Page MenuHome GnuPG
Files F36623383

No OneTemporary
Actions

View Options

This file is larger than 256 KB, so syntax highlighting was skipped.
diff --git a/web/assets/inst-gpgoljs-assets.nsi b/web/assets/inst-gpgoljs-assets.nsi
index 7ad27b7..df54532 100644
--- a/web/assets/inst-gpgoljs-assets.nsi
+++ b/web/assets/inst-gpgoljs-assets.nsi
@@ -1,2 +1,2 @@
- File ${prefix}/share/gpgol-web/assets/index-C7T5H_aQ.js
File ${prefix}/share/gpgol-web/assets/index-C8C8AKuF.css
+ File ${prefix}/share/gpgol-web/assets/index-DflOW-Hp.js
diff --git a/web/dist/assets/index-C7T5H_aQ.js b/web/dist/assets/index-C7T5H_aQ.js
deleted file mode 100644
index e0237f4..0000000
--- a/web/dist/assets/index-C7T5H_aQ.js
+++ /dev/null
@@ -1,7 +0,0 @@
-(function(){const e=document.createElement("link").relList;if(e&&e.supports&&e.supports("modulepreload"))return;for(const o of document.querySelectorAll('link[rel="modulepreload"]'))n(o);new MutationObserver(o=>{for(const i of o)if(i.type==="childList")for(const a of i.addedNodes)a.tagName==="LINK"&&a.rel==="modulepreload"&&n(a)}).observe(document,{childList:!0,subtree:!0});function t(o){const i={};return o.integrity&&(i.integrity=o.integrity),o.referrerPolicy&&(i.referrerPolicy=o.referrerPolicy),o.crossOrigin==="use-credentials"?i.credentials="include":o.crossOrigin==="anonymous"?i.credentials="omit":i.credentials="same-origin",i}function n(o){if(o.ep)return;o.ep=!0;const i=t(o);fetch(o.href,i)}})();const We={"fr-FR":{"Loading...":"Chargement...","This mail is encrypted and signed.":"Ce email est encrypté et signé numériquement","This mail is encrypted.":"Ce email est encrypté"},"de-DE":{"Waiting for authorization":"Warte auf Berechtigung","Loading…":"Lade...","This mail is encrypted and signed.":"Diese E-Mail ist verschlüsselt und signiert.","This mail is encrypted.":"Diese E-Mail ist verschlüsselt.","This mail is signed.":"Diese E-Mail ist signiert.","This mail is not encrypted nor signed.":"Diese E-Mail ist nicht verschlüsselt und nicht signiert.",Decrypt:"Entschlüsseln","View email":"E-Mail betrachten","Native client was disconnected, reconnecting in 1 second.":"Verbindung zum nativen Client unterbrochen, verbinde erneut in 1 Sekunde.","Native client received an error":"Der native Client hat einen Fehler erhalten.","Native client was disconnected":"Verbindung zum nativen Client unterbrochen","Version mismatch. Make sure you installed the last manifest.xml.":"Versionen stimmen nicht überein. Stellen Sie sicher, dass Sie die aktuelle manifest.xml-Datei installiert haben.","Unable to acquire access token.":"Kann das Zugangstoken nicht abrufen.","Unknown device: %1. Do you trust this device?":"Unbekanntes Gerät: %1. Wollen Sie diesem Gerät vertrauen?","Don't Trust":"Nicht vertrauen",Trust:"Vertrauen","Viewer already open.":"Betrachter bereits geöffnet","New secure email":"Neue sichere E-Mail","Reply securely":"Sicher antworten","Forward securely":"Sicher weiterleiten",Reencrypt:"Erneut verschlüsseln",Drafts:"Entwürfe","Last Modified: %1":"Zuletzt geändert: %1",Delete:"Löschen","No draft found":"Kein Entwurf vorhanden"}};function J(r){const e=Office.context.displayLanguage;let t="";e in We&&r in We[e]?t=We[e][r]:t=r;for(let n=1;n<arguments.length;n++)t=t.replace("%"+n,arguments[n]);return t}function x(r,e){const t=Office.context.displayLanguage;let n="";t in We&&e in We[t]?n=We[t][e]:n=e;for(let o=2;o<arguments.length;o++)n=n.replace("%"+(o-1),arguments[o]);return n}function te(r){return document.getElementById(r)}function ct(r,e){te(r).replaceWith(e),e.id=r}function kn(r){return te("icon-"+r).cloneNode(!0)}function Ze(r){let e=document.createElement("span");return e.innerHTML=r,e}function ts(r){let e=document.createElement("div");return e.innerHTML=r,e}function xe(r,e){e?r.classList.remove("d-none"):r.classList.add("d-none")}function Te(r,e,t,n=["w-100","btn","rounded-md","mt-3"]){let o=document.createElement("button");return o.setIconAndText=(function(i,a){this.replaceChildren(kn(i),Ze(a))}).bind(o),o.setIconAndText(r,e),o.replaceChildren(kn(r),Ze(e)),o.classList.add.apply(o.classList,n),o.addEventListener("click",i=>{t()}),o}function _r(r,e,t){let n=te(r);e.length==0?(console.log("hide",r),xe(n,!1),n.replaceChildren()):(xe(n,!0),n.replaceChildren(kn(t),Ze(e)))}function Ce(r){_r("errorbox",r,"error")}function ns(){return te("errorbox").classList.contains("d-none")}function os(r,e){let t=te("statusbox"),n=Ze(e);t.insertBefore(n,t.children[0]),xe(t,!0),setTimeout(function(o){o[0].removeChild(o[1])},r,[t,n])}/*! @azure/msal-common v15.4.0 2025-03-25 */const g={LIBRARY_NAME:"MSAL.JS",SKU:"msal.js.common",CACHE_PREFIX:"msal",DEFAULT_AUTHORITY:"https://login.microsoftonline.com/common/",DEFAULT_AUTHORITY_HOST:"login.microsoftonline.com",DEFAULT_COMMON_TENANT:"common",ADFS:"adfs",DSTS:"dstsv2",AAD_INSTANCE_DISCOVERY_ENDPT:"https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=",CIAM_AUTH_URL:".ciamlogin.com",AAD_TENANT_DOMAIN_SUFFIX:".onmicrosoft.com",RESOURCE_DELIM:"|",NO_ACCOUNT:"NO_ACCOUNT",CLAIMS:"claims",CONSUMER_UTID:"9188040d-6c67-4c5b-b112-36a304b66dad",OPENID_SCOPE:"openid",PROFILE_SCOPE:"profile",OFFLINE_ACCESS_SCOPE:"offline_access",EMAIL_SCOPE:"email",CODE_GRANT_TYPE:"authorization_code",RT_GRANT_TYPE:"refresh_token",S256_CODE_CHALLENGE_METHOD:"S256",URL_FORM_CONTENT_TYPE:"application/x-www-form-urlencoded;charset=utf-8",AUTHORIZATION_PENDING:"authorization_pending",NOT_DEFINED:"not_defined",EMPTY_STRING:"",NOT_APPLICABLE:"N/A",NOT_AVAILABLE:"Not Available",FORWARD_SLASH:"/",IMDS_ENDPOINT:"http://169.254.169.254/metadata/instance/compute/location",IMDS_VERSION:"2020-06-01",IMDS_TIMEOUT:2e3,AZURE_REGION_AUTO_DISCOVER_FLAG:"TryAutoDetect",REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX:"login.microsoft.com",KNOWN_PUBLIC_CLOUDS:["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"],SHR_NONCE_VALIDITY:240,INVALID_INSTANCE:"invalid_instance"},vt={CLIENT_ERROR_RANGE_START:400,CLIENT_ERROR_RANGE_END:499,SERVER_ERROR_RANGE_START:500,SERVER_ERROR_RANGE_END:599},ze=[g.OPENID_SCOPE,g.PROFILE_SCOPE,g.OFFLINE_ACCESS_SCOPE],Wo=[...ze,g.EMAIL_SCOPE],V={CONTENT_TYPE:"Content-Type",CONTENT_LENGTH:"Content-Length",RETRY_AFTER:"Retry-After",CCS_HEADER:"X-AnchorMailbox",WWWAuthenticate:"WWW-Authenticate",AuthenticationInfo:"Authentication-Info",X_MS_REQUEST_ID:"x-ms-request-id",X_MS_HTTP_VERSION:"x-ms-httpver"},Jo={ACTIVE_ACCOUNT_FILTERS:"active-account-filters"},Re={COMMON:"common",ORGANIZATIONS:"organizations",CONSUMERS:"consumers"},St={ACCESS_TOKEN:"access_token",XMS_CC:"xms_cc"},K={LOGIN:"login",SELECT_ACCOUNT:"select_account",CONSENT:"consent",NONE:"none",CREATE:"create",NO_SESSION:"no_session"},Xo={PLAIN:"plain",S256:"S256"},Rr={CODE:"code",IDTOKEN_TOKEN_REFRESHTOKEN:"id_token token refresh_token"},Xt={QUERY:"query",FRAGMENT:"fragment"},rs={QUERY:"query"},br={AUTHORIZATION_CODE_GRANT:"authorization_code",REFRESH_TOKEN_GRANT:"refresh_token"},kt={MSSTS_ACCOUNT_TYPE:"MSSTS",ADFS_ACCOUNT_TYPE:"ADFS",GENERIC_ACCOUNT_TYPE:"Generic"},z={CACHE_KEY_SEPARATOR:"-",CLIENT_INFO_SEPARATOR:"."},I={ID_TOKEN:"IdToken",ACCESS_TOKEN:"AccessToken",ACCESS_TOKEN_WITH_AUTH_SCHEME:"AccessToken_With_AuthScheme",REFRESH_TOKEN:"RefreshToken"},Vn="appmetadata",is="client_info",lt="1",Lt={CACHE_KEY:"authority-metadata",REFRESH_TIME_SECONDS:3600*24},X={CONFIG:"config",CACHE:"cache",NETWORK:"network",HARDCODED_VALUES:"hardcoded_values"},F={SCHEMA_VERSION:5,MAX_LAST_HEADER_BYTES:330,MAX_CACHED_ERRORS:50,CACHE_KEY:"server-telemetry",CATEGORY_SEPARATOR:"|",VALUE_SEPARATOR:",",OVERFLOW_TRUE:"1",OVERFLOW_FALSE:"0",UNKNOWN_ERROR:"unknown_error"},k={BEARER:"Bearer",POP:"pop",SSH:"ssh-cert"},dt={DEFAULT_THROTTLE_TIME_SECONDS:60,DEFAULT_MAX_THROTTLE_TIME_SECONDS:3600,THROTTLING_PREFIX:"throttling",X_MS_LIB_CAPABILITY_VALUE:"retry-after, h429"},Zo={INVALID_GRANT_ERROR:"invalid_grant",CLIENT_MISMATCH_ERROR:"client_mismatch"},_t={httpSuccess:200,httpBadRequest:400},qe={FAILED_AUTO_DETECTION:"1",INTERNAL_CACHE:"2",ENVIRONMENT_VARIABLE:"3",IMDS:"4"},An={CONFIGURED_NO_AUTO_DETECTION:"2",AUTO_DETECTION_REQUESTED_SUCCESSFUL:"4",AUTO_DETECTION_REQUESTED_FAILED:"5"},Ue={NOT_APPLICABLE:"0",FORCE_REFRESH_OR_CLAIMS:"1",NO_CACHED_ACCESS_TOKEN:"2",CACHED_ACCESS_TOKEN_EXPIRED:"3",PROACTIVELY_REFRESHED:"4"},as={Pop:"pop"},ss=300;/*! @azure/msal-common v15.4.0 2025-03-25 */const Qn="unexpected_error",cs="post_request_failed";/*! @azure/msal-common v15.4.0 2025-03-25 */const er={[Qn]:"Unexpected error in authentication.",[cs]:"Post request failed from the network, could be a 4xx/5xx or a network unavailability. Please check the exact error code for details."};class _ extends Error{constructor(e,t,n){const o=t?`${e}: ${t}`:e;super(o),Object.setPrototypeOf(this,_.prototype),this.errorCode=e||g.EMPTY_STRING,this.errorMessage=t||g.EMPTY_STRING,this.subError=n||g.EMPTY_STRING,this.name="AuthError"}setCorrelationId(e){this.correlationId=e}}function Or(r,e){return new _(r,e?`${er[r]} ${e}`:er[r])}/*! @azure/msal-common v15.4.0 2025-03-25 */const Yn="client_info_decoding_error",Pr="client_info_empty_error",jn="token_parsing_error",Ht="null_or_empty_token",ye="endpoints_resolution_error",Nr="network_error",Mr="openid_config_error",Ur="hash_not_deserialized",et="invalid_state",Lr="state_mismatch",_n="state_not_found",Hr="nonce_mismatch",Wn="auth_time_not_found",Dr="max_age_transpired",ls="multiple_matching_tokens",ds="multiple_matching_accounts",xr="multiple_matching_appMetadata",Fr="request_cannot_be_made",Kr="cannot_remove_empty_scope",Br="cannot_append_scopeset",Rn="empty_input_scopeset",hs="device_code_polling_cancelled",us="device_code_expired",gs="device_code_unknown_error",Jn="no_account_in_silent_request",Gr="invalid_cache_record",Xn="invalid_cache_environment",Dt="no_account_found",bn="no_crypto_object",On="unexpected_credential_type",ps="invalid_assertion",fs="invalid_client_credential",be="token_refresh_required",ms="user_timeout_reached",zr="token_claims_cnf_required_for_signedjwt",qr="authorization_code_missing_from_server_response",$r="binding_key_not_removed",Vr="end_session_endpoint_not_supported",Zn="key_id_missing",Qr="no_network_connectivity",Yr="user_canceled",Cs="missing_tenant_id_error",v="method_not_implemented",Pn="nested_app_auth_bridge_disabled";/*! @azure/msal-common v15.4.0 2025-03-25 */const tr={[Yn]:"The client info could not be parsed/decoded correctly",[Pr]:"The client info was empty",[jn]:"Token cannot be parsed",[Ht]:"The token is null or empty",[ye]:"Endpoints cannot be resolved",[Nr]:"Network request failed",[Mr]:"Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints.",[Ur]:"The hash parameters could not be deserialized",[et]:"State was not the expected format",[Lr]:"State mismatch error",[_n]:"State not found",[Hr]:"Nonce mismatch error",[Wn]:"Max Age was requested and the ID token is missing the auth_time variable. auth_time is an optional claim and is not enabled by default - it must be enabled. See https://aka.ms/msaljs/optional-claims for more information.",[Dr]:"Max Age is set to 0, or too much time has elapsed since the last end-user authentication.",[ls]:"The cache contains multiple tokens satisfying the requirements. Call AcquireToken again providing more requirements such as authority or account.",[ds]:"The cache contains multiple accounts satisfying the given parameters. Please pass more info to obtain the correct account",[xr]:"The cache contains multiple appMetadata satisfying the given parameters. Please pass more info to obtain the correct appMetadata",[Fr]:"Token request cannot be made without authorization code or refresh token.",[Kr]:"Cannot remove null or empty scope from ScopeSet",[Br]:"Cannot append ScopeSet",[Rn]:"Empty input ScopeSet cannot be processed",[hs]:"Caller has cancelled token endpoint polling during device code flow by setting DeviceCodeRequest.cancel = true.",[us]:"Device code is expired.",[gs]:"Device code stopped polling for unknown reasons.",[Jn]:"Please pass an account object, silent flow is not supported without account information",[Gr]:"Cache record object was null or undefined.",[Xn]:"Invalid environment when attempting to create cache entry",[Dt]:"No account found in cache for given key.",[bn]:"No crypto object detected.",[On]:"Unexpected credential type.",[ps]:"Client assertion must meet requirements described in https://tools.ietf.org/html/rfc7515",[fs]:"Client credential (secret, certificate, or assertion) must not be empty when creating a confidential client. An application should at most have one credential",[be]:"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.",[ms]:"User defined timeout for device code polling reached",[zr]:"Cannot generate a POP jwt if the token_claims are not populated",[qr]:"Server response does not contain an authorization code to proceed",[$r]:"Could not remove the credential's binding key from storage.",[Vr]:"The provided authority does not support logout",[Zn]:"A keyId value is missing from the requested bound token's cache record and is required to match the token to it's stored binding key.",[Qr]:"No network connectivity. Check your internet connection.",[Yr]:"User cancelled the flow.",[Cs]:"A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.",[v]:"This method has not been implemented",[Pn]:"The nested app auth bridge is disabled"};class Se extends _{constructor(e,t){super(e,t?`${tr[e]}: ${t}`:tr[e]),this.name="ClientAuthError",Object.setPrototypeOf(this,Se.prototype)}}function f(r,e){return new Se(r,e)}/*! @azure/msal-common v15.4.0 2025-03-25 */const gt={createNewGuid:()=>{throw f(v)},base64Decode:()=>{throw f(v)},base64Encode:()=>{throw f(v)},base64UrlEncode:()=>{throw f(v)},encodeKid:()=>{throw f(v)},async getPublicKeyThumbprint(){throw f(v)},async removeTokenBindingKey(){throw f(v)},async clearKeystore(){throw f(v)},async signJwt(){throw f(v)},async hashString(){throw f(v)}};/*! @azure/msal-common v15.4.0 2025-03-25 */var N;(function(r){r[r.Error=0]="Error",r[r.Warning=1]="Warning",r[r.Info=2]="Info",r[r.Verbose=3]="Verbose",r[r.Trace=4]="Trace"})(N||(N={}));class Ee{constructor(e,t,n){this.level=N.Info;const o=()=>{},i=e||Ee.createDefaultLoggerOptions();this.localCallback=i.loggerCallback||o,this.piiLoggingEnabled=i.piiLoggingEnabled||!1,this.level=typeof i.logLevel=="number"?i.logLevel:N.Info,this.correlationId=i.correlationId||g.EMPTY_STRING,this.packageName=t||g.EMPTY_STRING,this.packageVersion=n||g.EMPTY_STRING}static createDefaultLoggerOptions(){return{loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:N.Info}}clone(e,t,n){return new Ee({loggerCallback:this.localCallback,piiLoggingEnabled:this.piiLoggingEnabled,logLevel:this.level,correlationId:n||this.correlationId},e,t)}logMessage(e,t){if(t.logLevel>this.level||!this.piiLoggingEnabled&&t.containsPii)return;const i=`${`[${new Date().toUTCString()}] : [${t.correlationId||this.correlationId||""}]`} : ${this.packageName}@${this.packageVersion} : ${N[t.logLevel]} - ${e}`;this.executeCallback(t.logLevel,i,t.containsPii||!1)}executeCallback(e,t,n){this.localCallback&&this.localCallback(e,t,n)}error(e,t){this.logMessage(e,{logLevel:N.Error,containsPii:!1,correlationId:t||g.EMPTY_STRING})}errorPii(e,t){this.logMessage(e,{logLevel:N.Error,containsPii:!0,correlationId:t||g.EMPTY_STRING})}warning(e,t){this.logMessage(e,{logLevel:N.Warning,containsPii:!1,correlationId:t||g.EMPTY_STRING})}warningPii(e,t){this.logMessage(e,{logLevel:N.Warning,containsPii:!0,correlationId:t||g.EMPTY_STRING})}info(e,t){this.logMessage(e,{logLevel:N.Info,containsPii:!1,correlationId:t||g.EMPTY_STRING})}infoPii(e,t){this.logMessage(e,{logLevel:N.Info,containsPii:!0,correlationId:t||g.EMPTY_STRING})}verbose(e,t){this.logMessage(e,{logLevel:N.Verbose,containsPii:!1,correlationId:t||g.EMPTY_STRING})}verbosePii(e,t){this.logMessage(e,{logLevel:N.Verbose,containsPii:!0,correlationId:t||g.EMPTY_STRING})}trace(e,t){this.logMessage(e,{logLevel:N.Trace,containsPii:!1,correlationId:t||g.EMPTY_STRING})}tracePii(e,t){this.logMessage(e,{logLevel:N.Trace,containsPii:!0,correlationId:t||g.EMPTY_STRING})}isPiiLoggingEnabled(){return this.piiLoggingEnabled||!1}}/*! @azure/msal-common v15.4.0 2025-03-25 */const jr="@azure/msal-common",eo="15.4.0";/*! @azure/msal-common v15.4.0 2025-03-25 */const to={None:"none"};/*! @azure/msal-common v15.4.0 2025-03-25 */function Pe(r,e){const t=ys(r);try{const n=e(t);return JSON.parse(n)}catch{throw f(jn)}}function ys(r){if(!r)throw f(Ht);const t=/^([^\.\s]*)\.([^\.\s]+)\.([^\.\s]*)$/.exec(r);if(!t||t.length<4)throw f(jn);return t[2]}function Wr(r,e){if(e===0||Date.now()-3e5>r+e)throw f(Dr)}/*! @azure/msal-common v15.4.0 2025-03-25 */function j(){return Math.round(new Date().getTime()/1e3)}function nr(r){return r.getTime()/1e3}function Ie(r){return r?new Date(Number(r)*1e3):new Date}function xt(r,e){const t=Number(r)||0;return j()+e>t}function Jr(r){return Number(r)>j()}/*! @azure/msal-common v15.4.0 2025-03-25 */function ht(r){return[Es(r),ws(r),vs(r),Ss(r),ks(r)].join(z.CACHE_KEY_SEPARATOR).toLowerCase()}function Zt(r,e,t,n,o){return{credentialType:I.ID_TOKEN,homeAccountId:r,environment:e,clientId:n,secret:t,realm:o}}function en(r,e,t,n,o,i,a,s,c,d,h,u,m,A,E){var D,W;const w={homeAccountId:r,credentialType:I.ACCESS_TOKEN,secret:t,cachedAt:j().toString(),expiresOn:a.toString(),extendedExpiresOn:s.toString(),environment:e,clientId:n,realm:o,target:i,tokenType:h||k.BEARER};if(u&&(w.userAssertionHash=u),d&&(w.refreshOn=d.toString()),A&&(w.requestedClaims=A,w.requestedClaimsHash=E),((D=w.tokenType)==null?void 0:D.toLowerCase())!==k.BEARER.toLowerCase())switch(w.credentialType=I.ACCESS_TOKEN_WITH_AUTH_SCHEME,w.tokenType){case k.POP:const ee=Pe(t,c);if(!((W=ee==null?void 0:ee.cnf)!=null&&W.kid))throw f(zr);w.keyId=ee.cnf.kid;break;case k.SSH:w.keyId=m}return w}function Xr(r,e,t,n,o,i,a){const s={credentialType:I.REFRESH_TOKEN,homeAccountId:r,environment:e,clientId:n,secret:t};return i&&(s.userAssertionHash=i),o&&(s.familyId=o),a&&(s.expiresOn=a.toString()),s}function no(r){return r.hasOwnProperty("homeAccountId")&&r.hasOwnProperty("environment")&&r.hasOwnProperty("credentialType")&&r.hasOwnProperty("clientId")&&r.hasOwnProperty("secret")}function Ts(r){return r?no(r)&&r.hasOwnProperty("realm")&&r.hasOwnProperty("target")&&(r.credentialType===I.ACCESS_TOKEN||r.credentialType===I.ACCESS_TOKEN_WITH_AUTH_SCHEME):!1}function As(r){return r?no(r)&&r.hasOwnProperty("realm")&&r.credentialType===I.ID_TOKEN:!1}function Is(r){return r?no(r)&&r.credentialType===I.REFRESH_TOKEN:!1}function Es(r){return[r.homeAccountId,r.environment].join(z.CACHE_KEY_SEPARATOR).toLowerCase()}function ws(r){const e=r.credentialType===I.REFRESH_TOKEN&&r.familyId||r.clientId;return[r.credentialType,e,r.realm||""].join(z.CACHE_KEY_SEPARATOR).toLowerCase()}function vs(r){return(r.target||"").toLowerCase()}function Ss(r){return(r.requestedClaimsHash||"").toLowerCase()}function ks(r){return r.tokenType&&r.tokenType.toLowerCase()!==k.BEARER.toLowerCase()?r.tokenType.toLowerCase():""}function _s(r,e){const t=r.indexOf(F.CACHE_KEY)===0;let n=!0;return e&&(n=e.hasOwnProperty("failedRequests")&&e.hasOwnProperty("errors")&&e.hasOwnProperty("cacheHits")),t&&n}function Rs(r,e){let t=!1;r&&(t=r.indexOf(dt.THROTTLING_PREFIX)===0);let n=!0;return e&&(n=e.hasOwnProperty("throttleTime")),t&&n}function bs({environment:r,clientId:e}){return[Vn,r,e].join(z.CACHE_KEY_SEPARATOR).toLowerCase()}function Os(r,e){return e?r.indexOf(Vn)===0&&e.hasOwnProperty("clientId")&&e.hasOwnProperty("environment"):!1}function Ps(r,e){return e?r.indexOf(Lt.CACHE_KEY)===0&&e.hasOwnProperty("aliases")&&e.hasOwnProperty("preferred_cache")&&e.hasOwnProperty("preferred_network")&&e.hasOwnProperty("canonical_authority")&&e.hasOwnProperty("authorization_endpoint")&&e.hasOwnProperty("token_endpoint")&&e.hasOwnProperty("issuer")&&e.hasOwnProperty("aliasesFromNetwork")&&e.hasOwnProperty("endpointsFromNetwork")&&e.hasOwnProperty("expiresAt")&&e.hasOwnProperty("jwks_uri"):!1}function or(){return j()+Lt.REFRESH_TIME_SECONDS}function Rt(r,e,t){r.authorization_endpoint=e.authorization_endpoint,r.token_endpoint=e.token_endpoint,r.end_session_endpoint=e.end_session_endpoint,r.issuer=e.issuer,r.endpointsFromNetwork=t,r.jwks_uri=e.jwks_uri}function In(r,e,t){r.aliases=e.aliases,r.preferred_cache=e.preferred_cache,r.preferred_network=e.preferred_network,r.aliasesFromNetwork=t}function rr(r){return r.expiresAt<=j()}/*! @azure/msal-common v15.4.0 2025-03-25 */const Zr="redirect_uri_empty",Ns="claims_request_parsing_error",ei="authority_uri_insecure",st="url_parse_error",ti="empty_url_error",ni="empty_input_scopes_error",oi="invalid_prompt_value",tn="invalid_claims",ri="token_request_empty",ii="logout_request_empty",ai="invalid_code_challenge_method",nn="pkce_params_missing",oo="invalid_cloud_discovery_metadata",si="invalid_authority_metadata",ci="untrusted_authority",on="missing_ssh_jwk",li="missing_ssh_kid",Ms="missing_nonce_authentication_header",Us="invalid_authentication_header",di="cannot_set_OIDCOptions",hi="cannot_allow_platform_broker",ui="authority_mismatch";/*! @azure/msal-common v15.4.0 2025-03-25 */const Ls={[Zr]:"A redirect URI is required for all calls, and none has been set.",[Ns]:"Could not parse the given claims request object.",[ei]:"Authority URIs must use https. Please see here for valid authority configuration options: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-initializing-client-applications#configuration-options",[st]:"URL could not be parsed into appropriate segments.",[ti]:"URL was empty or null.",[ni]:"Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token.",[oi]:"Please see here for valid configuration options: https://azuread.github.io/microsoft-authentication-library-for-js/ref/modules/_azure_msal_common.html#commonauthorizationurlrequest",[tn]:"Given claims parameter must be a stringified JSON object.",[ri]:"Token request was empty and not found in cache.",[ii]:"The logout request was null or undefined.",[ai]:'code_challenge_method passed is invalid. Valid values are "plain" and "S256".',[nn]:"Both params: code_challenge and code_challenge_method are to be passed if to be sent in the request",[oo]:"Invalid cloudDiscoveryMetadata provided. Must be a stringified JSON object containing tenant_discovery_endpoint and metadata fields",[si]:"Invalid authorityMetadata provided. Must by a stringified JSON object containing authorization_endpoint, token_endpoint, issuer fields.",[ci]:"The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter.",[on]:"Missing sshJwk in SSH certificate request. A stringified JSON Web Key is required when using the SSH authentication scheme.",[li]:"Missing sshKid in SSH certificate request. A string that uniquely identifies the public SSH key is required when using the SSH authentication scheme.",[Ms]:"Unable to find an authentication header containing server nonce. Either the Authentication-Info or WWW-Authenticate headers must be present in order to obtain a server nonce.",[Us]:"Invalid authentication header provided",[di]:"Cannot set OIDCOptions parameter. Please change the protocol mode to OIDC or use a non-Microsoft authority.",[hi]:"Cannot set allowPlatformBroker parameter to true when not in AAD protocol mode.",[ui]:"Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority."};class ro extends _{constructor(e){super(e,Ls[e]),this.name="ClientConfigurationError",Object.setPrototypeOf(this,ro.prototype)}}function R(r){return new ro(r)}/*! @azure/msal-common v15.4.0 2025-03-25 */class ae{static isEmptyObj(e){if(e)try{const t=JSON.parse(e);return Object.keys(t).length===0}catch{}return!0}static startsWith(e,t){return e.indexOf(t)===0}static endsWith(e,t){return e.length>=t.length&&e.lastIndexOf(t)===e.length-t.length}static queryStringToObject(e){const t={},n=e.split("&"),o=i=>decodeURIComponent(i.replace(/\+/g," "));return n.forEach(i=>{if(i.trim()){const[a,s]=i.split(/=(.+)/g,2);a&&s&&(t[o(a)]=o(s))}}),t}static trimArrayEntries(e){return e.map(t=>t.trim())}static removeEmptyStringsFromArray(e){return e.filter(t=>!!t)}static jsonParseHelper(e){try{return JSON.parse(e)}catch{return null}}static matchPattern(e,t){return new RegExp(e.replace(/\\/g,"\\\\").replace(/\*/g,"[^ ]*").replace(/\?/g,"\\?")).test(t)}}/*! @azure/msal-common v15.4.0 2025-03-25 */class M{constructor(e){const t=e?ae.trimArrayEntries([...e]):[],n=t?ae.removeEmptyStringsFromArray(t):[];if(!n||!n.length)throw R(ni);this.scopes=new Set,n.forEach(o=>this.scopes.add(o))}static fromString(e){const n=(e||g.EMPTY_STRING).split(" ");return new M(n)}static createSearchScopes(e){const t=new M(e);return t.containsOnlyOIDCScopes()?t.removeScope(g.OFFLINE_ACCESS_SCOPE):t.removeOIDCScopes(),t}containsScope(e){const t=this.printScopesLowerCase().split(" "),n=new M(t);return e?n.scopes.has(e.toLowerCase()):!1}containsScopeSet(e){return!e||e.scopes.size<=0?!1:this.scopes.size>=e.scopes.size&&e.asArray().every(t=>this.containsScope(t))}containsOnlyOIDCScopes(){let e=0;return Wo.forEach(t=>{this.containsScope(t)&&(e+=1)}),this.scopes.size===e}appendScope(e){e&&this.scopes.add(e.trim())}appendScopes(e){try{e.forEach(t=>this.appendScope(t))}catch{throw f(Br)}}removeScope(e){if(!e)throw f(Kr);this.scopes.delete(e.trim())}removeOIDCScopes(){Wo.forEach(e=>{this.scopes.delete(e)})}unionScopeSets(e){if(!e)throw f(Rn);const t=new Set;return e.scopes.forEach(n=>t.add(n.toLowerCase())),this.scopes.forEach(n=>t.add(n.toLowerCase())),t}intersectingScopeSets(e){if(!e)throw f(Rn);e.containsOnlyOIDCScopes()||e.removeOIDCScopes();const t=this.unionScopeSets(e),n=e.getScopeCount(),o=this.getScopeCount();return t.size<o+n}getScopeCount(){return this.scopes.size}asArray(){const e=[];return this.scopes.forEach(t=>e.push(t)),e}printScopes(){return this.scopes?this.asArray().join(" "):g.EMPTY_STRING}printScopesLowerCase(){return this.printScopes().toLowerCase()}}/*! @azure/msal-common v15.4.0 2025-03-25 */function Ft(r,e){if(!r)throw f(Pr);try{const t=e(r);return JSON.parse(t)}catch{throw f(Yn)}}function Je(r){if(!r)throw f(Yn);const e=r.split(z.CLIENT_INFO_SEPARATOR,2);return{uid:e[0],utid:e.length<2?g.EMPTY_STRING:e[1]}}/*! @azure/msal-common v15.4.0 2025-03-25 */function ir(r,e){return!!r&&!!e&&r===e.split(".")[1]}function rn(r,e,t,n){if(n){const{oid:o,sub:i,tid:a,name:s,tfp:c,acr:d}=n,h=a||c||d||"";return{tenantId:h,localAccountId:o||i||"",name:s,isHomeTenant:ir(h,r)}}else return{tenantId:t,localAccountId:e,isHomeTenant:ir(t,r)}}function io(r,e,t,n){let o=r;if(e){const{isHomeTenant:i,...a}=e;o={...r,...a}}if(t){const{isHomeTenant:i,...a}=rn(r.homeAccountId,r.localAccountId,r.tenantId,t);return o={...o,...a,idTokenClaims:t,idToken:n},o}return o}/*! @azure/msal-common v15.4.0 2025-03-25 */const re={Default:0,Adfs:1,Dsts:2,Ciam:3};/*! @azure/msal-common v15.4.0 2025-03-25 */function gi(r){return r&&(r.tid||r.tfp||r.acr)||null}/*! @azure/msal-common v15.4.0 2025-03-25 */const Y={AAD:"AAD",OIDC:"OIDC",EAR:"EAR"};/*! @azure/msal-common v15.4.0 2025-03-25 */class q{generateAccountId(){return[this.homeAccountId,this.environment].join(z.CACHE_KEY_SEPARATOR).toLowerCase()}generateAccountKey(){return q.generateAccountCacheKey({homeAccountId:this.homeAccountId,environment:this.environment,tenantId:this.realm,username:this.username,localAccountId:this.localAccountId})}getAccountInfo(){return{homeAccountId:this.homeAccountId,environment:this.environment,tenantId:this.realm,username:this.username,localAccountId:this.localAccountId,name:this.name,nativeAccountId:this.nativeAccountId,authorityType:this.authorityType,tenantProfiles:new Map((this.tenantProfiles||[]).map(e=>[e.tenantId,e]))}}isSingleTenant(){return!this.tenantProfiles}static generateAccountCacheKey(e){const t=e.homeAccountId.split(".")[1];return[e.homeAccountId,e.environment||"",t||e.tenantId||""].join(z.CACHE_KEY_SEPARATOR).toLowerCase()}static createAccount(e,t,n){var d,h,u,m,A,E;const o=new q;t.authorityType===re.Adfs?o.authorityType=kt.ADFS_ACCOUNT_TYPE:t.protocolMode===Y.OIDC?o.authorityType=kt.GENERIC_ACCOUNT_TYPE:o.authorityType=kt.MSSTS_ACCOUNT_TYPE;let i;e.clientInfo&&n&&(i=Ft(e.clientInfo,n)),o.clientInfo=e.clientInfo,o.homeAccountId=e.homeAccountId,o.nativeAccountId=e.nativeAccountId;const a=e.environment||t&&t.getPreferredCache();if(!a)throw f(Xn);o.environment=a,o.realm=(i==null?void 0:i.utid)||gi(e.idTokenClaims)||"",o.localAccountId=(i==null?void 0:i.uid)||((d=e.idTokenClaims)==null?void 0:d.oid)||((h=e.idTokenClaims)==null?void 0:h.sub)||"";const s=((u=e.idTokenClaims)==null?void 0:u.preferred_username)||((m=e.idTokenClaims)==null?void 0:m.upn),c=(A=e.idTokenClaims)!=null&&A.emails?e.idTokenClaims.emails[0]:null;if(o.username=s||c||"",o.name=((E=e.idTokenClaims)==null?void 0:E.name)||"",o.cloudGraphHostName=e.cloudGraphHostName,o.msGraphHost=e.msGraphHost,e.tenantProfiles)o.tenantProfiles=e.tenantProfiles;else{const w=rn(e.homeAccountId,o.localAccountId,o.realm,e.idTokenClaims);o.tenantProfiles=[w]}return o}static createFromAccountInfo(e,t,n){var i;const o=new q;return o.authorityType=e.authorityType||kt.GENERIC_ACCOUNT_TYPE,o.homeAccountId=e.homeAccountId,o.localAccountId=e.localAccountId,o.nativeAccountId=e.nativeAccountId,o.realm=e.tenantId,o.environment=e.environment,o.username=e.username,o.name=e.name,o.cloudGraphHostName=t,o.msGraphHost=n,o.tenantProfiles=Array.from(((i=e.tenantProfiles)==null?void 0:i.values())||[]),o}static generateHomeAccountId(e,t,n,o,i){if(!(t===re.Adfs||t===re.Dsts)){if(e)try{const a=Ft(e,o.base64Decode);if(a.uid&&a.utid)return`${a.uid}.${a.utid}`}catch{}n.warning("No client info in response")}return(i==null?void 0:i.sub)||""}static isAccountEntity(e){return e?e.hasOwnProperty("homeAccountId")&&e.hasOwnProperty("environment")&&e.hasOwnProperty("realm")&&e.hasOwnProperty("localAccountId")&&e.hasOwnProperty("username")&&e.hasOwnProperty("authorityType"):!1}static accountInfoIsEqual(e,t,n){if(!e||!t)return!1;let o=!0;if(n){const i=e.idTokenClaims||{},a=t.idTokenClaims||{};o=i.iat===a.iat&&i.nonce===a.nonce}return e.homeAccountId===t.homeAccountId&&e.localAccountId===t.localAccountId&&e.username===t.username&&e.tenantId===t.tenantId&&e.environment===t.environment&&e.nativeAccountId===t.nativeAccountId&&o}}/*! @azure/msal-common v15.4.0 2025-03-25 */function pi(r){return r.startsWith("#/")?r.substring(2):r.startsWith("#")||r.startsWith("?")?r.substring(1):r}function Kt(r){if(!r||r.indexOf("=")<0)return null;try{const e=pi(r),t=Object.fromEntries(new URLSearchParams(e));if(t.code||t.ear_jwe||t.error||t.error_description||t.state)return t}catch{throw f(Ur)}return null}function pt(r){const e=new Array;return r.forEach((t,n)=>{e.push(`${n}=${encodeURIComponent(t)}`)}),e.join("&")}/*! @azure/msal-common v15.4.0 2025-03-25 */class S{get urlString(){return this._urlString}constructor(e){if(this._urlString=e,!this._urlString)throw R(ti);e.includes("#")||(this._urlString=S.canonicalizeUri(e))}static canonicalizeUri(e){if(e){let t=e.toLowerCase();return ae.endsWith(t,"?")?t=t.slice(0,-1):ae.endsWith(t,"?/")&&(t=t.slice(0,-2)),ae.endsWith(t,"/")||(t+="/"),t}return e}validateAsUri(){let e;try{e=this.getUrlComponents()}catch{throw R(st)}if(!e.HostNameAndPort||!e.PathSegments)throw R(st);if(!e.Protocol||e.Protocol.toLowerCase()!=="https:")throw R(ei)}static appendQueryString(e,t){return t?e.indexOf("?")<0?`${e}?${t}`:`${e}&${t}`:e}static removeHashFromUrl(e){return S.canonicalizeUri(e.split("#")[0])}replaceTenantPath(e){const t=this.getUrlComponents(),n=t.PathSegments;return e&&n.length!==0&&(n[0]===Re.COMMON||n[0]===Re.ORGANIZATIONS)&&(n[0]=e),S.constructAuthorityUriFromObject(t)}getUrlComponents(){const e=RegExp("^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?"),t=this.urlString.match(e);if(!t)throw R(st);const n={Protocol:t[1],HostNameAndPort:t[4],AbsolutePath:t[5],QueryString:t[7]};let o=n.AbsolutePath.split("/");return o=o.filter(i=>i&&i.length>0),n.PathSegments=o,n.QueryString&&n.QueryString.endsWith("/")&&(n.QueryString=n.QueryString.substring(0,n.QueryString.length-1)),n}static getDomainFromUrl(e){const t=RegExp("^([^:/?#]+://)?([^/?#]*)"),n=e.match(t);if(!n)throw R(st);return n[2]}static getAbsoluteUrl(e,t){if(e[0]===g.FORWARD_SLASH){const o=new S(t).getUrlComponents();return o.Protocol+"//"+o.HostNameAndPort+e}return e}static constructAuthorityUriFromObject(e){return new S(e.Protocol+"//"+e.HostNameAndPort+"/"+e.PathSegments.join("/"))}static hashContainsKnownProperties(e){return!!Kt(e)}}/*! @azure/msal-common v15.4.0 2025-03-25 */const fi={endpointMetadata:{"login.microsoftonline.com":{token_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.microsoftonline.com/{tenantid}/discovery/v2.0/keys",issuer:"https://login.microsoftonline.com/{tenantid}/v2.0",authorization_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/logout"},"login.chinacloudapi.cn":{token_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.chinacloudapi.cn/{tenantid}/discovery/v2.0/keys",issuer:"https://login.partner.microsoftonline.cn/{tenantid}/v2.0",authorization_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/logout"},"login.microsoftonline.us":{token_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.microsoftonline.us/{tenantid}/discovery/v2.0/keys",issuer:"https://login.microsoftonline.us/{tenantid}/v2.0",authorization_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/logout"}},instanceDiscoveryMetadata:{metadata:[{preferred_network:"login.microsoftonline.com",preferred_cache:"login.windows.net",aliases:["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"]},{preferred_network:"login.partner.microsoftonline.cn",preferred_cache:"login.partner.microsoftonline.cn",aliases:["login.partner.microsoftonline.cn","login.chinacloudapi.cn"]},{preferred_network:"login.microsoftonline.de",preferred_cache:"login.microsoftonline.de",aliases:["login.microsoftonline.de"]},{preferred_network:"login.microsoftonline.us",preferred_cache:"login.microsoftonline.us",aliases:["login.microsoftonline.us","login.usgovcloudapi.net"]},{preferred_network:"login-us.microsoftonline.com",preferred_cache:"login-us.microsoftonline.com",aliases:["login-us.microsoftonline.com"]}]}},ar=fi.endpointMetadata,ao=fi.instanceDiscoveryMetadata,mi=new Set;ao.metadata.forEach(r=>{r.aliases.forEach(e=>{mi.add(e)})});function Hs(r,e){var o;let t;const n=r.canonicalAuthority;if(n){const i=new S(n).getUrlComponents().HostNameAndPort;t=sr(i,(o=r.cloudDiscoveryMetadata)==null?void 0:o.metadata,X.CONFIG,e)||sr(i,ao.metadata,X.HARDCODED_VALUES,e)||r.knownAuthorities}return t||[]}function sr(r,e,t,n){if(n==null||n.trace(`getAliasesFromMetadata called with source: ${t}`),r&&e){const o=Bt(e,r);if(o)return n==null||n.trace(`getAliasesFromMetadata: found cloud discovery metadata in ${t}, returning aliases`),o.aliases;n==null||n.trace(`getAliasesFromMetadata: did not find cloud discovery metadata in ${t}`)}return null}function Ds(r){return Bt(ao.metadata,r)}function Bt(r,e){for(let t=0;t<r.length;t++){const n=r[t];if(n.aliases.includes(e))return n}return null}/*! @azure/msal-common v15.4.0 2025-03-25 */const Ci="cache_quota_exceeded",so="cache_error_unknown";/*! @azure/msal-common v15.4.0 2025-03-25 */const En={[Ci]:"Exceeded cache storage capacity.",[so]:"Unexpected error occurred when using cache storage."};class Xe extends Error{constructor(e,t){const n=t||(En[e]?En[e]:En[so]);super(`${e}: ${n}`),Object.setPrototypeOf(this,Xe.prototype),this.name="CacheError",this.errorCode=e,this.errorMessage=n}}/*! @azure/msal-common v15.4.0 2025-03-25 */class Nn{constructor(e,t,n,o){this.clientId=e,this.cryptoImpl=t,this.commonLogger=n.clone(jr,eo),this.staticAuthorityOptions=o}getAllAccounts(e){return this.buildTenantProfiles(this.getAccountsFilteredBy(e||{}),e)}getAccountInfoFilteredBy(e){const t=this.getAllAccounts(e);return t.length>1?t.sort(o=>o.idTokenClaims?-1:1)[0]:t.length===1?t[0]:null}getBaseAccountInfo(e){const t=this.getAccountsFilteredBy(e);return t.length>0?t[0].getAccountInfo():null}buildTenantProfiles(e,t){return e.flatMap(n=>this.getTenantProfilesFromAccountEntity(n,t==null?void 0:t.tenantId,t))}getTenantedAccountInfoByFilter(e,t,n,o){let i=null,a;if(o&&!this.tenantProfileMatchesFilter(n,o))return null;const s=this.getIdToken(e,t,n.tenantId);return s&&(a=Pe(s.secret,this.cryptoImpl.base64Decode),!this.idTokenClaimsMatchTenantProfileFilter(a,o))?null:(i=io(e,n,a,s==null?void 0:s.secret),i)}getTenantProfilesFromAccountEntity(e,t,n){const o=e.getAccountInfo();let i=o.tenantProfiles||new Map;const a=this.getTokenKeys();if(t){const c=i.get(t);if(c)i=new Map([[t,c]]);else return[]}const s=[];return i.forEach(c=>{const d=this.getTenantedAccountInfoByFilter(o,a,c,n);d&&s.push(d)}),s}tenantProfileMatchesFilter(e,t){return!(t.localAccountId&&!this.matchLocalAccountIdFromTenantProfile(e,t.localAccountId)||t.name&&e.name!==t.name||t.isHomeTenant!==void 0&&e.isHomeTenant!==t.isHomeTenant)}idTokenClaimsMatchTenantProfileFilter(e,t){return!(t&&(t.localAccountId&&!this.matchLocalAccountIdFromTokenClaims(e,t.localAccountId)||t.loginHint&&!this.matchLoginHintFromTokenClaims(e,t.loginHint)||t.username&&!this.matchUsername(e.preferred_username,t.username)||t.name&&!this.matchName(e,t.name)||t.sid&&!this.matchSid(e,t.sid)))}async saveCacheRecord(e,t,n){var o,i,a,s;if(!e)throw f(Gr);try{e.account&&await this.setAccount(e.account,t),e.idToken&&(n==null?void 0:n.idToken)!==!1&&await this.setIdTokenCredential(e.idToken,t),e.accessToken&&(n==null?void 0:n.accessToken)!==!1&&await this.saveAccessToken(e.accessToken,t),e.refreshToken&&(n==null?void 0:n.refreshToken)!==!1&&await this.setRefreshTokenCredential(e.refreshToken,t),e.appMetadata&&this.setAppMetadata(e.appMetadata)}catch(c){throw(o=this.commonLogger)==null||o.error("CacheManager.saveCacheRecord: failed"),c instanceof Error?((i=this.commonLogger)==null||i.errorPii(`CacheManager.saveCacheRecord: ${c.message}`,t),c.name==="QuotaExceededError"||c.name==="NS_ERROR_DOM_QUOTA_REACHED"||c.message.includes("exceeded the quota")?((a=this.commonLogger)==null||a.error("CacheManager.saveCacheRecord: exceeded storage quota",t),new Xe(Ci)):new Xe(c.name,c.message)):((s=this.commonLogger)==null||s.errorPii(`CacheManager.saveCacheRecord: ${c}`,t),new Xe(so))}}async saveAccessToken(e,t){const n={clientId:e.clientId,credentialType:e.credentialType,environment:e.environment,homeAccountId:e.homeAccountId,realm:e.realm,tokenType:e.tokenType,requestedClaimsHash:e.requestedClaimsHash},o=this.getTokenKeys(),i=M.fromString(e.target),a=[];o.accessToken.forEach(s=>{if(!this.accessTokenKeyMatchesFilter(s,n,!1))return;const c=this.getAccessTokenCredential(s);c&&this.credentialMatchesFilter(c,n)&&M.fromString(c.target).intersectingScopeSets(i)&&a.push(this.removeAccessToken(s))}),await Promise.all(a),await this.setAccessTokenCredential(e,t)}getAccountsFilteredBy(e){const t=this.getAccountKeys(),n=[];return t.forEach(o=>{var c;if(!this.isAccountKey(o,e.homeAccountId))return;const i=this.getAccount(o,this.commonLogger);if(!i||e.homeAccountId&&!this.matchHomeAccountId(i,e.homeAccountId)||e.username&&!this.matchUsername(i.username,e.username)||e.environment&&!this.matchEnvironment(i,e.environment)||e.realm&&!this.matchRealm(i,e.realm)||e.nativeAccountId&&!this.matchNativeAccountId(i,e.nativeAccountId)||e.authorityType&&!this.matchAuthorityType(i,e.authorityType))return;const a={localAccountId:e==null?void 0:e.localAccountId,name:e==null?void 0:e.name},s=(c=i.tenantProfiles)==null?void 0:c.filter(d=>this.tenantProfileMatchesFilter(d,a));s&&s.length===0||n.push(i)}),n}isAccountKey(e,t,n){return!(e.split(z.CACHE_KEY_SEPARATOR).length<3||t&&!e.toLowerCase().includes(t.toLowerCase())||n&&!e.toLowerCase().includes(n.toLowerCase()))}isCredentialKey(e){if(e.split(z.CACHE_KEY_SEPARATOR).length<6)return!1;const t=e.toLowerCase();if(t.indexOf(I.ID_TOKEN.toLowerCase())===-1&&t.indexOf(I.ACCESS_TOKEN.toLowerCase())===-1&&t.indexOf(I.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase())===-1&&t.indexOf(I.REFRESH_TOKEN.toLowerCase())===-1)return!1;if(t.indexOf(I.REFRESH_TOKEN.toLowerCase())>-1){const n=`${I.REFRESH_TOKEN}${z.CACHE_KEY_SEPARATOR}${this.clientId}${z.CACHE_KEY_SEPARATOR}`,o=`${I.REFRESH_TOKEN}${z.CACHE_KEY_SEPARATOR}${lt}${z.CACHE_KEY_SEPARATOR}`;if(t.indexOf(n.toLowerCase())===-1&&t.indexOf(o.toLowerCase())===-1)return!1}else if(t.indexOf(this.clientId.toLowerCase())===-1)return!1;return!0}credentialMatchesFilter(e,t){return!(t.clientId&&!this.matchClientId(e,t.clientId)||t.userAssertionHash&&!this.matchUserAssertionHash(e,t.userAssertionHash)||typeof t.homeAccountId=="string"&&!this.matchHomeAccountId(e,t.homeAccountId)||t.environment&&!this.matchEnvironment(e,t.environment)||t.realm&&!this.matchRealm(e,t.realm)||t.credentialType&&!this.matchCredentialType(e,t.credentialType)||t.familyId&&!this.matchFamilyId(e,t.familyId)||t.target&&!this.matchTarget(e,t.target)||(t.requestedClaimsHash||e.requestedClaimsHash)&&e.requestedClaimsHash!==t.requestedClaimsHash||e.credentialType===I.ACCESS_TOKEN_WITH_AUTH_SCHEME&&(t.tokenType&&!this.matchTokenType(e,t.tokenType)||t.tokenType===k.SSH&&t.keyId&&!this.matchKeyId(e,t.keyId)))}getAppMetadataFilteredBy(e){const t=this.getKeys(),n={};return t.forEach(o=>{if(!this.isAppMetadata(o))return;const i=this.getAppMetadata(o);i&&(e.environment&&!this.matchEnvironment(i,e.environment)||e.clientId&&!this.matchClientId(i,e.clientId)||(n[o]=i))}),n}getAuthorityMetadataByAlias(e){const t=this.getAuthorityMetadataKeys();let n=null;return t.forEach(o=>{if(!this.isAuthorityMetadata(o)||o.indexOf(this.clientId)===-1)return;const i=this.getAuthorityMetadata(o);i&&i.aliases.indexOf(e)!==-1&&(n=i)}),n}async removeAllAccounts(){const e=this.getAccountKeys(),t=[];e.forEach(n=>{t.push(this.removeAccount(n))}),await Promise.all(t)}async removeAccount(e){const t=this.getAccount(e,this.commonLogger);t&&(await this.removeAccountContext(t),this.removeItem(e))}async removeAccountContext(e){const t=this.getTokenKeys(),n=e.generateAccountId(),o=[];t.idToken.forEach(i=>{i.indexOf(n)===0&&this.removeIdToken(i)}),t.accessToken.forEach(i=>{i.indexOf(n)===0&&o.push(this.removeAccessToken(i))}),t.refreshToken.forEach(i=>{i.indexOf(n)===0&&this.removeRefreshToken(i)}),await Promise.all(o)}async removeAccessToken(e){const t=this.getAccessTokenCredential(e);if(t){if(t.credentialType.toLowerCase()===I.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()&&t.tokenType===k.POP){const o=t.keyId;if(o)try{await this.cryptoImpl.removeTokenBindingKey(o)}catch{throw f($r)}}return this.removeItem(e)}}removeAppMetadata(){return this.getKeys().forEach(t=>{this.isAppMetadata(t)&&this.removeItem(t)}),!0}readAccountFromCache(e){const t=q.generateAccountCacheKey(e);return this.getAccount(t,this.commonLogger)}getIdToken(e,t,n,o,i){this.commonLogger.trace("CacheManager - getIdToken called");const a={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:I.ID_TOKEN,clientId:this.clientId,realm:n},s=this.getIdTokensByFilter(a,t),c=s.size;if(c<1)return this.commonLogger.info("CacheManager:getIdToken - No token found"),null;if(c>1){let d=s;if(!n){const h=new Map;s.forEach((m,A)=>{m.realm===e.tenantId&&h.set(A,m)});const u=h.size;if(u<1)return this.commonLogger.info("CacheManager:getIdToken - Multiple ID tokens found for account but none match account entity tenant id, returning first result"),s.values().next().value;if(u===1)return this.commonLogger.info("CacheManager:getIdToken - Multiple ID tokens found for account, defaulting to home tenant profile"),h.values().next().value;d=h}return this.commonLogger.info("CacheManager:getIdToken - Multiple matching ID tokens found, clearing them"),d.forEach((h,u)=>{this.removeIdToken(u)}),o&&i&&o.addFields({multiMatchedID:s.size},i),null}return this.commonLogger.info("CacheManager:getIdToken - Returning ID token"),s.values().next().value}getIdTokensByFilter(e,t){const n=t&&t.idToken||this.getTokenKeys().idToken,o=new Map;return n.forEach(i=>{if(!this.idTokenKeyMatchesFilter(i,{clientId:this.clientId,...e}))return;const a=this.getIdTokenCredential(i);a&&this.credentialMatchesFilter(a,e)&&o.set(i,a)}),o}idTokenKeyMatchesFilter(e,t){const n=e.toLowerCase();return!(t.clientId&&n.indexOf(t.clientId.toLowerCase())===-1||t.homeAccountId&&n.indexOf(t.homeAccountId.toLowerCase())===-1)}removeIdToken(e){this.removeItem(e)}removeRefreshToken(e){this.removeItem(e)}getAccessToken(e,t,n,o,i,a){this.commonLogger.trace("CacheManager - getAccessToken called");const s=M.createSearchScopes(t.scopes),c=t.authenticationScheme||k.BEARER,d=c.toLowerCase()!==k.BEARER.toLowerCase()?I.ACCESS_TOKEN_WITH_AUTH_SCHEME:I.ACCESS_TOKEN,h={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:d,clientId:this.clientId,realm:o||e.tenantId,target:s,tokenType:c,keyId:t.sshKid,requestedClaimsHash:t.requestedClaimsHash},u=n&&n.accessToken||this.getTokenKeys().accessToken,m=[];u.forEach(E=>{if(this.accessTokenKeyMatchesFilter(E,h,!0)){const w=this.getAccessTokenCredential(E);w&&this.credentialMatchesFilter(w,h)&&m.push(w)}});const A=m.length;return A<1?(this.commonLogger.info("CacheManager:getAccessToken - No token found"),null):A>1?(this.commonLogger.info("CacheManager:getAccessToken - Multiple access tokens found, clearing them"),m.forEach(E=>{this.removeAccessToken(ht(E))}),i&&a&&i.addFields({multiMatchedAT:m.length},a),null):(this.commonLogger.info("CacheManager:getAccessToken - Returning access token"),m[0])}accessTokenKeyMatchesFilter(e,t,n){const o=e.toLowerCase();if(t.clientId&&o.indexOf(t.clientId.toLowerCase())===-1||t.homeAccountId&&o.indexOf(t.homeAccountId.toLowerCase())===-1||t.realm&&o.indexOf(t.realm.toLowerCase())===-1||t.requestedClaimsHash&&o.indexOf(t.requestedClaimsHash.toLowerCase())===-1)return!1;if(t.target){const i=t.target.asArray();for(let a=0;a<i.length;a++){if(n&&!o.includes(i[a].toLowerCase()))return!1;if(!n&&o.includes(i[a].toLowerCase()))return!0}}return!0}getAccessTokensByFilter(e){const t=this.getTokenKeys(),n=[];return t.accessToken.forEach(o=>{if(!this.accessTokenKeyMatchesFilter(o,e,!0))return;const i=this.getAccessTokenCredential(o);i&&this.credentialMatchesFilter(i,e)&&n.push(i)}),n}getRefreshToken(e,t,n,o,i){this.commonLogger.trace("CacheManager - getRefreshToken called");const a=t?lt:void 0,s={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:I.REFRESH_TOKEN,clientId:this.clientId,familyId:a},c=n&&n.refreshToken||this.getTokenKeys().refreshToken,d=[];c.forEach(u=>{if(this.refreshTokenKeyMatchesFilter(u,s)){const m=this.getRefreshTokenCredential(u);m&&this.credentialMatchesFilter(m,s)&&d.push(m)}});const h=d.length;return h<1?(this.commonLogger.info("CacheManager:getRefreshToken - No refresh token found."),null):(h>1&&o&&i&&o.addFields({multiMatchedRT:h},i),this.commonLogger.info("CacheManager:getRefreshToken - returning refresh token"),d[0])}refreshTokenKeyMatchesFilter(e,t){const n=e.toLowerCase();return!(t.familyId&&n.indexOf(t.familyId.toLowerCase())===-1||!t.familyId&&t.clientId&&n.indexOf(t.clientId.toLowerCase())===-1||t.homeAccountId&&n.indexOf(t.homeAccountId.toLowerCase())===-1)}readAppMetadataFromCache(e){const t={environment:e,clientId:this.clientId},n=this.getAppMetadataFilteredBy(t),o=Object.keys(n).map(a=>n[a]),i=o.length;if(i<1)return null;if(i>1)throw f(xr);return o[0]}isAppMetadataFOCI(e){const t=this.readAppMetadataFromCache(e);return!!(t&&t.familyId===lt)}matchHomeAccountId(e,t){return typeof e.homeAccountId=="string"&&t===e.homeAccountId}matchLocalAccountIdFromTokenClaims(e,t){const n=e.oid||e.sub;return t===n}matchLocalAccountIdFromTenantProfile(e,t){return e.localAccountId===t}matchName(e,t){var n;return t.toLowerCase()===((n=e.name)==null?void 0:n.toLowerCase())}matchUsername(e,t){return!!(e&&typeof e=="string"&&(t==null?void 0:t.toLowerCase())===e.toLowerCase())}matchUserAssertionHash(e,t){return!!(e.userAssertionHash&&t===e.userAssertionHash)}matchEnvironment(e,t){if(this.staticAuthorityOptions){const o=Hs(this.staticAuthorityOptions,this.commonLogger);if(o.includes(t)&&o.includes(e.environment))return!0}const n=this.getAuthorityMetadataByAlias(t);return!!(n&&n.aliases.indexOf(e.environment)>-1)}matchCredentialType(e,t){return e.credentialType&&t.toLowerCase()===e.credentialType.toLowerCase()}matchClientId(e,t){return!!(e.clientId&&t===e.clientId)}matchFamilyId(e,t){return!!(e.familyId&&t===e.familyId)}matchRealm(e,t){var n;return((n=e.realm)==null?void 0:n.toLowerCase())===t.toLowerCase()}matchNativeAccountId(e,t){return!!(e.nativeAccountId&&t===e.nativeAccountId)}matchLoginHintFromTokenClaims(e,t){return e.login_hint===t||e.preferred_username===t||e.upn===t}matchSid(e,t){return e.sid===t}matchAuthorityType(e,t){return!!(e.authorityType&&t.toLowerCase()===e.authorityType.toLowerCase())}matchTarget(e,t){return e.credentialType!==I.ACCESS_TOKEN&&e.credentialType!==I.ACCESS_TOKEN_WITH_AUTH_SCHEME||!e.target?!1:M.fromString(e.target).containsScopeSet(t)}matchTokenType(e,t){return!!(e.tokenType&&e.tokenType===t)}matchKeyId(e,t){return!!(e.keyId&&e.keyId===t)}isAppMetadata(e){return e.indexOf(Vn)!==-1}isAuthorityMetadata(e){return e.indexOf(Lt.CACHE_KEY)!==-1}generateAuthorityMetadataCacheKey(e){return`${Lt.CACHE_KEY}-${this.clientId}-${e}`}static toObject(e,t){for(const n in t)e[n]=t[n];return e}}class xs extends Nn{async setAccount(){throw f(v)}getAccount(){throw f(v)}async setIdTokenCredential(){throw f(v)}getIdTokenCredential(){throw f(v)}async setAccessTokenCredential(){throw f(v)}getAccessTokenCredential(){throw f(v)}async setRefreshTokenCredential(){throw f(v)}getRefreshTokenCredential(){throw f(v)}setAppMetadata(){throw f(v)}getAppMetadata(){throw f(v)}setServerTelemetry(){throw f(v)}getServerTelemetry(){throw f(v)}setAuthorityMetadata(){throw f(v)}getAuthorityMetadata(){throw f(v)}getAuthorityMetadataKeys(){throw f(v)}setThrottlingCache(){throw f(v)}getThrottlingCache(){throw f(v)}removeItem(){throw f(v)}getKeys(){throw f(v)}getAccountKeys(){throw f(v)}getTokenKeys(){throw f(v)}}/*! @azure/msal-common v15.4.0 2025-03-25 */const yi={tokenRenewalOffsetSeconds:ss,preventCorsPreflight:!1},Fs={loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:N.Info,correlationId:g.EMPTY_STRING},Ks={claimsBasedCachingEnabled:!1},Bs={async sendGetRequestAsync(){throw f(v)},async sendPostRequestAsync(){throw f(v)}},Gs={sku:g.SKU,version:eo,cpu:g.EMPTY_STRING,os:g.EMPTY_STRING},zs={clientSecret:g.EMPTY_STRING,clientAssertion:void 0},qs={azureCloudInstance:to.None,tenant:`${g.DEFAULT_COMMON_TENANT}`},$s={application:{appName:"",appVersion:""}};function Vs({authOptions:r,systemOptions:e,loggerOptions:t,cacheOptions:n,storageInterface:o,networkInterface:i,cryptoInterface:a,clientCredentials:s,libraryInfo:c,telemetry:d,serverTelemetryManager:h,persistencePlugin:u,serializableCache:m}){const A={...Fs,...t};return{authOptions:Qs(r),systemOptions:{...yi,...e},loggerOptions:A,cacheOptions:{...Ks,...n},storageInterface:o||new xs(r.clientId,gt,new Ee(A)),networkInterface:i||Bs,cryptoInterface:a||gt,clientCredentials:s||zs,libraryInfo:{...Gs,...c},telemetry:{...$s,...d},serverTelemetryManager:h||null,persistencePlugin:u||null,serializableCache:m||null}}function Qs(r){return{clientCapabilities:[],azureCloudOptions:qs,skipAuthorityMetadataCache:!1,instanceAware:!1,...r}}function Ti(r){return r.authOptions.authority.options.protocolMode===Y.OIDC}/*! @azure/msal-common v15.4.0 2025-03-25 */const ie={HOME_ACCOUNT_ID:"home_account_id",UPN:"UPN"};/*! @azure/msal-common v15.4.0 2025-03-25 */const Ke="client_id",Ai="redirect_uri",Ys="response_type",js="response_mode",Ws="grant_type",Js="claims",Xs="scope",Zs="refresh_token",ec="state",tc="nonce",nc="prompt",oc="code",rc="code_challenge",ic="code_challenge_method",ac="code_verifier",sc="client-request-id",cc="x-client-SKU",lc="x-client-VER",dc="x-client-OS",hc="x-client-CPU",uc="x-client-current-telemetry",gc="x-client-last-telemetry",pc="x-ms-lib-capability",fc="x-app-name",mc="x-app-ver",Cc="post_logout_redirect_uri",yc="id_token_hint",Tc="client_secret",Ac="client_assertion",Ic="client_assertion_type",Ii="token_type",Ei="req_cnf",cr="return_spa_code",Ec="nativebroker",wc="logout_hint",vc="sid",Sc="login_hint",kc="domain_hint",_c="x-client-xtra-sku",Gt="brk_client_id",zt="brk_redirect_uri",Mn="instance_aware",Rc="ear_jwk",bc="ear_jwe_crypto";/*! @azure/msal-common v15.4.0 2025-03-25 */function an(r,e,t){if(!e)return;const n=r.get(Ke);n&&r.has(Gt)&&(t==null||t.addFields({embeddedClientId:n,embeddedRedirectUri:r.get(Ai)},e))}function wi(r,e){r.set(Ys,e)}function Oc(r,e){r.set(js,e||rs.QUERY)}function Pc(r){r.set(Ec,"1")}function co(r,e,t=!0,n=ze){t&&!n.includes("openid")&&!e.includes("openid")&&n.push("openid");const o=t?[...e||[],...n]:e||[],i=new M(o);r.set(Xs,i.printScopes())}function lo(r,e){r.set(Ke,e)}function ho(r,e){r.set(Ai,e)}function Nc(r,e){r.set(Cc,e)}function Mc(r,e){r.set(yc,e)}function Uc(r,e){r.set(kc,e)}function bt(r,e){r.set(Sc,e)}function qt(r,e){r.set(V.CCS_HEADER,`UPN:${e}`)}function ut(r,e){r.set(V.CCS_HEADER,`Oid:${e.uid}@${e.utid}`)}function lr(r,e){r.set(vc,e)}function uo(r,e,t){const n=Oi(e,t);try{JSON.parse(n)}catch{throw R(tn)}r.set(Js,n)}function go(r,e){r.set(sc,e)}function po(r,e){r.set(cc,e.sku),r.set(lc,e.version),e.os&&r.set(dc,e.os),e.cpu&&r.set(hc,e.cpu)}function fo(r,e){e!=null&&e.appName&&r.set(fc,e.appName),e!=null&&e.appVersion&&r.set(mc,e.appVersion)}function Lc(r,e){r.set(nc,e)}function vi(r,e){e&&r.set(ec,e)}function Hc(r,e){r.set(tc,e)}function Dc(r,e,t){if(e&&t)r.set(rc,e),r.set(ic,t);else throw R(nn)}function xc(r,e){r.set(oc,e)}function Fc(r,e){r.set(Zs,e)}function Kc(r,e){r.set(ac,e)}function Si(r,e){r.set(Tc,e)}function ki(r,e){e&&r.set(Ac,e)}function _i(r,e){e&&r.set(Ic,e)}function Ri(r,e){r.set(Ws,e)}function mo(r){r.set(is,"1")}function bi(r){r.has(Mn)||r.set(Mn,"true")}function Fe(r,e){Object.entries(e).forEach(([t,n])=>{!r.has(t)&&n&&r.set(t,n)})}function Oi(r,e){let t;if(!r)t={};else try{t=JSON.parse(r)}catch{throw R(tn)}return e&&e.length>0&&(t.hasOwnProperty(St.ACCESS_TOKEN)||(t[St.ACCESS_TOKEN]={}),t[St.ACCESS_TOKEN][St.XMS_CC]={values:e}),JSON.stringify(t)}function Co(r,e){e&&(r.set(Ii,k.POP),r.set(Ei,e))}function Pi(r,e){e&&(r.set(Ii,k.SSH),r.set(Ei,e))}function Ni(r,e){r.set(uc,e.generateCurrentRequestHeaderValue()),r.set(gc,e.generateLastRequestHeaderValue())}function Mi(r){r.set(pc,dt.X_MS_LIB_CAPABILITY_VALUE)}function Bc(r,e){r.set(wc,e)}function sn(r,e,t){r.has(Gt)||r.set(Gt,e),r.has(zt)||r.set(zt,t)}function Gc(r,e){r.set(Rc,encodeURIComponent(e)),r.set(bc,"eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0")}/*! @azure/msal-common v15.4.0 2025-03-25 */function zc(r){return r.hasOwnProperty("authorization_endpoint")&&r.hasOwnProperty("token_endpoint")&&r.hasOwnProperty("issuer")&&r.hasOwnProperty("jwks_uri")}/*! @azure/msal-common v15.4.0 2025-03-25 */function qc(r){return r.hasOwnProperty("tenant_discovery_endpoint")&&r.hasOwnProperty("metadata")}/*! @azure/msal-common v15.4.0 2025-03-25 */function $c(r){return r.hasOwnProperty("error")&&r.hasOwnProperty("error_description")}/*! @azure/msal-common v15.4.0 2025-03-25 */const l={AcquireTokenByCode:"acquireTokenByCode",AcquireTokenByRefreshToken:"acquireTokenByRefreshToken",AcquireTokenSilent:"acquireTokenSilent",AcquireTokenSilentAsync:"acquireTokenSilentAsync",AcquireTokenPopup:"acquireTokenPopup",AcquireTokenPreRedirect:"acquireTokenPreRedirect",AcquireTokenRedirect:"acquireTokenRedirect",CryptoOptsGetPublicKeyThumbprint:"cryptoOptsGetPublicKeyThumbprint",CryptoOptsSignJwt:"cryptoOptsSignJwt",SilentCacheClientAcquireToken:"silentCacheClientAcquireToken",SilentIframeClientAcquireToken:"silentIframeClientAcquireToken",AwaitConcurrentIframe:"awaitConcurrentIframe",SilentRefreshClientAcquireToken:"silentRefreshClientAcquireToken",SsoSilent:"ssoSilent",StandardInteractionClientGetDiscoveredAuthority:"standardInteractionClientGetDiscoveredAuthority",FetchAccountIdWithNativeBroker:"fetchAccountIdWithNativeBroker",NativeInteractionClientAcquireToken:"nativeInteractionClientAcquireToken",BaseClientCreateTokenRequestHeaders:"baseClientCreateTokenRequestHeaders",NetworkClientSendPostRequestAsync:"networkClientSendPostRequestAsync",RefreshTokenClientExecutePostToTokenEndpoint:"refreshTokenClientExecutePostToTokenEndpoint",AuthorizationCodeClientExecutePostToTokenEndpoint:"authorizationCodeClientExecutePostToTokenEndpoint",BrokerHandhshake:"brokerHandshake",AcquireTokenByRefreshTokenInBroker:"acquireTokenByRefreshTokenInBroker",AcquireTokenByBroker:"acquireTokenByBroker",RefreshTokenClientExecuteTokenRequest:"refreshTokenClientExecuteTokenRequest",RefreshTokenClientAcquireToken:"refreshTokenClientAcquireToken",RefreshTokenClientAcquireTokenWithCachedRefreshToken:"refreshTokenClientAcquireTokenWithCachedRefreshToken",RefreshTokenClientAcquireTokenByRefreshToken:"refreshTokenClientAcquireTokenByRefreshToken",RefreshTokenClientCreateTokenRequestBody:"refreshTokenClientCreateTokenRequestBody",AcquireTokenFromCache:"acquireTokenFromCache",SilentFlowClientAcquireCachedToken:"silentFlowClientAcquireCachedToken",SilentFlowClientGenerateResultFromCacheRecord:"silentFlowClientGenerateResultFromCacheRecord",AcquireTokenBySilentIframe:"acquireTokenBySilentIframe",InitializeBaseRequest:"initializeBaseRequest",InitializeSilentRequest:"initializeSilentRequest",InitializeClientApplication:"initializeClientApplication",InitializeCache:"initializeCache",SilentIframeClientTokenHelper:"silentIframeClientTokenHelper",SilentHandlerInitiateAuthRequest:"silentHandlerInitiateAuthRequest",SilentHandlerMonitorIframeForHash:"silentHandlerMonitorIframeForHash",SilentHandlerLoadFrame:"silentHandlerLoadFrame",SilentHandlerLoadFrameSync:"silentHandlerLoadFrameSync",StandardInteractionClientCreateAuthCodeClient:"standardInteractionClientCreateAuthCodeClient",StandardInteractionClientGetClientConfiguration:"standardInteractionClientGetClientConfiguration",StandardInteractionClientInitializeAuthorizationRequest:"standardInteractionClientInitializeAuthorizationRequest",GetAuthCodeUrl:"getAuthCodeUrl",GetStandardParams:"getStandardParams",HandleCodeResponseFromServer:"handleCodeResponseFromServer",HandleCodeResponse:"handleCodeResponse",HandleResponseEar:"handleResponseEar",HandleResponsePlatformBroker:"handleResponsePlatformBroker",HandleResponseCode:"handleResponseCode",UpdateTokenEndpointAuthority:"updateTokenEndpointAuthority",AuthClientAcquireToken:"authClientAcquireToken",AuthClientExecuteTokenRequest:"authClientExecuteTokenRequest",AuthClientCreateTokenRequestBody:"authClientCreateTokenRequestBody",PopTokenGenerateCnf:"popTokenGenerateCnf",PopTokenGenerateKid:"popTokenGenerateKid",HandleServerTokenResponse:"handleServerTokenResponse",DeserializeResponse:"deserializeResponse",AuthorityFactoryCreateDiscoveredInstance:"authorityFactoryCreateDiscoveredInstance",AuthorityResolveEndpointsAsync:"authorityResolveEndpointsAsync",AuthorityResolveEndpointsFromLocalSources:"authorityResolveEndpointsFromLocalSources",AuthorityGetCloudDiscoveryMetadataFromNetwork:"authorityGetCloudDiscoveryMetadataFromNetwork",AuthorityUpdateCloudDiscoveryMetadata:"authorityUpdateCloudDiscoveryMetadata",AuthorityGetEndpointMetadataFromNetwork:"authorityGetEndpointMetadataFromNetwork",AuthorityUpdateEndpointMetadata:"authorityUpdateEndpointMetadata",AuthorityUpdateMetadataWithRegionalInformation:"authorityUpdateMetadataWithRegionalInformation",RegionDiscoveryDetectRegion:"regionDiscoveryDetectRegion",RegionDiscoveryGetRegionFromIMDS:"regionDiscoveryGetRegionFromIMDS",RegionDiscoveryGetCurrentVersion:"regionDiscoveryGetCurrentVersion",AcquireTokenByCodeAsync:"acquireTokenByCodeAsync",GetEndpointMetadataFromNetwork:"getEndpointMetadataFromNetwork",GetCloudDiscoveryMetadataFromNetworkMeasurement:"getCloudDiscoveryMetadataFromNetworkMeasurement",HandleRedirectPromiseMeasurement:"handleRedirectPromise",HandleNativeRedirectPromiseMeasurement:"handleNativeRedirectPromise",UpdateCloudDiscoveryMetadataMeasurement:"updateCloudDiscoveryMetadataMeasurement",UsernamePasswordClientAcquireToken:"usernamePasswordClientAcquireToken",NativeMessageHandlerHandshake:"nativeMessageHandlerHandshake",NativeGenerateAuthResult:"nativeGenerateAuthResult",RemoveHiddenIframe:"removeHiddenIframe",ClearTokensAndKeysWithClaims:"clearTokensAndKeysWithClaims",CacheManagerGetRefreshToken:"cacheManagerGetRefreshToken",ImportExistingCache:"importExistingCache",SetUserData:"setUserData",LocalStorageUpdated:"localStorageUpdated",GeneratePkceCodes:"generatePkceCodes",GenerateCodeVerifier:"generateCodeVerifier",GenerateCodeChallengeFromVerifier:"generateCodeChallengeFromVerifier",Sha256Digest:"sha256Digest",GetRandomValues:"getRandomValues",GenerateHKDF:"generateHKDF",GenerateBaseKey:"generateBaseKey",Base64Decode:"base64Decode",UrlEncodeArr:"urlEncodeArr",Encrypt:"encrypt",Decrypt:"decrypt",GenerateEarKey:"generateEarKey",DecryptEarResponse:"decryptEarResponse"},Vc={InProgress:1};/*! @azure/msal-common v15.4.0 2025-03-25 */const ce=(r,e,t,n,o)=>(...i)=>{t.trace(`Executing function ${e}`);const a=n==null?void 0:n.startMeasurement(e,o);if(o){const s=e+"CallCount";n==null||n.incrementFields({[s]:1},o)}try{const s=r(...i);return a==null||a.end({success:!0}),t.trace(`Returning result from ${e}`),s}catch(s){t.trace(`Error occurred in ${e}`);try{t.trace(JSON.stringify(s))}catch{t.trace("Unable to print error message.")}throw a==null||a.end({success:!1},s),s}},p=(r,e,t,n,o)=>(...i)=>{t.trace(`Executing function ${e}`);const a=n==null?void 0:n.startMeasurement(e,o);if(o){const s=e+"CallCount";n==null||n.incrementFields({[s]:1},o)}return n==null||n.setPreQueueTime(e,o),r(...i).then(s=>(t.trace(`Returning result from ${e}`),a==null||a.end({success:!0}),s)).catch(s=>{t.trace(`Error occurred in ${e}`);try{t.trace(JSON.stringify(s))}catch{t.trace("Unable to print error message.")}throw a==null||a.end({success:!1},s),s})};/*! @azure/msal-common v15.4.0 2025-03-25 */class cn{constructor(e,t,n,o){this.networkInterface=e,this.logger=t,this.performanceClient=n,this.correlationId=o}async detectRegion(e,t){var o;(o=this.performanceClient)==null||o.addQueueMeasurement(l.RegionDiscoveryDetectRegion,this.correlationId);let n=e;if(n)t.region_source=qe.ENVIRONMENT_VARIABLE;else{const i=cn.IMDS_OPTIONS;try{const a=await p(this.getRegionFromIMDS.bind(this),l.RegionDiscoveryGetRegionFromIMDS,this.logger,this.performanceClient,this.correlationId)(g.IMDS_VERSION,i);if(a.status===_t.httpSuccess&&(n=a.body,t.region_source=qe.IMDS),a.status===_t.httpBadRequest){const s=await p(this.getCurrentVersion.bind(this),l.RegionDiscoveryGetCurrentVersion,this.logger,this.performanceClient,this.correlationId)(i);if(!s)return t.region_source=qe.FAILED_AUTO_DETECTION,null;const c=await p(this.getRegionFromIMDS.bind(this),l.RegionDiscoveryGetRegionFromIMDS,this.logger,this.performanceClient,this.correlationId)(s,i);c.status===_t.httpSuccess&&(n=c.body,t.region_source=qe.IMDS)}}catch{return t.region_source=qe.FAILED_AUTO_DETECTION,null}}return n||(t.region_source=qe.FAILED_AUTO_DETECTION),n||null}async getRegionFromIMDS(e,t){var n;return(n=this.performanceClient)==null||n.addQueueMeasurement(l.RegionDiscoveryGetRegionFromIMDS,this.correlationId),this.networkInterface.sendGetRequestAsync(`${g.IMDS_ENDPOINT}?api-version=${e}&format=text`,t,g.IMDS_TIMEOUT)}async getCurrentVersion(e){var t;(t=this.performanceClient)==null||t.addQueueMeasurement(l.RegionDiscoveryGetCurrentVersion,this.correlationId);try{const n=await this.networkInterface.sendGetRequestAsync(`${g.IMDS_ENDPOINT}?format=json`,e);return n.status===_t.httpBadRequest&&n.body&&n.body["newest-versions"]&&n.body["newest-versions"].length>0?n.body["newest-versions"][0]:null}catch{return null}}}cn.IMDS_OPTIONS={headers:{Metadata:"true"}};/*! @azure/msal-common v15.4.0 2025-03-25 */class G{constructor(e,t,n,o,i,a,s,c){this.canonicalAuthority=e,this._canonicalAuthority.validateAsUri(),this.networkInterface=t,this.cacheManager=n,this.authorityOptions=o,this.regionDiscoveryMetadata={region_used:void 0,region_source:void 0,region_outcome:void 0},this.logger=i,this.performanceClient=s,this.correlationId=a,this.managedIdentity=c||!1,this.regionDiscovery=new cn(t,this.logger,this.performanceClient,this.correlationId)}getAuthorityType(e){if(e.HostNameAndPort.endsWith(g.CIAM_AUTH_URL))return re.Ciam;const t=e.PathSegments;if(t.length)switch(t[0].toLowerCase()){case g.ADFS:return re.Adfs;case g.DSTS:return re.Dsts}return re.Default}get authorityType(){return this.getAuthorityType(this.canonicalAuthorityUrlComponents)}get protocolMode(){return this.authorityOptions.protocolMode}get options(){return this.authorityOptions}get canonicalAuthority(){return this._canonicalAuthority.urlString}set canonicalAuthority(e){this._canonicalAuthority=new S(e),this._canonicalAuthority.validateAsUri(),this._canonicalAuthorityUrlComponents=null}get canonicalAuthorityUrlComponents(){return this._canonicalAuthorityUrlComponents||(this._canonicalAuthorityUrlComponents=this._canonicalAuthority.getUrlComponents()),this._canonicalAuthorityUrlComponents}get hostnameAndPort(){return this.canonicalAuthorityUrlComponents.HostNameAndPort.toLowerCase()}get tenant(){return this.canonicalAuthorityUrlComponents.PathSegments[0]}get authorizationEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.authorization_endpoint);throw f(ye)}get tokenEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.token_endpoint);throw f(ye)}get deviceCodeEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.token_endpoint.replace("/token","/devicecode"));throw f(ye)}get endSessionEndpoint(){if(this.discoveryComplete()){if(!this.metadata.end_session_endpoint)throw f(Vr);return this.replacePath(this.metadata.end_session_endpoint)}else throw f(ye)}get selfSignedJwtAudience(){if(this.discoveryComplete())return this.replacePath(this.metadata.issuer);throw f(ye)}get jwksUri(){if(this.discoveryComplete())return this.replacePath(this.metadata.jwks_uri);throw f(ye)}canReplaceTenant(e){return e.PathSegments.length===1&&!G.reservedTenantDomains.has(e.PathSegments[0])&&this.getAuthorityType(e)===re.Default&&this.protocolMode!==Y.OIDC}replaceTenant(e){return e.replace(/{tenant}|{tenantid}/g,this.tenant)}replacePath(e){let t=e;const o=new S(this.metadata.canonical_authority).getUrlComponents(),i=o.PathSegments;return this.canonicalAuthorityUrlComponents.PathSegments.forEach((s,c)=>{let d=i[c];if(c===0&&this.canReplaceTenant(o)){const h=new S(this.metadata.authorization_endpoint).getUrlComponents().PathSegments[0];d!==h&&(this.logger.verbose(`Replacing tenant domain name ${d} with id ${h}`),d=h)}s!==d&&(t=t.replace(`/${d}/`,`/${s}/`))}),this.replaceTenant(t)}get defaultOpenIdConfigurationEndpoint(){const e=this.hostnameAndPort;return this.canonicalAuthority.endsWith("v2.0/")||this.authorityType===re.Adfs||this.protocolMode===Y.OIDC&&!this.isAliasOfKnownMicrosoftAuthority(e)?`${this.canonicalAuthority}.well-known/openid-configuration`:`${this.canonicalAuthority}v2.0/.well-known/openid-configuration`}discoveryComplete(){return!!this.metadata}async resolveEndpointsAsync(){var o,i;(o=this.performanceClient)==null||o.addQueueMeasurement(l.AuthorityResolveEndpointsAsync,this.correlationId);const e=this.getCurrentMetadataEntity(),t=await p(this.updateCloudDiscoveryMetadata.bind(this),l.AuthorityUpdateCloudDiscoveryMetadata,this.logger,this.performanceClient,this.correlationId)(e);this.canonicalAuthority=this.canonicalAuthority.replace(this.hostnameAndPort,e.preferred_network);const n=await p(this.updateEndpointMetadata.bind(this),l.AuthorityUpdateEndpointMetadata,this.logger,this.performanceClient,this.correlationId)(e);this.updateCachedMetadata(e,t,{source:n}),(i=this.performanceClient)==null||i.addFields({cloudDiscoverySource:t,authorityEndpointSource:n},this.correlationId)}getCurrentMetadataEntity(){let e=this.cacheManager.getAuthorityMetadataByAlias(this.hostnameAndPort);return e||(e={aliases:[],preferred_cache:this.hostnameAndPort,preferred_network:this.hostnameAndPort,canonical_authority:this.canonicalAuthority,authorization_endpoint:"",token_endpoint:"",end_session_endpoint:"",issuer:"",aliasesFromNetwork:!1,endpointsFromNetwork:!1,expiresAt:or(),jwks_uri:""}),e}updateCachedMetadata(e,t,n){t!==X.CACHE&&(n==null?void 0:n.source)!==X.CACHE&&(e.expiresAt=or(),e.canonical_authority=this.canonicalAuthority);const o=this.cacheManager.generateAuthorityMetadataCacheKey(e.preferred_cache);this.cacheManager.setAuthorityMetadata(o,e),this.metadata=e}async updateEndpointMetadata(e){var o,i,a;(o=this.performanceClient)==null||o.addQueueMeasurement(l.AuthorityUpdateEndpointMetadata,this.correlationId);const t=this.updateEndpointMetadataFromLocalSources(e);if(t){if(t.source===X.HARDCODED_VALUES&&(i=this.authorityOptions.azureRegionConfiguration)!=null&&i.azureRegion&&t.metadata){const s=await p(this.updateMetadataWithRegionalInformation.bind(this),l.AuthorityUpdateMetadataWithRegionalInformation,this.logger,this.performanceClient,this.correlationId)(t.metadata);Rt(e,s,!1),e.canonical_authority=this.canonicalAuthority}return t.source}let n=await p(this.getEndpointMetadataFromNetwork.bind(this),l.AuthorityGetEndpointMetadataFromNetwork,this.logger,this.performanceClient,this.correlationId)();if(n)return(a=this.authorityOptions.azureRegionConfiguration)!=null&&a.azureRegion&&(n=await p(this.updateMetadataWithRegionalInformation.bind(this),l.AuthorityUpdateMetadataWithRegionalInformation,this.logger,this.performanceClient,this.correlationId)(n)),Rt(e,n,!0),X.NETWORK;throw f(Mr,this.defaultOpenIdConfigurationEndpoint)}updateEndpointMetadataFromLocalSources(e){this.logger.verbose("Attempting to get endpoint metadata from authority configuration");const t=this.getEndpointMetadataFromConfig();if(t)return this.logger.verbose("Found endpoint metadata in authority configuration"),Rt(e,t,!1),{source:X.CONFIG};if(this.logger.verbose("Did not find endpoint metadata in the config... Attempting to get endpoint metadata from the hardcoded values."),this.authorityOptions.skipAuthorityMetadataCache)this.logger.verbose("Skipping hardcoded metadata cache since skipAuthorityMetadataCache is set to true. Attempting to get endpoint metadata from the network metadata cache.");else{const o=this.getEndpointMetadataFromHardcodedValues();if(o)return Rt(e,o,!1),{source:X.HARDCODED_VALUES,metadata:o};this.logger.verbose("Did not find endpoint metadata in hardcoded values... Attempting to get endpoint metadata from the network metadata cache.")}const n=rr(e);return this.isAuthoritySameType(e)&&e.endpointsFromNetwork&&!n?(this.logger.verbose("Found endpoint metadata in the cache."),{source:X.CACHE}):(n&&this.logger.verbose("The metadata entity is expired."),null)}isAuthoritySameType(e){return new S(e.canonical_authority).getUrlComponents().PathSegments.length===this.canonicalAuthorityUrlComponents.PathSegments.length}getEndpointMetadataFromConfig(){if(this.authorityOptions.authorityMetadata)try{return JSON.parse(this.authorityOptions.authorityMetadata)}catch{throw R(si)}return null}async getEndpointMetadataFromNetwork(){var n;(n=this.performanceClient)==null||n.addQueueMeasurement(l.AuthorityGetEndpointMetadataFromNetwork,this.correlationId);const e={},t=this.defaultOpenIdConfigurationEndpoint;this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: attempting to retrieve OAuth endpoints from ${t}`);try{const o=await this.networkInterface.sendGetRequestAsync(t,e);return zc(o.body)?o.body:(this.logger.verbose("Authority.getEndpointMetadataFromNetwork: could not parse response as OpenID configuration"),null)}catch(o){return this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: ${o}`),null}}getEndpointMetadataFromHardcodedValues(){return this.hostnameAndPort in ar?ar[this.hostnameAndPort]:null}async updateMetadataWithRegionalInformation(e){var n,o,i;(n=this.performanceClient)==null||n.addQueueMeasurement(l.AuthorityUpdateMetadataWithRegionalInformation,this.correlationId);const t=(o=this.authorityOptions.azureRegionConfiguration)==null?void 0:o.azureRegion;if(t){if(t!==g.AZURE_REGION_AUTO_DISCOVER_FLAG)return this.regionDiscoveryMetadata.region_outcome=An.CONFIGURED_NO_AUTO_DETECTION,this.regionDiscoveryMetadata.region_used=t,G.replaceWithRegionalInformation(e,t);const a=await p(this.regionDiscovery.detectRegion.bind(this.regionDiscovery),l.RegionDiscoveryDetectRegion,this.logger,this.performanceClient,this.correlationId)((i=this.authorityOptions.azureRegionConfiguration)==null?void 0:i.environmentRegion,this.regionDiscoveryMetadata);if(a)return this.regionDiscoveryMetadata.region_outcome=An.AUTO_DETECTION_REQUESTED_SUCCESSFUL,this.regionDiscoveryMetadata.region_used=a,G.replaceWithRegionalInformation(e,a);this.regionDiscoveryMetadata.region_outcome=An.AUTO_DETECTION_REQUESTED_FAILED}return e}async updateCloudDiscoveryMetadata(e){var o;(o=this.performanceClient)==null||o.addQueueMeasurement(l.AuthorityUpdateCloudDiscoveryMetadata,this.correlationId);const t=this.updateCloudDiscoveryMetadataFromLocalSources(e);if(t)return t;const n=await p(this.getCloudDiscoveryMetadataFromNetwork.bind(this),l.AuthorityGetCloudDiscoveryMetadataFromNetwork,this.logger,this.performanceClient,this.correlationId)();if(n)return In(e,n,!0),X.NETWORK;throw R(ci)}updateCloudDiscoveryMetadataFromLocalSources(e){this.logger.verbose("Attempting to get cloud discovery metadata from authority configuration"),this.logger.verbosePii(`Known Authorities: ${this.authorityOptions.knownAuthorities||g.NOT_APPLICABLE}`),this.logger.verbosePii(`Authority Metadata: ${this.authorityOptions.authorityMetadata||g.NOT_APPLICABLE}`),this.logger.verbosePii(`Canonical Authority: ${e.canonical_authority||g.NOT_APPLICABLE}`);const t=this.getCloudDiscoveryMetadataFromConfig();if(t)return this.logger.verbose("Found cloud discovery metadata in authority configuration"),In(e,t,!1),X.CONFIG;if(this.logger.verbose("Did not find cloud discovery metadata in the config... Attempting to get cloud discovery metadata from the hardcoded values."),this.options.skipAuthorityMetadataCache)this.logger.verbose("Skipping hardcoded cloud discovery metadata cache since skipAuthorityMetadataCache is set to true. Attempting to get cloud discovery metadata from the network metadata cache.");else{const o=Ds(this.hostnameAndPort);if(o)return this.logger.verbose("Found cloud discovery metadata from hardcoded values."),In(e,o,!1),X.HARDCODED_VALUES;this.logger.verbose("Did not find cloud discovery metadata in hardcoded values... Attempting to get cloud discovery metadata from the network metadata cache.")}const n=rr(e);return this.isAuthoritySameType(e)&&e.aliasesFromNetwork&&!n?(this.logger.verbose("Found cloud discovery metadata in the cache."),X.CACHE):(n&&this.logger.verbose("The metadata entity is expired."),null)}getCloudDiscoveryMetadataFromConfig(){if(this.authorityType===re.Ciam)return this.logger.verbose("CIAM authorities do not support cloud discovery metadata, generate the aliases from authority host."),G.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);if(this.authorityOptions.cloudDiscoveryMetadata){this.logger.verbose("The cloud discovery metadata has been provided as a network response, in the config.");try{this.logger.verbose("Attempting to parse the cloud discovery metadata.");const e=JSON.parse(this.authorityOptions.cloudDiscoveryMetadata),t=Bt(e.metadata,this.hostnameAndPort);if(this.logger.verbose("Parsed the cloud discovery metadata."),t)return this.logger.verbose("There is returnable metadata attached to the parsed cloud discovery metadata."),t;this.logger.verbose("There is no metadata attached to the parsed cloud discovery metadata.")}catch{throw this.logger.verbose("Unable to parse the cloud discovery metadata. Throwing Invalid Cloud Discovery Metadata Error."),R(oo)}}return this.isInKnownAuthorities()?(this.logger.verbose("The host is included in knownAuthorities. Creating new cloud discovery metadata from the host."),G.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort)):null}async getCloudDiscoveryMetadataFromNetwork(){var o;(o=this.performanceClient)==null||o.addQueueMeasurement(l.AuthorityGetCloudDiscoveryMetadataFromNetwork,this.correlationId);const e=`${g.AAD_INSTANCE_DISCOVERY_ENDPT}${this.canonicalAuthority}oauth2/v2.0/authorize`,t={};let n=null;try{const i=await this.networkInterface.sendGetRequestAsync(e,t);let a,s;if(qc(i.body))a=i.body,s=a.metadata,this.logger.verbosePii(`tenant_discovery_endpoint is: ${a.tenant_discovery_endpoint}`);else if($c(i.body)){if(this.logger.warning(`A CloudInstanceDiscoveryErrorResponse was returned. The cloud instance discovery network request's status code is: ${i.status}`),a=i.body,a.error===g.INVALID_INSTANCE)return this.logger.error("The CloudInstanceDiscoveryErrorResponse error is invalid_instance."),null;this.logger.warning(`The CloudInstanceDiscoveryErrorResponse error is ${a.error}`),this.logger.warning(`The CloudInstanceDiscoveryErrorResponse error description is ${a.error_description}`),this.logger.warning("Setting the value of the CloudInstanceDiscoveryMetadata (returned from the network) to []"),s=[]}else return this.logger.error("AAD did not return a CloudInstanceDiscoveryResponse or CloudInstanceDiscoveryErrorResponse"),null;this.logger.verbose("Attempting to find a match between the developer's authority and the CloudInstanceDiscoveryMetadata returned from the network request."),n=Bt(s,this.hostnameAndPort)}catch(i){if(i instanceof _)this.logger.error(`There was a network error while attempting to get the cloud discovery instance metadata.
-Error: ${i.errorCode}
-Error Description: ${i.errorMessage}`);else{const a=i;this.logger.error(`A non-MSALJS error was thrown while attempting to get the cloud instance discovery metadata.
-Error: ${a.name}
-Error Description: ${a.message}`)}return null}return n||(this.logger.warning("The developer's authority was not found within the CloudInstanceDiscoveryMetadata returned from the network request."),this.logger.verbose("Creating custom Authority for custom domain scenario."),n=G.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort)),n}isInKnownAuthorities(){return this.authorityOptions.knownAuthorities.filter(t=>t&&S.getDomainFromUrl(t).toLowerCase()===this.hostnameAndPort).length>0}static generateAuthority(e,t){let n;if(t&&t.azureCloudInstance!==to.None){const o=t.tenant?t.tenant:g.DEFAULT_COMMON_TENANT;n=`${t.azureCloudInstance}/${o}/`}return n||e}static createCloudDiscoveryMetadataFromHost(e){return{preferred_network:e,preferred_cache:e,aliases:[e]}}getPreferredCache(){if(this.managedIdentity)return g.DEFAULT_AUTHORITY_HOST;if(this.discoveryComplete())return this.metadata.preferred_cache;throw f(ye)}isAlias(e){return this.metadata.aliases.indexOf(e)>-1}isAliasOfKnownMicrosoftAuthority(e){return mi.has(e)}static isPublicCloudAuthority(e){return g.KNOWN_PUBLIC_CLOUDS.indexOf(e)>=0}static buildRegionalAuthorityString(e,t,n){const o=new S(e);o.validateAsUri();const i=o.getUrlComponents();let a=`${t}.${i.HostNameAndPort}`;this.isPublicCloudAuthority(i.HostNameAndPort)&&(a=`${t}.${g.REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX}`);const s=S.constructAuthorityUriFromObject({...o.getUrlComponents(),HostNameAndPort:a}).urlString;return n?`${s}?${n}`:s}static replaceWithRegionalInformation(e,t){const n={...e};return n.authorization_endpoint=G.buildRegionalAuthorityString(n.authorization_endpoint,t),n.token_endpoint=G.buildRegionalAuthorityString(n.token_endpoint,t),n.end_session_endpoint&&(n.end_session_endpoint=G.buildRegionalAuthorityString(n.end_session_endpoint,t)),n}static transformCIAMAuthority(e){let t=e;const o=new S(e).getUrlComponents();if(o.PathSegments.length===0&&o.HostNameAndPort.endsWith(g.CIAM_AUTH_URL)){const i=o.HostNameAndPort.split(".")[0];t=`${t}${i}${g.AAD_TENANT_DOMAIN_SUFFIX}`}return t}}G.reservedTenantDomains=new Set(["{tenant}","{tenantid}",Re.COMMON,Re.CONSUMERS,Re.ORGANIZATIONS]);function Qc(r){var o;const n=(o=new S(r).getUrlComponents().PathSegments.slice(-1)[0])==null?void 0:o.toLowerCase();switch(n){case Re.COMMON:case Re.ORGANIZATIONS:case Re.CONSUMERS:return;default:return n}}function Ui(r){return r.endsWith(g.FORWARD_SLASH)?r:`${r}${g.FORWARD_SLASH}`}function Li(r){const e=r.cloudDiscoveryMetadata;let t;if(e)try{t=JSON.parse(e)}catch{throw R(oo)}return{canonicalAuthority:r.authority?Ui(r.authority):void 0,knownAuthorities:r.knownAuthorities,cloudDiscoveryMetadata:t}}/*! @azure/msal-common v15.4.0 2025-03-25 */async function Hi(r,e,t,n,o,i,a){a==null||a.addQueueMeasurement(l.AuthorityFactoryCreateDiscoveredInstance,i);const s=G.transformCIAMAuthority(Ui(r)),c=new G(s,e,t,n,o,i,a);try{return await p(c.resolveEndpointsAsync.bind(c),l.AuthorityResolveEndpointsAsync,o,a,i)(),c}catch{throw f(ye)}}/*! @azure/msal-common v15.4.0 2025-03-25 */class Me extends _{constructor(e,t,n,o,i){super(e,t,n),this.name="ServerError",this.errorNo=o,this.status=i,Object.setPrototypeOf(this,Me.prototype)}}/*! @azure/msal-common v15.4.0 2025-03-25 */function ln(r,e,t){var n;return{clientId:r,authority:e.authority,scopes:e.scopes,homeAccountIdentifier:t,claims:e.claims,authenticationScheme:e.authenticationScheme,resourceRequestMethod:e.resourceRequestMethod,resourceRequestUri:e.resourceRequestUri,shrClaims:e.shrClaims,sshKid:e.sshKid,embeddedClientId:e.embeddedClientId||((n=e.tokenBodyParameters)==null?void 0:n.clientId)}}/*! @azure/msal-common v15.4.0 2025-03-25 */class de{static generateThrottlingStorageKey(e){return`${dt.THROTTLING_PREFIX}.${JSON.stringify(e)}`}static preProcess(e,t){var i;const n=de.generateThrottlingStorageKey(t),o=e.getThrottlingCache(n);if(o){if(o.throttleTime<Date.now()){e.removeItem(n);return}throw new Me(((i=o.errorCodes)==null?void 0:i.join(" "))||g.EMPTY_STRING,o.errorMessage,o.subError)}}static postProcess(e,t,n){if(de.checkResponseStatus(n)||de.checkResponseForRetryAfter(n)){const o={throttleTime:de.calculateThrottleTime(parseInt(n.headers[V.RETRY_AFTER])),error:n.body.error,errorCodes:n.body.error_codes,errorMessage:n.body.error_description,subError:n.body.suberror};e.setThrottlingCache(de.generateThrottlingStorageKey(t),o)}}static checkResponseStatus(e){return e.status===429||e.status>=500&&e.status<600}static checkResponseForRetryAfter(e){return e.headers?e.headers.hasOwnProperty(V.RETRY_AFTER)&&(e.status<200||e.status>=300):!1}static calculateThrottleTime(e){const t=e<=0?0:e,n=Date.now()/1e3;return Math.floor(Math.min(n+(t||dt.DEFAULT_THROTTLE_TIME_SECONDS),n+dt.DEFAULT_MAX_THROTTLE_TIME_SECONDS)*1e3)}static removeThrottle(e,t,n,o){const i=ln(t,n,o),a=this.generateThrottlingStorageKey(i);e.removeItem(a)}}/*! @azure/msal-common v15.4.0 2025-03-25 */class dn extends _{constructor(e,t,n){super(e.errorCode,e.errorMessage,e.subError),Object.setPrototypeOf(this,dn.prototype),this.name="NetworkError",this.error=e,this.httpStatus=t,this.responseHeaders=n}}function dr(r,e,t){return new dn(r,e,t)}/*! @azure/msal-common v15.4.0 2025-03-25 */class yo{constructor(e,t){this.config=Vs(e),this.logger=new Ee(this.config.loggerOptions,jr,eo),this.cryptoUtils=this.config.cryptoInterface,this.cacheManager=this.config.storageInterface,this.networkClient=this.config.networkInterface,this.serverTelemetryManager=this.config.serverTelemetryManager,this.authority=this.config.authOptions.authority,this.performanceClient=t}createTokenRequestHeaders(e){const t={};if(t[V.CONTENT_TYPE]=g.URL_FORM_CONTENT_TYPE,!this.config.systemOptions.preventCorsPreflight&&e)switch(e.type){case ie.HOME_ACCOUNT_ID:try{const n=Je(e.credential);t[V.CCS_HEADER]=`Oid:${n.uid}@${n.utid}`}catch(n){this.logger.verbose("Could not parse home account ID for CCS Header: "+n)}break;case ie.UPN:t[V.CCS_HEADER]=`UPN: ${e.credential}`;break}return t}async executePostToTokenEndpoint(e,t,n,o,i,a){var c;a&&((c=this.performanceClient)==null||c.addQueueMeasurement(a,i));const s=await this.sendPostRequest(o,e,{body:t,headers:n},i);return this.config.serverTelemetryManager&&s.status<500&&s.status!==429&&this.config.serverTelemetryManager.clearTelemetryCache(),s}async sendPostRequest(e,t,n,o){var a,s,c;de.preProcess(this.cacheManager,e);let i;try{i=await p(this.networkClient.sendPostRequestAsync.bind(this.networkClient),l.NetworkClientSendPostRequestAsync,this.logger,this.performanceClient,o)(t,n);const d=i.headers||{};(s=this.performanceClient)==null||s.addFields({refreshTokenSize:((a=i.body.refresh_token)==null?void 0:a.length)||0,httpVerToken:d[V.X_MS_HTTP_VERSION]||"",requestId:d[V.X_MS_REQUEST_ID]||""},o)}catch(d){if(d instanceof dn){const h=d.responseHeaders;throw h&&((c=this.performanceClient)==null||c.addFields({httpVerToken:h[V.X_MS_HTTP_VERSION]||"",requestId:h[V.X_MS_REQUEST_ID]||"",contentTypeHeader:h[V.CONTENT_TYPE]||void 0,contentLengthHeader:h[V.CONTENT_LENGTH]||void 0,httpStatus:d.httpStatus},o)),d.error}throw d instanceof _?d:f(Nr)}return de.postProcess(this.cacheManager,e,i),i}async updateAuthority(e,t){var i;(i=this.performanceClient)==null||i.addQueueMeasurement(l.UpdateTokenEndpointAuthority,t);const n=`https://${e}/${this.authority.tenant}/`,o=await Hi(n,this.networkClient,this.cacheManager,this.authority.options,this.logger,t,this.performanceClient);this.authority=o}createTokenQueryParameters(e){const t=new Map;return e.embeddedClientId&&sn(t,this.config.authOptions.clientId,this.config.authOptions.redirectUri),e.tokenQueryParameters&&Fe(t,e.tokenQueryParameters),go(t,e.correlationId),an(t,e.correlationId,this.performanceClient),pt(t)}}/*! @azure/msal-common v15.4.0 2025-03-25 */const $t="no_tokens_found",Di="native_account_unavailable",To="refresh_token_expired",Yc="interaction_required",jc="consent_required",Wc="login_required",hn="bad_token";/*! @azure/msal-common v15.4.0 2025-03-25 */const hr=[Yc,jc,Wc,hn],Jc=["message_only","additional_action","basic_action","user_password_expired","consent_required","bad_token"],Xc={[$t]:"No refresh token found in the cache. Please sign-in.",[Di]:"The requested account is not available in the native broker. It may have been deleted or logged out. Please sign-in again using an interactive API.",[To]:"Refresh token has expired.",[hn]:"Identity provider returned bad_token due to an expired or invalid refresh token. Please invoke an interactive API to resolve."};class ne extends _{constructor(e,t,n,o,i,a,s,c){super(e,t,n),Object.setPrototypeOf(this,ne.prototype),this.timestamp=o||g.EMPTY_STRING,this.traceId=i||g.EMPTY_STRING,this.correlationId=a||g.EMPTY_STRING,this.claims=s||g.EMPTY_STRING,this.name="InteractionRequiredAuthError",this.errorNo=c}}function xi(r,e,t){const n=!!r&&hr.indexOf(r)>-1,o=!!t&&Jc.indexOf(t)>-1,i=!!e&&hr.some(a=>e.indexOf(a)>-1);return n||i||o}function Un(r){return new ne(r,Xc[r])}/*! @azure/msal-common v15.4.0 2025-03-25 */class ot{static setRequestState(e,t,n){const o=ot.generateLibraryState(e,n);return t?`${o}${g.RESOURCE_DELIM}${t}`:o}static generateLibraryState(e,t){if(!e)throw f(bn);const n={id:e.createNewGuid()};t&&(n.meta=t);const o=JSON.stringify(n);return e.base64Encode(o)}static parseRequestState(e,t){if(!e)throw f(bn);if(!t)throw f(et);try{const n=t.split(g.RESOURCE_DELIM),o=n[0],i=n.length>1?n.slice(1).join(g.RESOURCE_DELIM):g.EMPTY_STRING,a=e.base64Decode(o),s=JSON.parse(a);return{userRequestState:i||g.EMPTY_STRING,libraryState:s}}catch{throw f(et)}}}/*! @azure/msal-common v15.4.0 2025-03-25 */const Zc={SW:"sw"};class tt{constructor(e,t){this.cryptoUtils=e,this.performanceClient=t}async generateCnf(e,t){var i;(i=this.performanceClient)==null||i.addQueueMeasurement(l.PopTokenGenerateCnf,e.correlationId);const n=await p(this.generateKid.bind(this),l.PopTokenGenerateCnf,t,this.performanceClient,e.correlationId)(e),o=this.cryptoUtils.base64UrlEncode(JSON.stringify(n));return{kid:n.kid,reqCnfString:o}}async generateKid(e){var n;return(n=this.performanceClient)==null||n.addQueueMeasurement(l.PopTokenGenerateKid,e.correlationId),{kid:await this.cryptoUtils.getPublicKeyThumbprint(e),xms_ksl:Zc.SW}}async signPopToken(e,t,n){return this.signPayload(e,t,n)}async signPayload(e,t,n,o){const{resourceRequestMethod:i,resourceRequestUri:a,shrClaims:s,shrNonce:c,shrOptions:d}=n,h=a?new S(a):void 0,u=h==null?void 0:h.getUrlComponents();return this.cryptoUtils.signJwt({at:e,ts:j(),m:i==null?void 0:i.toUpperCase(),u:u==null?void 0:u.HostNameAndPort,nonce:c||this.cryptoUtils.createNewGuid(),p:u==null?void 0:u.AbsolutePath,q:u!=null&&u.QueryString?[[],u.QueryString]:void 0,client_claims:s||void 0,...o},t,d,n.correlationId)}}/*! @azure/msal-common v15.4.0 2025-03-25 */class el{constructor(e,t){this.cache=e,this.hasChanged=t}get cacheHasChanged(){return this.hasChanged}get tokenCache(){return this.cache}}/*! @azure/msal-common v15.4.0 2025-03-25 */class Be{constructor(e,t,n,o,i,a,s){this.clientId=e,this.cacheStorage=t,this.cryptoObj=n,this.logger=o,this.serializableCache=i,this.persistencePlugin=a,this.performanceClient=s}validateTokenResponse(e,t){var n;if(e.error||e.error_description||e.suberror){const o=`Error(s): ${e.error_codes||g.NOT_AVAILABLE} - Timestamp: ${e.timestamp||g.NOT_AVAILABLE} - Description: ${e.error_description||g.NOT_AVAILABLE} - Correlation ID: ${e.correlation_id||g.NOT_AVAILABLE} - Trace ID: ${e.trace_id||g.NOT_AVAILABLE}`,i=(n=e.error_codes)!=null&&n.length?e.error_codes[0]:void 0,a=new Me(e.error,o,e.suberror,i,e.status);if(t&&e.status&&e.status>=vt.SERVER_ERROR_RANGE_START&&e.status<=vt.SERVER_ERROR_RANGE_END){this.logger.warning(`executeTokenRequest:validateTokenResponse - AAD is currently unavailable and the access token is unable to be refreshed.
-${a}`);return}else if(t&&e.status&&e.status>=vt.CLIENT_ERROR_RANGE_START&&e.status<=vt.CLIENT_ERROR_RANGE_END){this.logger.warning(`executeTokenRequest:validateTokenResponse - AAD is currently available but is unable to refresh the access token.
-${a}`);return}throw xi(e.error,e.error_description,e.suberror)?new ne(e.error,e.error_description,e.suberror,e.timestamp||g.EMPTY_STRING,e.trace_id||g.EMPTY_STRING,e.correlation_id||g.EMPTY_STRING,e.claims||g.EMPTY_STRING,i):a}}async handleServerTokenResponse(e,t,n,o,i,a,s,c,d){var E;(E=this.performanceClient)==null||E.addQueueMeasurement(l.HandleServerTokenResponse,e.correlation_id);let h;if(e.id_token){if(h=Pe(e.id_token||g.EMPTY_STRING,this.cryptoObj.base64Decode),i&&i.nonce&&h.nonce!==i.nonce)throw f(Hr);if(o.maxAge||o.maxAge===0){const w=h.auth_time;if(!w)throw f(Wn);Wr(w,o.maxAge)}}this.homeAccountIdentifier=q.generateHomeAccountId(e.client_info||g.EMPTY_STRING,t.authorityType,this.logger,this.cryptoObj,h);let u;i&&i.state&&(u=ot.parseRequestState(this.cryptoObj,i.state)),e.key_id=e.key_id||o.sshKid||void 0;const m=this.generateCacheRecord(e,t,n,o,h,a,i);let A;try{if(this.persistencePlugin&&this.serializableCache&&(this.logger.verbose("Persistence enabled, calling beforeCacheAccess"),A=new el(this.serializableCache,!0),await this.persistencePlugin.beforeCacheAccess(A)),s&&!c&&m.account){const w=m.account.generateAccountKey();if(!this.cacheStorage.getAccount(w))return this.logger.warning("Account used to refresh tokens not in persistence, refreshed tokens will not be stored in the cache"),await Be.generateAuthenticationResult(this.cryptoObj,t,m,!1,o,h,u,void 0,d)}await this.cacheStorage.saveCacheRecord(m,o.correlationId,o.storeInCache)}finally{this.persistencePlugin&&this.serializableCache&&A&&(this.logger.verbose("Persistence enabled, calling afterCacheAccess"),await this.persistencePlugin.afterCacheAccess(A))}return Be.generateAuthenticationResult(this.cryptoObj,t,m,!1,o,h,u,e,d)}generateCacheRecord(e,t,n,o,i,a,s){const c=t.getPreferredCache();if(!c)throw f(Xn);const d=gi(i);let h,u;e.id_token&&i&&(h=Zt(this.homeAccountIdentifier,c,e.id_token,this.clientId,d||""),u=Ao(this.cacheStorage,t,this.homeAccountIdentifier,this.cryptoObj.base64Decode,i,e.client_info,c,d,s,void 0,this.logger));let m=null;if(e.access_token){const w=e.scope?M.fromString(e.scope):new M(o.scopes||[]),D=(typeof e.expires_in=="string"?parseInt(e.expires_in,10):e.expires_in)||0,W=(typeof e.ext_expires_in=="string"?parseInt(e.ext_expires_in,10):e.ext_expires_in)||0,ee=(typeof e.refresh_in=="string"?parseInt(e.refresh_in,10):e.refresh_in)||void 0,ve=n+D,Et=ve+W,wt=ee&&ee>0?n+ee:void 0;m=en(this.homeAccountIdentifier,c,e.access_token,this.clientId,d||t.tenant||"",w.printScopes(),ve,Et,this.cryptoObj.base64Decode,wt,e.token_type,a,e.key_id,o.claims,o.requestedClaimsHash)}let A=null;if(e.refresh_token){let w;if(e.refresh_token_expires_in){const D=typeof e.refresh_token_expires_in=="string"?parseInt(e.refresh_token_expires_in,10):e.refresh_token_expires_in;w=n+D}A=Xr(this.homeAccountIdentifier,c,e.refresh_token,this.clientId,e.foci,a,w)}let E=null;return e.foci&&(E={clientId:this.clientId,environment:c,familyId:e.foci}),{account:u,idToken:h,accessToken:m,refreshToken:A,appMetadata:E}}static async generateAuthenticationResult(e,t,n,o,i,a,s,c,d){var ve,Et,wt,Qo,Yo;let h=g.EMPTY_STRING,u=[],m=null,A,E,w=g.EMPTY_STRING;if(n.accessToken){if(n.accessToken.tokenType===k.POP&&!i.popKid){const Za=new tt(e),{secret:es,keyId:jo}=n.accessToken;if(!jo)throw f(Zn);h=await Za.signPopToken(es,jo,i)}else h=n.accessToken.secret;u=M.fromString(n.accessToken.target).asArray(),m=Ie(n.accessToken.expiresOn),A=Ie(n.accessToken.extendedExpiresOn),n.accessToken.refreshOn&&(E=Ie(n.accessToken.refreshOn))}n.appMetadata&&(w=n.appMetadata.familyId===lt?lt:"");const D=(a==null?void 0:a.oid)||(a==null?void 0:a.sub)||"",W=(a==null?void 0:a.tid)||"";c!=null&&c.spa_accountid&&n.account&&(n.account.nativeAccountId=c==null?void 0:c.spa_accountid);const ee=n.account?io(n.account.getAccountInfo(),void 0,a,(ve=n.idToken)==null?void 0:ve.secret):null;return{authority:t.canonicalAuthority,uniqueId:D,tenantId:W,scopes:u,account:ee,idToken:((Et=n==null?void 0:n.idToken)==null?void 0:Et.secret)||"",idTokenClaims:a||{},accessToken:h,fromCache:o,expiresOn:m,extExpiresOn:A,refreshOn:E,correlationId:i.correlationId,requestId:d||g.EMPTY_STRING,familyId:w,tokenType:((wt=n.accessToken)==null?void 0:wt.tokenType)||g.EMPTY_STRING,state:s?s.userRequestState:g.EMPTY_STRING,cloudGraphHostName:((Qo=n.account)==null?void 0:Qo.cloudGraphHostName)||g.EMPTY_STRING,msGraphHost:((Yo=n.account)==null?void 0:Yo.msGraphHost)||g.EMPTY_STRING,code:c==null?void 0:c.spa_code,fromNativeBroker:!1}}}function Ao(r,e,t,n,o,i,a,s,c,d,h){h==null||h.verbose("setCachedAccount called");const m=r.getAccountKeys().find(W=>W.startsWith(t));let A=null;m&&(A=r.getAccount(m));const E=A||q.createAccount({homeAccountId:t,idTokenClaims:o,clientInfo:i,environment:a,cloudGraphHostName:c==null?void 0:c.cloud_graph_host_name,msGraphHost:c==null?void 0:c.msgraph_host,nativeAccountId:d},e,n),w=E.tenantProfiles||[],D=s||E.realm;if(D&&!w.find(W=>W.tenantId===D)){const W=rn(t,E.localAccountId,D,o);w.push(W)}return E.tenantProfiles=w,E}/*! @azure/msal-common v15.4.0 2025-03-25 */class tl{static validateRedirectUri(e){if(!e)throw R(Zr)}static validatePrompt(e){const t=[];for(const n in K)t.push(K[n]);if(t.indexOf(e)<0)throw R(oi)}static validateClaims(e){try{JSON.parse(e)}catch{throw R(tn)}}static validateCodeChallengeParams(e,t){if(!e||!t)throw R(nn);this.validateCodeChallengeMethod(t)}static validateCodeChallengeMethod(e){if([Xo.PLAIN,Xo.S256].indexOf(e)<0)throw R(ai)}}/*! @azure/msal-common v15.4.0 2025-03-25 */async function Fi(r,e,t){return typeof r=="string"?r:r({clientId:e,tokenEndpoint:t})}/*! @azure/msal-common v15.4.0 2025-03-25 */class Ki extends yo{constructor(e,t){var n;super(e,t),this.includeRedirectUri=!0,this.oidcDefaultScopes=(n=this.config.authOptions.authority.options.OIDCOptions)==null?void 0:n.defaultScopes}async acquireToken(e,t){var s,c;if((s=this.performanceClient)==null||s.addQueueMeasurement(l.AuthClientAcquireToken,e.correlationId),!e.code)throw f(Fr);const n=j(),o=await p(this.executeTokenRequest.bind(this),l.AuthClientExecuteTokenRequest,this.logger,this.performanceClient,e.correlationId)(this.authority,e),i=(c=o.headers)==null?void 0:c[V.X_MS_REQUEST_ID],a=new Be(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.config.serializableCache,this.config.persistencePlugin,this.performanceClient);return a.validateTokenResponse(o.body),p(a.handleServerTokenResponse.bind(a),l.HandleServerTokenResponse,this.logger,this.performanceClient,e.correlationId)(o.body,this.authority,n,e,t,void 0,void 0,void 0,i)}getLogoutUri(e){if(!e)throw R(ii);const t=this.createLogoutUrlQueryString(e);return S.appendQueryString(this.authority.endSessionEndpoint,t)}async executeTokenRequest(e,t){var d;(d=this.performanceClient)==null||d.addQueueMeasurement(l.AuthClientExecuteTokenRequest,t.correlationId);const n=this.createTokenQueryParameters(t),o=S.appendQueryString(e.tokenEndpoint,n),i=await p(this.createTokenRequestBody.bind(this),l.AuthClientCreateTokenRequestBody,this.logger,this.performanceClient,t.correlationId)(t);let a;if(t.clientInfo)try{const h=Ft(t.clientInfo,this.cryptoUtils.base64Decode);a={credential:`${h.uid}${z.CLIENT_INFO_SEPARATOR}${h.utid}`,type:ie.HOME_ACCOUNT_ID}}catch(h){this.logger.verbose("Could not parse client info for CCS Header: "+h)}const s=this.createTokenRequestHeaders(a||t.ccsCredential),c=ln(this.config.authOptions.clientId,t);return p(this.executePostToTokenEndpoint.bind(this),l.AuthorizationCodeClientExecutePostToTokenEndpoint,this.logger,this.performanceClient,t.correlationId)(o,i,s,c,t.correlationId,l.AuthorizationCodeClientExecutePostToTokenEndpoint)}async createTokenRequestBody(e){var o,i;(o=this.performanceClient)==null||o.addQueueMeasurement(l.AuthClientCreateTokenRequestBody,e.correlationId);const t=new Map;if(lo(t,e.embeddedClientId||((i=e.tokenBodyParameters)==null?void 0:i[Ke])||this.config.authOptions.clientId),this.includeRedirectUri?ho(t,e.redirectUri):tl.validateRedirectUri(e.redirectUri),co(t,e.scopes,!0,this.oidcDefaultScopes),xc(t,e.code),po(t,this.config.libraryInfo),fo(t,this.config.telemetry.application),Mi(t),this.serverTelemetryManager&&!Ti(this.config)&&Ni(t,this.serverTelemetryManager),e.codeVerifier&&Kc(t,e.codeVerifier),this.config.clientCredentials.clientSecret&&Si(t,this.config.clientCredentials.clientSecret),this.config.clientCredentials.clientAssertion){const a=this.config.clientCredentials.clientAssertion;ki(t,await Fi(a.assertion,this.config.authOptions.clientId,e.resourceRequestUri)),_i(t,a.assertionType)}if(Ri(t,br.AUTHORIZATION_CODE_GRANT),mo(t),e.authenticationScheme===k.POP){const a=new tt(this.cryptoUtils,this.performanceClient);let s;e.popKid?s=this.cryptoUtils.encodeKid(e.popKid):s=(await p(a.generateCnf.bind(a),l.PopTokenGenerateCnf,this.logger,this.performanceClient,e.correlationId)(e,this.logger)).reqCnfString,Co(t,s)}else if(e.authenticationScheme===k.SSH)if(e.sshJwk)Pi(t,e.sshJwk);else throw R(on);(!ae.isEmptyObj(e.claims)||this.config.authOptions.clientCapabilities&&this.config.authOptions.clientCapabilities.length>0)&&uo(t,e.claims,this.config.authOptions.clientCapabilities);let n;if(e.clientInfo)try{const a=Ft(e.clientInfo,this.cryptoUtils.base64Decode);n={credential:`${a.uid}${z.CLIENT_INFO_SEPARATOR}${a.utid}`,type:ie.HOME_ACCOUNT_ID}}catch(a){this.logger.verbose("Could not parse client info for CCS Header: "+a)}else n=e.ccsCredential;if(this.config.systemOptions.preventCorsPreflight&&n)switch(n.type){case ie.HOME_ACCOUNT_ID:try{const a=Je(n.credential);ut(t,a)}catch(a){this.logger.verbose("Could not parse home account ID for CCS Header: "+a)}break;case ie.UPN:qt(t,n.credential);break}return e.embeddedClientId&&sn(t,this.config.authOptions.clientId,this.config.authOptions.redirectUri),e.tokenBodyParameters&&Fe(t,e.tokenBodyParameters),e.enableSpaAuthorizationCode&&(!e.tokenBodyParameters||!e.tokenBodyParameters[cr])&&Fe(t,{[cr]:"1"}),an(t,e.correlationId,this.performanceClient),pt(t)}createLogoutUrlQueryString(e){const t=new Map;return e.postLogoutRedirectUri&&Nc(t,e.postLogoutRedirectUri),e.correlationId&&go(t,e.correlationId),e.idTokenHint&&Mc(t,e.idTokenHint),e.state&&vi(t,e.state),e.logoutHint&&Bc(t,e.logoutHint),e.extraQueryParameters&&Fe(t,e.extraQueryParameters),this.config.authOptions.instanceAware&&bi(t),pt(t)}}/*! @azure/msal-common v15.4.0 2025-03-25 */const nl=300;class ol extends yo{constructor(e,t){super(e,t)}async acquireToken(e){var a,s;(a=this.performanceClient)==null||a.addQueueMeasurement(l.RefreshTokenClientAcquireToken,e.correlationId);const t=j(),n=await p(this.executeTokenRequest.bind(this),l.RefreshTokenClientExecuteTokenRequest,this.logger,this.performanceClient,e.correlationId)(e,this.authority),o=(s=n.headers)==null?void 0:s[V.X_MS_REQUEST_ID],i=new Be(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.config.serializableCache,this.config.persistencePlugin);return i.validateTokenResponse(n.body),p(i.handleServerTokenResponse.bind(i),l.HandleServerTokenResponse,this.logger,this.performanceClient,e.correlationId)(n.body,this.authority,t,e,void 0,void 0,!0,e.forceCache,o)}async acquireTokenByRefreshToken(e){var n;if(!e)throw R(ri);if((n=this.performanceClient)==null||n.addQueueMeasurement(l.RefreshTokenClientAcquireTokenByRefreshToken,e.correlationId),!e.account)throw f(Jn);if(this.cacheManager.isAppMetadataFOCI(e.account.environment))try{return await p(this.acquireTokenWithCachedRefreshToken.bind(this),l.RefreshTokenClientAcquireTokenWithCachedRefreshToken,this.logger,this.performanceClient,e.correlationId)(e,!0)}catch(o){const i=o instanceof ne&&o.errorCode===$t,a=o instanceof Me&&o.errorCode===Zo.INVALID_GRANT_ERROR&&o.subError===Zo.CLIENT_MISMATCH_ERROR;if(i||a)return p(this.acquireTokenWithCachedRefreshToken.bind(this),l.RefreshTokenClientAcquireTokenWithCachedRefreshToken,this.logger,this.performanceClient,e.correlationId)(e,!1);throw o}return p(this.acquireTokenWithCachedRefreshToken.bind(this),l.RefreshTokenClientAcquireTokenWithCachedRefreshToken,this.logger,this.performanceClient,e.correlationId)(e,!1)}async acquireTokenWithCachedRefreshToken(e,t){var i,a,s;(i=this.performanceClient)==null||i.addQueueMeasurement(l.RefreshTokenClientAcquireTokenWithCachedRefreshToken,e.correlationId);const n=ce(this.cacheManager.getRefreshToken.bind(this.cacheManager),l.CacheManagerGetRefreshToken,this.logger,this.performanceClient,e.correlationId)(e.account,t,void 0,this.performanceClient,e.correlationId);if(!n)throw Un($t);if(n.expiresOn&&xt(n.expiresOn,e.refreshTokenExpirationOffsetSeconds||nl))throw(a=this.performanceClient)==null||a.addFields({rtExpiresOnMs:Number(n.expiresOn)},e.correlationId),Un(To);const o={...e,refreshToken:n.secret,authenticationScheme:e.authenticationScheme||k.BEARER,ccsCredential:{credential:e.account.homeAccountId,type:ie.HOME_ACCOUNT_ID}};try{return await p(this.acquireToken.bind(this),l.RefreshTokenClientAcquireToken,this.logger,this.performanceClient,e.correlationId)(o)}catch(c){if(c instanceof ne&&((s=this.performanceClient)==null||s.addFields({rtExpiresOnMs:Number(n.expiresOn)},e.correlationId),c.subError===hn)){this.logger.verbose("acquireTokenWithRefreshToken: bad refresh token, removing from cache");const d=ht(n);this.cacheManager.removeRefreshToken(d)}throw c}}async executeTokenRequest(e,t){var c;(c=this.performanceClient)==null||c.addQueueMeasurement(l.RefreshTokenClientExecuteTokenRequest,e.correlationId);const n=this.createTokenQueryParameters(e),o=S.appendQueryString(t.tokenEndpoint,n),i=await p(this.createTokenRequestBody.bind(this),l.RefreshTokenClientCreateTokenRequestBody,this.logger,this.performanceClient,e.correlationId)(e),a=this.createTokenRequestHeaders(e.ccsCredential),s=ln(this.config.authOptions.clientId,e);return p(this.executePostToTokenEndpoint.bind(this),l.RefreshTokenClientExecutePostToTokenEndpoint,this.logger,this.performanceClient,e.correlationId)(o,i,a,s,e.correlationId,l.RefreshTokenClientExecutePostToTokenEndpoint)}async createTokenRequestBody(e){var n,o,i;(n=this.performanceClient)==null||n.addQueueMeasurement(l.RefreshTokenClientCreateTokenRequestBody,e.correlationId);const t=new Map;if(lo(t,e.embeddedClientId||((o=e.tokenBodyParameters)==null?void 0:o[Ke])||this.config.authOptions.clientId),e.redirectUri&&ho(t,e.redirectUri),co(t,e.scopes,!0,(i=this.config.authOptions.authority.options.OIDCOptions)==null?void 0:i.defaultScopes),Ri(t,br.REFRESH_TOKEN_GRANT),mo(t),po(t,this.config.libraryInfo),fo(t,this.config.telemetry.application),Mi(t),this.serverTelemetryManager&&!Ti(this.config)&&Ni(t,this.serverTelemetryManager),Fc(t,e.refreshToken),this.config.clientCredentials.clientSecret&&Si(t,this.config.clientCredentials.clientSecret),this.config.clientCredentials.clientAssertion){const a=this.config.clientCredentials.clientAssertion;ki(t,await Fi(a.assertion,this.config.authOptions.clientId,e.resourceRequestUri)),_i(t,a.assertionType)}if(e.authenticationScheme===k.POP){const a=new tt(this.cryptoUtils,this.performanceClient);let s;e.popKid?s=this.cryptoUtils.encodeKid(e.popKid):s=(await p(a.generateCnf.bind(a),l.PopTokenGenerateCnf,this.logger,this.performanceClient,e.correlationId)(e,this.logger)).reqCnfString,Co(t,s)}else if(e.authenticationScheme===k.SSH)if(e.sshJwk)Pi(t,e.sshJwk);else throw R(on);if((!ae.isEmptyObj(e.claims)||this.config.authOptions.clientCapabilities&&this.config.authOptions.clientCapabilities.length>0)&&uo(t,e.claims,this.config.authOptions.clientCapabilities),this.config.systemOptions.preventCorsPreflight&&e.ccsCredential)switch(e.ccsCredential.type){case ie.HOME_ACCOUNT_ID:try{const a=Je(e.ccsCredential.credential);ut(t,a)}catch(a){this.logger.verbose("Could not parse home account ID for CCS Header: "+a)}break;case ie.UPN:qt(t,e.ccsCredential.credential);break}return e.embeddedClientId&&sn(t,this.config.authOptions.clientId,this.config.authOptions.redirectUri),e.tokenBodyParameters&&Fe(t,e.tokenBodyParameters),an(t,e.correlationId,this.performanceClient),pt(t)}}/*! @azure/msal-common v15.4.0 2025-03-25 */class rl extends yo{constructor(e,t){super(e,t)}async acquireCachedToken(e){var c;(c=this.performanceClient)==null||c.addQueueMeasurement(l.SilentFlowClientAcquireCachedToken,e.correlationId);let t=Ue.NOT_APPLICABLE;if(e.forceRefresh||!this.config.cacheOptions.claimsBasedCachingEnabled&&!ae.isEmptyObj(e.claims))throw this.setCacheOutcome(Ue.FORCE_REFRESH_OR_CLAIMS,e.correlationId),f(be);if(!e.account)throw f(Jn);const n=e.account.tenantId||Qc(e.authority),o=this.cacheManager.getTokenKeys(),i=this.cacheManager.getAccessToken(e.account,e,o,n,this.performanceClient,e.correlationId);if(i){if(Jr(i.cachedAt)||xt(i.expiresOn,this.config.systemOptions.tokenRenewalOffsetSeconds))throw this.setCacheOutcome(Ue.CACHED_ACCESS_TOKEN_EXPIRED,e.correlationId),f(be);i.refreshOn&&xt(i.refreshOn,0)&&(t=Ue.PROACTIVELY_REFRESHED)}else throw this.setCacheOutcome(Ue.NO_CACHED_ACCESS_TOKEN,e.correlationId),f(be);const a=e.authority||this.authority.getPreferredCache(),s={account:this.cacheManager.readAccountFromCache(e.account),accessToken:i,idToken:this.cacheManager.getIdToken(e.account,o,n,this.performanceClient,e.correlationId),refreshToken:null,appMetadata:this.cacheManager.readAppMetadataFromCache(a)};return this.setCacheOutcome(t,e.correlationId),this.config.serverTelemetryManager&&this.config.serverTelemetryManager.incrementCacheHits(),[await p(this.generateResultFromCacheRecord.bind(this),l.SilentFlowClientGenerateResultFromCacheRecord,this.logger,this.performanceClient,e.correlationId)(s,e),t]}setCacheOutcome(e,t){var n,o;(n=this.serverTelemetryManager)==null||n.setCacheOutcome(e),(o=this.performanceClient)==null||o.addFields({cacheOutcome:e},t),e!==Ue.NOT_APPLICABLE&&this.logger.info(`Token refresh is required due to cache outcome: ${e}`)}async generateResultFromCacheRecord(e,t){var o;(o=this.performanceClient)==null||o.addQueueMeasurement(l.SilentFlowClientGenerateResultFromCacheRecord,t.correlationId);let n;if(e.idToken&&(n=Pe(e.idToken.secret,this.config.cryptoInterface.base64Decode)),t.maxAge||t.maxAge===0){const i=n==null?void 0:n.auth_time;if(!i)throw f(Wn);Wr(i,t.maxAge)}return Be.generateAuthenticationResult(this.cryptoUtils,this.authority,e,!0,t,n)}}/*! @azure/msal-common v15.4.0 2025-03-25 */const il={sendGetRequestAsync:()=>Promise.reject(f(v)),sendPostRequestAsync:()=>Promise.reject(f(v))};/*! @azure/msal-common v15.4.0 2025-03-25 */function al(r,e,t,n){var s,c;const o=e.correlationId,i=new Map;lo(i,e.embeddedClientId||((s=e.extraQueryParameters)==null?void 0:s[Ke])||r.clientId);const a=[...e.scopes||[],...e.extraScopesToConsent||[]];if(co(i,a,!0,(c=r.authority.options.OIDCOptions)==null?void 0:c.defaultScopes),ho(i,e.redirectUri),go(i,o),Oc(i,e.responseMode),mo(i),e.prompt&&(Lc(i,e.prompt),n==null||n.addFields({prompt:e.prompt},o)),e.domainHint&&(Uc(i,e.domainHint),n==null||n.addFields({domainHintFromRequest:!0},o)),e.prompt!==K.SELECT_ACCOUNT)if(e.sid&&e.prompt===K.NONE)t.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from request"),lr(i,e.sid),n==null||n.addFields({sidFromRequest:!0},o);else if(e.account){const d=ll(e.account);let h=dl(e.account);if(h&&e.domainHint&&(t.warning('AuthorizationCodeClient.createAuthCodeUrlQueryString: "domainHint" param is set, skipping opaque "login_hint" claim. Please consider not passing domainHint'),h=null),h){t.verbose("createAuthCodeUrlQueryString: login_hint claim present on account"),bt(i,h),n==null||n.addFields({loginHintFromClaim:!0},o);try{const u=Je(e.account.homeAccountId);ut(i,u)}catch{t.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header")}}else if(d&&e.prompt===K.NONE){t.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from account"),lr(i,d),n==null||n.addFields({sidFromClaim:!0},o);try{const u=Je(e.account.homeAccountId);ut(i,u)}catch{t.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header")}}else if(e.loginHint)t.verbose("createAuthCodeUrlQueryString: Adding login_hint from request"),bt(i,e.loginHint),qt(i,e.loginHint),n==null||n.addFields({loginHintFromRequest:!0},o);else if(e.account.username){t.verbose("createAuthCodeUrlQueryString: Adding login_hint from account"),bt(i,e.account.username),n==null||n.addFields({loginHintFromUpn:!0},o);try{const u=Je(e.account.homeAccountId);ut(i,u)}catch{t.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header")}}}else e.loginHint&&(t.verbose("createAuthCodeUrlQueryString: No account, adding login_hint from request"),bt(i,e.loginHint),qt(i,e.loginHint),n==null||n.addFields({loginHintFromRequest:!0},o));else t.verbose("createAuthCodeUrlQueryString: Prompt is select_account, ignoring account hints");return e.nonce&&Hc(i,e.nonce),e.state&&vi(i,e.state),(e.claims||r.clientCapabilities&&r.clientCapabilities.length>0)&&uo(i,e.claims,r.clientCapabilities),e.embeddedClientId&&sn(i,r.clientId,r.redirectUri),r.instanceAware&&(!e.extraQueryParameters||!Object.keys(e.extraQueryParameters).includes(Mn))&&bi(i),i}function Bi(r,e){const t=pt(e);return S.appendQueryString(r.authorizationEndpoint,t)}function sl(r,e){if(Gi(r,e),!r.code)throw f(qr);return r}function Gi(r,e){if(!r.state||!e)throw r.state?f(_n,"Cached State"):f(_n,"Server State");let t,n;try{t=decodeURIComponent(r.state)}catch{throw f(et,r.state)}try{n=decodeURIComponent(e)}catch{throw f(et,r.state)}if(t!==n)throw f(Lr);if(r.error||r.error_description||r.suberror){const o=cl(r);throw xi(r.error,r.error_description,r.suberror)?new ne(r.error||"",r.error_description,r.suberror,r.timestamp||"",r.trace_id||"",r.correlation_id||"",r.claims||"",o):new Me(r.error||"",r.error_description,r.suberror,o)}}function cl(r){var n,o;const e="code=",t=(n=r.error_uri)==null?void 0:n.lastIndexOf(e);return t&&t>=0?(o=r.error_uri)==null?void 0:o.substring(t+e.length):void 0}function ll(r){var e;return((e=r.idTokenClaims)==null?void 0:e.sid)||null}function dl(r){var e;return((e=r.idTokenClaims)==null?void 0:e.login_hint)||null}/*! @azure/msal-common v15.4.0 2025-03-25 */const ur=",",zi="|";function hl(r){const{skus:e,libraryName:t,libraryVersion:n,extensionName:o,extensionVersion:i}=r,a=new Map([[0,[t,n]],[2,[o,i]]]);let s=[];if(e!=null&&e.length){if(s=e.split(ur),s.length<4)return e}else s=Array.from({length:4},()=>zi);return a.forEach((c,d)=>{var h,u;c.length===2&&((h=c[0])!=null&&h.length)&&((u=c[1])!=null&&u.length)&&ul({skuArr:s,index:d,skuName:c[0],skuVersion:c[1]})}),s.join(ur)}function ul(r){const{skuArr:e,index:t,skuName:n,skuVersion:o}=r;t>=e.length||(e[t]=[n,o].join(zi))}class ft{constructor(e,t){this.cacheOutcome=Ue.NOT_APPLICABLE,this.cacheManager=t,this.apiId=e.apiId,this.correlationId=e.correlationId,this.wrapperSKU=e.wrapperSKU||g.EMPTY_STRING,this.wrapperVer=e.wrapperVer||g.EMPTY_STRING,this.telemetryCacheKey=F.CACHE_KEY+z.CACHE_KEY_SEPARATOR+e.clientId}generateCurrentRequestHeaderValue(){const e=`${this.apiId}${F.VALUE_SEPARATOR}${this.cacheOutcome}`,t=[this.wrapperSKU,this.wrapperVer],n=this.getNativeBrokerErrorCode();n!=null&&n.length&&t.push(`broker_error=${n}`);const o=t.join(F.VALUE_SEPARATOR),i=this.getRegionDiscoveryFields(),a=[e,i].join(F.VALUE_SEPARATOR);return[F.SCHEMA_VERSION,a,o].join(F.CATEGORY_SEPARATOR)}generateLastRequestHeaderValue(){const e=this.getLastRequests(),t=ft.maxErrorsToSend(e),n=e.failedRequests.slice(0,2*t).join(F.VALUE_SEPARATOR),o=e.errors.slice(0,t).join(F.VALUE_SEPARATOR),i=e.errors.length,a=t<i?F.OVERFLOW_TRUE:F.OVERFLOW_FALSE,s=[i,a].join(F.VALUE_SEPARATOR);return[F.SCHEMA_VERSION,e.cacheHits,n,o,s].join(F.CATEGORY_SEPARATOR)}cacheFailedRequest(e){const t=this.getLastRequests();t.errors.length>=F.MAX_CACHED_ERRORS&&(t.failedRequests.shift(),t.failedRequests.shift(),t.errors.shift()),t.failedRequests.push(this.apiId,this.correlationId),e instanceof Error&&e&&e.toString()?e instanceof _?e.subError?t.errors.push(e.subError):e.errorCode?t.errors.push(e.errorCode):t.errors.push(e.toString()):t.errors.push(e.toString()):t.errors.push(F.UNKNOWN_ERROR),this.cacheManager.setServerTelemetry(this.telemetryCacheKey,t)}incrementCacheHits(){const e=this.getLastRequests();return e.cacheHits+=1,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,e),e.cacheHits}getLastRequests(){const e={failedRequests:[],errors:[],cacheHits:0};return this.cacheManager.getServerTelemetry(this.telemetryCacheKey)||e}clearTelemetryCache(){const e=this.getLastRequests(),t=ft.maxErrorsToSend(e),n=e.errors.length;if(t===n)this.cacheManager.removeItem(this.telemetryCacheKey);else{const o={failedRequests:e.failedRequests.slice(t*2),errors:e.errors.slice(t),cacheHits:0};this.cacheManager.setServerTelemetry(this.telemetryCacheKey,o)}}static maxErrorsToSend(e){let t,n=0,o=0;const i=e.errors.length;for(t=0;t<i;t++){const a=e.failedRequests[2*t]||g.EMPTY_STRING,s=e.failedRequests[2*t+1]||g.EMPTY_STRING,c=e.errors[t]||g.EMPTY_STRING;if(o+=a.toString().length+s.toString().length+c.length+3,o<F.MAX_LAST_HEADER_BYTES)n+=1;else break}return n}getRegionDiscoveryFields(){const e=[];return e.push(this.regionUsed||g.EMPTY_STRING),e.push(this.regionSource||g.EMPTY_STRING),e.push(this.regionOutcome||g.EMPTY_STRING),e.join(",")}updateRegionDiscoveryMetadata(e){this.regionUsed=e.region_used,this.regionSource=e.region_source,this.regionOutcome=e.region_outcome}setCacheOutcome(e){this.cacheOutcome=e}setNativeBrokerErrorCode(e){const t=this.getLastRequests();t.nativeBrokerErrorCode=e,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,t)}getNativeBrokerErrorCode(){return this.getLastRequests().nativeBrokerErrorCode}clearNativeBrokerErrorCode(){const e=this.getLastRequests();delete e.nativeBrokerErrorCode,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,e)}static makeExtraSkuString(e){return hl(e)}}/*! @azure/msal-common v15.4.0 2025-03-25 */const qi="missing_kid_error",$i="missing_alg_error";/*! @azure/msal-common v15.4.0 2025-03-25 */const gl={[qi]:"The JOSE Header for the requested JWT, JWS or JWK object requires a keyId to be configured as the 'kid' header claim. No 'kid' value was provided.",[$i]:"The JOSE Header for the requested JWT, JWS or JWK object requires an algorithm to be specified as the 'alg' header claim. No 'alg' value was provided."};class Io extends _{constructor(e,t){super(e,t),this.name="JoseHeaderError",Object.setPrototypeOf(this,Io.prototype)}}function gr(r){return new Io(r,gl[r])}/*! @azure/msal-common v15.4.0 2025-03-25 */class Eo{constructor(e){this.typ=e.typ,this.alg=e.alg,this.kid=e.kid}static getShrHeaderString(e){if(!e.kid)throw gr(qi);if(!e.alg)throw gr($i);const t=new Eo({typ:e.typ||as.Pop,kid:e.kid,alg:e.alg});return JSON.stringify(t)}}/*! @azure/msal-common v15.4.0 2025-03-25 */class pr{startMeasurement(){}endMeasurement(){}flushMeasurement(){return null}}class pl{generateId(){return"callback-id"}startMeasurement(e,t){return{end:()=>null,discard:()=>{},add:()=>{},increment:()=>{},event:{eventId:this.generateId(),status:Vc.InProgress,authority:"",libraryName:"",libraryVersion:"",clientId:"",name:e,startTimeMs:Date.now(),correlationId:t||""},measurement:new pr}}startPerformanceMeasurement(){return new pr}calculateQueuedTime(){return 0}addQueueMeasurement(){}setPreQueueTime(){}endMeasurement(){return null}discardMeasurements(){}removePerformanceCallback(){return!0}addPerformanceCallback(){return""}emitEvents(){}addFields(){}incrementFields(){}cacheEventByCorrelationId(){}}/*! @azure/msal-browser v4.9.0 2025-03-25 */const wo="pkce_not_created",vo="ear_jwk_empty",Vi="ear_jwe_empty",Ln="crypto_nonexistent",un="empty_navigate_uri",Qi="hash_empty_error",So="no_state_in_hash",Yi="hash_does_not_contain_known_properties",ji="unable_to_parse_state",Wi="state_interaction_type_mismatch",Ji="interaction_in_progress",Xi="popup_window_error",Zi="empty_window_error",mt="user_cancelled",fl="monitor_popup_timeout",ea="monitor_window_timeout",ta="redirect_in_iframe",na="block_iframe_reload",oa="block_nested_popups",ml="iframe_closed_prematurely",gn="silent_logout_unsupported",ra="no_account_error",Cl="silent_prompt_value_error",ia="no_token_request_cache_error",aa="unable_to_parse_token_request_cache_error",yl="auth_request_not_set_error",Tl="invalid_cache_type",pn="non_browser_environment",$e="database_not_open",Vt="no_network_connectivity",sa="post_request_failed",ca="get_request_failed",Hn="failed_to_parse_response",la="unable_to_load_token",ko="crypto_key_not_found",da="auth_code_required",ha="auth_code_or_nativeAccountId_required",ua="spa_code_and_nativeAccountId_present",_o="database_unavailable",ga="unable_to_acquire_token_from_native_platform",pa="native_handshake_timeout",fa="native_extension_not_installed",Ro="native_connection_not_established",Qt="uninitialized_public_client_application",ma="native_prompt_not_supported",Ca="invalid_base64_string",ya="invalid_pop_token_request",Ta="failed_to_build_headers",Aa="failed_to_parse_headers",Mt="failed_to_decrypt_ear_response";/*! @azure/msal-browser v4.9.0 2025-03-25 */const fe="For more visit: aka.ms/msaljs/browser-errors",Al={[wo]:"The PKCE code challenge and verifier could not be generated.",[vo]:"No EAR encryption key provided. This is unexpected.",[Vi]:"Server response does not contain ear_jwe property. This is unexpected.",[Ln]:"The crypto object or function is not available.",[un]:"Navigation URI is empty. Please check stack trace for more info.",[Qi]:`Hash value cannot be processed because it is empty. Please verify that your redirectUri is not clearing the hash. ${fe}`,[So]:"Hash does not contain state. Please verify that the request originated from msal.",[Yi]:`Hash does not contain known properites. Please verify that your redirectUri is not changing the hash. ${fe}`,[ji]:"Unable to parse state. Please verify that the request originated from msal.",[Wi]:"Hash contains state but the interaction type does not match the caller.",[Ji]:`Interaction is currently in progress. Please ensure that this interaction has been completed before calling an interactive API. ${fe}`,[Xi]:"Error opening popup window. This can happen if you are using IE or if popups are blocked in the browser.",[Zi]:"window.open returned null or undefined window object.",[mt]:"User cancelled the flow.",[fl]:`Token acquisition in popup failed due to timeout. ${fe}`,[ea]:`Token acquisition in iframe failed due to timeout. ${fe}`,[ta]:"Redirects are not supported for iframed or brokered applications. Please ensure you are using MSAL.js in a top frame of the window if using the redirect APIs, or use the popup APIs.",[na]:`Request was blocked inside an iframe because MSAL detected an authentication response. ${fe}`,[oa]:"Request was blocked inside a popup because MSAL detected it was running in a popup.",[ml]:"The iframe being monitored was closed prematurely.",[gn]:"Silent logout not supported. Please call logoutRedirect or logoutPopup instead.",[ra]:"No account object provided to acquireTokenSilent and no active account has been set. Please call setActiveAccount or provide an account on the request.",[Cl]:"The value given for the prompt value is not valid for silent requests - must be set to 'none' or 'no_session'.",[ia]:"No token request found in cache.",[aa]:"The cached token request could not be parsed.",[yl]:"Auth Request not set. Please ensure initiateAuthRequest was called from the InteractionHandler",[Tl]:"Invalid cache type",[pn]:"Login and token requests are not supported in non-browser environments.",[$e]:"Database is not open!",[Vt]:"No network connectivity. Check your internet connection.",[sa]:"Network request failed: If the browser threw a CORS error, check that the redirectUri is registered in the Azure App Portal as type 'SPA'",[ca]:"Network request failed. Please check the network trace to determine root cause.",[Hn]:"Failed to parse network response. Check network trace.",[la]:"Error loading token to cache.",[ko]:"Cryptographic Key or Keypair not found in browser storage.",[da]:"An authorization code must be provided (as the `code` property on the request) to this flow.",[ha]:"An authorization code or nativeAccountId must be provided to this flow.",[ua]:"Request cannot contain both spa code and native account id.",[_o]:"IndexedDB, which is required for persistent cryptographic key storage, is unavailable. This may be caused by browser privacy features which block persistent storage in third-party contexts.",[ga]:`Unable to acquire token from native platform. ${fe}`,[pa]:"Timed out while attempting to establish connection to browser extension",[fa]:"Native extension is not installed. If you think this is a mistake call the initialize function.",[Ro]:`Connection to native platform has not been established. Please install a compatible browser extension and run initialize(). ${fe}`,[Qt]:`You must call and await the initialize function before attempting to call any other MSAL API. ${fe}`,[ma]:"The provided prompt is not supported by the native platform. This request should be routed to the web based flow.",[Ca]:"Invalid base64 encoded string.",[ya]:"Invalid PoP token request. The request should not have both a popKid value and signPopToken set to true.",[Ta]:"Failed to build request headers object.",[Aa]:"Failed to parse response headers",[Mt]:"Failed to decrypt ear response"};class At extends _{constructor(e,t){super(e,Al[e],t),Object.setPrototypeOf(this,At.prototype),this.name="BrowserAuthError"}}function C(r,e){return new At(r,e)}/*! @azure/msal-browser v4.9.0 2025-03-25 */const Q={INVALID_GRANT_ERROR:"invalid_grant",POPUP_WIDTH:483,POPUP_HEIGHT:600,POPUP_NAME_PREFIX:"msal",DEFAULT_POLL_INTERVAL_MS:30,MSAL_SKU:"msal.js.browser"},Qe={CHANNEL_ID:"53ee284d-920a-4b59-9d30-a60315b26836",PREFERRED_EXTENSION_ID:"ppnbnpeolgkicgegkbkbjmhlideopiji",MATS_TELEMETRY:"MATS"},Le={HandshakeRequest:"Handshake",HandshakeResponse:"HandshakeResponse",GetToken:"GetToken",Response:"Response"},B={LocalStorage:"localStorage",SessionStorage:"sessionStorage",MemoryStorage:"memoryStorage"},fr={GET:"GET",POST:"POST"},U={ORIGIN_URI:"request.origin",URL_HASH:"urlHash",REQUEST_PARAMS:"request.params",VERIFIER:"code.verifier",INTERACTION_STATUS_KEY:"interaction.status",NATIVE_REQUEST:"request.native"},_e={ACCOUNT_KEYS:"msal.account.keys",TOKEN_KEYS:"msal.token.keys"},Ot={WRAPPER_SKU:"wrapper.sku",WRAPPER_VER:"wrapper.version"},b={acquireTokenRedirect:861,acquireTokenPopup:862,ssoSilent:863,acquireTokenSilent_authCode:864,handleRedirectPromise:865,acquireTokenByCode:866,acquireTokenSilent_silentFlow:61,logout:961,logoutPopup:962};var T;(function(r){r.Redirect="redirect",r.Popup="popup",r.Silent="silent",r.None="none"})(T||(T={}));const Dn={scopes:ze},Ia="jwk",xn="msal.db",Il=1,El=`${xn}.keys`,H={Default:0,AccessToken:1,AccessTokenAndRefreshToken:2,RefreshToken:3,RefreshTokenAndNetwork:4,Skip:5},wl=[H.Default,H.Skip,H.RefreshTokenAndNetwork],vl="msal.browser.log.level",Sl="msal.browser.log.pii";/*! @azure/msal-browser v4.9.0 2025-03-25 */function Pt(r){return encodeURIComponent(Ct(r).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_"))}function Ne(r){return Ea(r).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")}function Ct(r){return Ea(new TextEncoder().encode(r))}function Ea(r){const e=Array.from(r,t=>String.fromCodePoint(t)).join("");return btoa(e)}/*! @azure/msal-browser v4.9.0 2025-03-25 */function se(r){return new TextDecoder().decode(Oe(r))}function Oe(r){let e=r.replace(/-/g,"+").replace(/_/g,"/");switch(e.length%4){case 0:break;case 2:e+="==";break;case 3:e+="=";break;default:throw C(Ca)}const t=atob(e);return Uint8Array.from(t,n=>n.codePointAt(0)||0)}/*! @azure/msal-browser v4.9.0 2025-03-25 */const kl="RSASSA-PKCS1-v1_5",rt="AES-GCM",wa="HKDF",bo="SHA-256",_l=2048,Rl=new Uint8Array([1,0,1]),mr="0123456789abcdef",Cr=new Uint32Array(1),Oo="raw",va="encrypt",Po="decrypt",bl="deriveKey",Ol="crypto_subtle_undefined",No={name:kl,hash:bo,modulusLength:_l,publicExponent:Rl};function Pl(r){if(!window)throw C(pn);if(!window.crypto)throw C(Ln);if(!r&&!window.crypto.subtle)throw C(Ln,Ol)}async function Sa(r,e,t){e==null||e.addQueueMeasurement(l.Sha256Digest,t);const o=new TextEncoder().encode(r);return window.crypto.subtle.digest(bo,o)}function Nl(r){return window.crypto.getRandomValues(r)}function wn(){return window.crypto.getRandomValues(Cr),Cr[0]}function Z(){const r=Date.now(),e=wn()*1024+(wn()&1023),t=new Uint8Array(16),n=Math.trunc(e/2**30),o=e&2**30-1,i=wn();t[0]=r/2**40,t[1]=r/2**32,t[2]=r/2**24,t[3]=r/2**16,t[4]=r/2**8,t[5]=r,t[6]=112|n>>>8,t[7]=n,t[8]=128|o>>>24,t[9]=o>>>16,t[10]=o>>>8,t[11]=o,t[12]=i>>>24,t[13]=i>>>16,t[14]=i>>>8,t[15]=i;let a="";for(let s=0;s<t.length;s++)a+=mr.charAt(t[s]>>>4),a+=mr.charAt(t[s]&15),(s===3||s===5||s===7||s===9)&&(a+="-");return a}async function Ml(r,e){return window.crypto.subtle.generateKey(No,r,e)}async function vn(r){return window.crypto.subtle.exportKey(Ia,r)}async function Ul(r,e,t){return window.crypto.subtle.importKey(Ia,r,No,e,t)}async function Ll(r,e){return window.crypto.subtle.sign(No,r,e)}async function Mo(){const r=await ka(),t={alg:"dir",kty:"oct",k:Ne(new Uint8Array(r))};return Ct(JSON.stringify(t))}async function Hl(r){const e=se(r),n=JSON.parse(e).k,o=Oe(n);return window.crypto.subtle.importKey(Oo,o,rt,!1,[Po])}async function Dl(r,e){const t=e.split(".");if(t.length!==5)throw C(Mt,"jwe_length");const n=await Hl(r).catch(()=>{throw C(Mt,"import_key")});try{const o=new TextEncoder().encode(t[0]),i=Oe(t[2]),a=Oe(t[3]),s=Oe(t[4]),c=s.byteLength*8,d=new Uint8Array(a.length+s.length);d.set(a),d.set(s,a.length);const h=await window.crypto.subtle.decrypt({name:rt,iv:i,tagLength:c,additionalData:o},n,d);return new TextDecoder().decode(h)}catch{throw C(Mt,"decrypt")}}async function ka(){const r=await window.crypto.subtle.generateKey({name:rt,length:256},!0,[va,Po]);return window.crypto.subtle.exportKey(Oo,r)}async function yr(r){return window.crypto.subtle.importKey(Oo,r,wa,!1,[bl])}async function _a(r,e,t){return window.crypto.subtle.deriveKey({name:wa,salt:e,hash:bo,info:new TextEncoder().encode(t)},r,{name:rt,length:256},!1,[va,Po])}async function xl(r,e,t){const n=new TextEncoder().encode(e),o=window.crypto.getRandomValues(new Uint8Array(16)),i=await _a(r,o,t),a=await window.crypto.subtle.encrypt({name:rt,iv:new Uint8Array(12)},i,n);return{data:Ne(new Uint8Array(a)),nonce:Ne(o)}}async function Fl(r,e,t,n){const o=Oe(n),i=await _a(r,Oe(e),t),a=await window.crypto.subtle.decrypt({name:rt,iv:new Uint8Array(12)},i,o);return new TextDecoder().decode(a)}async function Ra(r){const e=await Sa(r),t=new Uint8Array(e);return Ne(t)}/*! @azure/msal-browser v4.9.0 2025-03-25 */const Uo="storage_not_supported",Kl="stubbed_public_client_application_called",ba="in_mem_redirect_unavailable";/*! @azure/msal-browser v4.9.0 2025-03-25 */const Bl={[Uo]:"Given storage configuration option was not supported.",[Kl]:"Stub instance of Public Client Application was called. If using msal-react, please ensure context is not used without a provider. For more visit: aka.ms/msaljs/browser-errors",[ba]:"Redirect cannot be supported. In-memory storage was selected and storeAuthStateInCookie=false, which would cause the library to be unable to handle the incoming hash. If you would like to use the redirect API, please use session/localStorage or set storeAuthStateInCookie=true."};class Lo extends _{constructor(e,t){super(e,t),this.name="BrowserConfigurationAuthError",Object.setPrototypeOf(this,Lo.prototype)}}function Ho(r){return new Lo(r,Bl[r])}/*! @azure/msal-browser v4.9.0 2025-03-25 */function Gl(r){r.location.hash="",typeof r.history.replaceState=="function"&&r.history.replaceState(null,"",`${r.location.origin}${r.location.pathname}${r.location.search}`)}function zl(r){const e=r.split("#");e.shift(),window.location.hash=e.length>0?e.join("#"):""}function Do(){return window.parent!==window}function ql(){return typeof window<"u"&&!!window.opener&&window.opener!==window&&typeof window.name=="string"&&window.name.indexOf(`${Q.POPUP_NAME_PREFIX}.`)===0}function Ae(){return typeof window<"u"&&window.location?window.location.href.split("?")[0].split("#")[0]:""}function $l(){const e=new S(window.location.href).getUrlComponents();return`${e.Protocol}//${e.HostNameAndPort}/`}function Vl(){if(S.hashContainsKnownProperties(window.location.hash)&&Do())throw C(na)}function Ql(r){if(Do()&&!r)throw C(ta)}function Yl(){if(ql())throw C(oa)}function Oa(){if(typeof window>"u")throw C(pn)}function Pa(r){if(!r)throw C(Qt)}function xo(r){Oa(),Vl(),Yl(),Pa(r)}function Tr(r,e){if(xo(r),Ql(e.system.allowRedirectInIframe),e.cache.cacheLocation===B.MemoryStorage&&!e.cache.storeAuthStateInCookie)throw Ho(ba)}function Na(r){const e=document.createElement("link");e.rel="preconnect",e.href=new URL(r).origin,e.crossOrigin="anonymous",document.head.appendChild(e),window.setTimeout(()=>{try{document.head.removeChild(e)}catch{}},1e4)}function jl(){return Z()}/*! @azure/msal-browser v4.9.0 2025-03-25 */class Yt{navigateInternal(e,t){return Yt.defaultNavigateWindow(e,t)}navigateExternal(e,t){return Yt.defaultNavigateWindow(e,t)}static defaultNavigateWindow(e,t){return t.noHistory?window.location.replace(e):window.location.assign(e),new Promise(n=>{setTimeout(()=>{n(!0)},t.timeout)})}}/*! @azure/msal-browser v4.9.0 2025-03-25 */class Wl{async sendGetRequestAsync(e,t){let n,o={},i=0;const a=Ar(t);try{n=await fetch(e,{method:fr.GET,headers:a})}catch{throw C(window.navigator.onLine?ca:Vt)}o=Ir(n.headers);try{return i=n.status,{headers:o,body:await n.json(),status:i}}catch{throw dr(C(Hn),i,o)}}async sendPostRequestAsync(e,t){const n=t&&t.body||"",o=Ar(t);let i,a=0,s={};try{i=await fetch(e,{method:fr.POST,headers:o,body:n})}catch{throw C(window.navigator.onLine?sa:Vt)}s=Ir(i.headers);try{return a=i.status,{headers:s,body:await i.json(),status:a}}catch{throw dr(C(Hn),a,s)}}}function Ar(r){try{const e=new Headers;if(!(r&&r.headers))return e;const t=r.headers;return Object.entries(t).forEach(([n,o])=>{e.append(n,o)}),e}catch{throw C(Ta)}}function Ir(r){try{const e={};return r.forEach((t,n)=>{e[n]=t}),e}catch{throw C(Aa)}}/*! @azure/msal-browser v4.9.0 2025-03-25 */const Jl=6e4,Fn=1e4,Xl=3e4,Zl=2e3;function ed({auth:r,cache:e,system:t,telemetry:n},o){const i={clientId:g.EMPTY_STRING,authority:`${g.DEFAULT_AUTHORITY}`,knownAuthorities:[],cloudDiscoveryMetadata:g.EMPTY_STRING,authorityMetadata:g.EMPTY_STRING,redirectUri:typeof window<"u"?Ae():"",postLogoutRedirectUri:g.EMPTY_STRING,navigateToLoginRequestUrl:!0,clientCapabilities:[],protocolMode:Y.AAD,OIDCOptions:{serverResponseType:Xt.FRAGMENT,defaultScopes:[g.OPENID_SCOPE,g.PROFILE_SCOPE,g.OFFLINE_ACCESS_SCOPE]},azureCloudOptions:{azureCloudInstance:to.None,tenant:g.EMPTY_STRING},skipAuthorityMetadataCache:!1,supportsNestedAppAuth:!1,instanceAware:!1},a={cacheLocation:B.SessionStorage,temporaryCacheLocation:B.SessionStorage,storeAuthStateInCookie:!1,secureCookies:!1,cacheMigrationEnabled:!!(e&&e.cacheLocation===B.LocalStorage),claimsBasedCachingEnabled:!1},s={loggerCallback:()=>{},logLevel:N.Info,piiLoggingEnabled:!1},d={...{...yi,loggerOptions:s,networkClient:o?new Wl:il,navigationClient:new Yt,loadFrameTimeout:0,windowHashTimeout:(t==null?void 0:t.loadFrameTimeout)||Jl,iframeHashTimeout:(t==null?void 0:t.loadFrameTimeout)||Fn,navigateFrameWait:0,redirectNavigationTimeout:Xl,asyncPopups:!1,allowRedirectInIframe:!1,allowPlatformBroker:!1,nativeBrokerHandshakeTimeout:(t==null?void 0:t.nativeBrokerHandshakeTimeout)||Zl,pollIntervalMilliseconds:Q.DEFAULT_POLL_INTERVAL_MS},...t,loggerOptions:(t==null?void 0:t.loggerOptions)||s},h={application:{appName:g.EMPTY_STRING,appVersion:g.EMPTY_STRING},client:new pl};if((r==null?void 0:r.protocolMode)!==Y.OIDC&&(r!=null&&r.OIDCOptions)&&new Ee(d.loggerOptions).warning(JSON.stringify(R(di))),r!=null&&r.protocolMode&&r.protocolMode===Y.OIDC&&(d!=null&&d.allowPlatformBroker))throw R(hi);const u={auth:{...i,...r,OIDCOptions:{...i.OIDCOptions,...r==null?void 0:r.OIDCOptions}},cache:{...a,...e},system:d,telemetry:{...h,...n}};return u.auth.protocolMode===Y.EAR&&(new Ee(d.loggerOptions).warning("EAR Protocol Mode is not yet supported. Overriding to use PKCE auth"),u.auth.protocolMode=Y.AAD),u}/*! @azure/msal-browser v4.9.0 2025-03-25 */const td="@azure/msal-browser",it="4.9.0";/*! @azure/msal-browser v4.9.0 2025-03-25 */class fn{static loggerCallback(e,t){switch(e){case N.Error:console.error(t);return;case N.Info:console.info(t);return;case N.Verbose:console.debug(t);return;case N.Warning:console.warn(t);return;default:console.log(t);return}}constructor(e){var c;this.browserEnvironment=typeof window<"u",this.config=ed(e,this.browserEnvironment);let t;try{t=window[B.SessionStorage]}catch{}const n=t==null?void 0:t.getItem(vl),o=(c=t==null?void 0:t.getItem(Sl))==null?void 0:c.toLowerCase(),i=o==="true"?!0:o==="false"?!1:void 0,a={...this.config.system.loggerOptions},s=n&&Object.keys(N).includes(n)?N[n]:void 0;s&&(a.loggerCallback=fn.loggerCallback,a.logLevel=s),i!==void 0&&(a.piiLoggingEnabled=i),this.logger=new Ee(a,td,it),this.available=!1}getConfig(){return this.config}getLogger(){return this.logger}isAvailable(){return this.available}isBrowserEnvironment(){return this.browserEnvironment}}/*! @azure/msal-browser v4.9.0 2025-03-25 */const me={UserInteractionRequired:"USER_INTERACTION_REQUIRED",UserCancel:"USER_CANCEL",NoNetwork:"NO_NETWORK",TransientError:"TRANSIENT_ERROR",PersistentError:"PERSISTENT_ERROR",Disabled:"DISABLED",AccountUnavailable:"ACCOUNT_UNAVAILABLE",NestedAppAuthUnavailable:"NESTED_APP_AUTH_UNAVAILABLE"};/*! @azure/msal-browser v4.9.0 2025-03-25 */class ${static async initializeNestedAppAuthBridge(){if(window===void 0)throw new Error("window is undefined");if(window.nestedAppAuthBridge===void 0)throw new Error("window.nestedAppAuthBridge is undefined");try{window.nestedAppAuthBridge.addEventListener("message",t=>{const n=typeof t=="string"?t:t.data,o=JSON.parse(n),i=$.bridgeRequests.find(a=>a.requestId===o.requestId);i!==void 0&&($.bridgeRequests.splice($.bridgeRequests.indexOf(i),1),o.success?i.resolve(o):i.reject(o.error))});const e=await new Promise((t,n)=>{const o=$.buildRequest("GetInitContext"),i={requestId:o.requestId,method:o.method,resolve:t,reject:n};$.bridgeRequests.push(i),window.nestedAppAuthBridge.postMessage(JSON.stringify(o))});return $.validateBridgeResultOrThrow(e.initContext)}catch(e){throw window.console.log(e),e}}getTokenInteractive(e){return this.getToken("GetTokenPopup",e)}getTokenSilent(e){return this.getToken("GetToken",e)}async getToken(e,t){const n=await this.sendRequest(e,{tokenParams:t});return{token:$.validateBridgeResultOrThrow(n.token),account:$.validateBridgeResultOrThrow(n.account)}}getHostCapabilities(){return this.capabilities??null}getAccountContext(){return this.accountContext?this.accountContext:null}static buildRequest(e,t){return{messageType:"NestedAppAuthRequest",method:e,requestId:Z(),sendTime:Date.now(),clientLibrary:Q.MSAL_SKU,clientLibraryVersion:it,...t}}sendRequest(e,t){const n=$.buildRequest(e,t);return new Promise((i,a)=>{const s={requestId:n.requestId,method:n.method,resolve:i,reject:a};$.bridgeRequests.push(s),window.nestedAppAuthBridge.postMessage(JSON.stringify(n))})}static validateBridgeResultOrThrow(e){if(e===void 0)throw{status:me.NestedAppAuthUnavailable};return e}constructor(e,t,n,o){this.sdkName=e,this.sdkVersion=t,this.accountContext=n,this.capabilities=o}static async create(){const e=await $.initializeNestedAppAuthBridge();return new $(e.sdkName,e.sdkVersion,e.accountContext,e.capabilities)}}$.bridgeRequests=[];/*! @azure/msal-browser v4.9.0 2025-03-25 */class nt extends fn{constructor(){super(...arguments),this.bridgeProxy=void 0,this.accountContext=null}getModuleName(){return nt.MODULE_NAME}getId(){return nt.ID}getBridgeProxy(){return this.bridgeProxy}async initialize(){try{if(typeof window<"u"){typeof window.__initializeNestedAppAuth=="function"&&await window.__initializeNestedAppAuth();const e=await $.create();this.accountContext=e.getAccountContext(),this.bridgeProxy=e,this.available=e!==void 0}}catch(e){this.logger.infoPii(`Could not initialize Nested App Auth bridge (${e})`)}return this.logger.info(`Nested App Auth Bridge available: ${this.available}`),this.available}}nt.MODULE_NAME="";nt.ID="NestedAppOperatingContext";/*! @azure/msal-browser v4.9.0 2025-03-25 */class Ge extends fn{getModuleName(){return Ge.MODULE_NAME}getId(){return Ge.ID}async initialize(){return this.available=typeof window<"u",this.available}}Ge.MODULE_NAME="";Ge.ID="StandardOperatingContext";/*! @azure/msal-browser v4.9.0 2025-03-25 */class nd{constructor(){this.dbName=xn,this.version=Il,this.tableName=El,this.dbOpen=!1}async open(){return new Promise((e,t)=>{const n=window.indexedDB.open(this.dbName,this.version);n.addEventListener("upgradeneeded",o=>{o.target.result.createObjectStore(this.tableName)}),n.addEventListener("success",o=>{const i=o;this.db=i.target.result,this.dbOpen=!0,e()}),n.addEventListener("error",()=>t(C(_o)))})}closeConnection(){const e=this.db;e&&this.dbOpen&&(e.close(),this.dbOpen=!1)}async validateDbIsOpen(){if(!this.dbOpen)return this.open()}async getItem(e){return await this.validateDbIsOpen(),new Promise((t,n)=>{if(!this.db)return n(C($e));const a=this.db.transaction([this.tableName],"readonly").objectStore(this.tableName).get(e);a.addEventListener("success",s=>{const c=s;this.closeConnection(),t(c.target.result)}),a.addEventListener("error",s=>{this.closeConnection(),n(s)})})}async setItem(e,t){return await this.validateDbIsOpen(),new Promise((n,o)=>{if(!this.db)return o(C($e));const s=this.db.transaction([this.tableName],"readwrite").objectStore(this.tableName).put(t,e);s.addEventListener("success",()=>{this.closeConnection(),n()}),s.addEventListener("error",c=>{this.closeConnection(),o(c)})})}async removeItem(e){return await this.validateDbIsOpen(),new Promise((t,n)=>{if(!this.db)return n(C($e));const a=this.db.transaction([this.tableName],"readwrite").objectStore(this.tableName).delete(e);a.addEventListener("success",()=>{this.closeConnection(),t()}),a.addEventListener("error",s=>{this.closeConnection(),n(s)})})}async getKeys(){return await this.validateDbIsOpen(),new Promise((e,t)=>{if(!this.db)return t(C($e));const i=this.db.transaction([this.tableName],"readonly").objectStore(this.tableName).getAllKeys();i.addEventListener("success",a=>{const s=a;this.closeConnection(),e(s.target.result)}),i.addEventListener("error",a=>{this.closeConnection(),t(a)})})}async containsKey(e){return await this.validateDbIsOpen(),new Promise((t,n)=>{if(!this.db)return n(C($e));const a=this.db.transaction([this.tableName],"readonly").objectStore(this.tableName).count(e);a.addEventListener("success",s=>{const c=s;this.closeConnection(),t(c.target.result===1)}),a.addEventListener("error",s=>{this.closeConnection(),n(s)})})}async deleteDatabase(){return this.db&&this.dbOpen&&this.closeConnection(),new Promise((e,t)=>{const n=window.indexedDB.deleteDatabase(xn),o=setTimeout(()=>t(!1),200);n.addEventListener("success",()=>(clearTimeout(o),e(!0))),n.addEventListener("blocked",()=>(clearTimeout(o),e(!0))),n.addEventListener("error",()=>(clearTimeout(o),t(!1)))})}}/*! @azure/msal-browser v4.9.0 2025-03-25 */class mn{constructor(){this.cache=new Map}async initialize(){}getItem(e){return this.cache.get(e)||null}getUserData(e){return this.getItem(e)}setItem(e,t){this.cache.set(e,t)}async setUserData(e,t){this.setItem(e,t)}removeItem(e){this.cache.delete(e)}getKeys(){const e=[];return this.cache.forEach((t,n)=>{e.push(n)}),e}containsKey(e){return this.cache.has(e)}clear(){this.cache.clear()}}/*! @azure/msal-browser v4.9.0 2025-03-25 */class od{constructor(e){this.inMemoryCache=new mn,this.indexedDBCache=new nd,this.logger=e}handleDatabaseAccessError(e){if(e instanceof At&&e.errorCode===_o)this.logger.error("Could not access persistent storage. This may be caused by browser privacy features which block persistent storage in third-party contexts.");else throw e}async getItem(e){const t=this.inMemoryCache.getItem(e);if(!t)try{return this.logger.verbose("Queried item not found in in-memory cache, now querying persistent storage."),await this.indexedDBCache.getItem(e)}catch(n){this.handleDatabaseAccessError(n)}return t}async setItem(e,t){this.inMemoryCache.setItem(e,t);try{await this.indexedDBCache.setItem(e,t)}catch(n){this.handleDatabaseAccessError(n)}}async removeItem(e){this.inMemoryCache.removeItem(e);try{await this.indexedDBCache.removeItem(e)}catch(t){this.handleDatabaseAccessError(t)}}async getKeys(){const e=this.inMemoryCache.getKeys();if(e.length===0)try{return this.logger.verbose("In-memory cache is empty, now querying persistent storage."),await this.indexedDBCache.getKeys()}catch(t){this.handleDatabaseAccessError(t)}return e}async containsKey(e){const t=this.inMemoryCache.containsKey(e);if(!t)try{return this.logger.verbose("Key not found in in-memory cache, now querying persistent storage."),await this.indexedDBCache.containsKey(e)}catch(n){this.handleDatabaseAccessError(n)}return t}clearInMemory(){this.logger.verbose("Deleting in-memory keystore"),this.inMemoryCache.clear(),this.logger.verbose("In-memory keystore deleted")}async clearPersistent(){try{this.logger.verbose("Deleting persistent keystore");const e=await this.indexedDBCache.deleteDatabase();return e&&this.logger.verbose("Persistent keystore deleted"),e}catch(e){return this.handleDatabaseAccessError(e),!1}}}/*! @azure/msal-browser v4.9.0 2025-03-25 */class pe{constructor(e,t,n){this.logger=e,Pl(n??!1),this.cache=new od(this.logger),this.performanceClient=t}createNewGuid(){return Z()}base64Encode(e){return Ct(e)}base64Decode(e){return se(e)}base64UrlEncode(e){return Pt(e)}encodeKid(e){return this.base64UrlEncode(JSON.stringify({kid:e}))}async getPublicKeyThumbprint(e){var h;const t=(h=this.performanceClient)==null?void 0:h.startMeasurement(l.CryptoOptsGetPublicKeyThumbprint,e.correlationId),n=await Ml(pe.EXTRACTABLE,pe.POP_KEY_USAGES),o=await vn(n.publicKey),i={e:o.e,kty:o.kty,n:o.n},a=Er(i),s=await this.hashString(a),c=await vn(n.privateKey),d=await Ul(c,!1,["sign"]);return await this.cache.setItem(s,{privateKey:d,publicKey:n.publicKey,requestMethod:e.resourceRequestMethod,requestUri:e.resourceRequestUri}),t&&t.end({success:!0}),s}async removeTokenBindingKey(e){return await this.cache.removeItem(e),!await this.cache.containsKey(e)}async clearKeystore(){this.cache.clearInMemory();try{return await this.cache.clearPersistent(),!0}catch(e){return e instanceof Error?this.logger.error(`Clearing keystore failed with error: ${e.message}`):this.logger.error("Clearing keystore failed with unknown error"),!1}}async signJwt(e,t,n,o){var ve;const i=(ve=this.performanceClient)==null?void 0:ve.startMeasurement(l.CryptoOptsSignJwt,o),a=await this.cache.getItem(t);if(!a)throw C(ko);const s=await vn(a.publicKey),c=Er(s),d=Pt(JSON.stringify({kid:t})),h=Eo.getShrHeaderString({...n==null?void 0:n.header,alg:s.alg,kid:d}),u=Pt(h);e.cnf={jwk:JSON.parse(c)};const m=Pt(JSON.stringify(e)),A=`${u}.${m}`,w=new TextEncoder().encode(A),D=await Ll(a.privateKey,w),W=Ne(new Uint8Array(D)),ee=`${A}.${W}`;return i&&i.end({success:!0}),ee}async hashString(e){return Ra(e)}}pe.POP_KEY_USAGES=["sign","verify"];pe.EXTRACTABLE=!0;function Er(r){return JSON.stringify(r,Object.keys(r).sort())}/*! @azure/msal-browser v4.9.0 2025-03-25 */const rd=24*60*60*1e3,Kn={Lax:"Lax",None:"None"};class Ma{initialize(){return Promise.resolve()}getItem(e){const t=`${encodeURIComponent(e)}`,n=document.cookie.split(";");for(let o=0;o<n.length;o++){const i=n[o],[a,...s]=decodeURIComponent(i).trim().split("="),c=s.join("=");if(a===t)return c}return""}getUserData(){throw f(v)}setItem(e,t,n,o=!0,i=Kn.Lax){let a=`${encodeURIComponent(e)}=${encodeURIComponent(t)};path=/;SameSite=${i};`;if(n){const s=id(n);a+=`expires=${s};`}(o||i===Kn.None)&&(a+="Secure;"),document.cookie=a}async setUserData(){return Promise.reject(f(v))}removeItem(e){this.setItem(e,"",-1)}getKeys(){const e=document.cookie.split(";"),t=[];return e.forEach(n=>{const o=decodeURIComponent(n).trim().split("=");t.push(o[0])}),t}containsKey(e){return this.getKeys().includes(e)}}function id(r){const e=new Date;return new Date(e.getTime()+r*rd).toUTCString()}/*! @azure/msal-browser v4.9.0 2025-03-25 */function Bn(r){const e=r.getItem(_e.ACCOUNT_KEYS);return e?JSON.parse(e):[]}function Gn(r,e){const t=e.getItem(`${_e.TOKEN_KEYS}.${r}`);if(t){const n=JSON.parse(t);if(n&&n.hasOwnProperty("idToken")&&n.hasOwnProperty("accessToken")&&n.hasOwnProperty("refreshToken"))return n}return{idToken:[],accessToken:[],refreshToken:[]}}/*! @azure/msal-browser v4.9.0 2025-03-25 */const wr="msal.cache.encryption",ad="msal.broadcast.cache";class sd{constructor(e,t,n){if(!window.localStorage)throw Ho(Uo);this.memoryStorage=new mn,this.initialized=!1,this.clientId=e,this.logger=t,this.performanceClient=n,this.broadcast=new BroadcastChannel(ad)}async initialize(e){this.initialized=!0;const t=new Ma,n=t.getItem(wr);let o={key:"",id:""};if(n)try{o=JSON.parse(n)}catch{}if(o.key&&o.id){const i=ce(Oe,l.Base64Decode,this.logger,this.performanceClient,e)(o.key);this.encryptionCookie={id:o.id,key:await p(yr,l.GenerateHKDF,this.logger,this.performanceClient,e)(i)},await p(this.importExistingCache.bind(this),l.ImportExistingCache,this.logger,this.performanceClient,e)(e)}else{this.clear();const i=Z(),a=await p(ka,l.GenerateBaseKey,this.logger,this.performanceClient,e)(),s=ce(Ne,l.UrlEncodeArr,this.logger,this.performanceClient,e)(new Uint8Array(a));this.encryptionCookie={id:i,key:await p(yr,l.GenerateHKDF,this.logger,this.performanceClient,e)(a)};const c={id:i,key:s};t.setItem(wr,JSON.stringify(c),0,!0,Kn.None)}this.broadcast.addEventListener("message",this.updateCache.bind(this))}getItem(e){return window.localStorage.getItem(e)}getUserData(e){if(!this.initialized)throw C(Qt);return this.memoryStorage.getItem(e)}setItem(e,t){window.localStorage.setItem(e,t)}async setUserData(e,t,n){if(!this.initialized||!this.encryptionCookie)throw C(Qt);const{data:o,nonce:i}=await p(xl,l.Encrypt,this.logger,this.performanceClient,n)(this.encryptionCookie.key,t,this.getContext(e)),a={id:this.encryptionCookie.id,nonce:i,data:o};this.memoryStorage.setItem(e,t),this.setItem(e,JSON.stringify(a)),this.broadcast.postMessage({key:e,value:t,context:this.getContext(e)})}removeItem(e){this.memoryStorage.containsKey(e)&&(this.memoryStorage.removeItem(e),this.broadcast.postMessage({key:e,value:null,context:this.getContext(e)})),window.localStorage.removeItem(e)}getKeys(){return Object.keys(window.localStorage)}containsKey(e){return window.localStorage.hasOwnProperty(e)}clear(){this.memoryStorage.clear(),Bn(this).forEach(n=>this.removeItem(n));const t=Gn(this.clientId,this);t.idToken.forEach(n=>this.removeItem(n)),t.accessToken.forEach(n=>this.removeItem(n)),t.refreshToken.forEach(n=>this.removeItem(n)),this.getKeys().forEach(n=>{(n.startsWith(g.CACHE_PREFIX)||n.indexOf(this.clientId)!==-1)&&this.removeItem(n)})}async importExistingCache(e){if(!this.encryptionCookie)return;let t=Bn(this);t=await this.importArray(t,e),this.setItem(_e.ACCOUNT_KEYS,JSON.stringify(t));const n=Gn(this.clientId,this);n.idToken=await this.importArray(n.idToken,e),n.accessToken=await this.importArray(n.accessToken,e),n.refreshToken=await this.importArray(n.refreshToken,e),this.setItem(`${_e.TOKEN_KEYS}.${this.clientId}`,JSON.stringify(n))}async getItemFromEncryptedCache(e,t){if(!this.encryptionCookie)return null;const n=this.getItem(e);if(!n)return null;let o;try{o=JSON.parse(n)}catch{return null}return!o.id||!o.nonce||!o.data?(this.performanceClient.incrementFields({unencryptedCacheCount:1},t),null):o.id!==this.encryptionCookie.id?(this.performanceClient.incrementFields({encryptedCacheExpiredCount:1},t),null):p(Fl,l.Decrypt,this.logger,this.performanceClient,t)(this.encryptionCookie.key,o.nonce,this.getContext(e),o.data)}async importArray(e,t){const n=[],o=[];return e.forEach(i=>{const a=this.getItemFromEncryptedCache(i,t).then(s=>{s?(this.memoryStorage.setItem(i,s),n.push(i)):this.removeItem(i)});o.push(a)}),await Promise.all(o),n}getContext(e){let t="";return e.includes(this.clientId)&&(t=this.clientId),t}updateCache(e){this.logger.trace("Updating internal cache from broadcast event");const t=this.performanceClient.startMeasurement(l.LocalStorageUpdated);t.add({isBackground:!0});const{key:n,value:o,context:i}=e.data;if(!n){this.logger.error("Broadcast event missing key"),t.end({success:!1,errorCode:"noKey"});return}if(i&&i!==this.clientId){this.logger.trace(`Ignoring broadcast event from clientId: ${i}`),t.end({success:!1,errorCode:"contextMismatch"});return}o?(this.memoryStorage.setItem(n,o),this.logger.verbose("Updated item in internal cache")):(this.memoryStorage.removeItem(n),this.logger.verbose("Removed item from internal cache")),t.end({success:!0})}}/*! @azure/msal-browser v4.9.0 2025-03-25 */class cd{constructor(){if(!window.sessionStorage)throw Ho(Uo)}async initialize(){}getItem(e){return window.sessionStorage.getItem(e)}getUserData(e){return this.getItem(e)}setItem(e,t){window.sessionStorage.setItem(e,t)}async setUserData(e,t){this.setItem(e,t)}removeItem(e){window.sessionStorage.removeItem(e)}getKeys(){return Object.keys(window.sessionStorage)}containsKey(e){return window.sessionStorage.hasOwnProperty(e)}}/*! @azure/msal-browser v4.9.0 2025-03-25 */const y={INITIALIZE_START:"msal:initializeStart",INITIALIZE_END:"msal:initializeEnd",ACCOUNT_ADDED:"msal:accountAdded",ACCOUNT_REMOVED:"msal:accountRemoved",ACTIVE_ACCOUNT_CHANGED:"msal:activeAccountChanged",LOGIN_START:"msal:loginStart",LOGIN_SUCCESS:"msal:loginSuccess",LOGIN_FAILURE:"msal:loginFailure",ACQUIRE_TOKEN_START:"msal:acquireTokenStart",ACQUIRE_TOKEN_SUCCESS:"msal:acquireTokenSuccess",ACQUIRE_TOKEN_FAILURE:"msal:acquireTokenFailure",ACQUIRE_TOKEN_NETWORK_START:"msal:acquireTokenFromNetworkStart",SSO_SILENT_START:"msal:ssoSilentStart",SSO_SILENT_SUCCESS:"msal:ssoSilentSuccess",SSO_SILENT_FAILURE:"msal:ssoSilentFailure",ACQUIRE_TOKEN_BY_CODE_START:"msal:acquireTokenByCodeStart",ACQUIRE_TOKEN_BY_CODE_SUCCESS:"msal:acquireTokenByCodeSuccess",ACQUIRE_TOKEN_BY_CODE_FAILURE:"msal:acquireTokenByCodeFailure",HANDLE_REDIRECT_START:"msal:handleRedirectStart",HANDLE_REDIRECT_END:"msal:handleRedirectEnd",POPUP_OPENED:"msal:popupOpened",LOGOUT_START:"msal:logoutStart",LOGOUT_SUCCESS:"msal:logoutSuccess",LOGOUT_FAILURE:"msal:logoutFailure",LOGOUT_END:"msal:logoutEnd",RESTORE_FROM_BFCACHE:"msal:restoreFromBFCache"};/*! @azure/msal-browser v4.9.0 2025-03-25 */class jt extends Nn{constructor(e,t,n,o,i,a,s){super(e,n,o,s),this.cacheConfig=t,this.logger=o,this.internalStorage=new mn,this.browserStorage=vr(e,t.cacheLocation,o,i),this.temporaryCacheStorage=vr(e,t.temporaryCacheLocation,o,i),this.cookieStorage=new Ma,this.performanceClient=i,this.eventHandler=a}async initialize(e){await this.browserStorage.initialize(e)}validateAndParseJson(e){try{const t=JSON.parse(e);return t&&typeof t=="object"?t:null}catch{return null}}getAccount(e){this.logger.trace("BrowserCacheManager.getAccount called");const t=this.browserStorage.getUserData(e);if(!t)return this.removeAccountKeyFromMap(e),null;const n=this.validateAndParseJson(t);return!n||!q.isAccountEntity(n)?(this.removeAccountKeyFromMap(e),null):Nn.toObject(new q,n)}async setAccount(e,t){this.logger.trace("BrowserCacheManager.setAccount called");const n=e.generateAccountKey();await p(this.browserStorage.setUserData.bind(this.browserStorage),l.SetUserData,this.logger,this.performanceClient)(n,JSON.stringify(e),t);const o=this.addAccountKeyToMap(n);this.cacheConfig.cacheLocation===B.LocalStorage&&o&&this.eventHandler.emitEvent(y.ACCOUNT_ADDED,void 0,e.getAccountInfo())}getAccountKeys(){return Bn(this.browserStorage)}addAccountKeyToMap(e){this.logger.trace("BrowserCacheManager.addAccountKeyToMap called"),this.logger.tracePii(`BrowserCacheManager.addAccountKeyToMap called with key: ${e}`);const t=this.getAccountKeys();return t.indexOf(e)===-1?(t.push(e),this.browserStorage.setItem(_e.ACCOUNT_KEYS,JSON.stringify(t)),this.logger.verbose("BrowserCacheManager.addAccountKeyToMap account key added"),!0):(this.logger.verbose("BrowserCacheManager.addAccountKeyToMap account key already exists in map"),!1)}removeAccountKeyFromMap(e){this.logger.trace("BrowserCacheManager.removeAccountKeyFromMap called"),this.logger.tracePii(`BrowserCacheManager.removeAccountKeyFromMap called with key: ${e}`);const t=this.getAccountKeys(),n=t.indexOf(e);n>-1?(t.splice(n,1),this.browserStorage.setItem(_e.ACCOUNT_KEYS,JSON.stringify(t)),this.logger.trace("BrowserCacheManager.removeAccountKeyFromMap account key removed")):this.logger.trace("BrowserCacheManager.removeAccountKeyFromMap key not found in existing map")}async removeAccount(e){super.removeAccount(e),this.removeAccountKeyFromMap(e)}async removeAccountContext(e){await super.removeAccountContext(e),this.cacheConfig.cacheLocation===B.LocalStorage&&this.eventHandler.emitEvent(y.ACCOUNT_REMOVED,void 0,e.getAccountInfo())}removeIdToken(e){super.removeIdToken(e),this.removeTokenKey(e,I.ID_TOKEN)}async removeAccessToken(e){super.removeAccessToken(e),this.removeTokenKey(e,I.ACCESS_TOKEN)}removeRefreshToken(e){super.removeRefreshToken(e),this.removeTokenKey(e,I.REFRESH_TOKEN)}getTokenKeys(){return Gn(this.clientId,this.browserStorage)}addTokenKey(e,t){this.logger.trace("BrowserCacheManager addTokenKey called");const n=this.getTokenKeys();switch(t){case I.ID_TOKEN:n.idToken.indexOf(e)===-1&&(this.logger.info("BrowserCacheManager: addTokenKey - idToken added to map"),n.idToken.push(e));break;case I.ACCESS_TOKEN:n.accessToken.indexOf(e)===-1&&(this.logger.info("BrowserCacheManager: addTokenKey - accessToken added to map"),n.accessToken.push(e));break;case I.REFRESH_TOKEN:n.refreshToken.indexOf(e)===-1&&(this.logger.info("BrowserCacheManager: addTokenKey - refreshToken added to map"),n.refreshToken.push(e));break;default:throw this.logger.error(`BrowserCacheManager:addTokenKey - CredentialType provided invalid. CredentialType: ${t}`),f(On)}this.browserStorage.setItem(`${_e.TOKEN_KEYS}.${this.clientId}`,JSON.stringify(n))}removeTokenKey(e,t){this.logger.trace("BrowserCacheManager removeTokenKey called");const n=this.getTokenKeys();switch(t){case I.ID_TOKEN:this.logger.infoPii(`BrowserCacheManager: removeTokenKey - attempting to remove idToken with key: ${e} from map`);const o=n.idToken.indexOf(e);o>-1?(this.logger.info("BrowserCacheManager: removeTokenKey - idToken removed from map"),n.idToken.splice(o,1)):this.logger.info("BrowserCacheManager: removeTokenKey - idToken does not exist in map. Either it was previously removed or it was never added.");break;case I.ACCESS_TOKEN:this.logger.infoPii(`BrowserCacheManager: removeTokenKey - attempting to remove accessToken with key: ${e} from map`);const i=n.accessToken.indexOf(e);i>-1?(this.logger.info("BrowserCacheManager: removeTokenKey - accessToken removed from map"),n.accessToken.splice(i,1)):this.logger.info("BrowserCacheManager: removeTokenKey - accessToken does not exist in map. Either it was previously removed or it was never added.");break;case I.REFRESH_TOKEN:this.logger.infoPii(`BrowserCacheManager: removeTokenKey - attempting to remove refreshToken with key: ${e} from map`);const a=n.refreshToken.indexOf(e);a>-1?(this.logger.info("BrowserCacheManager: removeTokenKey - refreshToken removed from map"),n.refreshToken.splice(a,1)):this.logger.info("BrowserCacheManager: removeTokenKey - refreshToken does not exist in map. Either it was previously removed or it was never added.");break;default:throw this.logger.error(`BrowserCacheManager:removeTokenKey - CredentialType provided invalid. CredentialType: ${t}`),f(On)}this.browserStorage.setItem(`${_e.TOKEN_KEYS}.${this.clientId}`,JSON.stringify(n))}getIdTokenCredential(e){const t=this.browserStorage.getUserData(e);if(!t)return this.logger.trace("BrowserCacheManager.getIdTokenCredential: called, no cache hit"),this.removeTokenKey(e,I.ID_TOKEN),null;const n=this.validateAndParseJson(t);return!n||!As(n)?(this.logger.trace("BrowserCacheManager.getIdTokenCredential: called, no cache hit"),this.removeTokenKey(e,I.ID_TOKEN),null):(this.logger.trace("BrowserCacheManager.getIdTokenCredential: cache hit"),n)}async setIdTokenCredential(e,t){this.logger.trace("BrowserCacheManager.setIdTokenCredential called");const n=ht(e);await p(this.browserStorage.setUserData.bind(this.browserStorage),l.SetUserData,this.logger,this.performanceClient)(n,JSON.stringify(e),t),this.addTokenKey(n,I.ID_TOKEN)}getAccessTokenCredential(e){const t=this.browserStorage.getUserData(e);if(!t)return this.logger.trace("BrowserCacheManager.getAccessTokenCredential: called, no cache hit"),this.removeTokenKey(e,I.ACCESS_TOKEN),null;const n=this.validateAndParseJson(t);return!n||!Ts(n)?(this.logger.trace("BrowserCacheManager.getAccessTokenCredential: called, no cache hit"),this.removeTokenKey(e,I.ACCESS_TOKEN),null):(this.logger.trace("BrowserCacheManager.getAccessTokenCredential: cache hit"),n)}async setAccessTokenCredential(e,t){this.logger.trace("BrowserCacheManager.setAccessTokenCredential called");const n=ht(e);await p(this.browserStorage.setUserData.bind(this.browserStorage),l.SetUserData,this.logger,this.performanceClient)(n,JSON.stringify(e),t),this.addTokenKey(n,I.ACCESS_TOKEN)}getRefreshTokenCredential(e){const t=this.browserStorage.getUserData(e);if(!t)return this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: called, no cache hit"),this.removeTokenKey(e,I.REFRESH_TOKEN),null;const n=this.validateAndParseJson(t);return!n||!Is(n)?(this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: called, no cache hit"),this.removeTokenKey(e,I.REFRESH_TOKEN),null):(this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: cache hit"),n)}async setRefreshTokenCredential(e,t){this.logger.trace("BrowserCacheManager.setRefreshTokenCredential called");const n=ht(e);await p(this.browserStorage.setUserData.bind(this.browserStorage),l.SetUserData,this.logger,this.performanceClient)(n,JSON.stringify(e),t),this.addTokenKey(n,I.REFRESH_TOKEN)}getAppMetadata(e){const t=this.browserStorage.getItem(e);if(!t)return this.logger.trace("BrowserCacheManager.getAppMetadata: called, no cache hit"),null;const n=this.validateAndParseJson(t);return!n||!Os(e,n)?(this.logger.trace("BrowserCacheManager.getAppMetadata: called, no cache hit"),null):(this.logger.trace("BrowserCacheManager.getAppMetadata: cache hit"),n)}setAppMetadata(e){this.logger.trace("BrowserCacheManager.setAppMetadata called");const t=bs(e);this.browserStorage.setItem(t,JSON.stringify(e))}getServerTelemetry(e){const t=this.browserStorage.getItem(e);if(!t)return this.logger.trace("BrowserCacheManager.getServerTelemetry: called, no cache hit"),null;const n=this.validateAndParseJson(t);return!n||!_s(e,n)?(this.logger.trace("BrowserCacheManager.getServerTelemetry: called, no cache hit"),null):(this.logger.trace("BrowserCacheManager.getServerTelemetry: cache hit"),n)}setServerTelemetry(e,t){this.logger.trace("BrowserCacheManager.setServerTelemetry called"),this.browserStorage.setItem(e,JSON.stringify(t))}getAuthorityMetadata(e){const t=this.internalStorage.getItem(e);if(!t)return this.logger.trace("BrowserCacheManager.getAuthorityMetadata: called, no cache hit"),null;const n=this.validateAndParseJson(t);return n&&Ps(e,n)?(this.logger.trace("BrowserCacheManager.getAuthorityMetadata: cache hit"),n):null}getAuthorityMetadataKeys(){return this.internalStorage.getKeys().filter(t=>this.isAuthorityMetadata(t))}setWrapperMetadata(e,t){this.internalStorage.setItem(Ot.WRAPPER_SKU,e),this.internalStorage.setItem(Ot.WRAPPER_VER,t)}getWrapperMetadata(){const e=this.internalStorage.getItem(Ot.WRAPPER_SKU)||g.EMPTY_STRING,t=this.internalStorage.getItem(Ot.WRAPPER_VER)||g.EMPTY_STRING;return[e,t]}setAuthorityMetadata(e,t){this.logger.trace("BrowserCacheManager.setAuthorityMetadata called"),this.internalStorage.setItem(e,JSON.stringify(t))}getActiveAccount(){const e=this.generateCacheKey(Jo.ACTIVE_ACCOUNT_FILTERS),t=this.browserStorage.getItem(e);if(!t)return this.logger.trace("BrowserCacheManager.getActiveAccount: No active account filters found"),null;const n=this.validateAndParseJson(t);return n?(this.logger.trace("BrowserCacheManager.getActiveAccount: Active account filters schema found"),this.getAccountInfoFilteredBy({homeAccountId:n.homeAccountId,localAccountId:n.localAccountId,tenantId:n.tenantId})):(this.logger.trace("BrowserCacheManager.getActiveAccount: No active account found"),null)}setActiveAccount(e){const t=this.generateCacheKey(Jo.ACTIVE_ACCOUNT_FILTERS);if(e){this.logger.verbose("setActiveAccount: Active account set");const n={homeAccountId:e.homeAccountId,localAccountId:e.localAccountId,tenantId:e.tenantId};this.browserStorage.setItem(t,JSON.stringify(n))}else this.logger.verbose("setActiveAccount: No account passed, active account not set"),this.browserStorage.removeItem(t);this.eventHandler.emitEvent(y.ACTIVE_ACCOUNT_CHANGED)}getThrottlingCache(e){const t=this.browserStorage.getItem(e);if(!t)return this.logger.trace("BrowserCacheManager.getThrottlingCache: called, no cache hit"),null;const n=this.validateAndParseJson(t);return!n||!Rs(e,n)?(this.logger.trace("BrowserCacheManager.getThrottlingCache: called, no cache hit"),null):(this.logger.trace("BrowserCacheManager.getThrottlingCache: cache hit"),n)}setThrottlingCache(e,t){this.logger.trace("BrowserCacheManager.setThrottlingCache called"),this.browserStorage.setItem(e,JSON.stringify(t))}getTemporaryCache(e,t){const n=t?this.generateCacheKey(e):e;if(this.cacheConfig.storeAuthStateInCookie){const i=this.cookieStorage.getItem(n);if(i)return this.logger.trace("BrowserCacheManager.getTemporaryCache: storeAuthStateInCookies set to true, retrieving from cookies"),i}const o=this.temporaryCacheStorage.getItem(n);if(!o){if(this.cacheConfig.cacheLocation===B.LocalStorage){const i=this.browserStorage.getItem(n);if(i)return this.logger.trace("BrowserCacheManager.getTemporaryCache: Temporary cache item found in local storage"),i}return this.logger.trace("BrowserCacheManager.getTemporaryCache: No cache item found in local storage"),null}return this.logger.trace("BrowserCacheManager.getTemporaryCache: Temporary cache item returned"),o}setTemporaryCache(e,t,n){const o=n?this.generateCacheKey(e):e;this.temporaryCacheStorage.setItem(o,t),this.cacheConfig.storeAuthStateInCookie&&(this.logger.trace("BrowserCacheManager.setTemporaryCache: storeAuthStateInCookie set to true, setting item cookie"),this.cookieStorage.setItem(o,t,void 0,this.cacheConfig.secureCookies))}removeItem(e){this.browserStorage.removeItem(e)}removeTemporaryItem(e){this.temporaryCacheStorage.removeItem(e),this.cacheConfig.storeAuthStateInCookie&&(this.logger.trace("BrowserCacheManager.removeItem: storeAuthStateInCookie is true, clearing item cookie"),this.cookieStorage.removeItem(e))}getKeys(){return this.browserStorage.getKeys()}async clear(){await this.removeAllAccounts(),this.removeAppMetadata(),this.temporaryCacheStorage.getKeys().forEach(e=>{(e.indexOf(g.CACHE_PREFIX)!==-1||e.indexOf(this.clientId)!==-1)&&this.removeTemporaryItem(e)}),this.browserStorage.getKeys().forEach(e=>{(e.indexOf(g.CACHE_PREFIX)!==-1||e.indexOf(this.clientId)!==-1)&&this.browserStorage.removeItem(e)}),this.internalStorage.clear()}async clearTokensAndKeysWithClaims(e,t){e.addQueueMeasurement(l.ClearTokensAndKeysWithClaims,t);const n=this.getTokenKeys(),o=[];n.accessToken.forEach(i=>{const a=this.getAccessTokenCredential(i);a!=null&&a.requestedClaimsHash&&i.includes(a.requestedClaimsHash.toLowerCase())&&o.push(this.removeAccessToken(i))}),await Promise.all(o),o.length>0&&this.logger.warning(`${o.length} access tokens with claims in the cache keys have been removed from the cache.`)}generateCacheKey(e){return this.validateAndParseJson(e)?JSON.stringify(e):ae.startsWith(e,g.CACHE_PREFIX)?e:`${g.CACHE_PREFIX}.${this.clientId}.${e}`}resetRequestCache(){this.logger.trace("BrowserCacheManager.resetRequestCache called"),this.removeTemporaryItem(this.generateCacheKey(U.REQUEST_PARAMS)),this.removeTemporaryItem(this.generateCacheKey(U.VERIFIER)),this.removeTemporaryItem(this.generateCacheKey(U.ORIGIN_URI)),this.removeTemporaryItem(this.generateCacheKey(U.URL_HASH)),this.removeTemporaryItem(this.generateCacheKey(U.NATIVE_REQUEST)),this.setInteractionInProgress(!1)}cacheAuthorizeRequest(e,t){this.logger.trace("BrowserCacheManager.cacheAuthorizeRequest called");const n=Ct(JSON.stringify(e));if(this.setTemporaryCache(U.REQUEST_PARAMS,n,!0),t){const o=Ct(t);this.setTemporaryCache(U.VERIFIER,o,!0)}}getCachedRequest(){this.logger.trace("BrowserCacheManager.getCachedRequest called");const e=this.getTemporaryCache(U.REQUEST_PARAMS,!0);if(!e)throw C(ia);const t=this.getTemporaryCache(U.VERIFIER,!0);let n,o="";try{n=JSON.parse(se(e)),t&&(o=se(t))}catch(i){throw this.logger.errorPii(`Attempted to parse: ${e}`),this.logger.error(`Parsing cached token request threw with error: ${i}`),C(aa)}return[n,o]}getCachedNativeRequest(){this.logger.trace("BrowserCacheManager.getCachedNativeRequest called");const e=this.getTemporaryCache(U.NATIVE_REQUEST,!0);if(!e)return this.logger.trace("BrowserCacheManager.getCachedNativeRequest: No cached native request found"),null;const t=this.validateAndParseJson(e);return t||(this.logger.error("BrowserCacheManager.getCachedNativeRequest: Unable to parse native request"),null)}isInteractionInProgress(e){const t=this.getInteractionInProgress();return e?t===this.clientId:!!t}getInteractionInProgress(){const e=`${g.CACHE_PREFIX}.${U.INTERACTION_STATUS_KEY}`;return this.getTemporaryCache(e,!1)}setInteractionInProgress(e){const t=`${g.CACHE_PREFIX}.${U.INTERACTION_STATUS_KEY}`;if(e){if(this.getInteractionInProgress())throw C(Ji);this.setTemporaryCache(t,this.clientId,!1)}else!e&&this.getInteractionInProgress()===this.clientId&&this.removeTemporaryItem(t)}async hydrateCache(e,t){var s,c,d;const n=Zt((s=e.account)==null?void 0:s.homeAccountId,(c=e.account)==null?void 0:c.environment,e.idToken,this.clientId,e.tenantId);let o;t.claims&&(o=await this.cryptoImpl.hashString(t.claims));const i=en((d=e.account)==null?void 0:d.homeAccountId,e.account.environment,e.accessToken,this.clientId,e.tenantId,e.scopes.join(" "),e.expiresOn?nr(e.expiresOn):0,e.extExpiresOn?nr(e.extExpiresOn):0,se,void 0,e.tokenType,void 0,t.sshKid,t.claims,o),a={idToken:n,accessToken:i};return this.saveCacheRecord(a,e.correlationId)}async saveCacheRecord(e,t,n){try{await super.saveCacheRecord(e,t,n)}catch(o){if(o instanceof Xe&&this.performanceClient&&t)try{const i=this.getTokenKeys();this.performanceClient.addFields({cacheRtCount:i.refreshToken.length,cacheIdCount:i.idToken.length,cacheAtCount:i.accessToken.length},t)}catch{}throw o}}}function vr(r,e,t,n){try{switch(e){case B.LocalStorage:return new sd(r,t,n);case B.SessionStorage:return new cd;case B.MemoryStorage:default:break}}catch(o){t.error(o)}return new mn}const Ua=(r,e,t,n)=>{const o={cacheLocation:B.MemoryStorage,temporaryCacheLocation:B.MemoryStorage,storeAuthStateInCookie:!1,secureCookies:!1,cacheMigrationEnabled:!1,claimsBasedCachingEnabled:!1};return new jt(r,o,gt,e,t,n)};/*! @azure/msal-browser v4.9.0 2025-03-25 */function La(r,e,t,n){return r.verbose("getAllAccounts called"),t?e.getAllAccounts(n):[]}function zn(r,e,t){if(e.trace("getAccount called"),Object.keys(r).length===0)return e.warning("getAccount: No accountFilter provided"),null;const n=t.getAccountInfoFilteredBy(r);return n?(e.verbose("getAccount: Account matching provided filter found, returning"),n):(e.verbose("getAccount: No matching account found, returning null"),null)}function Ha(r,e,t){if(e.trace("getAccountByUsername called"),!r)return e.warning("getAccountByUsername: No username provided"),null;const n=t.getAccountInfoFilteredBy({username:r});return n?(e.verbose("getAccountByUsername: Account matching username found, returning"),e.verbosePii(`getAccountByUsername: Returning signed-in accounts matching username: ${r}`),n):(e.verbose("getAccountByUsername: No matching account found, returning null"),null)}function Da(r,e,t){if(e.trace("getAccountByHomeId called"),!r)return e.warning("getAccountByHomeId: No homeAccountId provided"),null;const n=t.getAccountInfoFilteredBy({homeAccountId:r});return n?(e.verbose("getAccountByHomeId: Account matching homeAccountId found, returning"),e.verbosePii(`getAccountByHomeId: Returning signed-in accounts matching homeAccountId: ${r}`),n):(e.verbose("getAccountByHomeId: No matching account found, returning null"),null)}function xa(r,e,t){if(e.trace("getAccountByLocalId called"),!r)return e.warning("getAccountByLocalId: No localAccountId provided"),null;const n=t.getAccountInfoFilteredBy({localAccountId:r});return n?(e.verbose("getAccountByLocalId: Account matching localAccountId found, returning"),e.verbosePii(`getAccountByLocalId: Returning signed-in accounts matching localAccountId: ${r}`),n):(e.verbose("getAccountByLocalId: No matching account found, returning null"),null)}function Fa(r,e){e.setActiveAccount(r)}function Ka(r){return r.getActiveAccount()}/*! @azure/msal-browser v4.9.0 2025-03-25 */const ld="msal.broadcast.event";class Ba{constructor(e){this.eventCallbacks=new Map,this.logger=e||new Ee({}),typeof BroadcastChannel<"u"&&(this.broadcastChannel=new BroadcastChannel(ld)),this.invokeCrossTabCallbacks=this.invokeCrossTabCallbacks.bind(this)}addEventCallback(e,t,n){if(typeof window<"u"){const o=n||jl();return this.eventCallbacks.has(o)?(this.logger.error(`Event callback with id: ${o} is already registered. Please provide a unique id or remove the existing callback and try again.`),null):(this.eventCallbacks.set(o,[e,t||[]]),this.logger.verbose(`Event callback registered with id: ${o}`),o)}return null}removeEventCallback(e){this.eventCallbacks.delete(e),this.logger.verbose(`Event callback ${e} removed.`)}emitEvent(e,t,n,o){var a;const i={eventType:e,interactionType:t||null,payload:n||null,error:o||null,timestamp:Date.now()};switch(e){case y.ACCOUNT_ADDED:case y.ACCOUNT_REMOVED:case y.ACTIVE_ACCOUNT_CHANGED:(a=this.broadcastChannel)==null||a.postMessage(i);break;default:this.invokeCallbacks(i);break}}invokeCallbacks(e){this.eventCallbacks.forEach(([t,n],o)=>{(n.length===0||n.includes(e.eventType))&&(this.logger.verbose(`Emitting event to callback ${o}: ${e.eventType}`),t.apply(null,[e]))})}invokeCrossTabCallbacks(e){const t=e.data;this.invokeCallbacks(t)}subscribeCrossTab(){var e;(e=this.broadcastChannel)==null||e.addEventListener("message",this.invokeCrossTabCallbacks)}unsubscribeCrossTab(){var e;(e=this.broadcastChannel)==null||e.removeEventListener("message",this.invokeCrossTabCallbacks)}}/*! @azure/msal-browser v4.9.0 2025-03-25 */class Ga{constructor(e,t,n,o,i,a,s,c,d){this.config=e,this.browserStorage=t,this.browserCrypto=n,this.networkClient=this.config.system.networkClient,this.eventHandler=i,this.navigationClient=a,this.nativeMessageHandler=c,this.correlationId=d||Z(),this.logger=o.clone(Q.MSAL_SKU,it,this.correlationId),this.performanceClient=s}async clearCacheOnLogout(e){if(e){q.accountInfoIsEqual(e,this.browserStorage.getActiveAccount(),!1)&&(this.logger.verbose("Setting active account to null"),this.browserStorage.setActiveAccount(null));try{await this.browserStorage.removeAccount(q.generateAccountCacheKey(e)),this.logger.verbose("Cleared cache items belonging to the account provided in the logout request.")}catch{this.logger.error("Account provided in logout request was not found. Local cache unchanged.")}}else try{this.logger.verbose("No account provided in logout request, clearing all cache items.",this.correlationId),await this.browserStorage.clear(),await this.browserCrypto.clearKeystore()}catch{this.logger.error("Attempted to clear all MSAL cache items and failed. Local cache unchanged.")}}getRedirectUri(e){this.logger.verbose("getRedirectUri called");const t=e||this.config.auth.redirectUri;return S.getAbsoluteUrl(t,Ae())}initializeServerTelemetryManager(e,t){this.logger.verbose("initializeServerTelemetryManager called");const n={clientId:this.config.auth.clientId,correlationId:this.correlationId,apiId:e,forceRefresh:t||!1,wrapperSKU:this.browserStorage.getWrapperMetadata()[0],wrapperVer:this.browserStorage.getWrapperMetadata()[1]};return new ft(n,this.browserStorage)}async getDiscoveredAuthority(e){const{account:t}=e,n=e.requestExtraQueryParameters&&e.requestExtraQueryParameters.hasOwnProperty("instance_aware")?e.requestExtraQueryParameters.instance_aware:void 0;this.performanceClient.addQueueMeasurement(l.StandardInteractionClientGetDiscoveredAuthority,this.correlationId);const o={protocolMode:this.config.auth.protocolMode,OIDCOptions:this.config.auth.OIDCOptions,knownAuthorities:this.config.auth.knownAuthorities,cloudDiscoveryMetadata:this.config.auth.cloudDiscoveryMetadata,authorityMetadata:this.config.auth.authorityMetadata,skipAuthorityMetadataCache:this.config.auth.skipAuthorityMetadataCache},i=e.requestAuthority||this.config.auth.authority,a=n!=null&&n.length?n==="true":this.config.auth.instanceAware,s=t&&a?this.config.auth.authority.replace(S.getDomainFromUrl(i),t.environment):i,c=G.generateAuthority(s,e.requestAzureCloudOptions||this.config.auth.azureCloudOptions),d=await p(Hi,l.AuthorityFactoryCreateDiscoveredInstance,this.logger,this.performanceClient,this.correlationId)(c,this.config.system.networkClient,this.browserStorage,o,this.logger,this.correlationId,this.performanceClient);if(t&&!d.isAlias(t.environment))throw R(ui);return d}}/*! @azure/msal-browser v4.9.0 2025-03-25 */async function Fo(r,e,t,n){t.addQueueMeasurement(l.InitializeBaseRequest,r.correlationId);const o=r.authority||e.auth.authority,i=[...r&&r.scopes||[]],a={...r,correlationId:r.correlationId,authority:o,scopes:i};if(!a.authenticationScheme)a.authenticationScheme=k.BEARER,n.verbose(`Authentication Scheme wasn't explicitly set in request, defaulting to "Bearer" request`);else{if(a.authenticationScheme===k.SSH){if(!r.sshJwk)throw R(on);if(!r.sshKid)throw R(li)}n.verbose(`Authentication Scheme set to "${a.authenticationScheme}" as configured in Auth request`)}return e.cache.claimsBasedCachingEnabled&&r.claims&&!ae.isEmptyObj(r.claims)&&(a.requestedClaimsHash=await Ra(r.claims)),a}async function dd(r,e,t,n,o){n.addQueueMeasurement(l.InitializeSilentRequest,r.correlationId);const i=await p(Fo,l.InitializeBaseRequest,o,n,r.correlationId)(r,t,n,o);return{...r,...i,account:e,forceRefresh:r.forceRefresh||!1}}/*! @azure/msal-browser v4.9.0 2025-03-25 */class at extends Ga{initializeLogoutRequest(e){this.logger.verbose("initializeLogoutRequest called",e==null?void 0:e.correlationId);const t={correlationId:this.correlationId||Z(),...e};if(e)if(e.logoutHint)this.logger.verbose("logoutHint has already been set in logoutRequest");else if(e.account){const n=this.getLogoutHintFromIdTokenClaims(e.account);n&&(this.logger.verbose("Setting logoutHint to login_hint ID Token Claim value for the account provided"),t.logoutHint=n)}else this.logger.verbose("logoutHint was not set and account was not passed into logout request, logoutHint will not be set");else this.logger.verbose("logoutHint will not be set since no logout request was configured");return!e||e.postLogoutRedirectUri!==null?e&&e.postLogoutRedirectUri?(this.logger.verbose("Setting postLogoutRedirectUri to uri set on logout request",t.correlationId),t.postLogoutRedirectUri=S.getAbsoluteUrl(e.postLogoutRedirectUri,Ae())):this.config.auth.postLogoutRedirectUri===null?this.logger.verbose("postLogoutRedirectUri configured as null and no uri set on request, not passing post logout redirect",t.correlationId):this.config.auth.postLogoutRedirectUri?(this.logger.verbose("Setting postLogoutRedirectUri to configured uri",t.correlationId),t.postLogoutRedirectUri=S.getAbsoluteUrl(this.config.auth.postLogoutRedirectUri,Ae())):(this.logger.verbose("Setting postLogoutRedirectUri to current page",t.correlationId),t.postLogoutRedirectUri=S.getAbsoluteUrl(Ae(),Ae())):this.logger.verbose("postLogoutRedirectUri passed as null, not setting post logout redirect uri",t.correlationId),t}getLogoutHintFromIdTokenClaims(e){const t=e.idTokenClaims;if(t){if(t.login_hint)return t.login_hint;this.logger.verbose("The ID Token Claims tied to the provided account do not contain a login_hint claim, logoutHint will not be added to logout request")}else this.logger.verbose("The provided account does not contain ID Token Claims, logoutHint will not be added to logout request");return null}async createAuthCodeClient(e){this.performanceClient.addQueueMeasurement(l.StandardInteractionClientCreateAuthCodeClient,this.correlationId);const t=await p(this.getClientConfiguration.bind(this),l.StandardInteractionClientGetClientConfiguration,this.logger,this.performanceClient,this.correlationId)(e);return new Ki(t,this.performanceClient)}async getClientConfiguration(e){const{serverTelemetryManager:t,requestAuthority:n,requestAzureCloudOptions:o,requestExtraQueryParameters:i,account:a}=e;this.performanceClient.addQueueMeasurement(l.StandardInteractionClientGetClientConfiguration,this.correlationId);const s=await p(this.getDiscoveredAuthority.bind(this),l.StandardInteractionClientGetDiscoveredAuthority,this.logger,this.performanceClient,this.correlationId)({requestAuthority:n,requestAzureCloudOptions:o,requestExtraQueryParameters:i,account:a}),c=this.config.system.loggerOptions;return{authOptions:{clientId:this.config.auth.clientId,authority:s,clientCapabilities:this.config.auth.clientCapabilities,redirectUri:this.config.auth.redirectUri},systemOptions:{tokenRenewalOffsetSeconds:this.config.system.tokenRenewalOffsetSeconds,preventCorsPreflight:!0},loggerOptions:{loggerCallback:c.loggerCallback,piiLoggingEnabled:c.piiLoggingEnabled,logLevel:c.logLevel,correlationId:this.correlationId},cacheOptions:{claimsBasedCachingEnabled:this.config.cache.claimsBasedCachingEnabled},cryptoInterface:this.browserCrypto,networkInterface:this.networkClient,storageInterface:this.browserStorage,serverTelemetryManager:t,libraryInfo:{sku:Q.MSAL_SKU,version:it,cpu:g.EMPTY_STRING,os:g.EMPTY_STRING},telemetry:this.config.telemetry}}async initializeAuthorizationRequest(e,t){this.performanceClient.addQueueMeasurement(l.StandardInteractionClientInitializeAuthorizationRequest,this.correlationId);const n=this.getRedirectUri(e.redirectUri),o={interactionType:t},i=ot.setRequestState(this.browserCrypto,e&&e.state||g.EMPTY_STRING,o),s={...await p(Fo,l.InitializeBaseRequest,this.logger,this.performanceClient,this.correlationId)({...e,correlationId:this.correlationId},this.config,this.performanceClient,this.logger),redirectUri:n,state:i,nonce:e.nonce||Z(),responseMode:this.config.auth.OIDCOptions.serverResponseType};if(e.loginHint||e.sid)return s;const c=e.account||this.browserStorage.getActiveAccount();return c&&(this.logger.verbose("Setting validated request account",this.correlationId),this.logger.verbosePii(`Setting validated request account: ${c.homeAccountId}`,this.correlationId),s.account=c),s}}/*! @azure/msal-browser v4.9.0 2025-03-25 */const hd="ContentError",za="user_switch";/*! @azure/msal-browser v4.9.0 2025-03-25 */const ud="USER_INTERACTION_REQUIRED",gd="USER_CANCEL",pd="NO_NETWORK",fd="PERSISTENT_ERROR",md="DISABLED",Cd="ACCOUNT_UNAVAILABLE";/*! @azure/msal-browser v4.9.0 2025-03-25 */const yd=-2147186943,Td={[za]:"User attempted to switch accounts in the native broker, which is not allowed. All new accounts must sign-in through the standard web flow first, please try again."};class he extends _{constructor(e,t,n){super(e,t),Object.setPrototypeOf(this,he.prototype),this.name="NativeAuthError",this.ext=n}}function Ve(r){if(r.ext&&r.ext.status&&(r.ext.status===fd||r.ext.status===md)||r.ext&&r.ext.error&&r.ext.error===yd)return!0;switch(r.errorCode){case hd:return!0;default:return!1}}function qn(r,e,t){if(t&&t.status)switch(t.status){case Cd:return Un(Di);case ud:return new ne(r,e);case gd:return C(mt);case pd:return C(Vt)}return new he(r,Td[r]||e,t)}/*! @azure/msal-browser v4.9.0 2025-03-25 */class ue{constructor(e,t,n,o){this.logger=e,this.handshakeTimeoutMs=t,this.extensionId=o,this.resolvers=new Map,this.handshakeResolvers=new Map,this.messageChannel=new MessageChannel,this.windowListener=this.onWindowMessage.bind(this),this.performanceClient=n,this.handshakeEvent=n.startMeasurement(l.NativeMessageHandlerHandshake)}async sendMessage(e){this.logger.trace("NativeMessageHandler - sendMessage called.");const t={channel:Qe.CHANNEL_ID,extensionId:this.extensionId,responseId:Z(),body:e};return this.logger.trace("NativeMessageHandler - Sending request to browser extension"),this.logger.tracePii(`NativeMessageHandler - Sending request to browser extension: ${JSON.stringify(t)}`),this.messageChannel.port1.postMessage(t),new Promise((n,o)=>{this.resolvers.set(t.responseId,{resolve:n,reject:o})})}static async createProvider(e,t,n){e.trace("NativeMessageHandler - createProvider called.");try{const o=new ue(e,t,n,Qe.PREFERRED_EXTENSION_ID);return await o.sendHandshakeRequest(),o}catch{const i=new ue(e,t,n);return await i.sendHandshakeRequest(),i}}async sendHandshakeRequest(){this.logger.trace("NativeMessageHandler - sendHandshakeRequest called."),window.addEventListener("message",this.windowListener,!1);const e={channel:Qe.CHANNEL_ID,extensionId:this.extensionId,responseId:Z(),body:{method:Le.HandshakeRequest}};return this.handshakeEvent.add({extensionId:this.extensionId,extensionHandshakeTimeoutMs:this.handshakeTimeoutMs}),this.messageChannel.port1.onmessage=t=>{this.onChannelMessage(t)},window.postMessage(e,window.origin,[this.messageChannel.port2]),new Promise((t,n)=>{this.handshakeResolvers.set(e.responseId,{resolve:t,reject:n}),this.timeoutId=window.setTimeout(()=>{window.removeEventListener("message",this.windowListener,!1),this.messageChannel.port1.close(),this.messageChannel.port2.close(),this.handshakeEvent.end({extensionHandshakeTimedOut:!0,success:!1}),n(C(pa)),this.handshakeResolvers.delete(e.responseId)},this.handshakeTimeoutMs)})}onWindowMessage(e){if(this.logger.trace("NativeMessageHandler - onWindowMessage called"),e.source!==window)return;const t=e.data;if(!(!t.channel||t.channel!==Qe.CHANNEL_ID)&&!(t.extensionId&&t.extensionId!==this.extensionId)&&t.body.method===Le.HandshakeRequest){const n=this.handshakeResolvers.get(t.responseId);if(!n){this.logger.trace(`NativeMessageHandler.onWindowMessage - resolver can't be found for request ${t.responseId}`);return}this.logger.verbose(t.extensionId?`Extension with id: ${t.extensionId} not installed`:"No extension installed"),clearTimeout(this.timeoutId),this.messageChannel.port1.close(),this.messageChannel.port2.close(),window.removeEventListener("message",this.windowListener,!1),this.handshakeEvent.end({success:!1,extensionInstalled:!1}),n.reject(C(fa))}}onChannelMessage(e){this.logger.trace("NativeMessageHandler - onChannelMessage called.");const t=e.data,n=this.resolvers.get(t.responseId),o=this.handshakeResolvers.get(t.responseId);try{const i=t.body.method;if(i===Le.Response){if(!n)return;const a=t.body.response;if(this.logger.trace("NativeMessageHandler - Received response from browser extension"),this.logger.tracePii(`NativeMessageHandler - Received response from browser extension: ${JSON.stringify(a)}`),a.status!=="Success")n.reject(qn(a.code,a.description,a.ext));else if(a.result)a.result.code&&a.result.description?n.reject(qn(a.result.code,a.result.description,a.result.ext)):n.resolve(a.result);else throw Or(Qn,"Event does not contain result.");this.resolvers.delete(t.responseId)}else if(i===Le.HandshakeResponse){if(!o){this.logger.trace(`NativeMessageHandler.onChannelMessage - resolver can't be found for request ${t.responseId}`);return}clearTimeout(this.timeoutId),window.removeEventListener("message",this.windowListener,!1),this.extensionId=t.extensionId,this.extensionVersion=t.body.version,this.logger.verbose(`NativeMessageHandler - Received HandshakeResponse from extension: ${this.extensionId}`),this.handshakeEvent.end({extensionInstalled:!0,success:!0}),o.resolve(),this.handshakeResolvers.delete(t.responseId)}}catch(i){this.logger.error("Error parsing response from WAM Extension"),this.logger.errorPii(`Error parsing response from WAM Extension: ${i}`),this.logger.errorPii(`Unable to parse ${e}`),n?n.reject(i):o&&o.reject(i)}}getExtensionId(){return this.extensionId}getExtensionVersion(){return this.extensionVersion}static isPlatformBrokerAvailable(e,t,n,o){if(t.trace("isPlatformBrokerAvailable called"),!e.system.allowPlatformBroker)return t.trace("isPlatformBrokerAvailable: allowPlatformBroker is not enabled, returning false"),!1;if(!n)return t.trace("isPlatformBrokerAvailable: Platform extension provider is not initialized, returning false"),!1;if(o)switch(o){case k.BEARER:case k.POP:return t.trace("isPlatformBrokerAvailable: authenticationScheme is supported, returning true"),!0;default:return t.trace("isPlatformBrokerAvailable: authenticationScheme is not supported, returning false"),!1}return!0}}/*! @azure/msal-browser v4.9.0 2025-03-25 */function Ad(r,e){if(!e)return null;try{return ot.parseRequestState(r,e).libraryState.meta}catch{throw f(et)}}/*! @azure/msal-browser v4.9.0 2025-03-25 */function Wt(r,e,t){const n=Kt(r);if(!n)throw pi(r)?(t.error(`A ${e} is present in the iframe but it does not contain known properties. It's likely that the ${e} has been replaced by code running on the redirectUri page.`),t.errorPii(`The ${e} detected is: ${r}`),C(Yi)):(t.error(`The request has returned to the redirectUri but a ${e} is not present. It's likely that the ${e} has been removed or the page has been redirected by code running on the redirectUri page.`),C(Qi));return n}function Id(r,e,t){if(!r.state)throw C(So);const n=Ad(e,r.state);if(!n)throw C(ji);if(n.interactionType!==t)throw C(Wi)}/*! @azure/msal-browser v4.9.0 2025-03-25 */class qa{constructor(e,t,n,o,i){this.authModule=e,this.browserStorage=t,this.authCodeRequest=n,this.logger=o,this.performanceClient=i}async handleCodeResponse(e,t){this.performanceClient.addQueueMeasurement(l.HandleCodeResponse,t.correlationId);let n;try{n=sl(e,t.state)}catch(o){throw o instanceof Me&&o.subError===mt?C(mt):o}return p(this.handleCodeResponseFromServer.bind(this),l.HandleCodeResponseFromServer,this.logger,this.performanceClient,t.correlationId)(n,t)}async handleCodeResponseFromServer(e,t,n=!0){if(this.performanceClient.addQueueMeasurement(l.HandleCodeResponseFromServer,t.correlationId),this.logger.trace("InteractionHandler.handleCodeResponseFromServer called"),this.authCodeRequest.code=e.code,e.cloud_instance_host_name&&await p(this.authModule.updateAuthority.bind(this.authModule),l.UpdateTokenEndpointAuthority,this.logger,this.performanceClient,t.correlationId)(e.cloud_instance_host_name,t.correlationId),n&&(e.nonce=t.nonce||void 0),e.state=t.state,e.client_info)this.authCodeRequest.clientInfo=e.client_info;else{const i=this.createCcsCredentials(t);i&&(this.authCodeRequest.ccsCredential=i)}return await p(this.authModule.acquireToken.bind(this.authModule),l.AuthClientAcquireToken,this.logger,this.performanceClient,t.correlationId)(this.authCodeRequest,e)}createCcsCredentials(e){return e.account?{credential:e.account.homeAccountId,type:ie.HOME_ACCOUNT_ID}:e.loginHint?{credential:e.loginHint,type:ie.UPN}:null}}/*! @azure/msal-browser v4.9.0 2025-03-25 */class $a extends at{async acquireToken(e){this.performanceClient.addQueueMeasurement(l.SilentCacheClientAcquireToken,e.correlationId);const t=this.initializeServerTelemetryManager(b.acquireTokenSilent_silentFlow),n=await p(this.getClientConfiguration.bind(this),l.StandardInteractionClientGetClientConfiguration,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:t,requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,account:e.account}),o=new rl(n,this.performanceClient);this.logger.verbose("Silent auth client created");try{const a=(await p(o.acquireCachedToken.bind(o),l.SilentFlowClientAcquireCachedToken,this.logger,this.performanceClient,e.correlationId)(e))[0];return this.performanceClient.addFields({fromCache:!0},e.correlationId),a}catch(i){throw i instanceof At&&i.errorCode===ko&&this.logger.verbose("Signing keypair for bound access token not found. Refreshing bound access token and generating a new crypto keypair."),i}}logout(e){this.logger.verbose("logoutRedirect called");const t=this.initializeLogoutRequest(e);return this.clearCacheOnLogout(t==null?void 0:t.account)}}/*! @azure/msal-browser v4.9.0 2025-03-25 */class Ut extends Ga{constructor(e,t,n,o,i,a,s,c,d,h,u,m){var E;super(e,t,n,o,i,a,c,d,m),this.apiId=s,this.accountId=h,this.nativeMessageHandler=d,this.nativeStorageManager=u,this.silentCacheClient=new $a(e,this.nativeStorageManager,n,o,i,a,c,d,m);const A=this.nativeMessageHandler.getExtensionId()===Qe.PREFERRED_EXTENSION_ID?"chrome":(E=this.nativeMessageHandler.getExtensionId())!=null&&E.length?"unknown":void 0;this.skus=ft.makeExtraSkuString({libraryName:Q.MSAL_SKU,libraryVersion:it,extensionName:A,extensionVersion:this.nativeMessageHandler.getExtensionVersion()})}addRequestSKUs(e){e.extraParameters={...e.extraParameters,[_c]:this.skus}}async acquireToken(e,t){this.performanceClient.addQueueMeasurement(l.NativeInteractionClientAcquireToken,e.correlationId),this.logger.trace("NativeInteractionClient - acquireToken called.");const n=this.performanceClient.startMeasurement(l.NativeInteractionClientAcquireToken,e.correlationId),o=j(),i=this.initializeServerTelemetryManager(this.apiId);try{const a=await this.initializeNativeRequest(e);try{const u=await this.acquireTokensFromCache(this.accountId,a);return n.end({success:!0,isNativeBroker:!1,fromCache:!0}),u}catch(u){if(t===H.AccessToken)throw this.logger.info("MSAL internal Cache does not contain tokens, return error as per cache policy"),u;this.logger.info("MSAL internal Cache does not contain tokens, proceed to make a native call")}const{...s}=a,c={method:Le.GetToken,request:s},d=await this.nativeMessageHandler.sendMessage(c),h=this.validateNativeResponse(d);return await this.handleNativeResponse(h,a,o).then(u=>(n.end({success:!0,isNativeBroker:!0,requestId:u.requestId}),i.clearNativeBrokerErrorCode(),u)).catch(u=>{throw n.end({success:!1,errorCode:u.errorCode,subErrorCode:u.subError,isNativeBroker:!0}),u})}catch(a){throw a instanceof he&&i.setNativeBrokerErrorCode(a.errorCode),a}}createSilentCacheRequest(e,t){return{authority:e.authority,correlationId:this.correlationId,scopes:M.fromString(e.scope).asArray(),account:t,forceRefresh:!1}}async acquireTokensFromCache(e,t){if(!e)throw this.logger.warning("NativeInteractionClient:acquireTokensFromCache - No nativeAccountId provided"),f(Dt);const n=this.browserStorage.getBaseAccountInfo({nativeAccountId:e});if(!n)throw f(Dt);try{const o=this.createSilentCacheRequest(t,n),i=await this.silentCacheClient.acquireToken(o),a={...n,idTokenClaims:i==null?void 0:i.idTokenClaims,idToken:i==null?void 0:i.idToken};return{...i,account:a}}catch(o){throw o}}async acquireTokenRedirect(e,t){this.logger.trace("NativeInteractionClient - acquireTokenRedirect called.");const{...n}=e;delete n.onRedirectNavigate;const o=await this.initializeNativeRequest(n),i={method:Le.GetToken,request:o};try{const c=await this.nativeMessageHandler.sendMessage(i);this.validateNativeResponse(c)}catch(c){if(c instanceof he&&(this.initializeServerTelemetryManager(this.apiId).setNativeBrokerErrorCode(c.errorCode),Ve(c)))throw c}this.browserStorage.setTemporaryCache(U.NATIVE_REQUEST,JSON.stringify(o),!0);const a={apiId:b.acquireTokenRedirect,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},s=this.config.auth.navigateToLoginRequestUrl?window.location.href:this.getRedirectUri(e.redirectUri);t.end({success:!0}),await this.navigationClient.navigateExternal(s,a)}async handleRedirectPromise(e,t){if(this.logger.trace("NativeInteractionClient - handleRedirectPromise called."),!this.browserStorage.isInteractionInProgress(!0))return this.logger.info("handleRedirectPromise called but there is no interaction in progress, returning null."),null;const n=this.browserStorage.getCachedNativeRequest();if(!n)return this.logger.verbose("NativeInteractionClient - handleRedirectPromise called but there is no cached request, returning null."),e&&t&&(e==null||e.addFields({errorCode:"no_cached_request"},t)),null;const{prompt:o,...i}=n;o&&this.logger.verbose("NativeInteractionClient - handleRedirectPromise called and prompt was included in the original request, removing prompt from cached request to prevent second interaction with native broker window."),this.browserStorage.removeItem(this.browserStorage.generateCacheKey(U.NATIVE_REQUEST));const a={method:Le.GetToken,request:i},s=j();try{this.logger.verbose("NativeInteractionClient - handleRedirectPromise sending message to native broker.");const c=await this.nativeMessageHandler.sendMessage(a);this.validateNativeResponse(c);const h=await this.handleNativeResponse(c,i,s);return this.initializeServerTelemetryManager(this.apiId).clearNativeBrokerErrorCode(),h}catch(c){throw c}}logout(){return this.logger.trace("NativeInteractionClient - logout called."),Promise.reject("Logout not implemented yet")}async handleNativeResponse(e,t,n){var h,u;this.logger.trace("NativeInteractionClient - handleNativeResponse called.");const o=Pe(e.id_token,se),i=this.createHomeAccountIdentifier(e,o),a=(h=this.browserStorage.getAccountInfoFilteredBy({nativeAccountId:t.accountId}))==null?void 0:h.homeAccountId;if((u=t.extraParameters)!=null&&u.child_client_id&&e.account.id!==t.accountId)this.logger.info("handleNativeServerResponse: Double broker flow detected, ignoring accountId mismatch");else if(i!==a&&e.account.id!==t.accountId)throw qn(za);const s=await this.getDiscoveredAuthority({requestAuthority:t.authority}),c=Ao(this.browserStorage,s,i,se,o,e.client_info,void 0,o.tid,void 0,e.account.id,this.logger);e.expires_in=Number(e.expires_in);const d=await this.generateAuthenticationResult(e,t,o,c,s.canonicalAuthority,n);return await this.cacheAccount(c),await this.cacheNativeTokens(e,t,i,o,e.access_token,d.tenantId,n),d}createHomeAccountIdentifier(e,t){return q.generateHomeAccountId(e.client_info||g.EMPTY_STRING,re.Default,this.logger,this.browserCrypto,t)}generateScopes(e,t){return e.scope?M.fromString(e.scope):M.fromString(t.scope)}async generatePopAccessToken(e,t){if(t.tokenType===k.POP&&t.signPopToken){if(e.shr)return this.logger.trace("handleNativeServerResponse: SHR is enabled in native layer"),e.shr;const n=new tt(this.browserCrypto),o={resourceRequestMethod:t.resourceRequestMethod,resourceRequestUri:t.resourceRequestUri,shrClaims:t.shrClaims,shrNonce:t.shrNonce};if(!t.keyId)throw f(Zn);return n.signPopToken(e.access_token,t.keyId,o)}else return e.access_token}async generateAuthenticationResult(e,t,n,o,i,a){const s=this.addTelemetryFromNativeResponse(e),c=e.scope?M.fromString(e.scope):M.fromString(t.scope),d=e.account.properties||{},h=d.UID||n.oid||n.sub||g.EMPTY_STRING,u=d.TenantId||n.tid||g.EMPTY_STRING,m=io(o.getAccountInfo(),void 0,n,e.id_token);m.nativeAccountId!==e.account.id&&(m.nativeAccountId=e.account.id);const A=await this.generatePopAccessToken(e,t),E=t.tokenType===k.POP?k.POP:k.BEARER;return{authority:i,uniqueId:h,tenantId:u,scopes:c.asArray(),account:m,idToken:e.id_token,idTokenClaims:n,accessToken:A,fromCache:s?this.isResponseFromCache(s):!1,expiresOn:Ie(a+e.expires_in),tokenType:E,correlationId:this.correlationId,state:e.state,fromNativeBroker:!0}}async cacheAccount(e){await this.browserStorage.setAccount(e,this.correlationId),this.browserStorage.removeAccountContext(e).catch(t=>{this.logger.error(`Error occurred while removing account context from browser storage. ${t}`)})}cacheNativeTokens(e,t,n,o,i,a,s){const c=Zt(n,t.authority,e.id_token||"",t.clientId,o.tid||""),d=t.tokenType===k.POP?g.SHR_NONCE_VALIDITY:(typeof e.expires_in=="string"?parseInt(e.expires_in,10):e.expires_in)||0,h=s+d,u=this.generateScopes(e,t),m=en(n,t.authority,i,t.clientId,o.tid||a,u.printScopes(),h,0,se,void 0,t.tokenType,void 0,t.keyId),A={idToken:c,accessToken:m};return this.nativeStorageManager.saveCacheRecord(A,this.correlationId,t.storeInCache)}addTelemetryFromNativeResponse(e){const t=this.getMATSFromResponse(e);return t?(this.performanceClient.addFields({extensionId:this.nativeMessageHandler.getExtensionId(),extensionVersion:this.nativeMessageHandler.getExtensionVersion(),matsBrokerVersion:t.broker_version,matsAccountJoinOnStart:t.account_join_on_start,matsAccountJoinOnEnd:t.account_join_on_end,matsDeviceJoin:t.device_join,matsPromptBehavior:t.prompt_behavior,matsApiErrorCode:t.api_error_code,matsUiVisible:t.ui_visible,matsSilentCode:t.silent_code,matsSilentBiSubCode:t.silent_bi_sub_code,matsSilentMessage:t.silent_message,matsSilentStatus:t.silent_status,matsHttpStatus:t.http_status,matsHttpEventCount:t.http_event_count},this.correlationId),t):null}validateNativeResponse(e){if(e.hasOwnProperty("access_token")&&e.hasOwnProperty("id_token")&&e.hasOwnProperty("client_info")&&e.hasOwnProperty("account")&&e.hasOwnProperty("scope")&&e.hasOwnProperty("expires_in"))return e;throw Or(Qn,"Response missing expected properties.")}getMATSFromResponse(e){if(e.properties.MATS)try{return JSON.parse(e.properties.MATS)}catch{this.logger.error("NativeInteractionClient - Error parsing MATS telemetry, returning null instead")}return null}isResponseFromCache(e){return typeof e.is_cached>"u"?(this.logger.verbose("NativeInteractionClient - MATS telemetry does not contain field indicating if response was served from cache. Returning false."),!1):!!e.is_cached}async initializeNativeRequest(e){this.logger.trace("NativeInteractionClient - initializeNativeRequest called");const t=e.authority||this.config.auth.authority;e.account&&await this.getDiscoveredAuthority({requestAuthority:t,requestAzureCloudOptions:e.azureCloudOptions,account:e.account});const n=new S(t);n.validateAsUri();const{scopes:o,...i}=e,a=new M(o||[]);a.appendScopes(ze);const s=()=>{switch(this.apiId){case b.ssoSilent:case b.acquireTokenSilent_silentFlow:return this.logger.trace("initializeNativeRequest: silent request sets prompt to none"),K.NONE}if(!e.prompt){this.logger.trace("initializeNativeRequest: prompt was not provided");return}switch(e.prompt){case K.NONE:case K.CONSENT:case K.LOGIN:return this.logger.trace("initializeNativeRequest: prompt is compatible with native flow"),e.prompt;default:throw this.logger.trace(`initializeNativeRequest: prompt = ${e.prompt} is not compatible with native flow`),C(ma)}},c={...i,accountId:this.accountId,clientId:this.config.auth.clientId,authority:n.urlString,scope:a.printScopes(),redirectUri:this.getRedirectUri(e.redirectUri),prompt:s(),correlationId:this.correlationId,tokenType:e.authenticationScheme,windowTitleSubstring:document.title,extraParameters:{...e.extraQueryParameters,...e.tokenQueryParameters},extendedExpiryToken:!1,keyId:e.popKid};if(c.signPopToken&&e.popKid)throw C(ya);if(this.handleExtraBrokerParams(c),c.extraParameters=c.extraParameters||{},c.extraParameters.telemetry=Qe.MATS_TELEMETRY,e.authenticationScheme===k.POP){const d={resourceRequestUri:e.resourceRequestUri,resourceRequestMethod:e.resourceRequestMethod,shrClaims:e.shrClaims,shrNonce:e.shrNonce},h=new tt(this.browserCrypto);let u;if(c.keyId)u=this.browserCrypto.base64UrlEncode(JSON.stringify({kid:c.keyId})),c.signPopToken=!1;else{const m=await p(h.generateCnf.bind(h),l.PopTokenGenerateCnf,this.logger,this.performanceClient,e.correlationId)(d,this.logger);u=m.reqCnfString,c.keyId=m.kid,c.signPopToken=!0}c.reqCnf=u}return this.addRequestSKUs(c),c}handleExtraBrokerParams(e){var i;const t=e.extraParameters&&e.extraParameters.hasOwnProperty(Gt)&&e.extraParameters.hasOwnProperty(zt)&&e.extraParameters.hasOwnProperty(Ke);if(!e.embeddedClientId&&!t)return;let n="";const o=e.redirectUri;e.embeddedClientId?(e.redirectUri=this.config.auth.redirectUri,n=e.embeddedClientId):e.extraParameters&&(e.redirectUri=e.extraParameters[zt],n=e.extraParameters[Ke]),e.extraParameters={child_client_id:n,child_redirect_uri:o},(i=this.performanceClient)==null||i.addFields({embeddedClientId:n,embeddedRedirectUri:o},e.correlationId)}}/*! @azure/msal-browser v4.9.0 2025-03-25 */async function Va(r,e,t,n,o){const i=al({...r.auth,authority:e},t,n,o);if(po(i,{sku:Q.MSAL_SKU,version:it,os:"",cpu:""}),r.auth.protocolMode!==Y.OIDC&&fo(i,r.telemetry.application),t.platformBroker&&(Pc(i),t.authenticationScheme===k.POP)){const a=new pe(n,o),s=new tt(a);let c;t.popKid?c=a.encodeKid(t.popKid):c=(await p(s.generateCnf.bind(s),l.PopTokenGenerateCnf,n,o,t.correlationId)(t,n)).reqCnfString,Co(i,c)}return an(i,t.correlationId,o),i}async function Ko(r,e,t,n,o){if(!t.codeChallenge)throw R(nn);const i=await p(Va,l.GetStandardParams,n,o,t.correlationId)(r,e,t,n,o);return wi(i,Rr.CODE),Dc(i,t.codeChallenge,g.S256_CODE_CHALLENGE_METHOD),Fe(i,t.extraQueryParameters||{}),Bi(e,i)}async function Bo(r,e,t,n,o,i){if(!n.earJwk)throw C(vo);const a=await Va(e,t,n,o,i);wi(a,Rr.IDTOKEN_TOKEN_REFRESHTOKEN),Gc(a,n.earJwk);const s=new Map;Fe(s,n.extraQueryParameters||{});const c=Bi(t,s);return Ed(r,c,a)}function Ed(r,e,t){const n=r.createElement("form");return n.method="post",n.action=e,t.forEach((o,i)=>{const a=r.createElement("input");a.hidden=!0,a.name=i,a.value=o,n.appendChild(a)}),r.body.appendChild(n),n}async function Qa(r,e,t,n,o,i,a,s,c,d){if(!d)throw C(Ro);const h=new pe(s,c),u=new Ut(n,o,h,s,a,n.system.navigationClient,t,c,d,e,i,r.correlationId),{userRequestState:m}=ot.parseRequestState(h,r.state);return p(u.acquireToken.bind(u),l.NativeInteractionClientAcquireToken,s,c,r.correlationId)({...r,state:m,prompt:void 0})}async function Go(r,e,t,n,o,i,a,s,c,d,h,u){if(de.removeThrottle(a,o.auth.clientId,r),e.accountId)return p(Qa,l.HandleResponsePlatformBroker,d,h,r.correlationId)(r,e.accountId,n,o,a,s,c,d,h,u);const m={...r,code:e.code||"",codeVerifier:t},A=new qa(i,a,m,d,h);return await p(A.handleCodeResponse.bind(A),l.HandleCodeResponse,d,h,r.correlationId)(e,r)}async function zo(r,e,t,n,o,i,a,s,c,d,h){if(de.removeThrottle(i,n.auth.clientId,r),Gi(e,r.state),!e.ear_jwe)throw C(Vi);if(!r.earJwk)throw C(vo);const u=JSON.parse(await p(Dl,l.DecryptEarResponse,c,d,r.correlationId)(r.earJwk,e.ear_jwe));if(u.accountId)return p(Qa,l.HandleResponsePlatformBroker,c,d,r.correlationId)(r,u.accountId,t,n,i,a,s,c,d,h);const m=new Be(n.auth.clientId,i,new pe(c,d),c,null,null,d);m.validateTokenResponse(u);const A={code:"",state:r.state,nonce:r.nonce,client_info:u.client_info,cloud_graph_host_name:u.cloud_graph_host_name,cloud_instance_host_name:u.cloud_instance_host_name,cloud_instance_name:u.cloud_instance_name,msgraph_host:u.msgraph_host};return await p(m.handleServerTokenResponse.bind(m),l.HandleServerTokenResponse,c,d,r.correlationId)(u,o,j(),r,A,void 0,void 0,void 0,void 0)}/*! @azure/msal-browser v4.9.0 2025-03-25 */const wd=32;async function Cn(r,e,t){r.addQueueMeasurement(l.GeneratePkceCodes,t);const n=ce(vd,l.GenerateCodeVerifier,e,r,t)(r,e,t),o=await p(Sd,l.GenerateCodeChallengeFromVerifier,e,r,t)(n,r,e,t);return{verifier:n,challenge:o}}function vd(r,e,t){try{const n=new Uint8Array(wd);return ce(Nl,l.GetRandomValues,e,r,t)(n),Ne(n)}catch{throw C(wo)}}async function Sd(r,e,t,n){e.addQueueMeasurement(l.GenerateCodeChallengeFromVerifier,n);try{const o=await p(Sa,l.Sha256Digest,t,e,n)(r,e,n);return Ne(new Uint8Array(o))}catch{throw C(wo)}}/*! @azure/msal-browser v4.9.0 2025-03-25 */class kd extends at{constructor(e,t,n,o,i,a,s,c,d,h){super(e,t,n,o,i,a,s,d,h),this.unloadWindow=this.unloadWindow.bind(this),this.nativeStorage=c,this.eventHandler=i}acquireToken(e,t){try{const o={popupName:this.generatePopupName(e.scopes||ze,e.authority||this.config.auth.authority),popupWindowAttributes:e.popupWindowAttributes||{},popupWindowParent:e.popupWindowParent??window};return this.performanceClient.addFields({isAsyncPopup:this.config.system.asyncPopups},this.correlationId),this.config.system.asyncPopups?(this.logger.verbose("asyncPopups set to true, acquiring token"),this.acquireTokenPopupAsync(e,o,t)):(this.logger.verbose("asyncPopup set to false, opening popup before acquiring token"),o.popup=this.openSizedPopup("about:blank",o),this.acquireTokenPopupAsync(e,o,t))}catch(n){return Promise.reject(n)}}logout(e){try{this.logger.verbose("logoutPopup called");const t=this.initializeLogoutRequest(e),n={popupName:this.generateLogoutPopupName(t),popupWindowAttributes:(e==null?void 0:e.popupWindowAttributes)||{},popupWindowParent:(e==null?void 0:e.popupWindowParent)??window},o=e&&e.authority,i=e&&e.mainWindowRedirectUri;return this.config.system.asyncPopups?(this.logger.verbose("asyncPopups set to true"),this.logoutPopupAsync(t,n,o,i)):(this.logger.verbose("asyncPopup set to false, opening popup"),n.popup=this.openSizedPopup("about:blank",n),this.logoutPopupAsync(t,n,o,i))}catch(t){return Promise.reject(t)}}async acquireTokenPopupAsync(e,t,n){this.logger.verbose("acquireTokenPopupAsync called");const o=await p(this.initializeAuthorizationRequest.bind(this),l.StandardInteractionClientInitializeAuthorizationRequest,this.logger,this.performanceClient,this.correlationId)(e,T.Popup);t.popup&&Na(o.authority);const i=ue.isPlatformBrokerAvailable(this.config,this.logger,this.nativeMessageHandler,e.authenticationScheme);return o.platformBroker=i,this.config.auth.protocolMode===Y.EAR?this.executeEarFlow(o,t):this.executeCodeFlow(o,t,n)}async executeCodeFlow(e,t,n){var c;const o=e.correlationId,i=this.initializeServerTelemetryManager(b.acquireTokenPopup),a=n||await p(Cn,l.GeneratePkceCodes,this.logger,this.performanceClient,o)(this.performanceClient,this.logger,o),s={...e,codeChallenge:a.challenge};try{const d=await p(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,o)({serverTelemetryManager:i,requestAuthority:s.authority,requestAzureCloudOptions:s.azureCloudOptions,requestExtraQueryParameters:s.extraQueryParameters,account:s.account}),h=await p(Ko,l.GetAuthCodeUrl,this.logger,this.performanceClient,o)(this.config,d.authority,s,this.logger,this.performanceClient),u=this.initiateAuthRequest(h,t);this.eventHandler.emitEvent(y.POPUP_OPENED,T.Popup,{popupWindow:u},null);const m=await this.monitorPopupForHash(u,t.popupWindowParent),A=ce(Wt,l.DeserializeResponse,this.logger,this.performanceClient,this.correlationId)(m,this.config.auth.OIDCOptions.serverResponseType,this.logger);return await p(Go,l.HandleResponseCode,this.logger,this.performanceClient,o)(e,A,a.verifier,b.acquireTokenPopup,this.config,d,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.nativeMessageHandler)}catch(d){throw(c=t.popup)==null||c.close(),d instanceof _&&(d.setCorrelationId(this.correlationId),i.cacheFailedRequest(d)),d}}async executeEarFlow(e,t){const n=e.correlationId,o=await p(this.getDiscoveredAuthority.bind(this),l.StandardInteractionClientGetDiscoveredAuthority,this.logger,this.performanceClient,n)({requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account}),i=await p(Mo,l.GenerateEarKey,this.logger,this.performanceClient,n)(),a={...e,earJwk:i},s=t.popup||this.openPopup("about:blank",t);(await Bo(s.document,this.config,o,a,this.logger,this.performanceClient)).submit();const d=await p(this.monitorPopupForHash.bind(this),l.SilentHandlerMonitorIframeForHash,this.logger,this.performanceClient,n)(s,t.popupWindowParent),h=ce(Wt,l.DeserializeResponse,this.logger,this.performanceClient,this.correlationId)(d,this.config.auth.OIDCOptions.serverResponseType,this.logger);return p(zo,l.HandleResponseEar,this.logger,this.performanceClient,n)(a,h,b.acquireTokenPopup,this.config,o,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.nativeMessageHandler)}async logoutPopupAsync(e,t,n,o){var a,s,c,d;this.logger.verbose("logoutPopupAsync called"),this.eventHandler.emitEvent(y.LOGOUT_START,T.Popup,e);const i=this.initializeServerTelemetryManager(b.logoutPopup);try{await this.clearCacheOnLogout(e.account);const h=await p(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:i,requestAuthority:n,account:e.account||void 0});try{h.authority.endSessionEndpoint}catch{if((a=e.account)!=null&&a.homeAccountId&&e.postLogoutRedirectUri&&h.authority.protocolMode===Y.OIDC){if(this.browserStorage.removeAccount((s=e.account)==null?void 0:s.homeAccountId),this.eventHandler.emitEvent(y.LOGOUT_SUCCESS,T.Popup,e),o){const A={apiId:b.logoutPopup,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},E=S.getAbsoluteUrl(o,Ae());await this.navigationClient.navigateInternal(E,A)}(c=t.popup)==null||c.close();return}}const u=h.getLogoutUri(e);this.eventHandler.emitEvent(y.LOGOUT_SUCCESS,T.Popup,e);const m=this.openPopup(u,t);if(this.eventHandler.emitEvent(y.POPUP_OPENED,T.Popup,{popupWindow:m},null),await this.monitorPopupForHash(m,t.popupWindowParent).catch(()=>{}),o){const A={apiId:b.logoutPopup,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},E=S.getAbsoluteUrl(o,Ae());this.logger.verbose("Redirecting main window to url specified in the request"),this.logger.verbosePii(`Redirecting main window to: ${E}`),await this.navigationClient.navigateInternal(E,A)}else this.logger.verbose("No main window navigation requested")}catch(h){throw(d=t.popup)==null||d.close(),h instanceof _&&(h.setCorrelationId(this.correlationId),i.cacheFailedRequest(h)),this.eventHandler.emitEvent(y.LOGOUT_FAILURE,T.Popup,null,h),this.eventHandler.emitEvent(y.LOGOUT_END,T.Popup),h}this.eventHandler.emitEvent(y.LOGOUT_END,T.Popup)}initiateAuthRequest(e,t){if(e)return this.logger.infoPii(`Navigate to: ${e}`),this.openPopup(e,t);throw this.logger.error("Navigate url is empty"),C(un)}monitorPopupForHash(e,t){return new Promise((n,o)=>{this.logger.verbose("PopupHandler.monitorPopupForHash - polling started");const i=setInterval(()=>{if(e.closed){this.logger.error("PopupHandler.monitorPopupForHash - window closed"),clearInterval(i),o(C(mt));return}let a="";try{a=e.location.href}catch{}if(!a||a==="about:blank")return;clearInterval(i);let s="";const c=this.config.auth.OIDCOptions.serverResponseType;e&&(c===Xt.QUERY?s=e.location.search:s=e.location.hash),this.logger.verbose("PopupHandler.monitorPopupForHash - popup window is on same origin as caller"),n(s)},this.config.system.pollIntervalMilliseconds)}).finally(()=>{this.cleanPopup(e,t)})}openPopup(e,t){try{let n;if(t.popup?(n=t.popup,this.logger.verbosePii(`Navigating popup window to: ${e}`),n.location.assign(e)):typeof t.popup>"u"&&(this.logger.verbosePii(`Opening popup window to: ${e}`),n=this.openSizedPopup(e,t)),!n)throw C(Zi);return n.focus&&n.focus(),this.currentWindow=n,t.popupWindowParent.addEventListener("beforeunload",this.unloadWindow),n}catch(n){throw this.logger.error("error opening popup "+n.message),C(Xi)}}openSizedPopup(e,{popupName:t,popupWindowAttributes:n,popupWindowParent:o}){var A,E,w,D;const i=o.screenLeft?o.screenLeft:o.screenX,a=o.screenTop?o.screenTop:o.screenY,s=o.innerWidth||document.documentElement.clientWidth||document.body.clientWidth,c=o.innerHeight||document.documentElement.clientHeight||document.body.clientHeight;let d=(A=n.popupSize)==null?void 0:A.width,h=(E=n.popupSize)==null?void 0:E.height,u=(w=n.popupPosition)==null?void 0:w.top,m=(D=n.popupPosition)==null?void 0:D.left;return(!d||d<0||d>s)&&(this.logger.verbose("Default popup window width used. Window width not configured or invalid."),d=Q.POPUP_WIDTH),(!h||h<0||h>c)&&(this.logger.verbose("Default popup window height used. Window height not configured or invalid."),h=Q.POPUP_HEIGHT),(!u||u<0||u>c)&&(this.logger.verbose("Default popup window top position used. Window top not configured or invalid."),u=Math.max(0,c/2-Q.POPUP_HEIGHT/2+a)),(!m||m<0||m>s)&&(this.logger.verbose("Default popup window left position used. Window left not configured or invalid."),m=Math.max(0,s/2-Q.POPUP_WIDTH/2+i)),o.open(e,t,`width=${d}, height=${h}, top=${u}, left=${m}, scrollbars=yes`)}unloadWindow(e){this.currentWindow&&this.currentWindow.close(),e.preventDefault()}cleanPopup(e,t){e.close(),t.removeEventListener("beforeunload",this.unloadWindow)}generatePopupName(e,t){return`${Q.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${e.join("-")}.${t}.${this.correlationId}`}generateLogoutPopupName(e){const t=e.account&&e.account.homeAccountId;return`${Q.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${t}.${this.correlationId}`}}/*! @azure/msal-browser v4.9.0 2025-03-25 */function _d(){if(typeof window>"u"||typeof window.performance>"u"||typeof window.performance.getEntriesByType!="function")return;const r=window.performance.getEntriesByType("navigation"),e=r.length?r[0]:void 0;return e==null?void 0:e.type}class Rd extends at{constructor(e,t,n,o,i,a,s,c,d,h){super(e,t,n,o,i,a,s,d,h),this.nativeStorage=c}async acquireToken(e){const t=await p(this.initializeAuthorizationRequest.bind(this),l.StandardInteractionClientInitializeAuthorizationRequest,this.logger,this.performanceClient,this.correlationId)(e,T.Redirect);t.platformBroker=ue.isPlatformBrokerAvailable(this.config,this.logger,this.nativeMessageHandler,e.authenticationScheme);const n=i=>{i.persisted&&(this.logger.verbose("Page was restored from back/forward cache. Clearing temporary cache."),this.browserStorage.resetRequestCache(),this.eventHandler.emitEvent(y.RESTORE_FROM_BFCACHE,T.Redirect))},o=this.getRedirectStartPage(e.redirectStartPage);this.logger.verbosePii(`Redirect start page: ${o}`),this.browserStorage.setTemporaryCache(U.ORIGIN_URI,o,!0),window.addEventListener("pageshow",n);try{this.config.auth.protocolMode===Y.EAR?await this.executeEarFlow(t):await this.executeCodeFlow(t,e.onRedirectNavigate)}catch(i){throw i instanceof _&&i.setCorrelationId(this.correlationId),window.removeEventListener("pageshow",n),i}}async executeCodeFlow(e,t){const n=e.correlationId,o=this.initializeServerTelemetryManager(b.acquireTokenRedirect),i=await p(Cn,l.GeneratePkceCodes,this.logger,this.performanceClient,n)(this.performanceClient,this.logger,n),a={...e,codeChallenge:i.challenge};this.browserStorage.cacheAuthorizeRequest(a,i.verifier);try{const s=await p(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:o,requestAuthority:a.authority,requestAzureCloudOptions:a.azureCloudOptions,requestExtraQueryParameters:a.extraQueryParameters,account:a.account}),c=await p(Ko,l.GetAuthCodeUrl,this.logger,this.performanceClient,e.correlationId)(this.config,s.authority,a,this.logger,this.performanceClient);return await this.initiateAuthRequest(c,t)}catch(s){throw s instanceof _&&(s.setCorrelationId(this.correlationId),o.cacheFailedRequest(s)),s}}async executeEarFlow(e){const t=e.correlationId,n=await p(this.getDiscoveredAuthority.bind(this),l.StandardInteractionClientGetDiscoveredAuthority,this.logger,this.performanceClient,t)({requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account}),o=await p(Mo,l.GenerateEarKey,this.logger,this.performanceClient,t)(),i={...e,earJwk:o};this.browserStorage.cacheAuthorizeRequest(i),(await Bo(document,this.config,n,i,this.logger,this.performanceClient)).submit()}async handleRedirectPromise(e="",t,n,o){const i=this.initializeServerTelemetryManager(b.handleRedirectPromise);try{const[a,s]=this.getRedirectResponse(e||"");if(!a)return this.logger.info("handleRedirectPromise did not detect a response as a result of a redirect. Cleaning temporary cache."),this.browserStorage.resetRequestCache(),_d()!=="back_forward"?o.event.errorCode="no_server_response":this.logger.verbose("Back navigation event detected. Muting no_server_response error"),null;const c=this.browserStorage.getTemporaryCache(U.ORIGIN_URI,!0)||g.EMPTY_STRING,d=S.removeHashFromUrl(c),h=S.removeHashFromUrl(window.location.href);if(d===h&&this.config.auth.navigateToLoginRequestUrl)return this.logger.verbose("Current page is loginRequestUrl, handling response"),c.indexOf("#")>-1&&zl(c),await this.handleResponse(a,t,n,i);if(this.config.auth.navigateToLoginRequestUrl){if(!Do()||this.config.system.allowRedirectInIframe){this.browserStorage.setTemporaryCache(U.URL_HASH,s,!0);const u={apiId:b.handleRedirectPromise,timeout:this.config.system.redirectNavigationTimeout,noHistory:!0};let m=!0;if(!c||c==="null"){const A=$l();this.browserStorage.setTemporaryCache(U.ORIGIN_URI,A,!0),this.logger.warning("Unable to get valid login request url from cache, redirecting to home page"),m=await this.navigationClient.navigateInternal(A,u)}else this.logger.verbose(`Navigating to loginRequestUrl: ${c}`),m=await this.navigationClient.navigateInternal(c,u);if(!m)return await this.handleResponse(a,t,n,i)}}else return this.logger.verbose("NavigateToLoginRequestUrl set to false, handling response"),await this.handleResponse(a,t,n,i);return null}catch(a){throw a instanceof _&&(a.setCorrelationId(this.correlationId),i.cacheFailedRequest(a)),a}}getRedirectResponse(e){this.logger.verbose("getRedirectResponseHash called");let t=e;t||(this.config.auth.OIDCOptions.serverResponseType===Xt.QUERY?t=window.location.search:t=window.location.hash);let n=Kt(t);if(n){try{Id(n,this.browserCrypto,T.Redirect)}catch(i){return i instanceof _&&this.logger.error(`Interaction type validation failed due to ${i.errorCode}: ${i.errorMessage}`),[null,""]}return Gl(window),this.logger.verbose("Hash contains known properties, returning response hash"),[n,t]}const o=this.browserStorage.getTemporaryCache(U.URL_HASH,!0);return this.browserStorage.removeItem(this.browserStorage.generateCacheKey(U.URL_HASH)),o&&(n=Kt(o),n)?(this.logger.verbose("Hash does not contain known properties, returning cached hash"),[n,o]):[null,""]}async handleResponse(e,t,n,o){if(!e.state)throw C(So);if(e.ear_jwe){const s=await p(this.getDiscoveredAuthority.bind(this),l.StandardInteractionClientGetDiscoveredAuthority,this.logger,this.performanceClient,t.correlationId)({requestAuthority:t.authority,requestAzureCloudOptions:t.azureCloudOptions,requestExtraQueryParameters:t.extraQueryParameters,account:t.account});return p(zo,l.HandleResponseEar,this.logger,this.performanceClient,t.correlationId)(t,e,b.acquireTokenRedirect,this.config,s,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.nativeMessageHandler)}const a=await p(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:o,requestAuthority:t.authority});return p(Go,l.HandleResponseCode,this.logger,this.performanceClient,t.correlationId)(t,e,n,b.acquireTokenRedirect,this.config,a,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.nativeMessageHandler)}async initiateAuthRequest(e,t){if(this.logger.verbose("RedirectHandler.initiateAuthRequest called"),e){this.logger.infoPii(`RedirectHandler.initiateAuthRequest: Navigate to: ${e}`);const n={apiId:b.acquireTokenRedirect,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},o=t||this.config.auth.onRedirectNavigate;if(typeof o=="function")if(this.logger.verbose("RedirectHandler.initiateAuthRequest: Invoking onRedirectNavigate callback"),o(e)!==!1){this.logger.verbose("RedirectHandler.initiateAuthRequest: onRedirectNavigate did not return false, navigating"),await this.navigationClient.navigateExternal(e,n);return}else{this.logger.verbose("RedirectHandler.initiateAuthRequest: onRedirectNavigate returned false, stopping navigation");return}else{this.logger.verbose("RedirectHandler.initiateAuthRequest: Navigating window to navigate url"),await this.navigationClient.navigateExternal(e,n);return}}else throw this.logger.info("RedirectHandler.initiateAuthRequest: Navigate url is empty"),C(un)}async logout(e){var o,i;this.logger.verbose("logoutRedirect called");const t=this.initializeLogoutRequest(e),n=this.initializeServerTelemetryManager(b.logout);try{this.eventHandler.emitEvent(y.LOGOUT_START,T.Redirect,e),await this.clearCacheOnLogout(t.account);const a={apiId:b.logout,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},s=await p(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:n,requestAuthority:e&&e.authority,requestExtraQueryParameters:e==null?void 0:e.extraQueryParameters,account:e&&e.account||void 0});if(s.authority.protocolMode===Y.OIDC)try{s.authority.endSessionEndpoint}catch{if((o=t.account)!=null&&o.homeAccountId){this.browserStorage.removeAccount((i=t.account)==null?void 0:i.homeAccountId),this.eventHandler.emitEvent(y.LOGOUT_SUCCESS,T.Redirect,t);return}}const c=s.getLogoutUri(t);if(this.eventHandler.emitEvent(y.LOGOUT_SUCCESS,T.Redirect,t),e&&typeof e.onRedirectNavigate=="function")if(e.onRedirectNavigate(c)!==!1){this.logger.verbose("Logout onRedirectNavigate did not return false, navigating"),this.browserStorage.getInteractionInProgress()||this.browserStorage.setInteractionInProgress(!0),await this.navigationClient.navigateExternal(c,a);return}else this.browserStorage.setInteractionInProgress(!1),this.logger.verbose("Logout onRedirectNavigate returned false, stopping navigation");else{this.browserStorage.getInteractionInProgress()||this.browserStorage.setInteractionInProgress(!0),await this.navigationClient.navigateExternal(c,a);return}}catch(a){throw a instanceof _&&(a.setCorrelationId(this.correlationId),n.cacheFailedRequest(a)),this.eventHandler.emitEvent(y.LOGOUT_FAILURE,T.Redirect,null,a),this.eventHandler.emitEvent(y.LOGOUT_END,T.Redirect),a}this.eventHandler.emitEvent(y.LOGOUT_END,T.Redirect)}getRedirectStartPage(e){const t=e||window.location.href;return S.getAbsoluteUrl(t,Ae())}}/*! @azure/msal-browser v4.9.0 2025-03-25 */async function bd(r,e,t,n,o){if(e.addQueueMeasurement(l.SilentHandlerInitiateAuthRequest,n),!r)throw t.info("Navigate url is empty"),C(un);return o?p(Pd,l.SilentHandlerLoadFrame,t,e,n)(r,o,e,n):ce(Nd,l.SilentHandlerLoadFrameSync,t,e,n)(r)}async function Od(r,e,t,n,o){const i=qo();if(!i.contentDocument)throw"No document associated with iframe!";return(await Bo(i.contentDocument,r,e,t,n,o)).submit(),i}async function Sr(r,e,t,n,o,i,a){return n.addQueueMeasurement(l.SilentHandlerMonitorIframeForHash,i),new Promise((s,c)=>{e<Fn&&o.warning(`system.loadFrameTimeout or system.iframeHashTimeout set to lower (${e}ms) than the default (${Fn}ms). This may result in timeouts.`);const d=window.setTimeout(()=>{window.clearInterval(h),c(C(ea))},e),h=window.setInterval(()=>{let u="";const m=r.contentWindow;try{u=m?m.location.href:""}catch{}if(!u||u==="about:blank")return;let A="";m&&(a===Xt.QUERY?A=m.location.search:A=m.location.hash),window.clearTimeout(d),window.clearInterval(h),s(A)},t)}).finally(()=>{ce(Md,l.RemoveHiddenIframe,o,n,i)(r)})}function Pd(r,e,t,n){return t.addQueueMeasurement(l.SilentHandlerLoadFrame,n),new Promise((o,i)=>{const a=qo();window.setTimeout(()=>{if(!a){i("Unable to load iframe");return}a.src=r,o(a)},e)})}function Nd(r){const e=qo();return e.src=r,e}function qo(){const r=document.createElement("iframe");return r.className="msalSilentIframe",r.style.visibility="hidden",r.style.position="absolute",r.style.width=r.style.height="0",r.style.border="0",r.setAttribute("sandbox","allow-scripts allow-same-origin allow-forms"),document.body.appendChild(r),r}function Md(r){document.body===r.parentNode&&document.body.removeChild(r)}/*! @azure/msal-browser v4.9.0 2025-03-25 */class Ud extends at{constructor(e,t,n,o,i,a,s,c,d,h,u){super(e,t,n,o,i,a,c,h,u),this.apiId=s,this.nativeStorage=d}async acquireToken(e){this.performanceClient.addQueueMeasurement(l.SilentIframeClientAcquireToken,e.correlationId),!e.loginHint&&!e.sid&&(!e.account||!e.account.username)&&this.logger.warning("No user hint provided. The authorization server may need more information to complete this request.");const t={...e};t.prompt?t.prompt!==K.NONE&&t.prompt!==K.NO_SESSION&&(this.logger.warning(`SilentIframeClient. Replacing invalid prompt ${t.prompt} with ${K.NONE}`),t.prompt=K.NONE):t.prompt=K.NONE;const n=await p(this.initializeAuthorizationRequest.bind(this),l.StandardInteractionClientInitializeAuthorizationRequest,this.logger,this.performanceClient,e.correlationId)(t,T.Silent);return n.platformBroker=ue.isPlatformBrokerAvailable(this.config,this.logger,this.nativeMessageHandler,n.authenticationScheme),Na(n.authority),this.config.auth.protocolMode===Y.EAR?this.executeEarFlow(n):this.executeCodeFlow(n)}async executeCodeFlow(e){let t;const n=this.initializeServerTelemetryManager(this.apiId);try{return t=await p(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,e.correlationId)({serverTelemetryManager:n,requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account}),await p(this.silentTokenHelper.bind(this),l.SilentIframeClientTokenHelper,this.logger,this.performanceClient,e.correlationId)(t,e)}catch(o){if(o instanceof _&&(o.setCorrelationId(this.correlationId),n.cacheFailedRequest(o)),!t||!(o instanceof _)||o.errorCode!==Q.INVALID_GRANT_ERROR)throw o;return this.performanceClient.addFields({retryError:o.errorCode},this.correlationId),await p(this.silentTokenHelper.bind(this),l.SilentIframeClientTokenHelper,this.logger,this.performanceClient,this.correlationId)(t,e)}}async executeEarFlow(e){const t=e.correlationId,n=await p(this.getDiscoveredAuthority.bind(this),l.StandardInteractionClientGetDiscoveredAuthority,this.logger,this.performanceClient,t)({requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account}),o=await p(Mo,l.GenerateEarKey,this.logger,this.performanceClient,t)(),i={...e,earJwk:o},a=await p(Od,l.SilentHandlerInitiateAuthRequest,this.logger,this.performanceClient,t)(this.config,n,i,this.logger,this.performanceClient),s=this.config.auth.OIDCOptions.serverResponseType,c=await p(Sr,l.SilentHandlerMonitorIframeForHash,this.logger,this.performanceClient,t)(a,this.config.system.iframeHashTimeout,this.config.system.pollIntervalMilliseconds,this.performanceClient,this.logger,t,s),d=ce(Wt,l.DeserializeResponse,this.logger,this.performanceClient,t)(c,s,this.logger);return p(zo,l.HandleResponseEar,this.logger,this.performanceClient,t)(i,d,this.apiId,this.config,n,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.nativeMessageHandler)}logout(){return Promise.reject(C(gn))}async silentTokenHelper(e,t){const n=t.correlationId;this.performanceClient.addQueueMeasurement(l.SilentIframeClientTokenHelper,n);const o=await p(Cn,l.GeneratePkceCodes,this.logger,this.performanceClient,n)(this.performanceClient,this.logger,n),i={...t,codeChallenge:o.challenge},a=await p(Ko,l.GetAuthCodeUrl,this.logger,this.performanceClient,n)(this.config,e.authority,i,this.logger,this.performanceClient),s=await p(bd,l.SilentHandlerInitiateAuthRequest,this.logger,this.performanceClient,n)(a,this.performanceClient,this.logger,n,this.config.system.navigateFrameWait),c=this.config.auth.OIDCOptions.serverResponseType,d=await p(Sr,l.SilentHandlerMonitorIframeForHash,this.logger,this.performanceClient,n)(s,this.config.system.iframeHashTimeout,this.config.system.pollIntervalMilliseconds,this.performanceClient,this.logger,n,c),h=ce(Wt,l.DeserializeResponse,this.logger,this.performanceClient,n)(d,c,this.logger);return p(Go,l.HandleResponseCode,this.logger,this.performanceClient,n)(t,h,o.verifier,this.apiId,this.config,e,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.nativeMessageHandler)}}/*! @azure/msal-browser v4.9.0 2025-03-25 */class Ld extends at{async acquireToken(e){this.performanceClient.addQueueMeasurement(l.SilentRefreshClientAcquireToken,e.correlationId);const t=await p(Fo,l.InitializeBaseRequest,this.logger,this.performanceClient,e.correlationId)(e,this.config,this.performanceClient,this.logger),n={...e,...t};e.redirectUri&&(n.redirectUri=this.getRedirectUri(e.redirectUri));const o=this.initializeServerTelemetryManager(b.acquireTokenSilent_silentFlow),i=await this.createRefreshTokenClient({serverTelemetryManager:o,authorityUrl:n.authority,azureCloudOptions:n.azureCloudOptions,account:n.account});return p(i.acquireTokenByRefreshToken.bind(i),l.RefreshTokenClientAcquireTokenByRefreshToken,this.logger,this.performanceClient,e.correlationId)(n).catch(a=>{throw a.setCorrelationId(this.correlationId),o.cacheFailedRequest(a),a})}logout(){return Promise.reject(C(gn))}async createRefreshTokenClient(e){const t=await p(this.getClientConfiguration.bind(this),l.StandardInteractionClientGetClientConfiguration,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:e.serverTelemetryManager,requestAuthority:e.authorityUrl,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account});return new ol(t,this.performanceClient)}}/*! @azure/msal-browser v4.9.0 2025-03-25 */class Hd{constructor(e,t,n,o){this.isBrowserEnvironment=typeof window<"u",this.config=e,this.storage=t,this.logger=n,this.cryptoObj=o}async loadExternalTokens(e,t,n){if(!this.isBrowserEnvironment)throw C(pn);const o=e.correlationId||Z(),i=t.id_token?Pe(t.id_token,se):void 0,a={protocolMode:this.config.auth.protocolMode,knownAuthorities:this.config.auth.knownAuthorities,cloudDiscoveryMetadata:this.config.auth.cloudDiscoveryMetadata,authorityMetadata:this.config.auth.authorityMetadata,skipAuthorityMetadataCache:this.config.auth.skipAuthorityMetadataCache},s=e.authority?new G(G.generateAuthority(e.authority,e.azureCloudOptions),this.config.system.networkClient,this.storage,a,this.logger,e.correlationId||Z()):void 0,c=await this.loadAccount(e,n.clientInfo||t.client_info||"",o,i,s),d=await this.loadIdToken(t,c.homeAccountId,c.environment,c.realm,o),h=await this.loadAccessToken(e,t,c.homeAccountId,c.environment,c.realm,n,o),u=await this.loadRefreshToken(t,c.homeAccountId,c.environment,o);return this.generateAuthenticationResult(e,{account:c,idToken:d,accessToken:h,refreshToken:u},i,s)}async loadAccount(e,t,n,o,i){if(this.logger.verbose("TokenCache - loading account"),e.account){const d=q.createFromAccountInfo(e.account);return await this.storage.setAccount(d,n),d}else if(!i||!t&&!o)throw this.logger.error("TokenCache - if an account is not provided on the request, authority and either clientInfo or idToken must be provided instead."),C(la);const a=q.generateHomeAccountId(t,i.authorityType,this.logger,this.cryptoObj,o),s=o==null?void 0:o.tid,c=Ao(this.storage,i,a,se,o,t,i.hostnameAndPort,s,void 0,void 0,this.logger);return await this.storage.setAccount(c,n),c}async loadIdToken(e,t,n,o,i){if(!e.id_token)return this.logger.verbose("TokenCache - no id token found in response"),null;this.logger.verbose("TokenCache - loading id token");const a=Zt(t,n,e.id_token,this.config.auth.clientId,o);return await this.storage.setIdTokenCredential(a,i),a}async loadAccessToken(e,t,n,o,i,a,s){if(t.access_token)if(t.expires_in){if(!t.scope&&(!e.scopes||!e.scopes.length))return this.logger.error("TokenCache - scopes not specified in the request or response. Cannot add token to the cache."),null}else return this.logger.error("TokenCache - no expiration set on the access token. Cannot add it to the cache."),null;else return this.logger.verbose("TokenCache - no access token found in response"),null;this.logger.verbose("TokenCache - loading access token");const c=t.scope?M.fromString(t.scope):new M(e.scopes),d=a.expiresOn||t.expires_in+j(),h=a.extendedExpiresOn||(t.ext_expires_in||t.expires_in)+j(),u=en(n,o,t.access_token,this.config.auth.clientId,i,c.printScopes(),d,h,se);return await this.storage.setAccessTokenCredential(u,s),u}async loadRefreshToken(e,t,n,o){if(!e.refresh_token)return this.logger.verbose("TokenCache - no refresh token found in response"),null;this.logger.verbose("TokenCache - loading refresh token");const i=Xr(t,n,e.refresh_token,this.config.auth.clientId,e.foci,void 0,e.refresh_token_expires_in);return await this.storage.setRefreshTokenCredential(i,o),i}generateAuthenticationResult(e,t,n,o){var h,u,m;let i="",a=[],s=null,c;t!=null&&t.accessToken&&(i=t.accessToken.secret,a=M.fromString(t.accessToken.target).asArray(),s=Ie(t.accessToken.expiresOn),c=Ie(t.accessToken.extendedExpiresOn));const d=t.account;return{authority:o?o.canonicalAuthority:"",uniqueId:t.account.localAccountId,tenantId:t.account.realm,scopes:a,account:d.getAccountInfo(),idToken:((h=t.idToken)==null?void 0:h.secret)||"",idTokenClaims:n||{},accessToken:i,fromCache:!0,expiresOn:s,correlationId:e.correlationId||"",requestId:"",extExpiresOn:c,familyId:((u=t.refreshToken)==null?void 0:u.familyId)||"",tokenType:((m=t==null?void 0:t.accessToken)==null?void 0:m.tokenType)||"",state:e.state||"",cloudGraphHostName:d.cloudGraphHostName||"",msGraphHost:d.msGraphHost||"",fromNativeBroker:!1}}}/*! @azure/msal-browser v4.9.0 2025-03-25 */class Dd extends Ki{constructor(e){super(e),this.includeRedirectUri=!1}}/*! @azure/msal-browser v4.9.0 2025-03-25 */class xd extends at{constructor(e,t,n,o,i,a,s,c,d,h){super(e,t,n,o,i,a,c,d,h),this.apiId=s}async acquireToken(e){if(!e.code)throw C(da);const t=await p(this.initializeAuthorizationRequest.bind(this),l.StandardInteractionClientInitializeAuthorizationRequest,this.logger,this.performanceClient,e.correlationId)(e,T.Silent),n=this.initializeServerTelemetryManager(this.apiId);try{const o={...t,code:e.code},i=await p(this.getClientConfiguration.bind(this),l.StandardInteractionClientGetClientConfiguration,this.logger,this.performanceClient,e.correlationId)({serverTelemetryManager:n,requestAuthority:t.authority,requestAzureCloudOptions:t.azureCloudOptions,requestExtraQueryParameters:t.extraQueryParameters,account:t.account}),a=new Dd(i);this.logger.verbose("Auth code client created");const s=new qa(a,this.browserStorage,o,this.logger,this.performanceClient);return await p(s.handleCodeResponseFromServer.bind(s),l.HandleCodeResponseFromServer,this.logger,this.performanceClient,e.correlationId)({code:e.code,msgraph_host:e.msGraphHost,cloud_graph_host_name:e.cloudGraphHostName,cloud_instance_host_name:e.cloudInstanceHostName},t,!1)}catch(o){throw o instanceof _&&(o.setCorrelationId(this.correlationId),n.cacheFailedRequest(o)),o}}logout(){return Promise.reject(C(gn))}}/*! @azure/msal-browser v4.9.0 2025-03-25 */function le(r){const e=r==null?void 0:r.idTokenClaims;if(e!=null&&e.tfp||e!=null&&e.acr)return"B2C";if(e!=null&&e.tid){if((e==null?void 0:e.tid)==="9188040d-6c67-4c5b-b112-36a304b66dad")return"MSA"}else return;return"AAD"}function Nt(r,e){try{xo(r)}catch(t){throw e.end({success:!1},t),t}}class yn{constructor(e){this.operatingContext=e,this.isBrowserEnvironment=this.operatingContext.isBrowserEnvironment(),this.config=e.getConfig(),this.initialized=!1,this.logger=this.operatingContext.getLogger(),this.networkClient=this.config.system.networkClient,this.navigationClient=this.config.system.navigationClient,this.redirectResponse=new Map,this.hybridAuthCodeResponses=new Map,this.performanceClient=this.config.telemetry.client,this.browserCrypto=this.isBrowserEnvironment?new pe(this.logger,this.performanceClient):gt,this.eventHandler=new Ba(this.logger),this.browserStorage=this.isBrowserEnvironment?new jt(this.config.auth.clientId,this.config.cache,this.browserCrypto,this.logger,this.performanceClient,this.eventHandler,Li(this.config.auth)):Ua(this.config.auth.clientId,this.logger,this.performanceClient,this.eventHandler);const t={cacheLocation:B.MemoryStorage,temporaryCacheLocation:B.MemoryStorage,storeAuthStateInCookie:!1,secureCookies:!1,cacheMigrationEnabled:!1,claimsBasedCachingEnabled:!1};this.nativeInternalStorage=new jt(this.config.auth.clientId,t,this.browserCrypto,this.logger,this.performanceClient,this.eventHandler),this.tokenCache=new Hd(this.config,this.browserStorage,this.logger,this.browserCrypto),this.activeSilentTokenRequests=new Map,this.trackPageVisibility=this.trackPageVisibility.bind(this),this.trackPageVisibilityWithMeasurement=this.trackPageVisibilityWithMeasurement.bind(this)}static async createController(e,t){const n=new yn(e);return await n.initialize(t),n}trackPageVisibility(e){e&&(this.logger.info("Perf: Visibility change detected"),this.performanceClient.incrementFields({visibilityChangeCount:1},e))}async initialize(e){if(this.logger.trace("initialize called"),this.initialized){this.logger.info("initialize has already been called, exiting early.");return}if(!this.isBrowserEnvironment){this.logger.info("in non-browser environment, exiting early."),this.initialized=!0,this.eventHandler.emitEvent(y.INITIALIZE_END);return}const t=(e==null?void 0:e.correlationId)||this.getRequestCorrelationId(),n=this.config.system.allowPlatformBroker,o=this.performanceClient.startMeasurement(l.InitializeClientApplication,t);if(this.eventHandler.emitEvent(y.INITIALIZE_START),await p(this.browserStorage.initialize.bind(this.browserStorage),l.InitializeCache,this.logger,this.performanceClient,t)(t),n)try{this.nativeExtensionProvider=await ue.createProvider(this.logger,this.config.system.nativeBrokerHandshakeTimeout,this.performanceClient)}catch(i){this.logger.verbose(i)}this.config.cache.claimsBasedCachingEnabled||(this.logger.verbose("Claims-based caching is disabled. Clearing the previous cache with claims"),await p(this.browserStorage.clearTokensAndKeysWithClaims.bind(this.browserStorage),l.ClearTokensAndKeysWithClaims,this.logger,this.performanceClient,t)(this.performanceClient,t)),this.config.system.asyncPopups&&await this.preGeneratePkceCodes(t),this.initialized=!0,this.eventHandler.emitEvent(y.INITIALIZE_END),o.end({allowPlatformBroker:n,success:!0})}async handleRedirectPromise(e){if(this.logger.verbose("handleRedirectPromise called"),Pa(this.initialized),this.isBrowserEnvironment){const t=e||"";let n=this.redirectResponse.get(t);return typeof n>"u"?(n=this.handleRedirectPromiseInternal(e),this.redirectResponse.set(t,n),this.logger.verbose("handleRedirectPromise has been called for the first time, storing the promise")):this.logger.verbose("handleRedirectPromise has been called previously, returning the result from the first call"),n}return this.logger.verbose("handleRedirectPromise returns null, not browser environment"),null}async handleRedirectPromiseInternal(e){if(!this.browserStorage.isInteractionInProgress(!0))return this.logger.info("handleRedirectPromise called but there is no interaction in progress, returning null."),null;const t=this.getAllAccounts(),n=this.browserStorage.getCachedNativeRequest(),o=n&&ue.isPlatformBrokerAvailable(this.config,this.logger,this.nativeExtensionProvider)&&this.nativeExtensionProvider&&!e;let i=this.performanceClient.startMeasurement(l.AcquireTokenRedirect,(n==null?void 0:n.correlationId)||"");this.eventHandler.emitEvent(y.HANDLE_REDIRECT_START,T.Redirect);let a;if(o&&this.nativeExtensionProvider){this.logger.trace("handleRedirectPromise - acquiring token from native platform");const s=new Ut(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,b.handleRedirectPromise,this.performanceClient,this.nativeExtensionProvider,n.accountId,this.nativeInternalStorage,n.correlationId);a=p(s.handleRedirectPromise.bind(s),l.HandleNativeRedirectPromiseMeasurement,this.logger,this.performanceClient,i.event.correlationId)(this.performanceClient,i.event.correlationId)}else{const[s,c]=this.browserStorage.getCachedRequest(),d=s.correlationId;i.discard(),i=this.performanceClient.startMeasurement(l.AcquireTokenRedirect,d),this.logger.trace("handleRedirectPromise - acquiring token from web flow");const h=this.createRedirectClient(d);a=p(h.handleRedirectPromise.bind(h),l.HandleRedirectPromiseMeasurement,this.logger,this.performanceClient,i.event.correlationId)(e,s,c,i)}return a.then(s=>(s?(this.browserStorage.resetRequestCache(),t.length<this.getAllAccounts().length?(this.eventHandler.emitEvent(y.LOGIN_SUCCESS,T.Redirect,s),this.logger.verbose("handleRedirectResponse returned result, login success")):(this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_SUCCESS,T.Redirect,s),this.logger.verbose("handleRedirectResponse returned result, acquire token success")),i.end({success:!0,accountType:le(s.account)})):i.event.errorCode?i.end({success:!1}):i.discard(),this.eventHandler.emitEvent(y.HANDLE_REDIRECT_END,T.Redirect),s)).catch(s=>{this.browserStorage.resetRequestCache();const c=s;throw t.length>0?this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_FAILURE,T.Redirect,null,c):this.eventHandler.emitEvent(y.LOGIN_FAILURE,T.Redirect,null,c),this.eventHandler.emitEvent(y.HANDLE_REDIRECT_END,T.Redirect),i.end({success:!1},c),s})}async acquireTokenRedirect(e){const t=this.getRequestCorrelationId(e);this.logger.verbose("acquireTokenRedirect called",t);const n=this.performanceClient.startMeasurement(l.AcquireTokenPreRedirect,t);n.add({accountType:le(e.account),scenarioId:e.scenarioId});const o=e.onRedirectNavigate;if(o)e.onRedirectNavigate=a=>{const s=typeof o=="function"?o(a):void 0;return s!==!1?n.end({success:!0}):n.discard(),s};else{const a=this.config.auth.onRedirectNavigate;this.config.auth.onRedirectNavigate=s=>{const c=typeof a=="function"?a(s):void 0;return c!==!1?n.end({success:!0}):n.discard(),c}}const i=this.getAllAccounts().length>0;try{Tr(this.initialized,this.config),this.browserStorage.setInteractionInProgress(!0),i?this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_START,T.Redirect,e):this.eventHandler.emitEvent(y.LOGIN_START,T.Redirect,e);let a;return this.nativeExtensionProvider&&this.canUsePlatformBroker(e)?a=new Ut(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,b.acquireTokenRedirect,this.performanceClient,this.nativeExtensionProvider,this.getNativeAccountId(e),this.nativeInternalStorage,t).acquireTokenRedirect(e,n).catch(c=>{if(c instanceof he&&Ve(c))return this.nativeExtensionProvider=void 0,this.createRedirectClient(t).acquireToken(e);if(c instanceof ne)return this.logger.verbose("acquireTokenRedirect - Resolving interaction required error thrown by native broker by falling back to web flow"),this.createRedirectClient(t).acquireToken(e);throw c}):a=this.createRedirectClient(t).acquireToken(e),await a}catch(a){throw this.browserStorage.resetRequestCache(),n.end({success:!1},a),i?this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_FAILURE,T.Redirect,null,a):this.eventHandler.emitEvent(y.LOGIN_FAILURE,T.Redirect,null,a),a}}acquireTokenPopup(e){const t=this.getRequestCorrelationId(e),n=this.performanceClient.startMeasurement(l.AcquireTokenPopup,t);n.add({scenarioId:e.scenarioId,accountType:le(e.account)});try{this.logger.verbose("acquireTokenPopup called",t),Nt(this.initialized,n),this.browserStorage.setInteractionInProgress(!0)}catch(s){return Promise.reject(s)}const o=this.getAllAccounts();o.length>0?this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_START,T.Popup,e):this.eventHandler.emitEvent(y.LOGIN_START,T.Popup,e);let i;const a=this.getPreGeneratedPkceCodes(t);return this.canUsePlatformBroker(e)?i=this.acquireTokenNative({...e,correlationId:t},b.acquireTokenPopup).then(s=>(n.end({success:!0,isNativeBroker:!0,accountType:le(s.account)}),s)).catch(s=>{if(s instanceof he&&Ve(s))return this.nativeExtensionProvider=void 0,this.createPopupClient(t).acquireToken(e,a);if(s instanceof ne)return this.logger.verbose("acquireTokenPopup - Resolving interaction required error thrown by native broker by falling back to web flow"),this.createPopupClient(t).acquireToken(e,a);throw s}):i=this.createPopupClient(t).acquireToken(e,a),i.then(s=>(o.length<this.getAllAccounts().length?this.eventHandler.emitEvent(y.LOGIN_SUCCESS,T.Popup,s):this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_SUCCESS,T.Popup,s),n.end({success:!0,accessTokenSize:s.accessToken.length,idTokenSize:s.idToken.length,accountType:le(s.account)}),s)).catch(s=>(o.length>0?this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_FAILURE,T.Popup,null,s):this.eventHandler.emitEvent(y.LOGIN_FAILURE,T.Popup,null,s),n.end({success:!1},s),Promise.reject(s))).finally(async()=>{this.browserStorage.setInteractionInProgress(!1),this.config.system.asyncPopups&&await this.preGeneratePkceCodes(t)})}trackPageVisibilityWithMeasurement(){const e=this.ssoSilentMeasurement||this.acquireTokenByCodeAsyncMeasurement;e&&(this.logger.info("Perf: Visibility change detected in ",e.event.name),e.increment({visibilityChangeCount:1}))}async ssoSilent(e){var i,a;const t=this.getRequestCorrelationId(e),n={...e,prompt:e.prompt,correlationId:t};this.ssoSilentMeasurement=this.performanceClient.startMeasurement(l.SsoSilent,t),(i=this.ssoSilentMeasurement)==null||i.add({scenarioId:e.scenarioId,accountType:le(e.account)}),Nt(this.initialized,this.ssoSilentMeasurement),(a=this.ssoSilentMeasurement)==null||a.increment({visibilityChangeCount:0}),document.addEventListener("visibilitychange",this.trackPageVisibilityWithMeasurement),this.logger.verbose("ssoSilent called",t),this.eventHandler.emitEvent(y.SSO_SILENT_START,T.Silent,n);let o;return this.canUsePlatformBroker(n)?o=this.acquireTokenNative(n,b.ssoSilent).catch(s=>{if(s instanceof he&&Ve(s))return this.nativeExtensionProvider=void 0,this.createSilentIframeClient(n.correlationId).acquireToken(n);throw s}):o=this.createSilentIframeClient(n.correlationId).acquireToken(n),o.then(s=>{var c;return this.eventHandler.emitEvent(y.SSO_SILENT_SUCCESS,T.Silent,s),(c=this.ssoSilentMeasurement)==null||c.end({success:!0,isNativeBroker:s.fromNativeBroker,accessTokenSize:s.accessToken.length,idTokenSize:s.idToken.length,accountType:le(s.account)}),s}).catch(s=>{var c;throw this.eventHandler.emitEvent(y.SSO_SILENT_FAILURE,T.Silent,null,s),(c=this.ssoSilentMeasurement)==null||c.end({success:!1},s),s}).finally(()=>{document.removeEventListener("visibilitychange",this.trackPageVisibilityWithMeasurement)})}async acquireTokenByCode(e){const t=this.getRequestCorrelationId(e);this.logger.trace("acquireTokenByCode called",t);const n=this.performanceClient.startMeasurement(l.AcquireTokenByCode,t);Nt(this.initialized,n),this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_BY_CODE_START,T.Silent,e),n.add({scenarioId:e.scenarioId});try{if(e.code&&e.nativeAccountId)throw C(ua);if(e.code){const o=e.code;let i=this.hybridAuthCodeResponses.get(o);return i?(this.logger.verbose("Existing acquireTokenByCode request found",t),n.discard()):(this.logger.verbose("Initiating new acquireTokenByCode request",t),i=this.acquireTokenByCodeAsync({...e,correlationId:t}).then(a=>(this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_BY_CODE_SUCCESS,T.Silent,a),this.hybridAuthCodeResponses.delete(o),n.end({success:!0,isNativeBroker:a.fromNativeBroker,accessTokenSize:a.accessToken.length,idTokenSize:a.idToken.length,accountType:le(a.account)}),a)).catch(a=>{throw this.hybridAuthCodeResponses.delete(o),this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_BY_CODE_FAILURE,T.Silent,null,a),n.end({success:!1},a),a}),this.hybridAuthCodeResponses.set(o,i)),await i}else if(e.nativeAccountId)if(this.canUsePlatformBroker(e,e.nativeAccountId)){const o=await this.acquireTokenNative({...e,correlationId:t},b.acquireTokenByCode,e.nativeAccountId).catch(i=>{throw i instanceof he&&Ve(i)&&(this.nativeExtensionProvider=void 0),i});return n.end({accountType:le(o.account),success:!0}),o}else throw C(ga);else throw C(ha)}catch(o){throw this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_BY_CODE_FAILURE,T.Silent,null,o),n.end({success:!1},o),o}}async acquireTokenByCodeAsync(e){var o;return this.logger.trace("acquireTokenByCodeAsync called",e.correlationId),this.acquireTokenByCodeAsyncMeasurement=this.performanceClient.startMeasurement(l.AcquireTokenByCodeAsync,e.correlationId),(o=this.acquireTokenByCodeAsyncMeasurement)==null||o.increment({visibilityChangeCount:0}),document.addEventListener("visibilitychange",this.trackPageVisibilityWithMeasurement),await this.createSilentAuthCodeClient(e.correlationId).acquireToken(e).then(i=>{var a;return(a=this.acquireTokenByCodeAsyncMeasurement)==null||a.end({success:!0,fromCache:i.fromCache,isNativeBroker:i.fromNativeBroker}),i}).catch(i=>{var a;throw(a=this.acquireTokenByCodeAsyncMeasurement)==null||a.end({success:!1},i),i}).finally(()=>{document.removeEventListener("visibilitychange",this.trackPageVisibilityWithMeasurement)})}async acquireTokenFromCache(e,t){switch(this.performanceClient.addQueueMeasurement(l.AcquireTokenFromCache,e.correlationId),t){case H.Default:case H.AccessToken:case H.AccessTokenAndRefreshToken:const n=this.createSilentCacheClient(e.correlationId);return p(n.acquireToken.bind(n),l.SilentCacheClientAcquireToken,this.logger,this.performanceClient,e.correlationId)(e);default:throw f(be)}}async acquireTokenByRefreshToken(e,t){switch(this.performanceClient.addQueueMeasurement(l.AcquireTokenByRefreshToken,e.correlationId),t){case H.Default:case H.AccessTokenAndRefreshToken:case H.RefreshToken:case H.RefreshTokenAndNetwork:const n=this.createSilentRefreshClient(e.correlationId);return p(n.acquireToken.bind(n),l.SilentRefreshClientAcquireToken,this.logger,this.performanceClient,e.correlationId)(e);default:throw f(be)}}async acquireTokenBySilentIframe(e){this.performanceClient.addQueueMeasurement(l.AcquireTokenBySilentIframe,e.correlationId);const t=this.createSilentIframeClient(e.correlationId);return p(t.acquireToken.bind(t),l.SilentIframeClientAcquireToken,this.logger,this.performanceClient,e.correlationId)(e)}async logout(e){const t=this.getRequestCorrelationId(e);return this.logger.warning("logout API is deprecated and will be removed in msal-browser v3.0.0. Use logoutRedirect instead.",t),this.logoutRedirect({correlationId:t,...e})}async logoutRedirect(e){const t=this.getRequestCorrelationId(e);return Tr(this.initialized,this.config),this.browserStorage.setInteractionInProgress(!0),this.createRedirectClient(t).logout(e)}logoutPopup(e){try{const t=this.getRequestCorrelationId(e);return xo(this.initialized),this.browserStorage.setInteractionInProgress(!0),this.createPopupClient(t).logout(e).finally(()=>{this.browserStorage.setInteractionInProgress(!1)})}catch(t){return Promise.reject(t)}}async clearCache(e){if(!this.isBrowserEnvironment){this.logger.info("in non-browser environment, returning early.");return}const t=this.getRequestCorrelationId(e);return this.createSilentCacheClient(t).logout(e)}getAllAccounts(e){return La(this.logger,this.browserStorage,this.isBrowserEnvironment,e)}getAccount(e){return zn(e,this.logger,this.browserStorage)}getAccountByUsername(e){return Ha(e,this.logger,this.browserStorage)}getAccountByHomeId(e){return Da(e,this.logger,this.browserStorage)}getAccountByLocalId(e){return xa(e,this.logger,this.browserStorage)}setActiveAccount(e){Fa(e,this.browserStorage)}getActiveAccount(){return Ka(this.browserStorage)}async hydrateCache(e,t){this.logger.verbose("hydrateCache called");const n=q.createFromAccountInfo(e.account,e.cloudGraphHostName,e.msGraphHost);return await this.browserStorage.setAccount(n,e.correlationId),e.fromNativeBroker?(this.logger.verbose("Response was from native broker, storing in-memory"),this.nativeInternalStorage.hydrateCache(e,t)):this.browserStorage.hydrateCache(e,t)}async acquireTokenNative(e,t,n,o){if(this.logger.trace("acquireTokenNative called"),!this.nativeExtensionProvider)throw C(Ro);return new Ut(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,t,this.performanceClient,this.nativeExtensionProvider,n||this.getNativeAccountId(e),this.nativeInternalStorage,e.correlationId).acquireToken(e,o)}canUsePlatformBroker(e,t){if(this.logger.trace("canUsePlatformBroker called"),!ue.isPlatformBrokerAvailable(this.config,this.logger,this.nativeExtensionProvider,e.authenticationScheme))return this.logger.trace("canUsePlatformBroker: isPlatformBrokerAvailable returned false, returning false"),!1;if(e.prompt)switch(e.prompt){case K.NONE:case K.CONSENT:case K.LOGIN:this.logger.trace("canUsePlatformBroker: prompt is compatible with platform broker flow");break;default:return this.logger.trace(`canUsePlatformBroker: prompt = ${e.prompt} is not compatible with platform broker flow, returning false`),!1}return!t&&!this.getNativeAccountId(e)?(this.logger.trace("canUsePlatformBroker: nativeAccountId is not available, returning false"),!1):!0}getNativeAccountId(e){const t=e.account||this.getAccount({loginHint:e.loginHint,sid:e.sid})||this.getActiveAccount();return t&&t.nativeAccountId||""}createPopupClient(e){return new kd(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeInternalStorage,this.nativeExtensionProvider,e)}createRedirectClient(e){return new Rd(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeInternalStorage,this.nativeExtensionProvider,e)}createSilentIframeClient(e){return new Ud(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,b.ssoSilent,this.performanceClient,this.nativeInternalStorage,this.nativeExtensionProvider,e)}createSilentCacheClient(e){return new $a(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeExtensionProvider,e)}createSilentRefreshClient(e){return new Ld(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeExtensionProvider,e)}createSilentAuthCodeClient(e){return new xd(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,b.acquireTokenByCode,this.performanceClient,this.nativeExtensionProvider,e)}addEventCallback(e,t){return this.eventHandler.addEventCallback(e,t)}removeEventCallback(e){this.eventHandler.removeEventCallback(e)}addPerformanceCallback(e){return Oa(),this.performanceClient.addPerformanceCallback(e)}removePerformanceCallback(e){return this.performanceClient.removePerformanceCallback(e)}enableAccountStorageEvents(){if(this.config.cache.cacheLocation!==B.LocalStorage){this.logger.info("Account storage events are only available when cacheLocation is set to localStorage");return}this.eventHandler.subscribeCrossTab()}disableAccountStorageEvents(){if(this.config.cache.cacheLocation!==B.LocalStorage){this.logger.info("Account storage events are only available when cacheLocation is set to localStorage");return}this.eventHandler.unsubscribeCrossTab()}getTokenCache(){return this.tokenCache}getLogger(){return this.logger}setLogger(e){this.logger=e}initializeWrapperLibrary(e,t){this.browserStorage.setWrapperMetadata(e,t)}setNavigationClient(e){this.navigationClient=e}getConfiguration(){return this.config}getPerformanceClient(){return this.performanceClient}isBrowserEnv(){return this.isBrowserEnvironment}getRequestCorrelationId(e){return e!=null&&e.correlationId?e.correlationId:this.isBrowserEnvironment?Z():g.EMPTY_STRING}async loginRedirect(e){const t=this.getRequestCorrelationId(e);return this.logger.verbose("loginRedirect called",t),this.acquireTokenRedirect({correlationId:t,...e||Dn})}loginPopup(e){const t=this.getRequestCorrelationId(e);return this.logger.verbose("loginPopup called",t),this.acquireTokenPopup({correlationId:t,...e||Dn})}async acquireTokenSilent(e){const t=this.getRequestCorrelationId(e),n=this.performanceClient.startMeasurement(l.AcquireTokenSilent,t);n.add({cacheLookupPolicy:e.cacheLookupPolicy,scenarioId:e.scenarioId}),Nt(this.initialized,n),this.logger.verbose("acquireTokenSilent called",t);const o=e.account||this.getActiveAccount();if(!o)throw C(ra);return n.add({accountType:le(o)}),this.acquireTokenSilentDeduped(e,o,t).then(i=>(n.end({success:!0,fromCache:i.fromCache,isNativeBroker:i.fromNativeBroker,accessTokenSize:i.accessToken.length,idTokenSize:i.idToken.length}),{...i,state:e.state,correlationId:t})).catch(i=>{throw i instanceof _&&i.setCorrelationId(t),n.end({success:!1},i),i})}async acquireTokenSilentDeduped(e,t,n){const o=ln(this.config.auth.clientId,{...e,authority:e.authority||this.config.auth.authority},t.homeAccountId),i=JSON.stringify(o),a=this.activeSilentTokenRequests.get(i);if(typeof a>"u"){this.logger.verbose("acquireTokenSilent called for the first time, storing active request",n),this.performanceClient.addFields({deduped:!1},n);const s=p(this.acquireTokenSilentAsync.bind(this),l.AcquireTokenSilentAsync,this.logger,this.performanceClient,n)({...e,correlationId:n},t);return this.activeSilentTokenRequests.set(i,s),s.finally(()=>{this.activeSilentTokenRequests.delete(i)})}else return this.logger.verbose("acquireTokenSilent has been called previously, returning the result from the first call",n),this.performanceClient.addFields({deduped:!0},n),a}async acquireTokenSilentAsync(e,t){const n=()=>this.trackPageVisibility(e.correlationId);this.performanceClient.addQueueMeasurement(l.AcquireTokenSilentAsync,e.correlationId),this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_START,T.Silent,e),e.correlationId&&this.performanceClient.incrementFields({visibilityChangeCount:0},e.correlationId),document.addEventListener("visibilitychange",n);const o=await p(dd,l.InitializeSilentRequest,this.logger,this.performanceClient,e.correlationId)(e,t,this.config,this.performanceClient,this.logger),i=e.cacheLookupPolicy||H.Default;return this.acquireTokenSilentNoIframe(o,i).catch(async s=>{if(Fd(s,i))if(this.activeIframeRequest)if(i!==H.Skip){const[d,h]=this.activeIframeRequest;this.logger.verbose(`Iframe request is already in progress, awaiting resolution for request with correlationId: ${h}`,o.correlationId);const u=this.performanceClient.startMeasurement(l.AwaitConcurrentIframe,o.correlationId);u.add({awaitIframeCorrelationId:h});const m=await d;if(u.end({success:m}),m)return this.logger.verbose(`Parallel iframe request with correlationId: ${h} succeeded. Retrying cache and/or RT redemption`,o.correlationId),this.acquireTokenSilentNoIframe(o,i);throw this.logger.info(`Iframe request with correlationId: ${h} failed. Interaction is required.`),s}else return this.logger.warning("Another iframe request is currently in progress and CacheLookupPolicy is set to Skip. This may result in degraded performance and/or reliability for both calls. Please consider changing the CacheLookupPolicy to take advantage of request queuing and token cache.",o.correlationId),p(this.acquireTokenBySilentIframe.bind(this),l.AcquireTokenBySilentIframe,this.logger,this.performanceClient,o.correlationId)(o);else{let d;return this.activeIframeRequest=[new Promise(h=>{d=h}),o.correlationId],this.logger.verbose("Refresh token expired/invalid or CacheLookupPolicy is set to Skip, attempting acquire token by iframe.",o.correlationId),p(this.acquireTokenBySilentIframe.bind(this),l.AcquireTokenBySilentIframe,this.logger,this.performanceClient,o.correlationId)(o).then(h=>(d(!0),h)).catch(h=>{throw d(!1),h}).finally(()=>{this.activeIframeRequest=void 0})}else throw s}).then(s=>(this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_SUCCESS,T.Silent,s),e.correlationId&&this.performanceClient.addFields({fromCache:s.fromCache,isNativeBroker:s.fromNativeBroker},e.correlationId),s)).catch(s=>{throw this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_FAILURE,T.Silent,null,s),s}).finally(()=>{document.removeEventListener("visibilitychange",n)})}async acquireTokenSilentNoIframe(e,t){return ue.isPlatformBrokerAvailable(this.config,this.logger,this.nativeExtensionProvider,e.authenticationScheme)&&e.account.nativeAccountId?(this.logger.verbose("acquireTokenSilent - attempting to acquire token from native platform"),this.acquireTokenNative(e,b.acquireTokenSilent_silentFlow,e.account.nativeAccountId,t).catch(async n=>{throw n instanceof he&&Ve(n)?(this.logger.verbose("acquireTokenSilent - native platform unavailable, falling back to web flow"),this.nativeExtensionProvider=void 0,f(be)):n})):(this.logger.verbose("acquireTokenSilent - attempting to acquire token from web flow"),t===H.AccessToken&&this.logger.verbose("acquireTokenSilent - cache lookup policy set to AccessToken, attempting to acquire token from local cache"),p(this.acquireTokenFromCache.bind(this),l.AcquireTokenFromCache,this.logger,this.performanceClient,e.correlationId)(e,t).catch(n=>{if(t===H.AccessToken)throw n;return this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_NETWORK_START,T.Silent,e),p(this.acquireTokenByRefreshToken.bind(this),l.AcquireTokenByRefreshToken,this.logger,this.performanceClient,e.correlationId)(e,t)}))}async preGeneratePkceCodes(e){return this.logger.verbose("Generating new PKCE codes"),this.pkceCode=await p(Cn,l.GeneratePkceCodes,this.logger,this.performanceClient,e)(this.performanceClient,this.logger,e),Promise.resolve()}getPreGeneratedPkceCodes(e){this.logger.verbose("Attempting to pick up pre-generated PKCE codes");const t=this.pkceCode?{...this.pkceCode}:void 0;return this.pkceCode=void 0,this.logger.verbose(`${t?"Found":"Did not find"} pre-generated PKCE codes`),this.performanceClient.addFields({usePreGeneratedPkce:!!t},e),t}}function Fd(r,e){const t=!(r instanceof ne&&r.subError!==hn),n=r.errorCode===Q.INVALID_GRANT_ERROR||r.errorCode===be,o=t&&n||r.errorCode===$t||r.errorCode===To,i=wl.includes(e);return o&&i}/*! @azure/msal-browser v4.9.0 2025-03-25 */function Kd(r){return r.status!==void 0}/*! @azure/msal-browser v4.9.0 2025-03-25 */class Bd{constructor(e,t,n,o){this.clientId=e,this.clientCapabilities=t,this.crypto=n,this.logger=o}toNaaTokenRequest(e){var s;let t;e.extraQueryParameters===void 0?t=new Map:t=new Map(Object.entries(e.extraQueryParameters));const n=e.correlationId||this.crypto.createNewGuid(),o=Oi(e.claims,this.clientCapabilities),i=e.scopes||ze;return{platformBrokerId:(s=e.account)==null?void 0:s.homeAccountId,clientId:this.clientId,authority:e.authority,scope:i.join(" "),correlationId:n,claims:ae.isEmptyObj(o)?void 0:o,state:e.state,authenticationScheme:e.authenticationScheme||k.BEARER,extraParameters:t}}fromNaaTokenResponse(e,t,n){if(!t.token.id_token||!t.token.access_token)throw f(Ht);const o=Ie(n+(t.token.expires_in||0)),i=Pe(t.token.id_token,this.crypto.base64Decode),a=this.fromNaaAccountInfo(t.account,t.token.id_token,i),s=t.token.scope||e.scope;return{authority:t.token.authority||a.environment,uniqueId:a.localAccountId,tenantId:a.tenantId,scopes:s.split(" "),account:a,idToken:t.token.id_token,idTokenClaims:i,accessToken:t.token.access_token,fromCache:!1,expiresOn:o,tokenType:e.authenticationScheme||k.BEARER,correlationId:e.correlationId,extExpiresOn:o,state:e.state}}fromNaaAccountInfo(e,t,n){const o=n||e.idTokenClaims,i=e.localAccountId||(o==null?void 0:o.oid)||(o==null?void 0:o.sub)||"",a=e.tenantId||(o==null?void 0:o.tid)||"",s=e.homeAccountId||`${i}.${a}`,c=e.username||(o==null?void 0:o.preferred_username)||"",d=e.name||(o==null?void 0:o.name),h=new Map,u=rn(s,i,a,o);return h.set(a,u),{homeAccountId:s,environment:e.environment,tenantId:a,username:c,localAccountId:i,name:d,idToken:t,idTokenClaims:o,tenantProfiles:h}}fromBridgeError(e){if(Kd(e))switch(e.status){case me.UserCancel:return new Se(Yr);case me.NoNetwork:return new Se(Qr);case me.AccountUnavailable:return new Se(Dt);case me.Disabled:return new Se(Pn);case me.NestedAppAuthUnavailable:return new Se(e.code||Pn,e.description);case me.TransientError:case me.PersistentError:return new Me(e.code,e.description);case me.UserInteractionRequired:return new ne(e.code,e.description);default:return new _(e.code,e.description)}else return new _("unknown_error","An unknown error occurred")}toAuthenticationResultFromCache(e,t,n,o,i){if(!t||!n)throw f(Ht);const a=Pe(t.secret,this.crypto.base64Decode),s=n.target||o.scopes.join(" ");return{authority:n.environment||e.environment,uniqueId:e.localAccountId,tenantId:e.tenantId,scopes:s.split(" "),account:e,idToken:t.secret,idTokenClaims:a||{},accessToken:n.secret,fromCache:!0,expiresOn:Ie(n.expiresOn),extExpiresOn:Ie(n.extendedExpiresOn),tokenType:o.authenticationScheme||k.BEARER,correlationId:i,state:o.state}}}/*! @azure/msal-browser v4.9.0 2025-03-25 */const kr={unsupportedMethod:{code:"unsupported_method",desc:"This method is not supported in nested app environment."}};class L extends _{constructor(e,t){super(e,t),Object.setPrototypeOf(this,L.prototype),this.name="NestedAppAuthError"}static createUnsupportedError(){return new L(kr.unsupportedMethod.code,kr.unsupportedMethod.desc)}}/*! @azure/msal-browser v4.9.0 2025-03-25 */class $o{constructor(e){this.operatingContext=e;const t=this.operatingContext.getBridgeProxy();if(t!==void 0)this.bridgeProxy=t;else throw new Error("unexpected: bridgeProxy is undefined");this.config=e.getConfig(),this.logger=this.operatingContext.getLogger(),this.performanceClient=this.config.telemetry.client,this.browserCrypto=e.isBrowserEnvironment()?new pe(this.logger,this.performanceClient,!0):gt,this.eventHandler=new Ba(this.logger),this.browserStorage=this.operatingContext.isBrowserEnvironment()?new jt(this.config.auth.clientId,this.config.cache,this.browserCrypto,this.logger,this.performanceClient,this.eventHandler,Li(this.config.auth)):Ua(this.config.auth.clientId,this.logger,this.performanceClient,this.eventHandler),this.nestedAppAuthAdapter=new Bd(this.config.auth.clientId,this.config.auth.clientCapabilities,this.browserCrypto,this.logger);const n=this.bridgeProxy.getAccountContext();this.currentAccountContext=n||null}static async createController(e){const t=new $o(e);return Promise.resolve(t)}async initialize(e){const t=(e==null?void 0:e.correlationId)||Z();return await this.browserStorage.initialize(t),Promise.resolve()}ensureValidRequest(e){return e!=null&&e.correlationId?e:{...e,correlationId:this.browserCrypto.createNewGuid()}}async acquireTokenInteractive(e){const t=this.ensureValidRequest(e);this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_START,T.Popup,t);const n=this.performanceClient.startMeasurement(l.AcquireTokenPopup,t.correlationId);n==null||n.add({nestedAppAuthRequest:!0});try{const o=this.nestedAppAuthAdapter.toNaaTokenRequest(t),i=j(),a=await this.bridgeProxy.getTokenInteractive(o),s={...this.nestedAppAuthAdapter.fromNaaTokenResponse(o,a,i)};return await this.hydrateCache(s,e),this.currentAccountContext={homeAccountId:s.account.homeAccountId,environment:s.account.environment,tenantId:s.account.tenantId},this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_SUCCESS,T.Popup,s),n.add({accessTokenSize:s.accessToken.length,idTokenSize:s.idToken.length}),n.end({success:!0,requestId:s.requestId}),s}catch(o){const i=o instanceof _?o:this.nestedAppAuthAdapter.fromBridgeError(o);throw this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_FAILURE,T.Popup,null,o),n.end({success:!1},o),i}}async acquireTokenSilentInternal(e){const t=this.ensureValidRequest(e);this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_START,T.Silent,t);const n=await this.acquireTokenFromCache(t);if(n)return this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_SUCCESS,T.Silent,n),n;const o=this.performanceClient.startMeasurement(l.SsoSilent,t.correlationId);o==null||o.increment({visibilityChangeCount:0}),o==null||o.add({nestedAppAuthRequest:!0});try{const i=this.nestedAppAuthAdapter.toNaaTokenRequest(t),a=j(),s=await this.bridgeProxy.getTokenSilent(i),c=this.nestedAppAuthAdapter.fromNaaTokenResponse(i,s,a);return await this.hydrateCache(c,e),this.currentAccountContext={homeAccountId:c.account.homeAccountId,environment:c.account.environment,tenantId:c.account.tenantId},this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_SUCCESS,T.Silent,c),o==null||o.add({accessTokenSize:c.accessToken.length,idTokenSize:c.idToken.length}),o==null||o.end({success:!0,requestId:c.requestId}),c}catch(i){const a=i instanceof _?i:this.nestedAppAuthAdapter.fromBridgeError(i);throw this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_FAILURE,T.Silent,null,i),o==null||o.end({success:!1},i),a}}async acquireTokenFromCache(e){const t=this.performanceClient.startMeasurement(l.AcquireTokenSilent,e.correlationId);if(t==null||t.add({nestedAppAuthRequest:!0}),e.claims)return this.logger.verbose("Claims are present in the request, skipping cache lookup"),null;if(e.forceRefresh)return this.logger.verbose("forceRefresh is set to true, skipping cache lookup"),null;let n=null;switch(e.cacheLookupPolicy||(e.cacheLookupPolicy=H.Default),e.cacheLookupPolicy){case H.Default:case H.AccessToken:case H.AccessTokenAndRefreshToken:n=await this.acquireTokenFromCacheInternal(e);break;default:return null}return n?(this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_SUCCESS,T.Silent,n),t==null||t.add({accessTokenSize:n==null?void 0:n.accessToken.length,idTokenSize:n==null?void 0:n.idToken.length}),t==null||t.end({success:!0}),n):(this.logger.error("Cached tokens are not found for the account, proceeding with silent token request."),this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_FAILURE,T.Silent,null),t==null||t.end({success:!1}),null)}async acquireTokenFromCacheInternal(e){var c;const t=this.bridgeProxy.getAccountContext()||this.currentAccountContext;let n=null;if(t&&(n=zn(t,this.logger,this.browserStorage)),!n)return this.logger.verbose("No active account found, falling back to the host"),Promise.resolve(null);this.logger.verbose("active account found, attempting to acquire token silently");const o={...e,correlationId:e.correlationId||this.browserCrypto.createNewGuid(),authority:e.authority||n.environment,scopes:(c=e.scopes)!=null&&c.length?e.scopes:[...ze]},i=this.browserStorage.getTokenKeys(),a=this.browserStorage.getAccessToken(n,o,i,n.tenantId,this.performanceClient,o.correlationId);if(a){if(Jr(a.cachedAt)||xt(a.expiresOn,this.config.system.tokenRenewalOffsetSeconds))return this.logger.verbose("Cached access token has expired"),Promise.resolve(null)}else return this.logger.verbose("No cached access token found"),Promise.resolve(null);const s=this.browserStorage.getIdToken(n,i,n.tenantId,this.performanceClient,o.correlationId);return s?this.nestedAppAuthAdapter.toAuthenticationResultFromCache(n,s,a,o,o.correlationId):(this.logger.verbose("No cached id token found"),Promise.resolve(null))}async acquireTokenPopup(e){return this.acquireTokenInteractive(e)}acquireTokenRedirect(e){throw L.createUnsupportedError()}async acquireTokenSilent(e){return this.acquireTokenSilentInternal(e)}acquireTokenByCode(e){throw L.createUnsupportedError()}acquireTokenNative(e,t,n){throw L.createUnsupportedError()}acquireTokenByRefreshToken(e,t){throw L.createUnsupportedError()}addEventCallback(e,t){return this.eventHandler.addEventCallback(e,t)}removeEventCallback(e){this.eventHandler.removeEventCallback(e)}addPerformanceCallback(e){throw L.createUnsupportedError()}removePerformanceCallback(e){throw L.createUnsupportedError()}enableAccountStorageEvents(){throw L.createUnsupportedError()}disableAccountStorageEvents(){throw L.createUnsupportedError()}getAllAccounts(e){return La(this.logger,this.browserStorage,this.isBrowserEnv(),e)}getAccount(e){return zn(e,this.logger,this.browserStorage)}getAccountByUsername(e){return Ha(e,this.logger,this.browserStorage)}getAccountByHomeId(e){return Da(e,this.logger,this.browserStorage)}getAccountByLocalId(e){return xa(e,this.logger,this.browserStorage)}setActiveAccount(e){return Fa(e,this.browserStorage)}getActiveAccount(){return Ka(this.browserStorage)}handleRedirectPromise(e){return Promise.resolve(null)}loginPopup(e){return this.acquireTokenInteractive(e||Dn)}loginRedirect(e){throw L.createUnsupportedError()}logout(e){throw L.createUnsupportedError()}logoutRedirect(e){throw L.createUnsupportedError()}logoutPopup(e){throw L.createUnsupportedError()}ssoSilent(e){return this.acquireTokenSilentInternal(e)}getTokenCache(){throw L.createUnsupportedError()}getLogger(){return this.logger}setLogger(e){this.logger=e}initializeWrapperLibrary(e,t){}setNavigationClient(e){this.logger.warning("setNavigationClient is not supported in nested app auth")}getConfiguration(){return this.config}isBrowserEnv(){return this.operatingContext.isBrowserEnvironment()}getBrowserCrypto(){return this.browserCrypto}getPerformanceClient(){throw L.createUnsupportedError()}getRedirectResponse(){throw L.createUnsupportedError()}async clearCache(e){throw L.createUnsupportedError()}async hydrateCache(e,t){this.logger.verbose("hydrateCache called");const n=q.createFromAccountInfo(e.account,e.cloudGraphHostName,e.msGraphHost);return await this.browserStorage.setAccount(n,e.correlationId),this.browserStorage.hydrateCache(e,t)}}/*! @azure/msal-browser v4.9.0 2025-03-25 */async function Gd(r,e){const t=new Ge(r);return await t.initialize(),yn.createController(t,e)}/*! @azure/msal-browser v4.9.0 2025-03-25 */class Tn{static async createPublicClientApplication(e){const t=await Gd(e);return new Tn(e,t)}constructor(e,t){this.controller=t||new yn(new Ge(e))}async initialize(e){return this.controller.initialize(e)}async acquireTokenPopup(e){return this.controller.acquireTokenPopup(e)}acquireTokenRedirect(e){return this.controller.acquireTokenRedirect(e)}acquireTokenSilent(e){return this.controller.acquireTokenSilent(e)}acquireTokenByCode(e){return this.controller.acquireTokenByCode(e)}addEventCallback(e,t){return this.controller.addEventCallback(e,t)}removeEventCallback(e){return this.controller.removeEventCallback(e)}addPerformanceCallback(e){return this.controller.addPerformanceCallback(e)}removePerformanceCallback(e){return this.controller.removePerformanceCallback(e)}enableAccountStorageEvents(){this.controller.enableAccountStorageEvents()}disableAccountStorageEvents(){this.controller.disableAccountStorageEvents()}getAccount(e){return this.controller.getAccount(e)}getAccountByHomeId(e){return this.controller.getAccountByHomeId(e)}getAccountByLocalId(e){return this.controller.getAccountByLocalId(e)}getAccountByUsername(e){return this.controller.getAccountByUsername(e)}getAllAccounts(e){return this.controller.getAllAccounts(e)}handleRedirectPromise(e){return this.controller.handleRedirectPromise(e)}loginPopup(e){return this.controller.loginPopup(e)}loginRedirect(e){return this.controller.loginRedirect(e)}logout(e){return this.controller.logout(e)}logoutRedirect(e){return this.controller.logoutRedirect(e)}logoutPopup(e){return this.controller.logoutPopup(e)}ssoSilent(e){return this.controller.ssoSilent(e)}getTokenCache(){return this.controller.getTokenCache()}getLogger(){return this.controller.getLogger()}setLogger(e){this.controller.setLogger(e)}setActiveAccount(e){this.controller.setActiveAccount(e)}getActiveAccount(){return this.controller.getActiveAccount()}initializeWrapperLibrary(e,t){return this.controller.initializeWrapperLibrary(e,t)}setNavigationClient(e){this.controller.setNavigationClient(e)}getConfiguration(){return this.controller.getConfiguration()}async hydrateCache(e,t){return this.controller.hydrateCache(e,t)}clearCache(e){return this.controller.clearCache(e)}}async function zd(r){const e=new nt(r);if(await e.initialize(),e.isAvailable()){const t=new $o(e),n=new Tn(r,t);return await n.initialize(),n}return qd(r)}async function qd(r){const e=new Tn(r);return await e.initialize(),e}const Ya=(0,eval)("this"),O=Ya.Office;Ya.messages;let ke=[],ge="",Ye=!1,He=!1,P={encrypted:!1,signed:!1,drafts:[],fetched:!1,fetching:!1,folderId:"",features:[],viewerOpen:!1},oe=null,Sn,De=null,Vo="",yt=!1;O.onReady(async()=>{let r=localStorage.getItem("nativeClientId");ge=r||"",O.context.requirements.isSetSupported("NestedAppAuth","1.1")&&await oh(),Xa(),O.context.mailbox.addHandlerAsync(O.EventType.ItemChanged,e=>{P.fetching=!1,P.fetched=!1,O.context.mailbox.item?(console.log(O.context.mailbox.convertToEwsId(O.context.mailbox.item.itemId,O.MailboxEnums.RestVersion.v2_0),O.context.mailbox.item.itemId),$n()):Ce(J("No item selected")),Tt()}),$d()});function $d(){let r=document.createElement("h2");r.classList.add("mb-0"),r.appendChild(document.createTextNode(J("Drafts"))),ct("draftscaption",r),ke={decrypt:Te("view","",function(){ja()}),newemail:Te("new",x("@action:button","New secure email"),function(){Wd()}),reply:Te("reply",x("@action:button","Reply securely"),function(){Yd()}),forward:Te("forward",x("@action:button","Forward securely"),function(){jd()}),reencrypt:Te("reencrypt",x("@action:button","Reencrypt folder"),function(){Qd()}),unpair:Te("none",x("@action:button","Unpair native client"),function(){Ja("")},["mb-0","mt-0"])};for(let[t,n]of Object.entries(ke))ct(t,n);let e=ts("<small>"+x("@info","Viewer already open.")+"</small>");ct("vieweropenbox",e),Tt()}function je(){ge.length<1&&(He=!1);let r=te("pairingbox");if(Ye&&ge.length==0){let e=document.createElement("div");e.appendChild(Ze(J("Not paired to native client. Please ensure GPGOL/Web app is in pairing mode, copy and enter pairing code or paste it:")));let t=document.createElement("nobr");e.appendChild(t);let n=Te("none",x("@button","Paste"),function(){Zd()},[]);n.id="pastePairingCodeButton",t.appendChild(n);let o=document.createElement("input");o.id="pairingCodeInputField",o.type="text",o.placeholder=J("Ctrl + V to paste from clipboard"),o.style="width: 95%",o.addEventListener("input",i=>{Wa(i.target.value)}),t.appendChild(o),r.replaceChildren(e),xe(r,!0)}else xe(r,!1);te("connectionStatusHeading").innerHTML=(Ye&&He?"&#x2705;":"&#x26A0;")+x("Short heading","Connection status"),te("proxyconnected").innerHTML=Ye?x("Status","Connected to proxy server"):x("Status","Not connected to proxy server"),te("clientconnected").innerHTML=Ye&&He?x("Status","Connected to native client"):x("Status","Not connected to native client"),xe(ke.unpair,ge.length>0)}function Tt(){let r=J("This mail is not encrypted nor signed.");if(P.fetched){P.encrypted?r=P.signed?J("This mail is encrypted and signed."):J("This mail is encrypted."):P.signed&&(r=J("This mail is signed."));for(let[e,t]of Object.entries(ke))t.disabled=!1}else{r=ns()?"":x("Loading placeholder","Loading…");for(let[e,t]of Object.entries(ke))t.disabled=!0}te("statusbox").replaceChildren(document.createTextNode(r)),xe(te("vieweropenbox"),P.viewerOpen),ke.decrypt.setIconAndText("view",P.encrypted?x("@action:button","Decrypt"):x("@action:button","View email")),ke.decrypt.disabled=ke.decrypt.disabled&&!P.viewerOpen,Vd(),je()}function Vd(){if(P.drafts.length>0){let r=document.createElement("ul");r.classList.add("my-0","list-unstyled","gap","d-flex");for(let e of P.drafts){let t=document.createElement("li");t.classList.add("d-flex","flex-row");let n=Te("opendraft",J("Last Modified: %1",eh(e.last_modification)),function(){Jd(e.id)},["btn","w-100","d-flex","flex-row","align-items-center","rounded-e-md"]);t.appendChild(n),n=Te("delete",'<span class="sr-only">'+x("@action:button","Delete")+"</span>",function(){Xd(e.id)},["btn","btn-danger","ms-auto","py-1","rounded-e-md"]),t.appendChild(n),r.appendChild(t)}ct("draftslist",r)}else ct("draftslist",Ze("<p>"+x("Placeholder","No draft found")+"</p>"))}function we(r,e){if(!oe){console.log("socket not connected");return}oe.send(JSON.stringify({command:r,arguments:e,id:ge}))}function Jt(r,e){console.log(r,e),we("log",{message:r,args:JSON.stringify(e)})}function It(r){we(r,{email:O.context.mailbox.userProfile.emailAddress,displayName:O.context.mailbox.userProfile.displayName,folderId:P.folderId,itemId:O.context.mailbox.item.itemId,api:yt?"ews":"graph",apiendpoint:Vo,ewsAccessToken:De})}function Qd(){It("reencrypt")}function ja(){It("view")}function Yd(){It("reply")}function jd(){It("forward")}function Wd(){It("composer")}function Jd(r){we("open-draft",{draftId:r,email:O.context.mailbox.userProfile.emailAddress,displayName:O.context.mailbox.userProfile.displayName})}function Xd(r){we("delete-draft",{draftId:r,email:O.context.mailbox.userProfile.emailAddress,displayName:O.context.mailbox.userProfile.displayName})}function $n(){P.fetching||ge.length===0||(P.fetched=!1,P.fetching=!0,Tt(),we("info",{itemId:O.context.mailbox.item.itemId,email:O.context.mailbox.userProfile.emailAddress,api:yt?"ews":"graph",apiendpoint:Vo,ewsAccessToken:De}))}function Zd(){navigator.clipboard.readText().then(r=>{te("pairingCodeInputField").value=r,Wa(r)})}function Wa(r){we("pairing",{type:"web",token:r})}function Ja(r){ge=r,localStorage.setItem("nativeClientId",r),r.length&&os(3e3,"<p style='background:lightgreen; width:100%'>"+J("Pairing successful")+"</p>"),je()}function eh(r){const e=new Date(r*1e3);let t=new Date;return new Date(e).setHours(0,0,0,0)===t.setHours(0,0,0,0)?e.toLocaleTimeString([],{hour:"numeric",minute:"numeric"}):e.toLocaleDateString()}async function th(r){O.context.mailbox.makeEwsRequestAsync(r.arguments.body,e=>{if(e.error){Jt("Error while trying to send email via EWS",{error:e.error,value:e.value});return}Jt("Email sent",{value:e.value}),we("ews-response",{requestId:r.arguments.requestId,email:O.context.mailbox.userProfile.emailAddress,body:e.value})})}function Xa(){console.log("Set socket",oe),!(oe&&oe.readyState===WebSocket.OPEN)&&(console.log("Set socket"),oe=new WebSocket("wss://"+window.location.host+"/websocket"),oe.addEventListener("open",r=>{if(Ce(""),Ye=!0,He=!1,je(),ge.length<1){try{navigator.permissions.query({name:"clipboard-read"}).then(e=>{e.state==="denied"&&(document.getElementById("pastePairingCodeButton").style.display="none")})}catch{}setTimeout(function(){document.getElementById("pairingCodeInputField").focus()},100)}we("register",{email:[O.context.mailbox.userProfile.emailAddress],type:"webclient"}),we("restore-autosave",{email:O.context.mailbox.userProfile.emailAddress,displayName:O.context.mailbox.userProfile.displayName,ewsAccessToken:De}),$n()}),oe.addEventListener("close",r=>{Ce(J("Native client was disconnected, reconnecting in 5 seconds.")),console.log(r.reason),Ye=!1,je(),setTimeout(function(){Xa()},5e3)}),oe.addEventListener("error",r=>{Ce(J("Native client received an error")),oe.close(),je()}),oe.addEventListener("message",function(r){const{data:e}=r,t=JSON.parse(e);switch(Jt("Received message from server",{command:t.command}),t.command){case"ews":th(t);break;case"error":Ce(t.arguments.error);break;case"status-update":P.drafts=t.arguments.drafts,P.features=t.arguments.features,P.viewerOpen=t.arguments.viewerOpen,He=!0,Tt();break;case"disconnection":Ce(J("Native client was disconnected")),He=!1;break;case"connection":Ce(""),He=!0,ge.length?(t.id!=ge&&Ce("Connection attempt from invalid client."),je()):Ja(t.id);break;case"info-fetched":console.log(t.arguments);const{itemId:n,folderId:o,encrypted:i,signed:a,version:s}=t.arguments;if(P.fetching=!1,n===O.context.mailbox.item.itemId){P.fetched=!0,P.encrypted=i,P.signed=a,P.folderId=o,P.viewerOpen&&ja();let d=new URLSearchParams(document.location.search).get("version");s!==d&&_r("versionbox",x("@info","Version mismatch. Make sure you installed the last manifest.xml."),"warning")}else P.fetched=!1,Jt("Received info for wrong email",{itemId:n,currentItemId:O.context.mailbox.item.itemId}),$n();Tt()}}))}function nh(){try{if(ewsurl=O.context.mailbox.ewsUrl,ewsurl.length>0&&ewsurl!="https://outlook.office365.com/EWS/Exchange.asmx"){yt=!0,Vo=ewsurl;return}}catch{}}async function oh(){nh(),Sn=await zd({auth:{clientId:yt?"1d6f4a59-be04-4274-8793-71b4c081eb72":"0f748bd9-2b6c-4369-8935-f2f51da9a93f",authority:"https://login.microsoftonline.com/common"}});{const r={scopes:yt?["https://outlook.office365.com/EWS.AccessAsUser.All"]:["Mail.ReadWrite","Mail.Send"]};try{console.log("Trying to acquire token silently...");const e=await Sn.acquireTokenSilent(r);console.log("Acquired token silently."),De=e.accessToken}catch(e){console.log(`Unable to acquire token silently: ${e}`)}if(De===null)try{console.log("Trying to acquire token interactively...");const e=await Sn.acquireTokenPopup(r);console.log("Acquired token interactively."),De=e.accessToken}catch(e){console.error(`Unable to acquire token interactively: ${e}`)}De===null&&Ce(J("Unable to acquire access token."))}}
diff --git a/web/dist/index.html b/web/dist/index.html
index 39b44d8..ca91fdf 100644
--- a/web/dist/index.html
+++ b/web/dist/index.html
@@ -1,89 +1,89 @@
<!doctype html>
<html>
<head>
<meta charset="utf-8" />
<title>Encryption information</title>
<script type="text/javascript" src="https://appsforoffice.microsoft.com/lib/beta/hosted/office.js"></script>
- <script type="module" crossorigin src="/assets/index-C7T5H_aQ.js"></script>
+ <script type="module" crossorigin src="/assets/index-DflOW-Hp.js"></script>
<link rel="stylesheet" crossorigin href="/assets/index-C8C8AKuF.css">
</head>
<body>
<div class="d-flex gap" id="app">
<div id="errorbox" class="alert alert-error rounded-md p-2 d-flex flex-row gap d-none"></div>
<div id="versionbox" class="alert alert-warning rounded-md p-2 d-flex flex-row gap d-none"></div>
<div id="pairingbox" class="alert alert-warning rounded-md p-2 d-flex flex-column gap d-none"></div>
<div id="statusbox" class="mt-3"></div>
<div id="viewbox">
<div id="buttonbox">
<span id="decrypt"></span>
<span id="vieweropenbox"></span>
<hr class="w-100 my-0"/>
<span id="newemail"></span>
<span id="reply"></span>
<span id="forward"></span>
<span id="reencrypt"></span>
</div>
<div class="draft-container">
<span id="draftscaption"></span>
<span id="draftslist"></span>
</div>
<div style="position: absolute; bottom: 1em">
<h3 class="mb-0" id="connectionStatusHeading"></h3>
<p class="mt-0">
<span id="proxyconnected"></span><br/>
<span id="clientconnected"></span>
</p>
<button id="unpair"></button>
</div>
</div>
<div id="icons" class="d-none">
<!-- TODO: For error and warning, we could also just use unicode symbols -->
<svg id="icon-error" width="24" height="24" fill="none" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg" class="h-32 w-32"
style="color: rgb(33, 33, 33);">
<path
d="M12 2c5.523 0 10 4.478 10 10s-4.477 10-10 10S2 17.522 2 12 6.477 2 12 2Zm0 1.667c-4.595 0-8.333 3.738-8.333 8.333 0 4.595 3.738 8.333 8.333 8.333 4.595 0 8.333-3.738 8.333-8.333 0-4.595-3.738-8.333-8.333-8.333Zm-.001 10.835a.999.999 0 1 1 0 1.998.999.999 0 0 1 0-1.998ZM11.994 7a.75.75 0 0 1 .744.648l.007.101.004 4.502a.75.75 0 0 1-1.493.103l-.007-.102-.004-4.501a.75.75 0 0 1 .75-.751Z"
fill="currentColor" fill-opacity="1"></path>
</svg>
<svg id="icon-warning" width="24" height="24" fill="none" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg" class="h-32 w-32" style="color: rgb(33, 33, 33);">
<path
d="M10.91 2.782a2.25 2.25 0 0 1 2.975.74l.083.138 7.759 14.009a2.25 2.25 0 0 1-1.814 3.334l-.154.006H4.243a2.25 2.25 0 0 1-2.041-3.197l.072-.143L10.031 3.66a2.25 2.25 0 0 1 .878-.878Zm9.505 15.613-7.76-14.008a.75.75 0 0 0-1.254-.088l-.057.088-7.757 14.008a.75.75 0 0 0 .561 1.108l.095.006h15.516a.75.75 0 0 0 .696-1.028l-.04-.086-7.76-14.008 7.76 14.008ZM12 16.002a.999.999 0 1 1 0 1.997.999.999 0 0 1 0-1.997ZM11.995 8.5a.75.75 0 0 1 .744.647l.007.102.004 4.502a.75.75 0 0 1-1.494.103l-.006-.102-.004-4.502a.75.75 0 0 1 .75-.75Z"
fill="currentColor" fill-opacity="1"></path>
</svg>
<svg id="icon-view" xmlns="http://www.w3.org/2000/svg" width="1.5em" height="1.5em" viewBox="0 0 20 20">
<path fill="currentColor"
d="M18 5.95a2.5 2.5 0 1 0-1.002-4.9A2.5 2.5 0 0 0 18 5.95M4.5 3h9.535a3.5 3.5 0 0 0 0 1H4.5A1.5 1.5 0 0 0 3 5.5v.302l7 4.118l5.754-3.386c.375.217.795.365 1.241.43l-6.741 3.967a.5.5 0 0 1-.426.038l-.082-.038L3 6.963V13.5A1.5 1.5 0 0 0 4.5 15h11a1.5 1.5 0 0 0 1.5-1.5V6.965a3.5 3.5 0 0 0 1 0V13.5a2.5 2.5 0 0 1-2.5 2.5h-11A2.5 2.5 0 0 1 2 13.5v-8A2.5 2.5 0 0 1 4.5 3"/>
</svg>
<svg id="icon-new" xmlns="http://www.w3.org/2000/svg" width="1.5em" height="1.5em" viewBox="0 0 20 20">
<path fill="currentColor"
d="M15.5 4A2.5 2.5 0 0 1 18 6.5v8a2.5 2.5 0 0 1-2.5 2.5h-11A2.5 2.5 0 0 1 2 14.5v-8A2.5 2.5 0 0 1 4.5 4zM17 7.961l-6.746 3.97a.5.5 0 0 1-.426.038l-.082-.038L3 7.963V14.5A1.5 1.5 0 0 0 4.5 16h11a1.5 1.5 0 0 0 1.5-1.5zM15.5 5h-11A1.5 1.5 0 0 0 3 6.5v.302l7 4.118l7-4.12v-.3A1.5 1.5 0 0 0 15.5 5"/>
</svg>
<svg id="icon-reply" xmlns="http://www.w3.org/2000/svg" width="1.5em" height="1.5em" viewBox="0 0 20 20">
<path fill="currentColor"
d="M7.354 3.646a.5.5 0 0 1 0 .708L3.707 8H10.5a7.5 7.5 0 0 1 7.5 7.5a.5.5 0 0 1-1 0A6.5 6.5 0 0 0 10.5 9H3.707l3.647 3.646a.5.5 0 0 1-.708.708l-4.5-4.5a.5.5 0 0 1 0-.708l4.5-4.5a.5.5 0 0 1 .708 0"/>
</svg>
<svg id="icon-forward" xmlns="http://www.w3.org/2000/svg" width="1.5em" height="1.5em" viewBox="0 0 20 20">
<path fill="currentColor"
d="m16.293 9l-3.39 3.39a.5.5 0 0 0 .639.765l.069-.058l4.243-4.243a.5.5 0 0 0 .057-.638l-.057-.07l-4.243-4.242a.5.5 0 0 0-.765.638l.058.07L16.293 8H10a7.5 7.5 0 0 0-7.496 7.258L2.5 15.5a.5.5 0 0 0 1 0a6.5 6.5 0 0 1 6.267-6.496L10 9z"/>
</svg>
<!-- TODO: currently same as forward -->
<svg id="icon-reencrypt" xmlns="http://www.w3.org/2000/svg" width="1.5em" height="1.5em" viewBox="0 0 20 20">
<path fill="currentColor"
d="m16.293 9l-3.39 3.39a.5.5 0 0 0 .639.765l.069-.058l4.243-4.243a.5.5 0 0 0 .057-.638l-.057-.07l-4.243-4.242a.5.5 0 0 0-.765.638l.058.07L16.293 8H10a7.5 7.5 0 0 0-7.496 7.258L2.5 15.5a.5.5 0 0 0 1 0a6.5 6.5 0 0 1 6.267-6.496L10 9z"/>
</svg>
<svg id="icon-opendraft" xmlns="http://www.w3.org/2000/svg" width="1.5em" height="1.5em" viewBox="0 0 20 20">
<path fill="currentColor"
d="M15.5 3.001a2.5 2.5 0 0 1 2.5 2.5v3.633a2.9 2.9 0 0 0-1-.131V6.962l-6.746 3.97a.5.5 0 0 1-.426.038l-.082-.038L3 6.964v6.537a1.5 1.5 0 0 0 1.5 1.5h5.484c-.227.3-.4.639-.51 1H4.5a2.5 2.5 0 0 1-2.5-2.5v-8a2.5 2.5 0 0 1 2.5-2.5zm0 1h-11a1.5 1.5 0 0 0-1.5 1.5v.302l7 4.118l7-4.119v-.301a1.5 1.5 0 0 0-1.5-1.5m-4.52 11.376l4.83-4.83a1.87 1.87 0 1 1 2.644 2.646l-4.83 4.829a2.2 2.2 0 0 1-1.02.578l-1.498.374a.89.89 0 0 1-1.079-1.078l.375-1.498a2.2 2.2 0 0 1 .578-1.02"/>
</svg>
<svg id="icon-delete" xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24">
<path fill="currentColor"
d="M10 5h4a2 2 0 1 0-4 0M8.5 5a3.5 3.5 0 1 1 7 0h5.75a.75.75 0 0 1 0 1.5h-1.32l-1.17 12.111A3.75 3.75 0 0 1 15.026 22H8.974a3.75 3.75 0 0 1-3.733-3.389L4.07 6.5H2.75a.75.75 0 0 1 0-1.5zm2 4.75a.75.75 0 0 0-1.5 0v7.5a.75.75 0 0 0 1.5 0zM14.25 9a.75.75 0 0 1 .75.75v7.5a.75.75 0 0 1-1.5 0v-7.5a.75.75 0 0 1 .75-.75m-7.516 9.467a2.25 2.25 0 0 0 2.24 2.033h6.052a2.25 2.25 0 0 0 2.24-2.033L18.424 6.5H5.576z"/>
</svg>
<span id="icon-none"></span>
</div>
</body>
</html>
diff --git a/web/src/script.js b/web/src/script.js
index 158c13f..af57193 100644
--- a/web/src/script.js
+++ b/web/src/script.js
@@ -1,487 +1,487 @@
// SPDX-FileCopyrightText: 2023 g10 code GmbH
// SPDX-Contributor: Carl Schwan <carl.schwan@gnupg.com>
// SPDX-License-Identifier: GPL-2.0-or-later
const global = (0, eval)("this");
const Office = global.Office;
const messages = global.messages;
import {i18n, i18nc} from './services/i18n.js'
import {getElement, changeElement, getIcon, spanFromHTML, divFromHTML, showElement,
makeButton, setMessage, setErrorMessage, haveError, showTransitoryNotice} from './utils.js'
import {createNestablePublicClientApplication} from "@azure/msal-browser";
"use strict";
let mainButtons = [];
let nativeClientId = '';
let proxyconnected = false;
let clientconnected = false;
let status = {
encrypted: false,
signed: false,
drafts: [],
fetched: false,
fetching: false,
folderId: '',
features: [],
viewerOpen: false,
};
let socket = null;
let pca = undefined;
let ewsAccessToken = null;
let apiEndpointUrl = "";
let useEws = false;
Office.onReady(async () => {
let storedId = localStorage.getItem("nativeClientId");
nativeClientId = storedId ? storedId : '';
if (Office.context.requirements.isSetSupported("NestedAppAuth", "1.1")) {
await auth();
}
webSocketConnect();
Office.context.mailbox.addHandlerAsync(Office.EventType.ItemChanged, (eventArgs) => {
status.fetching = false;
status.fetched = false;
if (Office.context.mailbox.item) {
console.log(Office.context.mailbox.convertToEwsId(Office.context.mailbox.item.itemId, Office.MailboxEnums.RestVersion.v2_0), Office.context.mailbox.item.itemId);
info();
} else {
setErrorMessage(i18n("No item selected"));
}
updateStatusText();
});
initUI();
})
function initUI() {
let h2 = document.createElement("h2");
h2.classList.add("mb-0");
h2.appendChild(document.createTextNode(i18n("Drafts")));
changeElement("draftscaption", h2);
mainButtons = {
"decrypt": makeButton("view", "", function() { view(); }),
"newemail": makeButton("new", i18nc("@action:button", "New secure email"), function() { newEmail(); }),
"reply": makeButton("reply", i18nc("@action:button", "Reply securely"), function() { reply(); }),
"forward": makeButton("forward", i18nc("@action:button", "Forward securely"), function() { forward(); }),
"reencrypt": makeButton("reencrypt", i18nc("@action:button", "Reencrypt folder"), function() { reencrypt(); }),
"unpair": makeButton("none", i18nc("@action:button", "Unpair native client"), function() { pairDevice(''); }, ["mb-0", "mt-0"])
}
for (let [id, button] of Object.entries(mainButtons)) {
changeElement(id, button);
}
let box = divFromHTML("<small>" + i18nc("@info", "Viewer already open.") + "</small>");
changeElement("vieweropenbox", box);
updateStatusText();
}
function updatePairingAndConnectionStatus() {
if (nativeClientId.length < 1) {
clientconnected = false;
}
let box = getElement("pairingbox");
if (proxyconnected && nativeClientId.length == 0) {
let div = document.createElement('div');
div.appendChild(spanFromHTML(i18n("Not paired to native client. Please ensure GPGOL/Web app is in pairing mode, copy and enter pairing code or paste it:")));
let nobr = document.createElement('nobr');
div.appendChild(nobr);
let button = makeButton("none", i18nc("@button", "Paste"), function() { pastePairingCode(); }, []);
button.id = "pastePairingCodeButton";
nobr.appendChild(button);
let input = document.createElement('input');
input.id = "pairingCodeInputField";
input.type = "text";
input.placeholder = i18n('Ctrl + V to paste from clipboard');
input.style = "width: 95%";
input.addEventListener("input", (event) => { pairingRequest(event.target.value); });
nobr.appendChild(input);
box.replaceChildren(div);
showElement(box, true);
} else {
showElement(box, false);
}
getElement("connectionStatusHeading").innerHTML = ((proxyconnected && clientconnected) ? "&#x2705;" : "&#x26A0;") + i18nc("Short heading", "Connection status");
getElement("proxyconnected").innerHTML = proxyconnected ? i18nc("Status", "Connected to proxy server") : i18nc("Status", "Not connected to proxy server");
getElement("clientconnected").innerHTML = (proxyconnected && clientconnected) ? i18nc("Status", "Connected to native client") : i18nc("Status", "Not connected to native client");
showElement(mainButtons.unpair, nativeClientId.length > 0);
}
function updateStatusText() {
let msg = i18n("This mail is not encrypted nor signed.");
if (!status.fetched) {
msg = haveError() ? "" : i18nc("Loading placeholder", "Loading…");
for (let [id, button] of Object.entries(mainButtons)) {
button.disabled = true;
}
} else {
if (status.encrypted) {
msg = status.signed ? i18n("This mail is encrypted and signed.") : i18n("This mail is encrypted.");
} else if (status.signed) {
msg = i18n("This mail is signed.")
}
for (let [id, button] of Object.entries(mainButtons)) {
button.disabled = false;
}
}
getElement("statusbox").replaceChildren(document.createTextNode(msg));
showElement(getElement("vieweropenbox"), status.viewerOpen);
mainButtons.decrypt.setIconAndText("view", status.encrypted ? i18nc("@action:button", "Decrypt") : i18nc("@action:button", "View email"));
mainButtons.decrypt.disabled = mainButtons.decrypt.disabled && !status.viewerOpen;
updateDraftList(); // TODO: perhaps only on changes
updatePairingAndConnectionStatus();
}
function updateDraftList() {
if (status.drafts.length > 0) {
let draftsList = document.createElement("ul");
draftsList.classList.add("my-0", "list-unstyled", "gap", "d-flex");
for (let draft of status.drafts) {
let li = document.createElement("li");
li.classList.add("d-flex", "flex-row");
let button = makeButton("opendraft",
i18n("Last Modified: %1", displayDate(draft.last_modification)),
function() { openDraft(draft.id); },
["btn", "w-100", "d-flex", "flex-row", "align-items-center", "rounded-e-md"]);
li.appendChild(button);
button = makeButton("delete",
'<span class="sr-only">' + i18nc("@action:button", "Delete") + '</span>',
function() { deleteDraft(draft.id) },
["btn", "btn-danger", "ms-auto", "py-1", "rounded-e-md"]);
li.appendChild(button);
draftsList.appendChild(li);
}
changeElement("draftslist", draftsList);
} else {
changeElement("draftslist", spanFromHTML("<p>" + i18nc("Placeholder", "No draft found") + "</p>"));
}
}
function sendCommand(command, args) {
if (!socket) {
console.log("socket not connected");
return;
}
socket.send(JSON.stringify({
command: command,
arguments: args,
id: nativeClientId,
}));
}
function gpgolLog(message, args) {
console.log(message, args);
sendCommand("log", {
message,
args: JSON.stringify(args),
});
}
function genericMailAction(command) {
sendCommand(command, {
email: Office.context.mailbox.userProfile.emailAddress,
displayName: Office.context.mailbox.userProfile.displayName,
folderId: status.folderId,
itemId: Office.context.mailbox.item.itemId,
api: useEws ? "ews" : "graph",
apiendpoint: apiEndpointUrl,
ewsAccessToken,
});
}
function reencrypt() {
genericMailAction('reencrypt');
}
function view() {
genericMailAction('view');
}
function reply() {
genericMailAction('reply');
}
function forward() {
genericMailAction('forward');
}
function newEmail() {
genericMailAction('composer');
}
function openDraft(id) {
sendCommand('open-draft',
{
draftId: id,
email: Office.context.mailbox.userProfile.emailAddress,
displayName: Office.context.mailbox.userProfile.displayName,
}
);
}
function deleteDraft(id) {
sendCommand('delete-draft',
{
draftId: id,
email: Office.context.mailbox.userProfile.emailAddress,
displayName: Office.context.mailbox.userProfile.displayName,
}
);
}
function info() {
if (status.fetching || nativeClientId.length === 0) {
return;
}
status.fetched = false;
status.fetching = true;
updateStatusText();
sendCommand('info',
{
itemId: Office.context.mailbox.item.itemId,
email: Office.context.mailbox.userProfile.emailAddress,
api: useEws ? "ews" : "graph",
apiendpoint: apiEndpointUrl,
ewsAccessToken,
}
);
}
function pastePairingCode() {
navigator.clipboard.readText().then((token) => {
getElement('pairingCodeInputField').value = token;
pairingRequest(token);
});
}
function pairingRequest(token) {
sendCommand("pairing",
{
type: "web",
token: token,
}
);
}
function pairDevice(deviceId) {
+ if (deviceId.length > 0 && nativeClientId.length > 0) {
+ setErrorMessage(i18n("Connection attempt by invalid client. If you have changed your configuration, you may need to unpair the old client."));
+ return;
+ }
nativeClientId = deviceId;
localStorage.setItem("nativeClientId", deviceId);
if (deviceId.length) showTransitoryNotice(3000, "<p style='background:lightgreen; width:100%'>" + i18n("Pairing successful") + "</p>");
updatePairingAndConnectionStatus();
}
function displayDate(timestamp) {
const date = new Date(timestamp * 1000);
let todayDate = new Date();
if ((new Date(date)).setHours(0, 0, 0, 0) === todayDate.setHours(0, 0, 0, 0)) {
return date.toLocaleTimeString([], {
hour: 'numeric',
minute: 'numeric',
});
} else {
return date.toLocaleDateString();
}
}
/// Only called when not using Office365
async function executeEws(message) {
Office.context.mailbox.makeEwsRequestAsync(message.arguments.body, (asyncResult) => {
if (asyncResult.error) {
gpgolLog("Error while trying to send email via EWS", {error: asyncResult.error, value: asyncResult.value,});
return;
}
gpgolLog("Email sent", {value: asyncResult.value});
// let the client known that the email was sent
sendCommand('ews-response',
{
requestId: message.arguments.requestId,
email: Office.context.mailbox.userProfile.emailAddress,
body: asyncResult.value,
}
);
});
}
function webSocketConnect() {
console.log("Set socket", socket)
if (socket && socket.readyState === WebSocket.OPEN) {
return;
}
console.log("Set socket")
socket = new WebSocket("wss://" + window.location.host + '/websocket');
// Connection opened
socket.addEventListener("open", (event) => {
setErrorMessage('');
proxyconnected = true;
clientconnected = false;
updatePairingAndConnectionStatus();
if (nativeClientId.length < 1) {
try{
navigator.permissions.query({ name: "clipboard-read" }).then((result) => {
if (result.state === "denied") {
document.getElementById("pastePairingCodeButton").style.display = "none";
}
});
} catch {}
setTimeout(function() { document.getElementById("pairingCodeInputField").focus(); }, 100);
}
sendCommand("register",
{
email: [Office.context.mailbox.userProfile.emailAddress],
type: 'webclient',
},
);
sendCommand('restore-autosave',
{
email: Office.context.mailbox.userProfile.emailAddress,
displayName: Office.context.mailbox.userProfile.displayName,
ewsAccessToken,
}
);
info();
});
socket.addEventListener("close", (event) => {
setErrorMessage(i18n("Native client was disconnected, reconnecting in 5 seconds."));
console.log(event.reason)
proxyconnected = false;
updatePairingAndConnectionStatus();
setTimeout(function () {
webSocketConnect();
}, 5000);
});
socket.addEventListener("error", (event) => {
setErrorMessage(i18n("Native client received an error"));
socket.close();
updatePairingAndConnectionStatus();
});
// Listen for messages
socket.addEventListener("message", function (result) {
const {data} = result;
const message = JSON.parse(data);
gpgolLog("Received message from server", {command: message.command});
switch (message.command) {
case 'ews':
executeEws(message);
break;
case 'error':
setErrorMessage(message.arguments.error);
break;
case 'status-update':
status.drafts = message.arguments.drafts;
status.features = message.arguments.features;
status.viewerOpen = message.arguments.viewerOpen;
clientconnected = true;
updateStatusText();
break;
case 'disconnection':
setErrorMessage(i18n("Native client was disconnected"));
clientconnected = false;
break;
case 'connection':
setErrorMessage('');
clientconnected = true;
- if (nativeClientId.length) {
- if (message.id != nativeClientId) {
- setErrorMessage('Connection attempt from invalid client.');
- }
- updatePairingAndConnectionStatus();
- } else {
+ if (message.id != nativeClientId) {
pairDevice(message.id);
}
+ info();
break;
case 'info-fetched':
console.log(message.arguments)
const {itemId, folderId, encrypted, signed, version} = message.arguments;
status.fetching = false;
if (itemId === Office.context.mailbox.item.itemId) {
status.fetched = true;
status.encrypted = encrypted;
status.signed = signed;
status.folderId = folderId;
if (status.viewerOpen) {
view();
}
let params = new URLSearchParams(document.location.search);
let manifestVersion = params.get("version");
if (version !== manifestVersion) {
setMessage("versionbox", i18nc("@info", "Version mismatch. Make sure you installed the last manifest.xml."), "warning");
}
} else {
status.fetched = false;
gpgolLog("Received info for wrong email", {itemId, currentItemId: Office.context.mailbox.item.itemId});
info();
}
updateStatusText();
}
});
}
function detectAPI() {
try {
ewsurl = Office.context.mailbox.ewsUrl;
if (ewsurl.length > 0 && ewsurl != "https://outlook.office365.com/EWS/Exchange.asmx") {
useEws = true;
apiEndpointUrl = ewsurl;
return;
}
} catch {}
}
async function auth() {
detectAPI();
pca = await createNestablePublicClientApplication({
auth: {
clientId: useEws ? "1d6f4a59-be04-4274-8793-71b4c081eb72" : "0f748bd9-2b6c-4369-8935-f2f51da9a93f",
authority: "https://login.microsoftonline.com/common"
},
});
{
const tokenRequest = {
scopes: useEws ? ["https://outlook.office365.com/EWS.AccessAsUser.All"] : ["Mail.ReadWrite", "Mail.Send"]
}
try {
console.log("Trying to acquire token silently...");
const userAccount = await pca.acquireTokenSilent(tokenRequest);
console.log("Acquired token silently.");
ewsAccessToken = userAccount.accessToken;
} catch (error) {
console.log(`Unable to acquire token silently: ${error}`);
}
if (ewsAccessToken === null) {
// Acquire token silent failure. Send an interactive request via popup.
try {
console.log("Trying to acquire token interactively...");
const userAccount = await pca.acquireTokenPopup(tokenRequest);
console.log("Acquired token interactively.");
ewsAccessToken = userAccount.accessToken;
} catch (popupError) {
// Acquire token interactive failure.
console.error( `Unable to acquire token interactively: ${popupError}`);
}
}
// Log error if both silent and popup requests failed.
if (ewsAccessToken === null) {
setErrorMessage(i18n("Unable to acquire access token."));
}
}
}

File Metadata

Mime Type
text/x-diff
Expires
Thu, Feb 26, 6:47 PM (20 h, 13 m)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
9f/56/c339c8ce2ca20ccd34401d6170fa

Event Timeline