]:"Redirect cannot be supported. In-memory storage was selected and storeAuthStateInCookie=false, which would cause the library to be unable to handle the incoming hash. If you would like to use the redirect API, please use session/localStorage or set storeAuthStateInCookie=true."},pa={storageNotSupportedError:{code:la,desc:ga[la]},stubPcaInstanceCalled:{code:ha,desc:ga[ha]},inMemRedirectUnavailable:{code:da,desc:ga[da]}};class ma extends Ce{constructor(e,t){super(e,t),this.name="BrowserConfigurationAuthError",Object.setPrototypeOf(this,ma.prototype)}}function fa(e){return new ma(e,ga[e])}function ya(e){e.location.hash="","function"==typeof e.history.replaceState&&e.history.replaceState(null,"",`${e.location.origin}${e.location.pathname}${e.location.search}`)}function Ca(e){const t=e.split("#");t.shift(),window.location.hash=t.length>0?t.join("#"):""}function va(){return window.parent!==window}function wa(){return"undefined"!=typeof window&&!!window.opener&&window.opener!==window&&"string"==typeof window.name&&0===window.name.indexOf(`${Xi}.`)}function Ia(){return"undefined"!=typeof window&&window.location?window.location.href.split("?")[0].split("#")[0]:""}function Ta(){const e=new ir(window.location.href).getUrlComponents();return`${e.Protocol}//${e.HostNameAndPort}/`}function Aa(){if(ir.hashContainsKnownProperties(window.location.hash)&&va())throw Wi(li)}function ka(e){if(va()&&!e)throw Wi(ci)}function Sa(){if(wa())throw Wi(hi)}function ba(){if("undefined"==typeof window)throw Wi(vi)}function Ea(e){if(!e)throw Wi(Ui)}function Ra(e){ba(),Aa(),Sa(),Ea(e)}function _a(e,t){if(Ra(e),ka(t.system.allowRedirectInIframe),t.cache.cacheLocation===gs.MemoryStorage&&!t.cache.storeAuthStateInCookie)throw fa(da)}function Pa(e){const t=document.createElement("link");t.rel="preconnect",t.href=new URL(e).origin,t.crossOrigin="anonymous",document.head.appendChild(t),window.setTimeout((()=>{try{document.head.removeChild(t)}catch{}}),1e4)}function Ma(){return Zs()}var Oa=Object.freeze({__proto__:null,blockAPICallsBeforeInitialize:Ea,blockAcquireTokenInPopups:Sa,blockNonBrowserEnvironment:ba,blockRedirectInIframe:ka,blockReloadInHiddenIframes:Aa,clearHash:ya,createGuid:Ma,getCurrentUri:Ia,getHomepage:Ta,invoke:En,invokeAsync:Rn,isInIframe:va,isInPopup:wa,preconnect:Pa,preflightCheck:Ra,redirectPreflightCheck:_a,replaceHash:Ca});class qa{navigateInternal(e,t){return qa.defaultNavigateWindow(e,t)}navigateExternal(e,t){return qa.defaultNavigateWindow(e,t)}static defaultNavigateWindow(e,t){return t.noHistory?window.location.replace(e):window.location.assign(e),new Promise(((e,r)=>{setTimeout((()=>{r(Wi(zi,"failed_to_redirect"))}),t.timeout)}))}}class Na{async sendGetRequestAsync(e,t){let r,n={},o=0;const i=Ua(t);try{r=await fetch(e,{method:ps,headers:i})}catch(e){throw eo(Wi(window.navigator.onLine?Ai:Ii),void 0,void 0,e)}n=La(r.headers);try{return o=r.status,{headers:n,body:await r.json(),status:o}}catch(e){throw eo(Wi(ki),o,n,e)}}async sendPostRequestAsync(e,t){const r=t&&t.body||"",n=Ua(t);let o,i=0,s={};try{o=await fetch(e,{method:ms,headers:n,body:r})}catch(e){throw eo(Wi(window.navigator.onLine?Ti:Ii),void 0,void 0,e)}s=La(o.headers);try{return i=o.status,{headers:s,body:await o.json(),status:i}}catch(e){throw eo(Wi(ki),i,s,e)}}}function Ua(e){try{const t=new Headers;if(!e||!e.headers)return t;const r=e.headers;return Object.entries(r).forEach((([e,r])=>{t.append(e,r)})),t}catch(e){throw eo(Wi(Di),void 0,void 0,e)}}function La(e){try{const t={};return e.forEach(((e,r)=>{t[r]=e})),t}catch(e){throw Wi(Bi)}}const Ha=1e4;const xa="@azure/msal-browser",Da="4.19.0",Ba="msal",Fa="browser",za=`${Ba}.${Fa}.log.level`,Ka=`${Ba}.${Fa}.log.pii`,Ga=`${Ba}.${Fa}.performance.enabled`,$a=`${Ba}.${Fa}.platform.auth.dom`,Qa=`${Ba}.version`,ja="account.keys",Wa="token.keys";function Va(e=1){return e<1?`${Ba}.${ja}`:`${Ba}.${e}.${ja}`}function Ja(e,t=1){return t<1?`${Ba}.${Wa}.${e}`:`${Ba}.${t}.${Wa}.${e}`}class Ya{static loggerCallback(t,r){switch(t){case e.LogLevel.Error:return void console.error(r);case e.LogLevel.Info:return void console.info(r);case e.LogLevel.Verbose:return void console.debug(r);case e.LogLevel.Warning:return void console.warn(r);default:return void console.log(r)}}constructor(r){let n;this.browserEnvironment="undefined"!=typeof window,this.config=function({auth:r,cache:n,system:o,telemetry:i},s){const a={clientId:t.EMPTY_STRING,authority:`${t.DEFAULT_AUTHORITY}`,knownAuthorities:[],cloudDiscoveryMetadata:t.EMPTY_STRING,authorityMetadata:t.EMPTY_STRING,redirectUri:"undefined"!=typeof window?Ia():"",postLogoutRedirectUri:t.EMPTY_STRING,navigateToLoginRequestUrl:!0,clientCapabilities:[],protocolMode:Cr.AAD,OIDCOptions:{serverResponseType:_.FRAGMENT,defaultScopes:[t.OPENID_SCOPE,t.PROFILE_SCOPE,t.OFFLINE_ACCESS_SCOPE]},azureCloudOptions:{azureCloudInstance:wt.None,tenant:t.EMPTY_STRING},skipAuthorityMetadataCache:!1,supportsNestedAppAuth:!1,instanceAware:!1,encodeExtraQueryParams:!1},c={cacheLocation:gs.SessionStorage,cacheRetentionDays:5,temporaryCacheLocation:gs.SessionStorage,storeAuthStateInCookie:!1,secureCookies:!1,cacheMigrationEnabled:!(!n||n.cacheLocation!==gs.LocalStorage),claimsBasedCachingEnabled:!1},l={loggerCallback:()=>{},logLevel:e.LogLevel.Info,piiLoggingEnabled:!1},h={...{...br,loggerOptions:l,networkClient:s?new Na:Mo,navigationClient:new qa,loadFrameTimeout:0,windowHashTimeout:o?.loadFrameTimeout||6e4,iframeHashTimeout:o?.loadFrameTimeout||Ha,navigateFrameWait:0,redirectNavigationTimeout:3e4,asyncPopups:!1,allowRedirectInIframe:!1,allowPlatformBroker:!1,nativeBrokerHandshakeTimeout:o?.nativeBrokerHandshakeTimeout||2e3,pollIntervalMilliseconds:Zi},...o,loggerOptions:o?.loggerOptions||l},d={application:{appName:t.EMPTY_STRING,appVersion:t.EMPTY_STRING},client:new Sr};r?.protocolMode!==Cr.OIDC&&r?.OIDCOptions&&new yt(h.loggerOptions).warning(JSON.stringify(Wt(Dt)));if(r?.protocolMode&&r.protocolMode===Cr.OIDC&&h?.allowPlatformBroker)throw Wt(Bt);return{auth:{...a,...r,OIDCOptions:{...a.OIDCOptions,...r?.OIDCOptions}},cache:{...c,...n},system:h,telemetry:{...d,...i}}}(r,this.browserEnvironment);try{n=window[gs.SessionStorage]}catch(e){}const o=n?.getItem(za),i=n?.getItem(Ka)?.toLowerCase(),s="true"===i||"false"!==i&&void 0,a={...this.config.system.loggerOptions},c=o&&Object.keys(e.LogLevel).includes(o)?e.LogLevel[o]:void 0;c&&(a.loggerCallback=Ya.loggerCallback,a.logLevel=c),void 0!==s&&(a.piiLoggingEnabled=s),this.logger=new yt(a,xa,Da),this.available=!1}getConfig(){return this.config}getLogger(){return this.logger}isAvailable(){return this.available}isBrowserEnvironment(){return this.browserEnvironment}}const Xa="USER_INTERACTION_REQUIRED",Za="USER_CANCEL",ec="NO_NETWORK",tc="TRANSIENT_ERROR",rc="PERSISTENT_ERROR",nc="DISABLED",oc="ACCOUNT_UNAVAILABLE",ic="NESTED_APP_AUTH_UNAVAILABLE";class sc{static async initializeNestedAppAuthBridge(){if(void 0===window)throw new Error("window is undefined");if(void 0===window.nestedAppAuthBridge)throw new Error("window.nestedAppAuthBridge is undefined");try{window.nestedAppAuthBridge.addEventListener("message",(e=>{const t="string"==typeof e?e:e.data,r=JSON.parse(t),n=sc.bridgeRequests.find((e=>e.requestId===r.requestId));void 0!==n&&(sc.bridgeRequests.splice(sc.bridgeRequests.indexOf(n),1),r.success?n.resolve(r):n.reject(r.error))}));const e=await new Promise(((e,t)=>{const r=sc.buildRequest("GetInitContext"),n={requestId:r.requestId,method:r.method,resolve:e,reject:t};sc.bridgeRequests.push(n),window.nestedAppAuthBridge.postMessage(JSON.stringify(r))}));return sc.validateBridgeResultOrThrow(e.initContext)}catch(e){throw window.console.log(e),e}}getTokenInteractive(e){return this.getToken("GetTokenPopup",e)}getTokenSilent(e){return this.getToken("GetToken",e)}async getToken(e,t){const r=await this.sendRequest(e,{tokenParams:t});return{token:sc.validateBridgeResultOrThrow(r.token),account:sc.validateBridgeResultOrThrow(r.account)}}getHostCapabilities(){return this.capabilities??null}getAccountContext(){return this.accountContext?this.accountContext:null}static buildRequest(e,t){return{messageType:"NestedAppAuthRequest",method:e,requestId:Zs(),sendTime:Date.now(),clientLibrary:es,clientLibraryVersion:Da,...t}}sendRequest(e,t){const r=sc.buildRequest(e,t);return new Promise(((e,t)=>{const n={requestId:r.requestId,method:r.method,resolve:e,reject:t};sc.bridgeRequests.push(n),window.nestedAppAuthBridge.postMessage(JSON.stringify(r))}))}static validateBridgeResultOrThrow(e){if(void 0===e){throw{status:ic}}return e}constructor(e,t,r,n){this.sdkName=e,this.sdkVersion=t,this.accountContext=r,this.capabilities=n}static async create(){const e=await sc.initializeNestedAppAuthBridge();return new sc(e.sdkName,e.sdkVersion,e.accountContext,e.capabilities)}}sc.bridgeRequests=[];class ac extends Ya{constructor(){super(...arguments),this.bridgeProxy=void 0,this.accountContext=null}getModuleName(){return ac.MODULE_NAME}getId(){return ac.ID}getBridgeProxy(){return this.bridgeProxy}async initialize(){try{if("undefined"!=typeof window){"function"==typeof window.__initializeNestedAppAuth&&await window.__initializeNestedAppAuth();const e=await sc.create();this.accountContext=e.getAccountContext(),this.bridgeProxy=e,this.available=void 0!==e}}catch(e){this.logger.infoPii(`Could not initialize Nested App Auth bridge (${e})`)}return this.logger.info(`Nested App Auth Bridge available: ${this.available}`),this.available}}ac.MODULE_NAME="",ac.ID="NestedAppOperatingContext";class cc extends Ya{getModuleName(){return cc.MODULE_NAME}getId(){return cc.ID}async initialize(){return this.available="undefined"!=typeof window,this.available}}cc.MODULE_NAME="",cc.ID="StandardOperatingContext";class lc{constructor(){this.dbName=Ps,this.version=1,this.tableName=Ms,this.dbOpen=!1}async open(){return new Promise(((e,t)=>{const r=window.indexedDB.open(this.dbName,this.version);r.addEventListener("upgradeneeded",(e=>{e.target.result.createObjectStore(this.tableName)})),r.addEventListener("success",(t=>{const r=t;this.db=r.target.result,this.dbOpen=!0,e()})),r.addEventListener("error",(()=>t(Wi(Pi))))}))}closeConnection(){const e=this.db;e&&this.dbOpen&&(e.close(),this.dbOpen=!1)}async validateDbIsOpen(){if(!this.dbOpen)return this.open()}async getItem(e){return await this.validateDbIsOpen(),new Promise(((t,r)=>{if(!this.db)return r(Wi(wi));const n=this.db.transaction([this.tableName],"readonly").objectStore(this.tableName).get(e);n.addEventListener("success",(e=>{const r=e;this.closeConnection(),t(r.target.result)})),n.addEventListener("error",(e=>{this.closeConnection(),r(e)}))}))}async setItem(e,t){return await this.validateDbIsOpen(),new Promise(((r,n)=>{if(!this.db)return n(Wi(wi));const o=this.db.transaction([this.tableName],"readwrite").objectStore(this.tableName).put(t,e);o.addEventListener("success",(()=>{this.closeConnection(),r()})),o.addEventListener("error",(e=>{this.closeConnection(),n(e)}))}))}async removeItem(e){return await this.validateDbIsOpen(),new Promise(((t,r)=>{if(!this.db)return r(Wi(wi));const n=this.db.transaction([this.tableName],"readwrite").objectStore(this.tableName).delete(e);n.addEventListener("success",(()=>{this.closeConnection(),t()})),n.addEventListener("error",(e=>{this.closeConnection(),r(e)}))}))}async getKeys(){return await this.validateDbIsOpen(),new Promise(((e,t)=>{if(!this.db)return t(Wi(wi));const r=this.db.transaction([this.tableName],"readonly").objectStore(this.tableName).getAllKeys();r.addEventListener("success",(t=>{const r=t;this.closeConnection(),e(r.target.result)})),r.addEventListener("error",(e=>{this.closeConnection(),t(e)}))}))}async containsKey(e){return await this.validateDbIsOpen(),new Promise(((t,r)=>{if(!this.db)return r(Wi(wi));const n=this.db.transaction([this.tableName],"readonly").objectStore(this.tableName).count(e);n.addEventListener("success",(e=>{const r=e;this.closeConnection(),t(1===r.target.result)})),n.addEventListener("error",(e=>{this.closeConnection(),r(e)}))}))}async deleteDatabase(){return this.db&&this.dbOpen&&this.closeConnection(),new Promise(((e,t)=>{const r=window.indexedDB.deleteDatabase(Ps),n=setTimeout((()=>t(!1)),200);r.addEventListener("success",(()=>(clearTimeout(n),e(!0)))),r.addEventListener("blocked",(()=>(clearTimeout(n),e(!0)))),r.addEventListener("error",(()=>(clearTimeout(n),t(!1))))}))}}class hc{constructor(){this.cache=new Map}async initialize(){}getItem(e){return this.cache.get(e)||null}getUserData(e){return this.getItem(e)}setItem(e,t){this.cache.set(e,t)}async setUserData(e,t){this.setItem(e,t)}removeItem(e){this.cache.delete(e)}getKeys(){const e=[];return this.cache.forEach(((t,r)=>{e.push(r)})),e}containsKey(e){return this.cache.has(e)}clear(){this.cache.clear()}decryptData(){return Promise.resolve(null)}}class dc{constructor(e){this.inMemoryCache=new hc,this.indexedDBCache=new lc,this.logger=e}handleDatabaseAccessError(e){if(!(e instanceof ji&&e.errorCode===Pi))throw e;this.logger.error("Could not access persistent storage. This may be caused by browser privacy features which block persistent storage in third-party contexts.")}async getItem(e){const t=this.inMemoryCache.getItem(e);if(!t)try{return this.logger.verbose("Queried item not found in in-memory cache, now querying persistent storage."),await this.indexedDBCache.getItem(e)}catch(e){this.handleDatabaseAccessError(e)}return t}async setItem(e,t){this.inMemoryCache.setItem(e,t);try{await this.indexedDBCache.setItem(e,t)}catch(e){this.handleDatabaseAccessError(e)}}async removeItem(e){this.inMemoryCache.removeItem(e);try{await this.indexedDBCache.removeItem(e)}catch(e){this.handleDatabaseAccessError(e)}}async getKeys(){const e=this.inMemoryCache.getKeys();if(0===e.length)try{return this.logger.verbose("In-memory cache is empty, now querying persistent storage."),await this.indexedDBCache.getKeys()}catch(e){this.handleDatabaseAccessError(e)}return e}async containsKey(e){const t=this.inMemoryCache.containsKey(e);if(!t)try{return this.logger.verbose("Key not found in in-memory cache, now querying persistent storage."),await this.indexedDBCache.containsKey(e)}catch(e){this.handleDatabaseAccessError(e)}return t}clearInMemory(){this.logger.verbose("Deleting in-memory keystore"),this.inMemoryCache.clear(),this.logger.verbose("In-memory keystore deleted")}async clearPersistent(){try{this.logger.verbose("Deleting persistent keystore");const e=await this.indexedDBCache.deleteDatabase();return e&&this.logger.verbose("Persistent keystore deleted"),e}catch(e){return this.handleDatabaseAccessError(e),!1}}}class uc{constructor(e,t,r){this.logger=e,function(e){if(!window)throw Wi(vi);if(!window.crypto)throw Wi(Vo);if(!e&&!window.crypto.subtle)throw Wi(Vo,"crypto_subtle_undefined")}(r??!1),this.cache=new dc(this.logger),this.performanceClient=t}createNewGuid(){return Zs()}base64Encode(e){return Ls(e)}base64Decode(e){return xs(e)}base64UrlEncode(e){return Ns(e)}encodeKid(e){return this.base64UrlEncode(JSON.stringify({kid:e}))}async getPublicKeyThumbprint(e){const t=this.performanceClient?.startMeasurement(vr.CryptoOptsGetPublicKeyThumbprint,e.correlationId),r=await async function(e,t){return window.crypto.subtle.generateKey(Vs,e,t)}(uc.EXTRACTABLE,uc.POP_KEY_USAGES),n=await ea(r.publicKey),o=gc({e:n.e,kty:n.kty,n:n.n}),i=await this.hashString(o),s=await ea(r.privateKey),a=await async function(e,t,r){return window.crypto.subtle.importKey("jwk",e,Vs,t,r)}(s,!1,["sign"]);return await this.cache.setItem(i,{privateKey:a,publicKey:r.publicKey,requestMethod:e.resourceRequestMethod,requestUri:e.resourceRequestUri}),t&&t.end({success:!0}),i}async removeTokenBindingKey(e){await this.cache.removeItem(e);if(await this.cache.containsKey(e))throw pt(rt)}async clearKeystore(){this.cache.clearInMemory();try{return await this.cache.clearPersistent(),!0}catch(e){return e instanceof Error?this.logger.error(`Clearing keystore failed with error: ${e.message}`):this.logger.error("Clearing keystore failed with unknown error"),!1}}async signJwt(e,t,r,n){const o=this.performanceClient?.startMeasurement(vr.CryptoOptsSignJwt,n),i=await this.cache.getItem(t);if(!i)throw Wi(bi);const s=await ea(i.publicKey),a=gc(s),c=Ns(JSON.stringify({kid:t})),l=Ns(zo.getShrHeaderString({...r?.header,alg:s.alg,kid:c}));e.cnf={jwk:JSON.parse(a)};const h=`${l}.${Ns(JSON.stringify(e))}`,d=(new TextEncoder).encode(h),u=await async function(e,t){return window.crypto.subtle.sign(Vs,e,t)}(i.privateKey,d),g=`${h}.${Us(new Uint8Array(u))}`;return o&&o.end({success:!0}),g}async hashString(e){return ca(e)}}function gc(e){return JSON.stringify(e,Object.keys(e).sort())}uc.POP_KEY_USAGES=["sign","verify"],uc.EXTRACTABLE=!0;const pc=864e5,mc="Lax",fc="None";class yc{initialize(){return Promise.resolve()}getItem(e){const t=`${encodeURIComponent(e)}`,r=document.cookie.split(";");for(let e=0;e<r.length;e++){const n=r[e],[o,...i]=decodeURIComponent(n).trim().split("="),s=i.join("=");if(o===t)return s}return""}getUserData(){throw pt(ct)}setItem(e,t,r,n=!0,o=mc){let i=`${encodeURIComponent(e)}=${encodeURIComponent(t)};path=/;SameSite=${o};`;if(r){const e=function(e){const t=new Date,r=new Date(t.getTime()+e*pc);return r.toUTCString()}(r);i+=`expires=${e};`}(n||o===fc)&&(i+="Secure;"),document.cookie=i}async setUserData(){return Promise.reject(pt(ct))}removeItem(e){this.setItem(e,"",-1)}getKeys(){const e=document.cookie.split(";"),t=[];return e.forEach((e=>{const r=decodeURIComponent(e).trim().split("=");t.push(r[0])})),t}containsKey(e){return this.getKeys().includes(e)}decryptData(){return Promise.resolve(null)}}function Cc(e,t){const r=e.getItem(Va(t));return r?JSON.parse(r):[]}function vc(e,t,r){const n=t.getItem(Ja(e,r));if(n){const e=JSON.parse(n);if(e&&e.hasOwnProperty("idToken")&&e.hasOwnProperty("accessToken")&&e.hasOwnProperty("refreshToken"))return e}return{idToken:[],accessToken:[],refreshToken:[]}}function wc(e){return e.hasOwnProperty("id")&&e.hasOwnProperty("nonce")&&e.hasOwnProperty("data")}const Ic="msal.cache.encryption";class Tc{constructor(e,t,r){if(!window.localStorage)throw fa(la);this.memoryStorage=new hc,this.initialized=!1,this.clientId=e,this.logger=t,this.performanceClient=r,this.broadcast=new BroadcastChannel("msal.broadcast.cache")}async initialize(e){const t=new yc,r=t.getItem(Ic);let n={key:"",id:""};if(r)try{n=JSON.parse(r)}catch(e){}if(n.key&&n.id){const t=En(Ds,vr.Base64Decode,this.logger,this.performanceClient,e)(n.key);this.encryptionCookie={id:n.id,key:await Rn(oa,vr.GenerateHKDF,this.logger,this.performanceClient,e)(t)}}else{const r=Zs(),n=await Rn(na,vr.GenerateBaseKey,this.logger,this.performanceClient,e)(),o=En(Us,vr.UrlEncodeArr,this.logger,this.performanceClient,e)(new Uint8Array(n));this.encryptionCookie={id:r,key:await Rn(oa,vr.GenerateHKDF,this.logger,this.performanceClient,e)(n)};const i={id:r,key:o};t.setItem(Ic,JSON.stringify(i),0,!0,fc)}await Rn(this.importExistingCache.bind(this),vr.ImportExistingCache,this.logger,this.performanceClient,e)(e),this.broadcast.addEventListener("message",this.updateCache.bind(this)),this.initialized=!0}getItem(e){return window.localStorage.getItem(e)}getUserData(e){if(!this.initialized)throw Wi(Ui);return this.memoryStorage.getItem(e)}async decryptData(e,t,r){if(!this.initialized||!this.encryptionCookie)throw Wi(Ui);if(t.id!==this.encryptionCookie.id)return this.performanceClient.incrementFields({encryptedCacheExpiredCount:1},r),null;const n=await Rn(aa,vr.Decrypt,this.logger,this.performanceClient,r)(this.encryptionCookie.key,t.nonce,this.getContext(e),t.data);if(!n)return null;try{return JSON.parse(n)}catch(e){return this.performanceClient.incrementFields({encryptedCacheCorruptionCount:1},r),null}}setItem(e,t){window.localStorage.setItem(e,t)}async setUserData(e,t,r,n){if(!this.initialized||!this.encryptionCookie)throw Wi(Ui);const{data:o,nonce:i}=await Rn(sa,vr.Encrypt,this.logger,this.performanceClient,r)(this.encryptionCookie.key,t,this.getContext(e)),s={id:this.encryptionCookie.id,nonce:i,data:o,lastUpdatedAt:n};this.memoryStorage.setItem(e,t),this.setItem(e,JSON.stringify(s)),this.broadcast.postMessage({key:e,value:t,context:this.getContext(e)})}removeItem(e){this.memoryStorage.containsKey(e)&&(this.memoryStorage.removeItem(e),this.broadcast.postMessage({key:e,value:null,context:this.getContext(e)})),window.localStorage.removeItem(e)}getKeys(){return Object.keys(window.localStorage)}containsKey(e){return window.localStorage.hasOwnProperty(e)}clear(){this.memoryStorage.clear();Cc(this).forEach((e=>this.removeItem(e)));const e=vc(this.clientId,this);e.idToken.forEach((e=>this.removeItem(e))),e.accessToken.forEach((e=>this.removeItem(e))),e.refreshToken.forEach((e=>this.removeItem(e))),this.getKeys().forEach((e=>{(e.startsWith(Ba)||-1!==e.indexOf(this.clientId))&&this.removeItem(e)}))}async importExistingCache(e){if(!this.encryptionCookie)return;let t=Cc(this);t=await this.importArray(t,e),t.length?this.setItem(Va(),JSON.stringify(t)):this.removeItem(Va());const r=vc(this.clientId,this);r.idToken=await this.importArray(r.idToken,e),r.accessToken=await this.importArray(r.accessToken,e),r.refreshToken=await this.importArray(r.refreshToken,e),r.idToken.length||r.accessToken.length||r.refreshToken.length?this.setItem(Ja(this.clientId),JSON.stringify(r)):this.removeItem(Ja(this.clientId))}async getItemFromEncryptedCache(e,t){if(!this.encryptionCookie)return null;const r=this.getItem(e);if(!r)return null;let n;try{n=JSON.parse(r)}catch(e){return null}return wc(n)?n.id!==this.encryptionCookie.id?(this.performanceClient.incrementFields({encryptedCacheExpiredCount:1},t),null):Rn(aa,vr.Decrypt,this.logger,this.performanceClient,t)(this.encryptionCookie.key,n.nonce,this.getContext(e),n.data):(this.performanceClient.incrementFields({unencryptedCacheCount:1},t),n)}async importArray(e,t){const r=[],n=[];return e.forEach((e=>{const o=this.getItemFromEncryptedCache(e,t).then((t=>{t?(this.memoryStorage.setItem(e,t),r.push(e)):this.removeItem(e)}));n.push(o)})),await Promise.all(n),r}getContext(e){let t="";return e.includes(this.clientId)&&(t=this.clientId),t}updateCache(e){this.logger.trace("Updating internal cache from broadcast event");const t=this.performanceClient.startMeasurement(vr.LocalStorageUpdated);t.add({isBackground:!0});const{key:r,value:n,context:o}=e.data;return r?o&&o!==this.clientId?(this.logger.trace(`Ignoring broadcast event from clientId: ${o}`),void t.end({success:!1,errorCode:"contextMismatch"})):(n?(this.memoryStorage.setItem(r,n),this.logger.verbose("Updated item in internal cache")):(this.memoryStorage.removeItem(r),this.logger.verbose("Removed item from internal cache")),void t.end({success:!0})):(this.logger.error("Broadcast event missing key"),void t.end({success:!1,errorCode:"noKey"}))}}class Ac{constructor(){if(!window.sessionStorage)throw fa(la)}async initialize(){}getItem(e){return window.sessionStorage.getItem(e)}getUserData(e){return this.getItem(e)}setItem(e,t){window.sessionStorage.setItem(e,t)}async setUserData(e,t){this.setItem(e,t)}removeItem(e){window.sessionStorage.removeItem(e)}getKeys(){return Object.keys(window.sessionStorage)}containsKey(e){return window.sessionStorage.hasOwnProperty(e)}decryptData(){return Promise.resolve(null)}}const kc={INITIALIZE_START:"msal:initializeStart",INITIALIZE_END:"msal:initializeEnd",ACCOUNT_ADDED:"msal:accountAdded",ACCOUNT_REMOVED:"msal:accountRemoved",ACTIVE_ACCOUNT_CHANGED:"msal:activeAccountChanged",LOGIN_START:"msal:loginStart",LOGIN_SUCCESS:"msal:loginSuccess",LOGIN_FAILURE:"msal:loginFailure",ACQUIRE_TOKEN_START:"msal:acquireTokenStart",ACQUIRE_TOKEN_SUCCESS:"msal:acquireTokenSuccess",ACQUIRE_TOKEN_FAILURE:"msal:acquireTokenFailure",ACQUIRE_TOKEN_NETWORK_START:"msal:acquireTokenFromNetworkStart",SSO_SILENT_START:"msal:ssoSilentStart",SSO_SILENT_SUCCESS:"msal:ssoSilentSuccess",SSO_SILENT_FAILURE:"msal:ssoSilentFailure",ACQUIRE_TOKEN_BY_CODE_START:"msal:acquireTokenByCodeStart",ACQUIRE_TOKEN_BY_CODE_SUCCESS:"msal:acquireTokenByCodeSuccess",ACQUIRE_TOKEN_BY_CODE_FAILURE:"msal:acquireTokenByCodeFailure",HANDLE_REDIRECT_START:"msal:handleRedirectStart",HANDLE_REDIRECT_END:"msal:handleRedirectEnd",POPUP_OPENED:"msal:popupOpened",LOGOUT_START:"msal:logoutStart",LOGOUT_SUCCESS:"msal:logoutSuccess",LOGOUT_FAILURE:"msal:logoutFailure",LOGOUT_END:"msal:logoutEnd",RESTORE_FROM_BFCACHE:"msal:restoreFromBFCache",BROKER_CONNECTION_ESTABLISHED:"msal:brokerConnectionEstablished"};function Sc(e,t){const r=e.indexOf(t);r>-1&&e.splice(r,1)}class bc extends fr{constructor(e,t,r,n,o,i,s){super(e,r,n,o,s),this.cacheConfig=t,this.logger=n,this.internalStorage=new hc,this.browserStorage=Ec(e,t.cacheLocation,n,o),this.temporaryCacheStorage=Ec(e,t.temporaryCacheLocation,n,o),this.cookieStorage=new yc,this.eventHandler=i}async initialize(e){this.performanceClient.addFields({cacheLocation:this.cacheConfig.cacheLocation,cacheRetentionDays:this.cacheConfig.cacheRetentionDays},e),await this.browserStorage.initialize(e),await this.migrateExistingCache(e),this.trackVersionChanges(e)}async migrateExistingCache(e){const t=Cc(this.browserStorage,0),r=vc(this.clientId,this.browserStorage,0);this.performanceClient.addFields({oldAccountCount:t.length,oldAccessCount:r.accessToken.length,oldIdCount:r.idToken.length,oldRefreshCount:r.refreshToken.length},e);const n=Cc(this.browserStorage,1),o=vc(this.clientId,this.browserStorage,1);this.performanceClient.addFields({currAccountCount:n.length,currAccessCount:o.accessToken.length,currIdCount:o.idToken.length,currRefreshCount:o.refreshToken.length},e),await Promise.all([this.updateV0ToCurrent(1,t,n,e),this.updateV0ToCurrent(1,r.idToken,o.idToken,e),this.updateV0ToCurrent(1,r.accessToken,o.accessToken,e),this.updateV0ToCurrent(1,r.refreshToken,o.refreshToken,e)]),t.length>0?this.browserStorage.setItem(Va(0),JSON.stringify(t)):this.browserStorage.removeItem(Va(0)),n.length>0?this.browserStorage.setItem(Va(1),JSON.stringify(n)):this.browserStorage.removeItem(Va(1)),this.setTokenKeys(r,e,0),this.setTokenKeys(o,e,1)}async updateV0ToCurrent(e,t,r,n){const o=[];for(const i of[...t]){const s=this.browserStorage.getItem(i),a=this.validateAndParseJson(s||"");if(!a){Sc(t,i);continue}a.lastUpdatedAt||(a.lastUpdatedAt=Date.now().toString(),this.setItem(i,JSON.stringify(a),n));const c=wc(a)?await this.browserStorage.decryptData(i,a,n):a;let l;if(c&&(Bn(c)||Fn(c))&&(l=c.expiresOn),!c||Nn(a.lastUpdatedAt,this.cacheConfig.cacheRetentionDays)||l&&qn(l,300))this.browserStorage.removeItem(i),Sc(t,i),this.performanceClient.incrementFields({expiredCacheRemovedCount:1},n);else if(this.cacheConfig.cacheLocation!==gs.LocalStorage||wc(a)){const t=`${Ba}.${e}-${i}`,s=this.browserStorage.getItem(t);if(!s){o.push(this.setUserData(t,JSON.stringify(c),n,a.lastUpdatedAt).then((()=>{r.push(t),this.performanceClient.incrementFields({upgradedCacheCount:1},n)})));continue}{const e=this.validateAndParseJson(s);if(Number(a.lastUpdatedAt)>Number(e.lastUpdatedAt)){o.push(this.setUserData(t,JSON.stringify(c),n,a.lastUpdatedAt).then((()=>{this.performanceClient.incrementFields({updatedCacheFromV0Count:1},n)})));continue}}}}return Promise.all(o)}trackVersionChanges(e){const t=this.browserStorage.getItem(Qa);t&&(this.logger.info(`MSAL.js was last initialized by version: ${t}`),this.performanceClient.addFields({previousLibraryVersion:t},e)),t!==Da&&this.setItem(Qa,Da,e)}validateAndParseJson(e){if(!e)return null;try{const t=JSON.parse(e);return t&&"object"==typeof t?t:null}catch(e){return null}}setItem(e,t,r){let n=0,o=[];for(let i=0;i<=20;i++)try{this.browserStorage.setItem(e,t),i>0&&(i<=n?this.removeAccessTokenKeys(o.slice(0,i),r,0):(this.removeAccessTokenKeys(o.slice(0,n),r,0),this.removeAccessTokenKeys(o.slice(n,i),r)));break}catch(s){const a=mr(s);if(!(a.errorCode===dr&&i<20))throw a;if(!o.length){const r=e===Ja(this.clientId,0)?JSON.parse(t).accessToken:this.getTokenKeys(0).accessToken,i=e===Ja(this.clientId)?JSON.parse(t).accessToken:this.getTokenKeys().accessToken;o=[...r,...i],n=r.length}if(o.length<=i)throw a;this.removeAccessToken(o[i],r,!1)}}async setUserData(e,t,r,n){let o=0,i=[];for(let s=0;s<=20;s++)try{await Rn(this.browserStorage.setUserData.bind(this.browserStorage),vr.SetUserData,this.logger,this.performanceClient)(e,t,r,n),s>0&&(s<=o?this.removeAccessTokenKeys(i.slice(0,s),r,0):(this.removeAccessTokenKeys(i.slice(0,o),r,0),this.removeAccessTokenKeys(i.slice(o,s),r)));break}catch(e){const t=mr(e);if(!(t.errorCode===dr&&s<20))throw t;if(!i.length){const e=this.getTokenKeys(0).accessToken,t=this.getTokenKeys().accessToken;i=[...e,...t],o=e.length}if(i.length<=s)throw t;this.removeAccessToken(i[s],r,!1)}}getAccount(e,t){this.logger.trace("BrowserCacheManager.getAccount called");const r=this.browserStorage.getUserData(e);if(!r)return this.removeAccountKeyFromMap(e,t),null;const n=this.validateAndParseJson(r);return n&&no.isAccountEntity(n)?fr.toObject(new no,n):null}async setAccount(e,t){this.logger.trace("BrowserCacheManager.setAccount called");const r=this.generateAccountKey(e.getAccountInfo()),n=Date.now().toString();e.lastUpdatedAt=n,await this.setUserData(r,JSON.stringify(e),t,n);const o=this.addAccountKeyToMap(r,t);this.cacheConfig.cacheLocation===gs.LocalStorage&&o&&this.eventHandler.emitEvent(kc.ACCOUNT_ADDED,void 0,e.getAccountInfo())}getAccountKeys(){return Cc(this.browserStorage)}addAccountKeyToMap(e,t){this.logger.trace("BrowserCacheManager.addAccountKeyToMap called"),this.logger.tracePii(`BrowserCacheManager.addAccountKeyToMap called with key: ${e}`);const r=this.getAccountKeys();return-1===r.indexOf(e)?(r.push(e),this.setItem(Va(),JSON.stringify(r),t),this.logger.verbose("BrowserCacheManager.addAccountKeyToMap account key added"),!0):(this.logger.verbose("BrowserCacheManager.addAccountKeyToMap account key already exists in map"),!1)}removeAccountKeyFromMap(e,t){this.logger.trace("BrowserCacheManager.removeAccountKeyFromMap called"),this.logger.tracePii(`BrowserCacheManager.removeAccountKeyFromMap called with key: ${e}`);const r=this.getAccountKeys(),n=r.indexOf(e);if(n>-1){if(r.splice(n,1),0===r.length)return void this.removeItem(Va());this.setItem(Va(),JSON.stringify(r),t),this.logger.trace("BrowserCacheManager.removeAccountKeyFromMap account key removed")}else this.logger.trace("BrowserCacheManager.removeAccountKeyFromMap key not found in existing map")}removeAccount(e,t){const r=this.getActiveAccount(t);r?.homeAccountId===e.homeAccountId&&r?.environment===e.environment&&this.setActiveAccount(null,t),super.removeAccount(e,t),this.removeAccountKeyFromMap(this.generateAccountKey(e),t),this.browserStorage.getKeys().forEach((t=>{t.includes(e.homeAccountId)&&t.includes(e.environment)&&this.browserStorage.removeItem(t)})),this.cacheConfig.cacheLocation===gs.LocalStorage&&this.eventHandler.emitEvent(kc.ACCOUNT_REMOVED,void 0,e)}removeIdToken(e,t){super.removeIdToken(e,t);const r=this.getTokenKeys(),n=r.idToken.indexOf(e);n>-1&&(this.logger.info("idToken removed from tokenKeys map"),r.idToken.splice(n,1),this.setTokenKeys(r,t))}removeAccessToken(e,t,r=!0){super.removeAccessToken(e,t),r&&this.removeAccessTokenKeys([e],t)}removeAccessTokenKeys(e,t,r=1){this.logger.trace("removeAccessTokenKey called");const n=this.getTokenKeys(r);let o=0;if(e.forEach((e=>{const t=n.accessToken.indexOf(e);t>-1&&(n.accessToken.splice(t,1),o++)})),o>0)return this.logger.info(`removed ${o} accessToken keys from tokenKeys map`),void this.setTokenKeys(n,t,r)}removeRefreshToken(e,t){super.removeRefreshToken(e,t);const r=this.getTokenKeys(),n=r.refreshToken.indexOf(e);n>-1&&(this.logger.info("refreshToken removed from tokenKeys map"),r.refreshToken.splice(n,1),this.setTokenKeys(r,t))}getTokenKeys(e=1){return vc(this.clientId,this.browserStorage,e)}setTokenKeys(e,t,r=1){0!==e.idToken.length||0!==e.accessToken.length||0!==e.refreshToken.length?this.setItem(Ja(this.clientId,r),JSON.stringify(e),t):this.removeItem(Ja(this.clientId,r))}getIdTokenCredential(e,t){const r=this.browserStorage.getUserData(e);if(!r)return this.logger.trace("BrowserCacheManager.getIdTokenCredential: called, no cache hit"),this.removeIdToken(e,t),null;const n=this.validateAndParseJson(r);return n&&((o=n)&&Dn(o)&&o.hasOwnProperty("realm")&&o.credentialType===x.ID_TOKEN)?(this.logger.trace("BrowserCacheManager.getIdTokenCredential: cache hit"),n):(this.logger.trace("BrowserCacheManager.getIdTokenCredential: called, no cache hit"),null);var o}async setIdTokenCredential(e,t){this.logger.trace("BrowserCacheManager.setIdTokenCredential called");const r=this.generateCredentialKey(e),n=Date.now().toString();e.lastUpdatedAt=n,await this.setUserData(r,JSON.stringify(e),t,n);const o=this.getTokenKeys();-1===o.idToken.indexOf(r)&&(this.logger.info("BrowserCacheManager: addTokenKey - idToken added to map"),o.idToken.push(r),this.setTokenKeys(o,t))}getAccessTokenCredential(e,t){const r=this.browserStorage.getUserData(e);if(!r)return this.logger.trace("BrowserCacheManager.getAccessTokenCredential: called, no cache hit"),this.removeAccessTokenKeys([e],t),null;const n=this.validateAndParseJson(r);return n&&Bn(n)?(this.logger.trace("BrowserCacheManager.getAccessTokenCredential: cache hit"),n):(this.logger.trace("BrowserCacheManager.getAccessTokenCredential: called, no cache hit"),null)}async setAccessTokenCredential(e,t){this.logger.trace("BrowserCacheManager.setAccessTokenCredential called");const r=this.generateCredentialKey(e),n=Date.now().toString();e.lastUpdatedAt=n,await this.setUserData(r,JSON.stringify(e),t,n);const o=this.getTokenKeys(),i=o.accessToken.indexOf(r);-1!==i&&o.accessToken.splice(i,1),this.logger.trace(`access token ${-1===i?"added to":"updated in"} map`),o.accessToken.push(r),this.setTokenKeys(o,t)}getRefreshTokenCredential(e,t){const r=this.browserStorage.getUserData(e);if(!r)return this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: called, no cache hit"),this.removeRefreshToken(e,t),null;const n=this.validateAndParseJson(r);return n&&Fn(n)?(this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: cache hit"),n):(this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: called, no cache hit"),null)}async setRefreshTokenCredential(e,t){this.logger.trace("BrowserCacheManager.setRefreshTokenCredential called");const r=this.generateCredentialKey(e),n=Date.now().toString();e.lastUpdatedAt=n,await this.setUserData(r,JSON.stringify(e),t,n);const o=this.getTokenKeys();-1===o.refreshToken.indexOf(r)&&(this.logger.info("BrowserCacheManager: addTokenKey - refreshToken added to map"),o.refreshToken.push(r),this.setTokenKeys(o,t))}getAppMetadata(e){const t=this.browserStorage.getItem(e);if(!t)return this.logger.trace("BrowserCacheManager.getAppMetadata: called, no cache hit"),null;const r=this.validateAndParseJson(t);return r&&(n=e,(o=r)&&0===n.indexOf(D)&&o.hasOwnProperty("clientId")&&o.hasOwnProperty("environment"))?(this.logger.trace("BrowserCacheManager.getAppMetadata: cache hit"),r):(this.logger.trace("BrowserCacheManager.getAppMetadata: called, no cache hit"),null);var n,o}setAppMetadata(e,t){this.logger.trace("BrowserCacheManager.setAppMetadata called");const r=function({environment:e,clientId:t}){return[D,e,t].join(L).toLowerCase()}(e);this.setItem(r,JSON.stringify(e),t)}getServerTelemetry(e){const t=this.browserStorage.getItem(e);if(!t)return this.logger.trace("BrowserCacheManager.getServerTelemetry: called, no cache hit"),null;const r=this.validateAndParseJson(t);return r&&function(e,t){const r=0===e.indexOf(j.CACHE_KEY);let n=!0;return t&&(n=t.hasOwnProperty("failedRequests")&&t.hasOwnProperty("errors")&&t.hasOwnProperty("cacheHits")),r&&n}(e,r)?(this.logger.trace("BrowserCacheManager.getServerTelemetry: cache hit"),r):(this.logger.trace("BrowserCacheManager.getServerTelemetry: called, no cache hit"),null)}setServerTelemetry(e,t,r){this.logger.trace("BrowserCacheManager.setServerTelemetry called"),this.setItem(e,JSON.stringify(t),r)}getAuthorityMetadata(e){const t=this.internalStorage.getItem(e);if(!t)return this.logger.trace("BrowserCacheManager.getAuthorityMetadata: called, no cache hit"),null;const r=this.validateAndParseJson(t);return r&&function(e,t){return!!t&&0===e.indexOf(F)&&t.hasOwnProperty("aliases")&&t.hasOwnProperty("preferred_cache")&&t.hasOwnProperty("preferred_network")&&t.hasOwnProperty("canonical_authority")&&t.hasOwnProperty("authorization_endpoint")&&t.hasOwnProperty("token_endpoint")&&t.hasOwnProperty("issuer")&&t.hasOwnProperty("aliasesFromNetwork")&&t.hasOwnProperty("endpointsFromNetwork")&&t.hasOwnProperty("expiresAt")&&t.hasOwnProperty("jwks_uri")}(e,r)?(this.logger.trace("BrowserCacheManager.getAuthorityMetadata: cache hit"),r):null}getAuthorityMetadataKeys(){return this.internalStorage.getKeys().filter((e=>this.isAuthorityMetadata(e)))}setWrapperMetadata(e,t){this.internalStorage.setItem(ks,e),this.internalStorage.setItem(Ss,t)}getWrapperMetadata(){return[this.internalStorage.getItem(ks)||t.EMPTY_STRING,this.internalStorage.getItem(Ss)||t.EMPTY_STRING]}setAuthorityMetadata(e,t){this.logger.trace("BrowserCacheManager.setAuthorityMetadata called"),this.internalStorage.setItem(e,JSON.stringify(t))}getActiveAccount(e){const t=this.generateCacheKey(w),r=this.browserStorage.getItem(t);if(!r)return this.logger.trace("BrowserCacheManager.getActiveAccount: No active account filters found"),null;const n=this.validateAndParseJson(r);return n?(this.logger.trace("BrowserCacheManager.getActiveAccount: Active account filters schema found"),this.getAccountInfoFilteredBy({homeAccountId:n.homeAccountId,localAccountId:n.localAccountId,tenantId:n.tenantId},e)):(this.logger.trace("BrowserCacheManager.getActiveAccount: No active account found"),null)}setActiveAccount(e,t){const r=this.generateCacheKey(w);if(e){this.logger.verbose("setActiveAccount: Active account set");const n={homeAccountId:e.homeAccountId,localAccountId:e.localAccountId,tenantId:e.tenantId,lastUpdatedAt:Pn().toString()};this.setItem(r,JSON.stringify(n),t)}else this.logger.verbose("setActiveAccount: No account passed, active account not set"),this.browserStorage.removeItem(r);this.eventHandler.emitEvent(kc.ACTIVE_ACCOUNT_CHANGED)}getThrottlingCache(e){const t=this.browserStorage.getItem(e);if(!t)return this.logger.trace("BrowserCacheManager.getThrottlingCache: called, no cache hit"),null;const r=this.validateAndParseJson(t);return r&&function(e,t){let r=!1;e&&(r=0===e.indexOf(Y));let n=!0;return t&&(n=t.hasOwnProperty("throttleTime")),r&&n}(e,r)?(this.logger.trace("BrowserCacheManager.getThrottlingCache: cache hit"),r):(this.logger.trace("BrowserCacheManager.getThrottlingCache: called, no cache hit"),null)}setThrottlingCache(e,t,r){this.logger.trace("BrowserCacheManager.setThrottlingCache called"),this.setItem(e,JSON.stringify(t),r)}getTemporaryCache(e,t){const r=t?this.generateCacheKey(e):e;if(this.cacheConfig.storeAuthStateInCookie){const e=this.cookieStorage.getItem(r);if(e)return this.logger.trace("BrowserCacheManager.getTemporaryCache: storeAuthStateInCookies set to true, retrieving from cookies"),e}const n=this.temporaryCacheStorage.getItem(r);if(!n){if(this.cacheConfig.cacheLocation===gs.LocalStorage){const e=this.browserStorage.getItem(r);if(e)return this.logger.trace("BrowserCacheManager.getTemporaryCache: Temporary cache item found in local storage"),e}return this.logger.trace("BrowserCacheManager.getTemporaryCache: No cache item found in local storage"),null}return this.logger.trace("BrowserCacheManager.getTemporaryCache: Temporary cache item returned"),n}setTemporaryCache(e,t,r){const n=r?this.generateCacheKey(e):e;this.temporaryCacheStorage.setItem(n,t),this.cacheConfig.storeAuthStateInCookie&&(this.logger.trace("BrowserCacheManager.setTemporaryCache: storeAuthStateInCookie set to true, setting item cookie"),this.cookieStorage.setItem(n,t,void 0,this.cacheConfig.secureCookies))}removeItem(e){this.browserStorage.removeItem(e)}removeTemporaryItem(e){this.temporaryCacheStorage.removeItem(e),this.cacheConfig.storeAuthStateInCookie&&(this.logger.trace("BrowserCacheManager.removeItem: storeAuthStateInCookie is true, clearing item cookie"),this.cookieStorage.removeItem(e))}getKeys(){return this.browserStorage.getKeys()}clear(e){this.removeAllAccounts(e),this.removeAppMetadata(e),this.temporaryCacheStorage.getKeys().forEach((e=>{-1===e.indexOf(Ba)&&-1===e.indexOf(this.clientId)||this.removeTemporaryItem(e)})),this.browserStorage.getKeys().forEach((e=>{-1===e.indexOf(Ba)&&-1===e.indexOf(this.clientId)||this.browserStorage.removeItem(e)})),this.internalStorage.clear()}clearTokensAndKeysWithClaims(e){this.performanceClient.addQueueMeasurement(vr.ClearTokensAndKeysWithClaims,e);const t=this.getTokenKeys();let r=0;t.accessToken.forEach((t=>{const n=this.getAccessTokenCredential(t,e);n?.requestedClaimsHash&&t.includes(n.requestedClaimsHash.toLowerCase())&&(this.removeAccessToken(t,e),r++)})),r>0&&this.logger.warning(`${r} access tokens with claims in the cache keys have been removed from the cache.`)}generateCacheKey(e){return Vt.startsWith(e,Ba)?e:`${Ba}.${this.clientId}.${e}`}generateCredentialKey(e){const t=e.credentialType===x.REFRESH_TOKEN&&e.familyId||e.clientId,r=e.tokenType&&e.tokenType.toLowerCase()!==W.BEARER.toLowerCase()?e.tokenType.toLowerCase():"";return[`${Ba}.1`,e.homeAccountId,e.environment,e.credentialType,t,e.realm||"",e.target||"",e.requestedClaimsHash||"",r].join("-").toLowerCase()}generateAccountKey(e){const t=e.homeAccountId.split(".")[1];return[`${Ba}.1`,e.homeAccountId,e.environment,t||e.tenantId||""].join("-").toLowerCase()}resetRequestCache(){this.logger.trace("BrowserCacheManager.resetRequestCache called"),this.removeTemporaryItem(this.generateCacheKey(ws)),this.removeTemporaryItem(this.generateCacheKey(Is)),this.removeTemporaryItem(this.generateCacheKey(Cs)),this.removeTemporaryItem(this.generateCacheKey(vs)),this.removeTemporaryItem(this.generateCacheKey(As)),this.setInteractionInProgress(!1)}cacheAuthorizeRequest(e,t){this.logger.trace("BrowserCacheManager.cacheAuthorizeRequest called");const r=Ls(JSON.stringify(e));if(this.setTemporaryCache(ws,r,!0),t){const e=Ls(t);this.setTemporaryCache(Is,e,!0)}}getCachedRequest(){this.logger.trace("BrowserCacheManager.getCachedRequest called");const e=this.getTemporaryCache(ws,!0);if(!e)throw Wi(mi);const t=this.getTemporaryCache(Is,!0);let r,n="";try{r=JSON.parse(xs(e)),t&&(n=xs(t))}catch(t){throw this.logger.errorPii(`Attempted to parse: ${e}`),this.logger.error(`Parsing cached token request threw with error: ${t}`),Wi(fi)}return[r,n]}getCachedNativeRequest(){this.logger.trace("BrowserCacheManager.getCachedNativeRequest called");const e=this.getTemporaryCache(As,!0);if(!e)return this.logger.trace("BrowserCacheManager.getCachedNativeRequest: No cached native request found"),null;const t=this.validateAndParseJson(e);return t||(this.logger.error("BrowserCacheManager.getCachedNativeRequest: Unable to parse native request"),null)}isInteractionInProgress(e){const t=this.getInteractionInProgress()?.clientId;return e?t===this.clientId:!!t}getInteractionInProgress(){const e=`${Ba}.${Ts}`,t=this.getTemporaryCache(e,!1);try{return t?JSON.parse(t):null}catch(t){return this.logger.error("Cannot parse interaction status. Removing temporary cache items and clearing url hash. Retrying interaction should fix the error"),this.removeTemporaryItem(e),this.resetRequestCache(),ya(window),null}}setInteractionInProgress(e,t=fs){const r=`${Ba}.${Ts}`;if(e){if(this.getInteractionInProgress())throw Wi(ri);this.setTemporaryCache(r,JSON.stringify({clientId:this.clientId,type:t}),!1)}else e||this.getInteractionInProgress()?.clientId!==this.clientId||this.removeTemporaryItem(r)}async hydrateCache(e,t){const r=Ln(e.account?.homeAccountId,e.account?.environment,e.idToken,this.clientId,e.tenantId);let n;t.claims&&(n=await this.cryptoImpl.hashString(t.claims));const o={idToken:r,accessToken:Hn(e.account?.homeAccountId,e.account.environment,e.accessToken,this.clientId,e.tenantId,e.scopes.join(" "),e.expiresOn?Mn(e.expiresOn):0,e.extExpiresOn?Mn(e.extExpiresOn):0,xs,void 0,e.tokenType,void 0,t.sshKid,t.claims,n)};return this.saveCacheRecord(o,e.correlationId)}async saveCacheRecord(e,t,r){try{await super.saveCacheRecord(e,t,r)}catch(e){if(e instanceof pr&&this.performanceClient&&t)try{const e=this.getTokenKeys();this.performanceClient.addFields({cacheRtCount:e.refreshToken.length,cacheIdCount:e.idToken.length,cacheAtCount:e.accessToken.length},t)}catch(e){}throw e}}}function Ec(e,t,r,n){try{switch(t){case gs.LocalStorage:return new Tc(e,r,n);case gs.SessionStorage:return new Ac}}catch(e){r.error(e)}return new hc}const Rc=(e,t,r,n)=>new bc(e,{cacheLocation:gs.MemoryStorage,cacheRetentionDays:5,temporaryCacheLocation:gs.MemoryStorage,storeAuthStateInCookie:!1,secureCookies:!1,cacheMigrationEnabled:!1,claimsBasedCachingEnabled:!1},mt,t,r,n);function _c(e,t,r,n,o){return e.verbose("getAllAccounts called"),r?t.getAllAccounts(o||{},n):[]}function Pc(e,t,r,n){if(t.trace("getAccount called"),0===Object.keys(e).length)return t.warning("getAccount: No accountFilter provided"),null;const o=r.getAccountInfoFilteredBy(e,n);return o?(t.verbose("getAccount: Account matching provided filter found, returning"),o):(t.verbose("getAccount: No matching account found, returning null"),null)}function Mc(e,t,r,n){if(t.trace("getAccountByUsername called"),!e)return t.warning("getAccountByUsername: No username provided"),null;const o=r.getAccountInfoFilteredBy({username:e},n);return o?(t.verbose("getAccountByUsername: Account matching username found, returning"),t.verbosePii(`getAccountByUsername: Returning signed-in accounts matching username: ${e}`),o):(t.verbose("getAccountByUsername: No matching account found, returning null"),null)}function Oc(e,t,r,n){if(t.trace("getAccountByHomeId called"),!e)return t.warning("getAccountByHomeId: No homeAccountId provided"),null;const o=r.getAccountInfoFilteredBy({homeAccountId:e},n);return o?(t.verbose("getAccountByHomeId: Account matching homeAccountId found, returning"),t.verbosePii(`getAccountByHomeId: Returning signed-in accounts matching homeAccountId: ${e}`),o):(t.verbose("getAccountByHomeId: No matching account found, returning null"),null)}function qc(e,t,r,n){if(t.trace("getAccountByLocalId called"),!e)return t.warning("getAccountByLocalId: No localAccountId provided"),null;const o=r.getAccountInfoFilteredBy({localAccountId:e},n);return o?(t.verbose("getAccountByLocalId: Account matching localAccountId found, returning"),t.verbosePii(`getAccountByLocalId: Returning signed-in accounts matching localAccountId: ${e}`),o):(t.verbose("getAccountByLocalId: No matching account found, returning null"),null)}function Nc(e,t,r){t.setActiveAccount(e,r)}function Uc(e,t){return e.getActiveAccount(t)}class Lc{constructor(e){this.eventCallbacks=new Map,this.logger=e||new yt({}),"undefined"!=typeof BroadcastChannel&&(this.broadcastChannel=new BroadcastChannel("msal.broadcast.event")),this.invokeCrossTabCallbacks=this.invokeCrossTabCallbacks.bind(this)}addEventCallback(e,t,r){if("undefined"!=typeof window){const n=r||Ma();return this.eventCallbacks.has(n)?(this.logger.error(`Event callback with id: ${n} is already registered. Please provide a unique id or remove the existing callback and try again.`),null):(this.eventCallbacks.set(n,[e,t||[]]),this.logger.verbose(`Event callback registered with id: ${n}`),n)}return null}removeEventCallback(e){this.eventCallbacks.delete(e),this.logger.verbose(`Event callback ${e} removed.`)}emitEvent(e,t,r,n){const o={eventType:e,interactionType:t||null,payload:r||null,error:n||null,timestamp:Date.now()};switch(e){case kc.ACCOUNT_ADDED:case kc.ACCOUNT_REMOVED:case kc.ACTIVE_ACCOUNT_CHANGED:this.broadcastChannel?.postMessage(o);break;default:this.invokeCallbacks(o)}}invokeCallbacks(e){this.eventCallbacks.forEach((([t,r],n)=>{(0===r.length||r.includes(e.eventType))&&(this.logger.verbose(`Emitting event to callback ${n}: ${e.eventType}`),t.apply(null,[e]))}))}invokeCrossTabCallbacks(e){const t=e.data;this.invokeCallbacks(t)}subscribeCrossTab(){this.broadcastChannel?.addEventListener("message",this.invokeCrossTabCallbacks)}unsubscribeCrossTab(){this.broadcastChannel?.removeEventListener("message",this.invokeCrossTabCallbacks)}}class Hc{constructor(e,t,r,n,o,i,s,a,c){this.config=e,this.browserStorage=t,this.browserCrypto=r,this.networkClient=this.config.system.networkClient,this.eventHandler=o,this.navigationClient=i,this.platformAuthProvider=a,this.correlationId=c||Zs(),this.logger=n.clone(es,Da,this.correlationId),this.performanceClient=s}async clearCacheOnLogout(e,t){if(t)try{this.browserStorage.removeAccount(t,e),this.logger.verbose("Cleared cache items belonging to the account provided in the logout request.")}catch(e){this.logger.error("Account provided in logout request was not found. Local cache unchanged.")}else try{this.logger.verbose("No account provided in logout request, clearing all cache items.",this.correlationId),this.browserStorage.clear(e),await this.browserCrypto.clearKeystore()}catch(e){this.logger.error("Attempted to clear all MSAL cache items and failed. Local cache unchanged.")}}getRedirectUri(e){this.logger.verbose("getRedirectUri called");const t=e||this.config.auth.redirectUri;return ir.getAbsoluteUrl(t,Ia())}initializeServerTelemetryManager(e,t){this.logger.verbose("initializeServerTelemetryManager called");const r={clientId:this.config.auth.clientId,correlationId:this.correlationId,apiId:e,forceRefresh:t||!1,wrapperSKU:this.browserStorage.getWrapperMetadata()[0],wrapperVer:this.browserStorage.getWrapperMetadata()[1]};return new Lo(r,this.browserStorage)}async getDiscoveredAuthority(e){const{account:t}=e,r=e.requestExtraQueryParameters&&e.requestExtraQueryParameters.hasOwnProperty("instance_aware")?e.requestExtraQueryParameters.instance_aware:void 0;this.performanceClient.addQueueMeasurement(vr.StandardInteractionClientGetDiscoveredAuthority,this.correlationId);const n={protocolMode:this.config.auth.protocolMode,OIDCOptions:this.config.auth.OIDCOptions,knownAuthorities:this.config.auth.knownAuthorities,cloudDiscoveryMetadata:this.config.auth.cloudDiscoveryMetadata,authorityMetadata:this.config.auth.authorityMetadata,skipAuthorityMetadataCache:this.config.auth.skipAuthorityMetadataCache},o=e.requestAuthority||this.config.auth.authority,i=r?.length?"true"===r:this.config.auth.instanceAware,s=t&&i?this.config.auth.authority.replace(ir.getDomainFromUrl(o),t.environment):o,a=Qn.generateAuthority(s,e.requestAzureCloudOptions||this.config.auth.azureCloudOptions),c=await Rn(Vn,vr.AuthorityFactoryCreateDiscoveredInstance,this.logger,this.performanceClient,this.correlationId)(a,this.config.system.networkClient,this.browserStorage,n,this.logger,this.correlationId,this.performanceClient);if(t&&!c.isAlias(t.environment))throw Wt(Ft);return c}}async function xc(e,t,r,n){r.addQueueMeasurement(vr.InitializeBaseRequest,e.correlationId);const o=e.authority||t.auth.authority,i=[...e&&e.scopes||[]],s={...e,correlationId:e.correlationId,authority:o,scopes:i};if(s.authenticationScheme){if(s.authenticationScheme===W.SSH){if(!e.sshJwk)throw Wt(Ut);if(!e.sshKid)throw Wt(Lt)}n.verbose(`Authentication Scheme set to "${s.authenticationScheme}" as configured in Auth request`)}else s.authenticationScheme=W.BEARER,n.verbose('Authentication Scheme wasn\'t explicitly set in request, defaulting to "Bearer" request');return t.cache.claimsBasedCachingEnabled&&e.claims&&!Vt.isEmptyObj(e.claims)&&(s.requestedClaimsHash=await ca(e.claims)),s}async function Dc(e,t,r,n,o){n.addQueueMeasurement(vr.InitializeSilentRequest,e.correlationId);const i=await Rn(xc,vr.InitializeBaseRequest,o,n,e.correlationId)(e,r,n,o);return{...e,...i,account:t,forceRefresh:e.forceRefresh||!1}}function Bc(e,t){let r;const n=e.httpMethod;if(t===Cr.EAR){if(r=n||l,r!==l)throw Wt(zt)}else r=n||c;if(e.authorizePostBodyParameters&&r!==l)throw Wt(Kt);return r}class Fc extends Hc{initializeLogoutRequest(e){this.logger.verbose("initializeLogoutRequest called",e?.correlationId);const t={correlationId:this.correlationId||Zs(),...e};if(e)if(e.logoutHint)this.logger.verbose("logoutHint has already been set in logoutRequest");else if(e.account){const r=this.getLogoutHintFromIdTokenClaims(e.account);r&&(this.logger.verbose("Setting logoutHint to login_hint ID Token Claim value for the account provided"),t.logoutHint=r)}else this.logger.verbose("logoutHint was not set and account was not passed into logout request, logoutHint will not be set");else this.logger.verbose("logoutHint will not be set since no logout request was configured");return e&&null===e.postLogoutRedirectUri?this.logger.verbose("postLogoutRedirectUri passed as null, not setting post logout redirect uri",t.correlationId):e&&e.postLogoutRedirectUri?(this.logger.verbose("Setting postLogoutRedirectUri to uri set on logout request",t.correlationId),t.postLogoutRedirectUri=ir.getAbsoluteUrl(e.postLogoutRedirectUri,Ia())):null===this.config.auth.postLogoutRedirectUri?this.logger.verbose("postLogoutRedirectUri configured as null and no uri set on request, not passing post logout redirect",t.correlationId):this.config.auth.postLogoutRedirectUri?(this.logger.verbose("Setting postLogoutRedirectUri to configured uri",t.correlationId),t.postLogoutRedirectUri=ir.getAbsoluteUrl(this.config.auth.postLogoutRedirectUri,Ia())):(this.logger.verbose("Setting postLogoutRedirectUri to current page",t.correlationId),t.postLogoutRedirectUri=ir.getAbsoluteUrl(Ia(),Ia())),t}getLogoutHintFromIdTokenClaims(e){const t=e.idTokenClaims;if(t){if(t.login_hint)return t.login_hint;this.logger.verbose("The ID Token Claims tied to the provided account do not contain a login_hint claim, logoutHint will not be added to logout request")}else this.logger.verbose("The provided account does not contain ID Token Claims, logoutHint will not be added to logout request");return null}async createAuthCodeClient(e){this.performanceClient.addQueueMeasurement(vr.StandardInteractionClientCreateAuthCodeClient,this.correlationId);const t=await Rn(this.getClientConfiguration.bind(this),vr.StandardInteractionClientGetClientConfiguration,this.logger,this.performanceClient,this.correlationId)(e);return new Ro(t,this.performanceClient)}async getClientConfiguration(e){const{serverTelemetryManager:r,requestAuthority:n,requestAzureCloudOptions:o,requestExtraQueryParameters:i,account:s}=e;this.performanceClient.addQueueMeasurement(vr.StandardInteractionClientGetClientConfiguration,this.correlationId);const a=await Rn(this.getDiscoveredAuthority.bind(this),vr.StandardInteractionClientGetDiscoveredAuthority,this.logger,this.performanceClient,this.correlationId)({requestAuthority:n,requestAzureCloudOptions:o,requestExtraQueryParameters:i,account:s}),c=this.config.system.loggerOptions;return{authOptions:{clientId:this.config.auth.clientId,authority:a,clientCapabilities:this.config.auth.clientCapabilities,redirectUri:this.config.auth.redirectUri},systemOptions:{tokenRenewalOffsetSeconds:this.config.system.tokenRenewalOffsetSeconds,preventCorsPreflight:!0},loggerOptions:{loggerCallback:c.loggerCallback,piiLoggingEnabled:c.piiLoggingEnabled,logLevel:c.logLevel,correlationId:this.correlationId},cacheOptions:{claimsBasedCachingEnabled:this.config.cache.claimsBasedCachingEnabled},cryptoInterface:this.browserCrypto,networkInterface:this.networkClient,storageInterface:this.browserStorage,serverTelemetryManager:r,libraryInfo:{sku:es,version:Da,cpu:t.EMPTY_STRING,os:t.EMPTY_STRING},telemetry:this.config.telemetry}}async initializeAuthorizationRequest(e,r){this.performanceClient.addQueueMeasurement(vr.StandardInteractionClientInitializeAuthorizationRequest,this.correlationId);const n=this.getRedirectUri(e.redirectUri),o={interactionType:r},i=Io.setRequestState(this.browserCrypto,e&&e.state||t.EMPTY_STRING,o),s={...await Rn(xc,vr.InitializeBaseRequest,this.logger,this.performanceClient,this.correlationId)({...e,correlationId:this.correlationId},this.config,this.performanceClient,this.logger),redirectUri:n,state:i,nonce:e.nonce||Zs(),responseMode:this.config.auth.OIDCOptions.serverResponseType},a={...s,httpMethod:Bc(s,this.config.auth.protocolMode)};if(e.loginHint||e.sid)return a;const c=e.account||this.browserStorage.getActiveAccount(this.correlationId);return c&&(this.logger.verbose("Setting validated request account",this.correlationId),this.logger.verbosePii(`Setting validated request account: ${c.homeAccountId}`,this.correlationId),a.account=c),a}}function zc(e,t,r){const n=nr(e);if(!n)throw rr(e)?(r.error(`A ${t} is present in the iframe but it does not contain known properties. It's likely that the ${t} has been replaced by code running on the redirectUri page.`),r.errorPii(`The ${t} detected is: ${e}`),Wi(Zo)):(r.error(`The request has returned to the redirectUri but a ${t} is not present. It's likely that the ${t} has been removed or the page has been redirected by code running on the redirectUri page.`),Wi(Yo));return n}function Kc(e,t,r){if(!e.state)throw Wi(Xo);const n=function(e,t){if(!t)return null;try{return Io.parseRequestState(e,t).libraryState.meta}catch(e){throw pt(Re)}}(t,e.state);if(!n)throw Wi(ei);if(n.interactionType!==r)throw Wi(ti)}class Gc{constructor(e,t,r,n,o){this.authModule=e,this.browserStorage=t,this.authCodeRequest=r,this.logger=n,this.performanceClient=o}async handleCodeResponse(e,t){let r;this.performanceClient.addQueueMeasurement(vr.HandleCodeResponse,t.correlationId);try{r=function(e,t){if(No(e,t),!e.code)throw pt(tt);return e}(e,t.state)}catch(e){throw e instanceof Jn&&e.subError===ii?Wi(ii):e}return Rn(this.handleCodeResponseFromServer.bind(this),vr.HandleCodeResponseFromServer,this.logger,this.performanceClient,t.correlationId)(r,t)}async handleCodeResponseFromServer(e,t,r=!0){if(this.performanceClient.addQueueMeasurement(vr.HandleCodeResponseFromServer,t.correlationId),this.logger.trace("InteractionHandler.handleCodeResponseFromServer called"),this.authCodeRequest.code=e.code,e.cloud_instance_host_name&&await Rn(this.authModule.updateAuthority.bind(this.authModule),vr.UpdateTokenEndpointAuthority,this.logger,this.performanceClient,t.correlationId)(e.cloud_instance_host_name,t.correlationId),r&&(e.nonce=t.nonce||void 0),e.state=t.state,e.client_info)this.authCodeRequest.clientInfo=e.client_info;else{const e=this.createCcsCredentials(t);e&&(this.authCodeRequest.ccsCredential=e)}return await Rn(this.authModule.acquireToken.bind(this.authModule),vr.AuthClientAcquireToken,this.logger,this.performanceClient,t.correlationId)(this.authCodeRequest,e)}createCcsCredentials(e){return e.account?{credential:e.account.homeAccountId,type:Ur}:e.loginHint?{credential:e.loginHint,type:Lr}:null}}const $c="user_switch",Qc={[$c]:"User attempted to switch accounts in the native broker, which is not allowed. All new accounts must sign-in through the standard web flow first, please try again."};class jc extends Ce{constructor(e,t,r){super(e,t),Object.setPrototypeOf(this,jc.prototype),this.name="NativeAuthError",this.ext=r}}function Wc(e){return!(!e.ext||!e.ext.status||"PERSISTENT_ERROR"!==e.ext.status&&"DISABLED"!==e.ext.status)||(!(!e.ext||!e.ext.error||-2147186943!==e.ext.error)||"ContentError"===e.errorCode)}function Vc(e,t,r){if(r&&r.status)switch(r.status){case"ACCOUNT_UNAVAILABLE":return wo(io);case"USER_INTERACTION_REQUIRED":return new Co(e,t);case"USER_CANCEL":return Wi(ii);case"NO_NETWORK":return Wi(Ii);case"UX_NOT_ALLOWED":return wo(ao)}return new jc(e,Qc[e]||t,r)}class Jc extends Fc{async acquireToken(e){this.performanceClient.addQueueMeasurement(vr.SilentCacheClientAcquireToken,e.correlationId);const t=this.initializeServerTelemetryManager(bs.acquireTokenSilent_silentFlow),r=await Rn(this.getClientConfiguration.bind(this),vr.StandardInteractionClientGetClientConfiguration,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:t,requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,account:e.account}),n=new Po(r,this.performanceClient);this.logger.verbose("Silent auth client created");try{const t=(await Rn(n.acquireCachedToken.bind(n),vr.SilentFlowClientAcquireCachedToken,this.logger,this.performanceClient,e.correlationId)(e))[0];return this.performanceClient.addFields({fromCache:!0},e.correlationId),t}catch(e){throw e instanceof ji&&e.errorCode===bi&&this.logger.verbose("Signing keypair for bound access token not found. Refreshing bound access token and generating a new crypto keypair."),e}}logout(e){this.logger.verbose("logoutRedirect called");const t=this.initializeLogoutRequest(e);return this.clearCacheOnLogout(t.correlationId,t?.account)}}class Yc extends Hc{constructor(e,t,r,n,o,i,s,a,c,l,h,d){super(e,t,r,n,o,i,a,c,d),this.apiId=s,this.accountId=l,this.platformAuthProvider=c,this.nativeStorageManager=h,this.silentCacheClient=new Jc(e,this.nativeStorageManager,r,n,o,i,a,c,d);const u=this.platformAuthProvider.getExtensionName();this.skus=Lo.makeExtraSkuString({libraryName:es,libraryVersion:Da,extensionName:u,extensionVersion:this.platformAuthProvider.getExtensionVersion()})}addRequestSKUs(e){e.extraParameters={...e.extraParameters,[Gr]:this.skus}}async acquireToken(e,t){this.performanceClient.addQueueMeasurement(vr.NativeInteractionClientAcquireToken,e.correlationId),this.logger.trace("NativeInteractionClient - acquireToken called.");const r=this.performanceClient.startMeasurement(vr.NativeInteractionClientAcquireToken,e.correlationId),n=Pn(),o=this.initializeServerTelemetryManager(this.apiId);try{const i=await this.initializeNativeRequest(e);try{const e=await this.acquireTokensFromCache(this.accountId,i);return r.end({success:!0,isNativeBroker:!1,fromCache:!0}),e}catch(e){if(t===Os.AccessToken)throw this.logger.info("MSAL internal Cache does not contain tokens, return error as per cache policy"),e;this.logger.info("MSAL internal Cache does not contain tokens, proceed to make a native call")}const s=await this.platformAuthProvider.sendMessage(i);return await this.handleNativeResponse(s,i,n).then((e=>(r.end({success:!0,isNativeBroker:!0,requestId:e.requestId}),o.clearNativeBrokerErrorCode(),e))).catch((e=>{throw r.end({success:!1,errorCode:e.errorCode,subErrorCode:e.subError,isNativeBroker:!0}),e}))}catch(e){throw e instanceof jc&&o.setNativeBrokerErrorCode(e.errorCode),e}}createSilentCacheRequest(e,t){return{authority:e.authority,correlationId:this.correlationId,scopes:Jt.fromString(e.scope).asArray(),account:t,forceRefresh:!1}}async acquireTokensFromCache(e,t){if(!e)throw this.logger.warning("NativeInteractionClient:acquireTokensFromCache - No nativeAccountId provided"),pt(je);const r=this.browserStorage.getBaseAccountInfo({nativeAccountId:e},this.correlationId);if(!r)throw pt(je);try{const e=this.createSilentCacheRequest(t,r),n=await this.silentCacheClient.acquireToken(e),o={...r,idTokenClaims:n?.idTokenClaims,idToken:n?.idToken};return{...n,account:o}}catch(e){throw e}}async acquireTokenRedirect(e,t){this.logger.trace("NativeInteractionClient - acquireTokenRedirect called.");const{...r}=e;delete r.onRedirectNavigate;const n=await this.initializeNativeRequest(r);try{await this.platformAuthProvider.sendMessage(n)}catch(e){if(e instanceof jc){if(this.initializeServerTelemetryManager(this.apiId).setNativeBrokerErrorCode(e.errorCode),Wc(e))throw e}}this.browserStorage.setTemporaryCache(As,JSON.stringify(n),!0);const o={apiId:bs.acquireTokenRedirect,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},i=this.config.auth.navigateToLoginRequestUrl?window.location.href:this.getRedirectUri(e.redirectUri);t.end({success:!0}),await this.navigationClient.navigateExternal(i,o)}async handleRedirectPromise(e,t){if(this.logger.trace("NativeInteractionClient - handleRedirectPromise called."),!this.browserStorage.isInteractionInProgress(!0))return this.logger.info("handleRedirectPromise called but there is no interaction in progress, returning null."),null;const r=this.browserStorage.getCachedNativeRequest();if(!r)return this.logger.verbose("NativeInteractionClient - handleRedirectPromise called but there is no cached request, returning null."),e&&t&&e?.addFields({errorCode:"no_cached_request"},t),null;const{prompt:n,...o}=r;n&&this.logger.verbose("NativeInteractionClient - handleRedirectPromise called and prompt was included in the original request, removing prompt from cached request to prevent second interaction with native broker window."),this.browserStorage.removeItem(this.browserStorage.generateCacheKey(As));const i=Pn();try{this.logger.verbose("NativeInteractionClient - handleRedirectPromise sending message to native broker.");const e=await this.platformAuthProvider.sendMessage(o),t=await this.handleNativeResponse(e,o,i);return this.initializeServerTelemetryManager(this.apiId).clearNativeBrokerErrorCode(),t}catch(e){throw e}}logout(){return this.logger.trace("NativeInteractionClient - logout called."),Promise.reject("Logout not implemented yet")}async handleNativeResponse(e,t,r){this.logger.trace("NativeInteractionClient - handleNativeResponse called.");const n=er(e.id_token,xs),o=this.createHomeAccountIdentifier(e,n),i=this.browserStorage.getAccountInfoFilteredBy({nativeAccountId:t.accountId},this.correlationId)?.homeAccountId;if(t.extraParameters?.child_client_id&&e.account.id!==t.accountId)this.logger.info("handleNativeServerResponse: Double broker flow detected, ignoring accountId mismatch");else if(o!==i&&e.account.id!==t.accountId)throw Vc($c);const s=await this.getDiscoveredAuthority({requestAuthority:t.authority}),a=bo(this.browserStorage,s,o,xs,this.correlationId,n,e.client_info,void 0,n.tid,void 0,e.account.id,this.logger);e.expires_in=Number(e.expires_in);const c=await this.generateAuthenticationResult(e,t,n,a,s.canonicalAuthority,r);return await this.cacheAccount(a,this.correlationId),await this.cacheNativeTokens(e,t,o,n,e.access_token,c.tenantId,r),c}createHomeAccountIdentifier(e,r){return no.generateHomeAccountId(e.client_info||t.EMPTY_STRING,An,this.logger,this.browserCrypto,r)}generateScopes(e,t){return t?Jt.fromString(t):Jt.fromString(e)}async generatePopAccessToken(e,t){if(t.tokenType===W.POP&&t.signPopToken){if(e.shr)return this.logger.trace("handleNativeServerResponse: SHR is enabled in native layer"),e.shr;const r=new Ao(this.browserCrypto),n={resourceRequestMethod:t.resourceRequestMethod,resourceRequestUri:t.resourceRequestUri,shrClaims:t.shrClaims,shrNonce:t.shrNonce};if(!t.keyId)throw pt(ot);return r.signPopToken(e.access_token,t.keyId,n)}return e.access_token}async generateAuthenticationResult(e,r,n,o,i,s){const a=this.addTelemetryFromNativeResponse(e.properties.MATS),c=this.generateScopes(r.scope,e.scope),l=e.account.properties||{},h=l.UID||n.oid||n.sub||t.EMPTY_STRING,d=l.TenantId||n.tid||t.EMPTY_STRING,u=Zt(o.getAccountInfo(),void 0,n,e.id_token);u.nativeAccountId!==e.account.id&&(u.nativeAccountId=e.account.id);const g=await this.generatePopAccessToken(e,r),p=r.tokenType===W.POP?W.POP:W.BEARER;return{authority:i,uniqueId:h,tenantId:d,scopes:c.asArray(),account:u,idToken:e.id_token,idTokenClaims:n,accessToken:g,fromCache:!!a&&this.isResponseFromCache(a),expiresOn:On(s+e.expires_in),tokenType:p,correlationId:this.correlationId,state:e.state,fromNativeBroker:!0}}async cacheAccount(e,t){await this.browserStorage.setAccount(e,this.correlationId),this.browserStorage.removeAccountContext(e.getAccountInfo(),t)}cacheNativeTokens(e,r,n,o,i,s,a){const c=Ln(n,r.authority,e.id_token||"",r.clientId,o.tid||""),l=a+(r.tokenType===W.POP?t.SHR_NONCE_VALIDITY:("string"==typeof e.expires_in?parseInt(e.expires_in,10):e.expires_in)||0),h=this.generateScopes(e.scope,r.scope),d={idToken:c,accessToken:Hn(n,r.authority,i,r.clientId,o.tid||s,h.printScopes(),l,0,xs,void 0,r.tokenType,void 0,r.keyId)};return this.nativeStorageManager.saveCacheRecord(d,this.correlationId,r.storeInCache)}getExpiresInValue(e,r){return e===W.POP?t.SHR_NONCE_VALIDITY:("string"==typeof r?parseInt(r,10):r)||0}addTelemetryFromNativeResponse(e){const t=this.getMATSFromResponse(e);return t?(this.performanceClient.addFields({extensionId:this.platformAuthProvider.getExtensionId(),extensionVersion:this.platformAuthProvider.getExtensionVersion(),matsBrokerVersion:t.broker_version,matsAccountJoinOnStart:t.account_join_on_start,matsAccountJoinOnEnd:t.account_join_on_end,matsDeviceJoin:t.device_join,matsPromptBehavior:t.prompt_behavior,matsApiErrorCode:t.api_error_code,matsUiVisible:t.ui_visible,matsSilentCode:t.silent_code,matsSilentBiSubCode:t.silent_bi_sub_code,matsSilentMessage:t.silent_message,matsSilentStatus:t.silent_status,matsHttpStatus:t.http_status,matsHttpEventCount:t.http_event_count},this.correlationId),t):null}getMATSFromResponse(e){if(e)try{return JSON.parse(e)}catch(e){this.logger.error("NativeInteractionClient - Error parsing MATS telemetry, returning null instead")}return null}isResponseFromCache(e){return void 0===e.is_cached?(this.logger.verbose("NativeInteractionClient - MATS telemetry does not contain field indicating if response was served from cache. Returning false."),!1):!!e.is_cached}async initializeNativeRequest(e){this.logger.trace("NativeInteractionClient - initializeNativeRequest called");const t=await this.getCanonicalAuthority(e),{scopes:r,...n}=e,o=new Jt(r||[]);o.appendScopes(h);const i={...n,accountId:this.accountId,clientId:this.config.auth.clientId,authority:t.urlString,scope:o.printScopes(),redirectUri:this.getRedirectUri(e.redirectUri),prompt:this.getPrompt(e.prompt),correlationId:this.correlationId,tokenType:e.authenticationScheme,windowTitleSubstring:document.title,extraParameters:{...e.extraQueryParameters,...e.tokenQueryParameters},extendedExpiryToken:!1,keyId:e.popKid};if(i.signPopToken&&e.popKid)throw Wi(xi);if(this.handleExtraBrokerParams(i),i.extraParameters=i.extraParameters||{},i.extraParameters.telemetry=ns,e.authenticationScheme===W.POP){const t={resourceRequestUri:e.resourceRequestUri,resourceRequestMethod:e.resourceRequestMethod,shrClaims:e.shrClaims,shrNonce:e.shrNonce},r=new Ao(this.browserCrypto);let n;if(i.keyId)n=this.browserCrypto.base64UrlEncode(JSON.stringify({kid:i.keyId})),i.signPopToken=!1;else{const o=await Rn(r.generateCnf.bind(r),vr.PopTokenGenerateCnf,this.logger,this.performanceClient,e.correlationId)(t,this.logger);n=o.reqCnfString,i.keyId=o.kid,i.signPopToken=!0}i.reqCnf=n}return this.addRequestSKUs(i),i}async getCanonicalAuthority(e){const t=e.authority||this.config.auth.authority;e.account&&await this.getDiscoveredAuthority({requestAuthority:t,requestAzureCloudOptions:e.azureCloudOptions,account:e.account});const r=new ir(t);return r.validateAsUri(),r}getPrompt(e){switch(this.apiId){case bs.ssoSilent:case bs.acquireTokenSilent_silentFlow:return this.logger.trace("initializeNativeRequest: silent request sets prompt to none"),b.NONE}if(e)switch(e){case b.NONE:case b.CONSENT:case b.LOGIN:return this.logger.trace("initializeNativeRequest: prompt is compatible with native flow"),e;default:throw this.logger.trace(`initializeNativeRequest: prompt = ${e} is not compatible with native flow`),Wi(Li)}else this.logger.trace("initializeNativeRequest: prompt was not provided")}handleExtraBrokerParams(e){const t=e.extraParameters&&e.extraParameters.hasOwnProperty($r)&&e.extraParameters.hasOwnProperty(Qr)&&e.extraParameters.hasOwnProperty(Dr);if(!e.embeddedClientId&&!t)return;let r="";const n=e.redirectUri;e.embeddedClientId?(e.redirectUri=this.config.auth.redirectUri,r=e.embeddedClientId):e.extraParameters&&(e.redirectUri=e.extraParameters[Qr],r=e.extraParameters[Dr]),e.extraParameters={child_client_id:r,child_redirect_uri:n},this.performanceClient?.addFields({embeddedClientId:r,embeddedRedirectUri:n},e.correlationId)}}async function Xc(e,t,r,n,o){const i=Oo({...e.auth,authority:t},r,n,o);if(sn(i,{sku:es,version:Da,os:"",cpu:""}),e.auth.protocolMode!==Cr.OIDC&&an(i,e.telemetry.application),r.platformBroker&&(function(e){e.set("nativebroker","1")}(i),r.authenticationScheme===W.POP)){const e=new uc(n,o),t=new Ao(e);let s;if(r.popKid)s=e.encodeKid(r.popKid);else{s=(await Rn(t.generateCnf.bind(t),vr.PopTokenGenerateCnf,n,o,r.correlationId)(r,n)).reqCnfString}Cn(i,s)}return Wr(i,r.correlationId,o),i}async function Zc(e,r,n,o,i){if(!n.codeChallenge)throw Wt(Mt);const s=await Rn(Xc,vr.GetStandardParams,o,i,n.correlationId)(e,r,n,o,i);return Vr(s,E),ln(s,n.codeChallenge,t.S256_CODE_CHALLENGE_METHOD),fn(s,n.extraQueryParameters||{}),qo(r,s,e.auth.encodeExtraQueryParams,n.extraQueryParameters)}async function el(e,t,r,n,o,i){if(!n.earJwk)throw Wi(jo);const s=await Xc(t,r,n,o,i);Vr(s,R),function(e,t){e.set("ear_jwk",encodeURIComponent(t)),e.set("ear_jwe_crypto","eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0")}(s,n.earJwk);const a=new Map;fn(a,n.extraQueryParameters||{});return rl(e,qo(r,a,t.auth.encodeExtraQueryParams,n.extraQueryParameters),s)}async function tl(e,r,n,o,i,s){const a=await Xc(r,n,o,i,s);Vr(a,E),ln(a,o.codeChallenge,o.codeChallengeMethod||t.S256_CODE_CHALLENGE_METHOD),function(e,t){Object.entries(t).forEach((([t,r])=>{r&&e.set(t,r)}))}(a,o.authorizePostBodyParameters||{});const c=new Map;fn(c,o.extraQueryParameters||{});return rl(e,qo(n,c,r.auth.encodeExtraQueryParams,o.extraQueryParameters),a)}function rl(e,t,r){const n=e.createElement("form");return n.method="post",n.action=t,r.forEach(((t,r)=>{const o=e.createElement("input");o.hidden=!0,o.name=r,o.value=t,n.appendChild(o)})),e.body.appendChild(n),n}async function nl(e,t,r,n,o,i,s,a,c,l){if(a.verbose("Account id found, calling WAM for token"),!l)throw Wi(Ni);const h=new uc(a,c),d=new Yc(n,o,h,a,s,n.system.navigationClient,r,c,l,t,i,e.correlationId),{userRequestState:u}=Io.parseRequestState(h,e.state);return Rn(d.acquireToken.bind(d),vr.NativeInteractionClientAcquireToken,a,c,e.correlationId)({...e,state:u,prompt:void 0})}async function ol(e,t,r,n,o,i,s,a,c,l,h,d){if(Xn.removeThrottle(s,o.auth.clientId,e),t.accountId)return Rn(nl,vr.HandleResponsePlatformBroker,l,h,e.correlationId)(e,t.accountId,n,o,s,a,c,l,h,d);const u={...e,code:t.code||"",codeVerifier:r},g=new Gc(i,s,u,l,h);return await Rn(g.handleCodeResponse.bind(g),vr.HandleCodeResponse,l,h,e.correlationId)(t,e)}async function il(e,t,r,n,o,i,s,a,c,l,h){if(Xn.removeThrottle(i,n.auth.clientId,e),No(t,e.state),!t.ear_jwe)throw Wi(Wo);if(!e.earJwk)throw Wi(jo);const d=JSON.parse(await Rn(ra,vr.DecryptEarResponse,c,l,e.correlationId)(e.earJwk,t.ear_jwe));if(d.accountId)return Rn(nl,vr.HandleResponsePlatformBroker,c,l,e.correlationId)(e,d.accountId,r,n,i,s,a,c,l,h);const u=new So(n.auth.clientId,i,new uc(c,l),c,null,null,l);u.validateTokenResponse(d);const g={code:"",state:e.state,nonce:e.nonce,client_info:d.client_info,cloud_graph_host_name:d.cloud_graph_host_name,cloud_instance_host_name:d.cloud_instance_host_name,cloud_instance_name:d.cloud_instance_name,msgraph_host:d.msgraph_host};return await Rn(u.handleServerTokenResponse.bind(u),vr.HandleServerTokenResponse,c,l,e.correlationId)(d,o,Pn(),e,g,void 0,void 0,void 0,void 0)}async function sl(e,t,r){e.addQueueMeasurement(vr.GeneratePkceCodes,r);const n=En(al,vr.GenerateCodeVerifier,t,e,r)(e,t,r);return{verifier:n,challenge:await Rn(cl,vr.GenerateCodeChallengeFromVerifier,t,e,r)(n,e,t,r)}}function al(e,t,r){try{const n=new Uint8Array(32);En(Ys,vr.GetRandomValues,t,e,r)(n);return Us(n)}catch(e){throw Wi(Qo)}}async function cl(e,t,r,n){t.addQueueMeasurement(vr.GenerateCodeChallengeFromVerifier,n);try{const o=await Rn(Js,vr.Sha256Digest,r,t,n)(e,t,n);return Us(new Uint8Array(o))}catch(e){throw Wi(Qo)}}class ll{constructor(e,t,r,n){this.logger=e,this.handshakeTimeoutMs=t,this.extensionId=n,this.resolvers=new Map,this.handshakeResolvers=new Map,this.messageChannel=new MessageChannel,this.windowListener=this.onWindowMessage.bind(this),this.performanceClient=r,this.handshakeEvent=r.startMeasurement(vr.NativeMessageHandlerHandshake),this.platformAuthType=cs}async sendMessage(e){this.logger.trace(this.platformAuthType+" - sendMessage called.");const t={method:ds,request:e},r={channel:ts,extensionId:this.extensionId,responseId:Zs(),body:t};this.logger.trace(this.platformAuthType+" - Sending request to browser extension"),this.logger.tracePii(this.platformAuthType+` - Sending request to browser extension: ${JSON.stringify(r)}`),this.messageChannel.port1.postMessage(r);const n=await new Promise(((e,t)=>{this.resolvers.set(r.responseId,{resolve:e,reject:t})}));return this.validatePlatformBrokerResponse(n)}static async createProvider(e,t,r){e.trace("PlatformAuthExtensionHandler - createProvider called.");try{const n=new ll(e,t,r,rs);return await n.sendHandshakeRequest(),n}catch(n){const o=new ll(e,t,r);return await o.sendHandshakeRequest(),o}}async sendHandshakeRequest(){this.logger.trace(this.platformAuthType+" - sendHandshakeRequest called."),window.addEventListener("message",this.windowListener,!1);const e={channel:ts,extensionId:this.extensionId,responseId:Zs(),body:{method:ls}};return this.handshakeEvent.add({extensionId:this.extensionId,extensionHandshakeTimeoutMs:this.handshakeTimeoutMs}),this.messageChannel.port1.onmessage=e=>{this.onChannelMessage(e)},window.postMessage(e,window.origin,[this.messageChannel.port2]),new Promise(((t,r)=>{this.handshakeResolvers.set(e.responseId,{resolve:t,reject:r}),this.timeoutId=window.setTimeout((()=>{window.removeEventListener("message",this.windowListener,!1),this.messageChannel.port1.close(),this.messageChannel.port2.close(),this.handshakeEvent.end({extensionHandshakeTimedOut:!0,success:!1}),r(Wi(Oi)),this.handshakeResolvers.delete(e.responseId)}),this.handshakeTimeoutMs)}))}onWindowMessage(e){if(this.logger.trace(this.platformAuthType+" - onWindowMessage called"),e.source!==window)return;const t=e.data;if(t.channel&&t.channel===ts&&(!t.extensionId||t.extensionId===this.extensionId)&&t.body.method===ls){const e=this.handshakeResolvers.get(t.responseId);if(!e)return void this.logger.trace(this.platformAuthType+`.onWindowMessage - resolver can't be found for request ${t.responseId}`);this.logger.verbose(t.extensionId?`Extension with id: ${t.extensionId} not installed`:"No extension installed"),clearTimeout(this.timeoutId),this.messageChannel.port1.close(),this.messageChannel.port2.close(),window.removeEventListener("message",this.windowListener,!1),this.handshakeEvent.end({success:!1,extensionInstalled:!1}),e.reject(Wi(qi))}}onChannelMessage(e){this.logger.trace(this.platformAuthType+" - onChannelMessage called.");const t=e.data,r=this.resolvers.get(t.responseId),n=this.handshakeResolvers.get(t.responseId);try{const e=t.body.method;if(e===us){if(!r)return;const e=t.body.response;if(this.logger.trace(this.platformAuthType+" - Received response from browser extension"),this.logger.tracePii(this.platformAuthType+` - Received response from browser extension: ${JSON.stringify(e)}`),"Success"!==e.status)r.reject(Vc(e.code,e.description,e.ext));else{if(!e.result)throw ve(ge,"Event does not contain result.");e.result.code&&e.result.description?r.reject(Vc(e.result.code,e.result.description,e.result.ext)):r.resolve(e.result)}this.resolvers.delete(t.responseId)}else if(e===hs){if(!n)return void this.logger.trace(this.platformAuthType+`.onChannelMessage - resolver can't be found for request ${t.responseId}`);clearTimeout(this.timeoutId),window.removeEventListener("message",this.windowListener,!1),this.extensionId=t.extensionId,this.extensionVersion=t.body.version,this.logger.verbose(this.platformAuthType+` - Received HandshakeResponse from extension: ${this.extensionId}`),this.handshakeEvent.end({extensionInstalled:!0,success:!0}),n.resolve(),this.handshakeResolvers.delete(t.responseId)}}catch(t){this.logger.error("Error parsing response from WAM Extension"),this.logger.errorPii(`Error parsing response from WAM Extension: ${t}`),this.logger.errorPii(`Unable to parse ${e}`),r?r.reject(t):n&&n.reject(t)}}validatePlatformBrokerResponse(e){if(e.hasOwnProperty("access_token")&&e.hasOwnProperty("id_token")&&e.hasOwnProperty("client_info")&&e.hasOwnProperty("account")&&e.hasOwnProperty("scope")&&e.hasOwnProperty("expires_in"))return e;throw ve(ge,"Response missing expected properties.")}getExtensionId(){return this.extensionId}getExtensionVersion(){return this.extensionVersion}getExtensionName(){return this.getExtensionId()===rs?"chrome":this.getExtensionId()?.length?"unknown":void 0}}class hl{constructor(e,t,r){this.logger=e,this.performanceClient=t,this.correlationId=r,this.platformAuthType=as}static async createProvider(e,t,r){if(e.trace("PlatformAuthDOMHandler: createProvider called"),window.navigator?.platformAuthentication){const n=await window.navigator.platformAuthentication.getSupportedContracts(os);if(n?.includes(ss))return e.trace("Platform auth api available in DOM"),new hl(e,t,r)}}getExtensionId(){return os}getExtensionVersion(){return""}getExtensionName(){return is}async sendMessage(e){this.logger.trace(this.platformAuthType+" - Sending request to browser DOM API");try{const t=this.initializePlatformDOMRequest(e),r=await window.navigator.platformAuthentication.executeGetToken(t);return this.validatePlatformBrokerResponse(r)}catch(e){throw this.logger.error(this.platformAuthType+" - executeGetToken DOM API error"),e}}initializePlatformDOMRequest(e){this.logger.trace(this.platformAuthType+" - initializeNativeDOMRequest called");const{accountId:t,clientId:r,authority:n,scope:o,redirectUri:i,correlationId:s,state:a,storeInCache:c,embeddedClientId:l,extraParameters:h,...d}=e,u=this.getDOMExtraParams(d);return{accountId:t,brokerId:this.getExtensionId(),authority:n,clientId:r,correlationId:s||this.correlationId,extraParameters:{...h,...u},isSecurityTokenService:!1,redirectUri:i,scope:o,state:a,storeInCache:c,embeddedClientId:l}}validatePlatformBrokerResponse(e){if(e.hasOwnProperty("isSuccess")){if(e.hasOwnProperty("accessToken")&&e.hasOwnProperty("idToken")&&e.hasOwnProperty("clientInfo")&&e.hasOwnProperty("account")&&e.hasOwnProperty("scopes")&&e.hasOwnProperty("expiresIn"))return this.logger.trace(this.platformAuthType+" - platform broker returned successful and valid response"),this.convertToPlatformBrokerResponse(e);if(e.hasOwnProperty("error")){const t=e;if(!1===t.isSuccess&&t.error&&t.error.code)throw this.logger.trace(this.platformAuthType+" - platform broker returned error response"),Vc(t.error.code,t.error.description,{error:parseInt(t.error.errorCode),protocol_error:t.error.protocolError,status:t.error.status,properties:t.error.properties})}}throw ve(ge,"Response missing expected properties.")}convertToPlatformBrokerResponse(e){this.logger.trace(this.platformAuthType+" - convertToNativeResponse called");return{access_token:e.accessToken,id_token:e.idToken,client_info:e.clientInfo,account:e.account,expires_in:e.expiresIn,scope:e.scopes,state:e.state||"",properties:e.properties||{},extendedLifetimeToken:e.extendedLifetimeToken??!1,shr:e.proofOfPossessionPayload}}getDOMExtraParams(e){return{...Object.entries(e).reduce(((e,[t,r])=>(e[t]=String(r),e)),{})}}}async function dl(e,t,r,n){e.trace("getPlatformAuthProvider called",r);const o=function(){let e;try{return e=window[gs.SessionStorage],"true"===e?.getItem($a)}catch(e){return!1}}();let i;e.trace("Has client allowed platform auth via DOM API: "+o);try{o&&(i=await hl.createProvider(e,t,r)),i||(e.trace("Platform auth via DOM API not available, checking for extension"),i=await ll.createProvider(e,n||2e3,t))}catch(t){e.trace("Platform auth not available",t)}return i}function ul(e,t,r,n){if(t.trace("isPlatformAuthAllowed called"),!e.system.allowPlatformBroker)return t.trace("isPlatformAuthAllowed: allowPlatformBroker is not enabled, returning false"),!1;if(!r)return t.trace("isPlatformAuthAllowed: Platform auth provider is not initialized, returning false"),!1;if(n)switch(n){case W.BEARER:case W.POP:return t.trace("isPlatformAuthAllowed: authenticationScheme is supported, returning true"),!0;default:return t.trace("isPlatformAuthAllowed: authenticationScheme is not supported, returning false"),!1}return!0}class gl extends Fc{constructor(e,t,r,n,o,i,s,a,c,l){super(e,t,r,n,o,i,s,c,l),this.unloadWindow=this.unloadWindow.bind(this),this.nativeStorage=a,this.eventHandler=o}acquireToken(e,t){let r;try{if(r={popupName:this.generatePopupName(e.scopes||h,e.authority||this.config.auth.authority),popupWindowAttributes:e.popupWindowAttributes||{},popupWindowParent:e.popupWindowParent??window},this.performanceClient.addFields({isAsyncPopup:this.config.system.asyncPopups},this.correlationId),this.config.system.asyncPopups)return this.logger.verbose("asyncPopups set to true, acquiring token"),this.acquireTokenPopupAsync(e,r,t);{const n={...e,httpMethod:Bc(e,this.config.auth.protocolMode)};return this.logger.verbose("asyncPopup set to false, opening popup before acquiring token"),r.popup=this.openSizedPopup("about:blank",r),this.acquireTokenPopupAsync(n,r,t)}}catch(e){return Promise.reject(e)}}logout(e){try{this.logger.verbose("logoutPopup called");const t=this.initializeLogoutRequest(e),r={popupName:this.generateLogoutPopupName(t),popupWindowAttributes:e?.popupWindowAttributes||{},popupWindowParent:e?.popupWindowParent??window},n=e&&e.authority,o=e&&e.mainWindowRedirectUri;return this.config.system.asyncPopups?(this.logger.verbose("asyncPopups set to true"),this.logoutPopupAsync(t,r,n,o)):(this.logger.verbose("asyncPopup set to false, opening popup"),r.popup=this.openSizedPopup("about:blank",r),this.logoutPopupAsync(t,r,n,o))}catch(e){return Promise.reject(e)}}async acquireTokenPopupAsync(t,r,n){this.logger.verbose("acquireTokenPopupAsync called");const o=await Rn(this.initializeAuthorizationRequest.bind(this),vr.StandardInteractionClientInitializeAuthorizationRequest,this.logger,this.performanceClient,this.correlationId)(t,e.InteractionType.Popup);r.popup&&Pa(o.authority);const i=ul(this.config,this.logger,this.platformAuthProvider,t.authenticationScheme);return o.platformBroker=i,this.config.auth.protocolMode===Cr.EAR?this.executeEarFlow(o,r):this.executeCodeFlow(o,r,n)}async executeCodeFlow(t,r,n){const o=t.correlationId,i=this.initializeServerTelemetryManager(bs.acquireTokenPopup),s=n||await Rn(sl,vr.GeneratePkceCodes,this.logger,this.performanceClient,o)(this.performanceClient,this.logger,o),a={...t,codeChallenge:s.challenge};try{const n=await Rn(this.createAuthCodeClient.bind(this),vr.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,o)({serverTelemetryManager:i,requestAuthority:a.authority,requestAzureCloudOptions:a.azureCloudOptions,requestExtraQueryParameters:a.extraQueryParameters,account:a.account});if(a.httpMethod===l)return await this.executeCodeFlowWithPost(a,r,n,s.verifier);{const i=await Rn(Zc,vr.GetAuthCodeUrl,this.logger,this.performanceClient,o)(this.config,n.authority,a,this.logger,this.performanceClient),c=this.initiateAuthRequest(i,r);this.eventHandler.emitEvent(kc.POPUP_OPENED,e.InteractionType.Popup,{popupWindow:c},null);const l=await this.monitorPopupForHash(c,r.popupWindowParent),h=En(zc,vr.DeserializeResponse,this.logger,this.performanceClient,this.correlationId)(l,this.config.auth.OIDCOptions.serverResponseType,this.logger);return await Rn(ol,vr.HandleResponseCode,this.logger,this.performanceClient,o)(t,h,s.verifier,bs.acquireTokenPopup,this.config,n,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}}catch(e){throw r.popup?.close(),e instanceof Ce&&(e.setCorrelationId(this.correlationId),i.cacheFailedRequest(e)),e}}async executeEarFlow(e,t){const r=e.correlationId,n=await Rn(this.getDiscoveredAuthority.bind(this),vr.StandardInteractionClientGetDiscoveredAuthority,this.logger,this.performanceClient,r)({requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account}),o=await Rn(ta,vr.GenerateEarKey,this.logger,this.performanceClient,r)(),i={...e,earJwk:o},s=t.popup||this.openPopup("about:blank",t);(await el(s.document,this.config,n,i,this.logger,this.performanceClient)).submit();const a=await Rn(this.monitorPopupForHash.bind(this),vr.SilentHandlerMonitorIframeForHash,this.logger,this.performanceClient,r)(s,t.popupWindowParent),c=En(zc,vr.DeserializeResponse,this.logger,this.performanceClient,this.correlationId)(a,this.config.auth.OIDCOptions.serverResponseType,this.logger);return Rn(il,vr.HandleResponseEar,this.logger,this.performanceClient,r)(i,c,bs.acquireTokenPopup,this.config,n,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}async executeCodeFlowWithPost(e,t,r,n){const o=e.correlationId,i=await Rn(this.getDiscoveredAuthority.bind(this),vr.StandardInteractionClientGetDiscoveredAuthority,this.logger,this.performanceClient,o)({requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account}),s=t.popup||this.openPopup("about:blank",t);(await tl(s.document,this.config,i,e,this.logger,this.performanceClient)).submit();const a=await Rn(this.monitorPopupForHash.bind(this),vr.SilentHandlerMonitorIframeForHash,this.logger,this.performanceClient,o)(s,t.popupWindowParent),c=En(zc,vr.DeserializeResponse,this.logger,this.performanceClient,this.correlationId)(a,this.config.auth.OIDCOptions.serverResponseType,this.logger);return Rn(ol,vr.HandleResponseCode,this.logger,this.performanceClient,o)(e,c,n,bs.acquireTokenPopup,this.config,r,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}async logoutPopupAsync(t,r,n,o){this.logger.verbose("logoutPopupAsync called"),this.eventHandler.emitEvent(kc.LOGOUT_START,e.InteractionType.Popup,t);const i=this.initializeServerTelemetryManager(bs.logoutPopup);try{await this.clearCacheOnLogout(this.correlationId,t.account);const s=await Rn(this.createAuthCodeClient.bind(this),vr.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:i,requestAuthority:n,account:t.account||void 0});try{s.authority.endSessionEndpoint}catch{if(t.account?.homeAccountId&&t.postLogoutRedirectUri&&s.authority.protocolMode===Cr.OIDC){if(this.eventHandler.emitEvent(kc.LOGOUT_SUCCESS,e.InteractionType.Popup,t),o){const e={apiId:bs.logoutPopup,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},t=ir.getAbsoluteUrl(o,Ia());await this.navigationClient.navigateInternal(t,e)}return void r.popup?.close()}}const a=s.getLogoutUri(t);this.eventHandler.emitEvent(kc.LOGOUT_SUCCESS,e.InteractionType.Popup,t);const c=this.openPopup(a,r);if(this.eventHandler.emitEvent(kc.POPUP_OPENED,e.InteractionType.Popup,{popupWindow:c},null),await this.monitorPopupForHash(c,r.popupWindowParent).catch((()=>{})),o){const e={apiId:bs.logoutPopup,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},t=ir.getAbsoluteUrl(o,Ia());this.logger.verbose("Redirecting main window to url specified in the request"),this.logger.verbosePii(`Redirecting main window to: ${t}`),await this.navigationClient.navigateInternal(t,e)}else this.logger.verbose("No main window navigation requested")}catch(t){throw r.popup?.close(),t instanceof Ce&&(t.setCorrelationId(this.correlationId),i.cacheFailedRequest(t)),this.eventHandler.emitEvent(kc.LOGOUT_FAILURE,e.InteractionType.Popup,null,t),this.eventHandler.emitEvent(kc.LOGOUT_END,e.InteractionType.Popup),t}this.eventHandler.emitEvent(kc.LOGOUT_END,e.InteractionType.Popup)}initiateAuthRequest(e,t){if(e)return this.logger.infoPii(`Navigate to: ${e}`),this.openPopup(e,t);throw this.logger.error("Navigate url is empty"),Wi(Jo)}monitorPopupForHash(e,t){return new Promise(((t,r)=>{this.logger.verbose("PopupHandler.monitorPopupForHash - polling started");const n=setInterval((()=>{if(e.closed)return this.logger.error("PopupHandler.monitorPopupForHash - window closed"),clearInterval(n),void r(Wi(ii));let o="";try{o=e.location.href}catch(e){}if(!o||"about:blank"===o)return;clearInterval(n);let i="";const s=this.config.auth.OIDCOptions.serverResponseType;e&&(i=s===_.QUERY?e.location.search:e.location.hash),this.logger.verbose("PopupHandler.monitorPopupForHash - popup window is on same origin as caller"),t(i)}),this.config.system.pollIntervalMilliseconds)})).finally((()=>{this.cleanPopup(e,t)}))}openPopup(e,t){try{let r;if(t.popup?(r=t.popup,this.logger.verbosePii(`Navigating popup window to: ${e}`),r.location.assign(e)):void 0===t.popup&&(this.logger.verbosePii(`Opening popup window to: ${e}`),r=this.openSizedPopup(e,t)),!r)throw Wi(oi);return r.focus&&r.focus(),this.currentWindow=r,t.popupWindowParent.addEventListener("beforeunload",this.unloadWindow),r}catch(e){throw this.logger.error("error opening popup "+e.message),Wi(ni)}}openSizedPopup(e,{popupName:t,popupWindowAttributes:r,popupWindowParent:n}){const o=n.screenLeft?n.screenLeft:n.screenX,i=n.screenTop?n.screenTop:n.screenY,s=n.innerWidth||document.documentElement.clientWidth||document.body.clientWidth,a=n.innerHeight||document.documentElement.clientHeight||document.body.clientHeight;let c=r.popupSize?.width,l=r.popupSize?.height,h=r.popupPosition?.top,d=r.popupPosition?.left;return(!c||c<0||c>s)&&(this.logger.verbose("Default popup window width used. Window width not configured or invalid."),c=Ji),(!l||l<0||l>a)&&(this.logger.verbose("Default popup window height used. Window height not configured or invalid."),l=Yi),(!h||h<0||h>a)&&(this.logger.verbose("Default popup window top position used. Window top not configured or invalid."),h=Math.max(0,a/2-Yi/2+i)),(!d||d<0||d>s)&&(this.logger.verbose("Default popup window left position used. Window left not configured or invalid."),d=Math.max(0,s/2-Ji/2+o)),n.open(e,t,`width=${c}, height=${l}, top=${h}, left=${d}, scrollbars=yes`)}unloadWindow(e){this.currentWindow&&this.currentWindow.close(),e.preventDefault()}cleanPopup(e,t){e.close(),t.removeEventListener("beforeunload",this.unloadWindow)}generatePopupName(e,t){return`${Xi}.${this.config.auth.clientId}.${e.join("-")}.${t}.${this.correlationId}`}generateLogoutPopupName(e){const t=e.account&&e.account.homeAccountId;return`${Xi}.${this.config.auth.clientId}.${t}.${this.correlationId}`}}class pl extends Fc{constructor(e,t,r,n,o,i,s,a,c,l){super(e,t,r,n,o,i,s,c,l),this.nativeStorage=a}async acquireToken(t){const r=await Rn(this.initializeAuthorizationRequest.bind(this),vr.StandardInteractionClientInitializeAuthorizationRequest,this.logger,this.performanceClient,this.correlationId)(t,e.InteractionType.Redirect);r.platformBroker=ul(this.config,this.logger,this.platformAuthProvider,t.authenticationScheme);const n=t=>{t.persisted&&(this.logger.verbose("Page was restored from back/forward cache. Clearing temporary cache."),this.browserStorage.resetRequestCache(),this.eventHandler.emitEvent(kc.RESTORE_FROM_BFCACHE,e.InteractionType.Redirect))},o=this.getRedirectStartPage(t.redirectStartPage);this.logger.verbosePii(`Redirect start page: ${o}`),this.browserStorage.setTemporaryCache(Cs,o,!0),window.addEventListener("pageshow",n);try{this.config.auth.protocolMode===Cr.EAR?await this.executeEarFlow(r):await this.executeCodeFlow(r,t.onRedirectNavigate)}catch(e){throw e instanceof Ce&&e.setCorrelationId(this.correlationId),window.removeEventListener("pageshow",n),e}}async executeCodeFlow(e,t){const r=e.correlationId,n=this.initializeServerTelemetryManager(bs.acquireTokenRedirect),o=await Rn(sl,vr.GeneratePkceCodes,this.logger,this.performanceClient,r)(this.performanceClient,this.logger,r),i={...e,codeChallenge:o.challenge};this.browserStorage.cacheAuthorizeRequest(i,o.verifier);try{if(i.httpMethod===l)return await this.executeCodeFlowWithPost(i);{const r=await Rn(this.createAuthCodeClient.bind(this),vr.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:n,requestAuthority:i.authority,requestAzureCloudOptions:i.azureCloudOptions,requestExtraQueryParameters:i.extraQueryParameters,account:i.account}),o=await Rn(Zc,vr.GetAuthCodeUrl,this.logger,this.performanceClient,e.correlationId)(this.config,r.authority,i,this.logger,this.performanceClient);return await this.initiateAuthRequest(o,t)}}catch(e){throw e instanceof Ce&&(e.setCorrelationId(this.correlationId),n.cacheFailedRequest(e)),e}}async executeEarFlow(e){const t=e.correlationId,r=await Rn(this.getDiscoveredAuthority.bind(this),vr.StandardInteractionClientGetDiscoveredAuthority,this.logger,this.performanceClient,t)({requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account}),n=await Rn(ta,vr.GenerateEarKey,this.logger,this.performanceClient,t)(),o={...e,earJwk:n};this.browserStorage.cacheAuthorizeRequest(o);return(await el(document,this.config,r,o,this.logger,this.performanceClient)).submit(),new Promise(((e,t)=>{setTimeout((()=>{t(Wi(zi,"failed_to_redirect"))}),this.config.system.redirectNavigationTimeout)}))}async executeCodeFlowWithPost(e){const t=e.correlationId,r=await Rn(this.getDiscoveredAuthority.bind(this),vr.StandardInteractionClientGetDiscoveredAuthority,this.logger,this.performanceClient,t)({requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account});this.browserStorage.cacheAuthorizeRequest(e);return(await tl(document,this.config,r,e,this.logger,this.performanceClient)).submit(),new Promise(((e,t)=>{setTimeout((()=>{t(Wi(zi,"failed_to_redirect"))}),this.config.system.redirectNavigationTimeout)}))}async handleRedirectPromise(e="",r,n,o){const i=this.initializeServerTelemetryManager(bs.handleRedirectPromise);try{const[s,a]=this.getRedirectResponse(e||"");if(!s)return this.logger.info("handleRedirectPromise did not detect a response as a result of a redirect. Cleaning temporary cache."),this.browserStorage.resetRequestCache(),"back_forward"!==function(){if("undefined"==typeof window||void 0===window.performance||"function"!=typeof window.performance.getEntriesByType)return;const e=window.performance.getEntriesByType("navigation"),t=e.length?e[0]:void 0;return t?.type}()?o.event.errorCode="no_server_response":this.logger.verbose("Back navigation event detected. Muting no_server_response error"),null;const c=this.browserStorage.getTemporaryCache(Cs,!0)||t.EMPTY_STRING,l=ir.removeHashFromUrl(c);if(l===ir.removeHashFromUrl(window.location.href)&&this.config.auth.navigateToLoginRequestUrl){this.logger.verbose("Current page is loginRequestUrl, handling response"),c.indexOf("#")>-1&&Ca(c);return await this.handleResponse(s,r,n,i)}if(!this.config.auth.navigateToLoginRequestUrl)return this.logger.verbose("NavigateToLoginRequestUrl set to false, handling response"),await this.handleResponse(s,r,n,i);if(!va()||this.config.system.allowRedirectInIframe){this.browserStorage.setTemporaryCache(vs,a,!0);const e={apiId:bs.handleRedirectPromise,timeout:this.config.system.redirectNavigationTimeout,noHistory:!0};let t=!0;if(c&&"null"!==c)this.logger.verbose(`Navigating to loginRequestUrl: ${c}`),t=await this.navigationClient.navigateInternal(c,e);else{const r=Ta();this.browserStorage.setTemporaryCache(Cs,r,!0),this.logger.warning("Unable to get valid login request url from cache, redirecting to home page"),t=await this.navigationClient.navigateInternal(r,e)}if(!t)return await this.handleResponse(s,r,n,i)}return null}catch(e){throw e instanceof Ce&&(e.setCorrelationId(this.correlationId),i.cacheFailedRequest(e)),e}}getRedirectResponse(t){this.logger.verbose("getRedirectResponseHash called");let r=t;r||(r=this.config.auth.OIDCOptions.serverResponseType===_.QUERY?window.location.search:window.location.hash);let n=nr(r);if(n){try{Kc(n,this.browserCrypto,e.InteractionType.Redirect)}catch(e){return e instanceof Ce&&this.logger.error(`Interaction type validation failed due to ${e.errorCode}: ${e.errorMessage}`),[null,""]}return ya(window),this.logger.verbose("Hash contains known properties, returning response hash"),[n,r]}const o=this.browserStorage.getTemporaryCache(vs,!0);return this.browserStorage.removeItem(this.browserStorage.generateCacheKey(vs)),o&&(n=nr(o),n)?(this.logger.verbose("Hash does not contain known properties, returning cached hash"),[n,o]):[null,""]}async handleResponse(e,t,r,n){if(!e.state)throw Wi(Xo);if(e.ear_jwe){const r=await Rn(this.getDiscoveredAuthority.bind(this),vr.StandardInteractionClientGetDiscoveredAuthority,this.logger,this.performanceClient,t.correlationId)({requestAuthority:t.authority,requestAzureCloudOptions:t.azureCloudOptions,requestExtraQueryParameters:t.extraQueryParameters,account:t.account});return Rn(il,vr.HandleResponseEar,this.logger,this.performanceClient,t.correlationId)(t,e,bs.acquireTokenRedirect,this.config,r,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}const o=await Rn(this.createAuthCodeClient.bind(this),vr.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:n,requestAuthority:t.authority});return Rn(ol,vr.HandleResponseCode,this.logger,this.performanceClient,t.correlationId)(t,e,r,bs.acquireTokenRedirect,this.config,o,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}async initiateAuthRequest(e,t){if(this.logger.verbose("RedirectHandler.initiateAuthRequest called"),e){this.logger.infoPii(`RedirectHandler.initiateAuthRequest: Navigate to: ${e}`);const r={apiId:bs.acquireTokenRedirect,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},n=t||this.config.auth.onRedirectNavigate;if("function"==typeof n){this.logger.verbose("RedirectHandler.initiateAuthRequest: Invoking onRedirectNavigate callback");return!1!==n(e)?(this.logger.verbose("RedirectHandler.initiateAuthRequest: onRedirectNavigate did not return false, navigating"),void await this.navigationClient.navigateExternal(e,r)):void this.logger.verbose("RedirectHandler.initiateAuthRequest: onRedirectNavigate returned false, stopping navigation")}return this.logger.verbose("RedirectHandler.initiateAuthRequest: Navigating window to navigate url"),void await this.navigationClient.navigateExternal(e,r)}throw this.logger.info("RedirectHandler.initiateAuthRequest: Navigate url is empty"),Wi(Jo)}async logout(t){this.logger.verbose("logoutRedirect called");const r=this.initializeLogoutRequest(t),n=this.initializeServerTelemetryManager(bs.logout);try{this.eventHandler.emitEvent(kc.LOGOUT_START,e.InteractionType.Redirect,t),await this.clearCacheOnLogout(this.correlationId,r.account);const o={apiId:bs.logout,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},i=await Rn(this.createAuthCodeClient.bind(this),vr.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:n,requestAuthority:t&&t.authority,requestExtraQueryParameters:t?.extraQueryParameters,account:t&&t.account||void 0});if(i.authority.protocolMode===Cr.OIDC)try{i.authority.endSessionEndpoint}catch{if(r.account?.homeAccountId)return void this.eventHandler.emitEvent(kc.LOGOUT_SUCCESS,e.InteractionType.Redirect,r)}const s=i.getLogoutUri(r);if(this.eventHandler.emitEvent(kc.LOGOUT_SUCCESS,e.InteractionType.Redirect,r),!t||"function"!=typeof t.onRedirectNavigate)return this.browserStorage.getInteractionInProgress()||this.browserStorage.setInteractionInProgress(!0,ys),void await this.navigationClient.navigateExternal(s,o);if(!1!==t.onRedirectNavigate(s))return this.logger.verbose("Logout onRedirectNavigate did not return false, navigating"),this.browserStorage.getInteractionInProgress()||this.browserStorage.setInteractionInProgress(!0,ys),void await this.navigationClient.navigateExternal(s,o);this.browserStorage.setInteractionInProgress(!1),this.logger.verbose("Logout onRedirectNavigate returned false, stopping navigation")}catch(t){throw t instanceof Ce&&(t.setCorrelationId(this.correlationId),n.cacheFailedRequest(t)),this.eventHandler.emitEvent(kc.LOGOUT_FAILURE,e.InteractionType.Redirect,null,t),this.eventHandler.emitEvent(kc.LOGOUT_END,e.InteractionType.Redirect),t}this.eventHandler.emitEvent(kc.LOGOUT_END,e.InteractionType.Redirect)}getRedirectStartPage(e){const t=e||window.location.href;return ir.getAbsoluteUrl(t,Ia())}}async function ml(e,t,r,n,o){if(t.addQueueMeasurement(vr.SilentHandlerInitiateAuthRequest,n),!e)throw r.info("Navigate url is empty"),Wi(Jo);return o?Rn(vl,vr.SilentHandlerLoadFrame,r,t,n)(e,o,t,n):En(wl,vr.SilentHandlerLoadFrameSync,r,t,n)(e)}async function fl(e,t,r,n,o){const i=Il();if(!i.contentDocument)throw"No document associated with iframe!";return(await tl(i.contentDocument,e,t,r,n,o)).submit(),i}async function yl(e,t,r,n,o){const i=Il();if(!i.contentDocument)throw"No document associated with iframe!";return(await el(i.contentDocument,e,t,r,n,o)).submit(),i}async function Cl(e,t,r,n,o,i,s){return n.addQueueMeasurement(vr.SilentHandlerMonitorIframeForHash,i),new Promise(((n,i)=>{t<Ha&&o.warning(`system.loadFrameTimeout or system.iframeHashTimeout set to lower (${t}ms) than the default (10000ms). This may result in timeouts.`);const a=window.setTimeout((()=>{window.clearInterval(c),i(Wi(ai))}),t),c=window.setInterval((()=>{let t="";const r=e.contentWindow;try{t=r?r.location.href:""}catch(e){}if(!t||"about:blank"===t)return;let o="";r&&(o=s===_.QUERY?r.location.search:r.location.hash),window.clearTimeout(a),window.clearInterval(c),n(o)}),r)})).finally((()=>{En(Tl,vr.RemoveHiddenIframe,o,n,i)(e)}))}function vl(e,t,r,n){return r.addQueueMeasurement(vr.SilentHandlerLoadFrame,n),new Promise(((r,n)=>{const o=Il();window.setTimeout((()=>{o?(o.src=e,r(o)):n("Unable to load iframe")}),t)}))}function wl(e){const t=Il();return t.src=e,t}function Il(){const e=document.createElement("iframe");return e.className="msalSilentIframe",e.style.visibility="hidden",e.style.position="absolute",e.style.width=e.style.height="0",e.style.border="0",e.setAttribute("sandbox","allow-scripts allow-same-origin allow-forms"),document.body.appendChild(e),e}function Tl(e){document.body===e.parentNode&&document.body.removeChild(e)}class Al extends Fc{constructor(e,t,r,n,o,i,s,a,c,l,h){super(e,t,r,n,o,i,a,l,h),this.apiId=s,this.nativeStorage=c}async acquireToken(t){this.performanceClient.addQueueMeasurement(vr.SilentIframeClientAcquireToken,t.correlationId),t.loginHint||t.sid||t.account&&t.account.username||this.logger.warning("No user hint provided. The authorization server may need more information to complete this request.");const r={...t};r.prompt?r.prompt!==b.NONE&&r.prompt!==b.NO_SESSION&&(this.logger.warning(`SilentIframeClient. Replacing invalid prompt ${r.prompt} with ${b.NONE}`),r.prompt=b.NONE):r.prompt=b.NONE;const n=await Rn(this.initializeAuthorizationRequest.bind(this),vr.StandardInteractionClientInitializeAuthorizationRequest,this.logger,this.performanceClient,t.correlationId)(r,e.InteractionType.Silent);return n.platformBroker=ul(this.config,this.logger,this.platformAuthProvider,n.authenticationScheme),Pa(n.authority),this.config.auth.protocolMode===Cr.EAR?this.executeEarFlow(n):this.executeCodeFlow(n)}async executeCodeFlow(e){let t;const r=this.initializeServerTelemetryManager(this.apiId);try{return t=await Rn(this.createAuthCodeClient.bind(this),vr.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,e.correlationId)({serverTelemetryManager:r,requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account}),await Rn(this.silentTokenHelper.bind(this),vr.SilentIframeClientTokenHelper,this.logger,this.performanceClient,e.correlationId)(t,e)}catch(n){if(n instanceof Ce&&(n.setCorrelationId(this.correlationId),r.cacheFailedRequest(n)),!(t&&n instanceof Ce&&n.errorCode===Vi))throw n;return this.performanceClient.addFields({retryError:n.errorCode},this.correlationId),await Rn(this.silentTokenHelper.bind(this),vr.SilentIframeClientTokenHelper,this.logger,this.performanceClient,this.correlationId)(t,e)}}async executeEarFlow(e){const t=e.correlationId,r=await Rn(this.getDiscoveredAuthority.bind(this),vr.StandardInteractionClientGetDiscoveredAuthority,this.logger,this.performanceClient,t)({requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account}),n=await Rn(ta,vr.GenerateEarKey,this.logger,this.performanceClient,t)(),o={...e,earJwk:n},i=await Rn(yl,vr.SilentHandlerInitiateAuthRequest,this.logger,this.performanceClient,t)(this.config,r,o,this.logger,this.performanceClient),s=this.config.auth.OIDCOptions.serverResponseType,a=await Rn(Cl,vr.SilentHandlerMonitorIframeForHash,this.logger,this.performanceClient,t)(i,this.config.system.iframeHashTimeout,this.config.system.pollIntervalMilliseconds,this.performanceClient,this.logger,t,s),c=En(zc,vr.DeserializeResponse,this.logger,this.performanceClient,t)(a,s,this.logger);return Rn(il,vr.HandleResponseEar,this.logger,this.performanceClient,t)(o,c,this.apiId,this.config,r,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}logout(){return Promise.reject(Wi(ui))}async silentTokenHelper(e,t){const r=t.correlationId;this.performanceClient.addQueueMeasurement(vr.SilentIframeClientTokenHelper,r);const n=await Rn(sl,vr.GeneratePkceCodes,this.logger,this.performanceClient,r)(this.performanceClient,this.logger,r),o={...t,codeChallenge:n.challenge};let i;if(t.httpMethod===l)i=await Rn(fl,vr.SilentHandlerInitiateAuthRequest,this.logger,this.performanceClient,r)(this.config,e.authority,o,this.logger,this.performanceClient);else{const t=await Rn(Zc,vr.GetAuthCodeUrl,this.logger,this.performanceClient,r)(this.config,e.authority,o,this.logger,this.performanceClient);i=await Rn(ml,vr.SilentHandlerInitiateAuthRequest,this.logger,this.performanceClient,r)(t,this.performanceClient,this.logger,r,this.config.system.navigateFrameWait)}const s=this.config.auth.OIDCOptions.serverResponseType,a=await Rn(Cl,vr.SilentHandlerMonitorIframeForHash,this.logger,this.performanceClient,r)(i,this.config.system.iframeHashTimeout,this.config.system.pollIntervalMilliseconds,this.performanceClient,this.logger,r,s),c=En(zc,vr.DeserializeResponse,this.logger,this.performanceClient,r)(a,s,this.logger);return Rn(ol,vr.HandleResponseCode,this.logger,this.performanceClient,r)(t,c,n.verifier,this.apiId,this.config,e,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}}class kl extends Fc{async acquireToken(e){this.performanceClient.addQueueMeasurement(vr.SilentRefreshClientAcquireToken,e.correlationId);const t=await Rn(xc,vr.InitializeBaseRequest,this.logger,this.performanceClient,e.correlationId)(e,this.config,this.performanceClient,this.logger),r={...e,...t};e.redirectUri&&(r.redirectUri=this.getRedirectUri(e.redirectUri));const n=this.initializeServerTelemetryManager(bs.acquireTokenSilent_silentFlow),o=await this.createRefreshTokenClient({serverTelemetryManager:n,authorityUrl:r.authority,azureCloudOptions:r.azureCloudOptions,account:r.account});return Rn(o.acquireTokenByRefreshToken.bind(o),vr.RefreshTokenClientAcquireTokenByRefreshToken,this.logger,this.performanceClient,e.correlationId)(r).catch((e=>{throw e.setCorrelationId(this.correlationId),n.cacheFailedRequest(e),e}))}logout(){return Promise.reject(Wi(ui))}async createRefreshTokenClient(e){const t=await Rn(this.getClientConfiguration.bind(this),vr.StandardInteractionClientGetClientConfiguration,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:e.serverTelemetryManager,requestAuthority:e.authorityUrl,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account});return new _o(t,this.performanceClient)}}class Sl{constructor(e,t,r,n){this.isBrowserEnvironment="undefined"!=typeof window,this.config=e,this.storage=t,this.logger=r,this.cryptoObj=n}async loadExternalTokens(e,t,r){if(!this.isBrowserEnvironment)throw Wi(vi);const n=e.correlationId||Zs(),o=t.id_token?er(t.id_token,xs):void 0,i={protocolMode:this.config.auth.protocolMode,knownAuthorities:this.config.auth.knownAuthorities,cloudDiscoveryMetadata:this.config.auth.cloudDiscoveryMetadata,authorityMetadata:this.config.auth.authorityMetadata,skipAuthorityMetadataCache:this.config.auth.skipAuthorityMetadataCache},s=e.authority?new Qn(Qn.generateAuthority(e.authority,e.azureCloudOptions),this.config.system.networkClient,this.storage,i,this.logger,e.correlationId||Zs()):void 0,a=await this.loadAccount(e,r.clientInfo||t.client_info||"",n,o,s),c=await this.loadIdToken(t,a.homeAccountId,a.environment,a.realm,n),l=await this.loadAccessToken(e,t,a.homeAccountId,a.environment,a.realm,r,n),h=await this.loadRefreshToken(t,a.homeAccountId,a.environment,n);return this.generateAuthenticationResult(e,{account:a,idToken:c,accessToken:l,refreshToken:h},o,s)}async loadAccount(e,t,r,n,o){if(this.logger.verbose("TokenCache - loading account"),e.account){const t=no.createFromAccountInfo(e.account);return await this.storage.setAccount(t,r),t}if(!o||!t&&!n)throw this.logger.error("TokenCache - if an account is not provided on the request, authority and either clientInfo or idToken must be provided instead."),Wi(Si);const i=no.generateHomeAccountId(t,o.authorityType,this.logger,this.cryptoObj,n),s=n?.tid,a=bo(this.storage,o,i,xs,r,n,t,o.hostnameAndPort,s,void 0,void 0,this.logger);return await this.storage.setAccount(a,r),a}async loadIdToken(e,t,r,n,o){if(!e.id_token)return this.logger.verbose("TokenCache - no id token found in response"),null;this.logger.verbose("TokenCache - loading id token");const i=Ln(t,r,e.id_token,this.config.auth.clientId,n);return await this.storage.setIdTokenCredential(i,o),i}async loadAccessToken(e,t,r,n,o,i,s){if(!t.access_token)return this.logger.verbose("TokenCache - no access token found in response"),null;if(!t.expires_in)return this.logger.error("TokenCache - no expiration set on the access token. Cannot add it to the cache."),null;if(!(t.scope||e.scopes&&e.scopes.length))return this.logger.error("TokenCache - scopes not specified in the request or response. Cannot add token to the cache."),null;this.logger.verbose("TokenCache - loading access token");const a=t.scope?Jt.fromString(t.scope):new Jt(e.scopes),c=i.expiresOn||t.expires_in+Pn(),l=i.extendedExpiresOn||(t.ext_expires_in||t.expires_in)+Pn(),h=Hn(r,n,t.access_token,this.config.auth.clientId,o,a.printScopes(),c,l,xs);return await this.storage.setAccessTokenCredential(h,s),h}async loadRefreshToken(e,t,r,n){if(!e.refresh_token)return this.logger.verbose("TokenCache - no refresh token found in response"),null;this.logger.verbose("TokenCache - loading refresh token");const o=xn(t,r,e.refresh_token,this.config.auth.clientId,e.foci,void 0,e.refresh_token_expires_in);return await this.storage.setRefreshTokenCredential(o,n),o}generateAuthenticationResult(e,t,r,n){let o,i="",s=[],a=null;t?.accessToken&&(i=t.accessToken.secret,s=Jt.fromString(t.accessToken.target).asArray(),a=On(t.accessToken.expiresOn),o=On(t.accessToken.extendedExpiresOn));const c=t.account;return{authority:n?n.canonicalAuthority:"",uniqueId:t.account.localAccountId,tenantId:t.account.realm,scopes:s,account:c.getAccountInfo(),idToken:t.idToken?.secret||"",idTokenClaims:r||{},accessToken:i,fromCache:!0,expiresOn:a,correlationId:e.correlationId||"",requestId:"",extExpiresOn:o,familyId:t.refreshToken?.familyId||"",tokenType:t?.accessToken?.tokenType||"",state:e.state||"",cloudGraphHostName:c.cloudGraphHostName||"",msGraphHost:c.msGraphHost||"",fromNativeBroker:!1}}}class bl extends Ro{constructor(e){super(e),this.includeRedirectUri=!1}}class El extends Fc{constructor(e,t,r,n,o,i,s,a,c,l){super(e,t,r,n,o,i,a,c,l),this.apiId=s}async acquireToken(t){if(!t.code)throw Wi(Ei);const r=await Rn(this.initializeAuthorizationRequest.bind(this),vr.StandardInteractionClientInitializeAuthorizationRequest,this.logger,this.performanceClient,t.correlationId)(t,e.InteractionType.Silent),n=this.initializeServerTelemetryManager(this.apiId);try{const e={...r,code:t.code},o=await Rn(this.getClientConfiguration.bind(this),vr.StandardInteractionClientGetClientConfiguration,this.logger,this.performanceClient,t.correlationId)({serverTelemetryManager:n,requestAuthority:r.authority,requestAzureCloudOptions:r.azureCloudOptions,requestExtraQueryParameters:r.extraQueryParameters,account:r.account}),i=new bl(o);this.logger.verbose("Auth code client created");const s=new Gc(i,this.browserStorage,e,this.logger,this.performanceClient);return await Rn(s.handleCodeResponseFromServer.bind(s),vr.HandleCodeResponseFromServer,this.logger,this.performanceClient,t.correlationId)({code:t.code,msgraph_host:t.msGraphHost,cloud_graph_host_name:t.cloudGraphHostName,cloud_instance_host_name:t.cloudInstanceHostName},r,!1)}catch(e){throw e instanceof Ce&&(e.setCorrelationId(this.correlationId),n.cacheFailedRequest(e)),e}}logout(){return Promise.reject(Wi(ui))}}function Rl(e){const t=e?.idTokenClaims;return t?.tfp||t?.acr?"B2C":t?.tid?"9188040d-6c67-4c5b-b112-36a304b66dad"===t?.tid?"MSA":"AAD":void 0}function _l(e,t){try{Ra(e)}catch(e){throw t.end({success:!1},e),e}}class Pl{constructor(e){this.operatingContext=e,this.isBrowserEnvironment=this.operatingContext.isBrowserEnvironment(),this.config=e.getConfig(),this.initialized=!1,this.logger=this.operatingContext.getLogger(),this.networkClient=this.config.system.networkClient,this.navigationClient=this.config.system.navigationClient,this.redirectResponse=new Map,this.hybridAuthCodeResponses=new Map,this.performanceClient=this.config.telemetry.client,this.browserCrypto=this.isBrowserEnvironment?new uc(this.logger,this.performanceClient):mt,this.eventHandler=new Lc(this.logger),this.browserStorage=this.isBrowserEnvironment?new bc(this.config.auth.clientId,this.config.cache,this.browserCrypto,this.logger,this.performanceClient,this.eventHandler,Wn(this.config.auth)):Rc(this.config.auth.clientId,this.logger,this.performanceClient,this.eventHandler);const t={cacheLocation:gs.MemoryStorage,cacheRetentionDays:5,temporaryCacheLocation:gs.MemoryStorage,storeAuthStateInCookie:!1,secureCookies:!1,cacheMigrationEnabled:!1,claimsBasedCachingEnabled:!1};this.nativeInternalStorage=new bc(this.config.auth.clientId,t,this.browserCrypto,this.logger,this.performanceClient,this.eventHandler),this.tokenCache=new Sl(this.config,this.browserStorage,this.logger,this.browserCrypto),this.activeSilentTokenRequests=new Map,this.trackPageVisibility=this.trackPageVisibility.bind(this),this.trackPageVisibilityWithMeasurement=this.trackPageVisibilityWithMeasurement.bind(this)}static async createController(e,t){const r=new Pl(e);return await r.initialize(t),r}trackPageVisibility(e){e&&(this.logger.info("Perf: Visibility change detected"),this.performanceClient.incrementFields({visibilityChangeCount:1},e))}async initialize(e,t){if(this.logger.trace("initialize called"),this.initialized)return void this.logger.info("initialize has already been called, exiting early.");if(!this.isBrowserEnvironment)return this.logger.info("in non-browser environment, exiting early."),this.initialized=!0,void this.eventHandler.emitEvent(kc.INITIALIZE_END);const r=e?.correlationId||this.getRequestCorrelationId(),n=this.config.system.allowPlatformBroker,o=this.performanceClient.startMeasurement(vr.InitializeClientApplication,r);if(this.eventHandler.emitEvent(kc.INITIALIZE_START),!t)try{this.logMultipleInstances(o)}catch{}if(await Rn(this.browserStorage.initialize.bind(this.browserStorage),vr.InitializeCache,this.logger,this.performanceClient,r)(r),n)try{this.platformAuthProvider=await dl(this.logger,this.performanceClient,r,this.config.system.nativeBrokerHandshakeTimeout)}catch(e){this.logger.verbose(e)}this.config.cache.claimsBasedCachingEnabled||(this.logger.verbose("Claims-based caching is disabled. Clearing the previous cache with claims"),En(this.browserStorage.clearTokensAndKeysWithClaims.bind(this.browserStorage),vr.ClearTokensAndKeysWithClaims,this.logger,this.performanceClient,r)(r)),this.config.system.asyncPopups&&await this.preGeneratePkceCodes(r),this.initialized=!0,this.eventHandler.emitEvent(kc.INITIALIZE_END),o.end({allowPlatformBroker:n,success:!0})}async handleRedirectPromise(e){if(this.logger.verbose("handleRedirectPromise called"),Ea(this.initialized),this.isBrowserEnvironment){const t=e||"";let r=this.redirectResponse.get(t);return void 0===r?(r=this.handleRedirectPromiseInternal(e),this.redirectResponse.set(t,r),this.logger.verbose("handleRedirectPromise has been called for the first time, storing the promise")):this.logger.verbose("handleRedirectPromise has been called previously, returning the result from the first call"),r}return this.logger.verbose("handleRedirectPromise returns null, not browser environment"),null}async handleRedirectPromiseInternal(t){if(!this.browserStorage.isInteractionInProgress(!0))return this.logger.info("handleRedirectPromise called but there is no interaction in progress, returning null."),null;const r=this.browserStorage.getInteractionInProgress()?.type;if(r===ys)return this.logger.verbose("handleRedirectPromise removing interaction_in_progress flag and returning null after sign-out"),this.browserStorage.setInteractionInProgress(!1),Promise.resolve(null);const n=this.getAllAccounts(),o=this.browserStorage.getCachedNativeRequest(),i=o&&this.platformAuthProvider&&!t;let s,a;this.eventHandler.emitEvent(kc.HANDLE_REDIRECT_START,e.InteractionType.Redirect);try{if(i&&this.platformAuthProvider){s=this.performanceClient.startMeasurement(vr.AcquireTokenRedirect,o?.correlationId||""),this.logger.trace("handleRedirectPromise - acquiring token from native platform");const e=new Yc(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,bs.handleRedirectPromise,this.performanceClient,this.platformAuthProvider,o.accountId,this.nativeInternalStorage,o.correlationId);a=Rn(e.handleRedirectPromise.bind(e),vr.HandleNativeRedirectPromiseMeasurement,this.logger,this.performanceClient,s.event.correlationId)(this.performanceClient,s.event.correlationId)}else{const[e,r]=this.browserStorage.getCachedRequest(),n=e.correlationId;s=this.performanceClient.startMeasurement(vr.AcquireTokenRedirect,n),this.logger.trace("handleRedirectPromise - acquiring token from web flow");const o=this.createRedirectClient(n);a=Rn(o.handleRedirectPromise.bind(o),vr.HandleRedirectPromiseMeasurement,this.logger,this.performanceClient,s.event.correlationId)(t,e,r,s)}}catch(e){throw this.browserStorage.resetRequestCache(),e}return a.then((t=>{if(t){this.browserStorage.resetRequestCache();n.length<this.getAllAccounts().length?(this.eventHandler.emitEvent(kc.LOGIN_SUCCESS,e.InteractionType.Redirect,t),this.logger.verbose("handleRedirectResponse returned result, login success")):(this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_SUCCESS,e.InteractionType.Redirect,t),this.logger.verbose("handleRedirectResponse returned result, acquire token success")),s.end({success:!0,accountType:Rl(t.account)})}else s.event.errorCode?s.end({success:!1}):s.discard();return this.eventHandler.emitEvent(kc.HANDLE_REDIRECT_END,e.InteractionType.Redirect),t})).catch((t=>{this.browserStorage.resetRequestCache();const r=t;throw n.length>0?this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_FAILURE,e.InteractionType.Redirect,null,r):this.eventHandler.emitEvent(kc.LOGIN_FAILURE,e.InteractionType.Redirect,null,r),this.eventHandler.emitEvent(kc.HANDLE_REDIRECT_END,e.InteractionType.Redirect),s.end({success:!1},r),t}))}async acquireTokenRedirect(t){const r=this.getRequestCorrelationId(t);this.logger.verbose("acquireTokenRedirect called",r);const n=this.performanceClient.startMeasurement(vr.AcquireTokenPreRedirect,r);n.add({accountType:Rl(t.account),scenarioId:t.scenarioId});const o=t.onRedirectNavigate;if(o)t.onRedirectNavigate=e=>{const t="function"==typeof o?o(e):void 0;return!1!==t?n.end({success:!0}):n.discard(),t};else{const e=this.config.auth.onRedirectNavigate;this.config.auth.onRedirectNavigate=t=>{const r="function"==typeof e?e(t):void 0;return!1!==r?n.end({success:!0}):n.discard(),r}}const i=this.getAllAccounts().length>0;try{let o;if(_a(this.initialized,this.config),this.browserStorage.setInteractionInProgress(!0,fs),i?this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_START,e.InteractionType.Redirect,t):this.eventHandler.emitEvent(kc.LOGIN_START,e.InteractionType.Redirect,t),this.platformAuthProvider&&this.canUsePlatformBroker(t)){o=new Yc(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,bs.acquireTokenRedirect,this.performanceClient,this.platformAuthProvider,this.getNativeAccountId(t),this.nativeInternalStorage,r).acquireTokenRedirect(t,n).catch((e=>{if(e instanceof jc&&Wc(e)){this.platformAuthProvider=void 0;return this.createRedirectClient(r).acquireToken(t)}if(e instanceof Co){this.logger.verbose("acquireTokenRedirect - Resolving interaction required error thrown by native broker by falling back to web flow");return this.createRedirectClient(r).acquireToken(t)}throw e}))}else{o=this.createRedirectClient(r).acquireToken(t)}return await o}catch(t){throw this.browserStorage.resetRequestCache(),n.end({success:!1},t),i?this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_FAILURE,e.InteractionType.Redirect,null,t):this.eventHandler.emitEvent(kc.LOGIN_FAILURE,e.InteractionType.Redirect,null,t),t}}acquireTokenPopup(t){const r=this.getRequestCorrelationId(t),n=this.performanceClient.startMeasurement(vr.AcquireTokenPopup,r);n.add({scenarioId:t.scenarioId,accountType:Rl(t.account)});try{this.logger.verbose("acquireTokenPopup called",r),_l(this.initialized,n),this.browserStorage.setInteractionInProgress(!0,fs)}catch(e){return Promise.reject(e)}const o=this.getAllAccounts();let i;o.length>0?this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_START,e.InteractionType.Popup,t):this.eventHandler.emitEvent(kc.LOGIN_START,e.InteractionType.Popup,t);const s=this.getPreGeneratedPkceCodes(r);if(this.canUsePlatformBroker(t))i=this.acquireTokenNative({...t,correlationId:r},bs.acquireTokenPopup).then((e=>(n.end({success:!0,isNativeBroker:!0,accountType:Rl(e.account)}),e))).catch((e=>{if(e instanceof jc&&Wc(e)){this.platformAuthProvider=void 0;return this.createPopupClient(r).acquireToken(t,s)}if(e instanceof Co){this.logger.verbose("acquireTokenPopup - Resolving interaction required error thrown by native broker by falling back to web flow");return this.createPopupClient(r).acquireToken(t,s)}throw e}));else{i=this.createPopupClient(r).acquireToken(t,s)}return i.then((t=>(o.length<this.getAllAccounts().length?this.eventHandler.emitEvent(kc.LOGIN_SUCCESS,e.InteractionType.Popup,t):this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_SUCCESS,e.InteractionType.Popup,t),n.end({success:!0,accessTokenSize:t.accessToken.length,idTokenSize:t.idToken.length,accountType:Rl(t.account)}),t))).catch((t=>(o.length>0?this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_FAILURE,e.InteractionType.Popup,null,t):this.eventHandler.emitEvent(kc.LOGIN_FAILURE,e.InteractionType.Popup,null,t),n.end({success:!1},t),Promise.reject(t)))).finally((async()=>{this.browserStorage.setInteractionInProgress(!1),this.config.system.asyncPopups&&await this.preGeneratePkceCodes(r)}))}trackPageVisibilityWithMeasurement(){const e=this.ssoSilentMeasurement||this.acquireTokenByCodeAsyncMeasurement;e&&(this.logger.info("Perf: Visibility change detected in ",e.event.name),e.increment({visibilityChangeCount:1}))}async ssoSilent(t){const r=this.getRequestCorrelationId(t),n={...t,prompt:t.prompt,correlationId:r};let o;if(this.ssoSilentMeasurement=this.performanceClient.startMeasurement(vr.SsoSilent,r),this.ssoSilentMeasurement?.add({scenarioId:t.scenarioId,accountType:Rl(t.account)}),_l(this.initialized,this.ssoSilentMeasurement),this.ssoSilentMeasurement?.increment({visibilityChangeCount:0}),document.addEventListener("visibilitychange",this.trackPageVisibilityWithMeasurement),this.logger.verbose("ssoSilent called",r),this.eventHandler.emitEvent(kc.SSO_SILENT_START,e.InteractionType.Silent,n),this.canUsePlatformBroker(n))o=this.acquireTokenNative(n,bs.ssoSilent).catch((e=>{if(e instanceof jc&&Wc(e)){this.platformAuthProvider=void 0;return this.createSilentIframeClient(n.correlationId).acquireToken(n)}throw e}));else{o=this.createSilentIframeClient(n.correlationId).acquireToken(n)}return o.then((t=>(this.eventHandler.emitEvent(kc.SSO_SILENT_SUCCESS,e.InteractionType.Silent,t),this.ssoSilentMeasurement?.end({success:!0,isNativeBroker:t.fromNativeBroker,accessTokenSize:t.accessToken.length,idTokenSize:t.idToken.length,accountType:Rl(t.account)}),t))).catch((t=>{throw this.eventHandler.emitEvent(kc.SSO_SILENT_FAILURE,e.InteractionType.Silent,null,t),this.ssoSilentMeasurement?.end({success:!1},t),t})).finally((()=>{document.removeEventListener("visibilitychange",this.trackPageVisibilityWithMeasurement)}))}async acquireTokenByCode(t){const r=this.getRequestCorrelationId(t);this.logger.trace("acquireTokenByCode called",r);const n=this.performanceClient.startMeasurement(vr.AcquireTokenByCode,r);_l(this.initialized,n),this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_BY_CODE_START,e.InteractionType.Silent,t),n.add({scenarioId:t.scenarioId});try{if(t.code&&t.nativeAccountId)throw Wi(_i);if(t.code){const o=t.code;let i=this.hybridAuthCodeResponses.get(o);return i?(this.logger.verbose("Existing acquireTokenByCode request found",r),n.discard()):(this.logger.verbose("Initiating new acquireTokenByCode request",r),i=this.acquireTokenByCodeAsync({...t,correlationId:r}).then((t=>(this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_BY_CODE_SUCCESS,e.InteractionType.Silent,t),this.hybridAuthCodeResponses.delete(o),n.end({success:!0,isNativeBroker:t.fromNativeBroker,accessTokenSize:t.accessToken.length,idTokenSize:t.idToken.length,accountType:Rl(t.account)}),t))).catch((t=>{throw this.hybridAuthCodeResponses.delete(o),this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_BY_CODE_FAILURE,e.InteractionType.Silent,null,t),n.end({success:!1},t),t})),this.hybridAuthCodeResponses.set(o,i)),await i}if(t.nativeAccountId){if(this.canUsePlatformBroker(t,t.nativeAccountId)){const e=await this.acquireTokenNative({...t,correlationId:r},bs.acquireTokenByCode,t.nativeAccountId).catch((e=>{throw e instanceof jc&&Wc(e)&&(this.platformAuthProvider=void 0),e}));return n.end({accountType:Rl(e.account),success:!0}),e}throw Wi(Mi)}throw Wi(Ri)}catch(t){throw this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_BY_CODE_FAILURE,e.InteractionType.Silent,null,t),n.end({success:!1},t),t}}async acquireTokenByCodeAsync(e){this.logger.trace("acquireTokenByCodeAsync called",e.correlationId),this.acquireTokenByCodeAsyncMeasurement=this.performanceClient.startMeasurement(vr.AcquireTokenByCodeAsync,e.correlationId),this.acquireTokenByCodeAsyncMeasurement?.increment({visibilityChangeCount:0}),document.addEventListener("visibilitychange",this.trackPageVisibilityWithMeasurement);const t=this.createSilentAuthCodeClient(e.correlationId);return await t.acquireToken(e).then((e=>(this.acquireTokenByCodeAsyncMeasurement?.end({success:!0,fromCache:e.fromCache,isNativeBroker:e.fromNativeBroker}),e))).catch((e=>{throw this.acquireTokenByCodeAsyncMeasurement?.end({success:!1},e),e})).finally((()=>{document.removeEventListener("visibilitychange",this.trackPageVisibilityWithMeasurement)}))}async acquireTokenFromCache(e,t){switch(this.performanceClient.addQueueMeasurement(vr.AcquireTokenFromCache,e.correlationId),t){case Os.Default:case Os.AccessToken:case Os.AccessTokenAndRefreshToken:const t=this.createSilentCacheClient(e.correlationId);return Rn(t.acquireToken.bind(t),vr.SilentCacheClientAcquireToken,this.logger,this.performanceClient,e.correlationId)(e);default:throw pt(Xe)}}async acquireTokenByRefreshToken(e,t){switch(this.performanceClient.addQueueMeasurement(vr.AcquireTokenByRefreshToken,e.correlationId),t){case Os.Default:case Os.AccessTokenAndRefreshToken:case Os.RefreshToken:case Os.RefreshTokenAndNetwork:const t=this.createSilentRefreshClient(e.correlationId);return Rn(t.acquireToken.bind(t),vr.SilentRefreshClientAcquireToken,this.logger,this.performanceClient,e.correlationId)(e);default:throw pt(Xe)}}async acquireTokenBySilentIframe(e){this.performanceClient.addQueueMeasurement(vr.AcquireTokenBySilentIframe,e.correlationId);const t=this.createSilentIframeClient(e.correlationId);return Rn(t.acquireToken.bind(t),vr.SilentIframeClientAcquireToken,this.logger,this.performanceClient,e.correlationId)(e)}async logout(e){const t=this.getRequestCorrelationId(e);return this.logger.warning("logout API is deprecated and will be removed in msal-browser v3.0.0. Use logoutRedirect instead.",t),this.logoutRedirect({correlationId:t,...e})}async logoutRedirect(e){const t=this.getRequestCorrelationId(e);_a(this.initialized,this.config),this.browserStorage.setInteractionInProgress(!0,ys);return this.createRedirectClient(t).logout(e)}logoutPopup(e){try{const t=this.getRequestCorrelationId(e);Ra(this.initialized),this.browserStorage.setInteractionInProgress(!0,ys);return this.createPopupClient(t).logout(e).finally((()=>{this.browserStorage.setInteractionInProgress(!1)}))}catch(e){return Promise.reject(e)}}async clearCache(e){if(!this.isBrowserEnvironment)return void this.logger.info("in non-browser environment, returning early.");const t=this.getRequestCorrelationId(e);return this.createSilentCacheClient(t).logout(e)}getAllAccounts(e){const t=this.getRequestCorrelationId();return _c(this.logger,this.browserStorage,this.isBrowserEnvironment,t,e)}getAccount(e){const t=this.getRequestCorrelationId();return Pc(e,this.logger,this.browserStorage,t)}getAccountByUsername(e){const t=this.getRequestCorrelationId();return Mc(e,this.logger,this.browserStorage,t)}getAccountByHomeId(e){const t=this.getRequestCorrelationId();return Oc(e,this.logger,this.browserStorage,t)}getAccountByLocalId(e){const t=this.getRequestCorrelationId();return qc(e,this.logger,this.browserStorage,t)}setActiveAccount(e){const t=this.getRequestCorrelationId();Nc(e,this.browserStorage,t)}getActiveAccount(){const e=this.getRequestCorrelationId();return Uc(this.browserStorage,e)}async hydrateCache(e,t){this.logger.verbose("hydrateCache called");const r=no.createFromAccountInfo(e.account,e.cloudGraphHostName,e.msGraphHost);return await this.browserStorage.setAccount(r,e.correlationId),e.fromNativeBroker?(this.logger.verbose("Response was from native broker, storing in-memory"),this.nativeInternalStorage.hydrateCache(e,t)):this.browserStorage.hydrateCache(e,t)}async acquireTokenNative(e,t,r,n){if(this.logger.trace("acquireTokenNative called"),!this.platformAuthProvider)throw Wi(Ni);return new Yc(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,t,this.performanceClient,this.platformAuthProvider,r||this.getNativeAccountId(e),this.nativeInternalStorage,e.correlationId).acquireToken(e,n)}canUsePlatformBroker(e,t){if(this.logger.trace("canUsePlatformBroker called"),!this.platformAuthProvider)return this.logger.trace("canUsePlatformBroker: platform broker unavilable, returning false"),!1;if(!ul(this.config,this.logger,this.platformAuthProvider,e.authenticationScheme))return this.logger.trace("canUsePlatformBroker: isBrokerAvailable returned false, returning false"),!1;if(e.prompt)switch(e.prompt){case b.NONE:case b.CONSENT:case b.LOGIN:this.logger.trace("canUsePlatformBroker: prompt is compatible with platform broker flow");break;default:return this.logger.trace(`canUsePlatformBroker: prompt = ${e.prompt} is not compatible with platform broker flow, returning false`),!1}return!(!t&&!this.getNativeAccountId(e))||(this.logger.trace("canUsePlatformBroker: nativeAccountId is not available, returning false"),!1)}getNativeAccountId(e){const t=e.account||this.getAccount({loginHint:e.loginHint,sid:e.sid})||this.getActiveAccount();return t&&t.nativeAccountId||""}createPopupClient(e){return new gl(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeInternalStorage,this.platformAuthProvider,e)}createRedirectClient(e){return new pl(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeInternalStorage,this.platformAuthProvider,e)}createSilentIframeClient(e){return new Al(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,bs.ssoSilent,this.performanceClient,this.nativeInternalStorage,this.platformAuthProvider,e)}createSilentCacheClient(e){return new Jc(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.platformAuthProvider,e)}createSilentRefreshClient(e){return new kl(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.platformAuthProvider,e)}createSilentAuthCodeClient(e){return new El(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,bs.acquireTokenByCode,this.performanceClient,this.platformAuthProvider,e)}addEventCallback(e,t){return this.eventHandler.addEventCallback(e,t)}removeEventCallback(e){this.eventHandler.removeEventCallback(e)}addPerformanceCallback(e){return ba(),this.performanceClient.addPerformanceCallback(e)}removePerformanceCallback(e){return this.performanceClient.removePerformanceCallback(e)}enableAccountStorageEvents(){this.config.cache.cacheLocation===gs.LocalStorage?this.eventHandler.subscribeCrossTab():this.logger.info("Account storage events are only available when cacheLocation is set to localStorage")}disableAccountStorageEvents(){this.config.cache.cacheLocation===gs.LocalStorage?this.eventHandler.unsubscribeCrossTab():this.logger.info("Account storage events are only available when cacheLocation is set to localStorage")}getTokenCache(){return this.tokenCache}getLogger(){return this.logger}setLogger(e){this.logger=e}initializeWrapperLibrary(e,t){this.browserStorage.setWrapperMetadata(e,t)}setNavigationClient(e){this.navigationClient=e}getConfiguration(){return this.config}getPerformanceClient(){return this.performanceClient}isBrowserEnv(){return this.isBrowserEnvironment}getRequestCorrelationId(e){return e?.correlationId?e.correlationId:this.isBrowserEnvironment?Zs():t.EMPTY_STRING}async loginRedirect(e){const t=this.getRequestCorrelationId(e);return this.logger.verbose("loginRedirect called",t),this.acquireTokenRedirect({correlationId:t,...e||_s})}loginPopup(e){const t=this.getRequestCorrelationId(e);return this.logger.verbose("loginPopup called",t),this.acquireTokenPopup({correlationId:t,...e||_s})}async acquireTokenSilent(e){const t=this.getRequestCorrelationId(e),r=this.performanceClient.startMeasurement(vr.AcquireTokenSilent,t);r.add({cacheLookupPolicy:e.cacheLookupPolicy,scenarioId:e.scenarioId}),_l(this.initialized,r),this.logger.verbose("acquireTokenSilent called",t);const n=e.account||this.getActiveAccount();if(!n)throw Wi(gi);return r.add({accountType:Rl(n)}),this.acquireTokenSilentDeduped(e,n,t).then((n=>(r.end({success:!0,fromCache:n.fromCache,isNativeBroker:n.fromNativeBroker,accessTokenSize:n.accessToken.length,idTokenSize:n.idToken.length}),{...n,state:e.state,correlationId:t}))).catch((e=>{throw e instanceof Ce&&e.setCorrelationId(t),r.end({success:!1},e),e}))}async acquireTokenSilentDeduped(e,t,r){const n=Yn(this.config.auth.clientId,{...e,authority:e.authority||this.config.auth.authority},t.homeAccountId),o=JSON.stringify(n),i=this.activeSilentTokenRequests.get(o);if(void 0===i){this.logger.verbose("acquireTokenSilent called for the first time, storing active request",r),this.performanceClient.addFields({deduped:!1},r);const n=Rn(this.acquireTokenSilentAsync.bind(this),vr.AcquireTokenSilentAsync,this.logger,this.performanceClient,r)({...e,correlationId:r},t);return this.activeSilentTokenRequests.set(o,n),n.finally((()=>{this.activeSilentTokenRequests.delete(o)}))}return this.logger.verbose("acquireTokenSilent has been called previously, returning the result from the first call",r),this.performanceClient.addFields({deduped:!0},r),i}async acquireTokenSilentAsync(t,r){const n=()=>this.trackPageVisibility(t.correlationId);this.performanceClient.addQueueMeasurement(vr.AcquireTokenSilentAsync,t.correlationId),this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_START,e.InteractionType.Silent,t),t.correlationId&&this.performanceClient.incrementFields({visibilityChangeCount:0},t.correlationId),document.addEventListener("visibilitychange",n);const o=await Rn(Dc,vr.InitializeSilentRequest,this.logger,this.performanceClient,t.correlationId)(t,r,this.config,this.performanceClient,this.logger),i=t.cacheLookupPolicy||Os.Default;return this.acquireTokenSilentNoIframe(o,i).catch((async e=>{const t=function(e,t){const r=!(e instanceof Co&&e.subError!==uo),n=e.errorCode===Vi||e.errorCode===Xe,o=r&&n||e.errorCode===oo||e.errorCode===so,i=qs.includes(t);return o&&i}(e,i);if(t){if(this.activeIframeRequest){if(i!==Os.Skip){const[t,r]=this.activeIframeRequest;this.logger.verbose(`Iframe request is already in progress, awaiting resolution for request with correlationId: ${r}`,o.correlationId);const n=this.performanceClient.startMeasurement(vr.AwaitConcurrentIframe,o.correlationId);n.add({awaitIframeCorrelationId:r});const s=await t;if(n.end({success:s}),s)return this.logger.verbose(`Parallel iframe request with correlationId: ${r} succeeded. Retrying cache and/or RT redemption`,o.correlationId),this.acquireTokenSilentNoIframe(o,i);throw this.logger.info(`Iframe request with correlationId: ${r} failed. Interaction is required.`),e}return this.logger.warning("Another iframe request is currently in progress and CacheLookupPolicy is set to Skip. This may result in degraded performance and/or reliability for both calls. Please consider changing the CacheLookupPolicy to take advantage of request queuing and token cache.",o.correlationId),Rn(this.acquireTokenBySilentIframe.bind(this),vr.AcquireTokenBySilentIframe,this.logger,this.performanceClient,o.correlationId)(o)}{let e;return this.activeIframeRequest=[new Promise((t=>{e=t})),o.correlationId],this.logger.verbose("Refresh token expired/invalid or CacheLookupPolicy is set to Skip, attempting acquire token by iframe.",o.correlationId),Rn(this.acquireTokenBySilentIframe.bind(this),vr.AcquireTokenBySilentIframe,this.logger,this.performanceClient,o.correlationId)(o).then((t=>(e(!0),t))).catch((t=>{throw e(!1),t})).finally((()=>{this.activeIframeRequest=void 0}))}}throw e})).then((r=>(this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_SUCCESS,e.InteractionType.Silent,r),t.correlationId&&this.performanceClient.addFields({fromCache:r.fromCache,isNativeBroker:r.fromNativeBroker},t.correlationId),r))).catch((t=>{throw this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_FAILURE,e.InteractionType.Silent,null,t),t})).finally((()=>{document.removeEventListener("visibilitychange",n)}))}async acquireTokenSilentNoIframe(t,r){return ul(this.config,this.logger,this.platformAuthProvider,t.authenticationScheme)&&t.account.nativeAccountId?(this.logger.verbose("acquireTokenSilent - attempting to acquire token from native platform"),this.acquireTokenNative(t,bs.acquireTokenSilent_silentFlow,t.account.nativeAccountId,r).catch((async e=>{if(e instanceof jc&&Wc(e))throw this.logger.verbose("acquireTokenSilent - native platform unavailable, falling back to web flow"),this.platformAuthProvider=void 0,pt(Xe);throw e}))):(this.logger.verbose("acquireTokenSilent - attempting to acquire token from web flow"),r===Os.AccessToken&&this.logger.verbose("acquireTokenSilent - cache lookup policy set to AccessToken, attempting to acquire token from local cache"),Rn(this.acquireTokenFromCache.bind(this),vr.AcquireTokenFromCache,this.logger,this.performanceClient,t.correlationId)(t,r).catch((n=>{if(r===Os.AccessToken)throw n;return this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_NETWORK_START,e.InteractionType.Silent,t),Rn(this.acquireTokenByRefreshToken.bind(this),vr.AcquireTokenByRefreshToken,this.logger,this.performanceClient,t.correlationId)(t,r)})))}async preGeneratePkceCodes(e){return this.logger.verbose("Generating new PKCE codes"),this.pkceCode=await Rn(sl,vr.GeneratePkceCodes,this.logger,this.performanceClient,e)(this.performanceClient,this.logger,e),Promise.resolve()}getPreGeneratedPkceCodes(e){this.logger.verbose("Attempting to pick up pre-generated PKCE codes");const t=this.pkceCode?{...this.pkceCode}:void 0;return this.pkceCode=void 0,this.logger.verbose((t?"Found":"Did not find")+" pre-generated PKCE codes"),this.performanceClient.addFields({usePreGeneratedPkce:!!t},e),t}logMultipleInstances(e){const t=this.config.auth.clientId;if(!window)return;window.msal=window.msal||{},window.msal.clientIds=window.msal.clientIds||[];window.msal.clientIds.length>0&&this.logger.verbose("There is already an instance of MSAL.js in the window."),window.msal.clientIds.push(t),function(e,t,r){const n=window.msal?.clientIds||[],o=n.length,i=n.filter((t=>t===e)).length;i>1&&r.warning("There is already an instance of MSAL.js in the window with the same client id."),t.add({msalInstanceCount:o,sameClientIdInstanceCount:i})}(t,e,this.logger)}}class Ml{constructor(e,t,r,n){this.clientId=e,this.clientCapabilities=t,this.crypto=r,this.logger=n}toNaaTokenRequest(e){let t;t=void 0===e.extraQueryParameters?new Map:new Map(Object.entries(e.extraQueryParameters));const r=e.correlationId||this.crypto.createNewGuid(),n=yn(e.claims,this.clientCapabilities),o=e.scopes||h;return{platformBrokerId:e.account?.homeAccountId,clientId:this.clientId,authority:e.authority,scope:o.join(" "),correlationId:r,claims:Vt.isEmptyObj(n)?void 0:n,state:e.state,authenticationScheme:e.authenticationScheme||W.BEARER,extraParameters:t}}fromNaaTokenResponse(e,t,r){if(!t.token.id_token||!t.token.access_token)throw pt(Ae);const n=On(r+(t.token.expires_in||0)),o=er(t.token.id_token,this.crypto.base64Decode),i=this.fromNaaAccountInfo(t.account,t.token.id_token,o),s=t.token.scope||e.scope;return{authority:t.token.authority||i.environment,uniqueId:i.localAccountId,tenantId:i.tenantId,scopes:s.split(" "),account:i,idToken:t.token.id_token,idTokenClaims:o,accessToken:t.token.access_token,fromCache:!1,expiresOn:n,tokenType:e.authenticationScheme||W.BEARER,correlationId:e.correlationId,extExpiresOn:n,state:e.state}}fromNaaAccountInfo(e,t,r){const n=r||e.idTokenClaims,o=e.localAccountId||n?.oid||n?.sub||"",i=e.tenantId||n?.tid||"",s=e.homeAccountId||`${o}.${i}`,a=e.username||n?.preferred_username||"",c=e.name||n?.name,l=e.loginHint||n?.login_hint,h=new Map,d=Xt(s,o,i,n);h.set(i,d);return{homeAccountId:s,environment:e.environment,tenantId:i,username:a,localAccountId:o,name:c,loginHint:l,idToken:t,idTokenClaims:n,tenantProfiles:h}}fromBridgeError(e){if(!function(e){return void 0!==e.status}(e))return new Ce("unknown_error","An unknown error occurred");switch(e.status){case Za:return new gt(st);case ec:return new gt(it);case oc:return new gt(je);case nc:return new gt(lt);case ic:return new gt(e.code||lt,e.description);case tc:case rc:return new Jn(e.code,e.description);case Xa:return new Co(e.code,e.description);default:return new Ce(e.code,e.description)}}toAuthenticationResultFromCache(e,t,r,n,o){if(!t||!r)throw pt(Ae);const i=er(t.secret,this.crypto.base64Decode),s=r.target||n.scopes.join(" ");return{authority:r.environment||e.environment,uniqueId:e.localAccountId,tenantId:e.tenantId,scopes:s.split(" "),account:e,idToken:t.secret,idTokenClaims:i||{},accessToken:r.secret,fromCache:!0,expiresOn:On(r.expiresOn),extExpiresOn:On(r.extendedExpiresOn),tokenType:n.authenticationScheme||W.BEARER,correlationId:o,state:n.state}}}const Ol={code:"unsupported_method",desc:"This method is not supported in nested app environment."};class ql extends Ce{constructor(e,t){super(e,t),Object.setPrototypeOf(this,ql.prototype),this.name="NestedAppAuthError"}static createUnsupportedError(){return new ql(Ol.code,Ol.desc)}}class Nl{constructor(e){this.operatingContext=e;const t=this.operatingContext.getBridgeProxy();if(void 0===t)throw new Error("unexpected: bridgeProxy is undefined");this.bridgeProxy=t,this.config=e.getConfig(),this.logger=this.operatingContext.getLogger(),this.performanceClient=this.config.telemetry.client,this.browserCrypto=e.isBrowserEnvironment()?new uc(this.logger,this.performanceClient,!0):mt,this.eventHandler=new Lc(this.logger),this.browserStorage=this.operatingContext.isBrowserEnvironment()?new bc(this.config.auth.clientId,this.config.cache,this.browserCrypto,this.logger,this.performanceClient,this.eventHandler,Wn(this.config.auth)):Rc(this.config.auth.clientId,this.logger,this.performanceClient,this.eventHandler),this.nestedAppAuthAdapter=new Ml(this.config.auth.clientId,this.config.auth.clientCapabilities,this.browserCrypto,this.logger);const r=this.bridgeProxy.getAccountContext();this.currentAccountContext=r||null}static async createController(e){const t=new Nl(e);return Promise.resolve(t)}async initialize(e,t){const r=e?.correlationId||Zs();return await this.browserStorage.initialize(r),Promise.resolve()}ensureValidRequest(e){return e?.correlationId?e:{...e,correlationId:this.browserCrypto.createNewGuid()}}async acquireTokenInteractive(t){const r=this.ensureValidRequest(t);this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_START,e.InteractionType.Popup,r);const n=this.performanceClient.startMeasurement(vr.AcquireTokenPopup,r.correlationId);n?.add({nestedAppAuthRequest:!0});try{const o=this.nestedAppAuthAdapter.toNaaTokenRequest(r),i=Pn(),s=await this.bridgeProxy.getTokenInteractive(o),a={...this.nestedAppAuthAdapter.fromNaaTokenResponse(o,s,i)};try{await this.hydrateCache(a,t)}catch(e){this.logger.warningPii(`Failed to hydrate cache. Error: ${e}`,r.correlationId)}return this.currentAccountContext={homeAccountId:a.account.homeAccountId,environment:a.account.environment,tenantId:a.account.tenantId},this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_SUCCESS,e.InteractionType.Popup,a),n.add({accessTokenSize:a.accessToken.length,idTokenSize:a.idToken.length}),n.end({success:!0,requestId:a.requestId}),a}catch(t){const r=t instanceof Ce?t:this.nestedAppAuthAdapter.fromBridgeError(t);throw this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_FAILURE,e.InteractionType.Popup,null,t),n.end({success:!1},t),r}}async acquireTokenSilentInternal(t){const r=this.ensureValidRequest(t);this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_START,e.InteractionType.Silent,r);const n=await this.acquireTokenFromCache(r);if(n)return this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_SUCCESS,e.InteractionType.Silent,n),n;const o=this.performanceClient.startMeasurement(vr.SsoSilent,r.correlationId);o?.increment({visibilityChangeCount:0}),o?.add({nestedAppAuthRequest:!0});try{const n=this.nestedAppAuthAdapter.toNaaTokenRequest(r),i=Pn(),s=await this.bridgeProxy.getTokenSilent(n),a=this.nestedAppAuthAdapter.fromNaaTokenResponse(n,s,i);try{await this.hydrateCache(a,t)}catch(e){this.logger.warningPii(`Failed to hydrate cache. Error: ${e}`,r.correlationId)}return this.currentAccountContext={homeAccountId:a.account.homeAccountId,environment:a.account.environment,tenantId:a.account.tenantId},this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_SUCCESS,e.InteractionType.Silent,a),o?.add({accessTokenSize:a.accessToken.length,idTokenSize:a.idToken.length}),o?.end({success:!0,requestId:a.requestId}),a}catch(t){const r=t instanceof Ce?t:this.nestedAppAuthAdapter.fromBridgeError(t);throw this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_FAILURE,e.InteractionType.Silent,null,t),o?.end({success:!1},t),r}}async acquireTokenFromCache(t){const r=this.performanceClient.startMeasurement(vr.AcquireTokenSilent,t.correlationId);if(r?.add({nestedAppAuthRequest:!0}),t.claims)return this.logger.verbose("Claims are present in the request, skipping cache lookup"),null;if(t.forceRefresh)return this.logger.verbose("forceRefresh is set to true, skipping cache lookup"),null;let n=null;switch(t.cacheLookupPolicy||(t.cacheLookupPolicy=Os.Default),t.cacheLookupPolicy){case Os.Default:case Os.AccessToken:case Os.AccessTokenAndRefreshToken:n=await this.acquireTokenFromCacheInternal(t);break;default:return null}return n?(this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_SUCCESS,e.InteractionType.Silent,n),r?.add({accessTokenSize:n?.accessToken.length,idTokenSize:n?.idToken.length}),r?.end({success:!0}),n):(this.logger.warning("Cached tokens are not found for the account, proceeding with silent token request."),this.eventHandler.emitEvent(kc.ACQUIRE_TOKEN_FAILURE,e.InteractionType.Silent,null),r?.end({success:!1}),null)}async acquireTokenFromCacheInternal(e){const t=this.bridgeProxy.getAccountContext()||this.currentAccountContext;let r=null;const n=e.correlationId||this.browserCrypto.createNewGuid();if(t&&(r=Pc(t,this.logger,this.browserStorage,n)),!r)return this.logger.verbose("No active account found, falling back to the host"),Promise.resolve(null);this.logger.verbose("active account found, attempting to acquire token silently");const o={...e,correlationId:e.correlationId||this.browserCrypto.createNewGuid(),authority:e.authority||r.environment,scopes:e.scopes?.length?e.scopes:[...h]},i=this.browserStorage.getTokenKeys(),s=this.browserStorage.getAccessToken(r,o,i,r.tenantId);if(!s)return this.logger.verbose("No cached access token found"),Promise.resolve(null);if(Un(s.cachedAt)||qn(s.expiresOn,this.config.system.tokenRenewalOffsetSeconds))return this.logger.verbose("Cached access token has expired"),Promise.resolve(null);const a=this.browserStorage.getIdToken(r,o.correlationId,i,r.tenantId,this.performanceClient);return a?this.nestedAppAuthAdapter.toAuthenticationResultFromCache(r,a,s,o,o.correlationId):(this.logger.verbose("No cached id token found"),Promise.resolve(null))}async acquireTokenPopup(e){return this.acquireTokenInteractive(e)}acquireTokenRedirect(e){throw ql.createUnsupportedError()}async acquireTokenSilent(e){return this.acquireTokenSilentInternal(e)}acquireTokenByCode(e){throw ql.createUnsupportedError()}acquireTokenNative(e,t,r){throw ql.createUnsupportedError()}acquireTokenByRefreshToken(e,t){throw ql.createUnsupportedError()}addEventCallback(e,t){return this.eventHandler.addEventCallback(e,t)}removeEventCallback(e){this.eventHandler.removeEventCallback(e)}addPerformanceCallback(e){throw ql.createUnsupportedError()}removePerformanceCallback(e){throw ql.createUnsupportedError()}enableAccountStorageEvents(){throw ql.createUnsupportedError()}disableAccountStorageEvents(){throw ql.createUnsupportedError()}getAllAccounts(e){const t=this.browserCrypto.createNewGuid();return _c(this.logger,this.browserStorage,this.isBrowserEnv(),t,e)}getAccount(e){const t=this.browserCrypto.createNewGuid();return Pc(e,this.logger,this.browserStorage,t)}getAccountByUsername(e){const t=this.browserCrypto.createNewGuid();return Mc(e,this.logger,this.browserStorage,t)}getAccountByHomeId(e){const t=this.browserCrypto.createNewGuid();return Oc(e,this.logger,this.browserStorage,t)}getAccountByLocalId(e){const t=this.browserCrypto.createNewGuid();return qc(e,this.logger,this.browserStorage,t)}setActiveAccount(e){const t=this.browserCrypto.createNewGuid();return Nc(e,this.browserStorage,t)}getActiveAccount(){const e=this.browserCrypto.createNewGuid();return Uc(this.browserStorage,e)}handleRedirectPromise(e){return Promise.resolve(null)}loginPopup(e){return this.acquireTokenInteractive(e||_s)}loginRedirect(e){throw ql.createUnsupportedError()}logout(e){throw ql.createUnsupportedError()}logoutRedirect(e){throw ql.createUnsupportedError()}logoutPopup(e){throw ql.createUnsupportedError()}ssoSilent(e){return this.acquireTokenSilentInternal(e)}getTokenCache(){throw ql.createUnsupportedError()}getLogger(){return this.logger}setLogger(e){this.logger=e}initializeWrapperLibrary(e,t){}setNavigationClient(e){this.logger.warning("setNavigationClient is not supported in nested app auth")}getConfiguration(){return this.config}isBrowserEnv(){return this.operatingContext.isBrowserEnvironment()}getBrowserCrypto(){return this.browserCrypto}getPerformanceClient(){throw ql.createUnsupportedError()}getRedirectResponse(){throw ql.createUnsupportedError()}async clearCache(e){throw ql.createUnsupportedError()}async hydrateCache(e,t){this.logger.verbose("hydrateCache called");const r=no.createFromAccountInfo(e.account,e.cloudGraphHostName,e.msGraphHost);return await this.browserStorage.setAccount(r,e.correlationId),this.browserStorage.hydrateCache(e,t)}}async function Ul(e){const t=new cc(e),r=new ac(e),n=[t.initialize(),r.initialize()];return await Promise.all(n),r.isAvailable()&&e.auth.supportsNestedAppAuth?Nl.createController(r):t.isAvailable()?Pl.createController(t):null}class Ll{static async createPublicClientApplication(e){const t=await async function(e,t){const r=new cc(e);return await r.initialize(),Pl.createController(r,t)}(e);return new Ll(e,t)}constructor(e,t){this.isBroker=!1,this.controller=t||new Pl(new cc(e))}async initialize(e){return this.controller.initialize(e,this.isBroker)}async acquireTokenPopup(e){return this.controller.acquireTokenPopup(e)}acquireTokenRedirect(e){return this.controller.acquireTokenRedirect(e)}acquireTokenSilent(e){return this.controller.acquireTokenSilent(e)}acquireTokenByCode(e){return this.controller.acquireTokenByCode(e)}addEventCallback(e,t){return this.controller.addEventCallback(e,t)}removeEventCallback(e){return this.controller.removeEventCallback(e)}addPerformanceCallback(e){return this.controller.addPerformanceCallback(e)}removePerformanceCallback(e){return this.controller.removePerformanceCallback(e)}enableAccountStorageEvents(){this.controller.enableAccountStorageEvents()}disableAccountStorageEvents(){this.controller.disableAccountStorageEvents()}getAccount(e){return this.controller.getAccount(e)}getAccountByHomeId(e){return this.controller.getAccountByHomeId(e)}getAccountByLocalId(e){return this.controller.getAccountByLocalId(e)}getAccountByUsername(e){return this.controller.getAccountByUsername(e)}getAllAccounts(e){return this.controller.getAllAccounts(e)}handleRedirectPromise(e){return this.controller.handleRedirectPromise(e)}loginPopup(e){return this.controller.loginPopup(e)}loginRedirect(e){return this.controller.loginRedirect(e)}logout(e){return this.controller.logout(e)}logoutRedirect(e){return this.controller.logoutRedirect(e)}logoutPopup(e){return this.controller.logoutPopup(e)}ssoSilent(e){return this.controller.ssoSilent(e)}getTokenCache(){return this.controller.getTokenCache()}getLogger(){return this.controller.getLogger()}setLogger(e){this.controller.setLogger(e)}setActiveAccount(e){this.controller.setActiveAccount(e)}getActiveAccount(){return this.controller.getActiveAccount()}initializeWrapperLibrary(e,t){return this.controller.initializeWrapperLibrary(e,t)}setNavigationClient(e){this.controller.setNavigationClient(e)}getConfiguration(){return this.controller.getConfiguration()}async hydrateCache(e,t){return this.controller.hydrateCache(e,t)}clearCache(e){return this.controller.clearCache(e)}}async function Hl(e){const t=new Ll(e);return await t.initialize(),t}class xl{constructor(e){this.initialized=!1,this.operatingContext=e,this.isBrowserEnvironment=this.operatingContext.isBrowserEnvironment(),this.config=e.getConfig(),this.logger=e.getLogger(),this.performanceClient=this.config.telemetry.client,this.browserCrypto=this.isBrowserEnvironment?new uc(this.logger,this.performanceClient):mt,this.eventHandler=new Lc(this.logger),this.browserStorage=this.isBrowserEnvironment?new bc(this.config.auth.clientId,this.config.cache,this.browserCrypto,this.logger,this.performanceClient,this.eventHandler,void 0):Rc(this.config.auth.clientId,this.logger,this.performanceClient,this.eventHandler)}getBrowserStorage(){return this.browserStorage}getAccount(e){return null}getAccountByHomeId(e){return null}getAccountByLocalId(e){return null}getAccountByUsername(e){return null}getAllAccounts(){return[]}initialize(){return this.initialized=!0,Promise.resolve()}acquireTokenPopup(e){return Ea(this.initialized),ba(),{}}acquireTokenRedirect(e){return Ea(this.initialized),ba(),Promise.resolve()}acquireTokenSilent(e){return Ea(this.initialized),ba(),{}}acquireTokenByCode(e){return Ea(this.initialized),ba(),{}}acquireTokenNative(e,t,r){return Ea(this.initialized),ba(),{}}acquireTokenByRefreshToken(e,t){return Ea(this.initialized),ba(),{}}addEventCallback(e,t){return null}removeEventCallback(e){}addPerformanceCallback(e){return Ea(this.initialized),ba(),""}removePerformanceCallback(e){return Ea(this.initialized),ba(),!0}enableAccountStorageEvents(){Ea(this.initialized),ba()}disableAccountStorageEvents(){Ea(this.initialized),ba()}handleRedirectPromise(e){return Ea(this.initialized),Promise.resolve(null)}loginPopup(e){return Ea(this.initialized),ba(),{}}loginRedirect(e){return Ea(this.initialized),ba(),{}}logout(e){return Ea(this.initialized),ba(),{}}logoutRedirect(e){return Ea(this.initialized),ba(),{}}logoutPopup(e){return Ea(this.initialized),ba(),{}}ssoSilent(e){return Ea(this.initialized),ba(),{}}getTokenCache(){return Ea(this.initialized),ba(),{}}getLogger(){return this.logger}setLogger(e){Ea(this.initialized),ba()}setActiveAccount(e){Ea(this.initialized),ba()}getActiveAccount(){return Ea(this.initialized),ba(),null}initializeWrapperLibrary(e,t){this.browserStorage.setWrapperMetadata(e,t)}setNavigationClient(e){Ea(this.initialized),ba()}getConfiguration(){return this.config}isBrowserEnv(){return Ea(this.initialized),ba(),!0}getBrowserCrypto(){return Ea(this.initialized),ba(),{}}getPerformanceClient(){return Ea(this.initialized),ba(),{}}getRedirectResponse(){return Ea(this.initialized),ba(),{}}async clearCache(e){Ea(this.initialized),ba()}async hydrateCache(e,t){Ea(this.initialized),ba()}}class Dl extends Ya{getId(){return Dl.ID}getModuleName(){return Dl.MODULE_NAME}async initialize(){return!0}}Dl.MODULE_NAME="",Dl.ID="UnknownOperatingContext";class Bl{static async createPublicClientApplication(e){const t=await Ul(e);let r;return r=null!==t?new Bl(e,t):new Bl(e),r}constructor(e,t){if(this.configuration=e,t)this.controller=t;else{const t=new Dl(e);this.controller=new xl(t)}}async initialize(){if(this.controller instanceof xl){const e=await Ul(this.configuration);return null!==e&&(this.controller=e),this.controller.initialize()}return Promise.resolve()}async acquireTokenPopup(e){return this.controller.acquireTokenPopup(e)}acquireTokenRedirect(e){return this.controller.acquireTokenRedirect(e)}acquireTokenSilent(e){return this.controller.acquireTokenSilent(e)}acquireTokenByCode(e){return this.controller.acquireTokenByCode(e)}addEventCallback(e,t){return this.controller.addEventCallback(e,t)}removeEventCallback(e){return this.controller.removeEventCallback(e)}addPerformanceCallback(e){return this.controller.addPerformanceCallback(e)}removePerformanceCallback(e){return this.controller.removePerformanceCallback(e)}enableAccountStorageEvents(){this.controller.enableAccountStorageEvents()}disableAccountStorageEvents(){this.controller.disableAccountStorageEvents()}getAccount(e){return this.controller.getAccount(e)}getAccountByHomeId(e){return this.controller.getAccountByHomeId(e)}getAccountByLocalId(e){return this.controller.getAccountByLocalId(e)}getAccountByUsername(e){return this.controller.getAccountByUsername(e)}getAllAccounts(e){return this.controller.getAllAccounts(e)}handleRedirectPromise(e){return this.controller.handleRedirectPromise(e)}loginPopup(e){return this.controller.loginPopup(e)}loginRedirect(e){return this.controller.loginRedirect(e)}logout(e){return this.controller.logout(e)}logoutRedirect(e){return this.controller.logoutRedirect(e)}logoutPopup(e){return this.controller.logoutPopup(e)}ssoSilent(e){return this.controller.ssoSilent(e)}getTokenCache(){return this.controller.getTokenCache()}getLogger(){return this.controller.getLogger()}setLogger(e){this.controller.setLogger(e)}setActiveAccount(e){this.controller.setActiveAccount(e)}getActiveAccount(){return this.controller.getActiveAccount()}initializeWrapperLibrary(e,t){return this.controller.initializeWrapperLibrary(e,t)}setNavigationClient(e){this.controller.setNavigationClient(e)}getConfiguration(){return this.controller.getConfiguration()}async hydrateCache(e,t){return this.controller.hydrateCache(e,t)}clearCache(e){return this.controller.clearCache(e)}}const Fl={initialize:()=>Promise.reject(fa(ha)),acquireTokenPopup:()=>Promise.reject(fa(ha)),acquireTokenRedirect:()=>Promise.reject(fa(ha)),acquireTokenSilent:()=>Promise.reject(fa(ha)),acquireTokenByCode:()=>Promise.reject(fa(ha)),getAllAccounts:()=>[],getAccount:()=>null,getAccountByHomeId:()=>null,getAccountByUsername:()=>null,getAccountByLocalId:()=>null,handleRedirectPromise:()=>Promise.reject(fa(ha)),loginPopup:()=>Promise.reject(fa(ha)),loginRedirect:()=>Promise.reject(fa(ha)),logout:()=>Promise.reject(fa(ha)),logoutRedirect:()=>Promise.reject(fa(ha)),logoutPopup:()=>Promise.reject(fa(ha)),ssoSilent:()=>Promise.reject(fa(ha)),addEventCallback:()=>null,removeEventCallback:()=>{},addPerformanceCallback:()=>"",removePerformanceCallback:()=>!1,enableAccountStorageEvents:()=>{},disableAccountStorageEvents:()=>{},getTokenCache:()=>{throw fa(ha)},getLogger:()=>{throw fa(ha)},setLogger:()=>{},setActiveAccount:()=>{},getActiveAccount:()=>null,initializeWrapperLibrary:()=>{},setNavigationClient:()=>{},getConfiguration:()=>{throw fa(ha)},hydrateCache:()=>Promise.reject(fa(ha)),clearCache:()=>Promise.reject(fa(ha))};function zl(){let e;try{e=window[gs.SessionStorage];const t=e?.getItem(Ga);if(1===Number(t))return Promise.resolve().then((function(){return Ql}))}catch(e){}}function Kl(){return"undefined"!=typeof window&&void 0!==window.performance&&"function"==typeof window.performance.now}function Gl(e){if(e&&Kl())return Math.round(window.performance.now()-e)}class $l{constructor(e,t){this.correlationId=t,this.measureName=$l.makeMeasureName(e,t),this.startMark=$l.makeStartMark(e,t),this.endMark=$l.makeEndMark(e,t)}static makeMeasureName(e,t){return`msal.measure.${e}.${t}`}static makeStartMark(e,t){return`msal.start.${e}.${t}`}static makeEndMark(e,t){return`msal.end.${e}.${t}`}static supportsBrowserPerformance(){return"undefined"!=typeof window&&void 0!==window.performance&&"function"==typeof window.performance.mark&&"function"==typeof window.performance.measure&&"function"==typeof window.performance.clearMarks&&"function"==typeof window.performance.clearMeasures&&"function"==typeof window.performance.getEntriesByName}static flushMeasurements(e,t){if($l.supportsBrowserPerformance())try{t.forEach((t=>{const r=$l.makeMeasureName(t.name,e);window.performance.getEntriesByName(r,"measure").length>0&&(window.performance.clearMeasures(r),window.performance.clearMarks($l.makeStartMark(r,e)),window.performance.clearMarks($l.makeEndMark(r,e)))}))}catch(e){}}startMeasurement(){if($l.supportsBrowserPerformance())try{window.performance.mark(this.startMark)}catch(e){}}endMeasurement(){if($l.supportsBrowserPerformance())try{window.performance.mark(this.endMark),window.performance.measure(this.measureName,this.startMark,this.endMark)}catch(e){}}flushMeasurement(){if($l.supportsBrowserPerformance())try{const e=window.performance.getEntriesByName(this.measureName,"measure");if(e.length>0){const t=e[0].duration;return window.performance.clearMeasures(this.measureName),window.performance.clearMarks(this.startMark),window.performance.clearMarks(this.endMark),t}}catch(e){}return null}}var Ql=Object.freeze({__proto__:null,BrowserPerformanceMeasurement:$l});e.AccountEntity=no,e.ApiId=bs,e.AuthError=Ce,e.AuthErrorCodes=me,e.AuthErrorMessage=ye,e.AuthenticationHeaderParser=class{constructor(e){this.headers=e}getShrNonce(){const e=this.headers[y];if(e){const t=this.parseChallenges(e);if(t.nextnonce)return t.nextnonce;throw Wt(xt)}const t=this.headers[f];if(t){const e=this.parseChallenges(t);if(e.nonce)return e.nonce;throw Wt(xt)}throw Wt(Ht)}parseChallenges(e){const r=e.indexOf(" "),n=e.substr(r+1).split(","),o={};return n.forEach((e=>{const[r,n]=e.split("=");o[r]=unescape(n.replace(/['"]+/g,t.EMPTY_STRING))})),o}}
/*! @azure/msal-common v15.10.0 2025-08-05 */,e.AuthenticationScheme=W,e.AzureCloudInstance=wt,e.BrowserAuthError=ji,e.BrowserAuthErrorCodes=Ki,e.BrowserAuthErrorMessage=Qi,e.BrowserCacheLocation=gs,e.BrowserConfigurationAuthError=ma,e.BrowserConfigurationAuthErrorCodes=ua,e.BrowserConfigurationAuthErrorMessage=pa,e.BrowserPerformanceClient=class extends $o{constructor(e,r,n){super(e.auth.clientId,e.auth.authority||`${t.DEFAULT_AUTHORITY}`,new yt(e.system?.loggerOptions||{},xa,Da),xa,Da,e.telemetry?.application||{appName:"",appVersion:""},r,n)}generateId(){return Zs()}getPageVisibility(){return document.visibilityState?.toString()||null}deleteIncompleteSubMeasurements(e){zl()?.then((t=>{const r=this.eventsByCorrelationId.get(e.event.correlationId),n=r&&r.eventId===e.event.eventId,o=[];n&&r?.incompleteSubMeasurements&&r.incompleteSubMeasurements.forEach((e=>{o.push({...e})})),t.BrowserPerformanceMeasurement.flushMeasurements(e.event.correlationId,o)}))}startMeasurement(e,t){const r=this.getPageVisibility(),n=super.startMeasurement(e,t),o=Kl()?window.performance.now():void 0,i=zl()?.then((t=>new t.BrowserPerformanceMeasurement(e,n.event.correlationId)));return i?.then((e=>e.startMeasurement())),{...n,end:(e,t)=>{const s=n.end({...e,startPageVisibility:r,endPageVisibility:this.getPageVisibility(),durationMs:Gl(o)},t);return i?.then((e=>e.endMeasurement())),this.deleteIncompleteSubMeasurements(n),s},discard:()=>{n.discard(),i?.then((e=>e.flushMeasurement())),this.deleteIncompleteSubMeasurements(n)}}}setPreQueueTime(e,t){if(!Kl())return void this.logger.trace(`BrowserPerformanceClient: window performance API not available, unable to set telemetry queue time for ${e}`);if(!t)return void this.logger.trace(`BrowserPerformanceClient: correlationId for ${e} not provided, unable to set telemetry queue time`);const r=this.preQueueTimeByCorrelationId.get(t);r&&(this.logger.trace(`BrowserPerformanceClient: Incomplete pre-queue ${r.name} found`,t),this.addQueueMeasurement(r.name,t,void 0,!0)),this.preQueueTimeByCorrelationId.set(t,{name:e,time:window.performance.now()})}addQueueMeasurement(e,t,r,n){if(!Kl())return void this.logger.trace(`BrowserPerformanceClient: window performance API not available, unable to add queue measurement for ${e}`);if(!t)return void this.logger.trace(`BrowserPerformanceClient: correlationId for ${e} not provided, unable to add queue measurement`);const o=super.getPreQueueTime(e,t);if(!o)return;const i=window.performance.now(),s=r||super.calculateQueuedTime(o,i);return super.addQueueMeasurement(e,t,s,n)}},e.BrowserPerformanceMeasurement=$l,e.BrowserUtils=Oa,e.CacheLookupPolicy=Os,e.ClientAuthError=gt,e.ClientAuthErrorCodes=ht,e.ClientAuthErrorMessage=ut,e.ClientConfigurationError=jt,e.ClientConfigurationErrorCodes=Gt,e.ClientConfigurationErrorMessage=Qt,e.DEFAULT_IFRAME_TIMEOUT_MS=Ha,e.EventHandler=Lc,e.EventMessageUtils=class{static getInteractionStatusFromEvent(t,r){switch(t.eventType){case kc.LOGIN_START:return Rs.Login;case kc.SSO_SILENT_START:return Rs.SsoSilent;case kc.ACQUIRE_TOKEN_START:if(t.interactionType===e.InteractionType.Redirect||t.interactionType===e.InteractionType.Popup)return Rs.AcquireToken;break;case kc.HANDLE_REDIRECT_START:return Rs.HandleRedirect;case kc.LOGOUT_START:return Rs.Logout;case kc.SSO_SILENT_SUCCESS:case kc.SSO_SILENT_FAILURE:if(r&&r!==Rs.SsoSilent)break;return Rs.None;case kc.LOGOUT_END:if(r&&r!==Rs.Logout)break;return Rs.None;case kc.HANDLE_REDIRECT_END:if(r&&r!==Rs.HandleRedirect)break;return Rs.None;case kc.LOGIN_SUCCESS:case kc.LOGIN_FAILURE:case kc.ACQUIRE_TOKEN_SUCCESS:case kc.ACQUIRE_TOKEN_FAILURE:case kc.RESTORE_FROM_BFCACHE:if(t.interactionType===e.InteractionType.Redirect||t.interactionType===e.InteractionType.Popup){if(r&&r!==Rs.Login&&r!==Rs.AcquireToken)break;return Rs.None}}return null}},e.EventType=kc,e.InteractionRequiredAuthError=Co,e.InteractionRequiredAuthErrorCodes=go,e.InteractionRequiredAuthErrorMessage=yo,e.InteractionStatus=Rs,e.JsonWebTokenTypes=ue,e.LocalStorage=Tc,e.Logger=yt,e.MemoryStorage=hc,e.NavigationClient=qa,e.OIDC_DEFAULT_SCOPES=h,e.PerformanceEvents=vr,e.PromptValue=b,e.ProtocolMode=Cr,e.PublicClientApplication=Ll,e.PublicClientNext=Bl,e.ServerError=Jn,e.ServerResponseType=_,e.SessionStorage=Ac,e.SignedHttpRequest=class{constructor(e,t){const r=t&&t.loggerOptions||{};this.logger=new yt(r,xa,Da),this.cryptoOps=new uc(this.logger),this.popTokenGenerator=new Ao(this.cryptoOps),this.shrParameters=e}async generatePublicKeyThumbprint(){const{kid:e}=await this.popTokenGenerator.generateKid(this.shrParameters);return e}async signRequest(e,t,r){return this.popTokenGenerator.signPayload(e,t,this.shrParameters,r)}async removeKeys(e){return this.cryptoOps.removeTokenBindingKey(e).then((()=>!0)).catch((e=>{if(e instanceof gt&&e.errorCode===rt)return!1;throw e}))}},e.StringUtils=Vt,e.StubPerformanceClient=Sr,e.UrlString=ir,e.WrapperSKU={React:"@azure/msal-react",Angular:"@azure/msal-angular"},e.createNestablePublicClientApplication=async function(e){const t=new ac(e);if(await t.initialize(),t.isAvailable()){const r=new Nl(t),n=new Ll(e,r);return await n.initialize(),n}return Hl(e)},e.createStandardPublicClientApplication=Hl,e.isPlatformBrokerAvailable=async function(e,t,r){const n=new yt(e||{},xa,Da);n.trace("isPlatformBrokerAvailable called");const o=t||new Sr;return"undefined"==typeof window?(n.trace("Non-browser environment detected, returning false"),!1):!!await dl(n,o,r||Zs())},e.stubbedPublicClientApplication=Fl,e.version=Da}));
Reference in a new issue View git blame Copy permalink