No OneTemporary
Actions

Size

582 KB

Subscribers

None

View Options

This file is larger than 256 KB, so syntax highlighting was skipped.

	diff --git a/web/assets/inst-gpgoljs-assets.nsi b/web/assets/inst-gpgoljs-assets.nsi
	index 863b3b5..d11f3ec 100644
	--- a/web/assets/inst-gpgoljs-assets.nsi
	+++ b/web/assets/inst-gpgoljs-assets.nsi
	@@ -1,2 +1,2 @@
	- File ${prefix}/share/gpgol-web/assets/index-BCHqCfnY.js
	+ File ${prefix}/share/gpgol-web/assets/index-BDpwQls6.js
	File ${prefix}/share/gpgol-web/assets/index-C8C8AKuF.css
	diff --git a/web/dist/assets/index-BCHqCfnY.js b/web/dist/assets/index-BDpwQls6.js
	similarity index 57%
	rename from web/dist/assets/index-BCHqCfnY.js
	rename to web/dist/assets/index-BDpwQls6.js
	index b7059c2..32c5a17 100644
	--- a/web/dist/assets/index-BCHqCfnY.js
	+++ b/web/dist/assets/index-BDpwQls6.js
	@@ -1,7 +1,7 @@
	-(function(){const e=document.createElement("link").relList;if(e&&e.supports&&e.supports("modulepreload"))return;for(const o of document.querySelectorAll('link[rel="modulepreload"]'))n(o);new MutationObserver(o=>{for(const i of o)if(i.type==="childList")for(const s of i.addedNodes)s.tagName==="LINK"&&s.rel==="modulepreload"&&n(s)}).observe(document,{childList:!0,subtree:!0});function t(o){const i={};return o.integrity&&(i.integrity=o.integrity),o.referrerPolicy&&(i.referrerPolicy=o.referrerPolicy),o.crossOrigin==="use-credentials"?i.credentials="include":o.crossOrigin==="anonymous"?i.credentials="omit":i.credentials="same-origin",i}function n(o){if(o.ep)return;o.ep=!0;const i=t(o);fetch(o.href,i)}})();const qe={"fr-FR":{"Loading...":"Chargement...","This mail is encrypted and signed.":"Ce email est encrypté et signé numériquement","This mail is encrypted.":"Ce email est encrypté"},"de-DE":{"Waiting for authorization":"Warte auf Berechtigung","Loading…":"Lade...","This mail is encrypted and signed.":"Diese E-Mail ist verschlüsselt und signiert.","This mail is encrypted.":"Diese E-Mail ist verschlüsselt.","This mail is signed.":"Diese E-Mail ist signiert.","This mail is not encrypted nor signed.":"Diese E-Mail ist nicht verschlüsselt und nicht signiert.",Decrypt:"Entschlüsseln","View email":"E-Mail betrachten","Native client was disconnected, reconnecting in 1 second.":"Verbindung zum nativen Client unterbrochen, verbinde erneut in 1 Sekunde.","Native client received an error":"Der native Client hat einen Fehler erhalten.","Native client was disconnected":"Verbindung zum nativen Client unterbrochen","Version mismatch. Make sure you installed the last manifest.xml.":"Versionen stimmen nicht überein. Stellen Sie sicher, dass Sie die aktuelle manifest.xml-Datei installiert haben.","Unable to acquire access token.":"Kann das Zugangstoken nicht abrufen.","Unknown device: %1. Do you trust this device?":"Unbekanntes Gerät: %1. Wollen Sie diesem Gerät vertrauen?","Don't Trust":"Nicht vertrauen",Trust:"Vertrauen","Viewer already open.":"Betrachter bereits geöffnet","New secure email":"Neue sichere E-Mail","Reply securely":"Sicher antworten","Forward securely":"Sicher weiterleiten",Reencrypt:"Erneut verschlüsseln",Drafts:"Entwürfe","Last Modified: %1":"Zuletzt geändert: %1",Delete:"Löschen","No draft found":"Kein Entwurf vorhanden"}};function J(r){const e=Office.context.displayLanguage;let t="";e in qe&&r in qe[e]?t=qe[e][r]:t=r;for(let n=1;n<arguments.length;n++)t=t.replace("%"+n,arguments[n]);return t}function te(r,e){const t=Office.context.displayLanguage;let n="";t in qe&&e in qe[t]?n=qe[t][e]:n=e;for(let o=2;o<arguments.length;o++)n=n.replace("%"+(o-1),arguments[o]);return n}/! @azure/msal-common v15.4.0 2025-03-25 /const g={LIBRARY_NAME:"MSAL.JS",SKU:"msal.js.common",CACHE_PREFIX:"msal",DEFAULT_AUTHORITY:"https://login.microsoftonline.com/common/",DEFAULT_AUTHORITY_HOST:"login.microsoftonline.com",DEFAULT_COMMON_TENANT:"common",ADFS:"adfs",DSTS:"dstsv2",AAD_INSTANCE_DISCOVERY_ENDPT:"https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=",CIAM_AUTH_URL:".ciamlogin.com",AAD_TENANT_DOMAIN_SUFFIX:".onmicrosoft.com",RESOURCE_DELIM:"\|",NO_ACCOUNT:"NO_ACCOUNT",CLAIMS:"claims",CONSUMER_UTID:"9188040d-6c67-4c5b-b112-36a304b66dad",OPENID_SCOPE:"openid",PROFILE_SCOPE:"profile",OFFLINE_ACCESS_SCOPE:"offline_access",EMAIL_SCOPE:"email",CODE_GRANT_TYPE:"authorization_code",RT_GRANT_TYPE:"refresh_token",S256_CODE_CHALLENGE_METHOD:"S256",URL_FORM_CONTENT_TYPE:"application/x-www-form-urlencoded;charset=utf-8",AUTHORIZATION_PENDING:"authorization_pending",NOT_DEFINED:"not_defined",EMPTY_STRING:"",NOT_APPLICABLE:"N/A",NOT_AVAILABLE:"Not Available",FORWARD_SLASH:"/",IMDS_ENDPOINT:"http://169.254.169.254/metadata/instance/compute/location",IMDS_VERSION:"2020-06-01",IMDS_TIMEOUT:2e3,AZURE_REGION_AUTO_DISCOVER_FLAG:"TryAutoDetect",REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX:"login.microsoft.com",KNOWN_PUBLIC_CLOUDS:["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"],SHR_NONCE_VALIDITY:240,INVALID_INSTANCE:"invalid_instance"},At={CLIENT_ERROR_RANGE_START:400,CLIENT_ERROR_RANGE_END:499,SERVER_ERROR_RANGE_START:500,SERVER_ERROR_RANGE_END:599},Fe=[g.OPENID_SCOPE,g.PROFILE_SCOPE,g.OFFLINE_ACCESS_SCOPE],Qo=[...Fe,g.EMAIL_SCOPE],V={CONTENT_TYPE:"Content-Type",CONTENT_LENGTH:"Content-Length",RETRY_AFTER:"Retry-After",CCS_HEADER:"X-AnchorMailbox",WWWAuthenticate:"WWW-Authenticate",AuthenticationInfo:"Authentication-Info",X_MS_REQUEST_ID:"x-ms-request-id",X_MS_HTTP_VERSION:"x-ms-httpver"},Yo={ACTIVE_ACCOUNT_FILTERS:"active-account-filters"},ke={COMMON:"common",ORGANIZATIONS:"organizations",CONSUMERS:"consumers"},It={ACCESS_TOKEN:"access_token",XMS_CC:"xms_cc"},K={LOGIN:"login",SELECT_ACCOUNT:"select_account",CONSENT:"consent",NONE:"none",CREATE:"create",NO_SESSION:"no_session"},jo={PLAIN:"plain",S256:"S256"},Sr={CODE:"code",IDTOKEN_TOKEN_REFRESHTOKEN:"id_token token refresh_token"},Wt={QUERY:"query",FRAGMENT:"fragment"},Js={QUERY:"query"},kr={AUTHORIZATION_CODE_GRANT:"authorization_code",REFRESH_TOKEN_GRANT:"refresh_token"},Et={MSSTS_ACCOUNT_TYPE:"MSSTS",ADFS_ACCOUNT_TYPE:"ADFS",GENERIC_ACCOUNT_TYPE:"Generic"},z={CACHE_KEY_SEPARATOR:"-",CLIENT_INFO_SEPARATOR:"."},I={ID_TOKEN:"IdToken",ACCESS_TOKEN:"AccessToken",ACCESS_TOKEN_WITH_AUTH_SCHEME:"AccessToken_With_AuthScheme",REFRESH_TOKEN:"RefreshToken"},zn="appmetadata",Xs="client_info",nt="1",Pt={CACHE_KEY:"authority-metadata",REFRESH_TIME_SECONDS:360024},X={CONFIG:"config",CACHE:"cache",NETWORK:"network",HARDCODED_VALUES:"hardcoded_values"},F={SCHEMA_VERSION:5,MAX_LAST_HEADER_BYTES:330,MAX_CACHED_ERRORS:50,CACHE_KEY:"server-telemetry",CATEGORY_SEPARATOR:"\|",VALUE_SEPARATOR:",",OVERFLOW_TRUE:"1",OVERFLOW_FALSE:"0",UNKNOWN_ERROR:"unknown_error"},k={BEARER:"Bearer",POP:"pop",SSH:"ssh-cert"},ot={DEFAULT_THROTTLE_TIME_SECONDS:60,DEFAULT_MAX_THROTTLE_TIME_SECONDS:3600,THROTTLING_PREFIX:"throttling",X_MS_LIB_CAPABILITY_VALUE:"retry-after, h429"},Wo={INVALID_GRANT_ERROR:"invalid_grant",CLIENT_MISMATCH_ERROR:"client_mismatch"},wt={httpSuccess:200,httpBadRequest:400},Ke={FAILED_AUTO_DETECTION:"1",INTERNAL_CACHE:"2",ENVIRONMENT_VARIABLE:"3",IMDS:"4"},yn={CONFIGURED_NO_AUTO_DETECTION:"2",AUTO_DETECTION_REQUESTED_SUCCESSFUL:"4",AUTO_DETECTION_REQUESTED_FAILED:"5"},Me={NOT_APPLICABLE:"0",FORCE_REFRESH_OR_CLAIMS:"1",NO_CACHED_ACCESS_TOKEN:"2",CACHED_ACCESS_TOKEN_EXPIRED:"3",PROACTIVELY_REFRESHED:"4"},Zs={Pop:"pop"},ea=300;/! @azure/msal-common v15.4.0 2025-03-25 /const qn="unexpected_error",ta="post_request_failed";/! @azure/msal-common v15.4.0 2025-03-25 /const Jo={[qn]:"Unexpected error in authentication.",[ta]:"Post request failed from the network, could be a 4xx/5xx or a network unavailability. Please check the exact error code for details."};class _ extends Error{constructor(e,t,n){const o=t?`${e}: ${t}`:e;super(o),Object.setPrototypeOf(this,_.prototype),this.errorCode=e\|\|g.EMPTY_STRING,this.errorMessage=t\|\|g.EMPTY_STRING,this.subError=n\|\|g.EMPTY_STRING,this.name="AuthError"}setCorrelationId(e){this.correlationId=e}}function _r(r,e){return new _(r,e?`${Jo[r]} ${e}`:Jo[r])}/! @azure/msal-common v15.4.0 2025-03-25 /const $n="client_info_decoding_error",Rr="client_info_empty_error",Vn="token_parsing_error",Nt="null_or_empty_token",pe="endpoints_resolution_error",br="network_error",Or="openid_config_error",Pr="hash_not_deserialized",Qe="invalid_state",Nr="state_mismatch",Sn="state_not_found",Mr="nonce_mismatch",Qn="auth_time_not_found",Ur="max_age_transpired",na="multiple_matching_tokens",oa="multiple_matching_accounts",Lr="multiple_matching_appMetadata",Hr="request_cannot_be_made",Dr="cannot_remove_empty_scope",xr="cannot_append_scopeset",kn="empty_input_scopeset",ra="device_code_polling_cancelled",ia="device_code_expired",sa="device_code_unknown_error",Yn="no_account_in_silent_request",Fr="invalid_cache_record",jn="invalid_cache_environment",Mt="no_account_found",_n="no_crypto_object",Rn="unexpected_credential_type",aa="invalid_assertion",ca="invalid_client_credential",_e="token_refresh_required",la="user_timeout_reached",Kr="token_claims_cnf_required_for_signedjwt",Br="authorization_code_missing_from_server_response",Gr="binding_key_not_removed",zr="end_session_endpoint_not_supported",Wn="key_id_missing",qr="no_network_connectivity",$r="user_canceled",da="missing_tenant_id_error",v="method_not_implemented",bn="nested_app_auth_bridge_disabled";/! @azure/msal-common v15.4.0 2025-03-25 /const Xo={[$n]:"The client info could not be parsed/decoded correctly",[Rr]:"The client info was empty",[Vn]:"Token cannot be parsed",[Nt]:"The token is null or empty",[pe]:"Endpoints cannot be resolved",[br]:"Network request failed",[Or]:"Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints.",[Pr]:"The hash parameters could not be deserialized",[Qe]:"State was not the expected format",[Nr]:"State mismatch error",[Sn]:"State not found",[Mr]:"Nonce mismatch error",[Qn]:"Max Age was requested and the ID token is missing the auth_time variable. auth_time is an optional claim and is not enabled by default - it must be enabled. See https://aka.ms/msaljs/optional-claims for more information.",[Ur]:"Max Age is set to 0, or too much time has elapsed since the last end-user authentication.",[na]:"The cache contains multiple tokens satisfying the requirements. Call AcquireToken again providing more requirements such as authority or account.",[oa]:"The cache contains multiple accounts satisfying the given parameters. Please pass more info to obtain the correct account",[Lr]:"The cache contains multiple appMetadata satisfying the given parameters. Please pass more info to obtain the correct appMetadata",[Hr]:"Token request cannot be made without authorization code or refresh token.",[Dr]:"Cannot remove null or empty scope from ScopeSet",[xr]:"Cannot append ScopeSet",[kn]:"Empty input ScopeSet cannot be processed",[ra]:"Caller has cancelled token endpoint polling during device code flow by setting DeviceCodeRequest.cancel = true.",[ia]:"Device code is expired.",[sa]:"Device code stopped polling for unknown reasons.",[Yn]:"Please pass an account object, silent flow is not supported without account information",[Fr]:"Cache record object was null or undefined.",[jn]:"Invalid environment when attempting to create cache entry",[Mt]:"No account found in cache for given key.",[_n]:"No crypto object detected.",[Rn]:"Unexpected credential type.",[aa]:"Client assertion must meet requirements described in https://tools.ietf.org/html/rfc7515",[ca]:"Client credential (secret, certificate, or assertion) must not be empty when creating a confidential client. An application should at most have one credential",[_e]:"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.",[la]:"User defined timeout for device code polling reached",[Kr]:"Cannot generate a POP jwt if the token_claims are not populated",[Br]:"Server response does not contain an authorization code to proceed",[Gr]:"Could not remove the credential's binding key from storage.",[zr]:"The provided authority does not support logout",[Wn]:"A keyId value is missing from the requested bound token's cache record and is required to match the token to it's stored binding key.",[qr]:"No network connectivity. Check your internet connection.",[$r]:"User cancelled the flow.",[da]:"A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.",[v]:"This method has not been implemented",[bn]:"The nested app auth bridge is disabled"};class ve extends _{constructor(e,t){super(e,t?`${Xo[e]}: ${t}`:Xo[e]),this.name="ClientAuthError",Object.setPrototypeOf(this,ve.prototype)}}function p(r,e){return new ve(r,e)}/! @azure/msal-common v15.4.0 2025-03-25 /const lt={createNewGuid:()=>{throw p(v)},base64Decode:()=>{throw p(v)},base64Encode:()=>{throw p(v)},base64UrlEncode:()=>{throw p(v)},encodeKid:()=>{throw p(v)},async getPublicKeyThumbprint(){throw p(v)},async removeTokenBindingKey(){throw p(v)},async clearKeystore(){throw p(v)},async signJwt(){throw p(v)},async hashString(){throw p(v)}};/! @azure/msal-common v15.4.0 2025-03-25 /var P;(function(r){r[r.Error=0]="Error",r[r.Warning=1]="Warning",r[r.Info=2]="Info",r[r.Verbose=3]="Verbose",r[r.Trace=4]="Trace"})(P\|\|(P={}));class Ae{constructor(e,t,n){this.level=P.Info;const o=()=>{},i=e\|\|Ae.createDefaultLoggerOptions();this.localCallback=i.loggerCallback\|\|o,this.piiLoggingEnabled=i.piiLoggingEnabled\|\|!1,this.level=typeof i.logLevel=="number"?i.logLevel:P.Info,this.correlationId=i.correlationId\|\|g.EMPTY_STRING,this.packageName=t\|\|g.EMPTY_STRING,this.packageVersion=n\|\|g.EMPTY_STRING}static createDefaultLoggerOptions(){return{loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:P.Info}}clone(e,t,n){return new Ae({loggerCallback:this.localCallback,piiLoggingEnabled:this.piiLoggingEnabled,logLevel:this.level,correlationId:n\|\|this.correlationId},e,t)}logMessage(e,t){if(t.logLevel>this.level\|\|!this.piiLoggingEnabled&&t.containsPii)return;const i=`${`[${new Date().toUTCString()}] : [${t.correlationId\|\|this.correlationId\|\|""}]`} : ${this.packageName}@${this.packageVersion} : ${P[t.logLevel]} - ${e}`;this.executeCallback(t.logLevel,i,t.containsPii\|\|!1)}executeCallback(e,t,n){this.localCallback&&this.localCallback(e,t,n)}error(e,t){this.logMessage(e,{logLevel:P.Error,containsPii:!1,correlationId:t\|\|g.EMPTY_STRING})}errorPii(e,t){this.logMessage(e,{logLevel:P.Error,containsPii:!0,correlationId:t\|\|g.EMPTY_STRING})}warning(e,t){this.logMessage(e,{logLevel:P.Warning,containsPii:!1,correlationId:t\|\|g.EMPTY_STRING})}warningPii(e,t){this.logMessage(e,{logLevel:P.Warning,containsPii:!0,correlationId:t\|\|g.EMPTY_STRING})}info(e,t){this.logMessage(e,{logLevel:P.Info,containsPii:!1,correlationId:t\|\|g.EMPTY_STRING})}infoPii(e,t){this.logMessage(e,{logLevel:P.Info,containsPii:!0,correlationId:t\|\|g.EMPTY_STRING})}verbose(e,t){this.logMessage(e,{logLevel:P.Verbose,containsPii:!1,correlationId:t\|\|g.EMPTY_STRING})}verbosePii(e,t){this.logMessage(e,{logLevel:P.Verbose,containsPii:!0,correlationId:t\|\|g.EMPTY_STRING})}trace(e,t){this.logMessage(e,{logLevel:P.Trace,containsPii:!1,correlationId:t\|\|g.EMPTY_STRING})}tracePii(e,t){this.logMessage(e,{logLevel:P.Trace,containsPii:!0,correlationId:t\|\|g.EMPTY_STRING})}isPiiLoggingEnabled(){return this.piiLoggingEnabled\|\|!1}}/! @azure/msal-common v15.4.0 2025-03-25 /const Vr="@azure/msal-common",Jn="15.4.0";/! @azure/msal-common v15.4.0 2025-03-25 /const Xn={None:"none"};/! @azure/msal-common v15.4.0 2025-03-25 /function be(r,e){const t=ha(r);try{const n=e(t);return JSON.parse(n)}catch{throw p(Vn)}}function ha(r){if(!r)throw p(Nt);const t=/^([^\.\s])\.([^\.\s]+)\.([^\.\s])$/.exec(r);if(!t\|\|t.length<4)throw p(Vn);return t[2]}function Qr(r,e){if(e===0\|\|Date.now()-3e5>r+e)throw p(Ur)}/! @azure/msal-common v15.4.0 2025-03-25 /function j(){return Math.round(new Date().getTime()/1e3)}function Zo(r){return r.getTime()/1e3}function Te(r){return r?new Date(Number(r)1e3):new Date}function Ut(r,e){const t=Number(r)\|\|0;return j()+e>t}function Yr(r){return Number(r)>j()}/! @azure/msal-common v15.4.0 2025-03-25 /function rt(r){return[pa(r),ma(r),Ca(r),ya(r),Ta(r)].join(z.CACHE_KEY_SEPARATOR).toLowerCase()}function Jt(r,e,t,n,o){return{credentialType:I.ID_TOKEN,homeAccountId:r,environment:e,clientId:n,secret:t,realm:o}}function Xt(r,e,t,n,o,i,s,a,c,d,h,u,m,A,E){var D,W;const w={homeAccountId:r,credentialType:I.ACCESS_TOKEN,secret:t,cachedAt:j().toString(),expiresOn:s.toString(),extendedExpiresOn:a.toString(),environment:e,clientId:n,realm:o,target:i,tokenType:h\|\|k.BEARER};if(u&&(w.userAssertionHash=u),d&&(w.refreshOn=d.toString()),A&&(w.requestedClaims=A,w.requestedClaimsHash=E),((D=w.tokenType)==null?void 0:D.toLowerCase())!==k.BEARER.toLowerCase())switch(w.credentialType=I.ACCESS_TOKEN_WITH_AUTH_SCHEME,w.tokenType){case k.POP:const ee=be(t,c);if(!((W=ee==null?void 0:ee.cnf)!=null&&W.kid))throw p(Kr);w.keyId=ee.cnf.kid;break;case k.SSH:w.keyId=m}return w}function jr(r,e,t,n,o,i,s){const a={credentialType:I.REFRESH_TOKEN,homeAccountId:r,environment:e,clientId:n,secret:t};return i&&(a.userAssertionHash=i),o&&(a.familyId=o),s&&(a.expiresOn=s.toString()),a}function Zn(r){return r.hasOwnProperty("homeAccountId")&&r.hasOwnProperty("environment")&&r.hasOwnProperty("credentialType")&&r.hasOwnProperty("clientId")&&r.hasOwnProperty("secret")}function ua(r){return r?Zn(r)&&r.hasOwnProperty("realm")&&r.hasOwnProperty("target")&&(r.credentialType===I.ACCESS_TOKEN\|\|r.credentialType===I.ACCESS_TOKEN_WITH_AUTH_SCHEME):!1}function ga(r){return r?Zn(r)&&r.hasOwnProperty("realm")&&r.credentialType===I.ID_TOKEN:!1}function fa(r){return r?Zn(r)&&r.credentialType===I.REFRESH_TOKEN:!1}function pa(r){return[r.homeAccountId,r.environment].join(z.CACHE_KEY_SEPARATOR).toLowerCase()}function ma(r){const e=r.credentialType===I.REFRESH_TOKEN&&r.familyId\|\|r.clientId;return[r.credentialType,e,r.realm\|\|""].join(z.CACHE_KEY_SEPARATOR).toLowerCase()}function Ca(r){return(r.target\|\|"").toLowerCase()}function ya(r){return(r.requestedClaimsHash\|\|"").toLowerCase()}function Ta(r){return r.tokenType&&r.tokenType.toLowerCase()!==k.BEARER.toLowerCase()?r.tokenType.toLowerCase():""}function Aa(r,e){const t=r.indexOf(F.CACHE_KEY)===0;let n=!0;return e&&(n=e.hasOwnProperty("failedRequests")&&e.hasOwnProperty("errors")&&e.hasOwnProperty("cacheHits")),t&&n}function Ia(r,e){let t=!1;r&&(t=r.indexOf(ot.THROTTLING_PREFIX)===0);let n=!0;return e&&(n=e.hasOwnProperty("throttleTime")),t&&n}function Ea({environment:r,clientId:e}){return[zn,r,e].join(z.CACHE_KEY_SEPARATOR).toLowerCase()}function wa(r,e){return e?r.indexOf(zn)===0&&e.hasOwnProperty("clientId")&&e.hasOwnProperty("environment"):!1}function va(r,e){return e?r.indexOf(Pt.CACHE_KEY)===0&&e.hasOwnProperty("aliases")&&e.hasOwnProperty("preferred_cache")&&e.hasOwnProperty("preferred_network")&&e.hasOwnProperty("canonical_authority")&&e.hasOwnProperty("authorization_endpoint")&&e.hasOwnProperty("token_endpoint")&&e.hasOwnProperty("issuer")&&e.hasOwnProperty("aliasesFromNetwork")&&e.hasOwnProperty("endpointsFromNetwork")&&e.hasOwnProperty("expiresAt")&&e.hasOwnProperty("jwks_uri"):!1}function er(){return j()+Pt.REFRESH_TIME_SECONDS}function vt(r,e,t){r.authorization_endpoint=e.authorization_endpoint,r.token_endpoint=e.token_endpoint,r.end_session_endpoint=e.end_session_endpoint,r.issuer=e.issuer,r.endpointsFromNetwork=t,r.jwks_uri=e.jwks_uri}function Tn(r,e,t){r.aliases=e.aliases,r.preferred_cache=e.preferred_cache,r.preferred_network=e.preferred_network,r.aliasesFromNetwork=t}function tr(r){return r.expiresAt<=j()}/! @azure/msal-common v15.4.0 2025-03-25 /const Wr="redirect_uri_empty",Sa="claims_request_parsing_error",Jr="authority_uri_insecure",tt="url_parse_error",Xr="empty_url_error",Zr="empty_input_scopes_error",ei="invalid_prompt_value",Zt="invalid_claims",ti="token_request_empty",ni="logout_request_empty",oi="invalid_code_challenge_method",en="pkce_params_missing",eo="invalid_cloud_discovery_metadata",ri="invalid_authority_metadata",ii="untrusted_authority",tn="missing_ssh_jwk",si="missing_ssh_kid",ka="missing_nonce_authentication_header",_a="invalid_authentication_header",ai="cannot_set_OIDCOptions",ci="cannot_allow_platform_broker",li="authority_mismatch";/! @azure/msal-common v15.4.0 2025-03-25 /const Ra={[Wr]:"A redirect URI is required for all calls, and none has been set.",[Sa]:"Could not parse the given claims request object.",[Jr]:"Authority URIs must use https. Please see here for valid authority configuration options: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-initializing-client-applications#configuration-options",[tt]:"URL could not be parsed into appropriate segments.",[Xr]:"URL was empty or null.",[Zr]:"Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token.",[ei]:"Please see here for valid configuration options: https://azuread.github.io/microsoft-authentication-library-for-js/ref/modules/_azure_msal_common.html#commonauthorizationurlrequest",[Zt]:"Given claims parameter must be a stringified JSON object.",[ti]:"Token request was empty and not found in cache.",[ni]:"The logout request was null or undefined.",[oi]:'code_challenge_method passed is invalid. Valid values are "plain" and "S256".',[en]:"Both params: code_challenge and code_challenge_method are to be passed if to be sent in the request",[eo]:"Invalid cloudDiscoveryMetadata provided. Must be a stringified JSON object containing tenant_discovery_endpoint and metadata fields",[ri]:"Invalid authorityMetadata provided. Must by a stringified JSON object containing authorization_endpoint, token_endpoint, issuer fields.",[ii]:"The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter.",[tn]:"Missing sshJwk in SSH certificate request. A stringified JSON Web Key is required when using the SSH authentication scheme.",[si]:"Missing sshKid in SSH certificate request. A string that uniquely identifies the public SSH key is required when using the SSH authentication scheme.",[ka]:"Unable to find an authentication header containing server nonce. Either the Authentication-Info or WWW-Authenticate headers must be present in order to obtain a server nonce.",[_a]:"Invalid authentication header provided",[ai]:"Cannot set OIDCOptions parameter. Please change the protocol mode to OIDC or use a non-Microsoft authority.",[ci]:"Cannot set allowPlatformBroker parameter to true when not in AAD protocol mode.",[li]:"Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority."};class to extends _{constructor(e){super(e,Ra[e]),this.name="ClientConfigurationError",Object.setPrototypeOf(this,to.prototype)}}function b(r){return new to(r)}/! @azure/msal-common v15.4.0 2025-03-25 /class ie{static isEmptyObj(e){if(e)try{const t=JSON.parse(e);return Object.keys(t).length===0}catch{}return!0}static startsWith(e,t){return e.indexOf(t)===0}static endsWith(e,t){return e.length>=t.length&&e.lastIndexOf(t)===e.length-t.length}static queryStringToObject(e){const t={},n=e.split("&"),o=i=>decodeURIComponent(i.replace(/\+/g," "));return n.forEach(i=>{if(i.trim()){const[s,a]=i.split(/=(.+)/g,2);s&&a&&(t[o(s)]=o(a))}}),t}static trimArrayEntries(e){return e.map(t=>t.trim())}static removeEmptyStringsFromArray(e){return e.filter(t=>!!t)}static jsonParseHelper(e){try{return JSON.parse(e)}catch{return null}}static matchPattern(e,t){return new RegExp(e.replace(/\\/g,"\\\\").replace(/\/g,"[^ ]").replace(/\?/g,"\\?")).test(t)}}/! @azure/msal-common v15.4.0 2025-03-25 /class M{constructor(e){const t=e?ie.trimArrayEntries([...e]):[],n=t?ie.removeEmptyStringsFromArray(t):[];if(!n\|\|!n.length)throw b(Zr);this.scopes=new Set,n.forEach(o=>this.scopes.add(o))}static fromString(e){const n=(e\|\|g.EMPTY_STRING).split(" ");return new M(n)}static createSearchScopes(e){const t=new M(e);return t.containsOnlyOIDCScopes()?t.removeScope(g.OFFLINE_ACCESS_SCOPE):t.removeOIDCScopes(),t}containsScope(e){const t=this.printScopesLowerCase().split(" "),n=new M(t);return e?n.scopes.has(e.toLowerCase()):!1}containsScopeSet(e){return!e\|\|e.scopes.size<=0?!1:this.scopes.size>=e.scopes.size&&e.asArray().every(t=>this.containsScope(t))}containsOnlyOIDCScopes(){let e=0;return Qo.forEach(t=>{this.containsScope(t)&&(e+=1)}),this.scopes.size===e}appendScope(e){e&&this.scopes.add(e.trim())}appendScopes(e){try{e.forEach(t=>this.appendScope(t))}catch{throw p(xr)}}removeScope(e){if(!e)throw p(Dr);this.scopes.delete(e.trim())}removeOIDCScopes(){Qo.forEach(e=>{this.scopes.delete(e)})}unionScopeSets(e){if(!e)throw p(kn);const t=new Set;return e.scopes.forEach(n=>t.add(n.toLowerCase())),this.scopes.forEach(n=>t.add(n.toLowerCase())),t}intersectingScopeSets(e){if(!e)throw p(kn);e.containsOnlyOIDCScopes()\|\|e.removeOIDCScopes();const t=this.unionScopeSets(e),n=e.getScopeCount(),o=this.getScopeCount();return t.size<o+n}getScopeCount(){return this.scopes.size}asArray(){const e=[];return this.scopes.forEach(t=>e.push(t)),e}printScopes(){return this.scopes?this.asArray().join(" "):g.EMPTY_STRING}printScopesLowerCase(){return this.printScopes().toLowerCase()}}/! @azure/msal-common v15.4.0 2025-03-25 /function Lt(r,e){if(!r)throw p(Rr);try{const t=e(r);return JSON.parse(t)}catch{throw p($n)}}function $e(r){if(!r)throw p($n);const e=r.split(z.CLIENT_INFO_SEPARATOR,2);return{uid:e[0],utid:e.length<2?g.EMPTY_STRING:e[1]}}/! @azure/msal-common v15.4.0 2025-03-25 /function nr(r,e){return!!r&&!!e&&r===e.split(".")[1]}function nn(r,e,t,n){if(n){const{oid:o,sub:i,tid:s,name:a,tfp:c,acr:d}=n,h=s\|\|c\|\|d\|\|"";return{tenantId:h,localAccountId:o\|\|i\|\|"",name:a,isHomeTenant:nr(h,r)}}else return{tenantId:t,localAccountId:e,isHomeTenant:nr(t,r)}}function no(r,e,t,n){let o=r;if(e){const{isHomeTenant:i,...s}=e;o={...r,...s}}if(t){const{isHomeTenant:i,...s}=nn(r.homeAccountId,r.localAccountId,r.tenantId,t);return o={...o,...s,idTokenClaims:t,idToken:n},o}return o}/! @azure/msal-common v15.4.0 2025-03-25 /const oe={Default:0,Adfs:1,Dsts:2,Ciam:3};/! @azure/msal-common v15.4.0 2025-03-25 /function di(r){return r&&(r.tid\|\|r.tfp\|\|r.acr)\|\|null}/! @azure/msal-common v15.4.0 2025-03-25 /const Y={AAD:"AAD",OIDC:"OIDC",EAR:"EAR"};/! @azure/msal-common v15.4.0 2025-03-25 /class q{generateAccountId(){return[this.homeAccountId,this.environment].join(z.CACHE_KEY_SEPARATOR).toLowerCase()}generateAccountKey(){return q.generateAccountCacheKey({homeAccountId:this.homeAccountId,environment:this.environment,tenantId:this.realm,username:this.username,localAccountId:this.localAccountId})}getAccountInfo(){return{homeAccountId:this.homeAccountId,environment:this.environment,tenantId:this.realm,username:this.username,localAccountId:this.localAccountId,name:this.name,nativeAccountId:this.nativeAccountId,authorityType:this.authorityType,tenantProfiles:new Map((this.tenantProfiles\|\|[]).map(e=>[e.tenantId,e]))}}isSingleTenant(){return!this.tenantProfiles}static generateAccountCacheKey(e){const t=e.homeAccountId.split(".")[1];return[e.homeAccountId,e.environment\|\|"",t\|\|e.tenantId\|\|""].join(z.CACHE_KEY_SEPARATOR).toLowerCase()}static createAccount(e,t,n){var d,h,u,m,A,E;const o=new q;t.authorityType===oe.Adfs?o.authorityType=Et.ADFS_ACCOUNT_TYPE:t.protocolMode===Y.OIDC?o.authorityType=Et.GENERIC_ACCOUNT_TYPE:o.authorityType=Et.MSSTS_ACCOUNT_TYPE;let i;e.clientInfo&&n&&(i=Lt(e.clientInfo,n)),o.clientInfo=e.clientInfo,o.homeAccountId=e.homeAccountId,o.nativeAccountId=e.nativeAccountId;const s=e.environment\|\|t&&t.getPreferredCache();if(!s)throw p(jn);o.environment=s,o.realm=(i==null?void 0:i.utid)\|\|di(e.idTokenClaims)\|\|"",o.localAccountId=(i==null?void 0:i.uid)\|\|((d=e.idTokenClaims)==null?void 0:d.oid)\|\|((h=e.idTokenClaims)==null?void 0:h.sub)\|\|"";const a=((u=e.idTokenClaims)==null?void 0:u.preferred_username)\|\|((m=e.idTokenClaims)==null?void 0:m.upn),c=(A=e.idTokenClaims)!=null&&A.emails?e.idTokenClaims.emails[0]:null;if(o.username=a\|\|c\|\|"",o.name=((E=e.idTokenClaims)==null?void 0:E.name)\|\|"",o.cloudGraphHostName=e.cloudGraphHostName,o.msGraphHost=e.msGraphHost,e.tenantProfiles)o.tenantProfiles=e.tenantProfiles;else{const w=nn(e.homeAccountId,o.localAccountId,o.realm,e.idTokenClaims);o.tenantProfiles=[w]}return o}static createFromAccountInfo(e,t,n){var i;const o=new q;return o.authorityType=e.authorityType\|\|Et.GENERIC_ACCOUNT_TYPE,o.homeAccountId=e.homeAccountId,o.localAccountId=e.localAccountId,o.nativeAccountId=e.nativeAccountId,o.realm=e.tenantId,o.environment=e.environment,o.username=e.username,o.name=e.name,o.cloudGraphHostName=t,o.msGraphHost=n,o.tenantProfiles=Array.from(((i=e.tenantProfiles)==null?void 0:i.values())\|\|[]),o}static generateHomeAccountId(e,t,n,o,i){if(!(t===oe.Adfs\|\|t===oe.Dsts)){if(e)try{const s=Lt(e,o.base64Decode);if(s.uid&&s.utid)return`${s.uid}.${s.utid}`}catch{}n.warning("No client info in response")}return(i==null?void 0:i.sub)\|\|""}static isAccountEntity(e){return e?e.hasOwnProperty("homeAccountId")&&e.hasOwnProperty("environment")&&e.hasOwnProperty("realm")&&e.hasOwnProperty("localAccountId")&&e.hasOwnProperty("username")&&e.hasOwnProperty("authorityType"):!1}static accountInfoIsEqual(e,t,n){if(!e\|\|!t)return!1;let o=!0;if(n){const i=e.idTokenClaims\|\|{},s=t.idTokenClaims\|\|{};o=i.iat===s.iat&&i.nonce===s.nonce}return e.homeAccountId===t.homeAccountId&&e.localAccountId===t.localAccountId&&e.username===t.username&&e.tenantId===t.tenantId&&e.environment===t.environment&&e.nativeAccountId===t.nativeAccountId&&o}}/! @azure/msal-common v15.4.0 2025-03-25 /function hi(r){return r.startsWith("#/")?r.substring(2):r.startsWith("#")\|\|r.startsWith("?")?r.substring(1):r}function Ht(r){if(!r\|\|r.indexOf("=")<0)return null;try{const e=hi(r),t=Object.fromEntries(new URLSearchParams(e));if(t.code\|\|t.ear_jwe\|\|t.error\|\|t.error_description\|\|t.state)return t}catch{throw p(Pr)}return null}function dt(r){const e=new Array;return r.forEach((t,n)=>{e.push(`${n}=${encodeURIComponent(t)}`)}),e.join("&")}/! @azure/msal-common v15.4.0 2025-03-25 /class S{get urlString(){return this._urlString}constructor(e){if(this._urlString=e,!this._urlString)throw b(Xr);e.includes("#")\|\|(this._urlString=S.canonicalizeUri(e))}static canonicalizeUri(e){if(e){let t=e.toLowerCase();return ie.endsWith(t,"?")?t=t.slice(0,-1):ie.endsWith(t,"?/")&&(t=t.slice(0,-2)),ie.endsWith(t,"/")\|\|(t+="/"),t}return e}validateAsUri(){let e;try{e=this.getUrlComponents()}catch{throw b(tt)}if(!e.HostNameAndPort\|\|!e.PathSegments)throw b(tt);if(!e.Protocol\|\|e.Protocol.toLowerCase()!=="https:")throw b(Jr)}static appendQueryString(e,t){return t?e.indexOf("?")<0?`${e}?${t}`:`${e}&${t}`:e}static removeHashFromUrl(e){return S.canonicalizeUri(e.split("#")[0])}replaceTenantPath(e){const t=this.getUrlComponents(),n=t.PathSegments;return e&&n.length!==0&&(n[0]===ke.COMMON\|\|n[0]===ke.ORGANIZATIONS)&&(n[0]=e),S.constructAuthorityUriFromObject(t)}getUrlComponents(){const e=RegExp("^(([^:/?#]+):)?(//([^/?#]))?([^?#])(\\?([^#]))?(#(.))?"),t=this.urlString.match(e);if(!t)throw b(tt);const n={Protocol:t[1],HostNameAndPort:t[4],AbsolutePath:t[5],QueryString:t[7]};let o=n.AbsolutePath.split("/");return o=o.filter(i=>i&&i.length>0),n.PathSegments=o,n.QueryString&&n.QueryString.endsWith("/")&&(n.QueryString=n.QueryString.substring(0,n.QueryString.length-1)),n}static getDomainFromUrl(e){const t=RegExp("^([^:/?#]+://)?([^/?#])"),n=e.match(t);if(!n)throw b(tt);return n[2]}static getAbsoluteUrl(e,t){if(e[0]===g.FORWARD_SLASH){const o=new S(t).getUrlComponents();return o.Protocol+"//"+o.HostNameAndPort+e}return e}static constructAuthorityUriFromObject(e){return new S(e.Protocol+"//"+e.HostNameAndPort+"/"+e.PathSegments.join("/"))}static hashContainsKnownProperties(e){return!!Ht(e)}}/! @azure/msal-common v15.4.0 2025-03-25 /const ui={endpointMetadata:{"login.microsoftonline.com":{token_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.microsoftonline.com/{tenantid}/discovery/v2.0/keys",issuer:"https://login.microsoftonline.com/{tenantid}/v2.0",authorization_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/logout"},"login.chinacloudapi.cn":{token_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.chinacloudapi.cn/{tenantid}/discovery/v2.0/keys",issuer:"https://login.partner.microsoftonline.cn/{tenantid}/v2.0",authorization_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/logout"},"login.microsoftonline.us":{token_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.microsoftonline.us/{tenantid}/discovery/v2.0/keys",issuer:"https://login.microsoftonline.us/{tenantid}/v2.0",authorization_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/logout"}},instanceDiscoveryMetadata:{metadata:[{preferred_network:"login.microsoftonline.com",preferred_cache:"login.windows.net",aliases:["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"]},{preferred_network:"login.partner.microsoftonline.cn",preferred_cache:"login.partner.microsoftonline.cn",aliases:["login.partner.microsoftonline.cn","login.chinacloudapi.cn"]},{preferred_network:"login.microsoftonline.de",preferred_cache:"login.microsoftonline.de",aliases:["login.microsoftonline.de"]},{preferred_network:"login.microsoftonline.us",preferred_cache:"login.microsoftonline.us",aliases:["login.microsoftonline.us","login.usgovcloudapi.net"]},{preferred_network:"login-us.microsoftonline.com",preferred_cache:"login-us.microsoftonline.com",aliases:["login-us.microsoftonline.com"]}]}},or=ui.endpointMetadata,oo=ui.instanceDiscoveryMetadata,gi=new Set;oo.metadata.forEach(r=>{r.aliases.forEach(e=>{gi.add(e)})});function ba(r,e){var o;let t;const n=r.canonicalAuthority;if(n){const i=new S(n).getUrlComponents().HostNameAndPort;t=rr(i,(o=r.cloudDiscoveryMetadata)==null?void 0:o.metadata,X.CONFIG,e)\|\|rr(i,oo.metadata,X.HARDCODED_VALUES,e)\|\|r.knownAuthorities}return t\|\|[]}function rr(r,e,t,n){if(n==null\|\|n.trace(`getAliasesFromMetadata called with source: ${t}`),r&&e){const o=Dt(e,r);if(o)return n==null\|\|n.trace(`getAliasesFromMetadata: found cloud discovery metadata in ${t}, returning aliases`),o.aliases;n==null\|\|n.trace(`getAliasesFromMetadata: did not find cloud discovery metadata in ${t}`)}return null}function Oa(r){return Dt(oo.metadata,r)}function Dt(r,e){for(let t=0;t<r.length;t++){const n=r[t];if(n.aliases.includes(e))return n}return null}/! @azure/msal-common v15.4.0 2025-03-25 /const fi="cache_quota_exceeded",ro="cache_error_unknown";/! @azure/msal-common v15.4.0 2025-03-25 /const An={[fi]:"Exceeded cache storage capacity.",[ro]:"Unexpected error occurred when using cache storage."};class Ve extends Error{constructor(e,t){const n=t\|\|(An[e]?An[e]:An[ro]);super(`${e}: ${n}`),Object.setPrototypeOf(this,Ve.prototype),this.name="CacheError",this.errorCode=e,this.errorMessage=n}}/! @azure/msal-common v15.4.0 2025-03-25 /class On{constructor(e,t,n,o){this.clientId=e,this.cryptoImpl=t,this.commonLogger=n.clone(Vr,Jn),this.staticAuthorityOptions=o}getAllAccounts(e){return this.buildTenantProfiles(this.getAccountsFilteredBy(e\|\|{}),e)}getAccountInfoFilteredBy(e){const t=this.getAllAccounts(e);return t.length>1?t.sort(o=>o.idTokenClaims?-1:1)[0]:t.length===1?t[0]:null}getBaseAccountInfo(e){const t=this.getAccountsFilteredBy(e);return t.length>0?t[0].getAccountInfo():null}buildTenantProfiles(e,t){return e.flatMap(n=>this.getTenantProfilesFromAccountEntity(n,t==null?void 0:t.tenantId,t))}getTenantedAccountInfoByFilter(e,t,n,o){let i=null,s;if(o&&!this.tenantProfileMatchesFilter(n,o))return null;const a=this.getIdToken(e,t,n.tenantId);return a&&(s=be(a.secret,this.cryptoImpl.base64Decode),!this.idTokenClaimsMatchTenantProfileFilter(s,o))?null:(i=no(e,n,s,a==null?void 0:a.secret),i)}getTenantProfilesFromAccountEntity(e,t,n){const o=e.getAccountInfo();let i=o.tenantProfiles\|\|new Map;const s=this.getTokenKeys();if(t){const c=i.get(t);if(c)i=new Map([[t,c]]);else return[]}const a=[];return i.forEach(c=>{const d=this.getTenantedAccountInfoByFilter(o,s,c,n);d&&a.push(d)}),a}tenantProfileMatchesFilter(e,t){return!(t.localAccountId&&!this.matchLocalAccountIdFromTenantProfile(e,t.localAccountId)\|\|t.name&&e.name!==t.name\|\|t.isHomeTenant!==void 0&&e.isHomeTenant!==t.isHomeTenant)}idTokenClaimsMatchTenantProfileFilter(e,t){return!(t&&(t.localAccountId&&!this.matchLocalAccountIdFromTokenClaims(e,t.localAccountId)\|\|t.loginHint&&!this.matchLoginHintFromTokenClaims(e,t.loginHint)\|\|t.username&&!this.matchUsername(e.preferred_username,t.username)\|\|t.name&&!this.matchName(e,t.name)\|\|t.sid&&!this.matchSid(e,t.sid)))}async saveCacheRecord(e,t,n){var o,i,s,a;if(!e)throw p(Fr);try{e.account&&await this.setAccount(e.account,t),e.idToken&&(n==null?void 0:n.idToken)!==!1&&await this.setIdTokenCredential(e.idToken,t),e.accessToken&&(n==null?void 0:n.accessToken)!==!1&&await this.saveAccessToken(e.accessToken,t),e.refreshToken&&(n==null?void 0:n.refreshToken)!==!1&&await this.setRefreshTokenCredential(e.refreshToken,t),e.appMetadata&&this.setAppMetadata(e.appMetadata)}catch(c){throw(o=this.commonLogger)==null\|\|o.error("CacheManager.saveCacheRecord: failed"),c instanceof Error?((i=this.commonLogger)==null\|\|i.errorPii(`CacheManager.saveCacheRecord: ${c.message}`,t),c.name==="QuotaExceededError"\|\|c.name==="NS_ERROR_DOM_QUOTA_REACHED"\|\|c.message.includes("exceeded the quota")?((s=this.commonLogger)==null\|\|s.error("CacheManager.saveCacheRecord: exceeded storage quota",t),new Ve(fi)):new Ve(c.name,c.message)):((a=this.commonLogger)==null\|\|a.errorPii(`CacheManager.saveCacheRecord: ${c}`,t),new Ve(ro))}}async saveAccessToken(e,t){const n={clientId:e.clientId,credentialType:e.credentialType,environment:e.environment,homeAccountId:e.homeAccountId,realm:e.realm,tokenType:e.tokenType,requestedClaimsHash:e.requestedClaimsHash},o=this.getTokenKeys(),i=M.fromString(e.target),s=[];o.accessToken.forEach(a=>{if(!this.accessTokenKeyMatchesFilter(a,n,!1))return;const c=this.getAccessTokenCredential(a);c&&this.credentialMatchesFilter(c,n)&&M.fromString(c.target).intersectingScopeSets(i)&&s.push(this.removeAccessToken(a))}),await Promise.all(s),await this.setAccessTokenCredential(e,t)}getAccountsFilteredBy(e){const t=this.getAccountKeys(),n=[];return t.forEach(o=>{var c;if(!this.isAccountKey(o,e.homeAccountId))return;const i=this.getAccount(o,this.commonLogger);if(!i\|\|e.homeAccountId&&!this.matchHomeAccountId(i,e.homeAccountId)\|\|e.username&&!this.matchUsername(i.username,e.username)\|\|e.environment&&!this.matchEnvironment(i,e.environment)\|\|e.realm&&!this.matchRealm(i,e.realm)\|\|e.nativeAccountId&&!this.matchNativeAccountId(i,e.nativeAccountId)\|\|e.authorityType&&!this.matchAuthorityType(i,e.authorityType))return;const s={localAccountId:e==null?void 0:e.localAccountId,name:e==null?void 0:e.name},a=(c=i.tenantProfiles)==null?void 0:c.filter(d=>this.tenantProfileMatchesFilter(d,s));a&&a.length===0\|\|n.push(i)}),n}isAccountKey(e,t,n){return!(e.split(z.CACHE_KEY_SEPARATOR).length<3\|\|t&&!e.toLowerCase().includes(t.toLowerCase())\|\|n&&!e.toLowerCase().includes(n.toLowerCase()))}isCredentialKey(e){if(e.split(z.CACHE_KEY_SEPARATOR).length<6)return!1;const t=e.toLowerCase();if(t.indexOf(I.ID_TOKEN.toLowerCase())===-1&&t.indexOf(I.ACCESS_TOKEN.toLowerCase())===-1&&t.indexOf(I.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase())===-1&&t.indexOf(I.REFRESH_TOKEN.toLowerCase())===-1)return!1;if(t.indexOf(I.REFRESH_TOKEN.toLowerCase())>-1){const n=`${I.REFRESH_TOKEN}${z.CACHE_KEY_SEPARATOR}${this.clientId}${z.CACHE_KEY_SEPARATOR}`,o=`${I.REFRESH_TOKEN}${z.CACHE_KEY_SEPARATOR}${nt}${z.CACHE_KEY_SEPARATOR}`;if(t.indexOf(n.toLowerCase())===-1&&t.indexOf(o.toLowerCase())===-1)return!1}else if(t.indexOf(this.clientId.toLowerCase())===-1)return!1;return!0}credentialMatchesFilter(e,t){return!(t.clientId&&!this.matchClientId(e,t.clientId)\|\|t.userAssertionHash&&!this.matchUserAssertionHash(e,t.userAssertionHash)\|\|typeof t.homeAccountId=="string"&&!this.matchHomeAccountId(e,t.homeAccountId)\|\|t.environment&&!this.matchEnvironment(e,t.environment)\|\|t.realm&&!this.matchRealm(e,t.realm)\|\|t.credentialType&&!this.matchCredentialType(e,t.credentialType)\|\|t.familyId&&!this.matchFamilyId(e,t.familyId)\|\|t.target&&!this.matchTarget(e,t.target)\|\|(t.requestedClaimsHash\|\|e.requestedClaimsHash)&&e.requestedClaimsHash!==t.requestedClaimsHash\|\|e.credentialType===I.ACCESS_TOKEN_WITH_AUTH_SCHEME&&(t.tokenType&&!this.matchTokenType(e,t.tokenType)\|\|t.tokenType===k.SSH&&t.keyId&&!this.matchKeyId(e,t.keyId)))}getAppMetadataFilteredBy(e){const t=this.getKeys(),n={};return t.forEach(o=>{if(!this.isAppMetadata(o))return;const i=this.getAppMetadata(o);i&&(e.environment&&!this.matchEnvironment(i,e.environment)\|\|e.clientId&&!this.matchClientId(i,e.clientId)\|\|(n[o]=i))}),n}getAuthorityMetadataByAlias(e){const t=this.getAuthorityMetadataKeys();let n=null;return t.forEach(o=>{if(!this.isAuthorityMetadata(o)\|\|o.indexOf(this.clientId)===-1)return;const i=this.getAuthorityMetadata(o);i&&i.aliases.indexOf(e)!==-1&&(n=i)}),n}async removeAllAccounts(){const e=this.getAccountKeys(),t=[];e.forEach(n=>{t.push(this.removeAccount(n))}),await Promise.all(t)}async removeAccount(e){const t=this.getAccount(e,this.commonLogger);t&&(await this.removeAccountContext(t),this.removeItem(e))}async removeAccountContext(e){const t=this.getTokenKeys(),n=e.generateAccountId(),o=[];t.idToken.forEach(i=>{i.indexOf(n)===0&&this.removeIdToken(i)}),t.accessToken.forEach(i=>{i.indexOf(n)===0&&o.push(this.removeAccessToken(i))}),t.refreshToken.forEach(i=>{i.indexOf(n)===0&&this.removeRefreshToken(i)}),await Promise.all(o)}async removeAccessToken(e){const t=this.getAccessTokenCredential(e);if(t){if(t.credentialType.toLowerCase()===I.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()&&t.tokenType===k.POP){const o=t.keyId;if(o)try{await this.cryptoImpl.removeTokenBindingKey(o)}catch{throw p(Gr)}}return this.removeItem(e)}}removeAppMetadata(){return this.getKeys().forEach(t=>{this.isAppMetadata(t)&&this.removeItem(t)}),!0}readAccountFromCache(e){const t=q.generateAccountCacheKey(e);return this.getAccount(t,this.commonLogger)}getIdToken(e,t,n,o,i){this.commonLogger.trace("CacheManager - getIdToken called");const s={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:I.ID_TOKEN,clientId:this.clientId,realm:n},a=this.getIdTokensByFilter(s,t),c=a.size;if(c<1)return this.commonLogger.info("CacheManager:getIdToken - No token found"),null;if(c>1){let d=a;if(!n){const h=new Map;a.forEach((m,A)=>{m.realm===e.tenantId&&h.set(A,m)});const u=h.size;if(u<1)return this.commonLogger.info("CacheManager:getIdToken - Multiple ID tokens found for account but none match account entity tenant id, returning first result"),a.values().next().value;if(u===1)return this.commonLogger.info("CacheManager:getIdToken - Multiple ID tokens found for account, defaulting to home tenant profile"),h.values().next().value;d=h}return this.commonLogger.info("CacheManager:getIdToken - Multiple matching ID tokens found, clearing them"),d.forEach((h,u)=>{this.removeIdToken(u)}),o&&i&&o.addFields({multiMatchedID:a.size},i),null}return this.commonLogger.info("CacheManager:getIdToken - Returning ID token"),a.values().next().value}getIdTokensByFilter(e,t){const n=t&&t.idToken\|\|this.getTokenKeys().idToken,o=new Map;return n.forEach(i=>{if(!this.idTokenKeyMatchesFilter(i,{clientId:this.clientId,...e}))return;const s=this.getIdTokenCredential(i);s&&this.credentialMatchesFilter(s,e)&&o.set(i,s)}),o}idTokenKeyMatchesFilter(e,t){const n=e.toLowerCase();return!(t.clientId&&n.indexOf(t.clientId.toLowerCase())===-1\|\|t.homeAccountId&&n.indexOf(t.homeAccountId.toLowerCase())===-1)}removeIdToken(e){this.removeItem(e)}removeRefreshToken(e){this.removeItem(e)}getAccessToken(e,t,n,o,i,s){this.commonLogger.trace("CacheManager - getAccessToken called");const a=M.createSearchScopes(t.scopes),c=t.authenticationScheme\|\|k.BEARER,d=c.toLowerCase()!==k.BEARER.toLowerCase()?I.ACCESS_TOKEN_WITH_AUTH_SCHEME:I.ACCESS_TOKEN,h={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:d,clientId:this.clientId,realm:o\|\|e.tenantId,target:a,tokenType:c,keyId:t.sshKid,requestedClaimsHash:t.requestedClaimsHash},u=n&&n.accessToken\|\|this.getTokenKeys().accessToken,m=[];u.forEach(E=>{if(this.accessTokenKeyMatchesFilter(E,h,!0)){const w=this.getAccessTokenCredential(E);w&&this.credentialMatchesFilter(w,h)&&m.push(w)}});const A=m.length;return A<1?(this.commonLogger.info("CacheManager:getAccessToken - No token found"),null):A>1?(this.commonLogger.info("CacheManager:getAccessToken - Multiple access tokens found, clearing them"),m.forEach(E=>{this.removeAccessToken(rt(E))}),i&&s&&i.addFields({multiMatchedAT:m.length},s),null):(this.commonLogger.info("CacheManager:getAccessToken - Returning access token"),m[0])}accessTokenKeyMatchesFilter(e,t,n){const o=e.toLowerCase();if(t.clientId&&o.indexOf(t.clientId.toLowerCase())===-1\|\|t.homeAccountId&&o.indexOf(t.homeAccountId.toLowerCase())===-1\|\|t.realm&&o.indexOf(t.realm.toLowerCase())===-1\|\|t.requestedClaimsHash&&o.indexOf(t.requestedClaimsHash.toLowerCase())===-1)return!1;if(t.target){const i=t.target.asArray();for(let s=0;s<i.length;s++){if(n&&!o.includes(i[s].toLowerCase()))return!1;if(!n&&o.includes(i[s].toLowerCase()))return!0}}return!0}getAccessTokensByFilter(e){const t=this.getTokenKeys(),n=[];return t.accessToken.forEach(o=>{if(!this.accessTokenKeyMatchesFilter(o,e,!0))return;const i=this.getAccessTokenCredential(o);i&&this.credentialMatchesFilter(i,e)&&n.push(i)}),n}getRefreshToken(e,t,n,o,i){this.commonLogger.trace("CacheManager - getRefreshToken called");const s=t?nt:void 0,a={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:I.REFRESH_TOKEN,clientId:this.clientId,familyId:s},c=n&&n.refreshToken\|\|this.getTokenKeys().refreshToken,d=[];c.forEach(u=>{if(this.refreshTokenKeyMatchesFilter(u,a)){const m=this.getRefreshTokenCredential(u);m&&this.credentialMatchesFilter(m,a)&&d.push(m)}});const h=d.length;return h<1?(this.commonLogger.info("CacheManager:getRefreshToken - No refresh token found."),null):(h>1&&o&&i&&o.addFields({multiMatchedRT:h},i),this.commonLogger.info("CacheManager:getRefreshToken - returning refresh token"),d[0])}refreshTokenKeyMatchesFilter(e,t){const n=e.toLowerCase();return!(t.familyId&&n.indexOf(t.familyId.toLowerCase())===-1\|\|!t.familyId&&t.clientId&&n.indexOf(t.clientId.toLowerCase())===-1\|\|t.homeAccountId&&n.indexOf(t.homeAccountId.toLowerCase())===-1)}readAppMetadataFromCache(e){const t={environment:e,clientId:this.clientId},n=this.getAppMetadataFilteredBy(t),o=Object.keys(n).map(s=>n[s]),i=o.length;if(i<1)return null;if(i>1)throw p(Lr);return o[0]}isAppMetadataFOCI(e){const t=this.readAppMetadataFromCache(e);return!!(t&&t.familyId===nt)}matchHomeAccountId(e,t){return typeof e.homeAccountId=="string"&&t===e.homeAccountId}matchLocalAccountIdFromTokenClaims(e,t){const n=e.oid\|\|e.sub;return t===n}matchLocalAccountIdFromTenantProfile(e,t){return e.localAccountId===t}matchName(e,t){var n;return t.toLowerCase()===((n=e.name)==null?void 0:n.toLowerCase())}matchUsername(e,t){return!!(e&&typeof e=="string"&&(t==null?void 0:t.toLowerCase())===e.toLowerCase())}matchUserAssertionHash(e,t){return!!(e.userAssertionHash&&t===e.userAssertionHash)}matchEnvironment(e,t){if(this.staticAuthorityOptions){const o=ba(this.staticAuthorityOptions,this.commonLogger);if(o.includes(t)&&o.includes(e.environment))return!0}const n=this.getAuthorityMetadataByAlias(t);return!!(n&&n.aliases.indexOf(e.environment)>-1)}matchCredentialType(e,t){return e.credentialType&&t.toLowerCase()===e.credentialType.toLowerCase()}matchClientId(e,t){return!!(e.clientId&&t===e.clientId)}matchFamilyId(e,t){return!!(e.familyId&&t===e.familyId)}matchRealm(e,t){var n;return((n=e.realm)==null?void 0:n.toLowerCase())===t.toLowerCase()}matchNativeAccountId(e,t){return!!(e.nativeAccountId&&t===e.nativeAccountId)}matchLoginHintFromTokenClaims(e,t){return e.login_hint===t\|\|e.preferred_username===t\|\|e.upn===t}matchSid(e,t){return e.sid===t}matchAuthorityType(e,t){return!!(e.authorityType&&t.toLowerCase()===e.authorityType.toLowerCase())}matchTarget(e,t){return e.credentialType!==I.ACCESS_TOKEN&&e.credentialType!==I.ACCESS_TOKEN_WITH_AUTH_SCHEME\|\|!e.target?!1:M.fromString(e.target).containsScopeSet(t)}matchTokenType(e,t){return!!(e.tokenType&&e.tokenType===t)}matchKeyId(e,t){return!!(e.keyId&&e.keyId===t)}isAppMetadata(e){return e.indexOf(zn)!==-1}isAuthorityMetadata(e){return e.indexOf(Pt.CACHE_KEY)!==-1}generateAuthorityMetadataCacheKey(e){return`${Pt.CACHE_KEY}-${this.clientId}-${e}`}static toObject(e,t){for(const n in t)e[n]=t[n];return e}}class Pa extends On{async setAccount(){throw p(v)}getAccount(){throw p(v)}async setIdTokenCredential(){throw p(v)}getIdTokenCredential(){throw p(v)}async setAccessTokenCredential(){throw p(v)}getAccessTokenCredential(){throw p(v)}async setRefreshTokenCredential(){throw p(v)}getRefreshTokenCredential(){throw p(v)}setAppMetadata(){throw p(v)}getAppMetadata(){throw p(v)}setServerTelemetry(){throw p(v)}getServerTelemetry(){throw p(v)}setAuthorityMetadata(){throw p(v)}getAuthorityMetadata(){throw p(v)}getAuthorityMetadataKeys(){throw p(v)}setThrottlingCache(){throw p(v)}getThrottlingCache(){throw p(v)}removeItem(){throw p(v)}getKeys(){throw p(v)}getAccountKeys(){throw p(v)}getTokenKeys(){throw p(v)}}/! @azure/msal-common v15.4.0 2025-03-25 /const pi={tokenRenewalOffsetSeconds:ea,preventCorsPreflight:!1},Na={loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:P.Info,correlationId:g.EMPTY_STRING},Ma={claimsBasedCachingEnabled:!1},Ua={async sendGetRequestAsync(){throw p(v)},async sendPostRequestAsync(){throw p(v)}},La={sku:g.SKU,version:Jn,cpu:g.EMPTY_STRING,os:g.EMPTY_STRING},Ha={clientSecret:g.EMPTY_STRING,clientAssertion:void 0},Da={azureCloudInstance:Xn.None,tenant:`${g.DEFAULT_COMMON_TENANT}`},xa={application:{appName:"",appVersion:""}};function Fa({authOptions:r,systemOptions:e,loggerOptions:t,cacheOptions:n,storageInterface:o,networkInterface:i,cryptoInterface:s,clientCredentials:a,libraryInfo:c,telemetry:d,serverTelemetryManager:h,persistencePlugin:u,serializableCache:m}){const A={...Na,...t};return{authOptions:Ka(r),systemOptions:{...pi,...e},loggerOptions:A,cacheOptions:{...Ma,...n},storageInterface:o\|\|new Pa(r.clientId,lt,new Ae(A)),networkInterface:i\|\|Ua,cryptoInterface:s\|\|lt,clientCredentials:a\|\|Ha,libraryInfo:{...La,...c},telemetry:{...xa,...d},serverTelemetryManager:h\|\|null,persistencePlugin:u\|\|null,serializableCache:m\|\|null}}function Ka(r){return{clientCapabilities:[],azureCloudOptions:Da,skipAuthorityMetadataCache:!1,instanceAware:!1,...r}}function mi(r){return r.authOptions.authority.options.protocolMode===Y.OIDC}/! @azure/msal-common v15.4.0 2025-03-25 /const re={HOME_ACCOUNT_ID:"home_account_id",UPN:"UPN"};/! @azure/msal-common v15.4.0 2025-03-25 /const He="client_id",Ci="redirect_uri",Ba="response_type",Ga="response_mode",za="grant_type",qa="claims",$a="scope",Va="refresh_token",Qa="state",Ya="nonce",ja="prompt",Wa="code",Ja="code_challenge",Xa="code_challenge_method",Za="code_verifier",ec="client-request-id",tc="x-client-SKU",nc="x-client-VER",oc="x-client-OS",rc="x-client-CPU",ic="x-client-current-telemetry",sc="x-client-last-telemetry",ac="x-ms-lib-capability",cc="x-app-name",lc="x-app-ver",dc="post_logout_redirect_uri",hc="id_token_hint",uc="client_secret",gc="client_assertion",fc="client_assertion_type",yi="token_type",Ti="req_cnf",ir="return_spa_code",pc="nativebroker",mc="logout_hint",Cc="sid",yc="login_hint",Tc="domain_hint",Ac="x-client-xtra-sku",xt="brk_client_id",Ft="brk_redirect_uri",Pn="instance_aware",Ic="ear_jwk",Ec="ear_jwe_crypto";/! @azure/msal-common v15.4.0 2025-03-25 /function on(r,e,t){if(!e)return;const n=r.get(He);n&&r.has(xt)&&(t==null\|\|t.addFields({embeddedClientId:n,embeddedRedirectUri:r.get(Ci)},e))}function Ai(r,e){r.set(Ba,e)}function wc(r,e){r.set(Ga,e\|\|Js.QUERY)}function vc(r){r.set(pc,"1")}function io(r,e,t=!0,n=Fe){t&&!n.includes("openid")&&!e.includes("openid")&&n.push("openid");const o=t?[...e\|\|[],...n]:e\|\|[],i=new M(o);r.set($a,i.printScopes())}function so(r,e){r.set(He,e)}function ao(r,e){r.set(Ci,e)}function Sc(r,e){r.set(dc,e)}function kc(r,e){r.set(hc,e)}function _c(r,e){r.set(Tc,e)}function St(r,e){r.set(yc,e)}function Kt(r,e){r.set(V.CCS_HEADER,`UPN:${e}`)}function it(r,e){r.set(V.CCS_HEADER,`Oid:${e.uid}@${e.utid}`)}function sr(r,e){r.set(Cc,e)}function co(r,e,t){const n=_i(e,t);try{JSON.parse(n)}catch{throw b(Zt)}r.set(qa,n)}function lo(r,e){r.set(ec,e)}function ho(r,e){r.set(tc,e.sku),r.set(nc,e.version),e.os&&r.set(oc,e.os),e.cpu&&r.set(rc,e.cpu)}function uo(r,e){e!=null&&e.appName&&r.set(cc,e.appName),e!=null&&e.appVersion&&r.set(lc,e.appVersion)}function Rc(r,e){r.set(ja,e)}function Ii(r,e){e&&r.set(Qa,e)}function bc(r,e){r.set(Ya,e)}function Oc(r,e,t){if(e&&t)r.set(Ja,e),r.set(Xa,t);else throw b(en)}function Pc(r,e){r.set(Wa,e)}function Nc(r,e){r.set(Va,e)}function Mc(r,e){r.set(Za,e)}function Ei(r,e){r.set(uc,e)}function wi(r,e){e&&r.set(gc,e)}function vi(r,e){e&&r.set(fc,e)}function Si(r,e){r.set(za,e)}function go(r){r.set(Xs,"1")}function ki(r){r.has(Pn)\|\|r.set(Pn,"true")}function Le(r,e){Object.entries(e).forEach(([t,n])=>{!r.has(t)&&n&&r.set(t,n)})}function _i(r,e){let t;if(!r)t={};else try{t=JSON.parse(r)}catch{throw b(Zt)}return e&&e.length>0&&(t.hasOwnProperty(It.ACCESS_TOKEN)\|\|(t[It.ACCESS_TOKEN]={}),t[It.ACCESS_TOKEN][It.XMS_CC]={values:e}),JSON.stringify(t)}function fo(r,e){e&&(r.set(yi,k.POP),r.set(Ti,e))}function Ri(r,e){e&&(r.set(yi,k.SSH),r.set(Ti,e))}function bi(r,e){r.set(ic,e.generateCurrentRequestHeaderValue()),r.set(sc,e.generateLastRequestHeaderValue())}function Oi(r){r.set(ac,ot.X_MS_LIB_CAPABILITY_VALUE)}function Uc(r,e){r.set(mc,e)}function rn(r,e,t){r.has(xt)\|\|r.set(xt,e),r.has(Ft)\|\|r.set(Ft,t)}function Lc(r,e){r.set(Ic,encodeURIComponent(e)),r.set(Ec,"eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0")}/! @azure/msal-common v15.4.0 2025-03-25 /function Hc(r){return r.hasOwnProperty("authorization_endpoint")&&r.hasOwnProperty("token_endpoint")&&r.hasOwnProperty("issuer")&&r.hasOwnProperty("jwks_uri")}/! @azure/msal-common v15.4.0 2025-03-25 /function Dc(r){return r.hasOwnProperty("tenant_discovery_endpoint")&&r.hasOwnProperty("metadata")}/! @azure/msal-common v15.4.0 2025-03-25 /function xc(r){return r.hasOwnProperty("error")&&r.hasOwnProperty("error_description")}/! @azure/msal-common v15.4.0 2025-03-25 /const l={AcquireTokenByCode:"acquireTokenByCode",AcquireTokenByRefreshToken:"acquireTokenByRefreshToken",AcquireTokenSilent:"acquireTokenSilent",AcquireTokenSilentAsync:"acquireTokenSilentAsync",AcquireTokenPopup:"acquireTokenPopup",AcquireTokenPreRedirect:"acquireTokenPreRedirect",AcquireTokenRedirect:"acquireTokenRedirect",CryptoOptsGetPublicKeyThumbprint:"cryptoOptsGetPublicKeyThumbprint",CryptoOptsSignJwt:"cryptoOptsSignJwt",SilentCacheClientAcquireToken:"silentCacheClientAcquireToken",SilentIframeClientAcquireToken:"silentIframeClientAcquireToken",AwaitConcurrentIframe:"awaitConcurrentIframe",SilentRefreshClientAcquireToken:"silentRefreshClientAcquireToken",SsoSilent:"ssoSilent",StandardInteractionClientGetDiscoveredAuthority:"standardInteractionClientGetDiscoveredAuthority",FetchAccountIdWithNativeBroker:"fetchAccountIdWithNativeBroker",NativeInteractionClientAcquireToken:"nativeInteractionClientAcquireToken",BaseClientCreateTokenRequestHeaders:"baseClientCreateTokenRequestHeaders",NetworkClientSendPostRequestAsync:"networkClientSendPostRequestAsync",RefreshTokenClientExecutePostToTokenEndpoint:"refreshTokenClientExecutePostToTokenEndpoint",AuthorizationCodeClientExecutePostToTokenEndpoint:"authorizationCodeClientExecutePostToTokenEndpoint",BrokerHandhshake:"brokerHandshake",AcquireTokenByRefreshTokenInBroker:"acquireTokenByRefreshTokenInBroker",AcquireTokenByBroker:"acquireTokenByBroker",RefreshTokenClientExecuteTokenRequest:"refreshTokenClientExecuteTokenRequest",RefreshTokenClientAcquireToken:"refreshTokenClientAcquireToken",RefreshTokenClientAcquireTokenWithCachedRefreshToken:"refreshTokenClientAcquireTokenWithCachedRefreshToken",RefreshTokenClientAcquireTokenByRefreshToken:"refreshTokenClientAcquireTokenByRefreshToken",RefreshTokenClientCreateTokenRequestBody:"refreshTokenClientCreateTokenRequestBody",AcquireTokenFromCache:"acquireTokenFromCache",SilentFlowClientAcquireCachedToken:"silentFlowClientAcquireCachedToken",SilentFlowClientGenerateResultFromCacheRecord:"silentFlowClientGenerateResultFromCacheRecord",AcquireTokenBySilentIframe:"acquireTokenBySilentIframe",InitializeBaseRequest:"initializeBaseRequest",InitializeSilentRequest:"initializeSilentRequest",InitializeClientApplication:"initializeClientApplication",InitializeCache:"initializeCache",SilentIframeClientTokenHelper:"silentIframeClientTokenHelper",SilentHandlerInitiateAuthRequest:"silentHandlerInitiateAuthRequest",SilentHandlerMonitorIframeForHash:"silentHandlerMonitorIframeForHash",SilentHandlerLoadFrame:"silentHandlerLoadFrame",SilentHandlerLoadFrameSync:"silentHandlerLoadFrameSync",StandardInteractionClientCreateAuthCodeClient:"standardInteractionClientCreateAuthCodeClient",StandardInteractionClientGetClientConfiguration:"standardInteractionClientGetClientConfiguration",StandardInteractionClientInitializeAuthorizationRequest:"standardInteractionClientInitializeAuthorizationRequest",GetAuthCodeUrl:"getAuthCodeUrl",GetStandardParams:"getStandardParams",HandleCodeResponseFromServer:"handleCodeResponseFromServer",HandleCodeResponse:"handleCodeResponse",HandleResponseEar:"handleResponseEar",HandleResponsePlatformBroker:"handleResponsePlatformBroker",HandleResponseCode:"handleResponseCode",UpdateTokenEndpointAuthority:"updateTokenEndpointAuthority",AuthClientAcquireToken:"authClientAcquireToken",AuthClientExecuteTokenRequest:"authClientExecuteTokenRequest",AuthClientCreateTokenRequestBody:"authClientCreateTokenRequestBody",PopTokenGenerateCnf:"popTokenGenerateCnf",PopTokenGenerateKid:"popTokenGenerateKid",HandleServerTokenResponse:"handleServerTokenResponse",DeserializeResponse:"deserializeResponse",AuthorityFactoryCreateDiscoveredInstance:"authorityFactoryCreateDiscoveredInstance",AuthorityResolveEndpointsAsync:"authorityResolveEndpointsAsync",AuthorityResolveEndpointsFromLocalSources:"authorityResolveEndpointsFromLocalSources",AuthorityGetCloudDiscoveryMetadataFromNetwork:"authorityGetCloudDiscoveryMetadataFromNetwork",AuthorityUpdateCloudDiscoveryMetadata:"authorityUpdateCloudDiscoveryMetadata",AuthorityGetEndpointMetadataFromNetwork:"authorityGetEndpointMetadataFromNetwork",AuthorityUpdateEndpointMetadata:"authorityUpdateEndpointMetadata",AuthorityUpdateMetadataWithRegionalInformation:"authorityUpdateMetadataWithRegionalInformation",RegionDiscoveryDetectRegion:"regionDiscoveryDetectRegion",RegionDiscoveryGetRegionFromIMDS:"regionDiscoveryGetRegionFromIMDS",RegionDiscoveryGetCurrentVersion:"regionDiscoveryGetCurrentVersion",AcquireTokenByCodeAsync:"acquireTokenByCodeAsync",GetEndpointMetadataFromNetwork:"getEndpointMetadataFromNetwork",GetCloudDiscoveryMetadataFromNetworkMeasurement:"getCloudDiscoveryMetadataFromNetworkMeasurement",HandleRedirectPromiseMeasurement:"handleRedirectPromise",HandleNativeRedirectPromiseMeasurement:"handleNativeRedirectPromise",UpdateCloudDiscoveryMetadataMeasurement:"updateCloudDiscoveryMetadataMeasurement",UsernamePasswordClientAcquireToken:"usernamePasswordClientAcquireToken",NativeMessageHandlerHandshake:"nativeMessageHandlerHandshake",NativeGenerateAuthResult:"nativeGenerateAuthResult",RemoveHiddenIframe:"removeHiddenIframe",ClearTokensAndKeysWithClaims:"clearTokensAndKeysWithClaims",CacheManagerGetRefreshToken:"cacheManagerGetRefreshToken",ImportExistingCache:"importExistingCache",SetUserData:"setUserData",LocalStorageUpdated:"localStorageUpdated",GeneratePkceCodes:"generatePkceCodes",GenerateCodeVerifier:"generateCodeVerifier",GenerateCodeChallengeFromVerifier:"generateCodeChallengeFromVerifier",Sha256Digest:"sha256Digest",GetRandomValues:"getRandomValues",GenerateHKDF:"generateHKDF",GenerateBaseKey:"generateBaseKey",Base64Decode:"base64Decode",UrlEncodeArr:"urlEncodeArr",Encrypt:"encrypt",Decrypt:"decrypt",GenerateEarKey:"generateEarKey",DecryptEarResponse:"decryptEarResponse"},Fc={InProgress:1};/! @azure/msal-common v15.4.0 2025-03-25 /const ae=(r,e,t,n,o)=>(...i)=>{t.trace(`Executing function ${e}`);const s=n==null?void 0:n.startMeasurement(e,o);if(o){const a=e+"CallCount";n==null\|\|n.incrementFields({[a]:1},o)}try{const a=r(...i);return s==null\|\|s.end({success:!0}),t.trace(`Returning result from ${e}`),a}catch(a){t.trace(`Error occurred in ${e}`);try{t.trace(JSON.stringify(a))}catch{t.trace("Unable to print error message.")}throw s==null\|\|s.end({success:!1},a),a}},f=(r,e,t,n,o)=>(...i)=>{t.trace(`Executing function ${e}`);const s=n==null?void 0:n.startMeasurement(e,o);if(o){const a=e+"CallCount";n==null\|\|n.incrementFields({[a]:1},o)}return n==null\|\|n.setPreQueueTime(e,o),r(...i).then(a=>(t.trace(`Returning result from ${e}`),s==null\|\|s.end({success:!0}),a)).catch(a=>{t.trace(`Error occurred in ${e}`);try{t.trace(JSON.stringify(a))}catch{t.trace("Unable to print error message.")}throw s==null\|\|s.end({success:!1},a),a})};/! @azure/msal-common v15.4.0 2025-03-25 /class sn{constructor(e,t,n,o){this.networkInterface=e,this.logger=t,this.performanceClient=n,this.correlationId=o}async detectRegion(e,t){var o;(o=this.performanceClient)==null\|\|o.addQueueMeasurement(l.RegionDiscoveryDetectRegion,this.correlationId);let n=e;if(n)t.region_source=Ke.ENVIRONMENT_VARIABLE;else{const i=sn.IMDS_OPTIONS;try{const s=await f(this.getRegionFromIMDS.bind(this),l.RegionDiscoveryGetRegionFromIMDS,this.logger,this.performanceClient,this.correlationId)(g.IMDS_VERSION,i);if(s.status===wt.httpSuccess&&(n=s.body,t.region_source=Ke.IMDS),s.status===wt.httpBadRequest){const a=await f(this.getCurrentVersion.bind(this),l.RegionDiscoveryGetCurrentVersion,this.logger,this.performanceClient,this.correlationId)(i);if(!a)return t.region_source=Ke.FAILED_AUTO_DETECTION,null;const c=await f(this.getRegionFromIMDS.bind(this),l.RegionDiscoveryGetRegionFromIMDS,this.logger,this.performanceClient,this.correlationId)(a,i);c.status===wt.httpSuccess&&(n=c.body,t.region_source=Ke.IMDS)}}catch{return t.region_source=Ke.FAILED_AUTO_DETECTION,null}}return n\|\|(t.region_source=Ke.FAILED_AUTO_DETECTION),n\|\|null}async getRegionFromIMDS(e,t){var n;return(n=this.performanceClient)==null\|\|n.addQueueMeasurement(l.RegionDiscoveryGetRegionFromIMDS,this.correlationId),this.networkInterface.sendGetRequestAsync(`${g.IMDS_ENDPOINT}?api-version=${e}&format=text`,t,g.IMDS_TIMEOUT)}async getCurrentVersion(e){var t;(t=this.performanceClient)==null\|\|t.addQueueMeasurement(l.RegionDiscoveryGetCurrentVersion,this.correlationId);try{const n=await this.networkInterface.sendGetRequestAsync(`${g.IMDS_ENDPOINT}?format=json`,e);return n.status===wt.httpBadRequest&&n.body&&n.body["newest-versions"]&&n.body["newest-versions"].length>0?n.body["newest-versions"][0]:null}catch{return null}}}sn.IMDS_OPTIONS={headers:{Metadata:"true"}};/! @azure/msal-common v15.4.0 2025-03-25 */class G{constructor(e,t,n,o,i,s,a,c){this.canonicalAuthority=e,this._canonicalAuthority.validateAsUri(),this.networkInterface=t,this.cacheManager=n,this.authorityOptions=o,this.regionDiscoveryMetadata={region_used:void 0,region_source:void 0,region_outcome:void 0},this.logger=i,this.performanceClient=a,this.correlationId=s,this.managedIdentity=c\|\|!1,this.regionDiscovery=new sn(t,this.logger,this.performanceClient,this.correlationId)}getAuthorityType(e){if(e.HostNameAndPort.endsWith(g.CIAM_AUTH_URL))return oe.Ciam;const t=e.PathSegments;if(t.length)switch(t[0].toLowerCase()){case g.ADFS:return oe.Adfs;case g.DSTS:return oe.Dsts}return oe.Default}get authorityType(){return this.getAuthorityType(this.canonicalAuthorityUrlComponents)}get protocolMode(){return this.authorityOptions.protocolMode}get options(){return this.authorityOptions}get canonicalAuthority(){return this._canonicalAuthority.urlString}set canonicalAuthority(e){this._canonicalAuthority=new S(e),this._canonicalAuthority.validateAsUri(),this._canonicalAuthorityUrlComponents=null}get canonicalAuthorityUrlComponents(){return this._canonicalAuthorityUrlComponents\|\|(this._canonicalAuthorityUrlComponents=this._canonicalAuthority.getUrlComponents()),this._canonicalAuthorityUrlComponents}get hostnameAndPort(){return this.canonicalAuthorityUrlComponents.HostNameAndPort.toLowerCase()}get tenant(){return this.canonicalAuthorityUrlComponents.PathSegments[0]}get authorizationEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.authorization_endpoint);throw p(pe)}get tokenEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.token_endpoint);throw p(pe)}get deviceCodeEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.token_endpoint.replace("/token","/devicecode"));throw p(pe)}get endSessionEndpoint(){if(this.discoveryComplete()){if(!this.metadata.end_session_endpoint)throw p(zr);return this.replacePath(this.metadata.end_session_endpoint)}else throw p(pe)}get selfSignedJwtAudience(){if(this.discoveryComplete())return this.replacePath(this.metadata.issuer);throw p(pe)}get jwksUri(){if(this.discoveryComplete())return this.replacePath(this.metadata.jwks_uri);throw p(pe)}canReplaceTenant(e){return e.PathSegments.length===1&&!G.reservedTenantDomains.has(e.PathSegments[0])&&this.getAuthorityType(e)===oe.Default&&this.protocolMode!==Y.OIDC}replaceTenant(e){return e.replace(/{tenant}\|{tenantid}/g,this.tenant)}replacePath(e){let t=e;const o=new S(this.metadata.canonical_authority).getUrlComponents(),i=o.PathSegments;return this.canonicalAuthorityUrlComponents.PathSegments.forEach((a,c)=>{let d=i[c];if(c===0&&this.canReplaceTenant(o)){const h=new S(this.metadata.authorization_endpoint).getUrlComponents().PathSegments[0];d!==h&&(this.logger.verbose(`Replacing tenant domain name ${d} with id ${h}`),d=h)}a!==d&&(t=t.replace(`/${d}/`,`/${a}/`))}),this.replaceTenant(t)}get defaultOpenIdConfigurationEndpoint(){const e=this.hostnameAndPort;return this.canonicalAuthority.endsWith("v2.0/")\|\|this.authorityType===oe.Adfs\|\|this.protocolMode===Y.OIDC&&!this.isAliasOfKnownMicrosoftAuthority(e)?`${this.canonicalAuthority}.well-known/openid-configuration`:`${this.canonicalAuthority}v2.0/.well-known/openid-configuration`}discoveryComplete(){return!!this.metadata}async resolveEndpointsAsync(){var o,i;(o=this.performanceClient)==null\|\|o.addQueueMeasurement(l.AuthorityResolveEndpointsAsync,this.correlationId);const e=this.getCurrentMetadataEntity(),t=await f(this.updateCloudDiscoveryMetadata.bind(this),l.AuthorityUpdateCloudDiscoveryMetadata,this.logger,this.performanceClient,this.correlationId)(e);this.canonicalAuthority=this.canonicalAuthority.replace(this.hostnameAndPort,e.preferred_network);const n=await f(this.updateEndpointMetadata.bind(this),l.AuthorityUpdateEndpointMetadata,this.logger,this.performanceClient,this.correlationId)(e);this.updateCachedMetadata(e,t,{source:n}),(i=this.performanceClient)==null\|\|i.addFields({cloudDiscoverySource:t,authorityEndpointSource:n},this.correlationId)}getCurrentMetadataEntity(){let e=this.cacheManager.getAuthorityMetadataByAlias(this.hostnameAndPort);return e\|\|(e={aliases:[],preferred_cache:this.hostnameAndPort,preferred_network:this.hostnameAndPort,canonical_authority:this.canonicalAuthority,authorization_endpoint:"",token_endpoint:"",end_session_endpoint:"",issuer:"",aliasesFromNetwork:!1,endpointsFromNetwork:!1,expiresAt:er(),jwks_uri:""}),e}updateCachedMetadata(e,t,n){t!==X.CACHE&&(n==null?void 0:n.source)!==X.CACHE&&(e.expiresAt=er(),e.canonical_authority=this.canonicalAuthority);const o=this.cacheManager.generateAuthorityMetadataCacheKey(e.preferred_cache);this.cacheManager.setAuthorityMetadata(o,e),this.metadata=e}async updateEndpointMetadata(e){var o,i,s;(o=this.performanceClient)==null\|\|o.addQueueMeasurement(l.AuthorityUpdateEndpointMetadata,this.correlationId);const t=this.updateEndpointMetadataFromLocalSources(e);if(t){if(t.source===X.HARDCODED_VALUES&&(i=this.authorityOptions.azureRegionConfiguration)!=null&&i.azureRegion&&t.metadata){const a=await f(this.updateMetadataWithRegionalInformation.bind(this),l.AuthorityUpdateMetadataWithRegionalInformation,this.logger,this.performanceClient,this.correlationId)(t.metadata);vt(e,a,!1),e.canonical_authority=this.canonicalAuthority}return t.source}let n=await f(this.getEndpointMetadataFromNetwork.bind(this),l.AuthorityGetEndpointMetadataFromNetwork,this.logger,this.performanceClient,this.correlationId)();if(n)return(s=this.authorityOptions.azureRegionConfiguration)!=null&&s.azureRegion&&(n=await f(this.updateMetadataWithRegionalInformation.bind(this),l.AuthorityUpdateMetadataWithRegionalInformation,this.logger,this.performanceClient,this.correlationId)(n)),vt(e,n,!0),X.NETWORK;throw p(Or,this.defaultOpenIdConfigurationEndpoint)}updateEndpointMetadataFromLocalSources(e){this.logger.verbose("Attempting to get endpoint metadata from authority configuration");const t=this.getEndpointMetadataFromConfig();if(t)return this.logger.verbose("Found endpoint metadata in authority configuration"),vt(e,t,!1),{source:X.CONFIG};if(this.logger.verbose("Did not find endpoint metadata in the config... Attempting to get endpoint metadata from the hardcoded values."),this.authorityOptions.skipAuthorityMetadataCache)this.logger.verbose("Skipping hardcoded metadata cache since skipAuthorityMetadataCache is set to true. Attempting to get endpoint metadata from the network metadata cache.");else{const o=this.getEndpointMetadataFromHardcodedValues();if(o)return vt(e,o,!1),{source:X.HARDCODED_VALUES,metadata:o};this.logger.verbose("Did not find endpoint metadata in hardcoded values... Attempting to get endpoint metadata from the network metadata cache.")}const n=tr(e);return this.isAuthoritySameType(e)&&e.endpointsFromNetwork&&!n?(this.logger.verbose("Found endpoint metadata in the cache."),{source:X.CACHE}):(n&&this.logger.verbose("The metadata entity is expired."),null)}isAuthoritySameType(e){return new S(e.canonical_authority).getUrlComponents().PathSegments.length===this.canonicalAuthorityUrlComponents.PathSegments.length}getEndpointMetadataFromConfig(){if(this.authorityOptions.authorityMetadata)try{return JSON.parse(this.authorityOptions.authorityMetadata)}catch{throw b(ri)}return null}async getEndpointMetadataFromNetwork(){var n;(n=this.performanceClient)==null\|\|n.addQueueMeasurement(l.AuthorityGetEndpointMetadataFromNetwork,this.correlationId);const e={},t=this.defaultOpenIdConfigurationEndpoint;this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: attempting to retrieve OAuth endpoints from ${t}`);try{const o=await this.networkInterface.sendGetRequestAsync(t,e);return Hc(o.body)?o.body:(this.logger.verbose("Authority.getEndpointMetadataFromNetwork: could not parse response as OpenID configuration"),null)}catch(o){return this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: ${o}`),null}}getEndpointMetadataFromHardcodedValues(){return this.hostnameAndPort in or?or[this.hostnameAndPort]:null}async updateMetadataWithRegionalInformation(e){var n,o,i;(n=this.performanceClient)==null\|\|n.addQueueMeasurement(l.AuthorityUpdateMetadataWithRegionalInformation,this.correlationId);const t=(o=this.authorityOptions.azureRegionConfiguration)==null?void 0:o.azureRegion;if(t){if(t!==g.AZURE_REGION_AUTO_DISCOVER_FLAG)return this.regionDiscoveryMetadata.region_outcome=yn.CONFIGURED_NO_AUTO_DETECTION,this.regionDiscoveryMetadata.region_used=t,G.replaceWithRegionalInformation(e,t);const s=await f(this.regionDiscovery.detectRegion.bind(this.regionDiscovery),l.RegionDiscoveryDetectRegion,this.logger,this.performanceClient,this.correlationId)((i=this.authorityOptions.azureRegionConfiguration)==null?void 0:i.environmentRegion,this.regionDiscoveryMetadata);if(s)return this.regionDiscoveryMetadata.region_outcome=yn.AUTO_DETECTION_REQUESTED_SUCCESSFUL,this.regionDiscoveryMetadata.region_used=s,G.replaceWithRegionalInformation(e,s);this.regionDiscoveryMetadata.region_outcome=yn.AUTO_DETECTION_REQUESTED_FAILED}return e}async updateCloudDiscoveryMetadata(e){var o;(o=this.performanceClient)==null\|\|o.addQueueMeasurement(l.AuthorityUpdateCloudDiscoveryMetadata,this.correlationId);const t=this.updateCloudDiscoveryMetadataFromLocalSources(e);if(t)return t;const n=await f(this.getCloudDiscoveryMetadataFromNetwork.bind(this),l.AuthorityGetCloudDiscoveryMetadataFromNetwork,this.logger,this.performanceClient,this.correlationId)();if(n)return Tn(e,n,!0),X.NETWORK;throw b(ii)}updateCloudDiscoveryMetadataFromLocalSources(e){this.logger.verbose("Attempting to get cloud discovery metadata from authority configuration"),this.logger.verbosePii(`Known Authorities: ${this.authorityOptions.knownAuthorities\|\|g.NOT_APPLICABLE}`),this.logger.verbosePii(`Authority Metadata: ${this.authorityOptions.authorityMetadata\|\|g.NOT_APPLICABLE}`),this.logger.verbosePii(`Canonical Authority: ${e.canonical_authority\|\|g.NOT_APPLICABLE}`);const t=this.getCloudDiscoveryMetadataFromConfig();if(t)return this.logger.verbose("Found cloud discovery metadata in authority configuration"),Tn(e,t,!1),X.CONFIG;if(this.logger.verbose("Did not find cloud discovery metadata in the config... Attempting to get cloud discovery metadata from the hardcoded values."),this.options.skipAuthorityMetadataCache)this.logger.verbose("Skipping hardcoded cloud discovery metadata cache since skipAuthorityMetadataCache is set to true. Attempting to get cloud discovery metadata from the network metadata cache.");else{const o=Oa(this.hostnameAndPort);if(o)return this.logger.verbose("Found cloud discovery metadata from hardcoded values."),Tn(e,o,!1),X.HARDCODED_VALUES;this.logger.verbose("Did not find cloud discovery metadata in hardcoded values... Attempting to get cloud discovery metadata from the network metadata cache.")}const n=tr(e);return this.isAuthoritySameType(e)&&e.aliasesFromNetwork&&!n?(this.logger.verbose("Found cloud discovery metadata in the cache."),X.CACHE):(n&&this.logger.verbose("The metadata entity is expired."),null)}getCloudDiscoveryMetadataFromConfig(){if(this.authorityType===oe.Ciam)return this.logger.verbose("CIAM authorities do not support cloud discovery metadata, generate the aliases from authority host."),G.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);if(this.authorityOptions.cloudDiscoveryMetadata){this.logger.verbose("The cloud discovery metadata has been provided as a network response, in the config.");try{this.logger.verbose("Attempting to parse the cloud discovery metadata.");const e=JSON.parse(this.authorityOptions.cloudDiscoveryMetadata),t=Dt(e.metadata,this.hostnameAndPort);if(this.logger.verbose("Parsed the cloud discovery metadata."),t)return this.logger.verbose("There is returnable metadata attached to the parsed cloud discovery metadata."),t;this.logger.verbose("There is no metadata attached to the parsed cloud discovery metadata.")}catch{throw this.logger.verbose("Unable to parse the cloud discovery metadata. Throwing Invalid Cloud Discovery Metadata Error."),b(eo)}}return this.isInKnownAuthorities()?(this.logger.verbose("The host is included in knownAuthorities. Creating new cloud discovery metadata from the host."),G.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort)):null}async getCloudDiscoveryMetadataFromNetwork(){var o;(o=this.performanceClient)==null\|\|o.addQueueMeasurement(l.AuthorityGetCloudDiscoveryMetadataFromNetwork,this.correlationId);const e=`${g.AAD_INSTANCE_DISCOVERY_ENDPT}${this.canonicalAuthority}oauth2/v2.0/authorize`,t={};let n=null;try{const i=await this.networkInterface.sendGetRequestAsync(e,t);let s,a;if(Dc(i.body))s=i.body,a=s.metadata,this.logger.verbosePii(`tenant_discovery_endpoint is: ${s.tenant_discovery_endpoint}`);else if(xc(i.body)){if(this.logger.warning(`A CloudInstanceDiscoveryErrorResponse was returned. The cloud instance discovery network request's status code is: ${i.status}`),s=i.body,s.error===g.INVALID_INSTANCE)return this.logger.error("The CloudInstanceDiscoveryErrorResponse error is invalid_instance."),null;this.logger.warning(`The CloudInstanceDiscoveryErrorResponse error is ${s.error}`),this.logger.warning(`The CloudInstanceDiscoveryErrorResponse error description is ${s.error_description}`),this.logger.warning("Setting the value of the CloudInstanceDiscoveryMetadata (returned from the network) to []"),a=[]}else return this.logger.error("AAD did not return a CloudInstanceDiscoveryResponse or CloudInstanceDiscoveryErrorResponse"),null;this.logger.verbose("Attempting to find a match between the developer's authority and the CloudInstanceDiscoveryMetadata returned from the network request."),n=Dt(a,this.hostnameAndPort)}catch(i){if(i instanceof _)this.logger.error(`There was a network error while attempting to get the cloud discovery instance metadata.
	+(function(){const e=document.createElement("link").relList;if(e&&e.supports&&e.supports("modulepreload"))return;for(const o of document.querySelectorAll('link[rel="modulepreload"]'))n(o);new MutationObserver(o=>{for(const i of o)if(i.type==="childList")for(const s of i.addedNodes)s.tagName==="LINK"&&s.rel==="modulepreload"&&n(s)}).observe(document,{childList:!0,subtree:!0});function t(o){const i={};return o.integrity&&(i.integrity=o.integrity),o.referrerPolicy&&(i.referrerPolicy=o.referrerPolicy),o.crossOrigin==="use-credentials"?i.credentials="include":o.crossOrigin==="anonymous"?i.credentials="omit":i.credentials="same-origin",i}function n(o){if(o.ep)return;o.ep=!0;const i=t(o);fetch(o.href,i)}})();const Ve={"fr-FR":{"Loading...":"Chargement...","This mail is encrypted and signed.":"Ce email est encrypté et signé numériquement","This mail is encrypted.":"Ce email est encrypté"},"de-DE":{"Waiting for authorization":"Warte auf Berechtigung","Loading…":"Lade...","This mail is encrypted and signed.":"Diese E-Mail ist verschlüsselt und signiert.","This mail is encrypted.":"Diese E-Mail ist verschlüsselt.","This mail is signed.":"Diese E-Mail ist signiert.","This mail is not encrypted nor signed.":"Diese E-Mail ist nicht verschlüsselt und nicht signiert.",Decrypt:"Entschlüsseln","View email":"E-Mail betrachten","Native client was disconnected, reconnecting in 1 second.":"Verbindung zum nativen Client unterbrochen, verbinde erneut in 1 Sekunde.","Native client received an error":"Der native Client hat einen Fehler erhalten.","Native client was disconnected":"Verbindung zum nativen Client unterbrochen","Version mismatch. Make sure you installed the last manifest.xml.":"Versionen stimmen nicht überein. Stellen Sie sicher, dass Sie die aktuelle manifest.xml-Datei installiert haben.","Unable to acquire access token.":"Kann das Zugangstoken nicht abrufen.","Unknown device: %1. Do you trust this device?":"Unbekanntes Gerät: %1. Wollen Sie diesem Gerät vertrauen?","Don't Trust":"Nicht vertrauen",Trust:"Vertrauen","Viewer already open.":"Betrachter bereits geöffnet","New secure email":"Neue sichere E-Mail","Reply securely":"Sicher antworten","Forward securely":"Sicher weiterleiten",Reencrypt:"Erneut verschlüsseln",Drafts:"Entwürfe","Last Modified: %1":"Zuletzt geändert: %1",Delete:"Löschen","No draft found":"Kein Entwurf vorhanden"}};function J(r){const e=Office.context.displayLanguage;let t="";e in Ve&&r in Ve[e]?t=Ve[e][r]:t=r;for(let n=1;n<arguments.length;n++)t=t.replace("%"+n,arguments[n]);return t}function te(r,e){const t=Office.context.displayLanguage;let n="";t in Ve&&e in Ve[t]?n=Ve[t][e]:n=e;for(let o=2;o<arguments.length;o++)n=n.replace("%"+(o-1),arguments[o]);return n}function De(r){return document.getElementById(r)}function rt(r,e){De(r).replaceWith(e),e.id=r}function Pt(r){return De("icon-"+r).cloneNode(!0)}function dt(r){let e=document.createElement("span");return e.innerHTML=r,e}function js(r){let e=document.createElement("div");return e.innerHTML=r,e}function Nt(r,e){e?r.classList.remove("d-none"):r.classList.add("d-none")}function me(r,e,t,n=["w-100","btn","rounded-md","mt-3"]){let o=document.createElement("button");return o.setIconAndText=(function(i,s){this.replaceChildren(Pt(i),dt(s))}).bind(o),o.setIconAndText(r,e),o.replaceChildren(Pt(r),dt(e)),o.classList.add.apply(o.classList,n),o.addEventListener("click",i=>{t()}),o}function wr(r,e,t){let n=De(r);e.length==0?(console.log("hide",r),Nt(n,!1),n.replaceChildren()):(Nt(n,!0),n.replaceChildren(Pt(t),dt(e)))}function we(r){wr("errorbox",r,"error")}function Ws(){return De("errorbox").classList.contains("d-none")}/! @azure/msal-common v15.4.0 2025-03-25 /const g={LIBRARY_NAME:"MSAL.JS",SKU:"msal.js.common",CACHE_PREFIX:"msal",DEFAULT_AUTHORITY:"https://login.microsoftonline.com/common/",DEFAULT_AUTHORITY_HOST:"login.microsoftonline.com",DEFAULT_COMMON_TENANT:"common",ADFS:"adfs",DSTS:"dstsv2",AAD_INSTANCE_DISCOVERY_ENDPT:"https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=",CIAM_AUTH_URL:".ciamlogin.com",AAD_TENANT_DOMAIN_SUFFIX:".onmicrosoft.com",RESOURCE_DELIM:"\|",NO_ACCOUNT:"NO_ACCOUNT",CLAIMS:"claims",CONSUMER_UTID:"9188040d-6c67-4c5b-b112-36a304b66dad",OPENID_SCOPE:"openid",PROFILE_SCOPE:"profile",OFFLINE_ACCESS_SCOPE:"offline_access",EMAIL_SCOPE:"email",CODE_GRANT_TYPE:"authorization_code",RT_GRANT_TYPE:"refresh_token",S256_CODE_CHALLENGE_METHOD:"S256",URL_FORM_CONTENT_TYPE:"application/x-www-form-urlencoded;charset=utf-8",AUTHORIZATION_PENDING:"authorization_pending",NOT_DEFINED:"not_defined",EMPTY_STRING:"",NOT_APPLICABLE:"N/A",NOT_AVAILABLE:"Not Available",FORWARD_SLASH:"/",IMDS_ENDPOINT:"http://169.254.169.254/metadata/instance/compute/location",IMDS_VERSION:"2020-06-01",IMDS_TIMEOUT:2e3,AZURE_REGION_AUTO_DISCOVER_FLAG:"TryAutoDetect",REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX:"login.microsoft.com",KNOWN_PUBLIC_CLOUDS:["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"],SHR_NONCE_VALIDITY:240,INVALID_INSTANCE:"invalid_instance"},At={CLIENT_ERROR_RANGE_START:400,CLIENT_ERROR_RANGE_END:499,SERVER_ERROR_RANGE_START:500,SERVER_ERROR_RANGE_END:599},Be=[g.OPENID_SCOPE,g.PROFILE_SCOPE,g.OFFLINE_ACCESS_SCOPE],Vo=[...Be,g.EMAIL_SCOPE],V={CONTENT_TYPE:"Content-Type",CONTENT_LENGTH:"Content-Length",RETRY_AFTER:"Retry-After",CCS_HEADER:"X-AnchorMailbox",WWWAuthenticate:"WWW-Authenticate",AuthenticationInfo:"Authentication-Info",X_MS_REQUEST_ID:"x-ms-request-id",X_MS_HTTP_VERSION:"x-ms-httpver"},Qo={ACTIVE_ACCOUNT_FILTERS:"active-account-filters"},ke={COMMON:"common",ORGANIZATIONS:"organizations",CONSUMERS:"consumers"},It={ACCESS_TOKEN:"access_token",XMS_CC:"xms_cc"},K={LOGIN:"login",SELECT_ACCOUNT:"select_account",CONSENT:"consent",NONE:"none",CREATE:"create",NO_SESSION:"no_session"},Yo={PLAIN:"plain",S256:"S256"},vr={CODE:"code",IDTOKEN_TOKEN_REFRESHTOKEN:"id_token token refresh_token"},Wt={QUERY:"query",FRAGMENT:"fragment"},Js={QUERY:"query"},Sr={AUTHORIZATION_CODE_GRANT:"authorization_code",REFRESH_TOKEN_GRANT:"refresh_token"},Et={MSSTS_ACCOUNT_TYPE:"MSSTS",ADFS_ACCOUNT_TYPE:"ADFS",GENERIC_ACCOUNT_TYPE:"Generic"},z={CACHE_KEY_SEPARATOR:"-",CLIENT_INFO_SEPARATOR:"."},I={ID_TOKEN:"IdToken",ACCESS_TOKEN:"AccessToken",ACCESS_TOKEN_WITH_AUTH_SCHEME:"AccessToken_With_AuthScheme",REFRESH_TOKEN:"RefreshToken"},Gn="appmetadata",Xs="client_info",it="1",Mt={CACHE_KEY:"authority-metadata",REFRESH_TIME_SECONDS:360024},X={CONFIG:"config",CACHE:"cache",NETWORK:"network",HARDCODED_VALUES:"hardcoded_values"},F={SCHEMA_VERSION:5,MAX_LAST_HEADER_BYTES:330,MAX_CACHED_ERRORS:50,CACHE_KEY:"server-telemetry",CATEGORY_SEPARATOR:"\|",VALUE_SEPARATOR:",",OVERFLOW_TRUE:"1",OVERFLOW_FALSE:"0",UNKNOWN_ERROR:"unknown_error"},_={BEARER:"Bearer",POP:"pop",SSH:"ssh-cert"},st={DEFAULT_THROTTLE_TIME_SECONDS:60,DEFAULT_MAX_THROTTLE_TIME_SECONDS:3600,THROTTLING_PREFIX:"throttling",X_MS_LIB_CAPABILITY_VALUE:"retry-after, h429"},jo={INVALID_GRANT_ERROR:"invalid_grant",CLIENT_MISMATCH_ERROR:"client_mismatch"},wt={httpSuccess:200,httpBadRequest:400},Ge={FAILED_AUTO_DETECTION:"1",INTERNAL_CACHE:"2",ENVIRONMENT_VARIABLE:"3",IMDS:"4"},yn={CONFIGURED_NO_AUTO_DETECTION:"2",AUTO_DETECTION_REQUESTED_SUCCESSFUL:"4",AUTO_DETECTION_REQUESTED_FAILED:"5"},Me={NOT_APPLICABLE:"0",FORCE_REFRESH_OR_CLAIMS:"1",NO_CACHED_ACCESS_TOKEN:"2",CACHED_ACCESS_TOKEN_EXPIRED:"3",PROACTIVELY_REFRESHED:"4"},Zs={Pop:"pop"},ea=300;/! @azure/msal-common v15.4.0 2025-03-25 /const zn="unexpected_error",ta="post_request_failed";/! @azure/msal-common v15.4.0 2025-03-25 /const Wo={[zn]:"Unexpected error in authentication.",[ta]:"Post request failed from the network, could be a 4xx/5xx or a network unavailability. Please check the exact error code for details."};class R extends Error{constructor(e,t,n){const o=t?`${e}: ${t}`:e;super(o),Object.setPrototypeOf(this,R.prototype),this.errorCode=e\|\|g.EMPTY_STRING,this.errorMessage=t\|\|g.EMPTY_STRING,this.subError=n\|\|g.EMPTY_STRING,this.name="AuthError"}setCorrelationId(e){this.correlationId=e}}function kr(r,e){return new R(r,e?`${Wo[r]} ${e}`:Wo[r])}/! @azure/msal-common v15.4.0 2025-03-25 /const qn="client_info_decoding_error",_r="client_info_empty_error",$n="token_parsing_error",Ut="null_or_empty_token",pe="endpoints_resolution_error",Rr="network_error",br="openid_config_error",Or="hash_not_deserialized",je="invalid_state",Pr="state_mismatch",vn="state_not_found",Nr="nonce_mismatch",Vn="auth_time_not_found",Mr="max_age_transpired",na="multiple_matching_tokens",oa="multiple_matching_accounts",Ur="multiple_matching_appMetadata",Lr="request_cannot_be_made",Hr="cannot_remove_empty_scope",Dr="cannot_append_scopeset",Sn="empty_input_scopeset",ra="device_code_polling_cancelled",ia="device_code_expired",sa="device_code_unknown_error",Qn="no_account_in_silent_request",xr="invalid_cache_record",Yn="invalid_cache_environment",Lt="no_account_found",kn="no_crypto_object",_n="unexpected_credential_type",aa="invalid_assertion",ca="invalid_client_credential",_e="token_refresh_required",la="user_timeout_reached",Fr="token_claims_cnf_required_for_signedjwt",Kr="authorization_code_missing_from_server_response",Br="binding_key_not_removed",Gr="end_session_endpoint_not_supported",jn="key_id_missing",zr="no_network_connectivity",qr="user_canceled",da="missing_tenant_id_error",v="method_not_implemented",Rn="nested_app_auth_bridge_disabled";/! @azure/msal-common v15.4.0 2025-03-25 /const Jo={[qn]:"The client info could not be parsed/decoded correctly",[_r]:"The client info was empty",[$n]:"Token cannot be parsed",[Ut]:"The token is null or empty",[pe]:"Endpoints cannot be resolved",[Rr]:"Network request failed",[br]:"Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints.",[Or]:"The hash parameters could not be deserialized",[je]:"State was not the expected format",[Pr]:"State mismatch error",[vn]:"State not found",[Nr]:"Nonce mismatch error",[Vn]:"Max Age was requested and the ID token is missing the auth_time variable. auth_time is an optional claim and is not enabled by default - it must be enabled. See https://aka.ms/msaljs/optional-claims for more information.",[Mr]:"Max Age is set to 0, or too much time has elapsed since the last end-user authentication.",[na]:"The cache contains multiple tokens satisfying the requirements. Call AcquireToken again providing more requirements such as authority or account.",[oa]:"The cache contains multiple accounts satisfying the given parameters. Please pass more info to obtain the correct account",[Ur]:"The cache contains multiple appMetadata satisfying the given parameters. Please pass more info to obtain the correct appMetadata",[Lr]:"Token request cannot be made without authorization code or refresh token.",[Hr]:"Cannot remove null or empty scope from ScopeSet",[Dr]:"Cannot append ScopeSet",[Sn]:"Empty input ScopeSet cannot be processed",[ra]:"Caller has cancelled token endpoint polling during device code flow by setting DeviceCodeRequest.cancel = true.",[ia]:"Device code is expired.",[sa]:"Device code stopped polling for unknown reasons.",[Qn]:"Please pass an account object, silent flow is not supported without account information",[xr]:"Cache record object was null or undefined.",[Yn]:"Invalid environment when attempting to create cache entry",[Lt]:"No account found in cache for given key.",[kn]:"No crypto object detected.",[_n]:"Unexpected credential type.",[aa]:"Client assertion must meet requirements described in https://tools.ietf.org/html/rfc7515",[ca]:"Client credential (secret, certificate, or assertion) must not be empty when creating a confidential client. An application should at most have one credential",[_e]:"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.",[la]:"User defined timeout for device code polling reached",[Fr]:"Cannot generate a POP jwt if the token_claims are not populated",[Kr]:"Server response does not contain an authorization code to proceed",[Br]:"Could not remove the credential's binding key from storage.",[Gr]:"The provided authority does not support logout",[jn]:"A keyId value is missing from the requested bound token's cache record and is required to match the token to it's stored binding key.",[zr]:"No network connectivity. Check your internet connection.",[qr]:"User cancelled the flow.",[da]:"A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.",[v]:"This method has not been implemented",[Rn]:"The nested app auth bridge is disabled"};class ve extends R{constructor(e,t){super(e,t?`${Jo[e]}: ${t}`:Jo[e]),this.name="ClientAuthError",Object.setPrototypeOf(this,ve.prototype)}}function p(r,e){return new ve(r,e)}/! @azure/msal-common v15.4.0 2025-03-25 /const ht={createNewGuid:()=>{throw p(v)},base64Decode:()=>{throw p(v)},base64Encode:()=>{throw p(v)},base64UrlEncode:()=>{throw p(v)},encodeKid:()=>{throw p(v)},async getPublicKeyThumbprint(){throw p(v)},async removeTokenBindingKey(){throw p(v)},async clearKeystore(){throw p(v)},async signJwt(){throw p(v)},async hashString(){throw p(v)}};/! @azure/msal-common v15.4.0 2025-03-25 /var N;(function(r){r[r.Error=0]="Error",r[r.Warning=1]="Warning",r[r.Info=2]="Info",r[r.Verbose=3]="Verbose",r[r.Trace=4]="Trace"})(N\|\|(N={}));class Ae{constructor(e,t,n){this.level=N.Info;const o=()=>{},i=e\|\|Ae.createDefaultLoggerOptions();this.localCallback=i.loggerCallback\|\|o,this.piiLoggingEnabled=i.piiLoggingEnabled\|\|!1,this.level=typeof i.logLevel=="number"?i.logLevel:N.Info,this.correlationId=i.correlationId\|\|g.EMPTY_STRING,this.packageName=t\|\|g.EMPTY_STRING,this.packageVersion=n\|\|g.EMPTY_STRING}static createDefaultLoggerOptions(){return{loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:N.Info}}clone(e,t,n){return new Ae({loggerCallback:this.localCallback,piiLoggingEnabled:this.piiLoggingEnabled,logLevel:this.level,correlationId:n\|\|this.correlationId},e,t)}logMessage(e,t){if(t.logLevel>this.level\|\|!this.piiLoggingEnabled&&t.containsPii)return;const i=`${`[${new Date().toUTCString()}] : [${t.correlationId\|\|this.correlationId\|\|""}]`} : ${this.packageName}@${this.packageVersion} : ${N[t.logLevel]} - ${e}`;this.executeCallback(t.logLevel,i,t.containsPii\|\|!1)}executeCallback(e,t,n){this.localCallback&&this.localCallback(e,t,n)}error(e,t){this.logMessage(e,{logLevel:N.Error,containsPii:!1,correlationId:t\|\|g.EMPTY_STRING})}errorPii(e,t){this.logMessage(e,{logLevel:N.Error,containsPii:!0,correlationId:t\|\|g.EMPTY_STRING})}warning(e,t){this.logMessage(e,{logLevel:N.Warning,containsPii:!1,correlationId:t\|\|g.EMPTY_STRING})}warningPii(e,t){this.logMessage(e,{logLevel:N.Warning,containsPii:!0,correlationId:t\|\|g.EMPTY_STRING})}info(e,t){this.logMessage(e,{logLevel:N.Info,containsPii:!1,correlationId:t\|\|g.EMPTY_STRING})}infoPii(e,t){this.logMessage(e,{logLevel:N.Info,containsPii:!0,correlationId:t\|\|g.EMPTY_STRING})}verbose(e,t){this.logMessage(e,{logLevel:N.Verbose,containsPii:!1,correlationId:t\|\|g.EMPTY_STRING})}verbosePii(e,t){this.logMessage(e,{logLevel:N.Verbose,containsPii:!0,correlationId:t\|\|g.EMPTY_STRING})}trace(e,t){this.logMessage(e,{logLevel:N.Trace,containsPii:!1,correlationId:t\|\|g.EMPTY_STRING})}tracePii(e,t){this.logMessage(e,{logLevel:N.Trace,containsPii:!0,correlationId:t\|\|g.EMPTY_STRING})}isPiiLoggingEnabled(){return this.piiLoggingEnabled\|\|!1}}/! @azure/msal-common v15.4.0 2025-03-25 /const $r="@azure/msal-common",Wn="15.4.0";/! @azure/msal-common v15.4.0 2025-03-25 /const Jn={None:"none"};/! @azure/msal-common v15.4.0 2025-03-25 /function be(r,e){const t=ha(r);try{const n=e(t);return JSON.parse(n)}catch{throw p($n)}}function ha(r){if(!r)throw p(Ut);const t=/^([^\.\s])\.([^\.\s]+)\.([^\.\s])$/.exec(r);if(!t\|\|t.length<4)throw p($n);return t[2]}function Vr(r,e){if(e===0\|\|Date.now()-3e5>r+e)throw p(Mr)}/! @azure/msal-common v15.4.0 2025-03-25 /function j(){return Math.round(new Date().getTime()/1e3)}function Xo(r){return r.getTime()/1e3}function Te(r){return r?new Date(Number(r)1e3):new Date}function Ht(r,e){const t=Number(r)\|\|0;return j()+e>t}function Qr(r){return Number(r)>j()}/! @azure/msal-common v15.4.0 2025-03-25 /function at(r){return[pa(r),ma(r),Ca(r),ya(r),Ta(r)].join(z.CACHE_KEY_SEPARATOR).toLowerCase()}function Jt(r,e,t,n,o){return{credentialType:I.ID_TOKEN,homeAccountId:r,environment:e,clientId:n,secret:t,realm:o}}function Xt(r,e,t,n,o,i,s,a,c,d,h,u,m,A,E){var D,W;const w={homeAccountId:r,credentialType:I.ACCESS_TOKEN,secret:t,cachedAt:j().toString(),expiresOn:s.toString(),extendedExpiresOn:a.toString(),environment:e,clientId:n,realm:o,target:i,tokenType:h\|\|_.BEARER};if(u&&(w.userAssertionHash=u),d&&(w.refreshOn=d.toString()),A&&(w.requestedClaims=A,w.requestedClaimsHash=E),((D=w.tokenType)==null?void 0:D.toLowerCase())!==_.BEARER.toLowerCase())switch(w.credentialType=I.ACCESS_TOKEN_WITH_AUTH_SCHEME,w.tokenType){case _.POP:const ee=be(t,c);if(!((W=ee==null?void 0:ee.cnf)!=null&&W.kid))throw p(Fr);w.keyId=ee.cnf.kid;break;case _.SSH:w.keyId=m}return w}function Yr(r,e,t,n,o,i,s){const a={credentialType:I.REFRESH_TOKEN,homeAccountId:r,environment:e,clientId:n,secret:t};return i&&(a.userAssertionHash=i),o&&(a.familyId=o),s&&(a.expiresOn=s.toString()),a}function Xn(r){return r.hasOwnProperty("homeAccountId")&&r.hasOwnProperty("environment")&&r.hasOwnProperty("credentialType")&&r.hasOwnProperty("clientId")&&r.hasOwnProperty("secret")}function ua(r){return r?Xn(r)&&r.hasOwnProperty("realm")&&r.hasOwnProperty("target")&&(r.credentialType===I.ACCESS_TOKEN\|\|r.credentialType===I.ACCESS_TOKEN_WITH_AUTH_SCHEME):!1}function ga(r){return r?Xn(r)&&r.hasOwnProperty("realm")&&r.credentialType===I.ID_TOKEN:!1}function fa(r){return r?Xn(r)&&r.credentialType===I.REFRESH_TOKEN:!1}function pa(r){return[r.homeAccountId,r.environment].join(z.CACHE_KEY_SEPARATOR).toLowerCase()}function ma(r){const e=r.credentialType===I.REFRESH_TOKEN&&r.familyId\|\|r.clientId;return[r.credentialType,e,r.realm\|\|""].join(z.CACHE_KEY_SEPARATOR).toLowerCase()}function Ca(r){return(r.target\|\|"").toLowerCase()}function ya(r){return(r.requestedClaimsHash\|\|"").toLowerCase()}function Ta(r){return r.tokenType&&r.tokenType.toLowerCase()!==_.BEARER.toLowerCase()?r.tokenType.toLowerCase():""}function Aa(r,e){const t=r.indexOf(F.CACHE_KEY)===0;let n=!0;return e&&(n=e.hasOwnProperty("failedRequests")&&e.hasOwnProperty("errors")&&e.hasOwnProperty("cacheHits")),t&&n}function Ia(r,e){let t=!1;r&&(t=r.indexOf(st.THROTTLING_PREFIX)===0);let n=!0;return e&&(n=e.hasOwnProperty("throttleTime")),t&&n}function Ea({environment:r,clientId:e}){return[Gn,r,e].join(z.CACHE_KEY_SEPARATOR).toLowerCase()}function wa(r,e){return e?r.indexOf(Gn)===0&&e.hasOwnProperty("clientId")&&e.hasOwnProperty("environment"):!1}function va(r,e){return e?r.indexOf(Mt.CACHE_KEY)===0&&e.hasOwnProperty("aliases")&&e.hasOwnProperty("preferred_cache")&&e.hasOwnProperty("preferred_network")&&e.hasOwnProperty("canonical_authority")&&e.hasOwnProperty("authorization_endpoint")&&e.hasOwnProperty("token_endpoint")&&e.hasOwnProperty("issuer")&&e.hasOwnProperty("aliasesFromNetwork")&&e.hasOwnProperty("endpointsFromNetwork")&&e.hasOwnProperty("expiresAt")&&e.hasOwnProperty("jwks_uri"):!1}function Zo(){return j()+Mt.REFRESH_TIME_SECONDS}function vt(r,e,t){r.authorization_endpoint=e.authorization_endpoint,r.token_endpoint=e.token_endpoint,r.end_session_endpoint=e.end_session_endpoint,r.issuer=e.issuer,r.endpointsFromNetwork=t,r.jwks_uri=e.jwks_uri}function Tn(r,e,t){r.aliases=e.aliases,r.preferred_cache=e.preferred_cache,r.preferred_network=e.preferred_network,r.aliasesFromNetwork=t}function er(r){return r.expiresAt<=j()}/! @azure/msal-common v15.4.0 2025-03-25 /const jr="redirect_uri_empty",Sa="claims_request_parsing_error",Wr="authority_uri_insecure",ot="url_parse_error",Jr="empty_url_error",Xr="empty_input_scopes_error",Zr="invalid_prompt_value",Zt="invalid_claims",ei="token_request_empty",ti="logout_request_empty",ni="invalid_code_challenge_method",en="pkce_params_missing",Zn="invalid_cloud_discovery_metadata",oi="invalid_authority_metadata",ri="untrusted_authority",tn="missing_ssh_jwk",ii="missing_ssh_kid",ka="missing_nonce_authentication_header",_a="invalid_authentication_header",si="cannot_set_OIDCOptions",ai="cannot_allow_platform_broker",ci="authority_mismatch";/! @azure/msal-common v15.4.0 2025-03-25 /const Ra={[jr]:"A redirect URI is required for all calls, and none has been set.",[Sa]:"Could not parse the given claims request object.",[Wr]:"Authority URIs must use https. Please see here for valid authority configuration options: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-initializing-client-applications#configuration-options",[ot]:"URL could not be parsed into appropriate segments.",[Jr]:"URL was empty or null.",[Xr]:"Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token.",[Zr]:"Please see here for valid configuration options: https://azuread.github.io/microsoft-authentication-library-for-js/ref/modules/_azure_msal_common.html#commonauthorizationurlrequest",[Zt]:"Given claims parameter must be a stringified JSON object.",[ei]:"Token request was empty and not found in cache.",[ti]:"The logout request was null or undefined.",[ni]:'code_challenge_method passed is invalid. Valid values are "plain" and "S256".',[en]:"Both params: code_challenge and code_challenge_method are to be passed if to be sent in the request",[Zn]:"Invalid cloudDiscoveryMetadata provided. Must be a stringified JSON object containing tenant_discovery_endpoint and metadata fields",[oi]:"Invalid authorityMetadata provided. Must by a stringified JSON object containing authorization_endpoint, token_endpoint, issuer fields.",[ri]:"The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter.",[tn]:"Missing sshJwk in SSH certificate request. A stringified JSON Web Key is required when using the SSH authentication scheme.",[ii]:"Missing sshKid in SSH certificate request. A string that uniquely identifies the public SSH key is required when using the SSH authentication scheme.",[ka]:"Unable to find an authentication header containing server nonce. Either the Authentication-Info or WWW-Authenticate headers must be present in order to obtain a server nonce.",[_a]:"Invalid authentication header provided",[si]:"Cannot set OIDCOptions parameter. Please change the protocol mode to OIDC or use a non-Microsoft authority.",[ai]:"Cannot set allowPlatformBroker parameter to true when not in AAD protocol mode.",[ci]:"Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority."};class eo extends R{constructor(e){super(e,Ra[e]),this.name="ClientConfigurationError",Object.setPrototypeOf(this,eo.prototype)}}function b(r){return new eo(r)}/! @azure/msal-common v15.4.0 2025-03-25 /class ie{static isEmptyObj(e){if(e)try{const t=JSON.parse(e);return Object.keys(t).length===0}catch{}return!0}static startsWith(e,t){return e.indexOf(t)===0}static endsWith(e,t){return e.length>=t.length&&e.lastIndexOf(t)===e.length-t.length}static queryStringToObject(e){const t={},n=e.split("&"),o=i=>decodeURIComponent(i.replace(/\+/g," "));return n.forEach(i=>{if(i.trim()){const[s,a]=i.split(/=(.+)/g,2);s&&a&&(t[o(s)]=o(a))}}),t}static trimArrayEntries(e){return e.map(t=>t.trim())}static removeEmptyStringsFromArray(e){return e.filter(t=>!!t)}static jsonParseHelper(e){try{return JSON.parse(e)}catch{return null}}static matchPattern(e,t){return new RegExp(e.replace(/\\/g,"\\\\").replace(/\/g,"[^ ]").replace(/\?/g,"\\?")).test(t)}}/! @azure/msal-common v15.4.0 2025-03-25 /class M{constructor(e){const t=e?ie.trimArrayEntries([...e]):[],n=t?ie.removeEmptyStringsFromArray(t):[];if(!n\|\|!n.length)throw b(Xr);this.scopes=new Set,n.forEach(o=>this.scopes.add(o))}static fromString(e){const n=(e\|\|g.EMPTY_STRING).split(" ");return new M(n)}static createSearchScopes(e){const t=new M(e);return t.containsOnlyOIDCScopes()?t.removeScope(g.OFFLINE_ACCESS_SCOPE):t.removeOIDCScopes(),t}containsScope(e){const t=this.printScopesLowerCase().split(" "),n=new M(t);return e?n.scopes.has(e.toLowerCase()):!1}containsScopeSet(e){return!e\|\|e.scopes.size<=0?!1:this.scopes.size>=e.scopes.size&&e.asArray().every(t=>this.containsScope(t))}containsOnlyOIDCScopes(){let e=0;return Vo.forEach(t=>{this.containsScope(t)&&(e+=1)}),this.scopes.size===e}appendScope(e){e&&this.scopes.add(e.trim())}appendScopes(e){try{e.forEach(t=>this.appendScope(t))}catch{throw p(Dr)}}removeScope(e){if(!e)throw p(Hr);this.scopes.delete(e.trim())}removeOIDCScopes(){Vo.forEach(e=>{this.scopes.delete(e)})}unionScopeSets(e){if(!e)throw p(Sn);const t=new Set;return e.scopes.forEach(n=>t.add(n.toLowerCase())),this.scopes.forEach(n=>t.add(n.toLowerCase())),t}intersectingScopeSets(e){if(!e)throw p(Sn);e.containsOnlyOIDCScopes()\|\|e.removeOIDCScopes();const t=this.unionScopeSets(e),n=e.getScopeCount(),o=this.getScopeCount();return t.size<o+n}getScopeCount(){return this.scopes.size}asArray(){const e=[];return this.scopes.forEach(t=>e.push(t)),e}printScopes(){return this.scopes?this.asArray().join(" "):g.EMPTY_STRING}printScopesLowerCase(){return this.printScopes().toLowerCase()}}/! @azure/msal-common v15.4.0 2025-03-25 /function Dt(r,e){if(!r)throw p(_r);try{const t=e(r);return JSON.parse(t)}catch{throw p(qn)}}function Qe(r){if(!r)throw p(qn);const e=r.split(z.CLIENT_INFO_SEPARATOR,2);return{uid:e[0],utid:e.length<2?g.EMPTY_STRING:e[1]}}/! @azure/msal-common v15.4.0 2025-03-25 /function tr(r,e){return!!r&&!!e&&r===e.split(".")[1]}function nn(r,e,t,n){if(n){const{oid:o,sub:i,tid:s,name:a,tfp:c,acr:d}=n,h=s\|\|c\|\|d\|\|"";return{tenantId:h,localAccountId:o\|\|i\|\|"",name:a,isHomeTenant:tr(h,r)}}else return{tenantId:t,localAccountId:e,isHomeTenant:tr(t,r)}}function to(r,e,t,n){let o=r;if(e){const{isHomeTenant:i,...s}=e;o={...r,...s}}if(t){const{isHomeTenant:i,...s}=nn(r.homeAccountId,r.localAccountId,r.tenantId,t);return o={...o,...s,idTokenClaims:t,idToken:n},o}return o}/! @azure/msal-common v15.4.0 2025-03-25 /const oe={Default:0,Adfs:1,Dsts:2,Ciam:3};/! @azure/msal-common v15.4.0 2025-03-25 /function li(r){return r&&(r.tid\|\|r.tfp\|\|r.acr)\|\|null}/! @azure/msal-common v15.4.0 2025-03-25 /const Y={AAD:"AAD",OIDC:"OIDC",EAR:"EAR"};/! @azure/msal-common v15.4.0 2025-03-25 /class q{generateAccountId(){return[this.homeAccountId,this.environment].join(z.CACHE_KEY_SEPARATOR).toLowerCase()}generateAccountKey(){return q.generateAccountCacheKey({homeAccountId:this.homeAccountId,environment:this.environment,tenantId:this.realm,username:this.username,localAccountId:this.localAccountId})}getAccountInfo(){return{homeAccountId:this.homeAccountId,environment:this.environment,tenantId:this.realm,username:this.username,localAccountId:this.localAccountId,name:this.name,nativeAccountId:this.nativeAccountId,authorityType:this.authorityType,tenantProfiles:new Map((this.tenantProfiles\|\|[]).map(e=>[e.tenantId,e]))}}isSingleTenant(){return!this.tenantProfiles}static generateAccountCacheKey(e){const t=e.homeAccountId.split(".")[1];return[e.homeAccountId,e.environment\|\|"",t\|\|e.tenantId\|\|""].join(z.CACHE_KEY_SEPARATOR).toLowerCase()}static createAccount(e,t,n){var d,h,u,m,A,E;const o=new q;t.authorityType===oe.Adfs?o.authorityType=Et.ADFS_ACCOUNT_TYPE:t.protocolMode===Y.OIDC?o.authorityType=Et.GENERIC_ACCOUNT_TYPE:o.authorityType=Et.MSSTS_ACCOUNT_TYPE;let i;e.clientInfo&&n&&(i=Dt(e.clientInfo,n)),o.clientInfo=e.clientInfo,o.homeAccountId=e.homeAccountId,o.nativeAccountId=e.nativeAccountId;const s=e.environment\|\|t&&t.getPreferredCache();if(!s)throw p(Yn);o.environment=s,o.realm=(i==null?void 0:i.utid)\|\|li(e.idTokenClaims)\|\|"",o.localAccountId=(i==null?void 0:i.uid)\|\|((d=e.idTokenClaims)==null?void 0:d.oid)\|\|((h=e.idTokenClaims)==null?void 0:h.sub)\|\|"";const a=((u=e.idTokenClaims)==null?void 0:u.preferred_username)\|\|((m=e.idTokenClaims)==null?void 0:m.upn),c=(A=e.idTokenClaims)!=null&&A.emails?e.idTokenClaims.emails[0]:null;if(o.username=a\|\|c\|\|"",o.name=((E=e.idTokenClaims)==null?void 0:E.name)\|\|"",o.cloudGraphHostName=e.cloudGraphHostName,o.msGraphHost=e.msGraphHost,e.tenantProfiles)o.tenantProfiles=e.tenantProfiles;else{const w=nn(e.homeAccountId,o.localAccountId,o.realm,e.idTokenClaims);o.tenantProfiles=[w]}return o}static createFromAccountInfo(e,t,n){var i;const o=new q;return o.authorityType=e.authorityType\|\|Et.GENERIC_ACCOUNT_TYPE,o.homeAccountId=e.homeAccountId,o.localAccountId=e.localAccountId,o.nativeAccountId=e.nativeAccountId,o.realm=e.tenantId,o.environment=e.environment,o.username=e.username,o.name=e.name,o.cloudGraphHostName=t,o.msGraphHost=n,o.tenantProfiles=Array.from(((i=e.tenantProfiles)==null?void 0:i.values())\|\|[]),o}static generateHomeAccountId(e,t,n,o,i){if(!(t===oe.Adfs\|\|t===oe.Dsts)){if(e)try{const s=Dt(e,o.base64Decode);if(s.uid&&s.utid)return`${s.uid}.${s.utid}`}catch{}n.warning("No client info in response")}return(i==null?void 0:i.sub)\|\|""}static isAccountEntity(e){return e?e.hasOwnProperty("homeAccountId")&&e.hasOwnProperty("environment")&&e.hasOwnProperty("realm")&&e.hasOwnProperty("localAccountId")&&e.hasOwnProperty("username")&&e.hasOwnProperty("authorityType"):!1}static accountInfoIsEqual(e,t,n){if(!e\|\|!t)return!1;let o=!0;if(n){const i=e.idTokenClaims\|\|{},s=t.idTokenClaims\|\|{};o=i.iat===s.iat&&i.nonce===s.nonce}return e.homeAccountId===t.homeAccountId&&e.localAccountId===t.localAccountId&&e.username===t.username&&e.tenantId===t.tenantId&&e.environment===t.environment&&e.nativeAccountId===t.nativeAccountId&&o}}/! @azure/msal-common v15.4.0 2025-03-25 /function di(r){return r.startsWith("#/")?r.substring(2):r.startsWith("#")\|\|r.startsWith("?")?r.substring(1):r}function xt(r){if(!r\|\|r.indexOf("=")<0)return null;try{const e=di(r),t=Object.fromEntries(new URLSearchParams(e));if(t.code\|\|t.ear_jwe\|\|t.error\|\|t.error_description\|\|t.state)return t}catch{throw p(Or)}return null}function ut(r){const e=new Array;return r.forEach((t,n)=>{e.push(`${n}=${encodeURIComponent(t)}`)}),e.join("&")}/! @azure/msal-common v15.4.0 2025-03-25 /class S{get urlString(){return this._urlString}constructor(e){if(this._urlString=e,!this._urlString)throw b(Jr);e.includes("#")\|\|(this._urlString=S.canonicalizeUri(e))}static canonicalizeUri(e){if(e){let t=e.toLowerCase();return ie.endsWith(t,"?")?t=t.slice(0,-1):ie.endsWith(t,"?/")&&(t=t.slice(0,-2)),ie.endsWith(t,"/")\|\|(t+="/"),t}return e}validateAsUri(){let e;try{e=this.getUrlComponents()}catch{throw b(ot)}if(!e.HostNameAndPort\|\|!e.PathSegments)throw b(ot);if(!e.Protocol\|\|e.Protocol.toLowerCase()!=="https:")throw b(Wr)}static appendQueryString(e,t){return t?e.indexOf("?")<0?`${e}?${t}`:`${e}&${t}`:e}static removeHashFromUrl(e){return S.canonicalizeUri(e.split("#")[0])}replaceTenantPath(e){const t=this.getUrlComponents(),n=t.PathSegments;return e&&n.length!==0&&(n[0]===ke.COMMON\|\|n[0]===ke.ORGANIZATIONS)&&(n[0]=e),S.constructAuthorityUriFromObject(t)}getUrlComponents(){const e=RegExp("^(([^:/?#]+):)?(//([^/?#]))?([^?#])(\\?([^#]))?(#(.))?"),t=this.urlString.match(e);if(!t)throw b(ot);const n={Protocol:t[1],HostNameAndPort:t[4],AbsolutePath:t[5],QueryString:t[7]};let o=n.AbsolutePath.split("/");return o=o.filter(i=>i&&i.length>0),n.PathSegments=o,n.QueryString&&n.QueryString.endsWith("/")&&(n.QueryString=n.QueryString.substring(0,n.QueryString.length-1)),n}static getDomainFromUrl(e){const t=RegExp("^([^:/?#]+://)?([^/?#])"),n=e.match(t);if(!n)throw b(ot);return n[2]}static getAbsoluteUrl(e,t){if(e[0]===g.FORWARD_SLASH){const o=new S(t).getUrlComponents();return o.Protocol+"//"+o.HostNameAndPort+e}return e}static constructAuthorityUriFromObject(e){return new S(e.Protocol+"//"+e.HostNameAndPort+"/"+e.PathSegments.join("/"))}static hashContainsKnownProperties(e){return!!xt(e)}}/! @azure/msal-common v15.4.0 2025-03-25 /const hi={endpointMetadata:{"login.microsoftonline.com":{token_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.microsoftonline.com/{tenantid}/discovery/v2.0/keys",issuer:"https://login.microsoftonline.com/{tenantid}/v2.0",authorization_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/logout"},"login.chinacloudapi.cn":{token_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.chinacloudapi.cn/{tenantid}/discovery/v2.0/keys",issuer:"https://login.partner.microsoftonline.cn/{tenantid}/v2.0",authorization_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/logout"},"login.microsoftonline.us":{token_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.microsoftonline.us/{tenantid}/discovery/v2.0/keys",issuer:"https://login.microsoftonline.us/{tenantid}/v2.0",authorization_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/logout"}},instanceDiscoveryMetadata:{metadata:[{preferred_network:"login.microsoftonline.com",preferred_cache:"login.windows.net",aliases:["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"]},{preferred_network:"login.partner.microsoftonline.cn",preferred_cache:"login.partner.microsoftonline.cn",aliases:["login.partner.microsoftonline.cn","login.chinacloudapi.cn"]},{preferred_network:"login.microsoftonline.de",preferred_cache:"login.microsoftonline.de",aliases:["login.microsoftonline.de"]},{preferred_network:"login.microsoftonline.us",preferred_cache:"login.microsoftonline.us",aliases:["login.microsoftonline.us","login.usgovcloudapi.net"]},{preferred_network:"login-us.microsoftonline.com",preferred_cache:"login-us.microsoftonline.com",aliases:["login-us.microsoftonline.com"]}]}},nr=hi.endpointMetadata,no=hi.instanceDiscoveryMetadata,ui=new Set;no.metadata.forEach(r=>{r.aliases.forEach(e=>{ui.add(e)})});function ba(r,e){var o;let t;const n=r.canonicalAuthority;if(n){const i=new S(n).getUrlComponents().HostNameAndPort;t=or(i,(o=r.cloudDiscoveryMetadata)==null?void 0:o.metadata,X.CONFIG,e)\|\|or(i,no.metadata,X.HARDCODED_VALUES,e)\|\|r.knownAuthorities}return t\|\|[]}function or(r,e,t,n){if(n==null\|\|n.trace(`getAliasesFromMetadata called with source: ${t}`),r&&e){const o=Ft(e,r);if(o)return n==null\|\|n.trace(`getAliasesFromMetadata: found cloud discovery metadata in ${t}, returning aliases`),o.aliases;n==null\|\|n.trace(`getAliasesFromMetadata: did not find cloud discovery metadata in ${t}`)}return null}function Oa(r){return Ft(no.metadata,r)}function Ft(r,e){for(let t=0;t<r.length;t++){const n=r[t];if(n.aliases.includes(e))return n}return null}/! @azure/msal-common v15.4.0 2025-03-25 /const gi="cache_quota_exceeded",oo="cache_error_unknown";/! @azure/msal-common v15.4.0 2025-03-25 /const An={[gi]:"Exceeded cache storage capacity.",[oo]:"Unexpected error occurred when using cache storage."};class Ye extends Error{constructor(e,t){const n=t\|\|(An[e]?An[e]:An[oo]);super(`${e}: ${n}`),Object.setPrototypeOf(this,Ye.prototype),this.name="CacheError",this.errorCode=e,this.errorMessage=n}}/! @azure/msal-common v15.4.0 2025-03-25 /class bn{constructor(e,t,n,o){this.clientId=e,this.cryptoImpl=t,this.commonLogger=n.clone($r,Wn),this.staticAuthorityOptions=o}getAllAccounts(e){return this.buildTenantProfiles(this.getAccountsFilteredBy(e\|\|{}),e)}getAccountInfoFilteredBy(e){const t=this.getAllAccounts(e);return t.length>1?t.sort(o=>o.idTokenClaims?-1:1)[0]:t.length===1?t[0]:null}getBaseAccountInfo(e){const t=this.getAccountsFilteredBy(e);return t.length>0?t[0].getAccountInfo():null}buildTenantProfiles(e,t){return e.flatMap(n=>this.getTenantProfilesFromAccountEntity(n,t==null?void 0:t.tenantId,t))}getTenantedAccountInfoByFilter(e,t,n,o){let i=null,s;if(o&&!this.tenantProfileMatchesFilter(n,o))return null;const a=this.getIdToken(e,t,n.tenantId);return a&&(s=be(a.secret,this.cryptoImpl.base64Decode),!this.idTokenClaimsMatchTenantProfileFilter(s,o))?null:(i=to(e,n,s,a==null?void 0:a.secret),i)}getTenantProfilesFromAccountEntity(e,t,n){const o=e.getAccountInfo();let i=o.tenantProfiles\|\|new Map;const s=this.getTokenKeys();if(t){const c=i.get(t);if(c)i=new Map([[t,c]]);else return[]}const a=[];return i.forEach(c=>{const d=this.getTenantedAccountInfoByFilter(o,s,c,n);d&&a.push(d)}),a}tenantProfileMatchesFilter(e,t){return!(t.localAccountId&&!this.matchLocalAccountIdFromTenantProfile(e,t.localAccountId)\|\|t.name&&e.name!==t.name\|\|t.isHomeTenant!==void 0&&e.isHomeTenant!==t.isHomeTenant)}idTokenClaimsMatchTenantProfileFilter(e,t){return!(t&&(t.localAccountId&&!this.matchLocalAccountIdFromTokenClaims(e,t.localAccountId)\|\|t.loginHint&&!this.matchLoginHintFromTokenClaims(e,t.loginHint)\|\|t.username&&!this.matchUsername(e.preferred_username,t.username)\|\|t.name&&!this.matchName(e,t.name)\|\|t.sid&&!this.matchSid(e,t.sid)))}async saveCacheRecord(e,t,n){var o,i,s,a;if(!e)throw p(xr);try{e.account&&await this.setAccount(e.account,t),e.idToken&&(n==null?void 0:n.idToken)!==!1&&await this.setIdTokenCredential(e.idToken,t),e.accessToken&&(n==null?void 0:n.accessToken)!==!1&&await this.saveAccessToken(e.accessToken,t),e.refreshToken&&(n==null?void 0:n.refreshToken)!==!1&&await this.setRefreshTokenCredential(e.refreshToken,t),e.appMetadata&&this.setAppMetadata(e.appMetadata)}catch(c){throw(o=this.commonLogger)==null\|\|o.error("CacheManager.saveCacheRecord: failed"),c instanceof Error?((i=this.commonLogger)==null\|\|i.errorPii(`CacheManager.saveCacheRecord: ${c.message}`,t),c.name==="QuotaExceededError"\|\|c.name==="NS_ERROR_DOM_QUOTA_REACHED"\|\|c.message.includes("exceeded the quota")?((s=this.commonLogger)==null\|\|s.error("CacheManager.saveCacheRecord: exceeded storage quota",t),new Ye(gi)):new Ye(c.name,c.message)):((a=this.commonLogger)==null\|\|a.errorPii(`CacheManager.saveCacheRecord: ${c}`,t),new Ye(oo))}}async saveAccessToken(e,t){const n={clientId:e.clientId,credentialType:e.credentialType,environment:e.environment,homeAccountId:e.homeAccountId,realm:e.realm,tokenType:e.tokenType,requestedClaimsHash:e.requestedClaimsHash},o=this.getTokenKeys(),i=M.fromString(e.target),s=[];o.accessToken.forEach(a=>{if(!this.accessTokenKeyMatchesFilter(a,n,!1))return;const c=this.getAccessTokenCredential(a);c&&this.credentialMatchesFilter(c,n)&&M.fromString(c.target).intersectingScopeSets(i)&&s.push(this.removeAccessToken(a))}),await Promise.all(s),await this.setAccessTokenCredential(e,t)}getAccountsFilteredBy(e){const t=this.getAccountKeys(),n=[];return t.forEach(o=>{var c;if(!this.isAccountKey(o,e.homeAccountId))return;const i=this.getAccount(o,this.commonLogger);if(!i\|\|e.homeAccountId&&!this.matchHomeAccountId(i,e.homeAccountId)\|\|e.username&&!this.matchUsername(i.username,e.username)\|\|e.environment&&!this.matchEnvironment(i,e.environment)\|\|e.realm&&!this.matchRealm(i,e.realm)\|\|e.nativeAccountId&&!this.matchNativeAccountId(i,e.nativeAccountId)\|\|e.authorityType&&!this.matchAuthorityType(i,e.authorityType))return;const s={localAccountId:e==null?void 0:e.localAccountId,name:e==null?void 0:e.name},a=(c=i.tenantProfiles)==null?void 0:c.filter(d=>this.tenantProfileMatchesFilter(d,s));a&&a.length===0\|\|n.push(i)}),n}isAccountKey(e,t,n){return!(e.split(z.CACHE_KEY_SEPARATOR).length<3\|\|t&&!e.toLowerCase().includes(t.toLowerCase())\|\|n&&!e.toLowerCase().includes(n.toLowerCase()))}isCredentialKey(e){if(e.split(z.CACHE_KEY_SEPARATOR).length<6)return!1;const t=e.toLowerCase();if(t.indexOf(I.ID_TOKEN.toLowerCase())===-1&&t.indexOf(I.ACCESS_TOKEN.toLowerCase())===-1&&t.indexOf(I.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase())===-1&&t.indexOf(I.REFRESH_TOKEN.toLowerCase())===-1)return!1;if(t.indexOf(I.REFRESH_TOKEN.toLowerCase())>-1){const n=`${I.REFRESH_TOKEN}${z.CACHE_KEY_SEPARATOR}${this.clientId}${z.CACHE_KEY_SEPARATOR}`,o=`${I.REFRESH_TOKEN}${z.CACHE_KEY_SEPARATOR}${it}${z.CACHE_KEY_SEPARATOR}`;if(t.indexOf(n.toLowerCase())===-1&&t.indexOf(o.toLowerCase())===-1)return!1}else if(t.indexOf(this.clientId.toLowerCase())===-1)return!1;return!0}credentialMatchesFilter(e,t){return!(t.clientId&&!this.matchClientId(e,t.clientId)\|\|t.userAssertionHash&&!this.matchUserAssertionHash(e,t.userAssertionHash)\|\|typeof t.homeAccountId=="string"&&!this.matchHomeAccountId(e,t.homeAccountId)\|\|t.environment&&!this.matchEnvironment(e,t.environment)\|\|t.realm&&!this.matchRealm(e,t.realm)\|\|t.credentialType&&!this.matchCredentialType(e,t.credentialType)\|\|t.familyId&&!this.matchFamilyId(e,t.familyId)\|\|t.target&&!this.matchTarget(e,t.target)\|\|(t.requestedClaimsHash\|\|e.requestedClaimsHash)&&e.requestedClaimsHash!==t.requestedClaimsHash\|\|e.credentialType===I.ACCESS_TOKEN_WITH_AUTH_SCHEME&&(t.tokenType&&!this.matchTokenType(e,t.tokenType)\|\|t.tokenType===_.SSH&&t.keyId&&!this.matchKeyId(e,t.keyId)))}getAppMetadataFilteredBy(e){const t=this.getKeys(),n={};return t.forEach(o=>{if(!this.isAppMetadata(o))return;const i=this.getAppMetadata(o);i&&(e.environment&&!this.matchEnvironment(i,e.environment)\|\|e.clientId&&!this.matchClientId(i,e.clientId)\|\|(n[o]=i))}),n}getAuthorityMetadataByAlias(e){const t=this.getAuthorityMetadataKeys();let n=null;return t.forEach(o=>{if(!this.isAuthorityMetadata(o)\|\|o.indexOf(this.clientId)===-1)return;const i=this.getAuthorityMetadata(o);i&&i.aliases.indexOf(e)!==-1&&(n=i)}),n}async removeAllAccounts(){const e=this.getAccountKeys(),t=[];e.forEach(n=>{t.push(this.removeAccount(n))}),await Promise.all(t)}async removeAccount(e){const t=this.getAccount(e,this.commonLogger);t&&(await this.removeAccountContext(t),this.removeItem(e))}async removeAccountContext(e){const t=this.getTokenKeys(),n=e.generateAccountId(),o=[];t.idToken.forEach(i=>{i.indexOf(n)===0&&this.removeIdToken(i)}),t.accessToken.forEach(i=>{i.indexOf(n)===0&&o.push(this.removeAccessToken(i))}),t.refreshToken.forEach(i=>{i.indexOf(n)===0&&this.removeRefreshToken(i)}),await Promise.all(o)}async removeAccessToken(e){const t=this.getAccessTokenCredential(e);if(t){if(t.credentialType.toLowerCase()===I.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()&&t.tokenType===_.POP){const o=t.keyId;if(o)try{await this.cryptoImpl.removeTokenBindingKey(o)}catch{throw p(Br)}}return this.removeItem(e)}}removeAppMetadata(){return this.getKeys().forEach(t=>{this.isAppMetadata(t)&&this.removeItem(t)}),!0}readAccountFromCache(e){const t=q.generateAccountCacheKey(e);return this.getAccount(t,this.commonLogger)}getIdToken(e,t,n,o,i){this.commonLogger.trace("CacheManager - getIdToken called");const s={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:I.ID_TOKEN,clientId:this.clientId,realm:n},a=this.getIdTokensByFilter(s,t),c=a.size;if(c<1)return this.commonLogger.info("CacheManager:getIdToken - No token found"),null;if(c>1){let d=a;if(!n){const h=new Map;a.forEach((m,A)=>{m.realm===e.tenantId&&h.set(A,m)});const u=h.size;if(u<1)return this.commonLogger.info("CacheManager:getIdToken - Multiple ID tokens found for account but none match account entity tenant id, returning first result"),a.values().next().value;if(u===1)return this.commonLogger.info("CacheManager:getIdToken - Multiple ID tokens found for account, defaulting to home tenant profile"),h.values().next().value;d=h}return this.commonLogger.info("CacheManager:getIdToken - Multiple matching ID tokens found, clearing them"),d.forEach((h,u)=>{this.removeIdToken(u)}),o&&i&&o.addFields({multiMatchedID:a.size},i),null}return this.commonLogger.info("CacheManager:getIdToken - Returning ID token"),a.values().next().value}getIdTokensByFilter(e,t){const n=t&&t.idToken\|\|this.getTokenKeys().idToken,o=new Map;return n.forEach(i=>{if(!this.idTokenKeyMatchesFilter(i,{clientId:this.clientId,...e}))return;const s=this.getIdTokenCredential(i);s&&this.credentialMatchesFilter(s,e)&&o.set(i,s)}),o}idTokenKeyMatchesFilter(e,t){const n=e.toLowerCase();return!(t.clientId&&n.indexOf(t.clientId.toLowerCase())===-1\|\|t.homeAccountId&&n.indexOf(t.homeAccountId.toLowerCase())===-1)}removeIdToken(e){this.removeItem(e)}removeRefreshToken(e){this.removeItem(e)}getAccessToken(e,t,n,o,i,s){this.commonLogger.trace("CacheManager - getAccessToken called");const a=M.createSearchScopes(t.scopes),c=t.authenticationScheme\|\|_.BEARER,d=c.toLowerCase()!==_.BEARER.toLowerCase()?I.ACCESS_TOKEN_WITH_AUTH_SCHEME:I.ACCESS_TOKEN,h={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:d,clientId:this.clientId,realm:o\|\|e.tenantId,target:a,tokenType:c,keyId:t.sshKid,requestedClaimsHash:t.requestedClaimsHash},u=n&&n.accessToken\|\|this.getTokenKeys().accessToken,m=[];u.forEach(E=>{if(this.accessTokenKeyMatchesFilter(E,h,!0)){const w=this.getAccessTokenCredential(E);w&&this.credentialMatchesFilter(w,h)&&m.push(w)}});const A=m.length;return A<1?(this.commonLogger.info("CacheManager:getAccessToken - No token found"),null):A>1?(this.commonLogger.info("CacheManager:getAccessToken - Multiple access tokens found, clearing them"),m.forEach(E=>{this.removeAccessToken(at(E))}),i&&s&&i.addFields({multiMatchedAT:m.length},s),null):(this.commonLogger.info("CacheManager:getAccessToken - Returning access token"),m[0])}accessTokenKeyMatchesFilter(e,t,n){const o=e.toLowerCase();if(t.clientId&&o.indexOf(t.clientId.toLowerCase())===-1\|\|t.homeAccountId&&o.indexOf(t.homeAccountId.toLowerCase())===-1\|\|t.realm&&o.indexOf(t.realm.toLowerCase())===-1\|\|t.requestedClaimsHash&&o.indexOf(t.requestedClaimsHash.toLowerCase())===-1)return!1;if(t.target){const i=t.target.asArray();for(let s=0;s<i.length;s++){if(n&&!o.includes(i[s].toLowerCase()))return!1;if(!n&&o.includes(i[s].toLowerCase()))return!0}}return!0}getAccessTokensByFilter(e){const t=this.getTokenKeys(),n=[];return t.accessToken.forEach(o=>{if(!this.accessTokenKeyMatchesFilter(o,e,!0))return;const i=this.getAccessTokenCredential(o);i&&this.credentialMatchesFilter(i,e)&&n.push(i)}),n}getRefreshToken(e,t,n,o,i){this.commonLogger.trace("CacheManager - getRefreshToken called");const s=t?it:void 0,a={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:I.REFRESH_TOKEN,clientId:this.clientId,familyId:s},c=n&&n.refreshToken\|\|this.getTokenKeys().refreshToken,d=[];c.forEach(u=>{if(this.refreshTokenKeyMatchesFilter(u,a)){const m=this.getRefreshTokenCredential(u);m&&this.credentialMatchesFilter(m,a)&&d.push(m)}});const h=d.length;return h<1?(this.commonLogger.info("CacheManager:getRefreshToken - No refresh token found."),null):(h>1&&o&&i&&o.addFields({multiMatchedRT:h},i),this.commonLogger.info("CacheManager:getRefreshToken - returning refresh token"),d[0])}refreshTokenKeyMatchesFilter(e,t){const n=e.toLowerCase();return!(t.familyId&&n.indexOf(t.familyId.toLowerCase())===-1\|\|!t.familyId&&t.clientId&&n.indexOf(t.clientId.toLowerCase())===-1\|\|t.homeAccountId&&n.indexOf(t.homeAccountId.toLowerCase())===-1)}readAppMetadataFromCache(e){const t={environment:e,clientId:this.clientId},n=this.getAppMetadataFilteredBy(t),o=Object.keys(n).map(s=>n[s]),i=o.length;if(i<1)return null;if(i>1)throw p(Ur);return o[0]}isAppMetadataFOCI(e){const t=this.readAppMetadataFromCache(e);return!!(t&&t.familyId===it)}matchHomeAccountId(e,t){return typeof e.homeAccountId=="string"&&t===e.homeAccountId}matchLocalAccountIdFromTokenClaims(e,t){const n=e.oid\|\|e.sub;return t===n}matchLocalAccountIdFromTenantProfile(e,t){return e.localAccountId===t}matchName(e,t){var n;return t.toLowerCase()===((n=e.name)==null?void 0:n.toLowerCase())}matchUsername(e,t){return!!(e&&typeof e=="string"&&(t==null?void 0:t.toLowerCase())===e.toLowerCase())}matchUserAssertionHash(e,t){return!!(e.userAssertionHash&&t===e.userAssertionHash)}matchEnvironment(e,t){if(this.staticAuthorityOptions){const o=ba(this.staticAuthorityOptions,this.commonLogger);if(o.includes(t)&&o.includes(e.environment))return!0}const n=this.getAuthorityMetadataByAlias(t);return!!(n&&n.aliases.indexOf(e.environment)>-1)}matchCredentialType(e,t){return e.credentialType&&t.toLowerCase()===e.credentialType.toLowerCase()}matchClientId(e,t){return!!(e.clientId&&t===e.clientId)}matchFamilyId(e,t){return!!(e.familyId&&t===e.familyId)}matchRealm(e,t){var n;return((n=e.realm)==null?void 0:n.toLowerCase())===t.toLowerCase()}matchNativeAccountId(e,t){return!!(e.nativeAccountId&&t===e.nativeAccountId)}matchLoginHintFromTokenClaims(e,t){return e.login_hint===t\|\|e.preferred_username===t\|\|e.upn===t}matchSid(e,t){return e.sid===t}matchAuthorityType(e,t){return!!(e.authorityType&&t.toLowerCase()===e.authorityType.toLowerCase())}matchTarget(e,t){return e.credentialType!==I.ACCESS_TOKEN&&e.credentialType!==I.ACCESS_TOKEN_WITH_AUTH_SCHEME\|\|!e.target?!1:M.fromString(e.target).containsScopeSet(t)}matchTokenType(e,t){return!!(e.tokenType&&e.tokenType===t)}matchKeyId(e,t){return!!(e.keyId&&e.keyId===t)}isAppMetadata(e){return e.indexOf(Gn)!==-1}isAuthorityMetadata(e){return e.indexOf(Mt.CACHE_KEY)!==-1}generateAuthorityMetadataCacheKey(e){return`${Mt.CACHE_KEY}-${this.clientId}-${e}`}static toObject(e,t){for(const n in t)e[n]=t[n];return e}}class Pa extends bn{async setAccount(){throw p(v)}getAccount(){throw p(v)}async setIdTokenCredential(){throw p(v)}getIdTokenCredential(){throw p(v)}async setAccessTokenCredential(){throw p(v)}getAccessTokenCredential(){throw p(v)}async setRefreshTokenCredential(){throw p(v)}getRefreshTokenCredential(){throw p(v)}setAppMetadata(){throw p(v)}getAppMetadata(){throw p(v)}setServerTelemetry(){throw p(v)}getServerTelemetry(){throw p(v)}setAuthorityMetadata(){throw p(v)}getAuthorityMetadata(){throw p(v)}getAuthorityMetadataKeys(){throw p(v)}setThrottlingCache(){throw p(v)}getThrottlingCache(){throw p(v)}removeItem(){throw p(v)}getKeys(){throw p(v)}getAccountKeys(){throw p(v)}getTokenKeys(){throw p(v)}}/! @azure/msal-common v15.4.0 2025-03-25 /const fi={tokenRenewalOffsetSeconds:ea,preventCorsPreflight:!1},Na={loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:N.Info,correlationId:g.EMPTY_STRING},Ma={claimsBasedCachingEnabled:!1},Ua={async sendGetRequestAsync(){throw p(v)},async sendPostRequestAsync(){throw p(v)}},La={sku:g.SKU,version:Wn,cpu:g.EMPTY_STRING,os:g.EMPTY_STRING},Ha={clientSecret:g.EMPTY_STRING,clientAssertion:void 0},Da={azureCloudInstance:Jn.None,tenant:`${g.DEFAULT_COMMON_TENANT}`},xa={application:{appName:"",appVersion:""}};function Fa({authOptions:r,systemOptions:e,loggerOptions:t,cacheOptions:n,storageInterface:o,networkInterface:i,cryptoInterface:s,clientCredentials:a,libraryInfo:c,telemetry:d,serverTelemetryManager:h,persistencePlugin:u,serializableCache:m}){const A={...Na,...t};return{authOptions:Ka(r),systemOptions:{...fi,...e},loggerOptions:A,cacheOptions:{...Ma,...n},storageInterface:o\|\|new Pa(r.clientId,ht,new Ae(A)),networkInterface:i\|\|Ua,cryptoInterface:s\|\|ht,clientCredentials:a\|\|Ha,libraryInfo:{...La,...c},telemetry:{...xa,...d},serverTelemetryManager:h\|\|null,persistencePlugin:u\|\|null,serializableCache:m\|\|null}}function Ka(r){return{clientCapabilities:[],azureCloudOptions:Da,skipAuthorityMetadataCache:!1,instanceAware:!1,...r}}function pi(r){return r.authOptions.authority.options.protocolMode===Y.OIDC}/! @azure/msal-common v15.4.0 2025-03-25 /const re={HOME_ACCOUNT_ID:"home_account_id",UPN:"UPN"};/! @azure/msal-common v15.4.0 2025-03-25 /const xe="client_id",mi="redirect_uri",Ba="response_type",Ga="response_mode",za="grant_type",qa="claims",$a="scope",Va="refresh_token",Qa="state",Ya="nonce",ja="prompt",Wa="code",Ja="code_challenge",Xa="code_challenge_method",Za="code_verifier",ec="client-request-id",tc="x-client-SKU",nc="x-client-VER",oc="x-client-OS",rc="x-client-CPU",ic="x-client-current-telemetry",sc="x-client-last-telemetry",ac="x-ms-lib-capability",cc="x-app-name",lc="x-app-ver",dc="post_logout_redirect_uri",hc="id_token_hint",uc="client_secret",gc="client_assertion",fc="client_assertion_type",Ci="token_type",yi="req_cnf",rr="return_spa_code",pc="nativebroker",mc="logout_hint",Cc="sid",yc="login_hint",Tc="domain_hint",Ac="x-client-xtra-sku",Kt="brk_client_id",Bt="brk_redirect_uri",On="instance_aware",Ic="ear_jwk",Ec="ear_jwe_crypto";/! @azure/msal-common v15.4.0 2025-03-25 /function on(r,e,t){if(!e)return;const n=r.get(xe);n&&r.has(Kt)&&(t==null\|\|t.addFields({embeddedClientId:n,embeddedRedirectUri:r.get(mi)},e))}function Ti(r,e){r.set(Ba,e)}function wc(r,e){r.set(Ga,e\|\|Js.QUERY)}function vc(r){r.set(pc,"1")}function ro(r,e,t=!0,n=Be){t&&!n.includes("openid")&&!e.includes("openid")&&n.push("openid");const o=t?[...e\|\|[],...n]:e\|\|[],i=new M(o);r.set($a,i.printScopes())}function io(r,e){r.set(xe,e)}function so(r,e){r.set(mi,e)}function Sc(r,e){r.set(dc,e)}function kc(r,e){r.set(hc,e)}function _c(r,e){r.set(Tc,e)}function St(r,e){r.set(yc,e)}function Gt(r,e){r.set(V.CCS_HEADER,`UPN:${e}`)}function ct(r,e){r.set(V.CCS_HEADER,`Oid:${e.uid}@${e.utid}`)}function ir(r,e){r.set(Cc,e)}function ao(r,e,t){const n=ki(e,t);try{JSON.parse(n)}catch{throw b(Zt)}r.set(qa,n)}function co(r,e){r.set(ec,e)}function lo(r,e){r.set(tc,e.sku),r.set(nc,e.version),e.os&&r.set(oc,e.os),e.cpu&&r.set(rc,e.cpu)}function ho(r,e){e!=null&&e.appName&&r.set(cc,e.appName),e!=null&&e.appVersion&&r.set(lc,e.appVersion)}function Rc(r,e){r.set(ja,e)}function Ai(r,e){e&&r.set(Qa,e)}function bc(r,e){r.set(Ya,e)}function Oc(r,e,t){if(e&&t)r.set(Ja,e),r.set(Xa,t);else throw b(en)}function Pc(r,e){r.set(Wa,e)}function Nc(r,e){r.set(Va,e)}function Mc(r,e){r.set(Za,e)}function Ii(r,e){r.set(uc,e)}function Ei(r,e){e&&r.set(gc,e)}function wi(r,e){e&&r.set(fc,e)}function vi(r,e){r.set(za,e)}function uo(r){r.set(Xs,"1")}function Si(r){r.has(On)\|\|r.set(On,"true")}function He(r,e){Object.entries(e).forEach(([t,n])=>{!r.has(t)&&n&&r.set(t,n)})}function ki(r,e){let t;if(!r)t={};else try{t=JSON.parse(r)}catch{throw b(Zt)}return e&&e.length>0&&(t.hasOwnProperty(It.ACCESS_TOKEN)\|\|(t[It.ACCESS_TOKEN]={}),t[It.ACCESS_TOKEN][It.XMS_CC]={values:e}),JSON.stringify(t)}function go(r,e){e&&(r.set(Ci,_.POP),r.set(yi,e))}function _i(r,e){e&&(r.set(Ci,_.SSH),r.set(yi,e))}function Ri(r,e){r.set(ic,e.generateCurrentRequestHeaderValue()),r.set(sc,e.generateLastRequestHeaderValue())}function bi(r){r.set(ac,st.X_MS_LIB_CAPABILITY_VALUE)}function Uc(r,e){r.set(mc,e)}function rn(r,e,t){r.has(Kt)\|\|r.set(Kt,e),r.has(Bt)\|\|r.set(Bt,t)}function Lc(r,e){r.set(Ic,encodeURIComponent(e)),r.set(Ec,"eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0")}/! @azure/msal-common v15.4.0 2025-03-25 /function Hc(r){return r.hasOwnProperty("authorization_endpoint")&&r.hasOwnProperty("token_endpoint")&&r.hasOwnProperty("issuer")&&r.hasOwnProperty("jwks_uri")}/! @azure/msal-common v15.4.0 2025-03-25 /function Dc(r){return r.hasOwnProperty("tenant_discovery_endpoint")&&r.hasOwnProperty("metadata")}/! @azure/msal-common v15.4.0 2025-03-25 /function xc(r){return r.hasOwnProperty("error")&&r.hasOwnProperty("error_description")}/! @azure/msal-common v15.4.0 2025-03-25 /const l={AcquireTokenByCode:"acquireTokenByCode",AcquireTokenByRefreshToken:"acquireTokenByRefreshToken",AcquireTokenSilent:"acquireTokenSilent",AcquireTokenSilentAsync:"acquireTokenSilentAsync",AcquireTokenPopup:"acquireTokenPopup",AcquireTokenPreRedirect:"acquireTokenPreRedirect",AcquireTokenRedirect:"acquireTokenRedirect",CryptoOptsGetPublicKeyThumbprint:"cryptoOptsGetPublicKeyThumbprint",CryptoOptsSignJwt:"cryptoOptsSignJwt",SilentCacheClientAcquireToken:"silentCacheClientAcquireToken",SilentIframeClientAcquireToken:"silentIframeClientAcquireToken",AwaitConcurrentIframe:"awaitConcurrentIframe",SilentRefreshClientAcquireToken:"silentRefreshClientAcquireToken",SsoSilent:"ssoSilent",StandardInteractionClientGetDiscoveredAuthority:"standardInteractionClientGetDiscoveredAuthority",FetchAccountIdWithNativeBroker:"fetchAccountIdWithNativeBroker",NativeInteractionClientAcquireToken:"nativeInteractionClientAcquireToken",BaseClientCreateTokenRequestHeaders:"baseClientCreateTokenRequestHeaders",NetworkClientSendPostRequestAsync:"networkClientSendPostRequestAsync",RefreshTokenClientExecutePostToTokenEndpoint:"refreshTokenClientExecutePostToTokenEndpoint",AuthorizationCodeClientExecutePostToTokenEndpoint:"authorizationCodeClientExecutePostToTokenEndpoint",BrokerHandhshake:"brokerHandshake",AcquireTokenByRefreshTokenInBroker:"acquireTokenByRefreshTokenInBroker",AcquireTokenByBroker:"acquireTokenByBroker",RefreshTokenClientExecuteTokenRequest:"refreshTokenClientExecuteTokenRequest",RefreshTokenClientAcquireToken:"refreshTokenClientAcquireToken",RefreshTokenClientAcquireTokenWithCachedRefreshToken:"refreshTokenClientAcquireTokenWithCachedRefreshToken",RefreshTokenClientAcquireTokenByRefreshToken:"refreshTokenClientAcquireTokenByRefreshToken",RefreshTokenClientCreateTokenRequestBody:"refreshTokenClientCreateTokenRequestBody",AcquireTokenFromCache:"acquireTokenFromCache",SilentFlowClientAcquireCachedToken:"silentFlowClientAcquireCachedToken",SilentFlowClientGenerateResultFromCacheRecord:"silentFlowClientGenerateResultFromCacheRecord",AcquireTokenBySilentIframe:"acquireTokenBySilentIframe",InitializeBaseRequest:"initializeBaseRequest",InitializeSilentRequest:"initializeSilentRequest",InitializeClientApplication:"initializeClientApplication",InitializeCache:"initializeCache",SilentIframeClientTokenHelper:"silentIframeClientTokenHelper",SilentHandlerInitiateAuthRequest:"silentHandlerInitiateAuthRequest",SilentHandlerMonitorIframeForHash:"silentHandlerMonitorIframeForHash",SilentHandlerLoadFrame:"silentHandlerLoadFrame",SilentHandlerLoadFrameSync:"silentHandlerLoadFrameSync",StandardInteractionClientCreateAuthCodeClient:"standardInteractionClientCreateAuthCodeClient",StandardInteractionClientGetClientConfiguration:"standardInteractionClientGetClientConfiguration",StandardInteractionClientInitializeAuthorizationRequest:"standardInteractionClientInitializeAuthorizationRequest",GetAuthCodeUrl:"getAuthCodeUrl",GetStandardParams:"getStandardParams",HandleCodeResponseFromServer:"handleCodeResponseFromServer",HandleCodeResponse:"handleCodeResponse",HandleResponseEar:"handleResponseEar",HandleResponsePlatformBroker:"handleResponsePlatformBroker",HandleResponseCode:"handleResponseCode",UpdateTokenEndpointAuthority:"updateTokenEndpointAuthority",AuthClientAcquireToken:"authClientAcquireToken",AuthClientExecuteTokenRequest:"authClientExecuteTokenRequest",AuthClientCreateTokenRequestBody:"authClientCreateTokenRequestBody",PopTokenGenerateCnf:"popTokenGenerateCnf",PopTokenGenerateKid:"popTokenGenerateKid",HandleServerTokenResponse:"handleServerTokenResponse",DeserializeResponse:"deserializeResponse",AuthorityFactoryCreateDiscoveredInstance:"authorityFactoryCreateDiscoveredInstance",AuthorityResolveEndpointsAsync:"authorityResolveEndpointsAsync",AuthorityResolveEndpointsFromLocalSources:"authorityResolveEndpointsFromLocalSources",AuthorityGetCloudDiscoveryMetadataFromNetwork:"authorityGetCloudDiscoveryMetadataFromNetwork",AuthorityUpdateCloudDiscoveryMetadata:"authorityUpdateCloudDiscoveryMetadata",AuthorityGetEndpointMetadataFromNetwork:"authorityGetEndpointMetadataFromNetwork",AuthorityUpdateEndpointMetadata:"authorityUpdateEndpointMetadata",AuthorityUpdateMetadataWithRegionalInformation:"authorityUpdateMetadataWithRegionalInformation",RegionDiscoveryDetectRegion:"regionDiscoveryDetectRegion",RegionDiscoveryGetRegionFromIMDS:"regionDiscoveryGetRegionFromIMDS",RegionDiscoveryGetCurrentVersion:"regionDiscoveryGetCurrentVersion",AcquireTokenByCodeAsync:"acquireTokenByCodeAsync",GetEndpointMetadataFromNetwork:"getEndpointMetadataFromNetwork",GetCloudDiscoveryMetadataFromNetworkMeasurement:"getCloudDiscoveryMetadataFromNetworkMeasurement",HandleRedirectPromiseMeasurement:"handleRedirectPromise",HandleNativeRedirectPromiseMeasurement:"handleNativeRedirectPromise",UpdateCloudDiscoveryMetadataMeasurement:"updateCloudDiscoveryMetadataMeasurement",UsernamePasswordClientAcquireToken:"usernamePasswordClientAcquireToken",NativeMessageHandlerHandshake:"nativeMessageHandlerHandshake",NativeGenerateAuthResult:"nativeGenerateAuthResult",RemoveHiddenIframe:"removeHiddenIframe",ClearTokensAndKeysWithClaims:"clearTokensAndKeysWithClaims",CacheManagerGetRefreshToken:"cacheManagerGetRefreshToken",ImportExistingCache:"importExistingCache",SetUserData:"setUserData",LocalStorageUpdated:"localStorageUpdated",GeneratePkceCodes:"generatePkceCodes",GenerateCodeVerifier:"generateCodeVerifier",GenerateCodeChallengeFromVerifier:"generateCodeChallengeFromVerifier",Sha256Digest:"sha256Digest",GetRandomValues:"getRandomValues",GenerateHKDF:"generateHKDF",GenerateBaseKey:"generateBaseKey",Base64Decode:"base64Decode",UrlEncodeArr:"urlEncodeArr",Encrypt:"encrypt",Decrypt:"decrypt",GenerateEarKey:"generateEarKey",DecryptEarResponse:"decryptEarResponse"},Fc={InProgress:1};/! @azure/msal-common v15.4.0 2025-03-25 /const ae=(r,e,t,n,o)=>(...i)=>{t.trace(`Executing function ${e}`);const s=n==null?void 0:n.startMeasurement(e,o);if(o){const a=e+"CallCount";n==null\|\|n.incrementFields({[a]:1},o)}try{const a=r(...i);return s==null\|\|s.end({success:!0}),t.trace(`Returning result from ${e}`),a}catch(a){t.trace(`Error occurred in ${e}`);try{t.trace(JSON.stringify(a))}catch{t.trace("Unable to print error message.")}throw s==null\|\|s.end({success:!1},a),a}},f=(r,e,t,n,o)=>(...i)=>{t.trace(`Executing function ${e}`);const s=n==null?void 0:n.startMeasurement(e,o);if(o){const a=e+"CallCount";n==null\|\|n.incrementFields({[a]:1},o)}return n==null\|\|n.setPreQueueTime(e,o),r(...i).then(a=>(t.trace(`Returning result from ${e}`),s==null\|\|s.end({success:!0}),a)).catch(a=>{t.trace(`Error occurred in ${e}`);try{t.trace(JSON.stringify(a))}catch{t.trace("Unable to print error message.")}throw s==null\|\|s.end({success:!1},a),a})};/! @azure/msal-common v15.4.0 2025-03-25 /class sn{constructor(e,t,n,o){this.networkInterface=e,this.logger=t,this.performanceClient=n,this.correlationId=o}async detectRegion(e,t){var o;(o=this.performanceClient)==null\|\|o.addQueueMeasurement(l.RegionDiscoveryDetectRegion,this.correlationId);let n=e;if(n)t.region_source=Ge.ENVIRONMENT_VARIABLE;else{const i=sn.IMDS_OPTIONS;try{const s=await f(this.getRegionFromIMDS.bind(this),l.RegionDiscoveryGetRegionFromIMDS,this.logger,this.performanceClient,this.correlationId)(g.IMDS_VERSION,i);if(s.status===wt.httpSuccess&&(n=s.body,t.region_source=Ge.IMDS),s.status===wt.httpBadRequest){const a=await f(this.getCurrentVersion.bind(this),l.RegionDiscoveryGetCurrentVersion,this.logger,this.performanceClient,this.correlationId)(i);if(!a)return t.region_source=Ge.FAILED_AUTO_DETECTION,null;const c=await f(this.getRegionFromIMDS.bind(this),l.RegionDiscoveryGetRegionFromIMDS,this.logger,this.performanceClient,this.correlationId)(a,i);c.status===wt.httpSuccess&&(n=c.body,t.region_source=Ge.IMDS)}}catch{return t.region_source=Ge.FAILED_AUTO_DETECTION,null}}return n\|\|(t.region_source=Ge.FAILED_AUTO_DETECTION),n\|\|null}async getRegionFromIMDS(e,t){var n;return(n=this.performanceClient)==null\|\|n.addQueueMeasurement(l.RegionDiscoveryGetRegionFromIMDS,this.correlationId),this.networkInterface.sendGetRequestAsync(`${g.IMDS_ENDPOINT}?api-version=${e}&format=text`,t,g.IMDS_TIMEOUT)}async getCurrentVersion(e){var t;(t=this.performanceClient)==null\|\|t.addQueueMeasurement(l.RegionDiscoveryGetCurrentVersion,this.correlationId);try{const n=await this.networkInterface.sendGetRequestAsync(`${g.IMDS_ENDPOINT}?format=json`,e);return n.status===wt.httpBadRequest&&n.body&&n.body["newest-versions"]&&n.body["newest-versions"].length>0?n.body["newest-versions"][0]:null}catch{return null}}}sn.IMDS_OPTIONS={headers:{Metadata:"true"}};/! @azure/msal-common v15.4.0 2025-03-25 */class G{constructor(e,t,n,o,i,s,a,c){this.canonicalAuthority=e,this._canonicalAuthority.validateAsUri(),this.networkInterface=t,this.cacheManager=n,this.authorityOptions=o,this.regionDiscoveryMetadata={region_used:void 0,region_source:void 0,region_outcome:void 0},this.logger=i,this.performanceClient=a,this.correlationId=s,this.managedIdentity=c\|\|!1,this.regionDiscovery=new sn(t,this.logger,this.performanceClient,this.correlationId)}getAuthorityType(e){if(e.HostNameAndPort.endsWith(g.CIAM_AUTH_URL))return oe.Ciam;const t=e.PathSegments;if(t.length)switch(t[0].toLowerCase()){case g.ADFS:return oe.Adfs;case g.DSTS:return oe.Dsts}return oe.Default}get authorityType(){return this.getAuthorityType(this.canonicalAuthorityUrlComponents)}get protocolMode(){return this.authorityOptions.protocolMode}get options(){return this.authorityOptions}get canonicalAuthority(){return this._canonicalAuthority.urlString}set canonicalAuthority(e){this._canonicalAuthority=new S(e),this._canonicalAuthority.validateAsUri(),this._canonicalAuthorityUrlComponents=null}get canonicalAuthorityUrlComponents(){return this._canonicalAuthorityUrlComponents\|\|(this._canonicalAuthorityUrlComponents=this._canonicalAuthority.getUrlComponents()),this._canonicalAuthorityUrlComponents}get hostnameAndPort(){return this.canonicalAuthorityUrlComponents.HostNameAndPort.toLowerCase()}get tenant(){return this.canonicalAuthorityUrlComponents.PathSegments[0]}get authorizationEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.authorization_endpoint);throw p(pe)}get tokenEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.token_endpoint);throw p(pe)}get deviceCodeEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.token_endpoint.replace("/token","/devicecode"));throw p(pe)}get endSessionEndpoint(){if(this.discoveryComplete()){if(!this.metadata.end_session_endpoint)throw p(Gr);return this.replacePath(this.metadata.end_session_endpoint)}else throw p(pe)}get selfSignedJwtAudience(){if(this.discoveryComplete())return this.replacePath(this.metadata.issuer);throw p(pe)}get jwksUri(){if(this.discoveryComplete())return this.replacePath(this.metadata.jwks_uri);throw p(pe)}canReplaceTenant(e){return e.PathSegments.length===1&&!G.reservedTenantDomains.has(e.PathSegments[0])&&this.getAuthorityType(e)===oe.Default&&this.protocolMode!==Y.OIDC}replaceTenant(e){return e.replace(/{tenant}\|{tenantid}/g,this.tenant)}replacePath(e){let t=e;const o=new S(this.metadata.canonical_authority).getUrlComponents(),i=o.PathSegments;return this.canonicalAuthorityUrlComponents.PathSegments.forEach((a,c)=>{let d=i[c];if(c===0&&this.canReplaceTenant(o)){const h=new S(this.metadata.authorization_endpoint).getUrlComponents().PathSegments[0];d!==h&&(this.logger.verbose(`Replacing tenant domain name ${d} with id ${h}`),d=h)}a!==d&&(t=t.replace(`/${d}/`,`/${a}/`))}),this.replaceTenant(t)}get defaultOpenIdConfigurationEndpoint(){const e=this.hostnameAndPort;return this.canonicalAuthority.endsWith("v2.0/")\|\|this.authorityType===oe.Adfs\|\|this.protocolMode===Y.OIDC&&!this.isAliasOfKnownMicrosoftAuthority(e)?`${this.canonicalAuthority}.well-known/openid-configuration`:`${this.canonicalAuthority}v2.0/.well-known/openid-configuration`}discoveryComplete(){return!!this.metadata}async resolveEndpointsAsync(){var o,i;(o=this.performanceClient)==null\|\|o.addQueueMeasurement(l.AuthorityResolveEndpointsAsync,this.correlationId);const e=this.getCurrentMetadataEntity(),t=await f(this.updateCloudDiscoveryMetadata.bind(this),l.AuthorityUpdateCloudDiscoveryMetadata,this.logger,this.performanceClient,this.correlationId)(e);this.canonicalAuthority=this.canonicalAuthority.replace(this.hostnameAndPort,e.preferred_network);const n=await f(this.updateEndpointMetadata.bind(this),l.AuthorityUpdateEndpointMetadata,this.logger,this.performanceClient,this.correlationId)(e);this.updateCachedMetadata(e,t,{source:n}),(i=this.performanceClient)==null\|\|i.addFields({cloudDiscoverySource:t,authorityEndpointSource:n},this.correlationId)}getCurrentMetadataEntity(){let e=this.cacheManager.getAuthorityMetadataByAlias(this.hostnameAndPort);return e\|\|(e={aliases:[],preferred_cache:this.hostnameAndPort,preferred_network:this.hostnameAndPort,canonical_authority:this.canonicalAuthority,authorization_endpoint:"",token_endpoint:"",end_session_endpoint:"",issuer:"",aliasesFromNetwork:!1,endpointsFromNetwork:!1,expiresAt:Zo(),jwks_uri:""}),e}updateCachedMetadata(e,t,n){t!==X.CACHE&&(n==null?void 0:n.source)!==X.CACHE&&(e.expiresAt=Zo(),e.canonical_authority=this.canonicalAuthority);const o=this.cacheManager.generateAuthorityMetadataCacheKey(e.preferred_cache);this.cacheManager.setAuthorityMetadata(o,e),this.metadata=e}async updateEndpointMetadata(e){var o,i,s;(o=this.performanceClient)==null\|\|o.addQueueMeasurement(l.AuthorityUpdateEndpointMetadata,this.correlationId);const t=this.updateEndpointMetadataFromLocalSources(e);if(t){if(t.source===X.HARDCODED_VALUES&&(i=this.authorityOptions.azureRegionConfiguration)!=null&&i.azureRegion&&t.metadata){const a=await f(this.updateMetadataWithRegionalInformation.bind(this),l.AuthorityUpdateMetadataWithRegionalInformation,this.logger,this.performanceClient,this.correlationId)(t.metadata);vt(e,a,!1),e.canonical_authority=this.canonicalAuthority}return t.source}let n=await f(this.getEndpointMetadataFromNetwork.bind(this),l.AuthorityGetEndpointMetadataFromNetwork,this.logger,this.performanceClient,this.correlationId)();if(n)return(s=this.authorityOptions.azureRegionConfiguration)!=null&&s.azureRegion&&(n=await f(this.updateMetadataWithRegionalInformation.bind(this),l.AuthorityUpdateMetadataWithRegionalInformation,this.logger,this.performanceClient,this.correlationId)(n)),vt(e,n,!0),X.NETWORK;throw p(br,this.defaultOpenIdConfigurationEndpoint)}updateEndpointMetadataFromLocalSources(e){this.logger.verbose("Attempting to get endpoint metadata from authority configuration");const t=this.getEndpointMetadataFromConfig();if(t)return this.logger.verbose("Found endpoint metadata in authority configuration"),vt(e,t,!1),{source:X.CONFIG};if(this.logger.verbose("Did not find endpoint metadata in the config... Attempting to get endpoint metadata from the hardcoded values."),this.authorityOptions.skipAuthorityMetadataCache)this.logger.verbose("Skipping hardcoded metadata cache since skipAuthorityMetadataCache is set to true. Attempting to get endpoint metadata from the network metadata cache.");else{const o=this.getEndpointMetadataFromHardcodedValues();if(o)return vt(e,o,!1),{source:X.HARDCODED_VALUES,metadata:o};this.logger.verbose("Did not find endpoint metadata in hardcoded values... Attempting to get endpoint metadata from the network metadata cache.")}const n=er(e);return this.isAuthoritySameType(e)&&e.endpointsFromNetwork&&!n?(this.logger.verbose("Found endpoint metadata in the cache."),{source:X.CACHE}):(n&&this.logger.verbose("The metadata entity is expired."),null)}isAuthoritySameType(e){return new S(e.canonical_authority).getUrlComponents().PathSegments.length===this.canonicalAuthorityUrlComponents.PathSegments.length}getEndpointMetadataFromConfig(){if(this.authorityOptions.authorityMetadata)try{return JSON.parse(this.authorityOptions.authorityMetadata)}catch{throw b(oi)}return null}async getEndpointMetadataFromNetwork(){var n;(n=this.performanceClient)==null\|\|n.addQueueMeasurement(l.AuthorityGetEndpointMetadataFromNetwork,this.correlationId);const e={},t=this.defaultOpenIdConfigurationEndpoint;this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: attempting to retrieve OAuth endpoints from ${t}`);try{const o=await this.networkInterface.sendGetRequestAsync(t,e);return Hc(o.body)?o.body:(this.logger.verbose("Authority.getEndpointMetadataFromNetwork: could not parse response as OpenID configuration"),null)}catch(o){return this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: ${o}`),null}}getEndpointMetadataFromHardcodedValues(){return this.hostnameAndPort in nr?nr[this.hostnameAndPort]:null}async updateMetadataWithRegionalInformation(e){var n,o,i;(n=this.performanceClient)==null\|\|n.addQueueMeasurement(l.AuthorityUpdateMetadataWithRegionalInformation,this.correlationId);const t=(o=this.authorityOptions.azureRegionConfiguration)==null?void 0:o.azureRegion;if(t){if(t!==g.AZURE_REGION_AUTO_DISCOVER_FLAG)return this.regionDiscoveryMetadata.region_outcome=yn.CONFIGURED_NO_AUTO_DETECTION,this.regionDiscoveryMetadata.region_used=t,G.replaceWithRegionalInformation(e,t);const s=await f(this.regionDiscovery.detectRegion.bind(this.regionDiscovery),l.RegionDiscoveryDetectRegion,this.logger,this.performanceClient,this.correlationId)((i=this.authorityOptions.azureRegionConfiguration)==null?void 0:i.environmentRegion,this.regionDiscoveryMetadata);if(s)return this.regionDiscoveryMetadata.region_outcome=yn.AUTO_DETECTION_REQUESTED_SUCCESSFUL,this.regionDiscoveryMetadata.region_used=s,G.replaceWithRegionalInformation(e,s);this.regionDiscoveryMetadata.region_outcome=yn.AUTO_DETECTION_REQUESTED_FAILED}return e}async updateCloudDiscoveryMetadata(e){var o;(o=this.performanceClient)==null\|\|o.addQueueMeasurement(l.AuthorityUpdateCloudDiscoveryMetadata,this.correlationId);const t=this.updateCloudDiscoveryMetadataFromLocalSources(e);if(t)return t;const n=await f(this.getCloudDiscoveryMetadataFromNetwork.bind(this),l.AuthorityGetCloudDiscoveryMetadataFromNetwork,this.logger,this.performanceClient,this.correlationId)();if(n)return Tn(e,n,!0),X.NETWORK;throw b(ri)}updateCloudDiscoveryMetadataFromLocalSources(e){this.logger.verbose("Attempting to get cloud discovery metadata from authority configuration"),this.logger.verbosePii(`Known Authorities: ${this.authorityOptions.knownAuthorities\|\|g.NOT_APPLICABLE}`),this.logger.verbosePii(`Authority Metadata: ${this.authorityOptions.authorityMetadata\|\|g.NOT_APPLICABLE}`),this.logger.verbosePii(`Canonical Authority: ${e.canonical_authority\|\|g.NOT_APPLICABLE}`);const t=this.getCloudDiscoveryMetadataFromConfig();if(t)return this.logger.verbose("Found cloud discovery metadata in authority configuration"),Tn(e,t,!1),X.CONFIG;if(this.logger.verbose("Did not find cloud discovery metadata in the config... Attempting to get cloud discovery metadata from the hardcoded values."),this.options.skipAuthorityMetadataCache)this.logger.verbose("Skipping hardcoded cloud discovery metadata cache since skipAuthorityMetadataCache is set to true. Attempting to get cloud discovery metadata from the network metadata cache.");else{const o=Oa(this.hostnameAndPort);if(o)return this.logger.verbose("Found cloud discovery metadata from hardcoded values."),Tn(e,o,!1),X.HARDCODED_VALUES;this.logger.verbose("Did not find cloud discovery metadata in hardcoded values... Attempting to get cloud discovery metadata from the network metadata cache.")}const n=er(e);return this.isAuthoritySameType(e)&&e.aliasesFromNetwork&&!n?(this.logger.verbose("Found cloud discovery metadata in the cache."),X.CACHE):(n&&this.logger.verbose("The metadata entity is expired."),null)}getCloudDiscoveryMetadataFromConfig(){if(this.authorityType===oe.Ciam)return this.logger.verbose("CIAM authorities do not support cloud discovery metadata, generate the aliases from authority host."),G.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);if(this.authorityOptions.cloudDiscoveryMetadata){this.logger.verbose("The cloud discovery metadata has been provided as a network response, in the config.");try{this.logger.verbose("Attempting to parse the cloud discovery metadata.");const e=JSON.parse(this.authorityOptions.cloudDiscoveryMetadata),t=Ft(e.metadata,this.hostnameAndPort);if(this.logger.verbose("Parsed the cloud discovery metadata."),t)return this.logger.verbose("There is returnable metadata attached to the parsed cloud discovery metadata."),t;this.logger.verbose("There is no metadata attached to the parsed cloud discovery metadata.")}catch{throw this.logger.verbose("Unable to parse the cloud discovery metadata. Throwing Invalid Cloud Discovery Metadata Error."),b(Zn)}}return this.isInKnownAuthorities()?(this.logger.verbose("The host is included in knownAuthorities. Creating new cloud discovery metadata from the host."),G.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort)):null}async getCloudDiscoveryMetadataFromNetwork(){var o;(o=this.performanceClient)==null\|\|o.addQueueMeasurement(l.AuthorityGetCloudDiscoveryMetadataFromNetwork,this.correlationId);const e=`${g.AAD_INSTANCE_DISCOVERY_ENDPT}${this.canonicalAuthority}oauth2/v2.0/authorize`,t={};let n=null;try{const i=await this.networkInterface.sendGetRequestAsync(e,t);let s,a;if(Dc(i.body))s=i.body,a=s.metadata,this.logger.verbosePii(`tenant_discovery_endpoint is: ${s.tenant_discovery_endpoint}`);else if(xc(i.body)){if(this.logger.warning(`A CloudInstanceDiscoveryErrorResponse was returned. The cloud instance discovery network request's status code is: ${i.status}`),s=i.body,s.error===g.INVALID_INSTANCE)return this.logger.error("The CloudInstanceDiscoveryErrorResponse error is invalid_instance."),null;this.logger.warning(`The CloudInstanceDiscoveryErrorResponse error is ${s.error}`),this.logger.warning(`The CloudInstanceDiscoveryErrorResponse error description is ${s.error_description}`),this.logger.warning("Setting the value of the CloudInstanceDiscoveryMetadata (returned from the network) to []"),a=[]}else return this.logger.error("AAD did not return a CloudInstanceDiscoveryResponse or CloudInstanceDiscoveryErrorResponse"),null;this.logger.verbose("Attempting to find a match between the developer's authority and the CloudInstanceDiscoveryMetadata returned from the network request."),n=Ft(a,this.hostnameAndPort)}catch(i){if(i instanceof R)this.logger.error(`There was a network error while attempting to get the cloud discovery instance metadata.
	Error: ${i.errorCode}
	Error Description: ${i.errorMessage}`);else{const s=i;this.logger.error(`A non-MSALJS error was thrown while attempting to get the cloud instance discovery metadata.
	Error: ${s.name}
	-Error Description: ${s.message}`)}return null}return n\|\|(this.logger.warning("The developer's authority was not found within the CloudInstanceDiscoveryMetadata returned from the network request."),this.logger.verbose("Creating custom Authority for custom domain scenario."),n=G.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort)),n}isInKnownAuthorities(){return this.authorityOptions.knownAuthorities.filter(t=>t&&S.getDomainFromUrl(t).toLowerCase()===this.hostnameAndPort).length>0}static generateAuthority(e,t){let n;if(t&&t.azureCloudInstance!==Xn.None){const o=t.tenant?t.tenant:g.DEFAULT_COMMON_TENANT;n=`${t.azureCloudInstance}/${o}/`}return n\|\|e}static createCloudDiscoveryMetadataFromHost(e){return{preferred_network:e,preferred_cache:e,aliases:[e]}}getPreferredCache(){if(this.managedIdentity)return g.DEFAULT_AUTHORITY_HOST;if(this.discoveryComplete())return this.metadata.preferred_cache;throw p(pe)}isAlias(e){return this.metadata.aliases.indexOf(e)>-1}isAliasOfKnownMicrosoftAuthority(e){return gi.has(e)}static isPublicCloudAuthority(e){return g.KNOWN_PUBLIC_CLOUDS.indexOf(e)>=0}static buildRegionalAuthorityString(e,t,n){const o=new S(e);o.validateAsUri();const i=o.getUrlComponents();let s=`${t}.${i.HostNameAndPort}`;this.isPublicCloudAuthority(i.HostNameAndPort)&&(s=`${t}.${g.REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX}`);const a=S.constructAuthorityUriFromObject({...o.getUrlComponents(),HostNameAndPort:s}).urlString;return n?`${a}?${n}`:a}static replaceWithRegionalInformation(e,t){const n={...e};return n.authorization_endpoint=G.buildRegionalAuthorityString(n.authorization_endpoint,t),n.token_endpoint=G.buildRegionalAuthorityString(n.token_endpoint,t),n.end_session_endpoint&&(n.end_session_endpoint=G.buildRegionalAuthorityString(n.end_session_endpoint,t)),n}static transformCIAMAuthority(e){let t=e;const o=new S(e).getUrlComponents();if(o.PathSegments.length===0&&o.HostNameAndPort.endsWith(g.CIAM_AUTH_URL)){const i=o.HostNameAndPort.split(".")[0];t=`${t}${i}${g.AAD_TENANT_DOMAIN_SUFFIX}`}return t}}G.reservedTenantDomains=new Set(["{tenant}","{tenantid}",ke.COMMON,ke.CONSUMERS,ke.ORGANIZATIONS]);function Kc(r){var o;const n=(o=new S(r).getUrlComponents().PathSegments.slice(-1)[0])==null?void 0:o.toLowerCase();switch(n){case ke.COMMON:case ke.ORGANIZATIONS:case ke.CONSUMERS:return;default:return n}}function Pi(r){return r.endsWith(g.FORWARD_SLASH)?r:`${r}${g.FORWARD_SLASH}`}function Ni(r){const e=r.cloudDiscoveryMetadata;let t;if(e)try{t=JSON.parse(e)}catch{throw b(eo)}return{canonicalAuthority:r.authority?Pi(r.authority):void 0,knownAuthorities:r.knownAuthorities,cloudDiscoveryMetadata:t}}/! @azure/msal-common v15.4.0 2025-03-25 /async function Mi(r,e,t,n,o,i,s){s==null\|\|s.addQueueMeasurement(l.AuthorityFactoryCreateDiscoveredInstance,i);const a=G.transformCIAMAuthority(Pi(r)),c=new G(a,e,t,n,o,i,s);try{return await f(c.resolveEndpointsAsync.bind(c),l.AuthorityResolveEndpointsAsync,o,s,i)(),c}catch{throw p(pe)}}/! @azure/msal-common v15.4.0 2025-03-25 /class Ne extends _{constructor(e,t,n,o,i){super(e,t,n),this.name="ServerError",this.errorNo=o,this.status=i,Object.setPrototypeOf(this,Ne.prototype)}}/! @azure/msal-common v15.4.0 2025-03-25 /function an(r,e,t){var n;return{clientId:r,authority:e.authority,scopes:e.scopes,homeAccountIdentifier:t,claims:e.claims,authenticationScheme:e.authenticationScheme,resourceRequestMethod:e.resourceRequestMethod,resourceRequestUri:e.resourceRequestUri,shrClaims:e.shrClaims,sshKid:e.sshKid,embeddedClientId:e.embeddedClientId\|\|((n=e.tokenBodyParameters)==null?void 0:n.clientId)}}/! @azure/msal-common v15.4.0 2025-03-25 /class le{static generateThrottlingStorageKey(e){return`${ot.THROTTLING_PREFIX}.${JSON.stringify(e)}`}static preProcess(e,t){var i;const n=le.generateThrottlingStorageKey(t),o=e.getThrottlingCache(n);if(o){if(o.throttleTime<Date.now()){e.removeItem(n);return}throw new Ne(((i=o.errorCodes)==null?void 0:i.join(" "))\|\|g.EMPTY_STRING,o.errorMessage,o.subError)}}static postProcess(e,t,n){if(le.checkResponseStatus(n)\|\|le.checkResponseForRetryAfter(n)){const o={throttleTime:le.calculateThrottleTime(parseInt(n.headers[V.RETRY_AFTER])),error:n.body.error,errorCodes:n.body.error_codes,errorMessage:n.body.error_description,subError:n.body.suberror};e.setThrottlingCache(le.generateThrottlingStorageKey(t),o)}}static checkResponseStatus(e){return e.status===429\|\|e.status>=500&&e.status<600}static checkResponseForRetryAfter(e){return e.headers?e.headers.hasOwnProperty(V.RETRY_AFTER)&&(e.status<200\|\|e.status>=300):!1}static calculateThrottleTime(e){const t=e<=0?0:e,n=Date.now()/1e3;return Math.floor(Math.min(n+(t\|\|ot.DEFAULT_THROTTLE_TIME_SECONDS),n+ot.DEFAULT_MAX_THROTTLE_TIME_SECONDS)1e3)}static removeThrottle(e,t,n,o){const i=an(t,n,o),s=this.generateThrottlingStorageKey(i);e.removeItem(s)}}/! @azure/msal-common v15.4.0 2025-03-25 /class cn extends _{constructor(e,t,n){super(e.errorCode,e.errorMessage,e.subError),Object.setPrototypeOf(this,cn.prototype),this.name="NetworkError",this.error=e,this.httpStatus=t,this.responseHeaders=n}}function ar(r,e,t){return new cn(r,e,t)}/! @azure/msal-common v15.4.0 2025-03-25 /class po{constructor(e,t){this.config=Fa(e),this.logger=new Ae(this.config.loggerOptions,Vr,Jn),this.cryptoUtils=this.config.cryptoInterface,this.cacheManager=this.config.storageInterface,this.networkClient=this.config.networkInterface,this.serverTelemetryManager=this.config.serverTelemetryManager,this.authority=this.config.authOptions.authority,this.performanceClient=t}createTokenRequestHeaders(e){const t={};if(t[V.CONTENT_TYPE]=g.URL_FORM_CONTENT_TYPE,!this.config.systemOptions.preventCorsPreflight&&e)switch(e.type){case re.HOME_ACCOUNT_ID:try{const n=$e(e.credential);t[V.CCS_HEADER]=`Oid:${n.uid}@${n.utid}`}catch(n){this.logger.verbose("Could not parse home account ID for CCS Header: "+n)}break;case re.UPN:t[V.CCS_HEADER]=`UPN: ${e.credential}`;break}return t}async executePostToTokenEndpoint(e,t,n,o,i,s){var c;s&&((c=this.performanceClient)==null\|\|c.addQueueMeasurement(s,i));const a=await this.sendPostRequest(o,e,{body:t,headers:n},i);return this.config.serverTelemetryManager&&a.status<500&&a.status!==429&&this.config.serverTelemetryManager.clearTelemetryCache(),a}async sendPostRequest(e,t,n,o){var s,a,c;le.preProcess(this.cacheManager,e);let i;try{i=await f(this.networkClient.sendPostRequestAsync.bind(this.networkClient),l.NetworkClientSendPostRequestAsync,this.logger,this.performanceClient,o)(t,n);const d=i.headers\|\|{};(a=this.performanceClient)==null\|\|a.addFields({refreshTokenSize:((s=i.body.refresh_token)==null?void 0:s.length)\|\|0,httpVerToken:d[V.X_MS_HTTP_VERSION]\|\|"",requestId:d[V.X_MS_REQUEST_ID]\|\|""},o)}catch(d){if(d instanceof cn){const h=d.responseHeaders;throw h&&((c=this.performanceClient)==null\|\|c.addFields({httpVerToken:h[V.X_MS_HTTP_VERSION]\|\|"",requestId:h[V.X_MS_REQUEST_ID]\|\|"",contentTypeHeader:h[V.CONTENT_TYPE]\|\|void 0,contentLengthHeader:h[V.CONTENT_LENGTH]\|\|void 0,httpStatus:d.httpStatus},o)),d.error}throw d instanceof _?d:p(br)}return le.postProcess(this.cacheManager,e,i),i}async updateAuthority(e,t){var i;(i=this.performanceClient)==null\|\|i.addQueueMeasurement(l.UpdateTokenEndpointAuthority,t);const n=`https://${e}/${this.authority.tenant}/`,o=await Mi(n,this.networkClient,this.cacheManager,this.authority.options,this.logger,t,this.performanceClient);this.authority=o}createTokenQueryParameters(e){const t=new Map;return e.embeddedClientId&&rn(t,this.config.authOptions.clientId,this.config.authOptions.redirectUri),e.tokenQueryParameters&&Le(t,e.tokenQueryParameters),lo(t,e.correlationId),on(t,e.correlationId,this.performanceClient),dt(t)}}/! @azure/msal-common v15.4.0 2025-03-25 /const Bt="no_tokens_found",Ui="native_account_unavailable",mo="refresh_token_expired",Bc="interaction_required",Gc="consent_required",zc="login_required",ln="bad_token";/! @azure/msal-common v15.4.0 2025-03-25 /const cr=[Bc,Gc,zc,ln],qc=["message_only","additional_action","basic_action","user_password_expired","consent_required","bad_token"],$c={[Bt]:"No refresh token found in the cache. Please sign-in.",[Ui]:"The requested account is not available in the native broker. It may have been deleted or logged out. Please sign-in again using an interactive API.",[mo]:"Refresh token has expired.",[ln]:"Identity provider returned bad_token due to an expired or invalid refresh token. Please invoke an interactive API to resolve."};class ne extends _{constructor(e,t,n,o,i,s,a,c){super(e,t,n),Object.setPrototypeOf(this,ne.prototype),this.timestamp=o\|\|g.EMPTY_STRING,this.traceId=i\|\|g.EMPTY_STRING,this.correlationId=s\|\|g.EMPTY_STRING,this.claims=a\|\|g.EMPTY_STRING,this.name="InteractionRequiredAuthError",this.errorNo=c}}function Li(r,e,t){const n=!!r&&cr.indexOf(r)>-1,o=!!t&&qc.indexOf(t)>-1,i=!!e&&cr.some(s=>e.indexOf(s)>-1);return n\|\|i\|\|o}function Nn(r){return new ne(r,$c[r])}/! @azure/msal-common v15.4.0 2025-03-25 /class We{static setRequestState(e,t,n){const o=We.generateLibraryState(e,n);return t?`${o}${g.RESOURCE_DELIM}${t}`:o}static generateLibraryState(e,t){if(!e)throw p(_n);const n={id:e.createNewGuid()};t&&(n.meta=t);const o=JSON.stringify(n);return e.base64Encode(o)}static parseRequestState(e,t){if(!e)throw p(_n);if(!t)throw p(Qe);try{const n=t.split(g.RESOURCE_DELIM),o=n[0],i=n.length>1?n.slice(1).join(g.RESOURCE_DELIM):g.EMPTY_STRING,s=e.base64Decode(o),a=JSON.parse(s);return{userRequestState:i\|\|g.EMPTY_STRING,libraryState:a}}catch{throw p(Qe)}}}/! @azure/msal-common v15.4.0 2025-03-25 /const Vc={SW:"sw"};class Ye{constructor(e,t){this.cryptoUtils=e,this.performanceClient=t}async generateCnf(e,t){var i;(i=this.performanceClient)==null\|\|i.addQueueMeasurement(l.PopTokenGenerateCnf,e.correlationId);const n=await f(this.generateKid.bind(this),l.PopTokenGenerateCnf,t,this.performanceClient,e.correlationId)(e),o=this.cryptoUtils.base64UrlEncode(JSON.stringify(n));return{kid:n.kid,reqCnfString:o}}async generateKid(e){var n;return(n=this.performanceClient)==null\|\|n.addQueueMeasurement(l.PopTokenGenerateKid,e.correlationId),{kid:await this.cryptoUtils.getPublicKeyThumbprint(e),xms_ksl:Vc.SW}}async signPopToken(e,t,n){return this.signPayload(e,t,n)}async signPayload(e,t,n,o){const{resourceRequestMethod:i,resourceRequestUri:s,shrClaims:a,shrNonce:c,shrOptions:d}=n,h=s?new S(s):void 0,u=h==null?void 0:h.getUrlComponents();return this.cryptoUtils.signJwt({at:e,ts:j(),m:i==null?void 0:i.toUpperCase(),u:u==null?void 0:u.HostNameAndPort,nonce:c\|\|this.cryptoUtils.createNewGuid(),p:u==null?void 0:u.AbsolutePath,q:u!=null&&u.QueryString?[[],u.QueryString]:void 0,client_claims:a\|\|void 0,...o},t,d,n.correlationId)}}/! @azure/msal-common v15.4.0 2025-03-25 /class Qc{constructor(e,t){this.cache=e,this.hasChanged=t}get cacheHasChanged(){return this.hasChanged}get tokenCache(){return this.cache}}/! @azure/msal-common v15.4.0 2025-03-25 */class De{constructor(e,t,n,o,i,s,a){this.clientId=e,this.cacheStorage=t,this.cryptoObj=n,this.logger=o,this.serializableCache=i,this.persistencePlugin=s,this.performanceClient=a}validateTokenResponse(e,t){var n;if(e.error\|\|e.error_description\|\|e.suberror){const o=`Error(s): ${e.error_codes\|\|g.NOT_AVAILABLE} - Timestamp: ${e.timestamp\|\|g.NOT_AVAILABLE} - Description: ${e.error_description\|\|g.NOT_AVAILABLE} - Correlation ID: ${e.correlation_id\|\|g.NOT_AVAILABLE} - Trace ID: ${e.trace_id\|\|g.NOT_AVAILABLE}`,i=(n=e.error_codes)!=null&&n.length?e.error_codes[0]:void 0,s=new Ne(e.error,o,e.suberror,i,e.status);if(t&&e.status&&e.status>=At.SERVER_ERROR_RANGE_START&&e.status<=At.SERVER_ERROR_RANGE_END){this.logger.warning(`executeTokenRequest:validateTokenResponse - AAD is currently unavailable and the access token is unable to be refreshed.
	+Error Description: ${s.message}`)}return null}return n\|\|(this.logger.warning("The developer's authority was not found within the CloudInstanceDiscoveryMetadata returned from the network request."),this.logger.verbose("Creating custom Authority for custom domain scenario."),n=G.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort)),n}isInKnownAuthorities(){return this.authorityOptions.knownAuthorities.filter(t=>t&&S.getDomainFromUrl(t).toLowerCase()===this.hostnameAndPort).length>0}static generateAuthority(e,t){let n;if(t&&t.azureCloudInstance!==Jn.None){const o=t.tenant?t.tenant:g.DEFAULT_COMMON_TENANT;n=`${t.azureCloudInstance}/${o}/`}return n\|\|e}static createCloudDiscoveryMetadataFromHost(e){return{preferred_network:e,preferred_cache:e,aliases:[e]}}getPreferredCache(){if(this.managedIdentity)return g.DEFAULT_AUTHORITY_HOST;if(this.discoveryComplete())return this.metadata.preferred_cache;throw p(pe)}isAlias(e){return this.metadata.aliases.indexOf(e)>-1}isAliasOfKnownMicrosoftAuthority(e){return ui.has(e)}static isPublicCloudAuthority(e){return g.KNOWN_PUBLIC_CLOUDS.indexOf(e)>=0}static buildRegionalAuthorityString(e,t,n){const o=new S(e);o.validateAsUri();const i=o.getUrlComponents();let s=`${t}.${i.HostNameAndPort}`;this.isPublicCloudAuthority(i.HostNameAndPort)&&(s=`${t}.${g.REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX}`);const a=S.constructAuthorityUriFromObject({...o.getUrlComponents(),HostNameAndPort:s}).urlString;return n?`${a}?${n}`:a}static replaceWithRegionalInformation(e,t){const n={...e};return n.authorization_endpoint=G.buildRegionalAuthorityString(n.authorization_endpoint,t),n.token_endpoint=G.buildRegionalAuthorityString(n.token_endpoint,t),n.end_session_endpoint&&(n.end_session_endpoint=G.buildRegionalAuthorityString(n.end_session_endpoint,t)),n}static transformCIAMAuthority(e){let t=e;const o=new S(e).getUrlComponents();if(o.PathSegments.length===0&&o.HostNameAndPort.endsWith(g.CIAM_AUTH_URL)){const i=o.HostNameAndPort.split(".")[0];t=`${t}${i}${g.AAD_TENANT_DOMAIN_SUFFIX}`}return t}}G.reservedTenantDomains=new Set(["{tenant}","{tenantid}",ke.COMMON,ke.CONSUMERS,ke.ORGANIZATIONS]);function Kc(r){var o;const n=(o=new S(r).getUrlComponents().PathSegments.slice(-1)[0])==null?void 0:o.toLowerCase();switch(n){case ke.COMMON:case ke.ORGANIZATIONS:case ke.CONSUMERS:return;default:return n}}function Oi(r){return r.endsWith(g.FORWARD_SLASH)?r:`${r}${g.FORWARD_SLASH}`}function Pi(r){const e=r.cloudDiscoveryMetadata;let t;if(e)try{t=JSON.parse(e)}catch{throw b(Zn)}return{canonicalAuthority:r.authority?Oi(r.authority):void 0,knownAuthorities:r.knownAuthorities,cloudDiscoveryMetadata:t}}/! @azure/msal-common v15.4.0 2025-03-25 /async function Ni(r,e,t,n,o,i,s){s==null\|\|s.addQueueMeasurement(l.AuthorityFactoryCreateDiscoveredInstance,i);const a=G.transformCIAMAuthority(Oi(r)),c=new G(a,e,t,n,o,i,s);try{return await f(c.resolveEndpointsAsync.bind(c),l.AuthorityResolveEndpointsAsync,o,s,i)(),c}catch{throw p(pe)}}/! @azure/msal-common v15.4.0 2025-03-25 /class Ne extends R{constructor(e,t,n,o,i){super(e,t,n),this.name="ServerError",this.errorNo=o,this.status=i,Object.setPrototypeOf(this,Ne.prototype)}}/! @azure/msal-common v15.4.0 2025-03-25 /function an(r,e,t){var n;return{clientId:r,authority:e.authority,scopes:e.scopes,homeAccountIdentifier:t,claims:e.claims,authenticationScheme:e.authenticationScheme,resourceRequestMethod:e.resourceRequestMethod,resourceRequestUri:e.resourceRequestUri,shrClaims:e.shrClaims,sshKid:e.sshKid,embeddedClientId:e.embeddedClientId\|\|((n=e.tokenBodyParameters)==null?void 0:n.clientId)}}/! @azure/msal-common v15.4.0 2025-03-25 /class le{static generateThrottlingStorageKey(e){return`${st.THROTTLING_PREFIX}.${JSON.stringify(e)}`}static preProcess(e,t){var i;const n=le.generateThrottlingStorageKey(t),o=e.getThrottlingCache(n);if(o){if(o.throttleTime<Date.now()){e.removeItem(n);return}throw new Ne(((i=o.errorCodes)==null?void 0:i.join(" "))\|\|g.EMPTY_STRING,o.errorMessage,o.subError)}}static postProcess(e,t,n){if(le.checkResponseStatus(n)\|\|le.checkResponseForRetryAfter(n)){const o={throttleTime:le.calculateThrottleTime(parseInt(n.headers[V.RETRY_AFTER])),error:n.body.error,errorCodes:n.body.error_codes,errorMessage:n.body.error_description,subError:n.body.suberror};e.setThrottlingCache(le.generateThrottlingStorageKey(t),o)}}static checkResponseStatus(e){return e.status===429\|\|e.status>=500&&e.status<600}static checkResponseForRetryAfter(e){return e.headers?e.headers.hasOwnProperty(V.RETRY_AFTER)&&(e.status<200\|\|e.status>=300):!1}static calculateThrottleTime(e){const t=e<=0?0:e,n=Date.now()/1e3;return Math.floor(Math.min(n+(t\|\|st.DEFAULT_THROTTLE_TIME_SECONDS),n+st.DEFAULT_MAX_THROTTLE_TIME_SECONDS)1e3)}static removeThrottle(e,t,n,o){const i=an(t,n,o),s=this.generateThrottlingStorageKey(i);e.removeItem(s)}}/! @azure/msal-common v15.4.0 2025-03-25 /class cn extends R{constructor(e,t,n){super(e.errorCode,e.errorMessage,e.subError),Object.setPrototypeOf(this,cn.prototype),this.name="NetworkError",this.error=e,this.httpStatus=t,this.responseHeaders=n}}function sr(r,e,t){return new cn(r,e,t)}/! @azure/msal-common v15.4.0 2025-03-25 /class fo{constructor(e,t){this.config=Fa(e),this.logger=new Ae(this.config.loggerOptions,$r,Wn),this.cryptoUtils=this.config.cryptoInterface,this.cacheManager=this.config.storageInterface,this.networkClient=this.config.networkInterface,this.serverTelemetryManager=this.config.serverTelemetryManager,this.authority=this.config.authOptions.authority,this.performanceClient=t}createTokenRequestHeaders(e){const t={};if(t[V.CONTENT_TYPE]=g.URL_FORM_CONTENT_TYPE,!this.config.systemOptions.preventCorsPreflight&&e)switch(e.type){case re.HOME_ACCOUNT_ID:try{const n=Qe(e.credential);t[V.CCS_HEADER]=`Oid:${n.uid}@${n.utid}`}catch(n){this.logger.verbose("Could not parse home account ID for CCS Header: "+n)}break;case re.UPN:t[V.CCS_HEADER]=`UPN: ${e.credential}`;break}return t}async executePostToTokenEndpoint(e,t,n,o,i,s){var c;s&&((c=this.performanceClient)==null\|\|c.addQueueMeasurement(s,i));const a=await this.sendPostRequest(o,e,{body:t,headers:n},i);return this.config.serverTelemetryManager&&a.status<500&&a.status!==429&&this.config.serverTelemetryManager.clearTelemetryCache(),a}async sendPostRequest(e,t,n,o){var s,a,c;le.preProcess(this.cacheManager,e);let i;try{i=await f(this.networkClient.sendPostRequestAsync.bind(this.networkClient),l.NetworkClientSendPostRequestAsync,this.logger,this.performanceClient,o)(t,n);const d=i.headers\|\|{};(a=this.performanceClient)==null\|\|a.addFields({refreshTokenSize:((s=i.body.refresh_token)==null?void 0:s.length)\|\|0,httpVerToken:d[V.X_MS_HTTP_VERSION]\|\|"",requestId:d[V.X_MS_REQUEST_ID]\|\|""},o)}catch(d){if(d instanceof cn){const h=d.responseHeaders;throw h&&((c=this.performanceClient)==null\|\|c.addFields({httpVerToken:h[V.X_MS_HTTP_VERSION]\|\|"",requestId:h[V.X_MS_REQUEST_ID]\|\|"",contentTypeHeader:h[V.CONTENT_TYPE]\|\|void 0,contentLengthHeader:h[V.CONTENT_LENGTH]\|\|void 0,httpStatus:d.httpStatus},o)),d.error}throw d instanceof R?d:p(Rr)}return le.postProcess(this.cacheManager,e,i),i}async updateAuthority(e,t){var i;(i=this.performanceClient)==null\|\|i.addQueueMeasurement(l.UpdateTokenEndpointAuthority,t);const n=`https://${e}/${this.authority.tenant}/`,o=await Ni(n,this.networkClient,this.cacheManager,this.authority.options,this.logger,t,this.performanceClient);this.authority=o}createTokenQueryParameters(e){const t=new Map;return e.embeddedClientId&&rn(t,this.config.authOptions.clientId,this.config.authOptions.redirectUri),e.tokenQueryParameters&&He(t,e.tokenQueryParameters),co(t,e.correlationId),on(t,e.correlationId,this.performanceClient),ut(t)}}/! @azure/msal-common v15.4.0 2025-03-25 /const zt="no_tokens_found",Mi="native_account_unavailable",po="refresh_token_expired",Bc="interaction_required",Gc="consent_required",zc="login_required",ln="bad_token";/! @azure/msal-common v15.4.0 2025-03-25 /const ar=[Bc,Gc,zc,ln],qc=["message_only","additional_action","basic_action","user_password_expired","consent_required","bad_token"],$c={[zt]:"No refresh token found in the cache. Please sign-in.",[Mi]:"The requested account is not available in the native broker. It may have been deleted or logged out. Please sign-in again using an interactive API.",[po]:"Refresh token has expired.",[ln]:"Identity provider returned bad_token due to an expired or invalid refresh token. Please invoke an interactive API to resolve."};class ne extends R{constructor(e,t,n,o,i,s,a,c){super(e,t,n),Object.setPrototypeOf(this,ne.prototype),this.timestamp=o\|\|g.EMPTY_STRING,this.traceId=i\|\|g.EMPTY_STRING,this.correlationId=s\|\|g.EMPTY_STRING,this.claims=a\|\|g.EMPTY_STRING,this.name="InteractionRequiredAuthError",this.errorNo=c}}function Ui(r,e,t){const n=!!r&&ar.indexOf(r)>-1,o=!!t&&qc.indexOf(t)>-1,i=!!e&&ar.some(s=>e.indexOf(s)>-1);return n\|\|i\|\|o}function Pn(r){return new ne(r,$c[r])}/! @azure/msal-common v15.4.0 2025-03-25 /class Ze{static setRequestState(e,t,n){const o=Ze.generateLibraryState(e,n);return t?`${o}${g.RESOURCE_DELIM}${t}`:o}static generateLibraryState(e,t){if(!e)throw p(kn);const n={id:e.createNewGuid()};t&&(n.meta=t);const o=JSON.stringify(n);return e.base64Encode(o)}static parseRequestState(e,t){if(!e)throw p(kn);if(!t)throw p(je);try{const n=t.split(g.RESOURCE_DELIM),o=n[0],i=n.length>1?n.slice(1).join(g.RESOURCE_DELIM):g.EMPTY_STRING,s=e.base64Decode(o),a=JSON.parse(s);return{userRequestState:i\|\|g.EMPTY_STRING,libraryState:a}}catch{throw p(je)}}}/! @azure/msal-common v15.4.0 2025-03-25 /const Vc={SW:"sw"};class We{constructor(e,t){this.cryptoUtils=e,this.performanceClient=t}async generateCnf(e,t){var i;(i=this.performanceClient)==null\|\|i.addQueueMeasurement(l.PopTokenGenerateCnf,e.correlationId);const n=await f(this.generateKid.bind(this),l.PopTokenGenerateCnf,t,this.performanceClient,e.correlationId)(e),o=this.cryptoUtils.base64UrlEncode(JSON.stringify(n));return{kid:n.kid,reqCnfString:o}}async generateKid(e){var n;return(n=this.performanceClient)==null\|\|n.addQueueMeasurement(l.PopTokenGenerateKid,e.correlationId),{kid:await this.cryptoUtils.getPublicKeyThumbprint(e),xms_ksl:Vc.SW}}async signPopToken(e,t,n){return this.signPayload(e,t,n)}async signPayload(e,t,n,o){const{resourceRequestMethod:i,resourceRequestUri:s,shrClaims:a,shrNonce:c,shrOptions:d}=n,h=s?new S(s):void 0,u=h==null?void 0:h.getUrlComponents();return this.cryptoUtils.signJwt({at:e,ts:j(),m:i==null?void 0:i.toUpperCase(),u:u==null?void 0:u.HostNameAndPort,nonce:c\|\|this.cryptoUtils.createNewGuid(),p:u==null?void 0:u.AbsolutePath,q:u!=null&&u.QueryString?[[],u.QueryString]:void 0,client_claims:a\|\|void 0,...o},t,d,n.correlationId)}}/! @azure/msal-common v15.4.0 2025-03-25 /class Qc{constructor(e,t){this.cache=e,this.hasChanged=t}get cacheHasChanged(){return this.hasChanged}get tokenCache(){return this.cache}}/! @azure/msal-common v15.4.0 2025-03-25 */class Fe{constructor(e,t,n,o,i,s,a){this.clientId=e,this.cacheStorage=t,this.cryptoObj=n,this.logger=o,this.serializableCache=i,this.persistencePlugin=s,this.performanceClient=a}validateTokenResponse(e,t){var n;if(e.error\|\|e.error_description\|\|e.suberror){const o=`Error(s): ${e.error_codes\|\|g.NOT_AVAILABLE} - Timestamp: ${e.timestamp\|\|g.NOT_AVAILABLE} - Description: ${e.error_description\|\|g.NOT_AVAILABLE} - Correlation ID: ${e.correlation_id\|\|g.NOT_AVAILABLE} - Trace ID: ${e.trace_id\|\|g.NOT_AVAILABLE}`,i=(n=e.error_codes)!=null&&n.length?e.error_codes[0]:void 0,s=new Ne(e.error,o,e.suberror,i,e.status);if(t&&e.status&&e.status>=At.SERVER_ERROR_RANGE_START&&e.status<=At.SERVER_ERROR_RANGE_END){this.logger.warning(`executeTokenRequest:validateTokenResponse - AAD is currently unavailable and the access token is unable to be refreshed.
	${s}`);return}else if(t&&e.status&&e.status>=At.CLIENT_ERROR_RANGE_START&&e.status<=At.CLIENT_ERROR_RANGE_END){this.logger.warning(`executeTokenRequest:validateTokenResponse - AAD is currently available but is unable to refresh the access token.
	-${s}`);return}throw Li(e.error,e.error_description,e.suberror)?new ne(e.error,e.error_description,e.suberror,e.timestamp\|\|g.EMPTY_STRING,e.trace_id\|\|g.EMPTY_STRING,e.correlation_id\|\|g.EMPTY_STRING,e.claims\|\|g.EMPTY_STRING,i):s}}async handleServerTokenResponse(e,t,n,o,i,s,a,c,d){var E;(E=this.performanceClient)==null\|\|E.addQueueMeasurement(l.HandleServerTokenResponse,e.correlation_id);let h;if(e.id_token){if(h=be(e.id_token\|\|g.EMPTY_STRING,this.cryptoObj.base64Decode),i&&i.nonce&&h.nonce!==i.nonce)throw p(Mr);if(o.maxAge\|\|o.maxAge===0){const w=h.auth_time;if(!w)throw p(Qn);Qr(w,o.maxAge)}}this.homeAccountIdentifier=q.generateHomeAccountId(e.client_info\|\|g.EMPTY_STRING,t.authorityType,this.logger,this.cryptoObj,h);let u;i&&i.state&&(u=We.parseRequestState(this.cryptoObj,i.state)),e.key_id=e.key_id\|\|o.sshKid\|\|void 0;const m=this.generateCacheRecord(e,t,n,o,h,s,i);let A;try{if(this.persistencePlugin&&this.serializableCache&&(this.logger.verbose("Persistence enabled, calling beforeCacheAccess"),A=new Qc(this.serializableCache,!0),await this.persistencePlugin.beforeCacheAccess(A)),a&&!c&&m.account){const w=m.account.generateAccountKey();if(!this.cacheStorage.getAccount(w))return this.logger.warning("Account used to refresh tokens not in persistence, refreshed tokens will not be stored in the cache"),await De.generateAuthenticationResult(this.cryptoObj,t,m,!1,o,h,u,void 0,d)}await this.cacheStorage.saveCacheRecord(m,o.correlationId,o.storeInCache)}finally{this.persistencePlugin&&this.serializableCache&&A&&(this.logger.verbose("Persistence enabled, calling afterCacheAccess"),await this.persistencePlugin.afterCacheAccess(A))}return De.generateAuthenticationResult(this.cryptoObj,t,m,!1,o,h,u,e,d)}generateCacheRecord(e,t,n,o,i,s,a){const c=t.getPreferredCache();if(!c)throw p(jn);const d=di(i);let h,u;e.id_token&&i&&(h=Jt(this.homeAccountIdentifier,c,e.id_token,this.clientId,d\|\|""),u=Co(this.cacheStorage,t,this.homeAccountIdentifier,this.cryptoObj.base64Decode,i,e.client_info,c,d,a,void 0,this.logger));let m=null;if(e.access_token){const w=e.scope?M.fromString(e.scope):new M(o.scopes\|\|[]),D=(typeof e.expires_in=="string"?parseInt(e.expires_in,10):e.expires_in)\|\|0,W=(typeof e.ext_expires_in=="string"?parseInt(e.ext_expires_in,10):e.ext_expires_in)\|\|0,ee=(typeof e.refresh_in=="string"?parseInt(e.refresh_in,10):e.refresh_in)\|\|void 0,Ee=n+D,yt=Ee+W,Tt=ee&&ee>0?n+ee:void 0;m=Xt(this.homeAccountIdentifier,c,e.access_token,this.clientId,d\|\|t.tenant\|\|"",w.printScopes(),Ee,yt,this.cryptoObj.base64Decode,Tt,e.token_type,s,e.key_id,o.claims,o.requestedClaimsHash)}let A=null;if(e.refresh_token){let w;if(e.refresh_token_expires_in){const D=typeof e.refresh_token_expires_in=="string"?parseInt(e.refresh_token_expires_in,10):e.refresh_token_expires_in;w=n+D}A=jr(this.homeAccountIdentifier,c,e.refresh_token,this.clientId,e.foci,s,w)}let E=null;return e.foci&&(E={clientId:this.clientId,environment:c,familyId:e.foci}),{account:u,idToken:h,accessToken:m,refreshToken:A,appMetadata:E}}static async generateAuthenticationResult(e,t,n,o,i,s,a,c,d){var Ee,yt,Tt,qo,$o;let h=g.EMPTY_STRING,u=[],m=null,A,E,w=g.EMPTY_STRING;if(n.accessToken){if(n.accessToken.tokenType===k.POP&&!i.popKid){const js=new Ye(e),{secret:Ws,keyId:Vo}=n.accessToken;if(!Vo)throw p(Wn);h=await js.signPopToken(Ws,Vo,i)}else h=n.accessToken.secret;u=M.fromString(n.accessToken.target).asArray(),m=Te(n.accessToken.expiresOn),A=Te(n.accessToken.extendedExpiresOn),n.accessToken.refreshOn&&(E=Te(n.accessToken.refreshOn))}n.appMetadata&&(w=n.appMetadata.familyId===nt?nt:"");const D=(s==null?void 0:s.oid)\|\|(s==null?void 0:s.sub)\|\|"",W=(s==null?void 0:s.tid)\|\|"";c!=null&&c.spa_accountid&&n.account&&(n.account.nativeAccountId=c==null?void 0:c.spa_accountid);const ee=n.account?no(n.account.getAccountInfo(),void 0,s,(Ee=n.idToken)==null?void 0:Ee.secret):null;return{authority:t.canonicalAuthority,uniqueId:D,tenantId:W,scopes:u,account:ee,idToken:((yt=n==null?void 0:n.idToken)==null?void 0:yt.secret)\|\|"",idTokenClaims:s\|\|{},accessToken:h,fromCache:o,expiresOn:m,extExpiresOn:A,refreshOn:E,correlationId:i.correlationId,requestId:d\|\|g.EMPTY_STRING,familyId:w,tokenType:((Tt=n.accessToken)==null?void 0:Tt.tokenType)\|\|g.EMPTY_STRING,state:a?a.userRequestState:g.EMPTY_STRING,cloudGraphHostName:((qo=n.account)==null?void 0:qo.cloudGraphHostName)\|\|g.EMPTY_STRING,msGraphHost:(($o=n.account)==null?void 0:$o.msGraphHost)\|\|g.EMPTY_STRING,code:c==null?void 0:c.spa_code,fromNativeBroker:!1}}}function Co(r,e,t,n,o,i,s,a,c,d,h){h==null\|\|h.verbose("setCachedAccount called");const m=r.getAccountKeys().find(W=>W.startsWith(t));let A=null;m&&(A=r.getAccount(m));const E=A\|\|q.createAccount({homeAccountId:t,idTokenClaims:o,clientInfo:i,environment:s,cloudGraphHostName:c==null?void 0:c.cloud_graph_host_name,msGraphHost:c==null?void 0:c.msgraph_host,nativeAccountId:d},e,n),w=E.tenantProfiles\|\|[],D=a\|\|E.realm;if(D&&!w.find(W=>W.tenantId===D)){const W=nn(t,E.localAccountId,D,o);w.push(W)}return E.tenantProfiles=w,E}/! @azure/msal-common v15.4.0 2025-03-25 /class Yc{static validateRedirectUri(e){if(!e)throw b(Wr)}static validatePrompt(e){const t=[];for(const n in K)t.push(K[n]);if(t.indexOf(e)<0)throw b(ei)}static validateClaims(e){try{JSON.parse(e)}catch{throw b(Zt)}}static validateCodeChallengeParams(e,t){if(!e\|\|!t)throw b(en);this.validateCodeChallengeMethod(t)}static validateCodeChallengeMethod(e){if([jo.PLAIN,jo.S256].indexOf(e)<0)throw b(oi)}}/! @azure/msal-common v15.4.0 2025-03-25 /async function Hi(r,e,t){return typeof r=="string"?r:r({clientId:e,tokenEndpoint:t})}/! @azure/msal-common v15.4.0 2025-03-25 /class Di extends po{constructor(e,t){var n;super(e,t),this.includeRedirectUri=!0,this.oidcDefaultScopes=(n=this.config.authOptions.authority.options.OIDCOptions)==null?void 0:n.defaultScopes}async acquireToken(e,t){var a,c;if((a=this.performanceClient)==null\|\|a.addQueueMeasurement(l.AuthClientAcquireToken,e.correlationId),!e.code)throw p(Hr);const n=j(),o=await f(this.executeTokenRequest.bind(this),l.AuthClientExecuteTokenRequest,this.logger,this.performanceClient,e.correlationId)(this.authority,e),i=(c=o.headers)==null?void 0:c[V.X_MS_REQUEST_ID],s=new De(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.config.serializableCache,this.config.persistencePlugin,this.performanceClient);return s.validateTokenResponse(o.body),f(s.handleServerTokenResponse.bind(s),l.HandleServerTokenResponse,this.logger,this.performanceClient,e.correlationId)(o.body,this.authority,n,e,t,void 0,void 0,void 0,i)}getLogoutUri(e){if(!e)throw b(ni);const t=this.createLogoutUrlQueryString(e);return S.appendQueryString(this.authority.endSessionEndpoint,t)}async executeTokenRequest(e,t){var d;(d=this.performanceClient)==null\|\|d.addQueueMeasurement(l.AuthClientExecuteTokenRequest,t.correlationId);const n=this.createTokenQueryParameters(t),o=S.appendQueryString(e.tokenEndpoint,n),i=await f(this.createTokenRequestBody.bind(this),l.AuthClientCreateTokenRequestBody,this.logger,this.performanceClient,t.correlationId)(t);let s;if(t.clientInfo)try{const h=Lt(t.clientInfo,this.cryptoUtils.base64Decode);s={credential:`${h.uid}${z.CLIENT_INFO_SEPARATOR}${h.utid}`,type:re.HOME_ACCOUNT_ID}}catch(h){this.logger.verbose("Could not parse client info for CCS Header: "+h)}const a=this.createTokenRequestHeaders(s\|\|t.ccsCredential),c=an(this.config.authOptions.clientId,t);return f(this.executePostToTokenEndpoint.bind(this),l.AuthorizationCodeClientExecutePostToTokenEndpoint,this.logger,this.performanceClient,t.correlationId)(o,i,a,c,t.correlationId,l.AuthorizationCodeClientExecutePostToTokenEndpoint)}async createTokenRequestBody(e){var o,i;(o=this.performanceClient)==null\|\|o.addQueueMeasurement(l.AuthClientCreateTokenRequestBody,e.correlationId);const t=new Map;if(so(t,e.embeddedClientId\|\|((i=e.tokenBodyParameters)==null?void 0:i[He])\|\|this.config.authOptions.clientId),this.includeRedirectUri?ao(t,e.redirectUri):Yc.validateRedirectUri(e.redirectUri),io(t,e.scopes,!0,this.oidcDefaultScopes),Pc(t,e.code),ho(t,this.config.libraryInfo),uo(t,this.config.telemetry.application),Oi(t),this.serverTelemetryManager&&!mi(this.config)&&bi(t,this.serverTelemetryManager),e.codeVerifier&&Mc(t,e.codeVerifier),this.config.clientCredentials.clientSecret&&Ei(t,this.config.clientCredentials.clientSecret),this.config.clientCredentials.clientAssertion){const s=this.config.clientCredentials.clientAssertion;wi(t,await Hi(s.assertion,this.config.authOptions.clientId,e.resourceRequestUri)),vi(t,s.assertionType)}if(Si(t,kr.AUTHORIZATION_CODE_GRANT),go(t),e.authenticationScheme===k.POP){const s=new Ye(this.cryptoUtils,this.performanceClient);let a;e.popKid?a=this.cryptoUtils.encodeKid(e.popKid):a=(await f(s.generateCnf.bind(s),l.PopTokenGenerateCnf,this.logger,this.performanceClient,e.correlationId)(e,this.logger)).reqCnfString,fo(t,a)}else if(e.authenticationScheme===k.SSH)if(e.sshJwk)Ri(t,e.sshJwk);else throw b(tn);(!ie.isEmptyObj(e.claims)\|\|this.config.authOptions.clientCapabilities&&this.config.authOptions.clientCapabilities.length>0)&&co(t,e.claims,this.config.authOptions.clientCapabilities);let n;if(e.clientInfo)try{const s=Lt(e.clientInfo,this.cryptoUtils.base64Decode);n={credential:`${s.uid}${z.CLIENT_INFO_SEPARATOR}${s.utid}`,type:re.HOME_ACCOUNT_ID}}catch(s){this.logger.verbose("Could not parse client info for CCS Header: "+s)}else n=e.ccsCredential;if(this.config.systemOptions.preventCorsPreflight&&n)switch(n.type){case re.HOME_ACCOUNT_ID:try{const s=$e(n.credential);it(t,s)}catch(s){this.logger.verbose("Could not parse home account ID for CCS Header: "+s)}break;case re.UPN:Kt(t,n.credential);break}return e.embeddedClientId&&rn(t,this.config.authOptions.clientId,this.config.authOptions.redirectUri),e.tokenBodyParameters&&Le(t,e.tokenBodyParameters),e.enableSpaAuthorizationCode&&(!e.tokenBodyParameters\|\|!e.tokenBodyParameters[ir])&&Le(t,{[ir]:"1"}),on(t,e.correlationId,this.performanceClient),dt(t)}createLogoutUrlQueryString(e){const t=new Map;return e.postLogoutRedirectUri&&Sc(t,e.postLogoutRedirectUri),e.correlationId&&lo(t,e.correlationId),e.idTokenHint&&kc(t,e.idTokenHint),e.state&&Ii(t,e.state),e.logoutHint&&Uc(t,e.logoutHint),e.extraQueryParameters&&Le(t,e.extraQueryParameters),this.config.authOptions.instanceAware&&ki(t),dt(t)}}/! @azure/msal-common v15.4.0 2025-03-25 /const jc=300;class Wc extends po{constructor(e,t){super(e,t)}async acquireToken(e){var s,a;(s=this.performanceClient)==null\|\|s.addQueueMeasurement(l.RefreshTokenClientAcquireToken,e.correlationId);const t=j(),n=await f(this.executeTokenRequest.bind(this),l.RefreshTokenClientExecuteTokenRequest,this.logger,this.performanceClient,e.correlationId)(e,this.authority),o=(a=n.headers)==null?void 0:a[V.X_MS_REQUEST_ID],i=new De(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.config.serializableCache,this.config.persistencePlugin);return i.validateTokenResponse(n.body),f(i.handleServerTokenResponse.bind(i),l.HandleServerTokenResponse,this.logger,this.performanceClient,e.correlationId)(n.body,this.authority,t,e,void 0,void 0,!0,e.forceCache,o)}async acquireTokenByRefreshToken(e){var n;if(!e)throw b(ti);if((n=this.performanceClient)==null\|\|n.addQueueMeasurement(l.RefreshTokenClientAcquireTokenByRefreshToken,e.correlationId),!e.account)throw p(Yn);if(this.cacheManager.isAppMetadataFOCI(e.account.environment))try{return await f(this.acquireTokenWithCachedRefreshToken.bind(this),l.RefreshTokenClientAcquireTokenWithCachedRefreshToken,this.logger,this.performanceClient,e.correlationId)(e,!0)}catch(o){const i=o instanceof ne&&o.errorCode===Bt,s=o instanceof Ne&&o.errorCode===Wo.INVALID_GRANT_ERROR&&o.subError===Wo.CLIENT_MISMATCH_ERROR;if(i\|\|s)return f(this.acquireTokenWithCachedRefreshToken.bind(this),l.RefreshTokenClientAcquireTokenWithCachedRefreshToken,this.logger,this.performanceClient,e.correlationId)(e,!1);throw o}return f(this.acquireTokenWithCachedRefreshToken.bind(this),l.RefreshTokenClientAcquireTokenWithCachedRefreshToken,this.logger,this.performanceClient,e.correlationId)(e,!1)}async acquireTokenWithCachedRefreshToken(e,t){var i,s,a;(i=this.performanceClient)==null\|\|i.addQueueMeasurement(l.RefreshTokenClientAcquireTokenWithCachedRefreshToken,e.correlationId);const n=ae(this.cacheManager.getRefreshToken.bind(this.cacheManager),l.CacheManagerGetRefreshToken,this.logger,this.performanceClient,e.correlationId)(e.account,t,void 0,this.performanceClient,e.correlationId);if(!n)throw Nn(Bt);if(n.expiresOn&&Ut(n.expiresOn,e.refreshTokenExpirationOffsetSeconds\|\|jc))throw(s=this.performanceClient)==null\|\|s.addFields({rtExpiresOnMs:Number(n.expiresOn)},e.correlationId),Nn(mo);const o={...e,refreshToken:n.secret,authenticationScheme:e.authenticationScheme\|\|k.BEARER,ccsCredential:{credential:e.account.homeAccountId,type:re.HOME_ACCOUNT_ID}};try{return await f(this.acquireToken.bind(this),l.RefreshTokenClientAcquireToken,this.logger,this.performanceClient,e.correlationId)(o)}catch(c){if(c instanceof ne&&((a=this.performanceClient)==null\|\|a.addFields({rtExpiresOnMs:Number(n.expiresOn)},e.correlationId),c.subError===ln)){this.logger.verbose("acquireTokenWithRefreshToken: bad refresh token, removing from cache");const d=rt(n);this.cacheManager.removeRefreshToken(d)}throw c}}async executeTokenRequest(e,t){var c;(c=this.performanceClient)==null\|\|c.addQueueMeasurement(l.RefreshTokenClientExecuteTokenRequest,e.correlationId);const n=this.createTokenQueryParameters(e),o=S.appendQueryString(t.tokenEndpoint,n),i=await f(this.createTokenRequestBody.bind(this),l.RefreshTokenClientCreateTokenRequestBody,this.logger,this.performanceClient,e.correlationId)(e),s=this.createTokenRequestHeaders(e.ccsCredential),a=an(this.config.authOptions.clientId,e);return f(this.executePostToTokenEndpoint.bind(this),l.RefreshTokenClientExecutePostToTokenEndpoint,this.logger,this.performanceClient,e.correlationId)(o,i,s,a,e.correlationId,l.RefreshTokenClientExecutePostToTokenEndpoint)}async createTokenRequestBody(e){var n,o,i;(n=this.performanceClient)==null\|\|n.addQueueMeasurement(l.RefreshTokenClientCreateTokenRequestBody,e.correlationId);const t=new Map;if(so(t,e.embeddedClientId\|\|((o=e.tokenBodyParameters)==null?void 0:o[He])\|\|this.config.authOptions.clientId),e.redirectUri&&ao(t,e.redirectUri),io(t,e.scopes,!0,(i=this.config.authOptions.authority.options.OIDCOptions)==null?void 0:i.defaultScopes),Si(t,kr.REFRESH_TOKEN_GRANT),go(t),ho(t,this.config.libraryInfo),uo(t,this.config.telemetry.application),Oi(t),this.serverTelemetryManager&&!mi(this.config)&&bi(t,this.serverTelemetryManager),Nc(t,e.refreshToken),this.config.clientCredentials.clientSecret&&Ei(t,this.config.clientCredentials.clientSecret),this.config.clientCredentials.clientAssertion){const s=this.config.clientCredentials.clientAssertion;wi(t,await Hi(s.assertion,this.config.authOptions.clientId,e.resourceRequestUri)),vi(t,s.assertionType)}if(e.authenticationScheme===k.POP){const s=new Ye(this.cryptoUtils,this.performanceClient);let a;e.popKid?a=this.cryptoUtils.encodeKid(e.popKid):a=(await f(s.generateCnf.bind(s),l.PopTokenGenerateCnf,this.logger,this.performanceClient,e.correlationId)(e,this.logger)).reqCnfString,fo(t,a)}else if(e.authenticationScheme===k.SSH)if(e.sshJwk)Ri(t,e.sshJwk);else throw b(tn);if((!ie.isEmptyObj(e.claims)\|\|this.config.authOptions.clientCapabilities&&this.config.authOptions.clientCapabilities.length>0)&&co(t,e.claims,this.config.authOptions.clientCapabilities),this.config.systemOptions.preventCorsPreflight&&e.ccsCredential)switch(e.ccsCredential.type){case re.HOME_ACCOUNT_ID:try{const s=$e(e.ccsCredential.credential);it(t,s)}catch(s){this.logger.verbose("Could not parse home account ID for CCS Header: "+s)}break;case re.UPN:Kt(t,e.ccsCredential.credential);break}return e.embeddedClientId&&rn(t,this.config.authOptions.clientId,this.config.authOptions.redirectUri),e.tokenBodyParameters&&Le(t,e.tokenBodyParameters),on(t,e.correlationId,this.performanceClient),dt(t)}}/! @azure/msal-common v15.4.0 2025-03-25 /class Jc extends po{constructor(e,t){super(e,t)}async acquireCachedToken(e){var c;(c=this.performanceClient)==null\|\|c.addQueueMeasurement(l.SilentFlowClientAcquireCachedToken,e.correlationId);let t=Me.NOT_APPLICABLE;if(e.forceRefresh\|\|!this.config.cacheOptions.claimsBasedCachingEnabled&&!ie.isEmptyObj(e.claims))throw this.setCacheOutcome(Me.FORCE_REFRESH_OR_CLAIMS,e.correlationId),p(_e);if(!e.account)throw p(Yn);const n=e.account.tenantId\|\|Kc(e.authority),o=this.cacheManager.getTokenKeys(),i=this.cacheManager.getAccessToken(e.account,e,o,n,this.performanceClient,e.correlationId);if(i){if(Yr(i.cachedAt)\|\|Ut(i.expiresOn,this.config.systemOptions.tokenRenewalOffsetSeconds))throw this.setCacheOutcome(Me.CACHED_ACCESS_TOKEN_EXPIRED,e.correlationId),p(_e);i.refreshOn&&Ut(i.refreshOn,0)&&(t=Me.PROACTIVELY_REFRESHED)}else throw this.setCacheOutcome(Me.NO_CACHED_ACCESS_TOKEN,e.correlationId),p(_e);const s=e.authority\|\|this.authority.getPreferredCache(),a={account:this.cacheManager.readAccountFromCache(e.account),accessToken:i,idToken:this.cacheManager.getIdToken(e.account,o,n,this.performanceClient,e.correlationId),refreshToken:null,appMetadata:this.cacheManager.readAppMetadataFromCache(s)};return this.setCacheOutcome(t,e.correlationId),this.config.serverTelemetryManager&&this.config.serverTelemetryManager.incrementCacheHits(),[await f(this.generateResultFromCacheRecord.bind(this),l.SilentFlowClientGenerateResultFromCacheRecord,this.logger,this.performanceClient,e.correlationId)(a,e),t]}setCacheOutcome(e,t){var n,o;(n=this.serverTelemetryManager)==null\|\|n.setCacheOutcome(e),(o=this.performanceClient)==null\|\|o.addFields({cacheOutcome:e},t),e!==Me.NOT_APPLICABLE&&this.logger.info(`Token refresh is required due to cache outcome: ${e}`)}async generateResultFromCacheRecord(e,t){var o;(o=this.performanceClient)==null\|\|o.addQueueMeasurement(l.SilentFlowClientGenerateResultFromCacheRecord,t.correlationId);let n;if(e.idToken&&(n=be(e.idToken.secret,this.config.cryptoInterface.base64Decode)),t.maxAge\|\|t.maxAge===0){const i=n==null?void 0:n.auth_time;if(!i)throw p(Qn);Qr(i,t.maxAge)}return De.generateAuthenticationResult(this.cryptoUtils,this.authority,e,!0,t,n)}}/! @azure/msal-common v15.4.0 2025-03-25 /const Xc={sendGetRequestAsync:()=>Promise.reject(p(v)),sendPostRequestAsync:()=>Promise.reject(p(v))};/! @azure/msal-common v15.4.0 2025-03-25 /function Zc(r,e,t,n){var a,c;const o=e.correlationId,i=new Map;so(i,e.embeddedClientId\|\|((a=e.extraQueryParameters)==null?void 0:a[He])\|\|r.clientId);const s=[...e.scopes\|\|[],...e.extraScopesToConsent\|\|[]];if(io(i,s,!0,(c=r.authority.options.OIDCOptions)==null?void 0:c.defaultScopes),ao(i,e.redirectUri),lo(i,o),wc(i,e.responseMode),go(i),e.prompt&&(Rc(i,e.prompt),n==null\|\|n.addFields({prompt:e.prompt},o)),e.domainHint&&(_c(i,e.domainHint),n==null\|\|n.addFields({domainHintFromRequest:!0},o)),e.prompt!==K.SELECT_ACCOUNT)if(e.sid&&e.prompt===K.NONE)t.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from request"),sr(i,e.sid),n==null\|\|n.addFields({sidFromRequest:!0},o);else if(e.account){const d=nl(e.account);let h=ol(e.account);if(h&&e.domainHint&&(t.warning('AuthorizationCodeClient.createAuthCodeUrlQueryString: "domainHint" param is set, skipping opaque "login_hint" claim. Please consider not passing domainHint'),h=null),h){t.verbose("createAuthCodeUrlQueryString: login_hint claim present on account"),St(i,h),n==null\|\|n.addFields({loginHintFromClaim:!0},o);try{const u=$e(e.account.homeAccountId);it(i,u)}catch{t.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header")}}else if(d&&e.prompt===K.NONE){t.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from account"),sr(i,d),n==null\|\|n.addFields({sidFromClaim:!0},o);try{const u=$e(e.account.homeAccountId);it(i,u)}catch{t.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header")}}else if(e.loginHint)t.verbose("createAuthCodeUrlQueryString: Adding login_hint from request"),St(i,e.loginHint),Kt(i,e.loginHint),n==null\|\|n.addFields({loginHintFromRequest:!0},o);else if(e.account.username){t.verbose("createAuthCodeUrlQueryString: Adding login_hint from account"),St(i,e.account.username),n==null\|\|n.addFields({loginHintFromUpn:!0},o);try{const u=$e(e.account.homeAccountId);it(i,u)}catch{t.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header")}}}else e.loginHint&&(t.verbose("createAuthCodeUrlQueryString: No account, adding login_hint from request"),St(i,e.loginHint),Kt(i,e.loginHint),n==null\|\|n.addFields({loginHintFromRequest:!0},o));else t.verbose("createAuthCodeUrlQueryString: Prompt is select_account, ignoring account hints");return e.nonce&&bc(i,e.nonce),e.state&&Ii(i,e.state),(e.claims\|\|r.clientCapabilities&&r.clientCapabilities.length>0)&&co(i,e.claims,r.clientCapabilities),e.embeddedClientId&&rn(i,r.clientId,r.redirectUri),r.instanceAware&&(!e.extraQueryParameters\|\|!Object.keys(e.extraQueryParameters).includes(Pn))&&ki(i),i}function xi(r,e){const t=dt(e);return S.appendQueryString(r.authorizationEndpoint,t)}function el(r,e){if(Fi(r,e),!r.code)throw p(Br);return r}function Fi(r,e){if(!r.state\|\|!e)throw r.state?p(Sn,"Cached State"):p(Sn,"Server State");let t,n;try{t=decodeURIComponent(r.state)}catch{throw p(Qe,r.state)}try{n=decodeURIComponent(e)}catch{throw p(Qe,r.state)}if(t!==n)throw p(Nr);if(r.error\|\|r.error_description\|\|r.suberror){const o=tl(r);throw Li(r.error,r.error_description,r.suberror)?new ne(r.error\|\|"",r.error_description,r.suberror,r.timestamp\|\|"",r.trace_id\|\|"",r.correlation_id\|\|"",r.claims\|\|"",o):new Ne(r.error\|\|"",r.error_description,r.suberror,o)}}function tl(r){var n,o;const e="code=",t=(n=r.error_uri)==null?void 0:n.lastIndexOf(e);return t&&t>=0?(o=r.error_uri)==null?void 0:o.substring(t+e.length):void 0}function nl(r){var e;return((e=r.idTokenClaims)==null?void 0:e.sid)\|\|null}function ol(r){var e;return((e=r.idTokenClaims)==null?void 0:e.login_hint)\|\|null}/! @azure/msal-common v15.4.0 2025-03-25 /const lr=",",Ki="\|";function rl(r){const{skus:e,libraryName:t,libraryVersion:n,extensionName:o,extensionVersion:i}=r,s=new Map([[0,[t,n]],[2,[o,i]]]);let a=[];if(e!=null&&e.length){if(a=e.split(lr),a.length<4)return e}else a=Array.from({length:4},()=>Ki);return s.forEach((c,d)=>{var h,u;c.length===2&&((h=c[0])!=null&&h.length)&&((u=c[1])!=null&&u.length)&&il({skuArr:a,index:d,skuName:c[0],skuVersion:c[1]})}),a.join(lr)}function il(r){const{skuArr:e,index:t,skuName:n,skuVersion:o}=r;t>=e.length\|\|(e[t]=[n,o].join(Ki))}class ht{constructor(e,t){this.cacheOutcome=Me.NOT_APPLICABLE,this.cacheManager=t,this.apiId=e.apiId,this.correlationId=e.correlationId,this.wrapperSKU=e.wrapperSKU\|\|g.EMPTY_STRING,this.wrapperVer=e.wrapperVer\|\|g.EMPTY_STRING,this.telemetryCacheKey=F.CACHE_KEY+z.CACHE_KEY_SEPARATOR+e.clientId}generateCurrentRequestHeaderValue(){const e=`${this.apiId}${F.VALUE_SEPARATOR}${this.cacheOutcome}`,t=[this.wrapperSKU,this.wrapperVer],n=this.getNativeBrokerErrorCode();n!=null&&n.length&&t.push(`broker_error=${n}`);const o=t.join(F.VALUE_SEPARATOR),i=this.getRegionDiscoveryFields(),s=[e,i].join(F.VALUE_SEPARATOR);return[F.SCHEMA_VERSION,s,o].join(F.CATEGORY_SEPARATOR)}generateLastRequestHeaderValue(){const e=this.getLastRequests(),t=ht.maxErrorsToSend(e),n=e.failedRequests.slice(0,2t).join(F.VALUE_SEPARATOR),o=e.errors.slice(0,t).join(F.VALUE_SEPARATOR),i=e.errors.length,s=t<i?F.OVERFLOW_TRUE:F.OVERFLOW_FALSE,a=[i,s].join(F.VALUE_SEPARATOR);return[F.SCHEMA_VERSION,e.cacheHits,n,o,a].join(F.CATEGORY_SEPARATOR)}cacheFailedRequest(e){const t=this.getLastRequests();t.errors.length>=F.MAX_CACHED_ERRORS&&(t.failedRequests.shift(),t.failedRequests.shift(),t.errors.shift()),t.failedRequests.push(this.apiId,this.correlationId),e instanceof Error&&e&&e.toString()?e instanceof _?e.subError?t.errors.push(e.subError):e.errorCode?t.errors.push(e.errorCode):t.errors.push(e.toString()):t.errors.push(e.toString()):t.errors.push(F.UNKNOWN_ERROR),this.cacheManager.setServerTelemetry(this.telemetryCacheKey,t)}incrementCacheHits(){const e=this.getLastRequests();return e.cacheHits+=1,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,e),e.cacheHits}getLastRequests(){const e={failedRequests:[],errors:[],cacheHits:0};return this.cacheManager.getServerTelemetry(this.telemetryCacheKey)\|\|e}clearTelemetryCache(){const e=this.getLastRequests(),t=ht.maxErrorsToSend(e),n=e.errors.length;if(t===n)this.cacheManager.removeItem(this.telemetryCacheKey);else{const o={failedRequests:e.failedRequests.slice(t2),errors:e.errors.slice(t),cacheHits:0};this.cacheManager.setServerTelemetry(this.telemetryCacheKey,o)}}static maxErrorsToSend(e){let t,n=0,o=0;const i=e.errors.length;for(t=0;t<i;t++){const s=e.failedRequests[2t]\|\|g.EMPTY_STRING,a=e.failedRequests[2t+1]\|\|g.EMPTY_STRING,c=e.errors[t]\|\|g.EMPTY_STRING;if(o+=s.toString().length+a.toString().length+c.length+3,o<F.MAX_LAST_HEADER_BYTES)n+=1;else break}return n}getRegionDiscoveryFields(){const e=[];return e.push(this.regionUsed\|\|g.EMPTY_STRING),e.push(this.regionSource\|\|g.EMPTY_STRING),e.push(this.regionOutcome\|\|g.EMPTY_STRING),e.join(",")}updateRegionDiscoveryMetadata(e){this.regionUsed=e.region_used,this.regionSource=e.region_source,this.regionOutcome=e.region_outcome}setCacheOutcome(e){this.cacheOutcome=e}setNativeBrokerErrorCode(e){const t=this.getLastRequests();t.nativeBrokerErrorCode=e,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,t)}getNativeBrokerErrorCode(){return this.getLastRequests().nativeBrokerErrorCode}clearNativeBrokerErrorCode(){const e=this.getLastRequests();delete e.nativeBrokerErrorCode,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,e)}static makeExtraSkuString(e){return rl(e)}}/! @azure/msal-common v15.4.0 2025-03-25 /const Bi="missing_kid_error",Gi="missing_alg_error";/! @azure/msal-common v15.4.0 2025-03-25 /const sl={[Bi]:"The JOSE Header for the requested JWT, JWS or JWK object requires a keyId to be configured as the 'kid' header claim. No 'kid' value was provided.",[Gi]:"The JOSE Header for the requested JWT, JWS or JWK object requires an algorithm to be specified as the 'alg' header claim. No 'alg' value was provided."};class yo extends _{constructor(e,t){super(e,t),this.name="JoseHeaderError",Object.setPrototypeOf(this,yo.prototype)}}function dr(r){return new yo(r,sl[r])}/! @azure/msal-common v15.4.0 2025-03-25 /class To{constructor(e){this.typ=e.typ,this.alg=e.alg,this.kid=e.kid}static getShrHeaderString(e){if(!e.kid)throw dr(Bi);if(!e.alg)throw dr(Gi);const t=new To({typ:e.typ\|\|Zs.Pop,kid:e.kid,alg:e.alg});return JSON.stringify(t)}}/! @azure/msal-common v15.4.0 2025-03-25 /class hr{startMeasurement(){}endMeasurement(){}flushMeasurement(){return null}}class al{generateId(){return"callback-id"}startMeasurement(e,t){return{end:()=>null,discard:()=>{},add:()=>{},increment:()=>{},event:{eventId:this.generateId(),status:Fc.InProgress,authority:"",libraryName:"",libraryVersion:"",clientId:"",name:e,startTimeMs:Date.now(),correlationId:t\|\|""},measurement:new hr}}startPerformanceMeasurement(){return new hr}calculateQueuedTime(){return 0}addQueueMeasurement(){}setPreQueueTime(){}endMeasurement(){return null}discardMeasurements(){}removePerformanceCallback(){return!0}addPerformanceCallback(){return""}emitEvents(){}addFields(){}incrementFields(){}cacheEventByCorrelationId(){}}/! @azure/msal-browser v4.9.0 2025-03-25 /const Ao="pkce_not_created",Io="ear_jwk_empty",zi="ear_jwe_empty",Mn="crypto_nonexistent",dn="empty_navigate_uri",qi="hash_empty_error",Eo="no_state_in_hash",$i="hash_does_not_contain_known_properties",Vi="unable_to_parse_state",Qi="state_interaction_type_mismatch",Yi="interaction_in_progress",ji="popup_window_error",Wi="empty_window_error",ut="user_cancelled",cl="monitor_popup_timeout",Ji="monitor_window_timeout",Xi="redirect_in_iframe",Zi="block_iframe_reload",es="block_nested_popups",ll="iframe_closed_prematurely",hn="silent_logout_unsupported",ts="no_account_error",dl="silent_prompt_value_error",ns="no_token_request_cache_error",os="unable_to_parse_token_request_cache_error",hl="auth_request_not_set_error",ul="invalid_cache_type",un="non_browser_environment",Be="database_not_open",Gt="no_network_connectivity",rs="post_request_failed",is="get_request_failed",Un="failed_to_parse_response",ss="unable_to_load_token",wo="crypto_key_not_found",as="auth_code_required",cs="auth_code_or_nativeAccountId_required",ls="spa_code_and_nativeAccountId_present",vo="database_unavailable",ds="unable_to_acquire_token_from_native_platform",hs="native_handshake_timeout",us="native_extension_not_installed",So="native_connection_not_established",zt="uninitialized_public_client_application",gs="native_prompt_not_supported",fs="invalid_base64_string",ps="invalid_pop_token_request",ms="failed_to_build_headers",Cs="failed_to_parse_headers",bt="failed_to_decrypt_ear_response";/! @azure/msal-browser v4.9.0 2025-03-25 /const ge="For more visit: aka.ms/msaljs/browser-errors",gl={[Ao]:"The PKCE code challenge and verifier could not be generated.",[Io]:"No EAR encryption key provided. This is unexpected.",[zi]:"Server response does not contain ear_jwe property. This is unexpected.",[Mn]:"The crypto object or function is not available.",[dn]:"Navigation URI is empty. Please check stack trace for more info.",[qi]:`Hash value cannot be processed because it is empty. Please verify that your redirectUri is not clearing the hash. ${ge}`,[Eo]:"Hash does not contain state. Please verify that the request originated from msal.",[$i]:`Hash does not contain known properites. Please verify that your redirectUri is not changing the hash. ${ge}`,[Vi]:"Unable to parse state. Please verify that the request originated from msal.",[Qi]:"Hash contains state but the interaction type does not match the caller.",[Yi]:`Interaction is currently in progress. Please ensure that this interaction has been completed before calling an interactive API. ${ge}`,[ji]:"Error opening popup window. This can happen if you are using IE or if popups are blocked in the browser.",[Wi]:"window.open returned null or undefined window object.",[ut]:"User cancelled the flow.",[cl]:`Token acquisition in popup failed due to timeout. ${ge}`,[Ji]:`Token acquisition in iframe failed due to timeout. ${ge}`,[Xi]:"Redirects are not supported for iframed or brokered applications. Please ensure you are using MSAL.js in a top frame of the window if using the redirect APIs, or use the popup APIs.",[Zi]:`Request was blocked inside an iframe because MSAL detected an authentication response. ${ge}`,[es]:"Request was blocked inside a popup because MSAL detected it was running in a popup.",[ll]:"The iframe being monitored was closed prematurely.",[hn]:"Silent logout not supported. Please call logoutRedirect or logoutPopup instead.",[ts]:"No account object provided to acquireTokenSilent and no active account has been set. Please call setActiveAccount or provide an account on the request.",[dl]:"The value given for the prompt value is not valid for silent requests - must be set to 'none' or 'no_session'.",[ns]:"No token request found in cache.",[os]:"The cached token request could not be parsed.",[hl]:"Auth Request not set. Please ensure initiateAuthRequest was called from the InteractionHandler",[ul]:"Invalid cache type",[un]:"Login and token requests are not supported in non-browser environments.",[Be]:"Database is not open!",[Gt]:"No network connectivity. Check your internet connection.",[rs]:"Network request failed: If the browser threw a CORS error, check that the redirectUri is registered in the Azure App Portal as type 'SPA'",[is]:"Network request failed. Please check the network trace to determine root cause.",[Un]:"Failed to parse network response. Check network trace.",[ss]:"Error loading token to cache.",[wo]:"Cryptographic Key or Keypair not found in browser storage.",[as]:"An authorization code must be provided (as the `code` property on the request) to this flow.",[cs]:"An authorization code or nativeAccountId must be provided to this flow.",[ls]:"Request cannot contain both spa code and native account id.",[vo]:"IndexedDB, which is required for persistent cryptographic key storage, is unavailable. This may be caused by browser privacy features which block persistent storage in third-party contexts.",[ds]:`Unable to acquire token from native platform. ${ge}`,[hs]:"Timed out while attempting to establish connection to browser extension",[us]:"Native extension is not installed. If you think this is a mistake call the initialize function.",[So]:`Connection to native platform has not been established. Please install a compatible browser extension and run initialize(). ${ge}`,[zt]:`You must call and await the initialize function before attempting to call any other MSAL API. ${ge}`,[gs]:"The provided prompt is not supported by the native platform. This request should be routed to the web based flow.",[fs]:"Invalid base64 encoded string.",[ps]:"Invalid PoP token request. The request should not have both a popKid value and signPopToken set to true.",[ms]:"Failed to build request headers object.",[Cs]:"Failed to parse response headers",[bt]:"Failed to decrypt ear response"};class mt extends _{constructor(e,t){super(e,gl[e],t),Object.setPrototypeOf(this,mt.prototype),this.name="BrowserAuthError"}}function C(r,e){return new mt(r,e)}/! @azure/msal-browser v4.9.0 2025-03-25 /const Q={INVALID_GRANT_ERROR:"invalid_grant",POPUP_WIDTH:483,POPUP_HEIGHT:600,POPUP_NAME_PREFIX:"msal",DEFAULT_POLL_INTERVAL_MS:30,MSAL_SKU:"msal.js.browser"},ze={CHANNEL_ID:"53ee284d-920a-4b59-9d30-a60315b26836",PREFERRED_EXTENSION_ID:"ppnbnpeolgkicgegkbkbjmhlideopiji",MATS_TELEMETRY:"MATS"},Ue={HandshakeRequest:"Handshake",HandshakeResponse:"HandshakeResponse",GetToken:"GetToken",Response:"Response"},B={LocalStorage:"localStorage",SessionStorage:"sessionStorage",MemoryStorage:"memoryStorage"},ur={GET:"GET",POST:"POST"},U={ORIGIN_URI:"request.origin",URL_HASH:"urlHash",REQUEST_PARAMS:"request.params",VERIFIER:"code.verifier",INTERACTION_STATUS_KEY:"interaction.status",NATIVE_REQUEST:"request.native"},Se={ACCOUNT_KEYS:"msal.account.keys",TOKEN_KEYS:"msal.token.keys"},kt={WRAPPER_SKU:"wrapper.sku",WRAPPER_VER:"wrapper.version"},O={acquireTokenRedirect:861,acquireTokenPopup:862,ssoSilent:863,acquireTokenSilent_authCode:864,handleRedirectPromise:865,acquireTokenByCode:866,acquireTokenSilent_silentFlow:61,logout:961,logoutPopup:962};var T;(function(r){r.Redirect="redirect",r.Popup="popup",r.Silent="silent",r.None="none"})(T\|\|(T={}));const Ln={scopes:Fe},ys="jwk",Hn="msal.db",fl=1,pl=`${Hn}.keys`,H={Default:0,AccessToken:1,AccessTokenAndRefreshToken:2,RefreshToken:3,RefreshTokenAndNetwork:4,Skip:5},ml=[H.Default,H.Skip,H.RefreshTokenAndNetwork],Cl="msal.browser.log.level",yl="msal.browser.log.pii";/! @azure/msal-browser v4.9.0 2025-03-25 /function _t(r){return encodeURIComponent(gt(r).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_"))}function Oe(r){return Ts(r).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")}function gt(r){return Ts(new TextEncoder().encode(r))}function Ts(r){const e=Array.from(r,t=>String.fromCodePoint(t)).join("");return btoa(e)}/! @azure/msal-browser v4.9.0 2025-03-25 /function se(r){return new TextDecoder().decode(Re(r))}function Re(r){let e=r.replace(/-/g,"+").replace(/_/g,"/");switch(e.length%4){case 0:break;case 2:e+="==";break;case 3:e+="=";break;default:throw C(fs)}const t=atob(e);return Uint8Array.from(t,n=>n.codePointAt(0)\|\|0)}/! @azure/msal-browser v4.9.0 2025-03-25 /const Tl="RSASSA-PKCS1-v1_5",Je="AES-GCM",As="HKDF",ko="SHA-256",Al=2048,Il=new Uint8Array([1,0,1]),gr="0123456789abcdef",fr=new Uint32Array(1),_o="raw",Is="encrypt",Ro="decrypt",El="deriveKey",wl="crypto_subtle_undefined",bo={name:Tl,hash:ko,modulusLength:Al,publicExponent:Il};function vl(r){if(!window)throw C(un);if(!window.crypto)throw C(Mn);if(!r&&!window.crypto.subtle)throw C(Mn,wl)}async function Es(r,e,t){e==null\|\|e.addQueueMeasurement(l.Sha256Digest,t);const o=new TextEncoder().encode(r);return window.crypto.subtle.digest(ko,o)}function Sl(r){return window.crypto.getRandomValues(r)}function In(){return window.crypto.getRandomValues(fr),fr[0]}function Z(){const r=Date.now(),e=In()1024+(In()&1023),t=new Uint8Array(16),n=Math.trunc(e/230),o=e&230-1,i=In();t[0]=r/240,t[1]=r/232,t[2]=r/224,t[3]=r/216,t[4]=r/28,t[5]=r,t[6]=112\|n>>>8,t[7]=n,t[8]=128\|o>>>24,t[9]=o>>>16,t[10]=o>>>8,t[11]=o,t[12]=i>>>24,t[13]=i>>>16,t[14]=i>>>8,t[15]=i;let s="";for(let a=0;a<t.length;a++)s+=gr.charAt(t[a]>>>4),s+=gr.charAt(t[a]&15),(a===3\|\|a===5\|\|a===7\|\|a===9)&&(s+="-");return s}async function kl(r,e){return window.crypto.subtle.generateKey(bo,r,e)}async function En(r){return window.crypto.subtle.exportKey(ys,r)}async function _l(r,e,t){return window.crypto.subtle.importKey(ys,r,bo,e,t)}async function Rl(r,e){return window.crypto.subtle.sign(bo,r,e)}async function Oo(){const r=await ws(),t={alg:"dir",kty:"oct",k:Oe(new Uint8Array(r))};return gt(JSON.stringify(t))}async function bl(r){const e=se(r),n=JSON.parse(e).k,o=Re(n);return window.crypto.subtle.importKey(_o,o,Je,!1,[Ro])}async function Ol(r,e){const t=e.split(".");if(t.length!==5)throw C(bt,"jwe_length");const n=await bl(r).catch(()=>{throw C(bt,"import_key")});try{const o=new TextEncoder().encode(t[0]),i=Re(t[2]),s=Re(t[3]),a=Re(t[4]),c=a.byteLength8,d=new Uint8Array(s.length+a.length);d.set(s),d.set(a,s.length);const h=await window.crypto.subtle.decrypt({name:Je,iv:i,tagLength:c,additionalData:o},n,d);return new TextDecoder().decode(h)}catch{throw C(bt,"decrypt")}}async function ws(){const r=await window.crypto.subtle.generateKey({name:Je,length:256},!0,[Is,Ro]);return window.crypto.subtle.exportKey(_o,r)}async function pr(r){return window.crypto.subtle.importKey(_o,r,As,!1,[El])}async function vs(r,e,t){return window.crypto.subtle.deriveKey({name:As,salt:e,hash:ko,info:new TextEncoder().encode(t)},r,{name:Je,length:256},!1,[Is,Ro])}async function Pl(r,e,t){const n=new TextEncoder().encode(e),o=window.crypto.getRandomValues(new Uint8Array(16)),i=await vs(r,o,t),s=await window.crypto.subtle.encrypt({name:Je,iv:new Uint8Array(12)},i,n);return{data:Oe(new Uint8Array(s)),nonce:Oe(o)}}async function Nl(r,e,t,n){const o=Re(n),i=await vs(r,Re(e),t),s=await window.crypto.subtle.decrypt({name:Je,iv:new Uint8Array(12)},i,o);return new TextDecoder().decode(s)}async function Ss(r){const e=await Es(r),t=new Uint8Array(e);return Oe(t)}/! @azure/msal-browser v4.9.0 2025-03-25 /const Po="storage_not_supported",Ml="stubbed_public_client_application_called",ks="in_mem_redirect_unavailable";/! @azure/msal-browser v4.9.0 2025-03-25 /const Ul={[Po]:"Given storage configuration option was not supported.",[Ml]:"Stub instance of Public Client Application was called. If using msal-react, please ensure context is not used without a provider. For more visit: aka.ms/msaljs/browser-errors",[ks]:"Redirect cannot be supported. In-memory storage was selected and storeAuthStateInCookie=false, which would cause the library to be unable to handle the incoming hash. If you would like to use the redirect API, please use session/localStorage or set storeAuthStateInCookie=true."};class No extends _{constructor(e,t){super(e,t),this.name="BrowserConfigurationAuthError",Object.setPrototypeOf(this,No.prototype)}}function Mo(r){return new No(r,Ul[r])}/! @azure/msal-browser v4.9.0 2025-03-25 /function Ll(r){r.location.hash="",typeof r.history.replaceState=="function"&&r.history.replaceState(null,"",`${r.location.origin}${r.location.pathname}${r.location.search}`)}function Hl(r){const e=r.split("#");e.shift(),window.location.hash=e.length>0?e.join("#"):""}function Uo(){return window.parent!==window}function Dl(){return typeof window<"u"&&!!window.opener&&window.opener!==window&&typeof window.name=="string"&&window.name.indexOf(`${Q.POPUP_NAME_PREFIX}.`)===0}function Ce(){return typeof window<"u"&&window.location?window.location.href.split("?")[0].split("#")[0]:""}function xl(){const e=new S(window.location.href).getUrlComponents();return`${e.Protocol}//${e.HostNameAndPort}/`}function Fl(){if(S.hashContainsKnownProperties(window.location.hash)&&Uo())throw C(Zi)}function Kl(r){if(Uo()&&!r)throw C(Xi)}function Bl(){if(Dl())throw C(es)}function _s(){if(typeof window>"u")throw C(un)}function Rs(r){if(!r)throw C(zt)}function Lo(r){_s(),Fl(),Bl(),Rs(r)}function mr(r,e){if(Lo(r),Kl(e.system.allowRedirectInIframe),e.cache.cacheLocation===B.MemoryStorage&&!e.cache.storeAuthStateInCookie)throw Mo(ks)}function bs(r){const e=document.createElement("link");e.rel="preconnect",e.href=new URL(r).origin,e.crossOrigin="anonymous",document.head.appendChild(e),window.setTimeout(()=>{try{document.head.removeChild(e)}catch{}},1e4)}function Gl(){return Z()}/! @azure/msal-browser v4.9.0 2025-03-25 /class qt{navigateInternal(e,t){return qt.defaultNavigateWindow(e,t)}navigateExternal(e,t){return qt.defaultNavigateWindow(e,t)}static defaultNavigateWindow(e,t){return t.noHistory?window.location.replace(e):window.location.assign(e),new Promise(n=>{setTimeout(()=>{n(!0)},t.timeout)})}}/! @azure/msal-browser v4.9.0 2025-03-25 /class zl{async sendGetRequestAsync(e,t){let n,o={},i=0;const s=Cr(t);try{n=await fetch(e,{method:ur.GET,headers:s})}catch{throw C(window.navigator.onLine?is:Gt)}o=yr(n.headers);try{return i=n.status,{headers:o,body:await n.json(),status:i}}catch{throw ar(C(Un),i,o)}}async sendPostRequestAsync(e,t){const n=t&&t.body\|\|"",o=Cr(t);let i,s=0,a={};try{i=await fetch(e,{method:ur.POST,headers:o,body:n})}catch{throw C(window.navigator.onLine?rs:Gt)}a=yr(i.headers);try{return s=i.status,{headers:a,body:await i.json(),status:s}}catch{throw ar(C(Un),s,a)}}}function Cr(r){try{const e=new Headers;if(!(r&&r.headers))return e;const t=r.headers;return Object.entries(t).forEach(([n,o])=>{e.append(n,o)}),e}catch{throw C(ms)}}function yr(r){try{const e={};return r.forEach((t,n)=>{e[n]=t}),e}catch{throw C(Cs)}}/! @azure/msal-browser v4.9.0 2025-03-25 /const ql=6e4,Dn=1e4,$l=3e4,Vl=2e3;function Ql({auth:r,cache:e,system:t,telemetry:n},o){const i={clientId:g.EMPTY_STRING,authority:`${g.DEFAULT_AUTHORITY}`,knownAuthorities:[],cloudDiscoveryMetadata:g.EMPTY_STRING,authorityMetadata:g.EMPTY_STRING,redirectUri:typeof window<"u"?Ce():"",postLogoutRedirectUri:g.EMPTY_STRING,navigateToLoginRequestUrl:!0,clientCapabilities:[],protocolMode:Y.AAD,OIDCOptions:{serverResponseType:Wt.FRAGMENT,defaultScopes:[g.OPENID_SCOPE,g.PROFILE_SCOPE,g.OFFLINE_ACCESS_SCOPE]},azureCloudOptions:{azureCloudInstance:Xn.None,tenant:g.EMPTY_STRING},skipAuthorityMetadataCache:!1,supportsNestedAppAuth:!1,instanceAware:!1},s={cacheLocation:B.SessionStorage,temporaryCacheLocation:B.SessionStorage,storeAuthStateInCookie:!1,secureCookies:!1,cacheMigrationEnabled:!!(e&&e.cacheLocation===B.LocalStorage),claimsBasedCachingEnabled:!1},a={loggerCallback:()=>{},logLevel:P.Info,piiLoggingEnabled:!1},d={...{...pi,loggerOptions:a,networkClient:o?new zl:Xc,navigationClient:new qt,loadFrameTimeout:0,windowHashTimeout:(t==null?void 0:t.loadFrameTimeout)\|\|ql,iframeHashTimeout:(t==null?void 0:t.loadFrameTimeout)\|\|Dn,navigateFrameWait:0,redirectNavigationTimeout:$l,asyncPopups:!1,allowRedirectInIframe:!1,allowPlatformBroker:!1,nativeBrokerHandshakeTimeout:(t==null?void 0:t.nativeBrokerHandshakeTimeout)\|\|Vl,pollIntervalMilliseconds:Q.DEFAULT_POLL_INTERVAL_MS},...t,loggerOptions:(t==null?void 0:t.loggerOptions)\|\|a},h={application:{appName:g.EMPTY_STRING,appVersion:g.EMPTY_STRING},client:new al};if((r==null?void 0:r.protocolMode)!==Y.OIDC&&(r!=null&&r.OIDCOptions)&&new Ae(d.loggerOptions).warning(JSON.stringify(b(ai))),r!=null&&r.protocolMode&&r.protocolMode===Y.OIDC&&(d!=null&&d.allowPlatformBroker))throw b(ci);const u={auth:{...i,...r,OIDCOptions:{...i.OIDCOptions,...r==null?void 0:r.OIDCOptions}},cache:{...s,...e},system:d,telemetry:{...h,...n}};return u.auth.protocolMode===Y.EAR&&(new Ae(d.loggerOptions).warning("EAR Protocol Mode is not yet supported. Overriding to use PKCE auth"),u.auth.protocolMode=Y.AAD),u}/! @azure/msal-browser v4.9.0 2025-03-25 /const Yl="@azure/msal-browser",Xe="4.9.0";/! @azure/msal-browser v4.9.0 2025-03-25 /class gn{static loggerCallback(e,t){switch(e){case P.Error:console.error(t);return;case P.Info:console.info(t);return;case P.Verbose:console.debug(t);return;case P.Warning:console.warn(t);return;default:console.log(t);return}}constructor(e){var c;this.browserEnvironment=typeof window<"u",this.config=Ql(e,this.browserEnvironment);let t;try{t=window[B.SessionStorage]}catch{}const n=t==null?void 0:t.getItem(Cl),o=(c=t==null?void 0:t.getItem(yl))==null?void 0:c.toLowerCase(),i=o==="true"?!0:o==="false"?!1:void 0,s={...this.config.system.loggerOptions},a=n&&Object.keys(P).includes(n)?P[n]:void 0;a&&(s.loggerCallback=gn.loggerCallback,s.logLevel=a),i!==void 0&&(s.piiLoggingEnabled=i),this.logger=new Ae(s,Yl,Xe),this.available=!1}getConfig(){return this.config}getLogger(){return this.logger}isAvailable(){return this.available}isBrowserEnvironment(){return this.browserEnvironment}}/! @azure/msal-browser v4.9.0 2025-03-25 /const fe={UserInteractionRequired:"USER_INTERACTION_REQUIRED",UserCancel:"USER_CANCEL",NoNetwork:"NO_NETWORK",TransientError:"TRANSIENT_ERROR",PersistentError:"PERSISTENT_ERROR",Disabled:"DISABLED",AccountUnavailable:"ACCOUNT_UNAVAILABLE",NestedAppAuthUnavailable:"NESTED_APP_AUTH_UNAVAILABLE"};/! @azure/msal-browser v4.9.0 2025-03-25 /class ${static async initializeNestedAppAuthBridge(){if(window===void 0)throw new Error("window is undefined");if(window.nestedAppAuthBridge===void 0)throw new Error("window.nestedAppAuthBridge is undefined");try{window.nestedAppAuthBridge.addEventListener("message",t=>{const n=typeof t=="string"?t:t.data,o=JSON.parse(n),i=$.bridgeRequests.find(s=>s.requestId===o.requestId);i!==void 0&&($.bridgeRequests.splice($.bridgeRequests.indexOf(i),1),o.success?i.resolve(o):i.reject(o.error))});const e=await new Promise((t,n)=>{const o=$.buildRequest("GetInitContext"),i={requestId:o.requestId,method:o.method,resolve:t,reject:n};$.bridgeRequests.push(i),window.nestedAppAuthBridge.postMessage(JSON.stringify(o))});return $.validateBridgeResultOrThrow(e.initContext)}catch(e){throw window.console.log(e),e}}getTokenInteractive(e){return this.getToken("GetTokenPopup",e)}getTokenSilent(e){return this.getToken("GetToken",e)}async getToken(e,t){const n=await this.sendRequest(e,{tokenParams:t});return{token:$.validateBridgeResultOrThrow(n.token),account:$.validateBridgeResultOrThrow(n.account)}}getHostCapabilities(){return this.capabilities??null}getAccountContext(){return this.accountContext?this.accountContext:null}static buildRequest(e,t){return{messageType:"NestedAppAuthRequest",method:e,requestId:Z(),sendTime:Date.now(),clientLibrary:Q.MSAL_SKU,clientLibraryVersion:Xe,...t}}sendRequest(e,t){const n=$.buildRequest(e,t);return new Promise((i,s)=>{const a={requestId:n.requestId,method:n.method,resolve:i,reject:s};$.bridgeRequests.push(a),window.nestedAppAuthBridge.postMessage(JSON.stringify(n))})}static validateBridgeResultOrThrow(e){if(e===void 0)throw{status:fe.NestedAppAuthUnavailable};return e}constructor(e,t,n,o){this.sdkName=e,this.sdkVersion=t,this.accountContext=n,this.capabilities=o}static async create(){const e=await $.initializeNestedAppAuthBridge();return new $(e.sdkName,e.sdkVersion,e.accountContext,e.capabilities)}}$.bridgeRequests=[];/! @azure/msal-browser v4.9.0 2025-03-25 /class je extends gn{constructor(){super(...arguments),this.bridgeProxy=void 0,this.accountContext=null}getModuleName(){return je.MODULE_NAME}getId(){return je.ID}getBridgeProxy(){return this.bridgeProxy}async initialize(){try{if(typeof window<"u"){typeof window.__initializeNestedAppAuth=="function"&&await window.__initializeNestedAppAuth();const e=await $.create();this.accountContext=e.getAccountContext(),this.bridgeProxy=e,this.available=e!==void 0}}catch(e){this.logger.infoPii(`Could not initialize Nested App Auth bridge (${e})`)}return this.logger.info(`Nested App Auth Bridge available: ${this.available}`),this.available}}je.MODULE_NAME="";je.ID="NestedAppOperatingContext";/! @azure/msal-browser v4.9.0 2025-03-25 /class xe extends gn{getModuleName(){return xe.MODULE_NAME}getId(){return xe.ID}async initialize(){return this.available=typeof window<"u",this.available}}xe.MODULE_NAME="";xe.ID="StandardOperatingContext";/! @azure/msal-browser v4.9.0 2025-03-25 /class jl{constructor(){this.dbName=Hn,this.version=fl,this.tableName=pl,this.dbOpen=!1}async open(){return new Promise((e,t)=>{const n=window.indexedDB.open(this.dbName,this.version);n.addEventListener("upgradeneeded",o=>{o.target.result.createObjectStore(this.tableName)}),n.addEventListener("success",o=>{const i=o;this.db=i.target.result,this.dbOpen=!0,e()}),n.addEventListener("error",()=>t(C(vo)))})}closeConnection(){const e=this.db;e&&this.dbOpen&&(e.close(),this.dbOpen=!1)}async validateDbIsOpen(){if(!this.dbOpen)return this.open()}async getItem(e){return await this.validateDbIsOpen(),new Promise((t,n)=>{if(!this.db)return n(C(Be));const s=this.db.transaction([this.tableName],"readonly").objectStore(this.tableName).get(e);s.addEventListener("success",a=>{const c=a;this.closeConnection(),t(c.target.result)}),s.addEventListener("error",a=>{this.closeConnection(),n(a)})})}async setItem(e,t){return await this.validateDbIsOpen(),new Promise((n,o)=>{if(!this.db)return o(C(Be));const a=this.db.transaction([this.tableName],"readwrite").objectStore(this.tableName).put(t,e);a.addEventListener("success",()=>{this.closeConnection(),n()}),a.addEventListener("error",c=>{this.closeConnection(),o(c)})})}async removeItem(e){return await this.validateDbIsOpen(),new Promise((t,n)=>{if(!this.db)return n(C(Be));const s=this.db.transaction([this.tableName],"readwrite").objectStore(this.tableName).delete(e);s.addEventListener("success",()=>{this.closeConnection(),t()}),s.addEventListener("error",a=>{this.closeConnection(),n(a)})})}async getKeys(){return await this.validateDbIsOpen(),new Promise((e,t)=>{if(!this.db)return t(C(Be));const i=this.db.transaction([this.tableName],"readonly").objectStore(this.tableName).getAllKeys();i.addEventListener("success",s=>{const a=s;this.closeConnection(),e(a.target.result)}),i.addEventListener("error",s=>{this.closeConnection(),t(s)})})}async containsKey(e){return await this.validateDbIsOpen(),new Promise((t,n)=>{if(!this.db)return n(C(Be));const s=this.db.transaction([this.tableName],"readonly").objectStore(this.tableName).count(e);s.addEventListener("success",a=>{const c=a;this.closeConnection(),t(c.target.result===1)}),s.addEventListener("error",a=>{this.closeConnection(),n(a)})})}async deleteDatabase(){return this.db&&this.dbOpen&&this.closeConnection(),new Promise((e,t)=>{const n=window.indexedDB.deleteDatabase(Hn),o=setTimeout(()=>t(!1),200);n.addEventListener("success",()=>(clearTimeout(o),e(!0))),n.addEventListener("blocked",()=>(clearTimeout(o),e(!0))),n.addEventListener("error",()=>(clearTimeout(o),t(!1)))})}}/! @azure/msal-browser v4.9.0 2025-03-25 /class fn{constructor(){this.cache=new Map}async initialize(){}getItem(e){return this.cache.get(e)\|\|null}getUserData(e){return this.getItem(e)}setItem(e,t){this.cache.set(e,t)}async setUserData(e,t){this.setItem(e,t)}removeItem(e){this.cache.delete(e)}getKeys(){const e=[];return this.cache.forEach((t,n)=>{e.push(n)}),e}containsKey(e){return this.cache.has(e)}clear(){this.cache.clear()}}/! @azure/msal-browser v4.9.0 2025-03-25 /class Wl{constructor(e){this.inMemoryCache=new fn,this.indexedDBCache=new jl,this.logger=e}handleDatabaseAccessError(e){if(e instanceof mt&&e.errorCode===vo)this.logger.error("Could not access persistent storage. This may be caused by browser privacy features which block persistent storage in third-party contexts.");else throw e}async getItem(e){const t=this.inMemoryCache.getItem(e);if(!t)try{return this.logger.verbose("Queried item not found in in-memory cache, now querying persistent storage."),await this.indexedDBCache.getItem(e)}catch(n){this.handleDatabaseAccessError(n)}return t}async setItem(e,t){this.inMemoryCache.setItem(e,t);try{await this.indexedDBCache.setItem(e,t)}catch(n){this.handleDatabaseAccessError(n)}}async removeItem(e){this.inMemoryCache.removeItem(e);try{await this.indexedDBCache.removeItem(e)}catch(t){this.handleDatabaseAccessError(t)}}async getKeys(){const e=this.inMemoryCache.getKeys();if(e.length===0)try{return this.logger.verbose("In-memory cache is empty, now querying persistent storage."),await this.indexedDBCache.getKeys()}catch(t){this.handleDatabaseAccessError(t)}return e}async containsKey(e){const t=this.inMemoryCache.containsKey(e);if(!t)try{return this.logger.verbose("Key not found in in-memory cache, now querying persistent storage."),await this.indexedDBCache.containsKey(e)}catch(n){this.handleDatabaseAccessError(n)}return t}clearInMemory(){this.logger.verbose("Deleting in-memory keystore"),this.inMemoryCache.clear(),this.logger.verbose("In-memory keystore deleted")}async clearPersistent(){try{this.logger.verbose("Deleting persistent keystore");const e=await this.indexedDBCache.deleteDatabase();return e&&this.logger.verbose("Persistent keystore deleted"),e}catch(e){return this.handleDatabaseAccessError(e),!1}}}/! @azure/msal-browser v4.9.0 2025-03-25 /class ue{constructor(e,t,n){this.logger=e,vl(n??!1),this.cache=new Wl(this.logger),this.performanceClient=t}createNewGuid(){return Z()}base64Encode(e){return gt(e)}base64Decode(e){return se(e)}base64UrlEncode(e){return _t(e)}encodeKid(e){return this.base64UrlEncode(JSON.stringify({kid:e}))}async getPublicKeyThumbprint(e){var h;const t=(h=this.performanceClient)==null?void 0:h.startMeasurement(l.CryptoOptsGetPublicKeyThumbprint,e.correlationId),n=await kl(ue.EXTRACTABLE,ue.POP_KEY_USAGES),o=await En(n.publicKey),i={e:o.e,kty:o.kty,n:o.n},s=Tr(i),a=await this.hashString(s),c=await En(n.privateKey),d=await _l(c,!1,["sign"]);return await this.cache.setItem(a,{privateKey:d,publicKey:n.publicKey,requestMethod:e.resourceRequestMethod,requestUri:e.resourceRequestUri}),t&&t.end({success:!0}),a}async removeTokenBindingKey(e){return await this.cache.removeItem(e),!await this.cache.containsKey(e)}async clearKeystore(){this.cache.clearInMemory();try{return await this.cache.clearPersistent(),!0}catch(e){return e instanceof Error?this.logger.error(`Clearing keystore failed with error: ${e.message}`):this.logger.error("Clearing keystore failed with unknown error"),!1}}async signJwt(e,t,n,o){var Ee;const i=(Ee=this.performanceClient)==null?void 0:Ee.startMeasurement(l.CryptoOptsSignJwt,o),s=await this.cache.getItem(t);if(!s)throw C(wo);const a=await En(s.publicKey),c=Tr(a),d=_t(JSON.stringify({kid:t})),h=To.getShrHeaderString({...n==null?void 0:n.header,alg:a.alg,kid:d}),u=_t(h);e.cnf={jwk:JSON.parse(c)};const m=_t(JSON.stringify(e)),A=`${u}.${m}`,w=new TextEncoder().encode(A),D=await Rl(s.privateKey,w),W=Oe(new Uint8Array(D)),ee=`${A}.${W}`;return i&&i.end({success:!0}),ee}async hashString(e){return Ss(e)}}ue.POP_KEY_USAGES=["sign","verify"];ue.EXTRACTABLE=!0;function Tr(r){return JSON.stringify(r,Object.keys(r).sort())}/! @azure/msal-browser v4.9.0 2025-03-25 /const Jl=2460601e3,xn={Lax:"Lax",None:"None"};class Os{initialize(){return Promise.resolve()}getItem(e){const t=`${encodeURIComponent(e)}`,n=document.cookie.split(";");for(let o=0;o<n.length;o++){const i=n[o],[s,...a]=decodeURIComponent(i).trim().split("="),c=a.join("=");if(s===t)return c}return""}getUserData(){throw p(v)}setItem(e,t,n,o=!0,i=xn.Lax){let s=`${encodeURIComponent(e)}=${encodeURIComponent(t)};path=/;SameSite=${i};`;if(n){const a=Xl(n);s+=`expires=${a};`}(o\|\|i===xn.None)&&(s+="Secure;"),document.cookie=s}async setUserData(){return Promise.reject(p(v))}removeItem(e){this.setItem(e,"",-1)}getKeys(){const e=document.cookie.split(";"),t=[];return e.forEach(n=>{const o=decodeURIComponent(n).trim().split("=");t.push(o[0])}),t}containsKey(e){return this.getKeys().includes(e)}}function Xl(r){const e=new Date;return new Date(e.getTime()+rJl).toUTCString()}/! @azure/msal-browser v4.9.0 2025-03-25 /function Fn(r){const e=r.getItem(Se.ACCOUNT_KEYS);return e?JSON.parse(e):[]}function Kn(r,e){const t=e.getItem(`${Se.TOKEN_KEYS}.${r}`);if(t){const n=JSON.parse(t);if(n&&n.hasOwnProperty("idToken")&&n.hasOwnProperty("accessToken")&&n.hasOwnProperty("refreshToken"))return n}return{idToken:[],accessToken:[],refreshToken:[]}}/! @azure/msal-browser v4.9.0 2025-03-25 /const Ar="msal.cache.encryption",Zl="msal.broadcast.cache";class ed{constructor(e,t,n){if(!window.localStorage)throw Mo(Po);this.memoryStorage=new fn,this.initialized=!1,this.clientId=e,this.logger=t,this.performanceClient=n,this.broadcast=new BroadcastChannel(Zl)}async initialize(e){this.initialized=!0;const t=new Os,n=t.getItem(Ar);let o={key:"",id:""};if(n)try{o=JSON.parse(n)}catch{}if(o.key&&o.id){const i=ae(Re,l.Base64Decode,this.logger,this.performanceClient,e)(o.key);this.encryptionCookie={id:o.id,key:await f(pr,l.GenerateHKDF,this.logger,this.performanceClient,e)(i)},await f(this.importExistingCache.bind(this),l.ImportExistingCache,this.logger,this.performanceClient,e)(e)}else{this.clear();const i=Z(),s=await f(ws,l.GenerateBaseKey,this.logger,this.performanceClient,e)(),a=ae(Oe,l.UrlEncodeArr,this.logger,this.performanceClient,e)(new Uint8Array(s));this.encryptionCookie={id:i,key:await f(pr,l.GenerateHKDF,this.logger,this.performanceClient,e)(s)};const c={id:i,key:a};t.setItem(Ar,JSON.stringify(c),0,!0,xn.None)}this.broadcast.addEventListener("message",this.updateCache.bind(this))}getItem(e){return window.localStorage.getItem(e)}getUserData(e){if(!this.initialized)throw C(zt);return this.memoryStorage.getItem(e)}setItem(e,t){window.localStorage.setItem(e,t)}async setUserData(e,t,n){if(!this.initialized\|\|!this.encryptionCookie)throw C(zt);const{data:o,nonce:i}=await f(Pl,l.Encrypt,this.logger,this.performanceClient,n)(this.encryptionCookie.key,t,this.getContext(e)),s={id:this.encryptionCookie.id,nonce:i,data:o};this.memoryStorage.setItem(e,t),this.setItem(e,JSON.stringify(s)),this.broadcast.postMessage({key:e,value:t,context:this.getContext(e)})}removeItem(e){this.memoryStorage.containsKey(e)&&(this.memoryStorage.removeItem(e),this.broadcast.postMessage({key:e,value:null,context:this.getContext(e)})),window.localStorage.removeItem(e)}getKeys(){return Object.keys(window.localStorage)}containsKey(e){return window.localStorage.hasOwnProperty(e)}clear(){this.memoryStorage.clear(),Fn(this).forEach(n=>this.removeItem(n));const t=Kn(this.clientId,this);t.idToken.forEach(n=>this.removeItem(n)),t.accessToken.forEach(n=>this.removeItem(n)),t.refreshToken.forEach(n=>this.removeItem(n)),this.getKeys().forEach(n=>{(n.startsWith(g.CACHE_PREFIX)\|\|n.indexOf(this.clientId)!==-1)&&this.removeItem(n)})}async importExistingCache(e){if(!this.encryptionCookie)return;let t=Fn(this);t=await this.importArray(t,e),this.setItem(Se.ACCOUNT_KEYS,JSON.stringify(t));const n=Kn(this.clientId,this);n.idToken=await this.importArray(n.idToken,e),n.accessToken=await this.importArray(n.accessToken,e),n.refreshToken=await this.importArray(n.refreshToken,e),this.setItem(`${Se.TOKEN_KEYS}.${this.clientId}`,JSON.stringify(n))}async getItemFromEncryptedCache(e,t){if(!this.encryptionCookie)return null;const n=this.getItem(e);if(!n)return null;let o;try{o=JSON.parse(n)}catch{return null}return!o.id\|\|!o.nonce\|\|!o.data?(this.performanceClient.incrementFields({unencryptedCacheCount:1},t),null):o.id!==this.encryptionCookie.id?(this.performanceClient.incrementFields({encryptedCacheExpiredCount:1},t),null):f(Nl,l.Decrypt,this.logger,this.performanceClient,t)(this.encryptionCookie.key,o.nonce,this.getContext(e),o.data)}async importArray(e,t){const n=[],o=[];return e.forEach(i=>{const s=this.getItemFromEncryptedCache(i,t).then(a=>{a?(this.memoryStorage.setItem(i,a),n.push(i)):this.removeItem(i)});o.push(s)}),await Promise.all(o),n}getContext(e){let t="";return e.includes(this.clientId)&&(t=this.clientId),t}updateCache(e){this.logger.trace("Updating internal cache from broadcast event");const t=this.performanceClient.startMeasurement(l.LocalStorageUpdated);t.add({isBackground:!0});const{key:n,value:o,context:i}=e.data;if(!n){this.logger.error("Broadcast event missing key"),t.end({success:!1,errorCode:"noKey"});return}if(i&&i!==this.clientId){this.logger.trace(`Ignoring broadcast event from clientId: ${i}`),t.end({success:!1,errorCode:"contextMismatch"});return}o?(this.memoryStorage.setItem(n,o),this.logger.verbose("Updated item in internal cache")):(this.memoryStorage.removeItem(n),this.logger.verbose("Removed item from internal cache")),t.end({success:!0})}}/! @azure/msal-browser v4.9.0 2025-03-25 /class td{constructor(){if(!window.sessionStorage)throw Mo(Po)}async initialize(){}getItem(e){return window.sessionStorage.getItem(e)}getUserData(e){return this.getItem(e)}setItem(e,t){window.sessionStorage.setItem(e,t)}async setUserData(e,t){this.setItem(e,t)}removeItem(e){window.sessionStorage.removeItem(e)}getKeys(){return Object.keys(window.sessionStorage)}containsKey(e){return window.sessionStorage.hasOwnProperty(e)}}/! @azure/msal-browser v4.9.0 2025-03-25 /const y={INITIALIZE_START:"msal:initializeStart",INITIALIZE_END:"msal:initializeEnd",ACCOUNT_ADDED:"msal:accountAdded",ACCOUNT_REMOVED:"msal:accountRemoved",ACTIVE_ACCOUNT_CHANGED:"msal:activeAccountChanged",LOGIN_START:"msal:loginStart",LOGIN_SUCCESS:"msal:loginSuccess",LOGIN_FAILURE:"msal:loginFailure",ACQUIRE_TOKEN_START:"msal:acquireTokenStart",ACQUIRE_TOKEN_SUCCESS:"msal:acquireTokenSuccess",ACQUIRE_TOKEN_FAILURE:"msal:acquireTokenFailure",ACQUIRE_TOKEN_NETWORK_START:"msal:acquireTokenFromNetworkStart",SSO_SILENT_START:"msal:ssoSilentStart",SSO_SILENT_SUCCESS:"msal:ssoSilentSuccess",SSO_SILENT_FAILURE:"msal:ssoSilentFailure",ACQUIRE_TOKEN_BY_CODE_START:"msal:acquireTokenByCodeStart",ACQUIRE_TOKEN_BY_CODE_SUCCESS:"msal:acquireTokenByCodeSuccess",ACQUIRE_TOKEN_BY_CODE_FAILURE:"msal:acquireTokenByCodeFailure",HANDLE_REDIRECT_START:"msal:handleRedirectStart",HANDLE_REDIRECT_END:"msal:handleRedirectEnd",POPUP_OPENED:"msal:popupOpened",LOGOUT_START:"msal:logoutStart",LOGOUT_SUCCESS:"msal:logoutSuccess",LOGOUT_FAILURE:"msal:logoutFailure",LOGOUT_END:"msal:logoutEnd",RESTORE_FROM_BFCACHE:"msal:restoreFromBFCache"};/! @azure/msal-browser v4.9.0 2025-03-25 /class $t extends On{constructor(e,t,n,o,i,s,a){super(e,n,o,a),this.cacheConfig=t,this.logger=o,this.internalStorage=new fn,this.browserStorage=Ir(e,t.cacheLocation,o,i),this.temporaryCacheStorage=Ir(e,t.temporaryCacheLocation,o,i),this.cookieStorage=new Os,this.performanceClient=i,this.eventHandler=s}async initialize(e){await this.browserStorage.initialize(e)}validateAndParseJson(e){try{const t=JSON.parse(e);return t&&typeof t=="object"?t:null}catch{return null}}getAccount(e){this.logger.trace("BrowserCacheManager.getAccount called");const t=this.browserStorage.getUserData(e);if(!t)return this.removeAccountKeyFromMap(e),null;const n=this.validateAndParseJson(t);return!n\|\|!q.isAccountEntity(n)?(this.removeAccountKeyFromMap(e),null):On.toObject(new q,n)}async setAccount(e,t){this.logger.trace("BrowserCacheManager.setAccount called");const n=e.generateAccountKey();await f(this.browserStorage.setUserData.bind(this.browserStorage),l.SetUserData,this.logger,this.performanceClient)(n,JSON.stringify(e),t);const o=this.addAccountKeyToMap(n);this.cacheConfig.cacheLocation===B.LocalStorage&&o&&this.eventHandler.emitEvent(y.ACCOUNT_ADDED,void 0,e.getAccountInfo())}getAccountKeys(){return Fn(this.browserStorage)}addAccountKeyToMap(e){this.logger.trace("BrowserCacheManager.addAccountKeyToMap called"),this.logger.tracePii(`BrowserCacheManager.addAccountKeyToMap called with key: ${e}`);const t=this.getAccountKeys();return t.indexOf(e)===-1?(t.push(e),this.browserStorage.setItem(Se.ACCOUNT_KEYS,JSON.stringify(t)),this.logger.verbose("BrowserCacheManager.addAccountKeyToMap account key added"),!0):(this.logger.verbose("BrowserCacheManager.addAccountKeyToMap account key already exists in map"),!1)}removeAccountKeyFromMap(e){this.logger.trace("BrowserCacheManager.removeAccountKeyFromMap called"),this.logger.tracePii(`BrowserCacheManager.removeAccountKeyFromMap called with key: ${e}`);const t=this.getAccountKeys(),n=t.indexOf(e);n>-1?(t.splice(n,1),this.browserStorage.setItem(Se.ACCOUNT_KEYS,JSON.stringify(t)),this.logger.trace("BrowserCacheManager.removeAccountKeyFromMap account key removed")):this.logger.trace("BrowserCacheManager.removeAccountKeyFromMap key not found in existing map")}async removeAccount(e){super.removeAccount(e),this.removeAccountKeyFromMap(e)}async removeAccountContext(e){await super.removeAccountContext(e),this.cacheConfig.cacheLocation===B.LocalStorage&&this.eventHandler.emitEvent(y.ACCOUNT_REMOVED,void 0,e.getAccountInfo())}removeIdToken(e){super.removeIdToken(e),this.removeTokenKey(e,I.ID_TOKEN)}async removeAccessToken(e){super.removeAccessToken(e),this.removeTokenKey(e,I.ACCESS_TOKEN)}removeRefreshToken(e){super.removeRefreshToken(e),this.removeTokenKey(e,I.REFRESH_TOKEN)}getTokenKeys(){return Kn(this.clientId,this.browserStorage)}addTokenKey(e,t){this.logger.trace("BrowserCacheManager addTokenKey called");const n=this.getTokenKeys();switch(t){case I.ID_TOKEN:n.idToken.indexOf(e)===-1&&(this.logger.info("BrowserCacheManager: addTokenKey - idToken added to map"),n.idToken.push(e));break;case I.ACCESS_TOKEN:n.accessToken.indexOf(e)===-1&&(this.logger.info("BrowserCacheManager: addTokenKey - accessToken added to map"),n.accessToken.push(e));break;case I.REFRESH_TOKEN:n.refreshToken.indexOf(e)===-1&&(this.logger.info("BrowserCacheManager: addTokenKey - refreshToken added to map"),n.refreshToken.push(e));break;default:throw this.logger.error(`BrowserCacheManager:addTokenKey - CredentialType provided invalid. CredentialType: ${t}`),p(Rn)}this.browserStorage.setItem(`${Se.TOKEN_KEYS}.${this.clientId}`,JSON.stringify(n))}removeTokenKey(e,t){this.logger.trace("BrowserCacheManager removeTokenKey called");const n=this.getTokenKeys();switch(t){case I.ID_TOKEN:this.logger.infoPii(`BrowserCacheManager: removeTokenKey - attempting to remove idToken with key: ${e} from map`);const o=n.idToken.indexOf(e);o>-1?(this.logger.info("BrowserCacheManager: removeTokenKey - idToken removed from map"),n.idToken.splice(o,1)):this.logger.info("BrowserCacheManager: removeTokenKey - idToken does not exist in map. Either it was previously removed or it was never added.");break;case I.ACCESS_TOKEN:this.logger.infoPii(`BrowserCacheManager: removeTokenKey - attempting to remove accessToken with key: ${e} from map`);const i=n.accessToken.indexOf(e);i>-1?(this.logger.info("BrowserCacheManager: removeTokenKey - accessToken removed from map"),n.accessToken.splice(i,1)):this.logger.info("BrowserCacheManager: removeTokenKey - accessToken does not exist in map. Either it was previously removed or it was never added.");break;case I.REFRESH_TOKEN:this.logger.infoPii(`BrowserCacheManager: removeTokenKey - attempting to remove refreshToken with key: ${e} from map`);const s=n.refreshToken.indexOf(e);s>-1?(this.logger.info("BrowserCacheManager: removeTokenKey - refreshToken removed from map"),n.refreshToken.splice(s,1)):this.logger.info("BrowserCacheManager: removeTokenKey - refreshToken does not exist in map. Either it was previously removed or it was never added.");break;default:throw this.logger.error(`BrowserCacheManager:removeTokenKey - CredentialType provided invalid. CredentialType: ${t}`),p(Rn)}this.browserStorage.setItem(`${Se.TOKEN_KEYS}.${this.clientId}`,JSON.stringify(n))}getIdTokenCredential(e){const t=this.browserStorage.getUserData(e);if(!t)return this.logger.trace("BrowserCacheManager.getIdTokenCredential: called, no cache hit"),this.removeTokenKey(e,I.ID_TOKEN),null;const n=this.validateAndParseJson(t);return!n\|\|!ga(n)?(this.logger.trace("BrowserCacheManager.getIdTokenCredential: called, no cache hit"),this.removeTokenKey(e,I.ID_TOKEN),null):(this.logger.trace("BrowserCacheManager.getIdTokenCredential: cache hit"),n)}async setIdTokenCredential(e,t){this.logger.trace("BrowserCacheManager.setIdTokenCredential called");const n=rt(e);await f(this.browserStorage.setUserData.bind(this.browserStorage),l.SetUserData,this.logger,this.performanceClient)(n,JSON.stringify(e),t),this.addTokenKey(n,I.ID_TOKEN)}getAccessTokenCredential(e){const t=this.browserStorage.getUserData(e);if(!t)return this.logger.trace("BrowserCacheManager.getAccessTokenCredential: called, no cache hit"),this.removeTokenKey(e,I.ACCESS_TOKEN),null;const n=this.validateAndParseJson(t);return!n\|\|!ua(n)?(this.logger.trace("BrowserCacheManager.getAccessTokenCredential: called, no cache hit"),this.removeTokenKey(e,I.ACCESS_TOKEN),null):(this.logger.trace("BrowserCacheManager.getAccessTokenCredential: cache hit"),n)}async setAccessTokenCredential(e,t){this.logger.trace("BrowserCacheManager.setAccessTokenCredential called");const n=rt(e);await f(this.browserStorage.setUserData.bind(this.browserStorage),l.SetUserData,this.logger,this.performanceClient)(n,JSON.stringify(e),t),this.addTokenKey(n,I.ACCESS_TOKEN)}getRefreshTokenCredential(e){const t=this.browserStorage.getUserData(e);if(!t)return this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: called, no cache hit"),this.removeTokenKey(e,I.REFRESH_TOKEN),null;const n=this.validateAndParseJson(t);return!n\|\|!fa(n)?(this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: called, no cache hit"),this.removeTokenKey(e,I.REFRESH_TOKEN),null):(this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: cache hit"),n)}async setRefreshTokenCredential(e,t){this.logger.trace("BrowserCacheManager.setRefreshTokenCredential called");const n=rt(e);await f(this.browserStorage.setUserData.bind(this.browserStorage),l.SetUserData,this.logger,this.performanceClient)(n,JSON.stringify(e),t),this.addTokenKey(n,I.REFRESH_TOKEN)}getAppMetadata(e){const t=this.browserStorage.getItem(e);if(!t)return this.logger.trace("BrowserCacheManager.getAppMetadata: called, no cache hit"),null;const n=this.validateAndParseJson(t);return!n\|\|!wa(e,n)?(this.logger.trace("BrowserCacheManager.getAppMetadata: called, no cache hit"),null):(this.logger.trace("BrowserCacheManager.getAppMetadata: cache hit"),n)}setAppMetadata(e){this.logger.trace("BrowserCacheManager.setAppMetadata called");const t=Ea(e);this.browserStorage.setItem(t,JSON.stringify(e))}getServerTelemetry(e){const t=this.browserStorage.getItem(e);if(!t)return this.logger.trace("BrowserCacheManager.getServerTelemetry: called, no cache hit"),null;const n=this.validateAndParseJson(t);return!n\|\|!Aa(e,n)?(this.logger.trace("BrowserCacheManager.getServerTelemetry: called, no cache hit"),null):(this.logger.trace("BrowserCacheManager.getServerTelemetry: cache hit"),n)}setServerTelemetry(e,t){this.logger.trace("BrowserCacheManager.setServerTelemetry called"),this.browserStorage.setItem(e,JSON.stringify(t))}getAuthorityMetadata(e){const t=this.internalStorage.getItem(e);if(!t)return this.logger.trace("BrowserCacheManager.getAuthorityMetadata: called, no cache hit"),null;const n=this.validateAndParseJson(t);return n&&va(e,n)?(this.logger.trace("BrowserCacheManager.getAuthorityMetadata: cache hit"),n):null}getAuthorityMetadataKeys(){return this.internalStorage.getKeys().filter(t=>this.isAuthorityMetadata(t))}setWrapperMetadata(e,t){this.internalStorage.setItem(kt.WRAPPER_SKU,e),this.internalStorage.setItem(kt.WRAPPER_VER,t)}getWrapperMetadata(){const e=this.internalStorage.getItem(kt.WRAPPER_SKU)\|\|g.EMPTY_STRING,t=this.internalStorage.getItem(kt.WRAPPER_VER)\|\|g.EMPTY_STRING;return[e,t]}setAuthorityMetadata(e,t){this.logger.trace("BrowserCacheManager.setAuthorityMetadata called"),this.internalStorage.setItem(e,JSON.stringify(t))}getActiveAccount(){const e=this.generateCacheKey(Yo.ACTIVE_ACCOUNT_FILTERS),t=this.browserStorage.getItem(e);if(!t)return this.logger.trace("BrowserCacheManager.getActiveAccount: No active account filters found"),null;const n=this.validateAndParseJson(t);return n?(this.logger.trace("BrowserCacheManager.getActiveAccount: Active account filters schema found"),this.getAccountInfoFilteredBy({homeAccountId:n.homeAccountId,localAccountId:n.localAccountId,tenantId:n.tenantId})):(this.logger.trace("BrowserCacheManager.getActiveAccount: No active account found"),null)}setActiveAccount(e){const t=this.generateCacheKey(Yo.ACTIVE_ACCOUNT_FILTERS);if(e){this.logger.verbose("setActiveAccount: Active account set");const n={homeAccountId:e.homeAccountId,localAccountId:e.localAccountId,tenantId:e.tenantId};this.browserStorage.setItem(t,JSON.stringify(n))}else this.logger.verbose("setActiveAccount: No account passed, active account not set"),this.browserStorage.removeItem(t);this.eventHandler.emitEvent(y.ACTIVE_ACCOUNT_CHANGED)}getThrottlingCache(e){const t=this.browserStorage.getItem(e);if(!t)return this.logger.trace("BrowserCacheManager.getThrottlingCache: called, no cache hit"),null;const n=this.validateAndParseJson(t);return!n\|\|!Ia(e,n)?(this.logger.trace("BrowserCacheManager.getThrottlingCache: called, no cache hit"),null):(this.logger.trace("BrowserCacheManager.getThrottlingCache: cache hit"),n)}setThrottlingCache(e,t){this.logger.trace("BrowserCacheManager.setThrottlingCache called"),this.browserStorage.setItem(e,JSON.stringify(t))}getTemporaryCache(e,t){const n=t?this.generateCacheKey(e):e;if(this.cacheConfig.storeAuthStateInCookie){const i=this.cookieStorage.getItem(n);if(i)return this.logger.trace("BrowserCacheManager.getTemporaryCache: storeAuthStateInCookies set to true, retrieving from cookies"),i}const o=this.temporaryCacheStorage.getItem(n);if(!o){if(this.cacheConfig.cacheLocation===B.LocalStorage){const i=this.browserStorage.getItem(n);if(i)return this.logger.trace("BrowserCacheManager.getTemporaryCache: Temporary cache item found in local storage"),i}return this.logger.trace("BrowserCacheManager.getTemporaryCache: No cache item found in local storage"),null}return this.logger.trace("BrowserCacheManager.getTemporaryCache: Temporary cache item returned"),o}setTemporaryCache(e,t,n){const o=n?this.generateCacheKey(e):e;this.temporaryCacheStorage.setItem(o,t),this.cacheConfig.storeAuthStateInCookie&&(this.logger.trace("BrowserCacheManager.setTemporaryCache: storeAuthStateInCookie set to true, setting item cookie"),this.cookieStorage.setItem(o,t,void 0,this.cacheConfig.secureCookies))}removeItem(e){this.browserStorage.removeItem(e)}removeTemporaryItem(e){this.temporaryCacheStorage.removeItem(e),this.cacheConfig.storeAuthStateInCookie&&(this.logger.trace("BrowserCacheManager.removeItem: storeAuthStateInCookie is true, clearing item cookie"),this.cookieStorage.removeItem(e))}getKeys(){return this.browserStorage.getKeys()}async clear(){await this.removeAllAccounts(),this.removeAppMetadata(),this.temporaryCacheStorage.getKeys().forEach(e=>{(e.indexOf(g.CACHE_PREFIX)!==-1\|\|e.indexOf(this.clientId)!==-1)&&this.removeTemporaryItem(e)}),this.browserStorage.getKeys().forEach(e=>{(e.indexOf(g.CACHE_PREFIX)!==-1\|\|e.indexOf(this.clientId)!==-1)&&this.browserStorage.removeItem(e)}),this.internalStorage.clear()}async clearTokensAndKeysWithClaims(e,t){e.addQueueMeasurement(l.ClearTokensAndKeysWithClaims,t);const n=this.getTokenKeys(),o=[];n.accessToken.forEach(i=>{const s=this.getAccessTokenCredential(i);s!=null&&s.requestedClaimsHash&&i.includes(s.requestedClaimsHash.toLowerCase())&&o.push(this.removeAccessToken(i))}),await Promise.all(o),o.length>0&&this.logger.warning(`${o.length} access tokens with claims in the cache keys have been removed from the cache.`)}generateCacheKey(e){return this.validateAndParseJson(e)?JSON.stringify(e):ie.startsWith(e,g.CACHE_PREFIX)?e:`${g.CACHE_PREFIX}.${this.clientId}.${e}`}resetRequestCache(){this.logger.trace("BrowserCacheManager.resetRequestCache called"),this.removeTemporaryItem(this.generateCacheKey(U.REQUEST_PARAMS)),this.removeTemporaryItem(this.generateCacheKey(U.VERIFIER)),this.removeTemporaryItem(this.generateCacheKey(U.ORIGIN_URI)),this.removeTemporaryItem(this.generateCacheKey(U.URL_HASH)),this.removeTemporaryItem(this.generateCacheKey(U.NATIVE_REQUEST)),this.setInteractionInProgress(!1)}cacheAuthorizeRequest(e,t){this.logger.trace("BrowserCacheManager.cacheAuthorizeRequest called");const n=gt(JSON.stringify(e));if(this.setTemporaryCache(U.REQUEST_PARAMS,n,!0),t){const o=gt(t);this.setTemporaryCache(U.VERIFIER,o,!0)}}getCachedRequest(){this.logger.trace("BrowserCacheManager.getCachedRequest called");const e=this.getTemporaryCache(U.REQUEST_PARAMS,!0);if(!e)throw C(ns);const t=this.getTemporaryCache(U.VERIFIER,!0);let n,o="";try{n=JSON.parse(se(e)),t&&(o=se(t))}catch(i){throw this.logger.errorPii(`Attempted to parse: ${e}`),this.logger.error(`Parsing cached token request threw with error: ${i}`),C(os)}return[n,o]}getCachedNativeRequest(){this.logger.trace("BrowserCacheManager.getCachedNativeRequest called");const e=this.getTemporaryCache(U.NATIVE_REQUEST,!0);if(!e)return this.logger.trace("BrowserCacheManager.getCachedNativeRequest: No cached native request found"),null;const t=this.validateAndParseJson(e);return t\|\|(this.logger.error("BrowserCacheManager.getCachedNativeRequest: Unable to parse native request"),null)}isInteractionInProgress(e){const t=this.getInteractionInProgress();return e?t===this.clientId:!!t}getInteractionInProgress(){const e=`${g.CACHE_PREFIX}.${U.INTERACTION_STATUS_KEY}`;return this.getTemporaryCache(e,!1)}setInteractionInProgress(e){const t=`${g.CACHE_PREFIX}.${U.INTERACTION_STATUS_KEY}`;if(e){if(this.getInteractionInProgress())throw C(Yi);this.setTemporaryCache(t,this.clientId,!1)}else!e&&this.getInteractionInProgress()===this.clientId&&this.removeTemporaryItem(t)}async hydrateCache(e,t){var a,c,d;const n=Jt((a=e.account)==null?void 0:a.homeAccountId,(c=e.account)==null?void 0:c.environment,e.idToken,this.clientId,e.tenantId);let o;t.claims&&(o=await this.cryptoImpl.hashString(t.claims));const i=Xt((d=e.account)==null?void 0:d.homeAccountId,e.account.environment,e.accessToken,this.clientId,e.tenantId,e.scopes.join(" "),e.expiresOn?Zo(e.expiresOn):0,e.extExpiresOn?Zo(e.extExpiresOn):0,se,void 0,e.tokenType,void 0,t.sshKid,t.claims,o),s={idToken:n,accessToken:i};return this.saveCacheRecord(s,e.correlationId)}async saveCacheRecord(e,t,n){try{await super.saveCacheRecord(e,t,n)}catch(o){if(o instanceof Ve&&this.performanceClient&&t)try{const i=this.getTokenKeys();this.performanceClient.addFields({cacheRtCount:i.refreshToken.length,cacheIdCount:i.idToken.length,cacheAtCount:i.accessToken.length},t)}catch{}throw o}}}function Ir(r,e,t,n){try{switch(e){case B.LocalStorage:return new ed(r,t,n);case B.SessionStorage:return new td;case B.MemoryStorage:default:break}}catch(o){t.error(o)}return new fn}const Ps=(r,e,t,n)=>{const o={cacheLocation:B.MemoryStorage,temporaryCacheLocation:B.MemoryStorage,storeAuthStateInCookie:!1,secureCookies:!1,cacheMigrationEnabled:!1,claimsBasedCachingEnabled:!1};return new $t(r,o,lt,e,t,n)};/! @azure/msal-browser v4.9.0 2025-03-25 /function Ns(r,e,t,n){return r.verbose("getAllAccounts called"),t?e.getAllAccounts(n):[]}function Bn(r,e,t){if(e.trace("getAccount called"),Object.keys(r).length===0)return e.warning("getAccount: No accountFilter provided"),null;const n=t.getAccountInfoFilteredBy(r);return n?(e.verbose("getAccount: Account matching provided filter found, returning"),n):(e.verbose("getAccount: No matching account found, returning null"),null)}function Ms(r,e,t){if(e.trace("getAccountByUsername called"),!r)return e.warning("getAccountByUsername: No username provided"),null;const n=t.getAccountInfoFilteredBy({username:r});return n?(e.verbose("getAccountByUsername: Account matching username found, returning"),e.verbosePii(`getAccountByUsername: Returning signed-in accounts matching username: ${r}`),n):(e.verbose("getAccountByUsername: No matching account found, returning null"),null)}function Us(r,e,t){if(e.trace("getAccountByHomeId called"),!r)return e.warning("getAccountByHomeId: No homeAccountId provided"),null;const n=t.getAccountInfoFilteredBy({homeAccountId:r});return n?(e.verbose("getAccountByHomeId: Account matching homeAccountId found, returning"),e.verbosePii(`getAccountByHomeId: Returning signed-in accounts matching homeAccountId: ${r}`),n):(e.verbose("getAccountByHomeId: No matching account found, returning null"),null)}function Ls(r,e,t){if(e.trace("getAccountByLocalId called"),!r)return e.warning("getAccountByLocalId: No localAccountId provided"),null;const n=t.getAccountInfoFilteredBy({localAccountId:r});return n?(e.verbose("getAccountByLocalId: Account matching localAccountId found, returning"),e.verbosePii(`getAccountByLocalId: Returning signed-in accounts matching localAccountId: ${r}`),n):(e.verbose("getAccountByLocalId: No matching account found, returning null"),null)}function Hs(r,e){e.setActiveAccount(r)}function Ds(r){return r.getActiveAccount()}/! @azure/msal-browser v4.9.0 2025-03-25 /const nd="msal.broadcast.event";class xs{constructor(e){this.eventCallbacks=new Map,this.logger=e\|\|new Ae({}),typeof BroadcastChannel<"u"&&(this.broadcastChannel=new BroadcastChannel(nd)),this.invokeCrossTabCallbacks=this.invokeCrossTabCallbacks.bind(this)}addEventCallback(e,t,n){if(typeof window<"u"){const o=n\|\|Gl();return this.eventCallbacks.has(o)?(this.logger.error(`Event callback with id: ${o} is already registered. Please provide a unique id or remove the existing callback and try again.`),null):(this.eventCallbacks.set(o,[e,t\|\|[]]),this.logger.verbose(`Event callback registered with id: ${o}`),o)}return null}removeEventCallback(e){this.eventCallbacks.delete(e),this.logger.verbose(`Event callback ${e} removed.`)}emitEvent(e,t,n,o){var s;const i={eventType:e,interactionType:t\|\|null,payload:n\|\|null,error:o\|\|null,timestamp:Date.now()};switch(e){case y.ACCOUNT_ADDED:case y.ACCOUNT_REMOVED:case y.ACTIVE_ACCOUNT_CHANGED:(s=this.broadcastChannel)==null\|\|s.postMessage(i);break;default:this.invokeCallbacks(i);break}}invokeCallbacks(e){this.eventCallbacks.forEach(([t,n],o)=>{(n.length===0\|\|n.includes(e.eventType))&&(this.logger.verbose(`Emitting event to callback ${o}: ${e.eventType}`),t.apply(null,[e]))})}invokeCrossTabCallbacks(e){const t=e.data;this.invokeCallbacks(t)}subscribeCrossTab(){var e;(e=this.broadcastChannel)==null\|\|e.addEventListener("message",this.invokeCrossTabCallbacks)}unsubscribeCrossTab(){var e;(e=this.broadcastChannel)==null\|\|e.removeEventListener("message",this.invokeCrossTabCallbacks)}}/! @azure/msal-browser v4.9.0 2025-03-25 /class Fs{constructor(e,t,n,o,i,s,a,c,d){this.config=e,this.browserStorage=t,this.browserCrypto=n,this.networkClient=this.config.system.networkClient,this.eventHandler=i,this.navigationClient=s,this.nativeMessageHandler=c,this.correlationId=d\|\|Z(),this.logger=o.clone(Q.MSAL_SKU,Xe,this.correlationId),this.performanceClient=a}async clearCacheOnLogout(e){if(e){q.accountInfoIsEqual(e,this.browserStorage.getActiveAccount(),!1)&&(this.logger.verbose("Setting active account to null"),this.browserStorage.setActiveAccount(null));try{await this.browserStorage.removeAccount(q.generateAccountCacheKey(e)),this.logger.verbose("Cleared cache items belonging to the account provided in the logout request.")}catch{this.logger.error("Account provided in logout request was not found. Local cache unchanged.")}}else try{this.logger.verbose("No account provided in logout request, clearing all cache items.",this.correlationId),await this.browserStorage.clear(),await this.browserCrypto.clearKeystore()}catch{this.logger.error("Attempted to clear all MSAL cache items and failed. Local cache unchanged.")}}getRedirectUri(e){this.logger.verbose("getRedirectUri called");const t=e\|\|this.config.auth.redirectUri;return S.getAbsoluteUrl(t,Ce())}initializeServerTelemetryManager(e,t){this.logger.verbose("initializeServerTelemetryManager called");const n={clientId:this.config.auth.clientId,correlationId:this.correlationId,apiId:e,forceRefresh:t\|\|!1,wrapperSKU:this.browserStorage.getWrapperMetadata()[0],wrapperVer:this.browserStorage.getWrapperMetadata()[1]};return new ht(n,this.browserStorage)}async getDiscoveredAuthority(e){const{account:t}=e,n=e.requestExtraQueryParameters&&e.requestExtraQueryParameters.hasOwnProperty("instance_aware")?e.requestExtraQueryParameters.instance_aware:void 0;this.performanceClient.addQueueMeasurement(l.StandardInteractionClientGetDiscoveredAuthority,this.correlationId);const o={protocolMode:this.config.auth.protocolMode,OIDCOptions:this.config.auth.OIDCOptions,knownAuthorities:this.config.auth.knownAuthorities,cloudDiscoveryMetadata:this.config.auth.cloudDiscoveryMetadata,authorityMetadata:this.config.auth.authorityMetadata,skipAuthorityMetadataCache:this.config.auth.skipAuthorityMetadataCache},i=e.requestAuthority\|\|this.config.auth.authority,s=n!=null&&n.length?n==="true":this.config.auth.instanceAware,a=t&&s?this.config.auth.authority.replace(S.getDomainFromUrl(i),t.environment):i,c=G.generateAuthority(a,e.requestAzureCloudOptions\|\|this.config.auth.azureCloudOptions),d=await f(Mi,l.AuthorityFactoryCreateDiscoveredInstance,this.logger,this.performanceClient,this.correlationId)(c,this.config.system.networkClient,this.browserStorage,o,this.logger,this.correlationId,this.performanceClient);if(t&&!d.isAlias(t.environment))throw b(li);return d}}/! @azure/msal-browser v4.9.0 2025-03-25 /async function Ho(r,e,t,n){t.addQueueMeasurement(l.InitializeBaseRequest,r.correlationId);const o=r.authority\|\|e.auth.authority,i=[...r&&r.scopes\|\|[]],s={...r,correlationId:r.correlationId,authority:o,scopes:i};if(!s.authenticationScheme)s.authenticationScheme=k.BEARER,n.verbose(`Authentication Scheme wasn't explicitly set in request, defaulting to "Bearer" request`);else{if(s.authenticationScheme===k.SSH){if(!r.sshJwk)throw b(tn);if(!r.sshKid)throw b(si)}n.verbose(`Authentication Scheme set to "${s.authenticationScheme}" as configured in Auth request`)}return e.cache.claimsBasedCachingEnabled&&r.claims&&!ie.isEmptyObj(r.claims)&&(s.requestedClaimsHash=await Ss(r.claims)),s}async function od(r,e,t,n,o){n.addQueueMeasurement(l.InitializeSilentRequest,r.correlationId);const i=await f(Ho,l.InitializeBaseRequest,o,n,r.correlationId)(r,t,n,o);return{...r,...i,account:e,forceRefresh:r.forceRefresh\|\|!1}}/! @azure/msal-browser v4.9.0 2025-03-25 /class Ze extends Fs{initializeLogoutRequest(e){this.logger.verbose("initializeLogoutRequest called",e==null?void 0:e.correlationId);const t={correlationId:this.correlationId\|\|Z(),...e};if(e)if(e.logoutHint)this.logger.verbose("logoutHint has already been set in logoutRequest");else if(e.account){const n=this.getLogoutHintFromIdTokenClaims(e.account);n&&(this.logger.verbose("Setting logoutHint to login_hint ID Token Claim value for the account provided"),t.logoutHint=n)}else this.logger.verbose("logoutHint was not set and account was not passed into logout request, logoutHint will not be set");else this.logger.verbose("logoutHint will not be set since no logout request was configured");return!e\|\|e.postLogoutRedirectUri!==null?e&&e.postLogoutRedirectUri?(this.logger.verbose("Setting postLogoutRedirectUri to uri set on logout request",t.correlationId),t.postLogoutRedirectUri=S.getAbsoluteUrl(e.postLogoutRedirectUri,Ce())):this.config.auth.postLogoutRedirectUri===null?this.logger.verbose("postLogoutRedirectUri configured as null and no uri set on request, not passing post logout redirect",t.correlationId):this.config.auth.postLogoutRedirectUri?(this.logger.verbose("Setting postLogoutRedirectUri to configured uri",t.correlationId),t.postLogoutRedirectUri=S.getAbsoluteUrl(this.config.auth.postLogoutRedirectUri,Ce())):(this.logger.verbose("Setting postLogoutRedirectUri to current page",t.correlationId),t.postLogoutRedirectUri=S.getAbsoluteUrl(Ce(),Ce())):this.logger.verbose("postLogoutRedirectUri passed as null, not setting post logout redirect uri",t.correlationId),t}getLogoutHintFromIdTokenClaims(e){const t=e.idTokenClaims;if(t){if(t.login_hint)return t.login_hint;this.logger.verbose("The ID Token Claims tied to the provided account do not contain a login_hint claim, logoutHint will not be added to logout request")}else this.logger.verbose("The provided account does not contain ID Token Claims, logoutHint will not be added to logout request");return null}async createAuthCodeClient(e){this.performanceClient.addQueueMeasurement(l.StandardInteractionClientCreateAuthCodeClient,this.correlationId);const t=await f(this.getClientConfiguration.bind(this),l.StandardInteractionClientGetClientConfiguration,this.logger,this.performanceClient,this.correlationId)(e);return new Di(t,this.performanceClient)}async getClientConfiguration(e){const{serverTelemetryManager:t,requestAuthority:n,requestAzureCloudOptions:o,requestExtraQueryParameters:i,account:s}=e;this.performanceClient.addQueueMeasurement(l.StandardInteractionClientGetClientConfiguration,this.correlationId);const a=await f(this.getDiscoveredAuthority.bind(this),l.StandardInteractionClientGetDiscoveredAuthority,this.logger,this.performanceClient,this.correlationId)({requestAuthority:n,requestAzureCloudOptions:o,requestExtraQueryParameters:i,account:s}),c=this.config.system.loggerOptions;return{authOptions:{clientId:this.config.auth.clientId,authority:a,clientCapabilities:this.config.auth.clientCapabilities,redirectUri:this.config.auth.redirectUri},systemOptions:{tokenRenewalOffsetSeconds:this.config.system.tokenRenewalOffsetSeconds,preventCorsPreflight:!0},loggerOptions:{loggerCallback:c.loggerCallback,piiLoggingEnabled:c.piiLoggingEnabled,logLevel:c.logLevel,correlationId:this.correlationId},cacheOptions:{claimsBasedCachingEnabled:this.config.cache.claimsBasedCachingEnabled},cryptoInterface:this.browserCrypto,networkInterface:this.networkClient,storageInterface:this.browserStorage,serverTelemetryManager:t,libraryInfo:{sku:Q.MSAL_SKU,version:Xe,cpu:g.EMPTY_STRING,os:g.EMPTY_STRING},telemetry:this.config.telemetry}}async initializeAuthorizationRequest(e,t){this.performanceClient.addQueueMeasurement(l.StandardInteractionClientInitializeAuthorizationRequest,this.correlationId);const n=this.getRedirectUri(e.redirectUri),o={interactionType:t},i=We.setRequestState(this.browserCrypto,e&&e.state\|\|g.EMPTY_STRING,o),a={...await f(Ho,l.InitializeBaseRequest,this.logger,this.performanceClient,this.correlationId)({...e,correlationId:this.correlationId},this.config,this.performanceClient,this.logger),redirectUri:n,state:i,nonce:e.nonce\|\|Z(),responseMode:this.config.auth.OIDCOptions.serverResponseType};if(e.loginHint\|\|e.sid)return a;const c=e.account\|\|this.browserStorage.getActiveAccount();return c&&(this.logger.verbose("Setting validated request account",this.correlationId),this.logger.verbosePii(`Setting validated request account: ${c.homeAccountId}`,this.correlationId),a.account=c),a}}/! @azure/msal-browser v4.9.0 2025-03-25 /const rd="ContentError",Ks="user_switch";/! @azure/msal-browser v4.9.0 2025-03-25 /const id="USER_INTERACTION_REQUIRED",sd="USER_CANCEL",ad="NO_NETWORK",cd="PERSISTENT_ERROR",ld="DISABLED",dd="ACCOUNT_UNAVAILABLE";/! @azure/msal-browser v4.9.0 2025-03-25 /const hd=-2147186943,ud={[Ks]:"User attempted to switch accounts in the native broker, which is not allowed. All new accounts must sign-in through the standard web flow first, please try again."};class de extends _{constructor(e,t,n){super(e,t),Object.setPrototypeOf(this,de.prototype),this.name="NativeAuthError",this.ext=n}}function Ge(r){if(r.ext&&r.ext.status&&(r.ext.status===cd\|\|r.ext.status===ld)\|\|r.ext&&r.ext.error&&r.ext.error===hd)return!0;switch(r.errorCode){case rd:return!0;default:return!1}}function Gn(r,e,t){if(t&&t.status)switch(t.status){case dd:return Nn(Ui);case id:return new ne(r,e);case sd:return C(ut);case ad:return C(Gt)}return new de(r,ud[r]\|\|e,t)}/! @azure/msal-browser v4.9.0 2025-03-25 /class he{constructor(e,t,n,o){this.logger=e,this.handshakeTimeoutMs=t,this.extensionId=o,this.resolvers=new Map,this.handshakeResolvers=new Map,this.messageChannel=new MessageChannel,this.windowListener=this.onWindowMessage.bind(this),this.performanceClient=n,this.handshakeEvent=n.startMeasurement(l.NativeMessageHandlerHandshake)}async sendMessage(e){this.logger.trace("NativeMessageHandler - sendMessage called.");const t={channel:ze.CHANNEL_ID,extensionId:this.extensionId,responseId:Z(),body:e};return this.logger.trace("NativeMessageHandler - Sending request to browser extension"),this.logger.tracePii(`NativeMessageHandler - Sending request to browser extension: ${JSON.stringify(t)}`),this.messageChannel.port1.postMessage(t),new Promise((n,o)=>{this.resolvers.set(t.responseId,{resolve:n,reject:o})})}static async createProvider(e,t,n){e.trace("NativeMessageHandler - createProvider called.");try{const o=new he(e,t,n,ze.PREFERRED_EXTENSION_ID);return await o.sendHandshakeRequest(),o}catch{const i=new he(e,t,n);return await i.sendHandshakeRequest(),i}}async sendHandshakeRequest(){this.logger.trace("NativeMessageHandler - sendHandshakeRequest called."),window.addEventListener("message",this.windowListener,!1);const e={channel:ze.CHANNEL_ID,extensionId:this.extensionId,responseId:Z(),body:{method:Ue.HandshakeRequest}};return this.handshakeEvent.add({extensionId:this.extensionId,extensionHandshakeTimeoutMs:this.handshakeTimeoutMs}),this.messageChannel.port1.onmessage=t=>{this.onChannelMessage(t)},window.postMessage(e,window.origin,[this.messageChannel.port2]),new Promise((t,n)=>{this.handshakeResolvers.set(e.responseId,{resolve:t,reject:n}),this.timeoutId=window.setTimeout(()=>{window.removeEventListener("message",this.windowListener,!1),this.messageChannel.port1.close(),this.messageChannel.port2.close(),this.handshakeEvent.end({extensionHandshakeTimedOut:!0,success:!1}),n(C(hs)),this.handshakeResolvers.delete(e.responseId)},this.handshakeTimeoutMs)})}onWindowMessage(e){if(this.logger.trace("NativeMessageHandler - onWindowMessage called"),e.source!==window)return;const t=e.data;if(!(!t.channel\|\|t.channel!==ze.CHANNEL_ID)&&!(t.extensionId&&t.extensionId!==this.extensionId)&&t.body.method===Ue.HandshakeRequest){const n=this.handshakeResolvers.get(t.responseId);if(!n){this.logger.trace(`NativeMessageHandler.onWindowMessage - resolver can't be found for request ${t.responseId}`);return}this.logger.verbose(t.extensionId?`Extension with id: ${t.extensionId} not installed`:"No extension installed"),clearTimeout(this.timeoutId),this.messageChannel.port1.close(),this.messageChannel.port2.close(),window.removeEventListener("message",this.windowListener,!1),this.handshakeEvent.end({success:!1,extensionInstalled:!1}),n.reject(C(us))}}onChannelMessage(e){this.logger.trace("NativeMessageHandler - onChannelMessage called.");const t=e.data,n=this.resolvers.get(t.responseId),o=this.handshakeResolvers.get(t.responseId);try{const i=t.body.method;if(i===Ue.Response){if(!n)return;const s=t.body.response;if(this.logger.trace("NativeMessageHandler - Received response from browser extension"),this.logger.tracePii(`NativeMessageHandler - Received response from browser extension: ${JSON.stringify(s)}`),s.status!=="Success")n.reject(Gn(s.code,s.description,s.ext));else if(s.result)s.result.code&&s.result.description?n.reject(Gn(s.result.code,s.result.description,s.result.ext)):n.resolve(s.result);else throw _r(qn,"Event does not contain result.");this.resolvers.delete(t.responseId)}else if(i===Ue.HandshakeResponse){if(!o){this.logger.trace(`NativeMessageHandler.onChannelMessage - resolver can't be found for request ${t.responseId}`);return}clearTimeout(this.timeoutId),window.removeEventListener("message",this.windowListener,!1),this.extensionId=t.extensionId,this.extensionVersion=t.body.version,this.logger.verbose(`NativeMessageHandler - Received HandshakeResponse from extension: ${this.extensionId}`),this.handshakeEvent.end({extensionInstalled:!0,success:!0}),o.resolve(),this.handshakeResolvers.delete(t.responseId)}}catch(i){this.logger.error("Error parsing response from WAM Extension"),this.logger.errorPii(`Error parsing response from WAM Extension: ${i}`),this.logger.errorPii(`Unable to parse ${e}`),n?n.reject(i):o&&o.reject(i)}}getExtensionId(){return this.extensionId}getExtensionVersion(){return this.extensionVersion}static isPlatformBrokerAvailable(e,t,n,o){if(t.trace("isPlatformBrokerAvailable called"),!e.system.allowPlatformBroker)return t.trace("isPlatformBrokerAvailable: allowPlatformBroker is not enabled, returning false"),!1;if(!n)return t.trace("isPlatformBrokerAvailable: Platform extension provider is not initialized, returning false"),!1;if(o)switch(o){case k.BEARER:case k.POP:return t.trace("isPlatformBrokerAvailable: authenticationScheme is supported, returning true"),!0;default:return t.trace("isPlatformBrokerAvailable: authenticationScheme is not supported, returning false"),!1}return!0}}/! @azure/msal-browser v4.9.0 2025-03-25 /function gd(r,e){if(!e)return null;try{return We.parseRequestState(r,e).libraryState.meta}catch{throw p(Qe)}}/! @azure/msal-browser v4.9.0 2025-03-25 /function Vt(r,e,t){const n=Ht(r);if(!n)throw hi(r)?(t.error(`A ${e} is present in the iframe but it does not contain known properties. It's likely that the ${e} has been replaced by code running on the redirectUri page.`),t.errorPii(`The ${e} detected is: ${r}`),C($i)):(t.error(`The request has returned to the redirectUri but a ${e} is not present. It's likely that the ${e} has been removed or the page has been redirected by code running on the redirectUri page.`),C(qi));return n}function fd(r,e,t){if(!r.state)throw C(Eo);const n=gd(e,r.state);if(!n)throw C(Vi);if(n.interactionType!==t)throw C(Qi)}/! @azure/msal-browser v4.9.0 2025-03-25 /class Bs{constructor(e,t,n,o,i){this.authModule=e,this.browserStorage=t,this.authCodeRequest=n,this.logger=o,this.performanceClient=i}async handleCodeResponse(e,t){this.performanceClient.addQueueMeasurement(l.HandleCodeResponse,t.correlationId);let n;try{n=el(e,t.state)}catch(o){throw o instanceof Ne&&o.subError===ut?C(ut):o}return f(this.handleCodeResponseFromServer.bind(this),l.HandleCodeResponseFromServer,this.logger,this.performanceClient,t.correlationId)(n,t)}async handleCodeResponseFromServer(e,t,n=!0){if(this.performanceClient.addQueueMeasurement(l.HandleCodeResponseFromServer,t.correlationId),this.logger.trace("InteractionHandler.handleCodeResponseFromServer called"),this.authCodeRequest.code=e.code,e.cloud_instance_host_name&&await f(this.authModule.updateAuthority.bind(this.authModule),l.UpdateTokenEndpointAuthority,this.logger,this.performanceClient,t.correlationId)(e.cloud_instance_host_name,t.correlationId),n&&(e.nonce=t.nonce\|\|void 0),e.state=t.state,e.client_info)this.authCodeRequest.clientInfo=e.client_info;else{const i=this.createCcsCredentials(t);i&&(this.authCodeRequest.ccsCredential=i)}return await f(this.authModule.acquireToken.bind(this.authModule),l.AuthClientAcquireToken,this.logger,this.performanceClient,t.correlationId)(this.authCodeRequest,e)}createCcsCredentials(e){return e.account?{credential:e.account.homeAccountId,type:re.HOME_ACCOUNT_ID}:e.loginHint?{credential:e.loginHint,type:re.UPN}:null}}/! @azure/msal-browser v4.9.0 2025-03-25 /class Gs extends Ze{async acquireToken(e){this.performanceClient.addQueueMeasurement(l.SilentCacheClientAcquireToken,e.correlationId);const t=this.initializeServerTelemetryManager(O.acquireTokenSilent_silentFlow),n=await f(this.getClientConfiguration.bind(this),l.StandardInteractionClientGetClientConfiguration,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:t,requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,account:e.account}),o=new Jc(n,this.performanceClient);this.logger.verbose("Silent auth client created");try{const s=(await f(o.acquireCachedToken.bind(o),l.SilentFlowClientAcquireCachedToken,this.logger,this.performanceClient,e.correlationId)(e))[0];return this.performanceClient.addFields({fromCache:!0},e.correlationId),s}catch(i){throw i instanceof mt&&i.errorCode===wo&&this.logger.verbose("Signing keypair for bound access token not found. Refreshing bound access token and generating a new crypto keypair."),i}}logout(e){this.logger.verbose("logoutRedirect called");const t=this.initializeLogoutRequest(e);return this.clearCacheOnLogout(t==null?void 0:t.account)}}/! @azure/msal-browser v4.9.0 2025-03-25 /class Ot extends Fs{constructor(e,t,n,o,i,s,a,c,d,h,u,m){var E;super(e,t,n,o,i,s,c,d,m),this.apiId=a,this.accountId=h,this.nativeMessageHandler=d,this.nativeStorageManager=u,this.silentCacheClient=new Gs(e,this.nativeStorageManager,n,o,i,s,c,d,m);const A=this.nativeMessageHandler.getExtensionId()===ze.PREFERRED_EXTENSION_ID?"chrome":(E=this.nativeMessageHandler.getExtensionId())!=null&&E.length?"unknown":void 0;this.skus=ht.makeExtraSkuString({libraryName:Q.MSAL_SKU,libraryVersion:Xe,extensionName:A,extensionVersion:this.nativeMessageHandler.getExtensionVersion()})}addRequestSKUs(e){e.extraParameters={...e.extraParameters,[Ac]:this.skus}}async acquireToken(e,t){this.performanceClient.addQueueMeasurement(l.NativeInteractionClientAcquireToken,e.correlationId),this.logger.trace("NativeInteractionClient - acquireToken called.");const n=this.performanceClient.startMeasurement(l.NativeInteractionClientAcquireToken,e.correlationId),o=j(),i=this.initializeServerTelemetryManager(this.apiId);try{const s=await this.initializeNativeRequest(e);try{const u=await this.acquireTokensFromCache(this.accountId,s);return n.end({success:!0,isNativeBroker:!1,fromCache:!0}),u}catch(u){if(t===H.AccessToken)throw this.logger.info("MSAL internal Cache does not contain tokens, return error as per cache policy"),u;this.logger.info("MSAL internal Cache does not contain tokens, proceed to make a native call")}const{...a}=s,c={method:Ue.GetToken,request:a},d=await this.nativeMessageHandler.sendMessage(c),h=this.validateNativeResponse(d);return await this.handleNativeResponse(h,s,o).then(u=>(n.end({success:!0,isNativeBroker:!0,requestId:u.requestId}),i.clearNativeBrokerErrorCode(),u)).catch(u=>{throw n.end({success:!1,errorCode:u.errorCode,subErrorCode:u.subError,isNativeBroker:!0}),u})}catch(s){throw s instanceof de&&i.setNativeBrokerErrorCode(s.errorCode),s}}createSilentCacheRequest(e,t){return{authority:e.authority,correlationId:this.correlationId,scopes:M.fromString(e.scope).asArray(),account:t,forceRefresh:!1}}async acquireTokensFromCache(e,t){if(!e)throw this.logger.warning("NativeInteractionClient:acquireTokensFromCache - No nativeAccountId provided"),p(Mt);const n=this.browserStorage.getBaseAccountInfo({nativeAccountId:e});if(!n)throw p(Mt);try{const o=this.createSilentCacheRequest(t,n),i=await this.silentCacheClient.acquireToken(o),s={...n,idTokenClaims:i==null?void 0:i.idTokenClaims,idToken:i==null?void 0:i.idToken};return{...i,account:s}}catch(o){throw o}}async acquireTokenRedirect(e,t){this.logger.trace("NativeInteractionClient - acquireTokenRedirect called.");const{...n}=e;delete n.onRedirectNavigate;const o=await this.initializeNativeRequest(n),i={method:Ue.GetToken,request:o};try{const c=await this.nativeMessageHandler.sendMessage(i);this.validateNativeResponse(c)}catch(c){if(c instanceof de&&(this.initializeServerTelemetryManager(this.apiId).setNativeBrokerErrorCode(c.errorCode),Ge(c)))throw c}this.browserStorage.setTemporaryCache(U.NATIVE_REQUEST,JSON.stringify(o),!0);const s={apiId:O.acquireTokenRedirect,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},a=this.config.auth.navigateToLoginRequestUrl?window.location.href:this.getRedirectUri(e.redirectUri);t.end({success:!0}),await this.navigationClient.navigateExternal(a,s)}async handleRedirectPromise(e,t){if(this.logger.trace("NativeInteractionClient - handleRedirectPromise called."),!this.browserStorage.isInteractionInProgress(!0))return this.logger.info("handleRedirectPromise called but there is no interaction in progress, returning null."),null;const n=this.browserStorage.getCachedNativeRequest();if(!n)return this.logger.verbose("NativeInteractionClient - handleRedirectPromise called but there is no cached request, returning null."),e&&t&&(e==null\|\|e.addFields({errorCode:"no_cached_request"},t)),null;const{prompt:o,...i}=n;o&&this.logger.verbose("NativeInteractionClient - handleRedirectPromise called and prompt was included in the original request, removing prompt from cached request to prevent second interaction with native broker window."),this.browserStorage.removeItem(this.browserStorage.generateCacheKey(U.NATIVE_REQUEST));const s={method:Ue.GetToken,request:i},a=j();try{this.logger.verbose("NativeInteractionClient - handleRedirectPromise sending message to native broker.");const c=await this.nativeMessageHandler.sendMessage(s);this.validateNativeResponse(c);const h=await this.handleNativeResponse(c,i,a);return this.initializeServerTelemetryManager(this.apiId).clearNativeBrokerErrorCode(),h}catch(c){throw c}}logout(){return this.logger.trace("NativeInteractionClient - logout called."),Promise.reject("Logout not implemented yet")}async handleNativeResponse(e,t,n){var h,u;this.logger.trace("NativeInteractionClient - handleNativeResponse called.");const o=be(e.id_token,se),i=this.createHomeAccountIdentifier(e,o),s=(h=this.browserStorage.getAccountInfoFilteredBy({nativeAccountId:t.accountId}))==null?void 0:h.homeAccountId;if((u=t.extraParameters)!=null&&u.child_client_id&&e.account.id!==t.accountId)this.logger.info("handleNativeServerResponse: Double broker flow detected, ignoring accountId mismatch");else if(i!==s&&e.account.id!==t.accountId)throw Gn(Ks);const a=await this.getDiscoveredAuthority({requestAuthority:t.authority}),c=Co(this.browserStorage,a,i,se,o,e.client_info,void 0,o.tid,void 0,e.account.id,this.logger);e.expires_in=Number(e.expires_in);const d=await this.generateAuthenticationResult(e,t,o,c,a.canonicalAuthority,n);return await this.cacheAccount(c),await this.cacheNativeTokens(e,t,i,o,e.access_token,d.tenantId,n),d}createHomeAccountIdentifier(e,t){return q.generateHomeAccountId(e.client_info\|\|g.EMPTY_STRING,oe.Default,this.logger,this.browserCrypto,t)}generateScopes(e,t){return e.scope?M.fromString(e.scope):M.fromString(t.scope)}async generatePopAccessToken(e,t){if(t.tokenType===k.POP&&t.signPopToken){if(e.shr)return this.logger.trace("handleNativeServerResponse: SHR is enabled in native layer"),e.shr;const n=new Ye(this.browserCrypto),o={resourceRequestMethod:t.resourceRequestMethod,resourceRequestUri:t.resourceRequestUri,shrClaims:t.shrClaims,shrNonce:t.shrNonce};if(!t.keyId)throw p(Wn);return n.signPopToken(e.access_token,t.keyId,o)}else return e.access_token}async generateAuthenticationResult(e,t,n,o,i,s){const a=this.addTelemetryFromNativeResponse(e),c=e.scope?M.fromString(e.scope):M.fromString(t.scope),d=e.account.properties\|\|{},h=d.UID\|\|n.oid\|\|n.sub\|\|g.EMPTY_STRING,u=d.TenantId\|\|n.tid\|\|g.EMPTY_STRING,m=no(o.getAccountInfo(),void 0,n,e.id_token);m.nativeAccountId!==e.account.id&&(m.nativeAccountId=e.account.id);const A=await this.generatePopAccessToken(e,t),E=t.tokenType===k.POP?k.POP:k.BEARER;return{authority:i,uniqueId:h,tenantId:u,scopes:c.asArray(),account:m,idToken:e.id_token,idTokenClaims:n,accessToken:A,fromCache:a?this.isResponseFromCache(a):!1,expiresOn:Te(s+e.expires_in),tokenType:E,correlationId:this.correlationId,state:e.state,fromNativeBroker:!0}}async cacheAccount(e){await this.browserStorage.setAccount(e,this.correlationId),this.browserStorage.removeAccountContext(e).catch(t=>{this.logger.error(`Error occurred while removing account context from browser storage. ${t}`)})}cacheNativeTokens(e,t,n,o,i,s,a){const c=Jt(n,t.authority,e.id_token\|\|"",t.clientId,o.tid\|\|""),d=t.tokenType===k.POP?g.SHR_NONCE_VALIDITY:(typeof e.expires_in=="string"?parseInt(e.expires_in,10):e.expires_in)\|\|0,h=a+d,u=this.generateScopes(e,t),m=Xt(n,t.authority,i,t.clientId,o.tid\|\|s,u.printScopes(),h,0,se,void 0,t.tokenType,void 0,t.keyId),A={idToken:c,accessToken:m};return this.nativeStorageManager.saveCacheRecord(A,this.correlationId,t.storeInCache)}addTelemetryFromNativeResponse(e){const t=this.getMATSFromResponse(e);return t?(this.performanceClient.addFields({extensionId:this.nativeMessageHandler.getExtensionId(),extensionVersion:this.nativeMessageHandler.getExtensionVersion(),matsBrokerVersion:t.broker_version,matsAccountJoinOnStart:t.account_join_on_start,matsAccountJoinOnEnd:t.account_join_on_end,matsDeviceJoin:t.device_join,matsPromptBehavior:t.prompt_behavior,matsApiErrorCode:t.api_error_code,matsUiVisible:t.ui_visible,matsSilentCode:t.silent_code,matsSilentBiSubCode:t.silent_bi_sub_code,matsSilentMessage:t.silent_message,matsSilentStatus:t.silent_status,matsHttpStatus:t.http_status,matsHttpEventCount:t.http_event_count},this.correlationId),t):null}validateNativeResponse(e){if(e.hasOwnProperty("access_token")&&e.hasOwnProperty("id_token")&&e.hasOwnProperty("client_info")&&e.hasOwnProperty("account")&&e.hasOwnProperty("scope")&&e.hasOwnProperty("expires_in"))return e;throw _r(qn,"Response missing expected properties.")}getMATSFromResponse(e){if(e.properties.MATS)try{return JSON.parse(e.properties.MATS)}catch{this.logger.error("NativeInteractionClient - Error parsing MATS telemetry, returning null instead")}return null}isResponseFromCache(e){return typeof e.is_cached>"u"?(this.logger.verbose("NativeInteractionClient - MATS telemetry does not contain field indicating if response was served from cache. Returning false."),!1):!!e.is_cached}async initializeNativeRequest(e){this.logger.trace("NativeInteractionClient - initializeNativeRequest called");const t=e.authority\|\|this.config.auth.authority;e.account&&await this.getDiscoveredAuthority({requestAuthority:t,requestAzureCloudOptions:e.azureCloudOptions,account:e.account});const n=new S(t);n.validateAsUri();const{scopes:o,...i}=e,s=new M(o\|\|[]);s.appendScopes(Fe);const a=()=>{switch(this.apiId){case O.ssoSilent:case O.acquireTokenSilent_silentFlow:return this.logger.trace("initializeNativeRequest: silent request sets prompt to none"),K.NONE}if(!e.prompt){this.logger.trace("initializeNativeRequest: prompt was not provided");return}switch(e.prompt){case K.NONE:case K.CONSENT:case K.LOGIN:return this.logger.trace("initializeNativeRequest: prompt is compatible with native flow"),e.prompt;default:throw this.logger.trace(`initializeNativeRequest: prompt = ${e.prompt} is not compatible with native flow`),C(gs)}},c={...i,accountId:this.accountId,clientId:this.config.auth.clientId,authority:n.urlString,scope:s.printScopes(),redirectUri:this.getRedirectUri(e.redirectUri),prompt:a(),correlationId:this.correlationId,tokenType:e.authenticationScheme,windowTitleSubstring:document.title,extraParameters:{...e.extraQueryParameters,...e.tokenQueryParameters},extendedExpiryToken:!1,keyId:e.popKid};if(c.signPopToken&&e.popKid)throw C(ps);if(this.handleExtraBrokerParams(c),c.extraParameters=c.extraParameters\|\|{},c.extraParameters.telemetry=ze.MATS_TELEMETRY,e.authenticationScheme===k.POP){const d={resourceRequestUri:e.resourceRequestUri,resourceRequestMethod:e.resourceRequestMethod,shrClaims:e.shrClaims,shrNonce:e.shrNonce},h=new Ye(this.browserCrypto);let u;if(c.keyId)u=this.browserCrypto.base64UrlEncode(JSON.stringify({kid:c.keyId})),c.signPopToken=!1;else{const m=await f(h.generateCnf.bind(h),l.PopTokenGenerateCnf,this.logger,this.performanceClient,e.correlationId)(d,this.logger);u=m.reqCnfString,c.keyId=m.kid,c.signPopToken=!0}c.reqCnf=u}return this.addRequestSKUs(c),c}handleExtraBrokerParams(e){var i;const t=e.extraParameters&&e.extraParameters.hasOwnProperty(xt)&&e.extraParameters.hasOwnProperty(Ft)&&e.extraParameters.hasOwnProperty(He);if(!e.embeddedClientId&&!t)return;let n="";const o=e.redirectUri;e.embeddedClientId?(e.redirectUri=this.config.auth.redirectUri,n=e.embeddedClientId):e.extraParameters&&(e.redirectUri=e.extraParameters[Ft],n=e.extraParameters[He]),e.extraParameters={child_client_id:n,child_redirect_uri:o},(i=this.performanceClient)==null\|\|i.addFields({embeddedClientId:n,embeddedRedirectUri:o},e.correlationId)}}/! @azure/msal-browser v4.9.0 2025-03-25 /async function zs(r,e,t,n,o){const i=Zc({...r.auth,authority:e},t,n,o);if(ho(i,{sku:Q.MSAL_SKU,version:Xe,os:"",cpu:""}),r.auth.protocolMode!==Y.OIDC&&uo(i,r.telemetry.application),t.platformBroker&&(vc(i),t.authenticationScheme===k.POP)){const s=new ue(n,o),a=new Ye(s);let c;t.popKid?c=s.encodeKid(t.popKid):c=(await f(a.generateCnf.bind(a),l.PopTokenGenerateCnf,n,o,t.correlationId)(t,n)).reqCnfString,fo(i,c)}return on(i,t.correlationId,o),i}async function Do(r,e,t,n,o){if(!t.codeChallenge)throw b(en);const i=await f(zs,l.GetStandardParams,n,o,t.correlationId)(r,e,t,n,o);return Ai(i,Sr.CODE),Oc(i,t.codeChallenge,g.S256_CODE_CHALLENGE_METHOD),Le(i,t.extraQueryParameters\|\|{}),xi(e,i)}async function xo(r,e,t,n,o,i){if(!n.earJwk)throw C(Io);const s=await zs(e,t,n,o,i);Ai(s,Sr.IDTOKEN_TOKEN_REFRESHTOKEN),Lc(s,n.earJwk);const a=new Map;Le(a,n.extraQueryParameters\|\|{});const c=xi(t,a);return pd(r,c,s)}function pd(r,e,t){const n=r.createElement("form");return n.method="post",n.action=e,t.forEach((o,i)=>{const s=r.createElement("input");s.hidden=!0,s.name=i,s.value=o,n.appendChild(s)}),r.body.appendChild(n),n}async function qs(r,e,t,n,o,i,s,a,c,d){if(!d)throw C(So);const h=new ue(a,c),u=new Ot(n,o,h,a,s,n.system.navigationClient,t,c,d,e,i,r.correlationId),{userRequestState:m}=We.parseRequestState(h,r.state);return f(u.acquireToken.bind(u),l.NativeInteractionClientAcquireToken,a,c,r.correlationId)({...r,state:m,prompt:void 0})}async function Fo(r,e,t,n,o,i,s,a,c,d,h,u){if(le.removeThrottle(s,o.auth.clientId,r),e.accountId)return f(qs,l.HandleResponsePlatformBroker,d,h,r.correlationId)(r,e.accountId,n,o,s,a,c,d,h,u);const m={...r,code:e.code\|\|"",codeVerifier:t},A=new Bs(i,s,m,d,h);return await f(A.handleCodeResponse.bind(A),l.HandleCodeResponse,d,h,r.correlationId)(e,r)}async function Ko(r,e,t,n,o,i,s,a,c,d,h){if(le.removeThrottle(i,n.auth.clientId,r),Fi(e,r.state),!e.ear_jwe)throw C(zi);if(!r.earJwk)throw C(Io);const u=JSON.parse(await f(Ol,l.DecryptEarResponse,c,d,r.correlationId)(r.earJwk,e.ear_jwe));if(u.accountId)return f(qs,l.HandleResponsePlatformBroker,c,d,r.correlationId)(r,u.accountId,t,n,i,s,a,c,d,h);const m=new De(n.auth.clientId,i,new ue(c,d),c,null,null,d);m.validateTokenResponse(u);const A={code:"",state:r.state,nonce:r.nonce,client_info:u.client_info,cloud_graph_host_name:u.cloud_graph_host_name,cloud_instance_host_name:u.cloud_instance_host_name,cloud_instance_name:u.cloud_instance_name,msgraph_host:u.msgraph_host};return await f(m.handleServerTokenResponse.bind(m),l.HandleServerTokenResponse,c,d,r.correlationId)(u,o,j(),r,A,void 0,void 0,void 0,void 0)}/! @azure/msal-browser v4.9.0 2025-03-25 /const md=32;async function pn(r,e,t){r.addQueueMeasurement(l.GeneratePkceCodes,t);const n=ae(Cd,l.GenerateCodeVerifier,e,r,t)(r,e,t),o=await f(yd,l.GenerateCodeChallengeFromVerifier,e,r,t)(n,r,e,t);return{verifier:n,challenge:o}}function Cd(r,e,t){try{const n=new Uint8Array(md);return ae(Sl,l.GetRandomValues,e,r,t)(n),Oe(n)}catch{throw C(Ao)}}async function yd(r,e,t,n){e.addQueueMeasurement(l.GenerateCodeChallengeFromVerifier,n);try{const o=await f(Es,l.Sha256Digest,t,e,n)(r,e,n);return Oe(new Uint8Array(o))}catch{throw C(Ao)}}/! @azure/msal-browser v4.9.0 2025-03-25 /class Td extends Ze{constructor(e,t,n,o,i,s,a,c,d,h){super(e,t,n,o,i,s,a,d,h),this.unloadWindow=this.unloadWindow.bind(this),this.nativeStorage=c,this.eventHandler=i}acquireToken(e,t){try{const o={popupName:this.generatePopupName(e.scopes\|\|Fe,e.authority\|\|this.config.auth.authority),popupWindowAttributes:e.popupWindowAttributes\|\|{},popupWindowParent:e.popupWindowParent??window};return this.performanceClient.addFields({isAsyncPopup:this.config.system.asyncPopups},this.correlationId),this.config.system.asyncPopups?(this.logger.verbose("asyncPopups set to true, acquiring token"),this.acquireTokenPopupAsync(e,o,t)):(this.logger.verbose("asyncPopup set to false, opening popup before acquiring token"),o.popup=this.openSizedPopup("about:blank",o),this.acquireTokenPopupAsync(e,o,t))}catch(n){return Promise.reject(n)}}logout(e){try{this.logger.verbose("logoutPopup called");const t=this.initializeLogoutRequest(e),n={popupName:this.generateLogoutPopupName(t),popupWindowAttributes:(e==null?void 0:e.popupWindowAttributes)\|\|{},popupWindowParent:(e==null?void 0:e.popupWindowParent)??window},o=e&&e.authority,i=e&&e.mainWindowRedirectUri;return this.config.system.asyncPopups?(this.logger.verbose("asyncPopups set to true"),this.logoutPopupAsync(t,n,o,i)):(this.logger.verbose("asyncPopup set to false, opening popup"),n.popup=this.openSizedPopup("about:blank",n),this.logoutPopupAsync(t,n,o,i))}catch(t){return Promise.reject(t)}}async acquireTokenPopupAsync(e,t,n){this.logger.verbose("acquireTokenPopupAsync called");const o=await f(this.initializeAuthorizationRequest.bind(this),l.StandardInteractionClientInitializeAuthorizationRequest,this.logger,this.performanceClient,this.correlationId)(e,T.Popup);t.popup&&bs(o.authority);const i=he.isPlatformBrokerAvailable(this.config,this.logger,this.nativeMessageHandler,e.authenticationScheme);return o.platformBroker=i,this.config.auth.protocolMode===Y.EAR?this.executeEarFlow(o,t):this.executeCodeFlow(o,t,n)}async executeCodeFlow(e,t,n){var c;const o=e.correlationId,i=this.initializeServerTelemetryManager(O.acquireTokenPopup),s=n\|\|await f(pn,l.GeneratePkceCodes,this.logger,this.performanceClient,o)(this.performanceClient,this.logger,o),a={...e,codeChallenge:s.challenge};try{const d=await f(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,o)({serverTelemetryManager:i,requestAuthority:a.authority,requestAzureCloudOptions:a.azureCloudOptions,requestExtraQueryParameters:a.extraQueryParameters,account:a.account}),h=await f(Do,l.GetAuthCodeUrl,this.logger,this.performanceClient,o)(this.config,d.authority,a,this.logger,this.performanceClient),u=this.initiateAuthRequest(h,t);this.eventHandler.emitEvent(y.POPUP_OPENED,T.Popup,{popupWindow:u},null);const m=await this.monitorPopupForHash(u,t.popupWindowParent),A=ae(Vt,l.DeserializeResponse,this.logger,this.performanceClient,this.correlationId)(m,this.config.auth.OIDCOptions.serverResponseType,this.logger);return await f(Fo,l.HandleResponseCode,this.logger,this.performanceClient,o)(e,A,s.verifier,O.acquireTokenPopup,this.config,d,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.nativeMessageHandler)}catch(d){throw(c=t.popup)==null\|\|c.close(),d instanceof _&&(d.setCorrelationId(this.correlationId),i.cacheFailedRequest(d)),d}}async executeEarFlow(e,t){const n=e.correlationId,o=await f(this.getDiscoveredAuthority.bind(this),l.StandardInteractionClientGetDiscoveredAuthority,this.logger,this.performanceClient,n)({requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account}),i=await f(Oo,l.GenerateEarKey,this.logger,this.performanceClient,n)(),s={...e,earJwk:i},a=t.popup\|\|this.openPopup("about:blank",t);(await xo(a.document,this.config,o,s,this.logger,this.performanceClient)).submit();const d=await f(this.monitorPopupForHash.bind(this),l.SilentHandlerMonitorIframeForHash,this.logger,this.performanceClient,n)(a,t.popupWindowParent),h=ae(Vt,l.DeserializeResponse,this.logger,this.performanceClient,this.correlationId)(d,this.config.auth.OIDCOptions.serverResponseType,this.logger);return f(Ko,l.HandleResponseEar,this.logger,this.performanceClient,n)(s,h,O.acquireTokenPopup,this.config,o,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.nativeMessageHandler)}async logoutPopupAsync(e,t,n,o){var s,a,c,d;this.logger.verbose("logoutPopupAsync called"),this.eventHandler.emitEvent(y.LOGOUT_START,T.Popup,e);const i=this.initializeServerTelemetryManager(O.logoutPopup);try{await this.clearCacheOnLogout(e.account);const h=await f(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:i,requestAuthority:n,account:e.account\|\|void 0});try{h.authority.endSessionEndpoint}catch{if((s=e.account)!=null&&s.homeAccountId&&e.postLogoutRedirectUri&&h.authority.protocolMode===Y.OIDC){if(this.browserStorage.removeAccount((a=e.account)==null?void 0:a.homeAccountId),this.eventHandler.emitEvent(y.LOGOUT_SUCCESS,T.Popup,e),o){const A={apiId:O.logoutPopup,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},E=S.getAbsoluteUrl(o,Ce());await this.navigationClient.navigateInternal(E,A)}(c=t.popup)==null\|\|c.close();return}}const u=h.getLogoutUri(e);this.eventHandler.emitEvent(y.LOGOUT_SUCCESS,T.Popup,e);const m=this.openPopup(u,t);if(this.eventHandler.emitEvent(y.POPUP_OPENED,T.Popup,{popupWindow:m},null),await this.monitorPopupForHash(m,t.popupWindowParent).catch(()=>{}),o){const A={apiId:O.logoutPopup,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},E=S.getAbsoluteUrl(o,Ce());this.logger.verbose("Redirecting main window to url specified in the request"),this.logger.verbosePii(`Redirecting main window to: ${E}`),await this.navigationClient.navigateInternal(E,A)}else this.logger.verbose("No main window navigation requested")}catch(h){throw(d=t.popup)==null\|\|d.close(),h instanceof _&&(h.setCorrelationId(this.correlationId),i.cacheFailedRequest(h)),this.eventHandler.emitEvent(y.LOGOUT_FAILURE,T.Popup,null,h),this.eventHandler.emitEvent(y.LOGOUT_END,T.Popup),h}this.eventHandler.emitEvent(y.LOGOUT_END,T.Popup)}initiateAuthRequest(e,t){if(e)return this.logger.infoPii(`Navigate to: ${e}`),this.openPopup(e,t);throw this.logger.error("Navigate url is empty"),C(dn)}monitorPopupForHash(e,t){return new Promise((n,o)=>{this.logger.verbose("PopupHandler.monitorPopupForHash - polling started");const i=setInterval(()=>{if(e.closed){this.logger.error("PopupHandler.monitorPopupForHash - window closed"),clearInterval(i),o(C(ut));return}let s="";try{s=e.location.href}catch{}if(!s\|\|s==="about:blank")return;clearInterval(i);let a="";const c=this.config.auth.OIDCOptions.serverResponseType;e&&(c===Wt.QUERY?a=e.location.search:a=e.location.hash),this.logger.verbose("PopupHandler.monitorPopupForHash - popup window is on same origin as caller"),n(a)},this.config.system.pollIntervalMilliseconds)}).finally(()=>{this.cleanPopup(e,t)})}openPopup(e,t){try{let n;if(t.popup?(n=t.popup,this.logger.verbosePii(`Navigating popup window to: ${e}`),n.location.assign(e)):typeof t.popup>"u"&&(this.logger.verbosePii(`Opening popup window to: ${e}`),n=this.openSizedPopup(e,t)),!n)throw C(Wi);return n.focus&&n.focus(),this.currentWindow=n,t.popupWindowParent.addEventListener("beforeunload",this.unloadWindow),n}catch(n){throw this.logger.error("error opening popup "+n.message),C(ji)}}openSizedPopup(e,{popupName:t,popupWindowAttributes:n,popupWindowParent:o}){var A,E,w,D;const i=o.screenLeft?o.screenLeft:o.screenX,s=o.screenTop?o.screenTop:o.screenY,a=o.innerWidth\|\|document.documentElement.clientWidth\|\|document.body.clientWidth,c=o.innerHeight\|\|document.documentElement.clientHeight\|\|document.body.clientHeight;let d=(A=n.popupSize)==null?void 0:A.width,h=(E=n.popupSize)==null?void 0:E.height,u=(w=n.popupPosition)==null?void 0:w.top,m=(D=n.popupPosition)==null?void 0:D.left;return(!d\|\|d<0\|\|d>a)&&(this.logger.verbose("Default popup window width used. Window width not configured or invalid."),d=Q.POPUP_WIDTH),(!h\|\|h<0\|\|h>c)&&(this.logger.verbose("Default popup window height used. Window height not configured or invalid."),h=Q.POPUP_HEIGHT),(!u\|\|u<0\|\|u>c)&&(this.logger.verbose("Default popup window top position used. Window top not configured or invalid."),u=Math.max(0,c/2-Q.POPUP_HEIGHT/2+s)),(!m\|\|m<0\|\|m>a)&&(this.logger.verbose("Default popup window left position used. Window left not configured or invalid."),m=Math.max(0,a/2-Q.POPUP_WIDTH/2+i)),o.open(e,t,`width=${d}, height=${h}, top=${u}, left=${m}, scrollbars=yes`)}unloadWindow(e){this.currentWindow&&this.currentWindow.close(),e.preventDefault()}cleanPopup(e,t){e.close(),t.removeEventListener("beforeunload",this.unloadWindow)}generatePopupName(e,t){return`${Q.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${e.join("-")}.${t}.${this.correlationId}`}generateLogoutPopupName(e){const t=e.account&&e.account.homeAccountId;return`${Q.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${t}.${this.correlationId}`}}/! @azure/msal-browser v4.9.0 2025-03-25 /function Ad(){if(typeof window>"u"\|\|typeof window.performance>"u"\|\|typeof window.performance.getEntriesByType!="function")return;const r=window.performance.getEntriesByType("navigation"),e=r.length?r[0]:void 0;return e==null?void 0:e.type}class Id extends Ze{constructor(e,t,n,o,i,s,a,c,d,h){super(e,t,n,o,i,s,a,d,h),this.nativeStorage=c}async acquireToken(e){const t=await f(this.initializeAuthorizationRequest.bind(this),l.StandardInteractionClientInitializeAuthorizationRequest,this.logger,this.performanceClient,this.correlationId)(e,T.Redirect);t.platformBroker=he.isPlatformBrokerAvailable(this.config,this.logger,this.nativeMessageHandler,e.authenticationScheme);const n=i=>{i.persisted&&(this.logger.verbose("Page was restored from back/forward cache. Clearing temporary cache."),this.browserStorage.resetRequestCache(),this.eventHandler.emitEvent(y.RESTORE_FROM_BFCACHE,T.Redirect))},o=this.getRedirectStartPage(e.redirectStartPage);this.logger.verbosePii(`Redirect start page: ${o}`),this.browserStorage.setTemporaryCache(U.ORIGIN_URI,o,!0),window.addEventListener("pageshow",n);try{this.config.auth.protocolMode===Y.EAR?await this.executeEarFlow(t):await this.executeCodeFlow(t,e.onRedirectNavigate)}catch(i){throw i instanceof _&&i.setCorrelationId(this.correlationId),window.removeEventListener("pageshow",n),i}}async executeCodeFlow(e,t){const n=e.correlationId,o=this.initializeServerTelemetryManager(O.acquireTokenRedirect),i=await f(pn,l.GeneratePkceCodes,this.logger,this.performanceClient,n)(this.performanceClient,this.logger,n),s={...e,codeChallenge:i.challenge};this.browserStorage.cacheAuthorizeRequest(s,i.verifier);try{const a=await f(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:o,requestAuthority:s.authority,requestAzureCloudOptions:s.azureCloudOptions,requestExtraQueryParameters:s.extraQueryParameters,account:s.account}),c=await f(Do,l.GetAuthCodeUrl,this.logger,this.performanceClient,e.correlationId)(this.config,a.authority,s,this.logger,this.performanceClient);return await this.initiateAuthRequest(c,t)}catch(a){throw a instanceof _&&(a.setCorrelationId(this.correlationId),o.cacheFailedRequest(a)),a}}async executeEarFlow(e){const t=e.correlationId,n=await f(this.getDiscoveredAuthority.bind(this),l.StandardInteractionClientGetDiscoveredAuthority,this.logger,this.performanceClient,t)({requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account}),o=await f(Oo,l.GenerateEarKey,this.logger,this.performanceClient,t)(),i={...e,earJwk:o};this.browserStorage.cacheAuthorizeRequest(i),(await xo(document,this.config,n,i,this.logger,this.performanceClient)).submit()}async handleRedirectPromise(e="",t,n,o){const i=this.initializeServerTelemetryManager(O.handleRedirectPromise);try{const[s,a]=this.getRedirectResponse(e\|\|"");if(!s)return this.logger.info("handleRedirectPromise did not detect a response as a result of a redirect. Cleaning temporary cache."),this.browserStorage.resetRequestCache(),Ad()!=="back_forward"?o.event.errorCode="no_server_response":this.logger.verbose("Back navigation event detected. Muting no_server_response error"),null;const c=this.browserStorage.getTemporaryCache(U.ORIGIN_URI,!0)\|\|g.EMPTY_STRING,d=S.removeHashFromUrl(c),h=S.removeHashFromUrl(window.location.href);if(d===h&&this.config.auth.navigateToLoginRequestUrl)return this.logger.verbose("Current page is loginRequestUrl, handling response"),c.indexOf("#")>-1&&Hl(c),await this.handleResponse(s,t,n,i);if(this.config.auth.navigateToLoginRequestUrl){if(!Uo()\|\|this.config.system.allowRedirectInIframe){this.browserStorage.setTemporaryCache(U.URL_HASH,a,!0);const u={apiId:O.handleRedirectPromise,timeout:this.config.system.redirectNavigationTimeout,noHistory:!0};let m=!0;if(!c\|\|c==="null"){const A=xl();this.browserStorage.setTemporaryCache(U.ORIGIN_URI,A,!0),this.logger.warning("Unable to get valid login request url from cache, redirecting to home page"),m=await this.navigationClient.navigateInternal(A,u)}else this.logger.verbose(`Navigating to loginRequestUrl: ${c}`),m=await this.navigationClient.navigateInternal(c,u);if(!m)return await this.handleResponse(s,t,n,i)}}else return this.logger.verbose("NavigateToLoginRequestUrl set to false, handling response"),await this.handleResponse(s,t,n,i);return null}catch(s){throw s instanceof _&&(s.setCorrelationId(this.correlationId),i.cacheFailedRequest(s)),s}}getRedirectResponse(e){this.logger.verbose("getRedirectResponseHash called");let t=e;t\|\|(this.config.auth.OIDCOptions.serverResponseType===Wt.QUERY?t=window.location.search:t=window.location.hash);let n=Ht(t);if(n){try{fd(n,this.browserCrypto,T.Redirect)}catch(i){return i instanceof _&&this.logger.error(`Interaction type validation failed due to ${i.errorCode}: ${i.errorMessage}`),[null,""]}return Ll(window),this.logger.verbose("Hash contains known properties, returning response hash"),[n,t]}const o=this.browserStorage.getTemporaryCache(U.URL_HASH,!0);return this.browserStorage.removeItem(this.browserStorage.generateCacheKey(U.URL_HASH)),o&&(n=Ht(o),n)?(this.logger.verbose("Hash does not contain known properties, returning cached hash"),[n,o]):[null,""]}async handleResponse(e,t,n,o){if(!e.state)throw C(Eo);if(e.ear_jwe){const a=await f(this.getDiscoveredAuthority.bind(this),l.StandardInteractionClientGetDiscoveredAuthority,this.logger,this.performanceClient,t.correlationId)({requestAuthority:t.authority,requestAzureCloudOptions:t.azureCloudOptions,requestExtraQueryParameters:t.extraQueryParameters,account:t.account});return f(Ko,l.HandleResponseEar,this.logger,this.performanceClient,t.correlationId)(t,e,O.acquireTokenRedirect,this.config,a,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.nativeMessageHandler)}const s=await f(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:o,requestAuthority:t.authority});return f(Fo,l.HandleResponseCode,this.logger,this.performanceClient,t.correlationId)(t,e,n,O.acquireTokenRedirect,this.config,s,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.nativeMessageHandler)}async initiateAuthRequest(e,t){if(this.logger.verbose("RedirectHandler.initiateAuthRequest called"),e){this.logger.infoPii(`RedirectHandler.initiateAuthRequest: Navigate to: ${e}`);const n={apiId:O.acquireTokenRedirect,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},o=t\|\|this.config.auth.onRedirectNavigate;if(typeof o=="function")if(this.logger.verbose("RedirectHandler.initiateAuthRequest: Invoking onRedirectNavigate callback"),o(e)!==!1){this.logger.verbose("RedirectHandler.initiateAuthRequest: onRedirectNavigate did not return false, navigating"),await this.navigationClient.navigateExternal(e,n);return}else{this.logger.verbose("RedirectHandler.initiateAuthRequest: onRedirectNavigate returned false, stopping navigation");return}else{this.logger.verbose("RedirectHandler.initiateAuthRequest: Navigating window to navigate url"),await this.navigationClient.navigateExternal(e,n);return}}else throw this.logger.info("RedirectHandler.initiateAuthRequest: Navigate url is empty"),C(dn)}async logout(e){var o,i;this.logger.verbose("logoutRedirect called");const t=this.initializeLogoutRequest(e),n=this.initializeServerTelemetryManager(O.logout);try{this.eventHandler.emitEvent(y.LOGOUT_START,T.Redirect,e),await this.clearCacheOnLogout(t.account);const s={apiId:O.logout,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},a=await f(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:n,requestAuthority:e&&e.authority,requestExtraQueryParameters:e==null?void 0:e.extraQueryParameters,account:e&&e.account\|\|void 0});if(a.authority.protocolMode===Y.OIDC)try{a.authority.endSessionEndpoint}catch{if((o=t.account)!=null&&o.homeAccountId){this.browserStorage.removeAccount((i=t.account)==null?void 0:i.homeAccountId),this.eventHandler.emitEvent(y.LOGOUT_SUCCESS,T.Redirect,t);return}}const c=a.getLogoutUri(t);if(this.eventHandler.emitEvent(y.LOGOUT_SUCCESS,T.Redirect,t),e&&typeof e.onRedirectNavigate=="function")if(e.onRedirectNavigate(c)!==!1){this.logger.verbose("Logout onRedirectNavigate did not return false, navigating"),this.browserStorage.getInteractionInProgress()\|\|this.browserStorage.setInteractionInProgress(!0),await this.navigationClient.navigateExternal(c,s);return}else this.browserStorage.setInteractionInProgress(!1),this.logger.verbose("Logout onRedirectNavigate returned false, stopping navigation");else{this.browserStorage.getInteractionInProgress()\|\|this.browserStorage.setInteractionInProgress(!0),await this.navigationClient.navigateExternal(c,s);return}}catch(s){throw s instanceof _&&(s.setCorrelationId(this.correlationId),n.cacheFailedRequest(s)),this.eventHandler.emitEvent(y.LOGOUT_FAILURE,T.Redirect,null,s),this.eventHandler.emitEvent(y.LOGOUT_END,T.Redirect),s}this.eventHandler.emitEvent(y.LOGOUT_END,T.Redirect)}getRedirectStartPage(e){const t=e\|\|window.location.href;return S.getAbsoluteUrl(t,Ce())}}/! @azure/msal-browser v4.9.0 2025-03-25 /async function Ed(r,e,t,n,o){if(e.addQueueMeasurement(l.SilentHandlerInitiateAuthRequest,n),!r)throw t.info("Navigate url is empty"),C(dn);return o?f(vd,l.SilentHandlerLoadFrame,t,e,n)(r,o,e,n):ae(Sd,l.SilentHandlerLoadFrameSync,t,e,n)(r)}async function wd(r,e,t,n,o){const i=Bo();if(!i.contentDocument)throw"No document associated with iframe!";return(await xo(i.contentDocument,r,e,t,n,o)).submit(),i}async function Er(r,e,t,n,o,i,s){return n.addQueueMeasurement(l.SilentHandlerMonitorIframeForHash,i),new Promise((a,c)=>{e<Dn&&o.warning(`system.loadFrameTimeout or system.iframeHashTimeout set to lower (${e}ms) than the default (${Dn}ms). This may result in timeouts.`);const d=window.setTimeout(()=>{window.clearInterval(h),c(C(Ji))},e),h=window.setInterval(()=>{let u="";const m=r.contentWindow;try{u=m?m.location.href:""}catch{}if(!u\|\|u==="about:blank")return;let A="";m&&(s===Wt.QUERY?A=m.location.search:A=m.location.hash),window.clearTimeout(d),window.clearInterval(h),a(A)},t)}).finally(()=>{ae(kd,l.RemoveHiddenIframe,o,n,i)(r)})}function vd(r,e,t,n){return t.addQueueMeasurement(l.SilentHandlerLoadFrame,n),new Promise((o,i)=>{const s=Bo();window.setTimeout(()=>{if(!s){i("Unable to load iframe");return}s.src=r,o(s)},e)})}function Sd(r){const e=Bo();return e.src=r,e}function Bo(){const r=document.createElement("iframe");return r.className="msalSilentIframe",r.style.visibility="hidden",r.style.position="absolute",r.style.width=r.style.height="0",r.style.border="0",r.setAttribute("sandbox","allow-scripts allow-same-origin allow-forms"),document.body.appendChild(r),r}function kd(r){document.body===r.parentNode&&document.body.removeChild(r)}/! @azure/msal-browser v4.9.0 2025-03-25 /class _d extends Ze{constructor(e,t,n,o,i,s,a,c,d,h,u){super(e,t,n,o,i,s,c,h,u),this.apiId=a,this.nativeStorage=d}async acquireToken(e){this.performanceClient.addQueueMeasurement(l.SilentIframeClientAcquireToken,e.correlationId),!e.loginHint&&!e.sid&&(!e.account\|\|!e.account.username)&&this.logger.warning("No user hint provided. The authorization server may need more information to complete this request.");const t={...e};t.prompt?t.prompt!==K.NONE&&t.prompt!==K.NO_SESSION&&(this.logger.warning(`SilentIframeClient. Replacing invalid prompt ${t.prompt} with ${K.NONE}`),t.prompt=K.NONE):t.prompt=K.NONE;const n=await f(this.initializeAuthorizationRequest.bind(this),l.StandardInteractionClientInitializeAuthorizationRequest,this.logger,this.performanceClient,e.correlationId)(t,T.Silent);return n.platformBroker=he.isPlatformBrokerAvailable(this.config,this.logger,this.nativeMessageHandler,n.authenticationScheme),bs(n.authority),this.config.auth.protocolMode===Y.EAR?this.executeEarFlow(n):this.executeCodeFlow(n)}async executeCodeFlow(e){let t;const n=this.initializeServerTelemetryManager(this.apiId);try{return t=await f(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,e.correlationId)({serverTelemetryManager:n,requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account}),await f(this.silentTokenHelper.bind(this),l.SilentIframeClientTokenHelper,this.logger,this.performanceClient,e.correlationId)(t,e)}catch(o){if(o instanceof _&&(o.setCorrelationId(this.correlationId),n.cacheFailedRequest(o)),!t\|\|!(o instanceof _)\|\|o.errorCode!==Q.INVALID_GRANT_ERROR)throw o;return this.performanceClient.addFields({retryError:o.errorCode},this.correlationId),await f(this.silentTokenHelper.bind(this),l.SilentIframeClientTokenHelper,this.logger,this.performanceClient,this.correlationId)(t,e)}}async executeEarFlow(e){const t=e.correlationId,n=await f(this.getDiscoveredAuthority.bind(this),l.StandardInteractionClientGetDiscoveredAuthority,this.logger,this.performanceClient,t)({requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account}),o=await f(Oo,l.GenerateEarKey,this.logger,this.performanceClient,t)(),i={...e,earJwk:o},s=await f(wd,l.SilentHandlerInitiateAuthRequest,this.logger,this.performanceClient,t)(this.config,n,i,this.logger,this.performanceClient),a=this.config.auth.OIDCOptions.serverResponseType,c=await f(Er,l.SilentHandlerMonitorIframeForHash,this.logger,this.performanceClient,t)(s,this.config.system.iframeHashTimeout,this.config.system.pollIntervalMilliseconds,this.performanceClient,this.logger,t,a),d=ae(Vt,l.DeserializeResponse,this.logger,this.performanceClient,t)(c,a,this.logger);return f(Ko,l.HandleResponseEar,this.logger,this.performanceClient,t)(i,d,this.apiId,this.config,n,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.nativeMessageHandler)}logout(){return Promise.reject(C(hn))}async silentTokenHelper(e,t){const n=t.correlationId;this.performanceClient.addQueueMeasurement(l.SilentIframeClientTokenHelper,n);const o=await f(pn,l.GeneratePkceCodes,this.logger,this.performanceClient,n)(this.performanceClient,this.logger,n),i={...t,codeChallenge:o.challenge},s=await f(Do,l.GetAuthCodeUrl,this.logger,this.performanceClient,n)(this.config,e.authority,i,this.logger,this.performanceClient),a=await f(Ed,l.SilentHandlerInitiateAuthRequest,this.logger,this.performanceClient,n)(s,this.performanceClient,this.logger,n,this.config.system.navigateFrameWait),c=this.config.auth.OIDCOptions.serverResponseType,d=await f(Er,l.SilentHandlerMonitorIframeForHash,this.logger,this.performanceClient,n)(a,this.config.system.iframeHashTimeout,this.config.system.pollIntervalMilliseconds,this.performanceClient,this.logger,n,c),h=ae(Vt,l.DeserializeResponse,this.logger,this.performanceClient,n)(d,c,this.logger);return f(Fo,l.HandleResponseCode,this.logger,this.performanceClient,n)(t,h,o.verifier,this.apiId,this.config,e,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.nativeMessageHandler)}}/! @azure/msal-browser v4.9.0 2025-03-25 /class Rd extends Ze{async acquireToken(e){this.performanceClient.addQueueMeasurement(l.SilentRefreshClientAcquireToken,e.correlationId);const t=await f(Ho,l.InitializeBaseRequest,this.logger,this.performanceClient,e.correlationId)(e,this.config,this.performanceClient,this.logger),n={...e,...t};e.redirectUri&&(n.redirectUri=this.getRedirectUri(e.redirectUri));const o=this.initializeServerTelemetryManager(O.acquireTokenSilent_silentFlow),i=await this.createRefreshTokenClient({serverTelemetryManager:o,authorityUrl:n.authority,azureCloudOptions:n.azureCloudOptions,account:n.account});return f(i.acquireTokenByRefreshToken.bind(i),l.RefreshTokenClientAcquireTokenByRefreshToken,this.logger,this.performanceClient,e.correlationId)(n).catch(s=>{throw s.setCorrelationId(this.correlationId),o.cacheFailedRequest(s),s})}logout(){return Promise.reject(C(hn))}async createRefreshTokenClient(e){const t=await f(this.getClientConfiguration.bind(this),l.StandardInteractionClientGetClientConfiguration,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:e.serverTelemetryManager,requestAuthority:e.authorityUrl,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account});return new Wc(t,this.performanceClient)}}/! @azure/msal-browser v4.9.0 2025-03-25 /class bd{constructor(e,t,n,o){this.isBrowserEnvironment=typeof window<"u",this.config=e,this.storage=t,this.logger=n,this.cryptoObj=o}async loadExternalTokens(e,t,n){if(!this.isBrowserEnvironment)throw C(un);const o=e.correlationId\|\|Z(),i=t.id_token?be(t.id_token,se):void 0,s={protocolMode:this.config.auth.protocolMode,knownAuthorities:this.config.auth.knownAuthorities,cloudDiscoveryMetadata:this.config.auth.cloudDiscoveryMetadata,authorityMetadata:this.config.auth.authorityMetadata,skipAuthorityMetadataCache:this.config.auth.skipAuthorityMetadataCache},a=e.authority?new G(G.generateAuthority(e.authority,e.azureCloudOptions),this.config.system.networkClient,this.storage,s,this.logger,e.correlationId\|\|Z()):void 0,c=await this.loadAccount(e,n.clientInfo\|\|t.client_info\|\|"",o,i,a),d=await this.loadIdToken(t,c.homeAccountId,c.environment,c.realm,o),h=await this.loadAccessToken(e,t,c.homeAccountId,c.environment,c.realm,n,o),u=await this.loadRefreshToken(t,c.homeAccountId,c.environment,o);return this.generateAuthenticationResult(e,{account:c,idToken:d,accessToken:h,refreshToken:u},i,a)}async loadAccount(e,t,n,o,i){if(this.logger.verbose("TokenCache - loading account"),e.account){const d=q.createFromAccountInfo(e.account);return await this.storage.setAccount(d,n),d}else if(!i\|\|!t&&!o)throw this.logger.error("TokenCache - if an account is not provided on the request, authority and either clientInfo or idToken must be provided instead."),C(ss);const s=q.generateHomeAccountId(t,i.authorityType,this.logger,this.cryptoObj,o),a=o==null?void 0:o.tid,c=Co(this.storage,i,s,se,o,t,i.hostnameAndPort,a,void 0,void 0,this.logger);return await this.storage.setAccount(c,n),c}async loadIdToken(e,t,n,o,i){if(!e.id_token)return this.logger.verbose("TokenCache - no id token found in response"),null;this.logger.verbose("TokenCache - loading id token");const s=Jt(t,n,e.id_token,this.config.auth.clientId,o);return await this.storage.setIdTokenCredential(s,i),s}async loadAccessToken(e,t,n,o,i,s,a){if(t.access_token)if(t.expires_in){if(!t.scope&&(!e.scopes\|\|!e.scopes.length))return this.logger.error("TokenCache - scopes not specified in the request or response. Cannot add token to the cache."),null}else return this.logger.error("TokenCache - no expiration set on the access token. Cannot add it to the cache."),null;else return this.logger.verbose("TokenCache - no access token found in response"),null;this.logger.verbose("TokenCache - loading access token");const c=t.scope?M.fromString(t.scope):new M(e.scopes),d=s.expiresOn\|\|t.expires_in+j(),h=s.extendedExpiresOn\|\|(t.ext_expires_in\|\|t.expires_in)+j(),u=Xt(n,o,t.access_token,this.config.auth.clientId,i,c.printScopes(),d,h,se);return await this.storage.setAccessTokenCredential(u,a),u}async loadRefreshToken(e,t,n,o){if(!e.refresh_token)return this.logger.verbose("TokenCache - no refresh token found in response"),null;this.logger.verbose("TokenCache - loading refresh token");const i=jr(t,n,e.refresh_token,this.config.auth.clientId,e.foci,void 0,e.refresh_token_expires_in);return await this.storage.setRefreshTokenCredential(i,o),i}generateAuthenticationResult(e,t,n,o){var h,u,m;let i="",s=[],a=null,c;t!=null&&t.accessToken&&(i=t.accessToken.secret,s=M.fromString(t.accessToken.target).asArray(),a=Te(t.accessToken.expiresOn),c=Te(t.accessToken.extendedExpiresOn));const d=t.account;return{authority:o?o.canonicalAuthority:"",uniqueId:t.account.localAccountId,tenantId:t.account.realm,scopes:s,account:d.getAccountInfo(),idToken:((h=t.idToken)==null?void 0:h.secret)\|\|"",idTokenClaims:n\|\|{},accessToken:i,fromCache:!0,expiresOn:a,correlationId:e.correlationId\|\|"",requestId:"",extExpiresOn:c,familyId:((u=t.refreshToken)==null?void 0:u.familyId)\|\|"",tokenType:((m=t==null?void 0:t.accessToken)==null?void 0:m.tokenType)\|\|"",state:e.state\|\|"",cloudGraphHostName:d.cloudGraphHostName\|\|"",msGraphHost:d.msGraphHost\|\|"",fromNativeBroker:!1}}}/! @azure/msal-browser v4.9.0 2025-03-25 /class Od extends Di{constructor(e){super(e),this.includeRedirectUri=!1}}/! @azure/msal-browser v4.9.0 2025-03-25 /class Pd extends Ze{constructor(e,t,n,o,i,s,a,c,d,h){super(e,t,n,o,i,s,c,d,h),this.apiId=a}async acquireToken(e){if(!e.code)throw C(as);const t=await f(this.initializeAuthorizationRequest.bind(this),l.StandardInteractionClientInitializeAuthorizationRequest,this.logger,this.performanceClient,e.correlationId)(e,T.Silent),n=this.initializeServerTelemetryManager(this.apiId);try{const o={...t,code:e.code},i=await f(this.getClientConfiguration.bind(this),l.StandardInteractionClientGetClientConfiguration,this.logger,this.performanceClient,e.correlationId)({serverTelemetryManager:n,requestAuthority:t.authority,requestAzureCloudOptions:t.azureCloudOptions,requestExtraQueryParameters:t.extraQueryParameters,account:t.account}),s=new Od(i);this.logger.verbose("Auth code client created");const a=new Bs(s,this.browserStorage,o,this.logger,this.performanceClient);return await f(a.handleCodeResponseFromServer.bind(a),l.HandleCodeResponseFromServer,this.logger,this.performanceClient,e.correlationId)({code:e.code,msgraph_host:e.msGraphHost,cloud_graph_host_name:e.cloudGraphHostName,cloud_instance_host_name:e.cloudInstanceHostName},t,!1)}catch(o){throw o instanceof _&&(o.setCorrelationId(this.correlationId),n.cacheFailedRequest(o)),o}}logout(){return Promise.reject(C(hn))}}/! @azure/msal-browser v4.9.0 2025-03-25 /function ce(r){const e=r==null?void 0:r.idTokenClaims;if(e!=null&&e.tfp\|\|e!=null&&e.acr)return"B2C";if(e!=null&&e.tid){if((e==null?void 0:e.tid)==="9188040d-6c67-4c5b-b112-36a304b66dad")return"MSA"}else return;return"AAD"}function Rt(r,e){try{Lo(r)}catch(t){throw e.end({success:!1},t),t}}class mn{constructor(e){this.operatingContext=e,this.isBrowserEnvironment=this.operatingContext.isBrowserEnvironment(),this.config=e.getConfig(),this.initialized=!1,this.logger=this.operatingContext.getLogger(),this.networkClient=this.config.system.networkClient,this.navigationClient=this.config.system.navigationClient,this.redirectResponse=new Map,this.hybridAuthCodeResponses=new Map,this.performanceClient=this.config.telemetry.client,this.browserCrypto=this.isBrowserEnvironment?new ue(this.logger,this.performanceClient):lt,this.eventHandler=new xs(this.logger),this.browserStorage=this.isBrowserEnvironment?new $t(this.config.auth.clientId,this.config.cache,this.browserCrypto,this.logger,this.performanceClient,this.eventHandler,Ni(this.config.auth)):Ps(this.config.auth.clientId,this.logger,this.performanceClient,this.eventHandler);const t={cacheLocation:B.MemoryStorage,temporaryCacheLocation:B.MemoryStorage,storeAuthStateInCookie:!1,secureCookies:!1,cacheMigrationEnabled:!1,claimsBasedCachingEnabled:!1};this.nativeInternalStorage=new $t(this.config.auth.clientId,t,this.browserCrypto,this.logger,this.performanceClient,this.eventHandler),this.tokenCache=new bd(this.config,this.browserStorage,this.logger,this.browserCrypto),this.activeSilentTokenRequests=new Map,this.trackPageVisibility=this.trackPageVisibility.bind(this),this.trackPageVisibilityWithMeasurement=this.trackPageVisibilityWithMeasurement.bind(this)}static async createController(e,t){const n=new mn(e);return await n.initialize(t),n}trackPageVisibility(e){e&&(this.logger.info("Perf: Visibility change detected"),this.performanceClient.incrementFields({visibilityChangeCount:1},e))}async initialize(e){if(this.logger.trace("initialize called"),this.initialized){this.logger.info("initialize has already been called, exiting early.");return}if(!this.isBrowserEnvironment){this.logger.info("in non-browser environment, exiting early."),this.initialized=!0,this.eventHandler.emitEvent(y.INITIALIZE_END);return}const t=(e==null?void 0:e.correlationId)\|\|this.getRequestCorrelationId(),n=this.config.system.allowPlatformBroker,o=this.performanceClient.startMeasurement(l.InitializeClientApplication,t);if(this.eventHandler.emitEvent(y.INITIALIZE_START),await f(this.browserStorage.initialize.bind(this.browserStorage),l.InitializeCache,this.logger,this.performanceClient,t)(t),n)try{this.nativeExtensionProvider=await he.createProvider(this.logger,this.config.system.nativeBrokerHandshakeTimeout,this.performanceClient)}catch(i){this.logger.verbose(i)}this.config.cache.claimsBasedCachingEnabled\|\|(this.logger.verbose("Claims-based caching is disabled. Clearing the previous cache with claims"),await f(this.browserStorage.clearTokensAndKeysWithClaims.bind(this.browserStorage),l.ClearTokensAndKeysWithClaims,this.logger,this.performanceClient,t)(this.performanceClient,t)),this.config.system.asyncPopups&&await this.preGeneratePkceCodes(t),this.initialized=!0,this.eventHandler.emitEvent(y.INITIALIZE_END),o.end({allowPlatformBroker:n,success:!0})}async handleRedirectPromise(e){if(this.logger.verbose("handleRedirectPromise called"),Rs(this.initialized),this.isBrowserEnvironment){const t=e\|\|"";let n=this.redirectResponse.get(t);return typeof n>"u"?(n=this.handleRedirectPromiseInternal(e),this.redirectResponse.set(t,n),this.logger.verbose("handleRedirectPromise has been called for the first time, storing the promise")):this.logger.verbose("handleRedirectPromise has been called previously, returning the result from the first call"),n}return this.logger.verbose("handleRedirectPromise returns null, not browser environment"),null}async handleRedirectPromiseInternal(e){if(!this.browserStorage.isInteractionInProgress(!0))return this.logger.info("handleRedirectPromise called but there is no interaction in progress, returning null."),null;const t=this.getAllAccounts(),n=this.browserStorage.getCachedNativeRequest(),o=n&&he.isPlatformBrokerAvailable(this.config,this.logger,this.nativeExtensionProvider)&&this.nativeExtensionProvider&&!e;let i=this.performanceClient.startMeasurement(l.AcquireTokenRedirect,(n==null?void 0:n.correlationId)\|\|"");this.eventHandler.emitEvent(y.HANDLE_REDIRECT_START,T.Redirect);let s;if(o&&this.nativeExtensionProvider){this.logger.trace("handleRedirectPromise - acquiring token from native platform");const a=new Ot(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,O.handleRedirectPromise,this.performanceClient,this.nativeExtensionProvider,n.accountId,this.nativeInternalStorage,n.correlationId);s=f(a.handleRedirectPromise.bind(a),l.HandleNativeRedirectPromiseMeasurement,this.logger,this.performanceClient,i.event.correlationId)(this.performanceClient,i.event.correlationId)}else{const[a,c]=this.browserStorage.getCachedRequest(),d=a.correlationId;i.discard(),i=this.performanceClient.startMeasurement(l.AcquireTokenRedirect,d),this.logger.trace("handleRedirectPromise - acquiring token from web flow");const h=this.createRedirectClient(d);s=f(h.handleRedirectPromise.bind(h),l.HandleRedirectPromiseMeasurement,this.logger,this.performanceClient,i.event.correlationId)(e,a,c,i)}return s.then(a=>(a?(this.browserStorage.resetRequestCache(),t.length<this.getAllAccounts().length?(this.eventHandler.emitEvent(y.LOGIN_SUCCESS,T.Redirect,a),this.logger.verbose("handleRedirectResponse returned result, login success")):(this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_SUCCESS,T.Redirect,a),this.logger.verbose("handleRedirectResponse returned result, acquire token success")),i.end({success:!0,accountType:ce(a.account)})):i.event.errorCode?i.end({success:!1}):i.discard(),this.eventHandler.emitEvent(y.HANDLE_REDIRECT_END,T.Redirect),a)).catch(a=>{this.browserStorage.resetRequestCache();const c=a;throw t.length>0?this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_FAILURE,T.Redirect,null,c):this.eventHandler.emitEvent(y.LOGIN_FAILURE,T.Redirect,null,c),this.eventHandler.emitEvent(y.HANDLE_REDIRECT_END,T.Redirect),i.end({success:!1},c),a})}async acquireTokenRedirect(e){const t=this.getRequestCorrelationId(e);this.logger.verbose("acquireTokenRedirect called",t);const n=this.performanceClient.startMeasurement(l.AcquireTokenPreRedirect,t);n.add({accountType:ce(e.account),scenarioId:e.scenarioId});const o=e.onRedirectNavigate;if(o)e.onRedirectNavigate=s=>{const a=typeof o=="function"?o(s):void 0;return a!==!1?n.end({success:!0}):n.discard(),a};else{const s=this.config.auth.onRedirectNavigate;this.config.auth.onRedirectNavigate=a=>{const c=typeof s=="function"?s(a):void 0;return c!==!1?n.end({success:!0}):n.discard(),c}}const i=this.getAllAccounts().length>0;try{mr(this.initialized,this.config),this.browserStorage.setInteractionInProgress(!0),i?this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_START,T.Redirect,e):this.eventHandler.emitEvent(y.LOGIN_START,T.Redirect,e);let s;return this.nativeExtensionProvider&&this.canUsePlatformBroker(e)?s=new Ot(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,O.acquireTokenRedirect,this.performanceClient,this.nativeExtensionProvider,this.getNativeAccountId(e),this.nativeInternalStorage,t).acquireTokenRedirect(e,n).catch(c=>{if(c instanceof de&&Ge(c))return this.nativeExtensionProvider=void 0,this.createRedirectClient(t).acquireToken(e);if(c instanceof ne)return this.logger.verbose("acquireTokenRedirect - Resolving interaction required error thrown by native broker by falling back to web flow"),this.createRedirectClient(t).acquireToken(e);throw c}):s=this.createRedirectClient(t).acquireToken(e),await s}catch(s){throw this.browserStorage.resetRequestCache(),n.end({success:!1},s),i?this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_FAILURE,T.Redirect,null,s):this.eventHandler.emitEvent(y.LOGIN_FAILURE,T.Redirect,null,s),s}}acquireTokenPopup(e){const t=this.getRequestCorrelationId(e),n=this.performanceClient.startMeasurement(l.AcquireTokenPopup,t);n.add({scenarioId:e.scenarioId,accountType:ce(e.account)});try{this.logger.verbose("acquireTokenPopup called",t),Rt(this.initialized,n),this.browserStorage.setInteractionInProgress(!0)}catch(a){return Promise.reject(a)}const o=this.getAllAccounts();o.length>0?this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_START,T.Popup,e):this.eventHandler.emitEvent(y.LOGIN_START,T.Popup,e);let i;const s=this.getPreGeneratedPkceCodes(t);return this.canUsePlatformBroker(e)?i=this.acquireTokenNative({...e,correlationId:t},O.acquireTokenPopup).then(a=>(n.end({success:!0,isNativeBroker:!0,accountType:ce(a.account)}),a)).catch(a=>{if(a instanceof de&&Ge(a))return this.nativeExtensionProvider=void 0,this.createPopupClient(t).acquireToken(e,s);if(a instanceof ne)return this.logger.verbose("acquireTokenPopup - Resolving interaction required error thrown by native broker by falling back to web flow"),this.createPopupClient(t).acquireToken(e,s);throw a}):i=this.createPopupClient(t).acquireToken(e,s),i.then(a=>(o.length<this.getAllAccounts().length?this.eventHandler.emitEvent(y.LOGIN_SUCCESS,T.Popup,a):this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_SUCCESS,T.Popup,a),n.end({success:!0,accessTokenSize:a.accessToken.length,idTokenSize:a.idToken.length,accountType:ce(a.account)}),a)).catch(a=>(o.length>0?this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_FAILURE,T.Popup,null,a):this.eventHandler.emitEvent(y.LOGIN_FAILURE,T.Popup,null,a),n.end({success:!1},a),Promise.reject(a))).finally(async()=>{this.browserStorage.setInteractionInProgress(!1),this.config.system.asyncPopups&&await this.preGeneratePkceCodes(t)})}trackPageVisibilityWithMeasurement(){const e=this.ssoSilentMeasurement\|\|this.acquireTokenByCodeAsyncMeasurement;e&&(this.logger.info("Perf: Visibility change detected in ",e.event.name),e.increment({visibilityChangeCount:1}))}async ssoSilent(e){var i,s;const t=this.getRequestCorrelationId(e),n={...e,prompt:e.prompt,correlationId:t};this.ssoSilentMeasurement=this.performanceClient.startMeasurement(l.SsoSilent,t),(i=this.ssoSilentMeasurement)==null\|\|i.add({scenarioId:e.scenarioId,accountType:ce(e.account)}),Rt(this.initialized,this.ssoSilentMeasurement),(s=this.ssoSilentMeasurement)==null\|\|s.increment({visibilityChangeCount:0}),document.addEventListener("visibilitychange",this.trackPageVisibilityWithMeasurement),this.logger.verbose("ssoSilent called",t),this.eventHandler.emitEvent(y.SSO_SILENT_START,T.Silent,n);let o;return this.canUsePlatformBroker(n)?o=this.acquireTokenNative(n,O.ssoSilent).catch(a=>{if(a instanceof de&&Ge(a))return this.nativeExtensionProvider=void 0,this.createSilentIframeClient(n.correlationId).acquireToken(n);throw a}):o=this.createSilentIframeClient(n.correlationId).acquireToken(n),o.then(a=>{var c;return this.eventHandler.emitEvent(y.SSO_SILENT_SUCCESS,T.Silent,a),(c=this.ssoSilentMeasurement)==null\|\|c.end({success:!0,isNativeBroker:a.fromNativeBroker,accessTokenSize:a.accessToken.length,idTokenSize:a.idToken.length,accountType:ce(a.account)}),a}).catch(a=>{var c;throw this.eventHandler.emitEvent(y.SSO_SILENT_FAILURE,T.Silent,null,a),(c=this.ssoSilentMeasurement)==null\|\|c.end({success:!1},a),a}).finally(()=>{document.removeEventListener("visibilitychange",this.trackPageVisibilityWithMeasurement)})}async acquireTokenByCode(e){const t=this.getRequestCorrelationId(e);this.logger.trace("acquireTokenByCode called",t);const n=this.performanceClient.startMeasurement(l.AcquireTokenByCode,t);Rt(this.initialized,n),this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_BY_CODE_START,T.Silent,e),n.add({scenarioId:e.scenarioId});try{if(e.code&&e.nativeAccountId)throw C(ls);if(e.code){const o=e.code;let i=this.hybridAuthCodeResponses.get(o);return i?(this.logger.verbose("Existing acquireTokenByCode request found",t),n.discard()):(this.logger.verbose("Initiating new acquireTokenByCode request",t),i=this.acquireTokenByCodeAsync({...e,correlationId:t}).then(s=>(this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_BY_CODE_SUCCESS,T.Silent,s),this.hybridAuthCodeResponses.delete(o),n.end({success:!0,isNativeBroker:s.fromNativeBroker,accessTokenSize:s.accessToken.length,idTokenSize:s.idToken.length,accountType:ce(s.account)}),s)).catch(s=>{throw this.hybridAuthCodeResponses.delete(o),this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_BY_CODE_FAILURE,T.Silent,null,s),n.end({success:!1},s),s}),this.hybridAuthCodeResponses.set(o,i)),await i}else if(e.nativeAccountId)if(this.canUsePlatformBroker(e,e.nativeAccountId)){const o=await this.acquireTokenNative({...e,correlationId:t},O.acquireTokenByCode,e.nativeAccountId).catch(i=>{throw i instanceof de&&Ge(i)&&(this.nativeExtensionProvider=void 0),i});return n.end({accountType:ce(o.account),success:!0}),o}else throw C(ds);else throw C(cs)}catch(o){throw this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_BY_CODE_FAILURE,T.Silent,null,o),n.end({success:!1},o),o}}async acquireTokenByCodeAsync(e){var o;return this.logger.trace("acquireTokenByCodeAsync called",e.correlationId),this.acquireTokenByCodeAsyncMeasurement=this.performanceClient.startMeasurement(l.AcquireTokenByCodeAsync,e.correlationId),(o=this.acquireTokenByCodeAsyncMeasurement)==null\|\|o.increment({visibilityChangeCount:0}),document.addEventListener("visibilitychange",this.trackPageVisibilityWithMeasurement),await this.createSilentAuthCodeClient(e.correlationId).acquireToken(e).then(i=>{var s;return(s=this.acquireTokenByCodeAsyncMeasurement)==null\|\|s.end({success:!0,fromCache:i.fromCache,isNativeBroker:i.fromNativeBroker}),i}).catch(i=>{var s;throw(s=this.acquireTokenByCodeAsyncMeasurement)==null\|\|s.end({success:!1},i),i}).finally(()=>{document.removeEventListener("visibilitychange",this.trackPageVisibilityWithMeasurement)})}async acquireTokenFromCache(e,t){switch(this.performanceClient.addQueueMeasurement(l.AcquireTokenFromCache,e.correlationId),t){case H.Default:case H.AccessToken:case H.AccessTokenAndRefreshToken:const n=this.createSilentCacheClient(e.correlationId);return f(n.acquireToken.bind(n),l.SilentCacheClientAcquireToken,this.logger,this.performanceClient,e.correlationId)(e);default:throw p(_e)}}async acquireTokenByRefreshToken(e,t){switch(this.performanceClient.addQueueMeasurement(l.AcquireTokenByRefreshToken,e.correlationId),t){case H.Default:case H.AccessTokenAndRefreshToken:case H.RefreshToken:case H.RefreshTokenAndNetwork:const n=this.createSilentRefreshClient(e.correlationId);return f(n.acquireToken.bind(n),l.SilentRefreshClientAcquireToken,this.logger,this.performanceClient,e.correlationId)(e);default:throw p(_e)}}async acquireTokenBySilentIframe(e){this.performanceClient.addQueueMeasurement(l.AcquireTokenBySilentIframe,e.correlationId);const t=this.createSilentIframeClient(e.correlationId);return f(t.acquireToken.bind(t),l.SilentIframeClientAcquireToken,this.logger,this.performanceClient,e.correlationId)(e)}async logout(e){const t=this.getRequestCorrelationId(e);return this.logger.warning("logout API is deprecated and will be removed in msal-browser v3.0.0. Use logoutRedirect instead.",t),this.logoutRedirect({correlationId:t,...e})}async logoutRedirect(e){const t=this.getRequestCorrelationId(e);return mr(this.initialized,this.config),this.browserStorage.setInteractionInProgress(!0),this.createRedirectClient(t).logout(e)}logoutPopup(e){try{const t=this.getRequestCorrelationId(e);return Lo(this.initialized),this.browserStorage.setInteractionInProgress(!0),this.createPopupClient(t).logout(e).finally(()=>{this.browserStorage.setInteractionInProgress(!1)})}catch(t){return Promise.reject(t)}}async clearCache(e){if(!this.isBrowserEnvironment){this.logger.info("in non-browser environment, returning early.");return}const t=this.getRequestCorrelationId(e);return this.createSilentCacheClient(t).logout(e)}getAllAccounts(e){return Ns(this.logger,this.browserStorage,this.isBrowserEnvironment,e)}getAccount(e){return Bn(e,this.logger,this.browserStorage)}getAccountByUsername(e){return Ms(e,this.logger,this.browserStorage)}getAccountByHomeId(e){return Us(e,this.logger,this.browserStorage)}getAccountByLocalId(e){return Ls(e,this.logger,this.browserStorage)}setActiveAccount(e){Hs(e,this.browserStorage)}getActiveAccount(){return Ds(this.browserStorage)}async hydrateCache(e,t){this.logger.verbose("hydrateCache called");const n=q.createFromAccountInfo(e.account,e.cloudGraphHostName,e.msGraphHost);return await this.browserStorage.setAccount(n,e.correlationId),e.fromNativeBroker?(this.logger.verbose("Response was from native broker, storing in-memory"),this.nativeInternalStorage.hydrateCache(e,t)):this.browserStorage.hydrateCache(e,t)}async acquireTokenNative(e,t,n,o){if(this.logger.trace("acquireTokenNative called"),!this.nativeExtensionProvider)throw C(So);return new Ot(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,t,this.performanceClient,this.nativeExtensionProvider,n\|\|this.getNativeAccountId(e),this.nativeInternalStorage,e.correlationId).acquireToken(e,o)}canUsePlatformBroker(e,t){if(this.logger.trace("canUsePlatformBroker called"),!he.isPlatformBrokerAvailable(this.config,this.logger,this.nativeExtensionProvider,e.authenticationScheme))return this.logger.trace("canUsePlatformBroker: isPlatformBrokerAvailable returned false, returning false"),!1;if(e.prompt)switch(e.prompt){case K.NONE:case K.CONSENT:case K.LOGIN:this.logger.trace("canUsePlatformBroker: prompt is compatible with platform broker flow");break;default:return this.logger.trace(`canUsePlatformBroker: prompt = ${e.prompt} is not compatible with platform broker flow, returning false`),!1}return!t&&!this.getNativeAccountId(e)?(this.logger.trace("canUsePlatformBroker: nativeAccountId is not available, returning false"),!1):!0}getNativeAccountId(e){const t=e.account\|\|this.getAccount({loginHint:e.loginHint,sid:e.sid})\|\|this.getActiveAccount();return t&&t.nativeAccountId\|\|""}createPopupClient(e){return new Td(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeInternalStorage,this.nativeExtensionProvider,e)}createRedirectClient(e){return new Id(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeInternalStorage,this.nativeExtensionProvider,e)}createSilentIframeClient(e){return new _d(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,O.ssoSilent,this.performanceClient,this.nativeInternalStorage,this.nativeExtensionProvider,e)}createSilentCacheClient(e){return new Gs(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeExtensionProvider,e)}createSilentRefreshClient(e){return new Rd(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeExtensionProvider,e)}createSilentAuthCodeClient(e){return new Pd(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,O.acquireTokenByCode,this.performanceClient,this.nativeExtensionProvider,e)}addEventCallback(e,t){return this.eventHandler.addEventCallback(e,t)}removeEventCallback(e){this.eventHandler.removeEventCallback(e)}addPerformanceCallback(e){return _s(),this.performanceClient.addPerformanceCallback(e)}removePerformanceCallback(e){return this.performanceClient.removePerformanceCallback(e)}enableAccountStorageEvents(){if(this.config.cache.cacheLocation!==B.LocalStorage){this.logger.info("Account storage events are only available when cacheLocation is set to localStorage");return}this.eventHandler.subscribeCrossTab()}disableAccountStorageEvents(){if(this.config.cache.cacheLocation!==B.LocalStorage){this.logger.info("Account storage events are only available when cacheLocation is set to localStorage");return}this.eventHandler.unsubscribeCrossTab()}getTokenCache(){return this.tokenCache}getLogger(){return this.logger}setLogger(e){this.logger=e}initializeWrapperLibrary(e,t){this.browserStorage.setWrapperMetadata(e,t)}setNavigationClient(e){this.navigationClient=e}getConfiguration(){return this.config}getPerformanceClient(){return this.performanceClient}isBrowserEnv(){return this.isBrowserEnvironment}getRequestCorrelationId(e){return e!=null&&e.correlationId?e.correlationId:this.isBrowserEnvironment?Z():g.EMPTY_STRING}async loginRedirect(e){const t=this.getRequestCorrelationId(e);return this.logger.verbose("loginRedirect called",t),this.acquireTokenRedirect({correlationId:t,...e\|\|Ln})}loginPopup(e){const t=this.getRequestCorrelationId(e);return this.logger.verbose("loginPopup called",t),this.acquireTokenPopup({correlationId:t,...e\|\|Ln})}async acquireTokenSilent(e){const t=this.getRequestCorrelationId(e),n=this.performanceClient.startMeasurement(l.AcquireTokenSilent,t);n.add({cacheLookupPolicy:e.cacheLookupPolicy,scenarioId:e.scenarioId}),Rt(this.initialized,n),this.logger.verbose("acquireTokenSilent called",t);const o=e.account\|\|this.getActiveAccount();if(!o)throw C(ts);return n.add({accountType:ce(o)}),this.acquireTokenSilentDeduped(e,o,t).then(i=>(n.end({success:!0,fromCache:i.fromCache,isNativeBroker:i.fromNativeBroker,accessTokenSize:i.accessToken.length,idTokenSize:i.idToken.length}),{...i,state:e.state,correlationId:t})).catch(i=>{throw i instanceof _&&i.setCorrelationId(t),n.end({success:!1},i),i})}async acquireTokenSilentDeduped(e,t,n){const o=an(this.config.auth.clientId,{...e,authority:e.authority\|\|this.config.auth.authority},t.homeAccountId),i=JSON.stringify(o),s=this.activeSilentTokenRequests.get(i);if(typeof s>"u"){this.logger.verbose("acquireTokenSilent called for the first time, storing active request",n),this.performanceClient.addFields({deduped:!1},n);const a=f(this.acquireTokenSilentAsync.bind(this),l.AcquireTokenSilentAsync,this.logger,this.performanceClient,n)({...e,correlationId:n},t);return this.activeSilentTokenRequests.set(i,a),a.finally(()=>{this.activeSilentTokenRequests.delete(i)})}else return this.logger.verbose("acquireTokenSilent has been called previously, returning the result from the first call",n),this.performanceClient.addFields({deduped:!0},n),s}async acquireTokenSilentAsync(e,t){const n=()=>this.trackPageVisibility(e.correlationId);this.performanceClient.addQueueMeasurement(l.AcquireTokenSilentAsync,e.correlationId),this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_START,T.Silent,e),e.correlationId&&this.performanceClient.incrementFields({visibilityChangeCount:0},e.correlationId),document.addEventListener("visibilitychange",n);const o=await f(od,l.InitializeSilentRequest,this.logger,this.performanceClient,e.correlationId)(e,t,this.config,this.performanceClient,this.logger),i=e.cacheLookupPolicy\|\|H.Default;return this.acquireTokenSilentNoIframe(o,i).catch(async a=>{if(Nd(a,i))if(this.activeIframeRequest)if(i!==H.Skip){const[d,h]=this.activeIframeRequest;this.logger.verbose(`Iframe request is already in progress, awaiting resolution for request with correlationId: ${h}`,o.correlationId);const u=this.performanceClient.startMeasurement(l.AwaitConcurrentIframe,o.correlationId);u.add({awaitIframeCorrelationId:h});const m=await d;if(u.end({success:m}),m)return this.logger.verbose(`Parallel iframe request with correlationId: ${h} succeeded. Retrying cache and/or RT redemption`,o.correlationId),this.acquireTokenSilentNoIframe(o,i);throw this.logger.info(`Iframe request with correlationId: ${h} failed. Interaction is required.`),a}else return this.logger.warning("Another iframe request is currently in progress and CacheLookupPolicy is set to Skip. This may result in degraded performance and/or reliability for both calls. Please consider changing the CacheLookupPolicy to take advantage of request queuing and token cache.",o.correlationId),f(this.acquireTokenBySilentIframe.bind(this),l.AcquireTokenBySilentIframe,this.logger,this.performanceClient,o.correlationId)(o);else{let d;return this.activeIframeRequest=[new Promise(h=>{d=h}),o.correlationId],this.logger.verbose("Refresh token expired/invalid or CacheLookupPolicy is set to Skip, attempting acquire token by iframe.",o.correlationId),f(this.acquireTokenBySilentIframe.bind(this),l.AcquireTokenBySilentIframe,this.logger,this.performanceClient,o.correlationId)(o).then(h=>(d(!0),h)).catch(h=>{throw d(!1),h}).finally(()=>{this.activeIframeRequest=void 0})}else throw a}).then(a=>(this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_SUCCESS,T.Silent,a),e.correlationId&&this.performanceClient.addFields({fromCache:a.fromCache,isNativeBroker:a.fromNativeBroker},e.correlationId),a)).catch(a=>{throw this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_FAILURE,T.Silent,null,a),a}).finally(()=>{document.removeEventListener("visibilitychange",n)})}async acquireTokenSilentNoIframe(e,t){return he.isPlatformBrokerAvailable(this.config,this.logger,this.nativeExtensionProvider,e.authenticationScheme)&&e.account.nativeAccountId?(this.logger.verbose("acquireTokenSilent - attempting to acquire token from native platform"),this.acquireTokenNative(e,O.acquireTokenSilent_silentFlow,e.account.nativeAccountId,t).catch(async n=>{throw n instanceof de&&Ge(n)?(this.logger.verbose("acquireTokenSilent - native platform unavailable, falling back to web flow"),this.nativeExtensionProvider=void 0,p(_e)):n})):(this.logger.verbose("acquireTokenSilent - attempting to acquire token from web flow"),t===H.AccessToken&&this.logger.verbose("acquireTokenSilent - cache lookup policy set to AccessToken, attempting to acquire token from local cache"),f(this.acquireTokenFromCache.bind(this),l.AcquireTokenFromCache,this.logger,this.performanceClient,e.correlationId)(e,t).catch(n=>{if(t===H.AccessToken)throw n;return this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_NETWORK_START,T.Silent,e),f(this.acquireTokenByRefreshToken.bind(this),l.AcquireTokenByRefreshToken,this.logger,this.performanceClient,e.correlationId)(e,t)}))}async preGeneratePkceCodes(e){return this.logger.verbose("Generating new PKCE codes"),this.pkceCode=await f(pn,l.GeneratePkceCodes,this.logger,this.performanceClient,e)(this.performanceClient,this.logger,e),Promise.resolve()}getPreGeneratedPkceCodes(e){this.logger.verbose("Attempting to pick up pre-generated PKCE codes");const t=this.pkceCode?{...this.pkceCode}:void 0;return this.pkceCode=void 0,this.logger.verbose(`${t?"Found":"Did not find"} pre-generated PKCE codes`),this.performanceClient.addFields({usePreGeneratedPkce:!!t},e),t}}function Nd(r,e){const t=!(r instanceof ne&&r.subError!==ln),n=r.errorCode===Q.INVALID_GRANT_ERROR\|\|r.errorCode===_e,o=t&&n\|\|r.errorCode===Bt\|\|r.errorCode===mo,i=ml.includes(e);return o&&i}/! @azure/msal-browser v4.9.0 2025-03-25 /function Md(r){return r.status!==void 0}/! @azure/msal-browser v4.9.0 2025-03-25 /class Ud{constructor(e,t,n,o){this.clientId=e,this.clientCapabilities=t,this.crypto=n,this.logger=o}toNaaTokenRequest(e){var a;let t;e.extraQueryParameters===void 0?t=new Map:t=new Map(Object.entries(e.extraQueryParameters));const n=e.correlationId\|\|this.crypto.createNewGuid(),o=_i(e.claims,this.clientCapabilities),i=e.scopes\|\|Fe;return{platformBrokerId:(a=e.account)==null?void 0:a.homeAccountId,clientId:this.clientId,authority:e.authority,scope:i.join(" "),correlationId:n,claims:ie.isEmptyObj(o)?void 0:o,state:e.state,authenticationScheme:e.authenticationScheme\|\|k.BEARER,extraParameters:t}}fromNaaTokenResponse(e,t,n){if(!t.token.id_token\|\|!t.token.access_token)throw p(Nt);const o=Te(n+(t.token.expires_in\|\|0)),i=be(t.token.id_token,this.crypto.base64Decode),s=this.fromNaaAccountInfo(t.account,t.token.id_token,i),a=t.token.scope\|\|e.scope;return{authority:t.token.authority\|\|s.environment,uniqueId:s.localAccountId,tenantId:s.tenantId,scopes:a.split(" "),account:s,idToken:t.token.id_token,idTokenClaims:i,accessToken:t.token.access_token,fromCache:!1,expiresOn:o,tokenType:e.authenticationScheme\|\|k.BEARER,correlationId:e.correlationId,extExpiresOn:o,state:e.state}}fromNaaAccountInfo(e,t,n){const o=n\|\|e.idTokenClaims,i=e.localAccountId\|\|(o==null?void 0:o.oid)\|\|(o==null?void 0:o.sub)\|\|"",s=e.tenantId\|\|(o==null?void 0:o.tid)\|\|"",a=e.homeAccountId\|\|`${i}.${s}`,c=e.username\|\|(o==null?void 0:o.preferred_username)\|\|"",d=e.name\|\|(o==null?void 0:o.name),h=new Map,u=nn(a,i,s,o);return h.set(s,u),{homeAccountId:a,environment:e.environment,tenantId:s,username:c,localAccountId:i,name:d,idToken:t,idTokenClaims:o,tenantProfiles:h}}fromBridgeError(e){if(Md(e))switch(e.status){case fe.UserCancel:return new ve($r);case fe.NoNetwork:return new ve(qr);case fe.AccountUnavailable:return new ve(Mt);case fe.Disabled:return new ve(bn);case fe.NestedAppAuthUnavailable:return new ve(e.code\|\|bn,e.description);case fe.TransientError:case fe.PersistentError:return new Ne(e.code,e.description);case fe.UserInteractionRequired:return new ne(e.code,e.description);default:return new _(e.code,e.description)}else return new _("unknown_error","An unknown error occurred")}toAuthenticationResultFromCache(e,t,n,o,i){if(!t\|\|!n)throw p(Nt);const s=be(t.secret,this.crypto.base64Decode),a=n.target\|\|o.scopes.join(" ");return{authority:n.environment\|\|e.environment,uniqueId:e.localAccountId,tenantId:e.tenantId,scopes:a.split(" "),account:e,idToken:t.secret,idTokenClaims:s\|\|{},accessToken:n.secret,fromCache:!0,expiresOn:Te(n.expiresOn),extExpiresOn:Te(n.extendedExpiresOn),tokenType:o.authenticationScheme\|\|k.BEARER,correlationId:i,state:o.state}}}/! @azure/msal-browser v4.9.0 2025-03-25 /const wr={unsupportedMethod:{code:"unsupported_method",desc:"This method is not supported in nested app environment."}};class L extends _{constructor(e,t){super(e,t),Object.setPrototypeOf(this,L.prototype),this.name="NestedAppAuthError"}static createUnsupportedError(){return new L(wr.unsupportedMethod.code,wr.unsupportedMethod.desc)}}/! @azure/msal-browser v4.9.0 2025-03-25 /class Go{constructor(e){this.operatingContext=e;const t=this.operatingContext.getBridgeProxy();if(t!==void 0)this.bridgeProxy=t;else throw new Error("unexpected: bridgeProxy is undefined");this.config=e.getConfig(),this.logger=this.operatingContext.getLogger(),this.performanceClient=this.config.telemetry.client,this.browserCrypto=e.isBrowserEnvironment()?new ue(this.logger,this.performanceClient,!0):lt,this.eventHandler=new xs(this.logger),this.browserStorage=this.operatingContext.isBrowserEnvironment()?new $t(this.config.auth.clientId,this.config.cache,this.browserCrypto,this.logger,this.performanceClient,this.eventHandler,Ni(this.config.auth)):Ps(this.config.auth.clientId,this.logger,this.performanceClient,this.eventHandler),this.nestedAppAuthAdapter=new Ud(this.config.auth.clientId,this.config.auth.clientCapabilities,this.browserCrypto,this.logger);const n=this.bridgeProxy.getAccountContext();this.currentAccountContext=n\|\|null}static async createController(e){const t=new Go(e);return Promise.resolve(t)}async initialize(e){const t=(e==null?void 0:e.correlationId)\|\|Z();return await this.browserStorage.initialize(t),Promise.resolve()}ensureValidRequest(e){return e!=null&&e.correlationId?e:{...e,correlationId:this.browserCrypto.createNewGuid()}}async acquireTokenInteractive(e){const t=this.ensureValidRequest(e);this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_START,T.Popup,t);const n=this.performanceClient.startMeasurement(l.AcquireTokenPopup,t.correlationId);n==null\|\|n.add({nestedAppAuthRequest:!0});try{const o=this.nestedAppAuthAdapter.toNaaTokenRequest(t),i=j(),s=await this.bridgeProxy.getTokenInteractive(o),a={...this.nestedAppAuthAdapter.fromNaaTokenResponse(o,s,i)};return await this.hydrateCache(a,e),this.currentAccountContext={homeAccountId:a.account.homeAccountId,environment:a.account.environment,tenantId:a.account.tenantId},this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_SUCCESS,T.Popup,a),n.add({accessTokenSize:a.accessToken.length,idTokenSize:a.idToken.length}),n.end({success:!0,requestId:a.requestId}),a}catch(o){const i=o instanceof _?o:this.nestedAppAuthAdapter.fromBridgeError(o);throw this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_FAILURE,T.Popup,null,o),n.end({success:!1},o),i}}async acquireTokenSilentInternal(e){const t=this.ensureValidRequest(e);this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_START,T.Silent,t);const n=await this.acquireTokenFromCache(t);if(n)return this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_SUCCESS,T.Silent,n),n;const o=this.performanceClient.startMeasurement(l.SsoSilent,t.correlationId);o==null\|\|o.increment({visibilityChangeCount:0}),o==null\|\|o.add({nestedAppAuthRequest:!0});try{const i=this.nestedAppAuthAdapter.toNaaTokenRequest(t),s=j(),a=await this.bridgeProxy.getTokenSilent(i),c=this.nestedAppAuthAdapter.fromNaaTokenResponse(i,a,s);return await this.hydrateCache(c,e),this.currentAccountContext={homeAccountId:c.account.homeAccountId,environment:c.account.environment,tenantId:c.account.tenantId},this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_SUCCESS,T.Silent,c),o==null\|\|o.add({accessTokenSize:c.accessToken.length,idTokenSize:c.idToken.length}),o==null\|\|o.end({success:!0,requestId:c.requestId}),c}catch(i){const s=i instanceof _?i:this.nestedAppAuthAdapter.fromBridgeError(i);throw this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_FAILURE,T.Silent,null,i),o==null\|\|o.end({success:!1},i),s}}async acquireTokenFromCache(e){const t=this.performanceClient.startMeasurement(l.AcquireTokenSilent,e.correlationId);if(t==null\|\|t.add({nestedAppAuthRequest:!0}),e.claims)return this.logger.verbose("Claims are present in the request, skipping cache lookup"),null;if(e.forceRefresh)return this.logger.verbose("forceRefresh is set to true, skipping cache lookup"),null;let n=null;switch(e.cacheLookupPolicy\|\|(e.cacheLookupPolicy=H.Default),e.cacheLookupPolicy){case H.Default:case H.AccessToken:case H.AccessTokenAndRefreshToken:n=await this.acquireTokenFromCacheInternal(e);break;default:return null}return n?(this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_SUCCESS,T.Silent,n),t==null\|\|t.add({accessTokenSize:n==null?void 0:n.accessToken.length,idTokenSize:n==null?void 0:n.idToken.length}),t==null\|\|t.end({success:!0}),n):(this.logger.error("Cached tokens are not found for the account, proceeding with silent token request."),this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_FAILURE,T.Silent,null),t==null\|\|t.end({success:!1}),null)}async acquireTokenFromCacheInternal(e){var c;const t=this.bridgeProxy.getAccountContext()\|\|this.currentAccountContext;let n=null;if(t&&(n=Bn(t,this.logger,this.browserStorage)),!n)return this.logger.verbose("No active account found, falling back to the host"),Promise.resolve(null);this.logger.verbose("active account found, attempting to acquire token silently");const o={...e,correlationId:e.correlationId\|\|this.browserCrypto.createNewGuid(),authority:e.authority\|\|n.environment,scopes:(c=e.scopes)!=null&&c.length?e.scopes:[...Fe]},i=this.browserStorage.getTokenKeys(),s=this.browserStorage.getAccessToken(n,o,i,n.tenantId,this.performanceClient,o.correlationId);if(s){if(Yr(s.cachedAt)\|\|Ut(s.expiresOn,this.config.system.tokenRenewalOffsetSeconds))return this.logger.verbose("Cached access token has expired"),Promise.resolve(null)}else return this.logger.verbose("No cached access token found"),Promise.resolve(null);const a=this.browserStorage.getIdToken(n,i,n.tenantId,this.performanceClient,o.correlationId);return a?this.nestedAppAuthAdapter.toAuthenticationResultFromCache(n,a,s,o,o.correlationId):(this.logger.verbose("No cached id token found"),Promise.resolve(null))}async acquireTokenPopup(e){return this.acquireTokenInteractive(e)}acquireTokenRedirect(e){throw L.createUnsupportedError()}async acquireTokenSilent(e){return this.acquireTokenSilentInternal(e)}acquireTokenByCode(e){throw L.createUnsupportedError()}acquireTokenNative(e,t,n){throw L.createUnsupportedError()}acquireTokenByRefreshToken(e,t){throw L.createUnsupportedError()}addEventCallback(e,t){return this.eventHandler.addEventCallback(e,t)}removeEventCallback(e){this.eventHandler.removeEventCallback(e)}addPerformanceCallback(e){throw L.createUnsupportedError()}removePerformanceCallback(e){throw L.createUnsupportedError()}enableAccountStorageEvents(){throw L.createUnsupportedError()}disableAccountStorageEvents(){throw L.createUnsupportedError()}getAllAccounts(e){return Ns(this.logger,this.browserStorage,this.isBrowserEnv(),e)}getAccount(e){return Bn(e,this.logger,this.browserStorage)}getAccountByUsername(e){return Ms(e,this.logger,this.browserStorage)}getAccountByHomeId(e){return Us(e,this.logger,this.browserStorage)}getAccountByLocalId(e){return Ls(e,this.logger,this.browserStorage)}setActiveAccount(e){return Hs(e,this.browserStorage)}getActiveAccount(){return Ds(this.browserStorage)}handleRedirectPromise(e){return Promise.resolve(null)}loginPopup(e){return this.acquireTokenInteractive(e\|\|Ln)}loginRedirect(e){throw L.createUnsupportedError()}logout(e){throw L.createUnsupportedError()}logoutRedirect(e){throw L.createUnsupportedError()}logoutPopup(e){throw L.createUnsupportedError()}ssoSilent(e){return this.acquireTokenSilentInternal(e)}getTokenCache(){throw L.createUnsupportedError()}getLogger(){return this.logger}setLogger(e){this.logger=e}initializeWrapperLibrary(e,t){}setNavigationClient(e){this.logger.warning("setNavigationClient is not supported in nested app auth")}getConfiguration(){return this.config}isBrowserEnv(){return this.operatingContext.isBrowserEnvironment()}getBrowserCrypto(){return this.browserCrypto}getPerformanceClient(){throw L.createUnsupportedError()}getRedirectResponse(){throw L.createUnsupportedError()}async clearCache(e){throw L.createUnsupportedError()}async hydrateCache(e,t){this.logger.verbose("hydrateCache called");const n=q.createFromAccountInfo(e.account,e.cloudGraphHostName,e.msGraphHost);return await this.browserStorage.setAccount(n,e.correlationId),this.browserStorage.hydrateCache(e,t)}}/! @azure/msal-browser v4.9.0 2025-03-25 /async function Ld(r,e){const t=new xe(r);return await t.initialize(),mn.createController(t,e)}/! @azure/msal-browser v4.9.0 2025-03-25 /class Cn{static async createPublicClientApplication(e){const t=await Ld(e);return new Cn(e,t)}constructor(e,t){this.controller=t\|\|new mn(new xe(e))}async initialize(e){return this.controller.initialize(e)}async acquireTokenPopup(e){return this.controller.acquireTokenPopup(e)}acquireTokenRedirect(e){return this.controller.acquireTokenRedirect(e)}acquireTokenSilent(e){return this.controller.acquireTokenSilent(e)}acquireTokenByCode(e){return this.controller.acquireTokenByCode(e)}addEventCallback(e,t){return this.controller.addEventCallback(e,t)}removeEventCallback(e){return this.controller.removeEventCallback(e)}addPerformanceCallback(e){return this.controller.addPerformanceCallback(e)}removePerformanceCallback(e){return this.controller.removePerformanceCallback(e)}enableAccountStorageEvents(){this.controller.enableAccountStorageEvents()}disableAccountStorageEvents(){this.controller.disableAccountStorageEvents()}getAccount(e){return this.controller.getAccount(e)}getAccountByHomeId(e){return this.controller.getAccountByHomeId(e)}getAccountByLocalId(e){return this.controller.getAccountByLocalId(e)}getAccountByUsername(e){return this.controller.getAccountByUsername(e)}getAllAccounts(e){return this.controller.getAllAccounts(e)}handleRedirectPromise(e){return this.controller.handleRedirectPromise(e)}loginPopup(e){return this.controller.loginPopup(e)}loginRedirect(e){return this.controller.loginRedirect(e)}logout(e){return this.controller.logout(e)}logoutRedirect(e){return this.controller.logoutRedirect(e)}logoutPopup(e){return this.controller.logoutPopup(e)}ssoSilent(e){return this.controller.ssoSilent(e)}getTokenCache(){return this.controller.getTokenCache()}getLogger(){return this.controller.getLogger()}setLogger(e){this.controller.setLogger(e)}setActiveAccount(e){this.controller.setActiveAccount(e)}getActiveAccount(){return this.controller.getActiveAccount()}initializeWrapperLibrary(e,t){return this.controller.initializeWrapperLibrary(e,t)}setNavigationClient(e){this.controller.setNavigationClient(e)}getConfiguration(){return this.controller.getConfiguration()}async hydrateCache(e,t){return this.controller.hydrateCache(e,t)}clearCache(e){return this.controller.clearCache(e)}}async function Hd(r){const e=new je(r);if(await e.initialize(),e.isAvailable()){const t=new Go(e),n=new Cn(r,t);return await n.initialize(),n}return Dd(r)}async function Dd(r){const e=new Cn(r);return await e.initialize(),e}const $s=(0,eval)("this"),R=$s.Office;$s.messages;R.onReady(async()=>{var e;Ie=((e=localStorage.getItem("verifiedNativeClients"))==null?void 0:e.split(";"))??[],R.context.requirements.isSetSupported("NestedAppAuth","1.1")&&await Xd(),Ys(),R.context.mailbox.addHandlerAsync(R.EventType.ItemChanged,t=>{N.fetching=!1,N.fetched=!1,R.context.mailbox.item?ct():we(J("No item selected")),pt()});let r=document.createElement("h2");r.classList.add("mb-0"),r.appendChild(document.createTextNode(J("Drafts"))),st("draftscaption",r),at={decrypt:me("view","",function(){Qs()}),newemail:me("new",te("@action:button","New secure email"),function(){$d()}),reply:me("reply",te("@action:button","Reply securely"),function(){zd()}),forward:me("forward",te("@action:button","Forward securely"),function(){qd()}),reencrypt:me("reencrypt",te("@action:button","Reencrypt folder"),function(){Gd()})};for(let[t,n]of Object.entries(at))st(t,n);wn=xd("<small>"+te("@info","Viewer already open.")+"</small>"),st("vieweropenbox",wn),Yt(wn,!1)});function st(r,e){et(r).replaceWith(e),e.id=r}function Qt(r){return et("icon-"+r).cloneNode(!0)}function ft(r){let e=document.createElement("span");return e.innerHTML=r,e}function xd(r){let e=document.createElement("div");return e.innerHTML=r,e}function et(r){return document.getElementById(r)}function Vs(r,e,t){let n=et(r);e.length==0?(console.log("hide",r),Yt(n,!1),n.replaceChildren()):(Yt(n,!0),n.replaceChildren(Qt(t),ft(e)))}function we(r){Vs("errorbox",r,"error")}function Fd(){return et("errorbox").classList.contains("d-none")}function Yt(r,e){e?r.classList.remove("d-none"):r.classList.add("d-none")}function me(r,e,t,n=["w-100","btn","rounded-md","mt-3"]){let o=document.createElement("button");return o.setIconAndText=(function(i,s){this.replaceChildren(Qt(i),ft(s))}).bind(o),o.setIconAndText(r,e),o.replaceChildren(Qt(r),ft(e)),o.classList.add.apply(o.classList,n),o.addEventListener("click",i=>{t()}),o}function zo(){let r=[];for(dev of Pe){let t=ft(J("Unknown device: %1. Do you trust this device?",dev.name));t.replaceChildren.apply(t,[Qt("warning")].concat(t.childNodes()));let n=document.createElement("div");n.classList.add("d-flex","flex-row","gap"),n.appendChild(me("",J("Don't Trust"),jd.bind(null,device.id))),n.appendChild(me("",J("Trust"),Yd.bind(null,device.id))),r.push(t),r.push(n)}let e=et("pairingbox");e.replaceChildren.apply(e,r),Yt(e,r.length>0),pt()}let at=[],Pe=[],wn,vr=!1,Ie=[],N={encrypted:!1,signed:!1,drafts:[],fetched:!1,fetching:!1,folderId:"",features:[]},x=null,vn,ye=null;function pt(){let r=J("This mail is not encrypted nor signed.");if(N.fetched){N.encrypted?r=N.signed?J("This mail is encrypted and signed."):J("This mail is encrypted."):N.signed&&(r=J("This mail is signed."));for(let[e,t]of Object.entries(at))t.disabled=!1}else{Pe.length>0?r=te("Loading placeholder","Waiting for authorization"):r=Fd()?"":te("Loading placeholder","Loading…");for(let[e,t]of Object.entries(at))t.disabled=!0}et("statusbox").replaceChildren(document.createTextNode(r)),at.decrypt.setIconAndText("view",Kd()),Bd()}function Kd(){return N.encrypted?te("@action:button","Decrypt"):te("@action:button","View email")}function Bd(){if(N.drafts.length>0){let r=document.createElement("ul");r.classList.add("my-0","list-unstyled","gap","d-flex");for(let e of N.drafts){let t=document.createElement("li");t.classList.add("d-flex","flex-row");let n=me("opendraft",J("Last Modified: %1",Wd(e.last_modification)),function(){Vd(e.id)},["btn","w-100","d-flex","flex-row","align-items-center","rounded-e-md"]);t.appendChild(n),n=me("delete",'<span class="sr-only">'+te("@action:button","Delete")+"</span>",function(){Qd(e.id)},["btn","btn-danger","ms-auto","py-1","rounded-e-md"]),t.appendChild(n),r.appendChild(t)}st("draftslist",r)}else st("draftslist",ft("<p>"+te("Placeholder","No draft found")+"</p>"))}function jt(r,e){console.log(r,e),x&&x.send(JSON.stringify({command:"log",arguments:{message:r,args:JSON.stringify(e)}}))}function Ct(r){x.send(JSON.stringify({command:r,arguments:{email:R.context.mailbox.userProfile.emailAddress,displayName:R.context.mailbox.userProfile.displayName,folderId:N.folderId,itemId:R.context.mailbox.convertToEwsId(R.context.mailbox.item.itemId,R.MailboxEnums.RestVersion.v2_0),ewsAccessToken:ye,verifiedNativeClients:Ie}}))}function Gd(){Ct("reencrypt")}function Qs(){Ct("view")}function zd(){Ct("reply")}function qd(){Ct("forward")}function $d(){Ct("composer")}function Vd(r){x.send(JSON.stringify({command:"open-draft",arguments:{id:r,email:R.context.mailbox.userProfile.emailAddress,displayName:R.context.mailbox.userProfile.displayName,ewsAccessToken:ye,verifiedNativeClients:Ie}}))}function Qd(r){x.send(JSON.stringify({command:"delete-draft",arguments:{id:r,email:R.context.mailbox.userProfile.emailAddress,displayName:R.context.mailbox.userProfile.displayName,ewsAccessToken:ye,verifiedNativeClients:Ie}}))}function ct(){N.fetching\|\|Ie.length===0\|\|(N.fetched=!1,N.fetching=!0,pt(),x.send(JSON.stringify({command:"info",arguments:{itemId:R.context.mailbox.convertToEwsId(R.context.mailbox.item.itemId,R.MailboxEnums.RestVersion.v2_0),email:R.context.mailbox.userProfile.emailAddress,ewsAccessToken:ye,verifiedNativeClients:Ie}})))}function Yd(r){Pe.splice(Pe.findIndex(e=>e.id===r),1),Ie.push(r),localStorage.setItem("verifiedNativeClients",Ie.join(";")),ct(),zo()}function jd(r){Pe.splice(Pe.findIndex(e=>e.id===r),1),zo()}function Wd(r){const e=new Date(r*1e3);let t=new Date;return new Date(e).setHours(0,0,0,0)===t.setHours(0,0,0,0)?e.toLocaleTimeString([],{hour:"numeric",minute:"numeric"}):e.toLocaleDateString()}async function Jd(r){R.context.mailbox.makeEwsRequestAsync(r.arguments.body,e=>{if(e.error){jt("Error while trying to send email via EWS",{error:e.error,value:e.value});return}jt("Email sent",{value:e.value}),x.send(JSON.stringify({command:"ews-response",arguments:{requestId:r.arguments.requestId,email:R.context.mailbox.userProfile.emailAddress,body:e.value}}))})}function Ys(){console.log("Set socket",x),!(x&&x.readyState===WebSocket.OPEN)&&(console.log("Set socket"),x=new WebSocket("wss://"+window.location.host+"/websocket"),x.addEventListener("open",r=>{we(""),x.send(JSON.stringify({command:"register",arguments:{emails:[R.context.mailbox.userProfile.emailAddress],type:"webclient"}})),x.send(JSON.stringify({command:"restore-autosave",arguments:{email:R.context.mailbox.userProfile.emailAddress,displayName:R.context.mailbox.userProfile.displayName,ewsAccessToken:ye}})),ct()}),x.addEventListener("close",r=>{we(J("Native client was disconnected, reconnecting in 1 second.")),console.log(r.reason),setTimeout(function(){Ys()},1e3)}),x.addEventListener("error",r=>{we(J("Native client received an error")),x.close()}),x.addEventListener("message",function(r){const{data:e}=r,t=JSON.parse(e);switch(jt("Received message from server",{command:t.command}),t.command){case"ews":Jd(t);break;case"error":we(t.arguments.error);break;case"status-update":vr=t.arguments.viewerOpen,N.drafts=t.arguments.drafts,N.features=t.arguments.features,pt();break;case"disconnection":we(J("Native client was disconnected"));break;case"connection":if(we(""),Ie.includes(t.arguments.id))ct();else{if(Pe.findIndex(c=>c.id===t.arguments.id)>=0)break;Pe.push({id:t.arguments.id,name:t.arguments.name}),zo()}break;case"info-fetched":console.log(t.arguments);const{itemId:n,folderId:o,encrypted:i,signed:s,version:a}=t.arguments;if(N.fetching=!1,n===R.context.mailbox.convertToEwsId(R.context.mailbox.item.itemId,R.MailboxEnums.RestVersion.v2_0)){N.fetched=!0,N.encrypted=i,N.signed=s,N.folderId=o,vr&&Qs();let d=new URLSearchParams(document.location.search).get("version");a!==d&&Vs("versionbox",te("@info","Version mismatch. Make sure you installed the last manifest.xml."),"warning")}else N.fetched=!1,jt("Received info for wrong email",{itemId:n,currentItemId:R.context.mailbox.convertToEwsId(R.context.mailbox.item.itemId,R.MailboxEnums.RestVersion.v2_0)}),ct();pt()}}))}async function Xd(){vn=await Hd({auth:{clientId:"1d6f4a59-be04-4274-8793-71b4c081eb72",authority:"https://login.microsoftonline.com/common"}});{const r={scopes:["https://outlook.office365.com/EWS.AccessAsUser.All"]};try{console.log("Trying to acquire token silently...");const e=await vn.acquireTokenSilent(r);console.log("Acquired token silently."),ye=e.accessToken}catch(e){console.log(`Unable to acquire token silently: ${e}`)}if(ye===null)try{console.log("Trying to acquire token interactively...");const e=await vn.acquireTokenPopup(r);console.log("Acquired token interactively."),ye=e.accessToken}catch(e){console.error(`Unable to acquire token interactively: ${e}`)}ye===null&&we(J("Unable to acquire access token."))}}
	+${s}`);return}throw Ui(e.error,e.error_description,e.suberror)?new ne(e.error,e.error_description,e.suberror,e.timestamp\|\|g.EMPTY_STRING,e.trace_id\|\|g.EMPTY_STRING,e.correlation_id\|\|g.EMPTY_STRING,e.claims\|\|g.EMPTY_STRING,i):s}}async handleServerTokenResponse(e,t,n,o,i,s,a,c,d){var E;(E=this.performanceClient)==null\|\|E.addQueueMeasurement(l.HandleServerTokenResponse,e.correlation_id);let h;if(e.id_token){if(h=be(e.id_token\|\|g.EMPTY_STRING,this.cryptoObj.base64Decode),i&&i.nonce&&h.nonce!==i.nonce)throw p(Nr);if(o.maxAge\|\|o.maxAge===0){const w=h.auth_time;if(!w)throw p(Vn);Vr(w,o.maxAge)}}this.homeAccountIdentifier=q.generateHomeAccountId(e.client_info\|\|g.EMPTY_STRING,t.authorityType,this.logger,this.cryptoObj,h);let u;i&&i.state&&(u=Ze.parseRequestState(this.cryptoObj,i.state)),e.key_id=e.key_id\|\|o.sshKid\|\|void 0;const m=this.generateCacheRecord(e,t,n,o,h,s,i);let A;try{if(this.persistencePlugin&&this.serializableCache&&(this.logger.verbose("Persistence enabled, calling beforeCacheAccess"),A=new Qc(this.serializableCache,!0),await this.persistencePlugin.beforeCacheAccess(A)),a&&!c&&m.account){const w=m.account.generateAccountKey();if(!this.cacheStorage.getAccount(w))return this.logger.warning("Account used to refresh tokens not in persistence, refreshed tokens will not be stored in the cache"),await Fe.generateAuthenticationResult(this.cryptoObj,t,m,!1,o,h,u,void 0,d)}await this.cacheStorage.saveCacheRecord(m,o.correlationId,o.storeInCache)}finally{this.persistencePlugin&&this.serializableCache&&A&&(this.logger.verbose("Persistence enabled, calling afterCacheAccess"),await this.persistencePlugin.afterCacheAccess(A))}return Fe.generateAuthenticationResult(this.cryptoObj,t,m,!1,o,h,u,e,d)}generateCacheRecord(e,t,n,o,i,s,a){const c=t.getPreferredCache();if(!c)throw p(Yn);const d=li(i);let h,u;e.id_token&&i&&(h=Jt(this.homeAccountIdentifier,c,e.id_token,this.clientId,d\|\|""),u=mo(this.cacheStorage,t,this.homeAccountIdentifier,this.cryptoObj.base64Decode,i,e.client_info,c,d,a,void 0,this.logger));let m=null;if(e.access_token){const w=e.scope?M.fromString(e.scope):new M(o.scopes\|\|[]),D=(typeof e.expires_in=="string"?parseInt(e.expires_in,10):e.expires_in)\|\|0,W=(typeof e.ext_expires_in=="string"?parseInt(e.ext_expires_in,10):e.ext_expires_in)\|\|0,ee=(typeof e.refresh_in=="string"?parseInt(e.refresh_in,10):e.refresh_in)\|\|void 0,Ee=n+D,yt=Ee+W,Tt=ee&&ee>0?n+ee:void 0;m=Xt(this.homeAccountIdentifier,c,e.access_token,this.clientId,d\|\|t.tenant\|\|"",w.printScopes(),Ee,yt,this.cryptoObj.base64Decode,Tt,e.token_type,s,e.key_id,o.claims,o.requestedClaimsHash)}let A=null;if(e.refresh_token){let w;if(e.refresh_token_expires_in){const D=typeof e.refresh_token_expires_in=="string"?parseInt(e.refresh_token_expires_in,10):e.refresh_token_expires_in;w=n+D}A=Yr(this.homeAccountIdentifier,c,e.refresh_token,this.clientId,e.foci,s,w)}let E=null;return e.foci&&(E={clientId:this.clientId,environment:c,familyId:e.foci}),{account:u,idToken:h,accessToken:m,refreshToken:A,appMetadata:E}}static async generateAuthenticationResult(e,t,n,o,i,s,a,c,d){var Ee,yt,Tt,zo,qo;let h=g.EMPTY_STRING,u=[],m=null,A,E,w=g.EMPTY_STRING;if(n.accessToken){if(n.accessToken.tokenType===_.POP&&!i.popKid){const Qs=new We(e),{secret:Ys,keyId:$o}=n.accessToken;if(!$o)throw p(jn);h=await Qs.signPopToken(Ys,$o,i)}else h=n.accessToken.secret;u=M.fromString(n.accessToken.target).asArray(),m=Te(n.accessToken.expiresOn),A=Te(n.accessToken.extendedExpiresOn),n.accessToken.refreshOn&&(E=Te(n.accessToken.refreshOn))}n.appMetadata&&(w=n.appMetadata.familyId===it?it:"");const D=(s==null?void 0:s.oid)\|\|(s==null?void 0:s.sub)\|\|"",W=(s==null?void 0:s.tid)\|\|"";c!=null&&c.spa_accountid&&n.account&&(n.account.nativeAccountId=c==null?void 0:c.spa_accountid);const ee=n.account?to(n.account.getAccountInfo(),void 0,s,(Ee=n.idToken)==null?void 0:Ee.secret):null;return{authority:t.canonicalAuthority,uniqueId:D,tenantId:W,scopes:u,account:ee,idToken:((yt=n==null?void 0:n.idToken)==null?void 0:yt.secret)\|\|"",idTokenClaims:s\|\|{},accessToken:h,fromCache:o,expiresOn:m,extExpiresOn:A,refreshOn:E,correlationId:i.correlationId,requestId:d\|\|g.EMPTY_STRING,familyId:w,tokenType:((Tt=n.accessToken)==null?void 0:Tt.tokenType)\|\|g.EMPTY_STRING,state:a?a.userRequestState:g.EMPTY_STRING,cloudGraphHostName:((zo=n.account)==null?void 0:zo.cloudGraphHostName)\|\|g.EMPTY_STRING,msGraphHost:((qo=n.account)==null?void 0:qo.msGraphHost)\|\|g.EMPTY_STRING,code:c==null?void 0:c.spa_code,fromNativeBroker:!1}}}function mo(r,e,t,n,o,i,s,a,c,d,h){h==null\|\|h.verbose("setCachedAccount called");const m=r.getAccountKeys().find(W=>W.startsWith(t));let A=null;m&&(A=r.getAccount(m));const E=A\|\|q.createAccount({homeAccountId:t,idTokenClaims:o,clientInfo:i,environment:s,cloudGraphHostName:c==null?void 0:c.cloud_graph_host_name,msGraphHost:c==null?void 0:c.msgraph_host,nativeAccountId:d},e,n),w=E.tenantProfiles\|\|[],D=a\|\|E.realm;if(D&&!w.find(W=>W.tenantId===D)){const W=nn(t,E.localAccountId,D,o);w.push(W)}return E.tenantProfiles=w,E}/! @azure/msal-common v15.4.0 2025-03-25 /class Yc{static validateRedirectUri(e){if(!e)throw b(jr)}static validatePrompt(e){const t=[];for(const n in K)t.push(K[n]);if(t.indexOf(e)<0)throw b(Zr)}static validateClaims(e){try{JSON.parse(e)}catch{throw b(Zt)}}static validateCodeChallengeParams(e,t){if(!e\|\|!t)throw b(en);this.validateCodeChallengeMethod(t)}static validateCodeChallengeMethod(e){if([Yo.PLAIN,Yo.S256].indexOf(e)<0)throw b(ni)}}/! @azure/msal-common v15.4.0 2025-03-25 /async function Li(r,e,t){return typeof r=="string"?r:r({clientId:e,tokenEndpoint:t})}/! @azure/msal-common v15.4.0 2025-03-25 /class Hi extends fo{constructor(e,t){var n;super(e,t),this.includeRedirectUri=!0,this.oidcDefaultScopes=(n=this.config.authOptions.authority.options.OIDCOptions)==null?void 0:n.defaultScopes}async acquireToken(e,t){var a,c;if((a=this.performanceClient)==null\|\|a.addQueueMeasurement(l.AuthClientAcquireToken,e.correlationId),!e.code)throw p(Lr);const n=j(),o=await f(this.executeTokenRequest.bind(this),l.AuthClientExecuteTokenRequest,this.logger,this.performanceClient,e.correlationId)(this.authority,e),i=(c=o.headers)==null?void 0:c[V.X_MS_REQUEST_ID],s=new Fe(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.config.serializableCache,this.config.persistencePlugin,this.performanceClient);return s.validateTokenResponse(o.body),f(s.handleServerTokenResponse.bind(s),l.HandleServerTokenResponse,this.logger,this.performanceClient,e.correlationId)(o.body,this.authority,n,e,t,void 0,void 0,void 0,i)}getLogoutUri(e){if(!e)throw b(ti);const t=this.createLogoutUrlQueryString(e);return S.appendQueryString(this.authority.endSessionEndpoint,t)}async executeTokenRequest(e,t){var d;(d=this.performanceClient)==null\|\|d.addQueueMeasurement(l.AuthClientExecuteTokenRequest,t.correlationId);const n=this.createTokenQueryParameters(t),o=S.appendQueryString(e.tokenEndpoint,n),i=await f(this.createTokenRequestBody.bind(this),l.AuthClientCreateTokenRequestBody,this.logger,this.performanceClient,t.correlationId)(t);let s;if(t.clientInfo)try{const h=Dt(t.clientInfo,this.cryptoUtils.base64Decode);s={credential:`${h.uid}${z.CLIENT_INFO_SEPARATOR}${h.utid}`,type:re.HOME_ACCOUNT_ID}}catch(h){this.logger.verbose("Could not parse client info for CCS Header: "+h)}const a=this.createTokenRequestHeaders(s\|\|t.ccsCredential),c=an(this.config.authOptions.clientId,t);return f(this.executePostToTokenEndpoint.bind(this),l.AuthorizationCodeClientExecutePostToTokenEndpoint,this.logger,this.performanceClient,t.correlationId)(o,i,a,c,t.correlationId,l.AuthorizationCodeClientExecutePostToTokenEndpoint)}async createTokenRequestBody(e){var o,i;(o=this.performanceClient)==null\|\|o.addQueueMeasurement(l.AuthClientCreateTokenRequestBody,e.correlationId);const t=new Map;if(io(t,e.embeddedClientId\|\|((i=e.tokenBodyParameters)==null?void 0:i[xe])\|\|this.config.authOptions.clientId),this.includeRedirectUri?so(t,e.redirectUri):Yc.validateRedirectUri(e.redirectUri),ro(t,e.scopes,!0,this.oidcDefaultScopes),Pc(t,e.code),lo(t,this.config.libraryInfo),ho(t,this.config.telemetry.application),bi(t),this.serverTelemetryManager&&!pi(this.config)&&Ri(t,this.serverTelemetryManager),e.codeVerifier&&Mc(t,e.codeVerifier),this.config.clientCredentials.clientSecret&&Ii(t,this.config.clientCredentials.clientSecret),this.config.clientCredentials.clientAssertion){const s=this.config.clientCredentials.clientAssertion;Ei(t,await Li(s.assertion,this.config.authOptions.clientId,e.resourceRequestUri)),wi(t,s.assertionType)}if(vi(t,Sr.AUTHORIZATION_CODE_GRANT),uo(t),e.authenticationScheme===_.POP){const s=new We(this.cryptoUtils,this.performanceClient);let a;e.popKid?a=this.cryptoUtils.encodeKid(e.popKid):a=(await f(s.generateCnf.bind(s),l.PopTokenGenerateCnf,this.logger,this.performanceClient,e.correlationId)(e,this.logger)).reqCnfString,go(t,a)}else if(e.authenticationScheme===_.SSH)if(e.sshJwk)_i(t,e.sshJwk);else throw b(tn);(!ie.isEmptyObj(e.claims)\|\|this.config.authOptions.clientCapabilities&&this.config.authOptions.clientCapabilities.length>0)&&ao(t,e.claims,this.config.authOptions.clientCapabilities);let n;if(e.clientInfo)try{const s=Dt(e.clientInfo,this.cryptoUtils.base64Decode);n={credential:`${s.uid}${z.CLIENT_INFO_SEPARATOR}${s.utid}`,type:re.HOME_ACCOUNT_ID}}catch(s){this.logger.verbose("Could not parse client info for CCS Header: "+s)}else n=e.ccsCredential;if(this.config.systemOptions.preventCorsPreflight&&n)switch(n.type){case re.HOME_ACCOUNT_ID:try{const s=Qe(n.credential);ct(t,s)}catch(s){this.logger.verbose("Could not parse home account ID for CCS Header: "+s)}break;case re.UPN:Gt(t,n.credential);break}return e.embeddedClientId&&rn(t,this.config.authOptions.clientId,this.config.authOptions.redirectUri),e.tokenBodyParameters&&He(t,e.tokenBodyParameters),e.enableSpaAuthorizationCode&&(!e.tokenBodyParameters\|\|!e.tokenBodyParameters[rr])&&He(t,{[rr]:"1"}),on(t,e.correlationId,this.performanceClient),ut(t)}createLogoutUrlQueryString(e){const t=new Map;return e.postLogoutRedirectUri&&Sc(t,e.postLogoutRedirectUri),e.correlationId&&co(t,e.correlationId),e.idTokenHint&&kc(t,e.idTokenHint),e.state&&Ai(t,e.state),e.logoutHint&&Uc(t,e.logoutHint),e.extraQueryParameters&&He(t,e.extraQueryParameters),this.config.authOptions.instanceAware&&Si(t),ut(t)}}/! @azure/msal-common v15.4.0 2025-03-25 /const jc=300;class Wc extends fo{constructor(e,t){super(e,t)}async acquireToken(e){var s,a;(s=this.performanceClient)==null\|\|s.addQueueMeasurement(l.RefreshTokenClientAcquireToken,e.correlationId);const t=j(),n=await f(this.executeTokenRequest.bind(this),l.RefreshTokenClientExecuteTokenRequest,this.logger,this.performanceClient,e.correlationId)(e,this.authority),o=(a=n.headers)==null?void 0:a[V.X_MS_REQUEST_ID],i=new Fe(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.config.serializableCache,this.config.persistencePlugin);return i.validateTokenResponse(n.body),f(i.handleServerTokenResponse.bind(i),l.HandleServerTokenResponse,this.logger,this.performanceClient,e.correlationId)(n.body,this.authority,t,e,void 0,void 0,!0,e.forceCache,o)}async acquireTokenByRefreshToken(e){var n;if(!e)throw b(ei);if((n=this.performanceClient)==null\|\|n.addQueueMeasurement(l.RefreshTokenClientAcquireTokenByRefreshToken,e.correlationId),!e.account)throw p(Qn);if(this.cacheManager.isAppMetadataFOCI(e.account.environment))try{return await f(this.acquireTokenWithCachedRefreshToken.bind(this),l.RefreshTokenClientAcquireTokenWithCachedRefreshToken,this.logger,this.performanceClient,e.correlationId)(e,!0)}catch(o){const i=o instanceof ne&&o.errorCode===zt,s=o instanceof Ne&&o.errorCode===jo.INVALID_GRANT_ERROR&&o.subError===jo.CLIENT_MISMATCH_ERROR;if(i\|\|s)return f(this.acquireTokenWithCachedRefreshToken.bind(this),l.RefreshTokenClientAcquireTokenWithCachedRefreshToken,this.logger,this.performanceClient,e.correlationId)(e,!1);throw o}return f(this.acquireTokenWithCachedRefreshToken.bind(this),l.RefreshTokenClientAcquireTokenWithCachedRefreshToken,this.logger,this.performanceClient,e.correlationId)(e,!1)}async acquireTokenWithCachedRefreshToken(e,t){var i,s,a;(i=this.performanceClient)==null\|\|i.addQueueMeasurement(l.RefreshTokenClientAcquireTokenWithCachedRefreshToken,e.correlationId);const n=ae(this.cacheManager.getRefreshToken.bind(this.cacheManager),l.CacheManagerGetRefreshToken,this.logger,this.performanceClient,e.correlationId)(e.account,t,void 0,this.performanceClient,e.correlationId);if(!n)throw Pn(zt);if(n.expiresOn&&Ht(n.expiresOn,e.refreshTokenExpirationOffsetSeconds\|\|jc))throw(s=this.performanceClient)==null\|\|s.addFields({rtExpiresOnMs:Number(n.expiresOn)},e.correlationId),Pn(po);const o={...e,refreshToken:n.secret,authenticationScheme:e.authenticationScheme\|\|_.BEARER,ccsCredential:{credential:e.account.homeAccountId,type:re.HOME_ACCOUNT_ID}};try{return await f(this.acquireToken.bind(this),l.RefreshTokenClientAcquireToken,this.logger,this.performanceClient,e.correlationId)(o)}catch(c){if(c instanceof ne&&((a=this.performanceClient)==null\|\|a.addFields({rtExpiresOnMs:Number(n.expiresOn)},e.correlationId),c.subError===ln)){this.logger.verbose("acquireTokenWithRefreshToken: bad refresh token, removing from cache");const d=at(n);this.cacheManager.removeRefreshToken(d)}throw c}}async executeTokenRequest(e,t){var c;(c=this.performanceClient)==null\|\|c.addQueueMeasurement(l.RefreshTokenClientExecuteTokenRequest,e.correlationId);const n=this.createTokenQueryParameters(e),o=S.appendQueryString(t.tokenEndpoint,n),i=await f(this.createTokenRequestBody.bind(this),l.RefreshTokenClientCreateTokenRequestBody,this.logger,this.performanceClient,e.correlationId)(e),s=this.createTokenRequestHeaders(e.ccsCredential),a=an(this.config.authOptions.clientId,e);return f(this.executePostToTokenEndpoint.bind(this),l.RefreshTokenClientExecutePostToTokenEndpoint,this.logger,this.performanceClient,e.correlationId)(o,i,s,a,e.correlationId,l.RefreshTokenClientExecutePostToTokenEndpoint)}async createTokenRequestBody(e){var n,o,i;(n=this.performanceClient)==null\|\|n.addQueueMeasurement(l.RefreshTokenClientCreateTokenRequestBody,e.correlationId);const t=new Map;if(io(t,e.embeddedClientId\|\|((o=e.tokenBodyParameters)==null?void 0:o[xe])\|\|this.config.authOptions.clientId),e.redirectUri&&so(t,e.redirectUri),ro(t,e.scopes,!0,(i=this.config.authOptions.authority.options.OIDCOptions)==null?void 0:i.defaultScopes),vi(t,Sr.REFRESH_TOKEN_GRANT),uo(t),lo(t,this.config.libraryInfo),ho(t,this.config.telemetry.application),bi(t),this.serverTelemetryManager&&!pi(this.config)&&Ri(t,this.serverTelemetryManager),Nc(t,e.refreshToken),this.config.clientCredentials.clientSecret&&Ii(t,this.config.clientCredentials.clientSecret),this.config.clientCredentials.clientAssertion){const s=this.config.clientCredentials.clientAssertion;Ei(t,await Li(s.assertion,this.config.authOptions.clientId,e.resourceRequestUri)),wi(t,s.assertionType)}if(e.authenticationScheme===_.POP){const s=new We(this.cryptoUtils,this.performanceClient);let a;e.popKid?a=this.cryptoUtils.encodeKid(e.popKid):a=(await f(s.generateCnf.bind(s),l.PopTokenGenerateCnf,this.logger,this.performanceClient,e.correlationId)(e,this.logger)).reqCnfString,go(t,a)}else if(e.authenticationScheme===_.SSH)if(e.sshJwk)_i(t,e.sshJwk);else throw b(tn);if((!ie.isEmptyObj(e.claims)\|\|this.config.authOptions.clientCapabilities&&this.config.authOptions.clientCapabilities.length>0)&&ao(t,e.claims,this.config.authOptions.clientCapabilities),this.config.systemOptions.preventCorsPreflight&&e.ccsCredential)switch(e.ccsCredential.type){case re.HOME_ACCOUNT_ID:try{const s=Qe(e.ccsCredential.credential);ct(t,s)}catch(s){this.logger.verbose("Could not parse home account ID for CCS Header: "+s)}break;case re.UPN:Gt(t,e.ccsCredential.credential);break}return e.embeddedClientId&&rn(t,this.config.authOptions.clientId,this.config.authOptions.redirectUri),e.tokenBodyParameters&&He(t,e.tokenBodyParameters),on(t,e.correlationId,this.performanceClient),ut(t)}}/! @azure/msal-common v15.4.0 2025-03-25 /class Jc extends fo{constructor(e,t){super(e,t)}async acquireCachedToken(e){var c;(c=this.performanceClient)==null\|\|c.addQueueMeasurement(l.SilentFlowClientAcquireCachedToken,e.correlationId);let t=Me.NOT_APPLICABLE;if(e.forceRefresh\|\|!this.config.cacheOptions.claimsBasedCachingEnabled&&!ie.isEmptyObj(e.claims))throw this.setCacheOutcome(Me.FORCE_REFRESH_OR_CLAIMS,e.correlationId),p(_e);if(!e.account)throw p(Qn);const n=e.account.tenantId\|\|Kc(e.authority),o=this.cacheManager.getTokenKeys(),i=this.cacheManager.getAccessToken(e.account,e,o,n,this.performanceClient,e.correlationId);if(i){if(Qr(i.cachedAt)\|\|Ht(i.expiresOn,this.config.systemOptions.tokenRenewalOffsetSeconds))throw this.setCacheOutcome(Me.CACHED_ACCESS_TOKEN_EXPIRED,e.correlationId),p(_e);i.refreshOn&&Ht(i.refreshOn,0)&&(t=Me.PROACTIVELY_REFRESHED)}else throw this.setCacheOutcome(Me.NO_CACHED_ACCESS_TOKEN,e.correlationId),p(_e);const s=e.authority\|\|this.authority.getPreferredCache(),a={account:this.cacheManager.readAccountFromCache(e.account),accessToken:i,idToken:this.cacheManager.getIdToken(e.account,o,n,this.performanceClient,e.correlationId),refreshToken:null,appMetadata:this.cacheManager.readAppMetadataFromCache(s)};return this.setCacheOutcome(t,e.correlationId),this.config.serverTelemetryManager&&this.config.serverTelemetryManager.incrementCacheHits(),[await f(this.generateResultFromCacheRecord.bind(this),l.SilentFlowClientGenerateResultFromCacheRecord,this.logger,this.performanceClient,e.correlationId)(a,e),t]}setCacheOutcome(e,t){var n,o;(n=this.serverTelemetryManager)==null\|\|n.setCacheOutcome(e),(o=this.performanceClient)==null\|\|o.addFields({cacheOutcome:e},t),e!==Me.NOT_APPLICABLE&&this.logger.info(`Token refresh is required due to cache outcome: ${e}`)}async generateResultFromCacheRecord(e,t){var o;(o=this.performanceClient)==null\|\|o.addQueueMeasurement(l.SilentFlowClientGenerateResultFromCacheRecord,t.correlationId);let n;if(e.idToken&&(n=be(e.idToken.secret,this.config.cryptoInterface.base64Decode)),t.maxAge\|\|t.maxAge===0){const i=n==null?void 0:n.auth_time;if(!i)throw p(Vn);Vr(i,t.maxAge)}return Fe.generateAuthenticationResult(this.cryptoUtils,this.authority,e,!0,t,n)}}/! @azure/msal-common v15.4.0 2025-03-25 /const Xc={sendGetRequestAsync:()=>Promise.reject(p(v)),sendPostRequestAsync:()=>Promise.reject(p(v))};/! @azure/msal-common v15.4.0 2025-03-25 /function Zc(r,e,t,n){var a,c;const o=e.correlationId,i=new Map;io(i,e.embeddedClientId\|\|((a=e.extraQueryParameters)==null?void 0:a[xe])\|\|r.clientId);const s=[...e.scopes\|\|[],...e.extraScopesToConsent\|\|[]];if(ro(i,s,!0,(c=r.authority.options.OIDCOptions)==null?void 0:c.defaultScopes),so(i,e.redirectUri),co(i,o),wc(i,e.responseMode),uo(i),e.prompt&&(Rc(i,e.prompt),n==null\|\|n.addFields({prompt:e.prompt},o)),e.domainHint&&(_c(i,e.domainHint),n==null\|\|n.addFields({domainHintFromRequest:!0},o)),e.prompt!==K.SELECT_ACCOUNT)if(e.sid&&e.prompt===K.NONE)t.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from request"),ir(i,e.sid),n==null\|\|n.addFields({sidFromRequest:!0},o);else if(e.account){const d=nl(e.account);let h=ol(e.account);if(h&&e.domainHint&&(t.warning('AuthorizationCodeClient.createAuthCodeUrlQueryString: "domainHint" param is set, skipping opaque "login_hint" claim. Please consider not passing domainHint'),h=null),h){t.verbose("createAuthCodeUrlQueryString: login_hint claim present on account"),St(i,h),n==null\|\|n.addFields({loginHintFromClaim:!0},o);try{const u=Qe(e.account.homeAccountId);ct(i,u)}catch{t.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header")}}else if(d&&e.prompt===K.NONE){t.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from account"),ir(i,d),n==null\|\|n.addFields({sidFromClaim:!0},o);try{const u=Qe(e.account.homeAccountId);ct(i,u)}catch{t.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header")}}else if(e.loginHint)t.verbose("createAuthCodeUrlQueryString: Adding login_hint from request"),St(i,e.loginHint),Gt(i,e.loginHint),n==null\|\|n.addFields({loginHintFromRequest:!0},o);else if(e.account.username){t.verbose("createAuthCodeUrlQueryString: Adding login_hint from account"),St(i,e.account.username),n==null\|\|n.addFields({loginHintFromUpn:!0},o);try{const u=Qe(e.account.homeAccountId);ct(i,u)}catch{t.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header")}}}else e.loginHint&&(t.verbose("createAuthCodeUrlQueryString: No account, adding login_hint from request"),St(i,e.loginHint),Gt(i,e.loginHint),n==null\|\|n.addFields({loginHintFromRequest:!0},o));else t.verbose("createAuthCodeUrlQueryString: Prompt is select_account, ignoring account hints");return e.nonce&&bc(i,e.nonce),e.state&&Ai(i,e.state),(e.claims\|\|r.clientCapabilities&&r.clientCapabilities.length>0)&&ao(i,e.claims,r.clientCapabilities),e.embeddedClientId&&rn(i,r.clientId,r.redirectUri),r.instanceAware&&(!e.extraQueryParameters\|\|!Object.keys(e.extraQueryParameters).includes(On))&&Si(i),i}function Di(r,e){const t=ut(e);return S.appendQueryString(r.authorizationEndpoint,t)}function el(r,e){if(xi(r,e),!r.code)throw p(Kr);return r}function xi(r,e){if(!r.state\|\|!e)throw r.state?p(vn,"Cached State"):p(vn,"Server State");let t,n;try{t=decodeURIComponent(r.state)}catch{throw p(je,r.state)}try{n=decodeURIComponent(e)}catch{throw p(je,r.state)}if(t!==n)throw p(Pr);if(r.error\|\|r.error_description\|\|r.suberror){const o=tl(r);throw Ui(r.error,r.error_description,r.suberror)?new ne(r.error\|\|"",r.error_description,r.suberror,r.timestamp\|\|"",r.trace_id\|\|"",r.correlation_id\|\|"",r.claims\|\|"",o):new Ne(r.error\|\|"",r.error_description,r.suberror,o)}}function tl(r){var n,o;const e="code=",t=(n=r.error_uri)==null?void 0:n.lastIndexOf(e);return t&&t>=0?(o=r.error_uri)==null?void 0:o.substring(t+e.length):void 0}function nl(r){var e;return((e=r.idTokenClaims)==null?void 0:e.sid)\|\|null}function ol(r){var e;return((e=r.idTokenClaims)==null?void 0:e.login_hint)\|\|null}/! @azure/msal-common v15.4.0 2025-03-25 /const cr=",",Fi="\|";function rl(r){const{skus:e,libraryName:t,libraryVersion:n,extensionName:o,extensionVersion:i}=r,s=new Map([[0,[t,n]],[2,[o,i]]]);let a=[];if(e!=null&&e.length){if(a=e.split(cr),a.length<4)return e}else a=Array.from({length:4},()=>Fi);return s.forEach((c,d)=>{var h,u;c.length===2&&((h=c[0])!=null&&h.length)&&((u=c[1])!=null&&u.length)&&il({skuArr:a,index:d,skuName:c[0],skuVersion:c[1]})}),a.join(cr)}function il(r){const{skuArr:e,index:t,skuName:n,skuVersion:o}=r;t>=e.length\|\|(e[t]=[n,o].join(Fi))}class gt{constructor(e,t){this.cacheOutcome=Me.NOT_APPLICABLE,this.cacheManager=t,this.apiId=e.apiId,this.correlationId=e.correlationId,this.wrapperSKU=e.wrapperSKU\|\|g.EMPTY_STRING,this.wrapperVer=e.wrapperVer\|\|g.EMPTY_STRING,this.telemetryCacheKey=F.CACHE_KEY+z.CACHE_KEY_SEPARATOR+e.clientId}generateCurrentRequestHeaderValue(){const e=`${this.apiId}${F.VALUE_SEPARATOR}${this.cacheOutcome}`,t=[this.wrapperSKU,this.wrapperVer],n=this.getNativeBrokerErrorCode();n!=null&&n.length&&t.push(`broker_error=${n}`);const o=t.join(F.VALUE_SEPARATOR),i=this.getRegionDiscoveryFields(),s=[e,i].join(F.VALUE_SEPARATOR);return[F.SCHEMA_VERSION,s,o].join(F.CATEGORY_SEPARATOR)}generateLastRequestHeaderValue(){const e=this.getLastRequests(),t=gt.maxErrorsToSend(e),n=e.failedRequests.slice(0,2t).join(F.VALUE_SEPARATOR),o=e.errors.slice(0,t).join(F.VALUE_SEPARATOR),i=e.errors.length,s=t<i?F.OVERFLOW_TRUE:F.OVERFLOW_FALSE,a=[i,s].join(F.VALUE_SEPARATOR);return[F.SCHEMA_VERSION,e.cacheHits,n,o,a].join(F.CATEGORY_SEPARATOR)}cacheFailedRequest(e){const t=this.getLastRequests();t.errors.length>=F.MAX_CACHED_ERRORS&&(t.failedRequests.shift(),t.failedRequests.shift(),t.errors.shift()),t.failedRequests.push(this.apiId,this.correlationId),e instanceof Error&&e&&e.toString()?e instanceof R?e.subError?t.errors.push(e.subError):e.errorCode?t.errors.push(e.errorCode):t.errors.push(e.toString()):t.errors.push(e.toString()):t.errors.push(F.UNKNOWN_ERROR),this.cacheManager.setServerTelemetry(this.telemetryCacheKey,t)}incrementCacheHits(){const e=this.getLastRequests();return e.cacheHits+=1,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,e),e.cacheHits}getLastRequests(){const e={failedRequests:[],errors:[],cacheHits:0};return this.cacheManager.getServerTelemetry(this.telemetryCacheKey)\|\|e}clearTelemetryCache(){const e=this.getLastRequests(),t=gt.maxErrorsToSend(e),n=e.errors.length;if(t===n)this.cacheManager.removeItem(this.telemetryCacheKey);else{const o={failedRequests:e.failedRequests.slice(t2),errors:e.errors.slice(t),cacheHits:0};this.cacheManager.setServerTelemetry(this.telemetryCacheKey,o)}}static maxErrorsToSend(e){let t,n=0,o=0;const i=e.errors.length;for(t=0;t<i;t++){const s=e.failedRequests[2t]\|\|g.EMPTY_STRING,a=e.failedRequests[2t+1]\|\|g.EMPTY_STRING,c=e.errors[t]\|\|g.EMPTY_STRING;if(o+=s.toString().length+a.toString().length+c.length+3,o<F.MAX_LAST_HEADER_BYTES)n+=1;else break}return n}getRegionDiscoveryFields(){const e=[];return e.push(this.regionUsed\|\|g.EMPTY_STRING),e.push(this.regionSource\|\|g.EMPTY_STRING),e.push(this.regionOutcome\|\|g.EMPTY_STRING),e.join(",")}updateRegionDiscoveryMetadata(e){this.regionUsed=e.region_used,this.regionSource=e.region_source,this.regionOutcome=e.region_outcome}setCacheOutcome(e){this.cacheOutcome=e}setNativeBrokerErrorCode(e){const t=this.getLastRequests();t.nativeBrokerErrorCode=e,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,t)}getNativeBrokerErrorCode(){return this.getLastRequests().nativeBrokerErrorCode}clearNativeBrokerErrorCode(){const e=this.getLastRequests();delete e.nativeBrokerErrorCode,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,e)}static makeExtraSkuString(e){return rl(e)}}/! @azure/msal-common v15.4.0 2025-03-25 /const Ki="missing_kid_error",Bi="missing_alg_error";/! @azure/msal-common v15.4.0 2025-03-25 /const sl={[Ki]:"The JOSE Header for the requested JWT, JWS or JWK object requires a keyId to be configured as the 'kid' header claim. No 'kid' value was provided.",[Bi]:"The JOSE Header for the requested JWT, JWS or JWK object requires an algorithm to be specified as the 'alg' header claim. No 'alg' value was provided."};class Co extends R{constructor(e,t){super(e,t),this.name="JoseHeaderError",Object.setPrototypeOf(this,Co.prototype)}}function lr(r){return new Co(r,sl[r])}/! @azure/msal-common v15.4.0 2025-03-25 /class yo{constructor(e){this.typ=e.typ,this.alg=e.alg,this.kid=e.kid}static getShrHeaderString(e){if(!e.kid)throw lr(Ki);if(!e.alg)throw lr(Bi);const t=new yo({typ:e.typ\|\|Zs.Pop,kid:e.kid,alg:e.alg});return JSON.stringify(t)}}/! @azure/msal-common v15.4.0 2025-03-25 /class dr{startMeasurement(){}endMeasurement(){}flushMeasurement(){return null}}class al{generateId(){return"callback-id"}startMeasurement(e,t){return{end:()=>null,discard:()=>{},add:()=>{},increment:()=>{},event:{eventId:this.generateId(),status:Fc.InProgress,authority:"",libraryName:"",libraryVersion:"",clientId:"",name:e,startTimeMs:Date.now(),correlationId:t\|\|""},measurement:new dr}}startPerformanceMeasurement(){return new dr}calculateQueuedTime(){return 0}addQueueMeasurement(){}setPreQueueTime(){}endMeasurement(){return null}discardMeasurements(){}removePerformanceCallback(){return!0}addPerformanceCallback(){return""}emitEvents(){}addFields(){}incrementFields(){}cacheEventByCorrelationId(){}}/! @azure/msal-browser v4.9.0 2025-03-25 /const To="pkce_not_created",Ao="ear_jwk_empty",Gi="ear_jwe_empty",Nn="crypto_nonexistent",dn="empty_navigate_uri",zi="hash_empty_error",Io="no_state_in_hash",qi="hash_does_not_contain_known_properties",$i="unable_to_parse_state",Vi="state_interaction_type_mismatch",Qi="interaction_in_progress",Yi="popup_window_error",ji="empty_window_error",ft="user_cancelled",cl="monitor_popup_timeout",Wi="monitor_window_timeout",Ji="redirect_in_iframe",Xi="block_iframe_reload",Zi="block_nested_popups",ll="iframe_closed_prematurely",hn="silent_logout_unsupported",es="no_account_error",dl="silent_prompt_value_error",ts="no_token_request_cache_error",ns="unable_to_parse_token_request_cache_error",hl="auth_request_not_set_error",ul="invalid_cache_type",un="non_browser_environment",ze="database_not_open",qt="no_network_connectivity",os="post_request_failed",rs="get_request_failed",Mn="failed_to_parse_response",is="unable_to_load_token",Eo="crypto_key_not_found",ss="auth_code_required",as="auth_code_or_nativeAccountId_required",cs="spa_code_and_nativeAccountId_present",wo="database_unavailable",ls="unable_to_acquire_token_from_native_platform",ds="native_handshake_timeout",hs="native_extension_not_installed",vo="native_connection_not_established",$t="uninitialized_public_client_application",us="native_prompt_not_supported",gs="invalid_base64_string",fs="invalid_pop_token_request",ps="failed_to_build_headers",ms="failed_to_parse_headers",bt="failed_to_decrypt_ear_response";/! @azure/msal-browser v4.9.0 2025-03-25 /const ge="For more visit: aka.ms/msaljs/browser-errors",gl={[To]:"The PKCE code challenge and verifier could not be generated.",[Ao]:"No EAR encryption key provided. This is unexpected.",[Gi]:"Server response does not contain ear_jwe property. This is unexpected.",[Nn]:"The crypto object or function is not available.",[dn]:"Navigation URI is empty. Please check stack trace for more info.",[zi]:`Hash value cannot be processed because it is empty. Please verify that your redirectUri is not clearing the hash. ${ge}`,[Io]:"Hash does not contain state. Please verify that the request originated from msal.",[qi]:`Hash does not contain known properites. Please verify that your redirectUri is not changing the hash. ${ge}`,[$i]:"Unable to parse state. Please verify that the request originated from msal.",[Vi]:"Hash contains state but the interaction type does not match the caller.",[Qi]:`Interaction is currently in progress. Please ensure that this interaction has been completed before calling an interactive API. ${ge}`,[Yi]:"Error opening popup window. This can happen if you are using IE or if popups are blocked in the browser.",[ji]:"window.open returned null or undefined window object.",[ft]:"User cancelled the flow.",[cl]:`Token acquisition in popup failed due to timeout. ${ge}`,[Wi]:`Token acquisition in iframe failed due to timeout. ${ge}`,[Ji]:"Redirects are not supported for iframed or brokered applications. Please ensure you are using MSAL.js in a top frame of the window if using the redirect APIs, or use the popup APIs.",[Xi]:`Request was blocked inside an iframe because MSAL detected an authentication response. ${ge}`,[Zi]:"Request was blocked inside a popup because MSAL detected it was running in a popup.",[ll]:"The iframe being monitored was closed prematurely.",[hn]:"Silent logout not supported. Please call logoutRedirect or logoutPopup instead.",[es]:"No account object provided to acquireTokenSilent and no active account has been set. Please call setActiveAccount or provide an account on the request.",[dl]:"The value given for the prompt value is not valid for silent requests - must be set to 'none' or 'no_session'.",[ts]:"No token request found in cache.",[ns]:"The cached token request could not be parsed.",[hl]:"Auth Request not set. Please ensure initiateAuthRequest was called from the InteractionHandler",[ul]:"Invalid cache type",[un]:"Login and token requests are not supported in non-browser environments.",[ze]:"Database is not open!",[qt]:"No network connectivity. Check your internet connection.",[os]:"Network request failed: If the browser threw a CORS error, check that the redirectUri is registered in the Azure App Portal as type 'SPA'",[rs]:"Network request failed. Please check the network trace to determine root cause.",[Mn]:"Failed to parse network response. Check network trace.",[is]:"Error loading token to cache.",[Eo]:"Cryptographic Key or Keypair not found in browser storage.",[ss]:"An authorization code must be provided (as the `code` property on the request) to this flow.",[as]:"An authorization code or nativeAccountId must be provided to this flow.",[cs]:"Request cannot contain both spa code and native account id.",[wo]:"IndexedDB, which is required for persistent cryptographic key storage, is unavailable. This may be caused by browser privacy features which block persistent storage in third-party contexts.",[ls]:`Unable to acquire token from native platform. ${ge}`,[ds]:"Timed out while attempting to establish connection to browser extension",[hs]:"Native extension is not installed. If you think this is a mistake call the initialize function.",[vo]:`Connection to native platform has not been established. Please install a compatible browser extension and run initialize(). ${ge}`,[$t]:`You must call and await the initialize function before attempting to call any other MSAL API. ${ge}`,[us]:"The provided prompt is not supported by the native platform. This request should be routed to the web based flow.",[gs]:"Invalid base64 encoded string.",[fs]:"Invalid PoP token request. The request should not have both a popKid value and signPopToken set to true.",[ps]:"Failed to build request headers object.",[ms]:"Failed to parse response headers",[bt]:"Failed to decrypt ear response"};class mt extends R{constructor(e,t){super(e,gl[e],t),Object.setPrototypeOf(this,mt.prototype),this.name="BrowserAuthError"}}function C(r,e){return new mt(r,e)}/! @azure/msal-browser v4.9.0 2025-03-25 /const Q={INVALID_GRANT_ERROR:"invalid_grant",POPUP_WIDTH:483,POPUP_HEIGHT:600,POPUP_NAME_PREFIX:"msal",DEFAULT_POLL_INTERVAL_MS:30,MSAL_SKU:"msal.js.browser"},$e={CHANNEL_ID:"53ee284d-920a-4b59-9d30-a60315b26836",PREFERRED_EXTENSION_ID:"ppnbnpeolgkicgegkbkbjmhlideopiji",MATS_TELEMETRY:"MATS"},Le={HandshakeRequest:"Handshake",HandshakeResponse:"HandshakeResponse",GetToken:"GetToken",Response:"Response"},B={LocalStorage:"localStorage",SessionStorage:"sessionStorage",MemoryStorage:"memoryStorage"},hr={GET:"GET",POST:"POST"},U={ORIGIN_URI:"request.origin",URL_HASH:"urlHash",REQUEST_PARAMS:"request.params",VERIFIER:"code.verifier",INTERACTION_STATUS_KEY:"interaction.status",NATIVE_REQUEST:"request.native"},Se={ACCOUNT_KEYS:"msal.account.keys",TOKEN_KEYS:"msal.token.keys"},kt={WRAPPER_SKU:"wrapper.sku",WRAPPER_VER:"wrapper.version"},O={acquireTokenRedirect:861,acquireTokenPopup:862,ssoSilent:863,acquireTokenSilent_authCode:864,handleRedirectPromise:865,acquireTokenByCode:866,acquireTokenSilent_silentFlow:61,logout:961,logoutPopup:962};var T;(function(r){r.Redirect="redirect",r.Popup="popup",r.Silent="silent",r.None="none"})(T\|\|(T={}));const Un={scopes:Be},Cs="jwk",Ln="msal.db",fl=1,pl=`${Ln}.keys`,H={Default:0,AccessToken:1,AccessTokenAndRefreshToken:2,RefreshToken:3,RefreshTokenAndNetwork:4,Skip:5},ml=[H.Default,H.Skip,H.RefreshTokenAndNetwork],Cl="msal.browser.log.level",yl="msal.browser.log.pii";/! @azure/msal-browser v4.9.0 2025-03-25 /function _t(r){return encodeURIComponent(pt(r).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_"))}function Oe(r){return ys(r).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")}function pt(r){return ys(new TextEncoder().encode(r))}function ys(r){const e=Array.from(r,t=>String.fromCodePoint(t)).join("");return btoa(e)}/! @azure/msal-browser v4.9.0 2025-03-25 /function se(r){return new TextDecoder().decode(Re(r))}function Re(r){let e=r.replace(/-/g,"+").replace(/_/g,"/");switch(e.length%4){case 0:break;case 2:e+="==";break;case 3:e+="=";break;default:throw C(gs)}const t=atob(e);return Uint8Array.from(t,n=>n.codePointAt(0)\|\|0)}/! @azure/msal-browser v4.9.0 2025-03-25 /const Tl="RSASSA-PKCS1-v1_5",et="AES-GCM",Ts="HKDF",So="SHA-256",Al=2048,Il=new Uint8Array([1,0,1]),ur="0123456789abcdef",gr=new Uint32Array(1),ko="raw",As="encrypt",_o="decrypt",El="deriveKey",wl="crypto_subtle_undefined",Ro={name:Tl,hash:So,modulusLength:Al,publicExponent:Il};function vl(r){if(!window)throw C(un);if(!window.crypto)throw C(Nn);if(!r&&!window.crypto.subtle)throw C(Nn,wl)}async function Is(r,e,t){e==null\|\|e.addQueueMeasurement(l.Sha256Digest,t);const o=new TextEncoder().encode(r);return window.crypto.subtle.digest(So,o)}function Sl(r){return window.crypto.getRandomValues(r)}function In(){return window.crypto.getRandomValues(gr),gr[0]}function Z(){const r=Date.now(),e=In()1024+(In()&1023),t=new Uint8Array(16),n=Math.trunc(e/230),o=e&230-1,i=In();t[0]=r/240,t[1]=r/232,t[2]=r/224,t[3]=r/216,t[4]=r/28,t[5]=r,t[6]=112\|n>>>8,t[7]=n,t[8]=128\|o>>>24,t[9]=o>>>16,t[10]=o>>>8,t[11]=o,t[12]=i>>>24,t[13]=i>>>16,t[14]=i>>>8,t[15]=i;let s="";for(let a=0;a<t.length;a++)s+=ur.charAt(t[a]>>>4),s+=ur.charAt(t[a]&15),(a===3\|\|a===5\|\|a===7\|\|a===9)&&(s+="-");return s}async function kl(r,e){return window.crypto.subtle.generateKey(Ro,r,e)}async function En(r){return window.crypto.subtle.exportKey(Cs,r)}async function _l(r,e,t){return window.crypto.subtle.importKey(Cs,r,Ro,e,t)}async function Rl(r,e){return window.crypto.subtle.sign(Ro,r,e)}async function bo(){const r=await Es(),t={alg:"dir",kty:"oct",k:Oe(new Uint8Array(r))};return pt(JSON.stringify(t))}async function bl(r){const e=se(r),n=JSON.parse(e).k,o=Re(n);return window.crypto.subtle.importKey(ko,o,et,!1,[_o])}async function Ol(r,e){const t=e.split(".");if(t.length!==5)throw C(bt,"jwe_length");const n=await bl(r).catch(()=>{throw C(bt,"import_key")});try{const o=new TextEncoder().encode(t[0]),i=Re(t[2]),s=Re(t[3]),a=Re(t[4]),c=a.byteLength8,d=new Uint8Array(s.length+a.length);d.set(s),d.set(a,s.length);const h=await window.crypto.subtle.decrypt({name:et,iv:i,tagLength:c,additionalData:o},n,d);return new TextDecoder().decode(h)}catch{throw C(bt,"decrypt")}}async function Es(){const r=await window.crypto.subtle.generateKey({name:et,length:256},!0,[As,_o]);return window.crypto.subtle.exportKey(ko,r)}async function fr(r){return window.crypto.subtle.importKey(ko,r,Ts,!1,[El])}async function ws(r,e,t){return window.crypto.subtle.deriveKey({name:Ts,salt:e,hash:So,info:new TextEncoder().encode(t)},r,{name:et,length:256},!1,[As,_o])}async function Pl(r,e,t){const n=new TextEncoder().encode(e),o=window.crypto.getRandomValues(new Uint8Array(16)),i=await ws(r,o,t),s=await window.crypto.subtle.encrypt({name:et,iv:new Uint8Array(12)},i,n);return{data:Oe(new Uint8Array(s)),nonce:Oe(o)}}async function Nl(r,e,t,n){const o=Re(n),i=await ws(r,Re(e),t),s=await window.crypto.subtle.decrypt({name:et,iv:new Uint8Array(12)},i,o);return new TextDecoder().decode(s)}async function vs(r){const e=await Is(r),t=new Uint8Array(e);return Oe(t)}/! @azure/msal-browser v4.9.0 2025-03-25 /const Oo="storage_not_supported",Ml="stubbed_public_client_application_called",Ss="in_mem_redirect_unavailable";/! @azure/msal-browser v4.9.0 2025-03-25 /const Ul={[Oo]:"Given storage configuration option was not supported.",[Ml]:"Stub instance of Public Client Application was called. If using msal-react, please ensure context is not used without a provider. For more visit: aka.ms/msaljs/browser-errors",[Ss]:"Redirect cannot be supported. In-memory storage was selected and storeAuthStateInCookie=false, which would cause the library to be unable to handle the incoming hash. If you would like to use the redirect API, please use session/localStorage or set storeAuthStateInCookie=true."};class Po extends R{constructor(e,t){super(e,t),this.name="BrowserConfigurationAuthError",Object.setPrototypeOf(this,Po.prototype)}}function No(r){return new Po(r,Ul[r])}/! @azure/msal-browser v4.9.0 2025-03-25 /function Ll(r){r.location.hash="",typeof r.history.replaceState=="function"&&r.history.replaceState(null,"",`${r.location.origin}${r.location.pathname}${r.location.search}`)}function Hl(r){const e=r.split("#");e.shift(),window.location.hash=e.length>0?e.join("#"):""}function Mo(){return window.parent!==window}function Dl(){return typeof window<"u"&&!!window.opener&&window.opener!==window&&typeof window.name=="string"&&window.name.indexOf(`${Q.POPUP_NAME_PREFIX}.`)===0}function Ce(){return typeof window<"u"&&window.location?window.location.href.split("?")[0].split("#")[0]:""}function xl(){const e=new S(window.location.href).getUrlComponents();return`${e.Protocol}//${e.HostNameAndPort}/`}function Fl(){if(S.hashContainsKnownProperties(window.location.hash)&&Mo())throw C(Xi)}function Kl(r){if(Mo()&&!r)throw C(Ji)}function Bl(){if(Dl())throw C(Zi)}function ks(){if(typeof window>"u")throw C(un)}function _s(r){if(!r)throw C($t)}function Uo(r){ks(),Fl(),Bl(),_s(r)}function pr(r,e){if(Uo(r),Kl(e.system.allowRedirectInIframe),e.cache.cacheLocation===B.MemoryStorage&&!e.cache.storeAuthStateInCookie)throw No(Ss)}function Rs(r){const e=document.createElement("link");e.rel="preconnect",e.href=new URL(r).origin,e.crossOrigin="anonymous",document.head.appendChild(e),window.setTimeout(()=>{try{document.head.removeChild(e)}catch{}},1e4)}function Gl(){return Z()}/! @azure/msal-browser v4.9.0 2025-03-25 /class Vt{navigateInternal(e,t){return Vt.defaultNavigateWindow(e,t)}navigateExternal(e,t){return Vt.defaultNavigateWindow(e,t)}static defaultNavigateWindow(e,t){return t.noHistory?window.location.replace(e):window.location.assign(e),new Promise(n=>{setTimeout(()=>{n(!0)},t.timeout)})}}/! @azure/msal-browser v4.9.0 2025-03-25 /class zl{async sendGetRequestAsync(e,t){let n,o={},i=0;const s=mr(t);try{n=await fetch(e,{method:hr.GET,headers:s})}catch{throw C(window.navigator.onLine?rs:qt)}o=Cr(n.headers);try{return i=n.status,{headers:o,body:await n.json(),status:i}}catch{throw sr(C(Mn),i,o)}}async sendPostRequestAsync(e,t){const n=t&&t.body\|\|"",o=mr(t);let i,s=0,a={};try{i=await fetch(e,{method:hr.POST,headers:o,body:n})}catch{throw C(window.navigator.onLine?os:qt)}a=Cr(i.headers);try{return s=i.status,{headers:a,body:await i.json(),status:s}}catch{throw sr(C(Mn),s,a)}}}function mr(r){try{const e=new Headers;if(!(r&&r.headers))return e;const t=r.headers;return Object.entries(t).forEach(([n,o])=>{e.append(n,o)}),e}catch{throw C(ps)}}function Cr(r){try{const e={};return r.forEach((t,n)=>{e[n]=t}),e}catch{throw C(ms)}}/! @azure/msal-browser v4.9.0 2025-03-25 /const ql=6e4,Hn=1e4,$l=3e4,Vl=2e3;function Ql({auth:r,cache:e,system:t,telemetry:n},o){const i={clientId:g.EMPTY_STRING,authority:`${g.DEFAULT_AUTHORITY}`,knownAuthorities:[],cloudDiscoveryMetadata:g.EMPTY_STRING,authorityMetadata:g.EMPTY_STRING,redirectUri:typeof window<"u"?Ce():"",postLogoutRedirectUri:g.EMPTY_STRING,navigateToLoginRequestUrl:!0,clientCapabilities:[],protocolMode:Y.AAD,OIDCOptions:{serverResponseType:Wt.FRAGMENT,defaultScopes:[g.OPENID_SCOPE,g.PROFILE_SCOPE,g.OFFLINE_ACCESS_SCOPE]},azureCloudOptions:{azureCloudInstance:Jn.None,tenant:g.EMPTY_STRING},skipAuthorityMetadataCache:!1,supportsNestedAppAuth:!1,instanceAware:!1},s={cacheLocation:B.SessionStorage,temporaryCacheLocation:B.SessionStorage,storeAuthStateInCookie:!1,secureCookies:!1,cacheMigrationEnabled:!!(e&&e.cacheLocation===B.LocalStorage),claimsBasedCachingEnabled:!1},a={loggerCallback:()=>{},logLevel:N.Info,piiLoggingEnabled:!1},d={...{...fi,loggerOptions:a,networkClient:o?new zl:Xc,navigationClient:new Vt,loadFrameTimeout:0,windowHashTimeout:(t==null?void 0:t.loadFrameTimeout)\|\|ql,iframeHashTimeout:(t==null?void 0:t.loadFrameTimeout)\|\|Hn,navigateFrameWait:0,redirectNavigationTimeout:$l,asyncPopups:!1,allowRedirectInIframe:!1,allowPlatformBroker:!1,nativeBrokerHandshakeTimeout:(t==null?void 0:t.nativeBrokerHandshakeTimeout)\|\|Vl,pollIntervalMilliseconds:Q.DEFAULT_POLL_INTERVAL_MS},...t,loggerOptions:(t==null?void 0:t.loggerOptions)\|\|a},h={application:{appName:g.EMPTY_STRING,appVersion:g.EMPTY_STRING},client:new al};if((r==null?void 0:r.protocolMode)!==Y.OIDC&&(r!=null&&r.OIDCOptions)&&new Ae(d.loggerOptions).warning(JSON.stringify(b(si))),r!=null&&r.protocolMode&&r.protocolMode===Y.OIDC&&(d!=null&&d.allowPlatformBroker))throw b(ai);const u={auth:{...i,...r,OIDCOptions:{...i.OIDCOptions,...r==null?void 0:r.OIDCOptions}},cache:{...s,...e},system:d,telemetry:{...h,...n}};return u.auth.protocolMode===Y.EAR&&(new Ae(d.loggerOptions).warning("EAR Protocol Mode is not yet supported. Overriding to use PKCE auth"),u.auth.protocolMode=Y.AAD),u}/! @azure/msal-browser v4.9.0 2025-03-25 /const Yl="@azure/msal-browser",tt="4.9.0";/! @azure/msal-browser v4.9.0 2025-03-25 /class gn{static loggerCallback(e,t){switch(e){case N.Error:console.error(t);return;case N.Info:console.info(t);return;case N.Verbose:console.debug(t);return;case N.Warning:console.warn(t);return;default:console.log(t);return}}constructor(e){var c;this.browserEnvironment=typeof window<"u",this.config=Ql(e,this.browserEnvironment);let t;try{t=window[B.SessionStorage]}catch{}const n=t==null?void 0:t.getItem(Cl),o=(c=t==null?void 0:t.getItem(yl))==null?void 0:c.toLowerCase(),i=o==="true"?!0:o==="false"?!1:void 0,s={...this.config.system.loggerOptions},a=n&&Object.keys(N).includes(n)?N[n]:void 0;a&&(s.loggerCallback=gn.loggerCallback,s.logLevel=a),i!==void 0&&(s.piiLoggingEnabled=i),this.logger=new Ae(s,Yl,tt),this.available=!1}getConfig(){return this.config}getLogger(){return this.logger}isAvailable(){return this.available}isBrowserEnvironment(){return this.browserEnvironment}}/! @azure/msal-browser v4.9.0 2025-03-25 /const fe={UserInteractionRequired:"USER_INTERACTION_REQUIRED",UserCancel:"USER_CANCEL",NoNetwork:"NO_NETWORK",TransientError:"TRANSIENT_ERROR",PersistentError:"PERSISTENT_ERROR",Disabled:"DISABLED",AccountUnavailable:"ACCOUNT_UNAVAILABLE",NestedAppAuthUnavailable:"NESTED_APP_AUTH_UNAVAILABLE"};/! @azure/msal-browser v4.9.0 2025-03-25 /class ${static async initializeNestedAppAuthBridge(){if(window===void 0)throw new Error("window is undefined");if(window.nestedAppAuthBridge===void 0)throw new Error("window.nestedAppAuthBridge is undefined");try{window.nestedAppAuthBridge.addEventListener("message",t=>{const n=typeof t=="string"?t:t.data,o=JSON.parse(n),i=$.bridgeRequests.find(s=>s.requestId===o.requestId);i!==void 0&&($.bridgeRequests.splice($.bridgeRequests.indexOf(i),1),o.success?i.resolve(o):i.reject(o.error))});const e=await new Promise((t,n)=>{const o=$.buildRequest("GetInitContext"),i={requestId:o.requestId,method:o.method,resolve:t,reject:n};$.bridgeRequests.push(i),window.nestedAppAuthBridge.postMessage(JSON.stringify(o))});return $.validateBridgeResultOrThrow(e.initContext)}catch(e){throw window.console.log(e),e}}getTokenInteractive(e){return this.getToken("GetTokenPopup",e)}getTokenSilent(e){return this.getToken("GetToken",e)}async getToken(e,t){const n=await this.sendRequest(e,{tokenParams:t});return{token:$.validateBridgeResultOrThrow(n.token),account:$.validateBridgeResultOrThrow(n.account)}}getHostCapabilities(){return this.capabilities??null}getAccountContext(){return this.accountContext?this.accountContext:null}static buildRequest(e,t){return{messageType:"NestedAppAuthRequest",method:e,requestId:Z(),sendTime:Date.now(),clientLibrary:Q.MSAL_SKU,clientLibraryVersion:tt,...t}}sendRequest(e,t){const n=$.buildRequest(e,t);return new Promise((i,s)=>{const a={requestId:n.requestId,method:n.method,resolve:i,reject:s};$.bridgeRequests.push(a),window.nestedAppAuthBridge.postMessage(JSON.stringify(n))})}static validateBridgeResultOrThrow(e){if(e===void 0)throw{status:fe.NestedAppAuthUnavailable};return e}constructor(e,t,n,o){this.sdkName=e,this.sdkVersion=t,this.accountContext=n,this.capabilities=o}static async create(){const e=await $.initializeNestedAppAuthBridge();return new $(e.sdkName,e.sdkVersion,e.accountContext,e.capabilities)}}$.bridgeRequests=[];/! @azure/msal-browser v4.9.0 2025-03-25 /class Je extends gn{constructor(){super(...arguments),this.bridgeProxy=void 0,this.accountContext=null}getModuleName(){return Je.MODULE_NAME}getId(){return Je.ID}getBridgeProxy(){return this.bridgeProxy}async initialize(){try{if(typeof window<"u"){typeof window.__initializeNestedAppAuth=="function"&&await window.__initializeNestedAppAuth();const e=await $.create();this.accountContext=e.getAccountContext(),this.bridgeProxy=e,this.available=e!==void 0}}catch(e){this.logger.infoPii(`Could not initialize Nested App Auth bridge (${e})`)}return this.logger.info(`Nested App Auth Bridge available: ${this.available}`),this.available}}Je.MODULE_NAME="";Je.ID="NestedAppOperatingContext";/! @azure/msal-browser v4.9.0 2025-03-25 /class Ke extends gn{getModuleName(){return Ke.MODULE_NAME}getId(){return Ke.ID}async initialize(){return this.available=typeof window<"u",this.available}}Ke.MODULE_NAME="";Ke.ID="StandardOperatingContext";/! @azure/msal-browser v4.9.0 2025-03-25 /class jl{constructor(){this.dbName=Ln,this.version=fl,this.tableName=pl,this.dbOpen=!1}async open(){return new Promise((e,t)=>{const n=window.indexedDB.open(this.dbName,this.version);n.addEventListener("upgradeneeded",o=>{o.target.result.createObjectStore(this.tableName)}),n.addEventListener("success",o=>{const i=o;this.db=i.target.result,this.dbOpen=!0,e()}),n.addEventListener("error",()=>t(C(wo)))})}closeConnection(){const e=this.db;e&&this.dbOpen&&(e.close(),this.dbOpen=!1)}async validateDbIsOpen(){if(!this.dbOpen)return this.open()}async getItem(e){return await this.validateDbIsOpen(),new Promise((t,n)=>{if(!this.db)return n(C(ze));const s=this.db.transaction([this.tableName],"readonly").objectStore(this.tableName).get(e);s.addEventListener("success",a=>{const c=a;this.closeConnection(),t(c.target.result)}),s.addEventListener("error",a=>{this.closeConnection(),n(a)})})}async setItem(e,t){return await this.validateDbIsOpen(),new Promise((n,o)=>{if(!this.db)return o(C(ze));const a=this.db.transaction([this.tableName],"readwrite").objectStore(this.tableName).put(t,e);a.addEventListener("success",()=>{this.closeConnection(),n()}),a.addEventListener("error",c=>{this.closeConnection(),o(c)})})}async removeItem(e){return await this.validateDbIsOpen(),new Promise((t,n)=>{if(!this.db)return n(C(ze));const s=this.db.transaction([this.tableName],"readwrite").objectStore(this.tableName).delete(e);s.addEventListener("success",()=>{this.closeConnection(),t()}),s.addEventListener("error",a=>{this.closeConnection(),n(a)})})}async getKeys(){return await this.validateDbIsOpen(),new Promise((e,t)=>{if(!this.db)return t(C(ze));const i=this.db.transaction([this.tableName],"readonly").objectStore(this.tableName).getAllKeys();i.addEventListener("success",s=>{const a=s;this.closeConnection(),e(a.target.result)}),i.addEventListener("error",s=>{this.closeConnection(),t(s)})})}async containsKey(e){return await this.validateDbIsOpen(),new Promise((t,n)=>{if(!this.db)return n(C(ze));const s=this.db.transaction([this.tableName],"readonly").objectStore(this.tableName).count(e);s.addEventListener("success",a=>{const c=a;this.closeConnection(),t(c.target.result===1)}),s.addEventListener("error",a=>{this.closeConnection(),n(a)})})}async deleteDatabase(){return this.db&&this.dbOpen&&this.closeConnection(),new Promise((e,t)=>{const n=window.indexedDB.deleteDatabase(Ln),o=setTimeout(()=>t(!1),200);n.addEventListener("success",()=>(clearTimeout(o),e(!0))),n.addEventListener("blocked",()=>(clearTimeout(o),e(!0))),n.addEventListener("error",()=>(clearTimeout(o),t(!1)))})}}/! @azure/msal-browser v4.9.0 2025-03-25 /class fn{constructor(){this.cache=new Map}async initialize(){}getItem(e){return this.cache.get(e)\|\|null}getUserData(e){return this.getItem(e)}setItem(e,t){this.cache.set(e,t)}async setUserData(e,t){this.setItem(e,t)}removeItem(e){this.cache.delete(e)}getKeys(){const e=[];return this.cache.forEach((t,n)=>{e.push(n)}),e}containsKey(e){return this.cache.has(e)}clear(){this.cache.clear()}}/! @azure/msal-browser v4.9.0 2025-03-25 /class Wl{constructor(e){this.inMemoryCache=new fn,this.indexedDBCache=new jl,this.logger=e}handleDatabaseAccessError(e){if(e instanceof mt&&e.errorCode===wo)this.logger.error("Could not access persistent storage. This may be caused by browser privacy features which block persistent storage in third-party contexts.");else throw e}async getItem(e){const t=this.inMemoryCache.getItem(e);if(!t)try{return this.logger.verbose("Queried item not found in in-memory cache, now querying persistent storage."),await this.indexedDBCache.getItem(e)}catch(n){this.handleDatabaseAccessError(n)}return t}async setItem(e,t){this.inMemoryCache.setItem(e,t);try{await this.indexedDBCache.setItem(e,t)}catch(n){this.handleDatabaseAccessError(n)}}async removeItem(e){this.inMemoryCache.removeItem(e);try{await this.indexedDBCache.removeItem(e)}catch(t){this.handleDatabaseAccessError(t)}}async getKeys(){const e=this.inMemoryCache.getKeys();if(e.length===0)try{return this.logger.verbose("In-memory cache is empty, now querying persistent storage."),await this.indexedDBCache.getKeys()}catch(t){this.handleDatabaseAccessError(t)}return e}async containsKey(e){const t=this.inMemoryCache.containsKey(e);if(!t)try{return this.logger.verbose("Key not found in in-memory cache, now querying persistent storage."),await this.indexedDBCache.containsKey(e)}catch(n){this.handleDatabaseAccessError(n)}return t}clearInMemory(){this.logger.verbose("Deleting in-memory keystore"),this.inMemoryCache.clear(),this.logger.verbose("In-memory keystore deleted")}async clearPersistent(){try{this.logger.verbose("Deleting persistent keystore");const e=await this.indexedDBCache.deleteDatabase();return e&&this.logger.verbose("Persistent keystore deleted"),e}catch(e){return this.handleDatabaseAccessError(e),!1}}}/! @azure/msal-browser v4.9.0 2025-03-25 /class ue{constructor(e,t,n){this.logger=e,vl(n??!1),this.cache=new Wl(this.logger),this.performanceClient=t}createNewGuid(){return Z()}base64Encode(e){return pt(e)}base64Decode(e){return se(e)}base64UrlEncode(e){return _t(e)}encodeKid(e){return this.base64UrlEncode(JSON.stringify({kid:e}))}async getPublicKeyThumbprint(e){var h;const t=(h=this.performanceClient)==null?void 0:h.startMeasurement(l.CryptoOptsGetPublicKeyThumbprint,e.correlationId),n=await kl(ue.EXTRACTABLE,ue.POP_KEY_USAGES),o=await En(n.publicKey),i={e:o.e,kty:o.kty,n:o.n},s=yr(i),a=await this.hashString(s),c=await En(n.privateKey),d=await _l(c,!1,["sign"]);return await this.cache.setItem(a,{privateKey:d,publicKey:n.publicKey,requestMethod:e.resourceRequestMethod,requestUri:e.resourceRequestUri}),t&&t.end({success:!0}),a}async removeTokenBindingKey(e){return await this.cache.removeItem(e),!await this.cache.containsKey(e)}async clearKeystore(){this.cache.clearInMemory();try{return await this.cache.clearPersistent(),!0}catch(e){return e instanceof Error?this.logger.error(`Clearing keystore failed with error: ${e.message}`):this.logger.error("Clearing keystore failed with unknown error"),!1}}async signJwt(e,t,n,o){var Ee;const i=(Ee=this.performanceClient)==null?void 0:Ee.startMeasurement(l.CryptoOptsSignJwt,o),s=await this.cache.getItem(t);if(!s)throw C(Eo);const a=await En(s.publicKey),c=yr(a),d=_t(JSON.stringify({kid:t})),h=yo.getShrHeaderString({...n==null?void 0:n.header,alg:a.alg,kid:d}),u=_t(h);e.cnf={jwk:JSON.parse(c)};const m=_t(JSON.stringify(e)),A=`${u}.${m}`,w=new TextEncoder().encode(A),D=await Rl(s.privateKey,w),W=Oe(new Uint8Array(D)),ee=`${A}.${W}`;return i&&i.end({success:!0}),ee}async hashString(e){return vs(e)}}ue.POP_KEY_USAGES=["sign","verify"];ue.EXTRACTABLE=!0;function yr(r){return JSON.stringify(r,Object.keys(r).sort())}/! @azure/msal-browser v4.9.0 2025-03-25 /const Jl=2460601e3,Dn={Lax:"Lax",None:"None"};class bs{initialize(){return Promise.resolve()}getItem(e){const t=`${encodeURIComponent(e)}`,n=document.cookie.split(";");for(let o=0;o<n.length;o++){const i=n[o],[s,...a]=decodeURIComponent(i).trim().split("="),c=a.join("=");if(s===t)return c}return""}getUserData(){throw p(v)}setItem(e,t,n,o=!0,i=Dn.Lax){let s=`${encodeURIComponent(e)}=${encodeURIComponent(t)};path=/;SameSite=${i};`;if(n){const a=Xl(n);s+=`expires=${a};`}(o\|\|i===Dn.None)&&(s+="Secure;"),document.cookie=s}async setUserData(){return Promise.reject(p(v))}removeItem(e){this.setItem(e,"",-1)}getKeys(){const e=document.cookie.split(";"),t=[];return e.forEach(n=>{const o=decodeURIComponent(n).trim().split("=");t.push(o[0])}),t}containsKey(e){return this.getKeys().includes(e)}}function Xl(r){const e=new Date;return new Date(e.getTime()+rJl).toUTCString()}/! @azure/msal-browser v4.9.0 2025-03-25 /function xn(r){const e=r.getItem(Se.ACCOUNT_KEYS);return e?JSON.parse(e):[]}function Fn(r,e){const t=e.getItem(`${Se.TOKEN_KEYS}.${r}`);if(t){const n=JSON.parse(t);if(n&&n.hasOwnProperty("idToken")&&n.hasOwnProperty("accessToken")&&n.hasOwnProperty("refreshToken"))return n}return{idToken:[],accessToken:[],refreshToken:[]}}/! @azure/msal-browser v4.9.0 2025-03-25 /const Tr="msal.cache.encryption",Zl="msal.broadcast.cache";class ed{constructor(e,t,n){if(!window.localStorage)throw No(Oo);this.memoryStorage=new fn,this.initialized=!1,this.clientId=e,this.logger=t,this.performanceClient=n,this.broadcast=new BroadcastChannel(Zl)}async initialize(e){this.initialized=!0;const t=new bs,n=t.getItem(Tr);let o={key:"",id:""};if(n)try{o=JSON.parse(n)}catch{}if(o.key&&o.id){const i=ae(Re,l.Base64Decode,this.logger,this.performanceClient,e)(o.key);this.encryptionCookie={id:o.id,key:await f(fr,l.GenerateHKDF,this.logger,this.performanceClient,e)(i)},await f(this.importExistingCache.bind(this),l.ImportExistingCache,this.logger,this.performanceClient,e)(e)}else{this.clear();const i=Z(),s=await f(Es,l.GenerateBaseKey,this.logger,this.performanceClient,e)(),a=ae(Oe,l.UrlEncodeArr,this.logger,this.performanceClient,e)(new Uint8Array(s));this.encryptionCookie={id:i,key:await f(fr,l.GenerateHKDF,this.logger,this.performanceClient,e)(s)};const c={id:i,key:a};t.setItem(Tr,JSON.stringify(c),0,!0,Dn.None)}this.broadcast.addEventListener("message",this.updateCache.bind(this))}getItem(e){return window.localStorage.getItem(e)}getUserData(e){if(!this.initialized)throw C($t);return this.memoryStorage.getItem(e)}setItem(e,t){window.localStorage.setItem(e,t)}async setUserData(e,t,n){if(!this.initialized\|\|!this.encryptionCookie)throw C($t);const{data:o,nonce:i}=await f(Pl,l.Encrypt,this.logger,this.performanceClient,n)(this.encryptionCookie.key,t,this.getContext(e)),s={id:this.encryptionCookie.id,nonce:i,data:o};this.memoryStorage.setItem(e,t),this.setItem(e,JSON.stringify(s)),this.broadcast.postMessage({key:e,value:t,context:this.getContext(e)})}removeItem(e){this.memoryStorage.containsKey(e)&&(this.memoryStorage.removeItem(e),this.broadcast.postMessage({key:e,value:null,context:this.getContext(e)})),window.localStorage.removeItem(e)}getKeys(){return Object.keys(window.localStorage)}containsKey(e){return window.localStorage.hasOwnProperty(e)}clear(){this.memoryStorage.clear(),xn(this).forEach(n=>this.removeItem(n));const t=Fn(this.clientId,this);t.idToken.forEach(n=>this.removeItem(n)),t.accessToken.forEach(n=>this.removeItem(n)),t.refreshToken.forEach(n=>this.removeItem(n)),this.getKeys().forEach(n=>{(n.startsWith(g.CACHE_PREFIX)\|\|n.indexOf(this.clientId)!==-1)&&this.removeItem(n)})}async importExistingCache(e){if(!this.encryptionCookie)return;let t=xn(this);t=await this.importArray(t,e),this.setItem(Se.ACCOUNT_KEYS,JSON.stringify(t));const n=Fn(this.clientId,this);n.idToken=await this.importArray(n.idToken,e),n.accessToken=await this.importArray(n.accessToken,e),n.refreshToken=await this.importArray(n.refreshToken,e),this.setItem(`${Se.TOKEN_KEYS}.${this.clientId}`,JSON.stringify(n))}async getItemFromEncryptedCache(e,t){if(!this.encryptionCookie)return null;const n=this.getItem(e);if(!n)return null;let o;try{o=JSON.parse(n)}catch{return null}return!o.id\|\|!o.nonce\|\|!o.data?(this.performanceClient.incrementFields({unencryptedCacheCount:1},t),null):o.id!==this.encryptionCookie.id?(this.performanceClient.incrementFields({encryptedCacheExpiredCount:1},t),null):f(Nl,l.Decrypt,this.logger,this.performanceClient,t)(this.encryptionCookie.key,o.nonce,this.getContext(e),o.data)}async importArray(e,t){const n=[],o=[];return e.forEach(i=>{const s=this.getItemFromEncryptedCache(i,t).then(a=>{a?(this.memoryStorage.setItem(i,a),n.push(i)):this.removeItem(i)});o.push(s)}),await Promise.all(o),n}getContext(e){let t="";return e.includes(this.clientId)&&(t=this.clientId),t}updateCache(e){this.logger.trace("Updating internal cache from broadcast event");const t=this.performanceClient.startMeasurement(l.LocalStorageUpdated);t.add({isBackground:!0});const{key:n,value:o,context:i}=e.data;if(!n){this.logger.error("Broadcast event missing key"),t.end({success:!1,errorCode:"noKey"});return}if(i&&i!==this.clientId){this.logger.trace(`Ignoring broadcast event from clientId: ${i}`),t.end({success:!1,errorCode:"contextMismatch"});return}o?(this.memoryStorage.setItem(n,o),this.logger.verbose("Updated item in internal cache")):(this.memoryStorage.removeItem(n),this.logger.verbose("Removed item from internal cache")),t.end({success:!0})}}/! @azure/msal-browser v4.9.0 2025-03-25 /class td{constructor(){if(!window.sessionStorage)throw No(Oo)}async initialize(){}getItem(e){return window.sessionStorage.getItem(e)}getUserData(e){return this.getItem(e)}setItem(e,t){window.sessionStorage.setItem(e,t)}async setUserData(e,t){this.setItem(e,t)}removeItem(e){window.sessionStorage.removeItem(e)}getKeys(){return Object.keys(window.sessionStorage)}containsKey(e){return window.sessionStorage.hasOwnProperty(e)}}/! @azure/msal-browser v4.9.0 2025-03-25 /const y={INITIALIZE_START:"msal:initializeStart",INITIALIZE_END:"msal:initializeEnd",ACCOUNT_ADDED:"msal:accountAdded",ACCOUNT_REMOVED:"msal:accountRemoved",ACTIVE_ACCOUNT_CHANGED:"msal:activeAccountChanged",LOGIN_START:"msal:loginStart",LOGIN_SUCCESS:"msal:loginSuccess",LOGIN_FAILURE:"msal:loginFailure",ACQUIRE_TOKEN_START:"msal:acquireTokenStart",ACQUIRE_TOKEN_SUCCESS:"msal:acquireTokenSuccess",ACQUIRE_TOKEN_FAILURE:"msal:acquireTokenFailure",ACQUIRE_TOKEN_NETWORK_START:"msal:acquireTokenFromNetworkStart",SSO_SILENT_START:"msal:ssoSilentStart",SSO_SILENT_SUCCESS:"msal:ssoSilentSuccess",SSO_SILENT_FAILURE:"msal:ssoSilentFailure",ACQUIRE_TOKEN_BY_CODE_START:"msal:acquireTokenByCodeStart",ACQUIRE_TOKEN_BY_CODE_SUCCESS:"msal:acquireTokenByCodeSuccess",ACQUIRE_TOKEN_BY_CODE_FAILURE:"msal:acquireTokenByCodeFailure",HANDLE_REDIRECT_START:"msal:handleRedirectStart",HANDLE_REDIRECT_END:"msal:handleRedirectEnd",POPUP_OPENED:"msal:popupOpened",LOGOUT_START:"msal:logoutStart",LOGOUT_SUCCESS:"msal:logoutSuccess",LOGOUT_FAILURE:"msal:logoutFailure",LOGOUT_END:"msal:logoutEnd",RESTORE_FROM_BFCACHE:"msal:restoreFromBFCache"};/! @azure/msal-browser v4.9.0 2025-03-25 /class Qt extends bn{constructor(e,t,n,o,i,s,a){super(e,n,o,a),this.cacheConfig=t,this.logger=o,this.internalStorage=new fn,this.browserStorage=Ar(e,t.cacheLocation,o,i),this.temporaryCacheStorage=Ar(e,t.temporaryCacheLocation,o,i),this.cookieStorage=new bs,this.performanceClient=i,this.eventHandler=s}async initialize(e){await this.browserStorage.initialize(e)}validateAndParseJson(e){try{const t=JSON.parse(e);return t&&typeof t=="object"?t:null}catch{return null}}getAccount(e){this.logger.trace("BrowserCacheManager.getAccount called");const t=this.browserStorage.getUserData(e);if(!t)return this.removeAccountKeyFromMap(e),null;const n=this.validateAndParseJson(t);return!n\|\|!q.isAccountEntity(n)?(this.removeAccountKeyFromMap(e),null):bn.toObject(new q,n)}async setAccount(e,t){this.logger.trace("BrowserCacheManager.setAccount called");const n=e.generateAccountKey();await f(this.browserStorage.setUserData.bind(this.browserStorage),l.SetUserData,this.logger,this.performanceClient)(n,JSON.stringify(e),t);const o=this.addAccountKeyToMap(n);this.cacheConfig.cacheLocation===B.LocalStorage&&o&&this.eventHandler.emitEvent(y.ACCOUNT_ADDED,void 0,e.getAccountInfo())}getAccountKeys(){return xn(this.browserStorage)}addAccountKeyToMap(e){this.logger.trace("BrowserCacheManager.addAccountKeyToMap called"),this.logger.tracePii(`BrowserCacheManager.addAccountKeyToMap called with key: ${e}`);const t=this.getAccountKeys();return t.indexOf(e)===-1?(t.push(e),this.browserStorage.setItem(Se.ACCOUNT_KEYS,JSON.stringify(t)),this.logger.verbose("BrowserCacheManager.addAccountKeyToMap account key added"),!0):(this.logger.verbose("BrowserCacheManager.addAccountKeyToMap account key already exists in map"),!1)}removeAccountKeyFromMap(e){this.logger.trace("BrowserCacheManager.removeAccountKeyFromMap called"),this.logger.tracePii(`BrowserCacheManager.removeAccountKeyFromMap called with key: ${e}`);const t=this.getAccountKeys(),n=t.indexOf(e);n>-1?(t.splice(n,1),this.browserStorage.setItem(Se.ACCOUNT_KEYS,JSON.stringify(t)),this.logger.trace("BrowserCacheManager.removeAccountKeyFromMap account key removed")):this.logger.trace("BrowserCacheManager.removeAccountKeyFromMap key not found in existing map")}async removeAccount(e){super.removeAccount(e),this.removeAccountKeyFromMap(e)}async removeAccountContext(e){await super.removeAccountContext(e),this.cacheConfig.cacheLocation===B.LocalStorage&&this.eventHandler.emitEvent(y.ACCOUNT_REMOVED,void 0,e.getAccountInfo())}removeIdToken(e){super.removeIdToken(e),this.removeTokenKey(e,I.ID_TOKEN)}async removeAccessToken(e){super.removeAccessToken(e),this.removeTokenKey(e,I.ACCESS_TOKEN)}removeRefreshToken(e){super.removeRefreshToken(e),this.removeTokenKey(e,I.REFRESH_TOKEN)}getTokenKeys(){return Fn(this.clientId,this.browserStorage)}addTokenKey(e,t){this.logger.trace("BrowserCacheManager addTokenKey called");const n=this.getTokenKeys();switch(t){case I.ID_TOKEN:n.idToken.indexOf(e)===-1&&(this.logger.info("BrowserCacheManager: addTokenKey - idToken added to map"),n.idToken.push(e));break;case I.ACCESS_TOKEN:n.accessToken.indexOf(e)===-1&&(this.logger.info("BrowserCacheManager: addTokenKey - accessToken added to map"),n.accessToken.push(e));break;case I.REFRESH_TOKEN:n.refreshToken.indexOf(e)===-1&&(this.logger.info("BrowserCacheManager: addTokenKey - refreshToken added to map"),n.refreshToken.push(e));break;default:throw this.logger.error(`BrowserCacheManager:addTokenKey - CredentialType provided invalid. CredentialType: ${t}`),p(_n)}this.browserStorage.setItem(`${Se.TOKEN_KEYS}.${this.clientId}`,JSON.stringify(n))}removeTokenKey(e,t){this.logger.trace("BrowserCacheManager removeTokenKey called");const n=this.getTokenKeys();switch(t){case I.ID_TOKEN:this.logger.infoPii(`BrowserCacheManager: removeTokenKey - attempting to remove idToken with key: ${e} from map`);const o=n.idToken.indexOf(e);o>-1?(this.logger.info("BrowserCacheManager: removeTokenKey - idToken removed from map"),n.idToken.splice(o,1)):this.logger.info("BrowserCacheManager: removeTokenKey - idToken does not exist in map. Either it was previously removed or it was never added.");break;case I.ACCESS_TOKEN:this.logger.infoPii(`BrowserCacheManager: removeTokenKey - attempting to remove accessToken with key: ${e} from map`);const i=n.accessToken.indexOf(e);i>-1?(this.logger.info("BrowserCacheManager: removeTokenKey - accessToken removed from map"),n.accessToken.splice(i,1)):this.logger.info("BrowserCacheManager: removeTokenKey - accessToken does not exist in map. Either it was previously removed or it was never added.");break;case I.REFRESH_TOKEN:this.logger.infoPii(`BrowserCacheManager: removeTokenKey - attempting to remove refreshToken with key: ${e} from map`);const s=n.refreshToken.indexOf(e);s>-1?(this.logger.info("BrowserCacheManager: removeTokenKey - refreshToken removed from map"),n.refreshToken.splice(s,1)):this.logger.info("BrowserCacheManager: removeTokenKey - refreshToken does not exist in map. Either it was previously removed or it was never added.");break;default:throw this.logger.error(`BrowserCacheManager:removeTokenKey - CredentialType provided invalid. CredentialType: ${t}`),p(_n)}this.browserStorage.setItem(`${Se.TOKEN_KEYS}.${this.clientId}`,JSON.stringify(n))}getIdTokenCredential(e){const t=this.browserStorage.getUserData(e);if(!t)return this.logger.trace("BrowserCacheManager.getIdTokenCredential: called, no cache hit"),this.removeTokenKey(e,I.ID_TOKEN),null;const n=this.validateAndParseJson(t);return!n\|\|!ga(n)?(this.logger.trace("BrowserCacheManager.getIdTokenCredential: called, no cache hit"),this.removeTokenKey(e,I.ID_TOKEN),null):(this.logger.trace("BrowserCacheManager.getIdTokenCredential: cache hit"),n)}async setIdTokenCredential(e,t){this.logger.trace("BrowserCacheManager.setIdTokenCredential called");const n=at(e);await f(this.browserStorage.setUserData.bind(this.browserStorage),l.SetUserData,this.logger,this.performanceClient)(n,JSON.stringify(e),t),this.addTokenKey(n,I.ID_TOKEN)}getAccessTokenCredential(e){const t=this.browserStorage.getUserData(e);if(!t)return this.logger.trace("BrowserCacheManager.getAccessTokenCredential: called, no cache hit"),this.removeTokenKey(e,I.ACCESS_TOKEN),null;const n=this.validateAndParseJson(t);return!n\|\|!ua(n)?(this.logger.trace("BrowserCacheManager.getAccessTokenCredential: called, no cache hit"),this.removeTokenKey(e,I.ACCESS_TOKEN),null):(this.logger.trace("BrowserCacheManager.getAccessTokenCredential: cache hit"),n)}async setAccessTokenCredential(e,t){this.logger.trace("BrowserCacheManager.setAccessTokenCredential called");const n=at(e);await f(this.browserStorage.setUserData.bind(this.browserStorage),l.SetUserData,this.logger,this.performanceClient)(n,JSON.stringify(e),t),this.addTokenKey(n,I.ACCESS_TOKEN)}getRefreshTokenCredential(e){const t=this.browserStorage.getUserData(e);if(!t)return this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: called, no cache hit"),this.removeTokenKey(e,I.REFRESH_TOKEN),null;const n=this.validateAndParseJson(t);return!n\|\|!fa(n)?(this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: called, no cache hit"),this.removeTokenKey(e,I.REFRESH_TOKEN),null):(this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: cache hit"),n)}async setRefreshTokenCredential(e,t){this.logger.trace("BrowserCacheManager.setRefreshTokenCredential called");const n=at(e);await f(this.browserStorage.setUserData.bind(this.browserStorage),l.SetUserData,this.logger,this.performanceClient)(n,JSON.stringify(e),t),this.addTokenKey(n,I.REFRESH_TOKEN)}getAppMetadata(e){const t=this.browserStorage.getItem(e);if(!t)return this.logger.trace("BrowserCacheManager.getAppMetadata: called, no cache hit"),null;const n=this.validateAndParseJson(t);return!n\|\|!wa(e,n)?(this.logger.trace("BrowserCacheManager.getAppMetadata: called, no cache hit"),null):(this.logger.trace("BrowserCacheManager.getAppMetadata: cache hit"),n)}setAppMetadata(e){this.logger.trace("BrowserCacheManager.setAppMetadata called");const t=Ea(e);this.browserStorage.setItem(t,JSON.stringify(e))}getServerTelemetry(e){const t=this.browserStorage.getItem(e);if(!t)return this.logger.trace("BrowserCacheManager.getServerTelemetry: called, no cache hit"),null;const n=this.validateAndParseJson(t);return!n\|\|!Aa(e,n)?(this.logger.trace("BrowserCacheManager.getServerTelemetry: called, no cache hit"),null):(this.logger.trace("BrowserCacheManager.getServerTelemetry: cache hit"),n)}setServerTelemetry(e,t){this.logger.trace("BrowserCacheManager.setServerTelemetry called"),this.browserStorage.setItem(e,JSON.stringify(t))}getAuthorityMetadata(e){const t=this.internalStorage.getItem(e);if(!t)return this.logger.trace("BrowserCacheManager.getAuthorityMetadata: called, no cache hit"),null;const n=this.validateAndParseJson(t);return n&&va(e,n)?(this.logger.trace("BrowserCacheManager.getAuthorityMetadata: cache hit"),n):null}getAuthorityMetadataKeys(){return this.internalStorage.getKeys().filter(t=>this.isAuthorityMetadata(t))}setWrapperMetadata(e,t){this.internalStorage.setItem(kt.WRAPPER_SKU,e),this.internalStorage.setItem(kt.WRAPPER_VER,t)}getWrapperMetadata(){const e=this.internalStorage.getItem(kt.WRAPPER_SKU)\|\|g.EMPTY_STRING,t=this.internalStorage.getItem(kt.WRAPPER_VER)\|\|g.EMPTY_STRING;return[e,t]}setAuthorityMetadata(e,t){this.logger.trace("BrowserCacheManager.setAuthorityMetadata called"),this.internalStorage.setItem(e,JSON.stringify(t))}getActiveAccount(){const e=this.generateCacheKey(Qo.ACTIVE_ACCOUNT_FILTERS),t=this.browserStorage.getItem(e);if(!t)return this.logger.trace("BrowserCacheManager.getActiveAccount: No active account filters found"),null;const n=this.validateAndParseJson(t);return n?(this.logger.trace("BrowserCacheManager.getActiveAccount: Active account filters schema found"),this.getAccountInfoFilteredBy({homeAccountId:n.homeAccountId,localAccountId:n.localAccountId,tenantId:n.tenantId})):(this.logger.trace("BrowserCacheManager.getActiveAccount: No active account found"),null)}setActiveAccount(e){const t=this.generateCacheKey(Qo.ACTIVE_ACCOUNT_FILTERS);if(e){this.logger.verbose("setActiveAccount: Active account set");const n={homeAccountId:e.homeAccountId,localAccountId:e.localAccountId,tenantId:e.tenantId};this.browserStorage.setItem(t,JSON.stringify(n))}else this.logger.verbose("setActiveAccount: No account passed, active account not set"),this.browserStorage.removeItem(t);this.eventHandler.emitEvent(y.ACTIVE_ACCOUNT_CHANGED)}getThrottlingCache(e){const t=this.browserStorage.getItem(e);if(!t)return this.logger.trace("BrowserCacheManager.getThrottlingCache: called, no cache hit"),null;const n=this.validateAndParseJson(t);return!n\|\|!Ia(e,n)?(this.logger.trace("BrowserCacheManager.getThrottlingCache: called, no cache hit"),null):(this.logger.trace("BrowserCacheManager.getThrottlingCache: cache hit"),n)}setThrottlingCache(e,t){this.logger.trace("BrowserCacheManager.setThrottlingCache called"),this.browserStorage.setItem(e,JSON.stringify(t))}getTemporaryCache(e,t){const n=t?this.generateCacheKey(e):e;if(this.cacheConfig.storeAuthStateInCookie){const i=this.cookieStorage.getItem(n);if(i)return this.logger.trace("BrowserCacheManager.getTemporaryCache: storeAuthStateInCookies set to true, retrieving from cookies"),i}const o=this.temporaryCacheStorage.getItem(n);if(!o){if(this.cacheConfig.cacheLocation===B.LocalStorage){const i=this.browserStorage.getItem(n);if(i)return this.logger.trace("BrowserCacheManager.getTemporaryCache: Temporary cache item found in local storage"),i}return this.logger.trace("BrowserCacheManager.getTemporaryCache: No cache item found in local storage"),null}return this.logger.trace("BrowserCacheManager.getTemporaryCache: Temporary cache item returned"),o}setTemporaryCache(e,t,n){const o=n?this.generateCacheKey(e):e;this.temporaryCacheStorage.setItem(o,t),this.cacheConfig.storeAuthStateInCookie&&(this.logger.trace("BrowserCacheManager.setTemporaryCache: storeAuthStateInCookie set to true, setting item cookie"),this.cookieStorage.setItem(o,t,void 0,this.cacheConfig.secureCookies))}removeItem(e){this.browserStorage.removeItem(e)}removeTemporaryItem(e){this.temporaryCacheStorage.removeItem(e),this.cacheConfig.storeAuthStateInCookie&&(this.logger.trace("BrowserCacheManager.removeItem: storeAuthStateInCookie is true, clearing item cookie"),this.cookieStorage.removeItem(e))}getKeys(){return this.browserStorage.getKeys()}async clear(){await this.removeAllAccounts(),this.removeAppMetadata(),this.temporaryCacheStorage.getKeys().forEach(e=>{(e.indexOf(g.CACHE_PREFIX)!==-1\|\|e.indexOf(this.clientId)!==-1)&&this.removeTemporaryItem(e)}),this.browserStorage.getKeys().forEach(e=>{(e.indexOf(g.CACHE_PREFIX)!==-1\|\|e.indexOf(this.clientId)!==-1)&&this.browserStorage.removeItem(e)}),this.internalStorage.clear()}async clearTokensAndKeysWithClaims(e,t){e.addQueueMeasurement(l.ClearTokensAndKeysWithClaims,t);const n=this.getTokenKeys(),o=[];n.accessToken.forEach(i=>{const s=this.getAccessTokenCredential(i);s!=null&&s.requestedClaimsHash&&i.includes(s.requestedClaimsHash.toLowerCase())&&o.push(this.removeAccessToken(i))}),await Promise.all(o),o.length>0&&this.logger.warning(`${o.length} access tokens with claims in the cache keys have been removed from the cache.`)}generateCacheKey(e){return this.validateAndParseJson(e)?JSON.stringify(e):ie.startsWith(e,g.CACHE_PREFIX)?e:`${g.CACHE_PREFIX}.${this.clientId}.${e}`}resetRequestCache(){this.logger.trace("BrowserCacheManager.resetRequestCache called"),this.removeTemporaryItem(this.generateCacheKey(U.REQUEST_PARAMS)),this.removeTemporaryItem(this.generateCacheKey(U.VERIFIER)),this.removeTemporaryItem(this.generateCacheKey(U.ORIGIN_URI)),this.removeTemporaryItem(this.generateCacheKey(U.URL_HASH)),this.removeTemporaryItem(this.generateCacheKey(U.NATIVE_REQUEST)),this.setInteractionInProgress(!1)}cacheAuthorizeRequest(e,t){this.logger.trace("BrowserCacheManager.cacheAuthorizeRequest called");const n=pt(JSON.stringify(e));if(this.setTemporaryCache(U.REQUEST_PARAMS,n,!0),t){const o=pt(t);this.setTemporaryCache(U.VERIFIER,o,!0)}}getCachedRequest(){this.logger.trace("BrowserCacheManager.getCachedRequest called");const e=this.getTemporaryCache(U.REQUEST_PARAMS,!0);if(!e)throw C(ts);const t=this.getTemporaryCache(U.VERIFIER,!0);let n,o="";try{n=JSON.parse(se(e)),t&&(o=se(t))}catch(i){throw this.logger.errorPii(`Attempted to parse: ${e}`),this.logger.error(`Parsing cached token request threw with error: ${i}`),C(ns)}return[n,o]}getCachedNativeRequest(){this.logger.trace("BrowserCacheManager.getCachedNativeRequest called");const e=this.getTemporaryCache(U.NATIVE_REQUEST,!0);if(!e)return this.logger.trace("BrowserCacheManager.getCachedNativeRequest: No cached native request found"),null;const t=this.validateAndParseJson(e);return t\|\|(this.logger.error("BrowserCacheManager.getCachedNativeRequest: Unable to parse native request"),null)}isInteractionInProgress(e){const t=this.getInteractionInProgress();return e?t===this.clientId:!!t}getInteractionInProgress(){const e=`${g.CACHE_PREFIX}.${U.INTERACTION_STATUS_KEY}`;return this.getTemporaryCache(e,!1)}setInteractionInProgress(e){const t=`${g.CACHE_PREFIX}.${U.INTERACTION_STATUS_KEY}`;if(e){if(this.getInteractionInProgress())throw C(Qi);this.setTemporaryCache(t,this.clientId,!1)}else!e&&this.getInteractionInProgress()===this.clientId&&this.removeTemporaryItem(t)}async hydrateCache(e,t){var a,c,d;const n=Jt((a=e.account)==null?void 0:a.homeAccountId,(c=e.account)==null?void 0:c.environment,e.idToken,this.clientId,e.tenantId);let o;t.claims&&(o=await this.cryptoImpl.hashString(t.claims));const i=Xt((d=e.account)==null?void 0:d.homeAccountId,e.account.environment,e.accessToken,this.clientId,e.tenantId,e.scopes.join(" "),e.expiresOn?Xo(e.expiresOn):0,e.extExpiresOn?Xo(e.extExpiresOn):0,se,void 0,e.tokenType,void 0,t.sshKid,t.claims,o),s={idToken:n,accessToken:i};return this.saveCacheRecord(s,e.correlationId)}async saveCacheRecord(e,t,n){try{await super.saveCacheRecord(e,t,n)}catch(o){if(o instanceof Ye&&this.performanceClient&&t)try{const i=this.getTokenKeys();this.performanceClient.addFields({cacheRtCount:i.refreshToken.length,cacheIdCount:i.idToken.length,cacheAtCount:i.accessToken.length},t)}catch{}throw o}}}function Ar(r,e,t,n){try{switch(e){case B.LocalStorage:return new ed(r,t,n);case B.SessionStorage:return new td;case B.MemoryStorage:default:break}}catch(o){t.error(o)}return new fn}const Os=(r,e,t,n)=>{const o={cacheLocation:B.MemoryStorage,temporaryCacheLocation:B.MemoryStorage,storeAuthStateInCookie:!1,secureCookies:!1,cacheMigrationEnabled:!1,claimsBasedCachingEnabled:!1};return new Qt(r,o,ht,e,t,n)};/! @azure/msal-browser v4.9.0 2025-03-25 /function Ps(r,e,t,n){return r.verbose("getAllAccounts called"),t?e.getAllAccounts(n):[]}function Kn(r,e,t){if(e.trace("getAccount called"),Object.keys(r).length===0)return e.warning("getAccount: No accountFilter provided"),null;const n=t.getAccountInfoFilteredBy(r);return n?(e.verbose("getAccount: Account matching provided filter found, returning"),n):(e.verbose("getAccount: No matching account found, returning null"),null)}function Ns(r,e,t){if(e.trace("getAccountByUsername called"),!r)return e.warning("getAccountByUsername: No username provided"),null;const n=t.getAccountInfoFilteredBy({username:r});return n?(e.verbose("getAccountByUsername: Account matching username found, returning"),e.verbosePii(`getAccountByUsername: Returning signed-in accounts matching username: ${r}`),n):(e.verbose("getAccountByUsername: No matching account found, returning null"),null)}function Ms(r,e,t){if(e.trace("getAccountByHomeId called"),!r)return e.warning("getAccountByHomeId: No homeAccountId provided"),null;const n=t.getAccountInfoFilteredBy({homeAccountId:r});return n?(e.verbose("getAccountByHomeId: Account matching homeAccountId found, returning"),e.verbosePii(`getAccountByHomeId: Returning signed-in accounts matching homeAccountId: ${r}`),n):(e.verbose("getAccountByHomeId: No matching account found, returning null"),null)}function Us(r,e,t){if(e.trace("getAccountByLocalId called"),!r)return e.warning("getAccountByLocalId: No localAccountId provided"),null;const n=t.getAccountInfoFilteredBy({localAccountId:r});return n?(e.verbose("getAccountByLocalId: Account matching localAccountId found, returning"),e.verbosePii(`getAccountByLocalId: Returning signed-in accounts matching localAccountId: ${r}`),n):(e.verbose("getAccountByLocalId: No matching account found, returning null"),null)}function Ls(r,e){e.setActiveAccount(r)}function Hs(r){return r.getActiveAccount()}/! @azure/msal-browser v4.9.0 2025-03-25 /const nd="msal.broadcast.event";class Ds{constructor(e){this.eventCallbacks=new Map,this.logger=e\|\|new Ae({}),typeof BroadcastChannel<"u"&&(this.broadcastChannel=new BroadcastChannel(nd)),this.invokeCrossTabCallbacks=this.invokeCrossTabCallbacks.bind(this)}addEventCallback(e,t,n){if(typeof window<"u"){const o=n\|\|Gl();return this.eventCallbacks.has(o)?(this.logger.error(`Event callback with id: ${o} is already registered. Please provide a unique id or remove the existing callback and try again.`),null):(this.eventCallbacks.set(o,[e,t\|\|[]]),this.logger.verbose(`Event callback registered with id: ${o}`),o)}return null}removeEventCallback(e){this.eventCallbacks.delete(e),this.logger.verbose(`Event callback ${e} removed.`)}emitEvent(e,t,n,o){var s;const i={eventType:e,interactionType:t\|\|null,payload:n\|\|null,error:o\|\|null,timestamp:Date.now()};switch(e){case y.ACCOUNT_ADDED:case y.ACCOUNT_REMOVED:case y.ACTIVE_ACCOUNT_CHANGED:(s=this.broadcastChannel)==null\|\|s.postMessage(i);break;default:this.invokeCallbacks(i);break}}invokeCallbacks(e){this.eventCallbacks.forEach(([t,n],o)=>{(n.length===0\|\|n.includes(e.eventType))&&(this.logger.verbose(`Emitting event to callback ${o}: ${e.eventType}`),t.apply(null,[e]))})}invokeCrossTabCallbacks(e){const t=e.data;this.invokeCallbacks(t)}subscribeCrossTab(){var e;(e=this.broadcastChannel)==null\|\|e.addEventListener("message",this.invokeCrossTabCallbacks)}unsubscribeCrossTab(){var e;(e=this.broadcastChannel)==null\|\|e.removeEventListener("message",this.invokeCrossTabCallbacks)}}/! @azure/msal-browser v4.9.0 2025-03-25 /class xs{constructor(e,t,n,o,i,s,a,c,d){this.config=e,this.browserStorage=t,this.browserCrypto=n,this.networkClient=this.config.system.networkClient,this.eventHandler=i,this.navigationClient=s,this.nativeMessageHandler=c,this.correlationId=d\|\|Z(),this.logger=o.clone(Q.MSAL_SKU,tt,this.correlationId),this.performanceClient=a}async clearCacheOnLogout(e){if(e){q.accountInfoIsEqual(e,this.browserStorage.getActiveAccount(),!1)&&(this.logger.verbose("Setting active account to null"),this.browserStorage.setActiveAccount(null));try{await this.browserStorage.removeAccount(q.generateAccountCacheKey(e)),this.logger.verbose("Cleared cache items belonging to the account provided in the logout request.")}catch{this.logger.error("Account provided in logout request was not found. Local cache unchanged.")}}else try{this.logger.verbose("No account provided in logout request, clearing all cache items.",this.correlationId),await this.browserStorage.clear(),await this.browserCrypto.clearKeystore()}catch{this.logger.error("Attempted to clear all MSAL cache items and failed. Local cache unchanged.")}}getRedirectUri(e){this.logger.verbose("getRedirectUri called");const t=e\|\|this.config.auth.redirectUri;return S.getAbsoluteUrl(t,Ce())}initializeServerTelemetryManager(e,t){this.logger.verbose("initializeServerTelemetryManager called");const n={clientId:this.config.auth.clientId,correlationId:this.correlationId,apiId:e,forceRefresh:t\|\|!1,wrapperSKU:this.browserStorage.getWrapperMetadata()[0],wrapperVer:this.browserStorage.getWrapperMetadata()[1]};return new gt(n,this.browserStorage)}async getDiscoveredAuthority(e){const{account:t}=e,n=e.requestExtraQueryParameters&&e.requestExtraQueryParameters.hasOwnProperty("instance_aware")?e.requestExtraQueryParameters.instance_aware:void 0;this.performanceClient.addQueueMeasurement(l.StandardInteractionClientGetDiscoveredAuthority,this.correlationId);const o={protocolMode:this.config.auth.protocolMode,OIDCOptions:this.config.auth.OIDCOptions,knownAuthorities:this.config.auth.knownAuthorities,cloudDiscoveryMetadata:this.config.auth.cloudDiscoveryMetadata,authorityMetadata:this.config.auth.authorityMetadata,skipAuthorityMetadataCache:this.config.auth.skipAuthorityMetadataCache},i=e.requestAuthority\|\|this.config.auth.authority,s=n!=null&&n.length?n==="true":this.config.auth.instanceAware,a=t&&s?this.config.auth.authority.replace(S.getDomainFromUrl(i),t.environment):i,c=G.generateAuthority(a,e.requestAzureCloudOptions\|\|this.config.auth.azureCloudOptions),d=await f(Ni,l.AuthorityFactoryCreateDiscoveredInstance,this.logger,this.performanceClient,this.correlationId)(c,this.config.system.networkClient,this.browserStorage,o,this.logger,this.correlationId,this.performanceClient);if(t&&!d.isAlias(t.environment))throw b(ci);return d}}/! @azure/msal-browser v4.9.0 2025-03-25 /async function Lo(r,e,t,n){t.addQueueMeasurement(l.InitializeBaseRequest,r.correlationId);const o=r.authority\|\|e.auth.authority,i=[...r&&r.scopes\|\|[]],s={...r,correlationId:r.correlationId,authority:o,scopes:i};if(!s.authenticationScheme)s.authenticationScheme=_.BEARER,n.verbose(`Authentication Scheme wasn't explicitly set in request, defaulting to "Bearer" request`);else{if(s.authenticationScheme===_.SSH){if(!r.sshJwk)throw b(tn);if(!r.sshKid)throw b(ii)}n.verbose(`Authentication Scheme set to "${s.authenticationScheme}" as configured in Auth request`)}return e.cache.claimsBasedCachingEnabled&&r.claims&&!ie.isEmptyObj(r.claims)&&(s.requestedClaimsHash=await vs(r.claims)),s}async function od(r,e,t,n,o){n.addQueueMeasurement(l.InitializeSilentRequest,r.correlationId);const i=await f(Lo,l.InitializeBaseRequest,o,n,r.correlationId)(r,t,n,o);return{...r,...i,account:e,forceRefresh:r.forceRefresh\|\|!1}}/! @azure/msal-browser v4.9.0 2025-03-25 /class nt extends xs{initializeLogoutRequest(e){this.logger.verbose("initializeLogoutRequest called",e==null?void 0:e.correlationId);const t={correlationId:this.correlationId\|\|Z(),...e};if(e)if(e.logoutHint)this.logger.verbose("logoutHint has already been set in logoutRequest");else if(e.account){const n=this.getLogoutHintFromIdTokenClaims(e.account);n&&(this.logger.verbose("Setting logoutHint to login_hint ID Token Claim value for the account provided"),t.logoutHint=n)}else this.logger.verbose("logoutHint was not set and account was not passed into logout request, logoutHint will not be set");else this.logger.verbose("logoutHint will not be set since no logout request was configured");return!e\|\|e.postLogoutRedirectUri!==null?e&&e.postLogoutRedirectUri?(this.logger.verbose("Setting postLogoutRedirectUri to uri set on logout request",t.correlationId),t.postLogoutRedirectUri=S.getAbsoluteUrl(e.postLogoutRedirectUri,Ce())):this.config.auth.postLogoutRedirectUri===null?this.logger.verbose("postLogoutRedirectUri configured as null and no uri set on request, not passing post logout redirect",t.correlationId):this.config.auth.postLogoutRedirectUri?(this.logger.verbose("Setting postLogoutRedirectUri to configured uri",t.correlationId),t.postLogoutRedirectUri=S.getAbsoluteUrl(this.config.auth.postLogoutRedirectUri,Ce())):(this.logger.verbose("Setting postLogoutRedirectUri to current page",t.correlationId),t.postLogoutRedirectUri=S.getAbsoluteUrl(Ce(),Ce())):this.logger.verbose("postLogoutRedirectUri passed as null, not setting post logout redirect uri",t.correlationId),t}getLogoutHintFromIdTokenClaims(e){const t=e.idTokenClaims;if(t){if(t.login_hint)return t.login_hint;this.logger.verbose("The ID Token Claims tied to the provided account do not contain a login_hint claim, logoutHint will not be added to logout request")}else this.logger.verbose("The provided account does not contain ID Token Claims, logoutHint will not be added to logout request");return null}async createAuthCodeClient(e){this.performanceClient.addQueueMeasurement(l.StandardInteractionClientCreateAuthCodeClient,this.correlationId);const t=await f(this.getClientConfiguration.bind(this),l.StandardInteractionClientGetClientConfiguration,this.logger,this.performanceClient,this.correlationId)(e);return new Hi(t,this.performanceClient)}async getClientConfiguration(e){const{serverTelemetryManager:t,requestAuthority:n,requestAzureCloudOptions:o,requestExtraQueryParameters:i,account:s}=e;this.performanceClient.addQueueMeasurement(l.StandardInteractionClientGetClientConfiguration,this.correlationId);const a=await f(this.getDiscoveredAuthority.bind(this),l.StandardInteractionClientGetDiscoveredAuthority,this.logger,this.performanceClient,this.correlationId)({requestAuthority:n,requestAzureCloudOptions:o,requestExtraQueryParameters:i,account:s}),c=this.config.system.loggerOptions;return{authOptions:{clientId:this.config.auth.clientId,authority:a,clientCapabilities:this.config.auth.clientCapabilities,redirectUri:this.config.auth.redirectUri},systemOptions:{tokenRenewalOffsetSeconds:this.config.system.tokenRenewalOffsetSeconds,preventCorsPreflight:!0},loggerOptions:{loggerCallback:c.loggerCallback,piiLoggingEnabled:c.piiLoggingEnabled,logLevel:c.logLevel,correlationId:this.correlationId},cacheOptions:{claimsBasedCachingEnabled:this.config.cache.claimsBasedCachingEnabled},cryptoInterface:this.browserCrypto,networkInterface:this.networkClient,storageInterface:this.browserStorage,serverTelemetryManager:t,libraryInfo:{sku:Q.MSAL_SKU,version:tt,cpu:g.EMPTY_STRING,os:g.EMPTY_STRING},telemetry:this.config.telemetry}}async initializeAuthorizationRequest(e,t){this.performanceClient.addQueueMeasurement(l.StandardInteractionClientInitializeAuthorizationRequest,this.correlationId);const n=this.getRedirectUri(e.redirectUri),o={interactionType:t},i=Ze.setRequestState(this.browserCrypto,e&&e.state\|\|g.EMPTY_STRING,o),a={...await f(Lo,l.InitializeBaseRequest,this.logger,this.performanceClient,this.correlationId)({...e,correlationId:this.correlationId},this.config,this.performanceClient,this.logger),redirectUri:n,state:i,nonce:e.nonce\|\|Z(),responseMode:this.config.auth.OIDCOptions.serverResponseType};if(e.loginHint\|\|e.sid)return a;const c=e.account\|\|this.browserStorage.getActiveAccount();return c&&(this.logger.verbose("Setting validated request account",this.correlationId),this.logger.verbosePii(`Setting validated request account: ${c.homeAccountId}`,this.correlationId),a.account=c),a}}/! @azure/msal-browser v4.9.0 2025-03-25 /const rd="ContentError",Fs="user_switch";/! @azure/msal-browser v4.9.0 2025-03-25 /const id="USER_INTERACTION_REQUIRED",sd="USER_CANCEL",ad="NO_NETWORK",cd="PERSISTENT_ERROR",ld="DISABLED",dd="ACCOUNT_UNAVAILABLE";/! @azure/msal-browser v4.9.0 2025-03-25 /const hd=-2147186943,ud={[Fs]:"User attempted to switch accounts in the native broker, which is not allowed. All new accounts must sign-in through the standard web flow first, please try again."};class de extends R{constructor(e,t,n){super(e,t),Object.setPrototypeOf(this,de.prototype),this.name="NativeAuthError",this.ext=n}}function qe(r){if(r.ext&&r.ext.status&&(r.ext.status===cd\|\|r.ext.status===ld)\|\|r.ext&&r.ext.error&&r.ext.error===hd)return!0;switch(r.errorCode){case rd:return!0;default:return!1}}function Bn(r,e,t){if(t&&t.status)switch(t.status){case dd:return Pn(Mi);case id:return new ne(r,e);case sd:return C(ft);case ad:return C(qt)}return new de(r,ud[r]\|\|e,t)}/! @azure/msal-browser v4.9.0 2025-03-25 /class he{constructor(e,t,n,o){this.logger=e,this.handshakeTimeoutMs=t,this.extensionId=o,this.resolvers=new Map,this.handshakeResolvers=new Map,this.messageChannel=new MessageChannel,this.windowListener=this.onWindowMessage.bind(this),this.performanceClient=n,this.handshakeEvent=n.startMeasurement(l.NativeMessageHandlerHandshake)}async sendMessage(e){this.logger.trace("NativeMessageHandler - sendMessage called.");const t={channel:$e.CHANNEL_ID,extensionId:this.extensionId,responseId:Z(),body:e};return this.logger.trace("NativeMessageHandler - Sending request to browser extension"),this.logger.tracePii(`NativeMessageHandler - Sending request to browser extension: ${JSON.stringify(t)}`),this.messageChannel.port1.postMessage(t),new Promise((n,o)=>{this.resolvers.set(t.responseId,{resolve:n,reject:o})})}static async createProvider(e,t,n){e.trace("NativeMessageHandler - createProvider called.");try{const o=new he(e,t,n,$e.PREFERRED_EXTENSION_ID);return await o.sendHandshakeRequest(),o}catch{const i=new he(e,t,n);return await i.sendHandshakeRequest(),i}}async sendHandshakeRequest(){this.logger.trace("NativeMessageHandler - sendHandshakeRequest called."),window.addEventListener("message",this.windowListener,!1);const e={channel:$e.CHANNEL_ID,extensionId:this.extensionId,responseId:Z(),body:{method:Le.HandshakeRequest}};return this.handshakeEvent.add({extensionId:this.extensionId,extensionHandshakeTimeoutMs:this.handshakeTimeoutMs}),this.messageChannel.port1.onmessage=t=>{this.onChannelMessage(t)},window.postMessage(e,window.origin,[this.messageChannel.port2]),new Promise((t,n)=>{this.handshakeResolvers.set(e.responseId,{resolve:t,reject:n}),this.timeoutId=window.setTimeout(()=>{window.removeEventListener("message",this.windowListener,!1),this.messageChannel.port1.close(),this.messageChannel.port2.close(),this.handshakeEvent.end({extensionHandshakeTimedOut:!0,success:!1}),n(C(ds)),this.handshakeResolvers.delete(e.responseId)},this.handshakeTimeoutMs)})}onWindowMessage(e){if(this.logger.trace("NativeMessageHandler - onWindowMessage called"),e.source!==window)return;const t=e.data;if(!(!t.channel\|\|t.channel!==$e.CHANNEL_ID)&&!(t.extensionId&&t.extensionId!==this.extensionId)&&t.body.method===Le.HandshakeRequest){const n=this.handshakeResolvers.get(t.responseId);if(!n){this.logger.trace(`NativeMessageHandler.onWindowMessage - resolver can't be found for request ${t.responseId}`);return}this.logger.verbose(t.extensionId?`Extension with id: ${t.extensionId} not installed`:"No extension installed"),clearTimeout(this.timeoutId),this.messageChannel.port1.close(),this.messageChannel.port2.close(),window.removeEventListener("message",this.windowListener,!1),this.handshakeEvent.end({success:!1,extensionInstalled:!1}),n.reject(C(hs))}}onChannelMessage(e){this.logger.trace("NativeMessageHandler - onChannelMessage called.");const t=e.data,n=this.resolvers.get(t.responseId),o=this.handshakeResolvers.get(t.responseId);try{const i=t.body.method;if(i===Le.Response){if(!n)return;const s=t.body.response;if(this.logger.trace("NativeMessageHandler - Received response from browser extension"),this.logger.tracePii(`NativeMessageHandler - Received response from browser extension: ${JSON.stringify(s)}`),s.status!=="Success")n.reject(Bn(s.code,s.description,s.ext));else if(s.result)s.result.code&&s.result.description?n.reject(Bn(s.result.code,s.result.description,s.result.ext)):n.resolve(s.result);else throw kr(zn,"Event does not contain result.");this.resolvers.delete(t.responseId)}else if(i===Le.HandshakeResponse){if(!o){this.logger.trace(`NativeMessageHandler.onChannelMessage - resolver can't be found for request ${t.responseId}`);return}clearTimeout(this.timeoutId),window.removeEventListener("message",this.windowListener,!1),this.extensionId=t.extensionId,this.extensionVersion=t.body.version,this.logger.verbose(`NativeMessageHandler - Received HandshakeResponse from extension: ${this.extensionId}`),this.handshakeEvent.end({extensionInstalled:!0,success:!0}),o.resolve(),this.handshakeResolvers.delete(t.responseId)}}catch(i){this.logger.error("Error parsing response from WAM Extension"),this.logger.errorPii(`Error parsing response from WAM Extension: ${i}`),this.logger.errorPii(`Unable to parse ${e}`),n?n.reject(i):o&&o.reject(i)}}getExtensionId(){return this.extensionId}getExtensionVersion(){return this.extensionVersion}static isPlatformBrokerAvailable(e,t,n,o){if(t.trace("isPlatformBrokerAvailable called"),!e.system.allowPlatformBroker)return t.trace("isPlatformBrokerAvailable: allowPlatformBroker is not enabled, returning false"),!1;if(!n)return t.trace("isPlatformBrokerAvailable: Platform extension provider is not initialized, returning false"),!1;if(o)switch(o){case _.BEARER:case _.POP:return t.trace("isPlatformBrokerAvailable: authenticationScheme is supported, returning true"),!0;default:return t.trace("isPlatformBrokerAvailable: authenticationScheme is not supported, returning false"),!1}return!0}}/! @azure/msal-browser v4.9.0 2025-03-25 /function gd(r,e){if(!e)return null;try{return Ze.parseRequestState(r,e).libraryState.meta}catch{throw p(je)}}/! @azure/msal-browser v4.9.0 2025-03-25 /function Yt(r,e,t){const n=xt(r);if(!n)throw di(r)?(t.error(`A ${e} is present in the iframe but it does not contain known properties. It's likely that the ${e} has been replaced by code running on the redirectUri page.`),t.errorPii(`The ${e} detected is: ${r}`),C(qi)):(t.error(`The request has returned to the redirectUri but a ${e} is not present. It's likely that the ${e} has been removed or the page has been redirected by code running on the redirectUri page.`),C(zi));return n}function fd(r,e,t){if(!r.state)throw C(Io);const n=gd(e,r.state);if(!n)throw C($i);if(n.interactionType!==t)throw C(Vi)}/! @azure/msal-browser v4.9.0 2025-03-25 /class Ks{constructor(e,t,n,o,i){this.authModule=e,this.browserStorage=t,this.authCodeRequest=n,this.logger=o,this.performanceClient=i}async handleCodeResponse(e,t){this.performanceClient.addQueueMeasurement(l.HandleCodeResponse,t.correlationId);let n;try{n=el(e,t.state)}catch(o){throw o instanceof Ne&&o.subError===ft?C(ft):o}return f(this.handleCodeResponseFromServer.bind(this),l.HandleCodeResponseFromServer,this.logger,this.performanceClient,t.correlationId)(n,t)}async handleCodeResponseFromServer(e,t,n=!0){if(this.performanceClient.addQueueMeasurement(l.HandleCodeResponseFromServer,t.correlationId),this.logger.trace("InteractionHandler.handleCodeResponseFromServer called"),this.authCodeRequest.code=e.code,e.cloud_instance_host_name&&await f(this.authModule.updateAuthority.bind(this.authModule),l.UpdateTokenEndpointAuthority,this.logger,this.performanceClient,t.correlationId)(e.cloud_instance_host_name,t.correlationId),n&&(e.nonce=t.nonce\|\|void 0),e.state=t.state,e.client_info)this.authCodeRequest.clientInfo=e.client_info;else{const i=this.createCcsCredentials(t);i&&(this.authCodeRequest.ccsCredential=i)}return await f(this.authModule.acquireToken.bind(this.authModule),l.AuthClientAcquireToken,this.logger,this.performanceClient,t.correlationId)(this.authCodeRequest,e)}createCcsCredentials(e){return e.account?{credential:e.account.homeAccountId,type:re.HOME_ACCOUNT_ID}:e.loginHint?{credential:e.loginHint,type:re.UPN}:null}}/! @azure/msal-browser v4.9.0 2025-03-25 /class Bs extends nt{async acquireToken(e){this.performanceClient.addQueueMeasurement(l.SilentCacheClientAcquireToken,e.correlationId);const t=this.initializeServerTelemetryManager(O.acquireTokenSilent_silentFlow),n=await f(this.getClientConfiguration.bind(this),l.StandardInteractionClientGetClientConfiguration,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:t,requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,account:e.account}),o=new Jc(n,this.performanceClient);this.logger.verbose("Silent auth client created");try{const s=(await f(o.acquireCachedToken.bind(o),l.SilentFlowClientAcquireCachedToken,this.logger,this.performanceClient,e.correlationId)(e))[0];return this.performanceClient.addFields({fromCache:!0},e.correlationId),s}catch(i){throw i instanceof mt&&i.errorCode===Eo&&this.logger.verbose("Signing keypair for bound access token not found. Refreshing bound access token and generating a new crypto keypair."),i}}logout(e){this.logger.verbose("logoutRedirect called");const t=this.initializeLogoutRequest(e);return this.clearCacheOnLogout(t==null?void 0:t.account)}}/! @azure/msal-browser v4.9.0 2025-03-25 /class Ot extends xs{constructor(e,t,n,o,i,s,a,c,d,h,u,m){var E;super(e,t,n,o,i,s,c,d,m),this.apiId=a,this.accountId=h,this.nativeMessageHandler=d,this.nativeStorageManager=u,this.silentCacheClient=new Bs(e,this.nativeStorageManager,n,o,i,s,c,d,m);const A=this.nativeMessageHandler.getExtensionId()===$e.PREFERRED_EXTENSION_ID?"chrome":(E=this.nativeMessageHandler.getExtensionId())!=null&&E.length?"unknown":void 0;this.skus=gt.makeExtraSkuString({libraryName:Q.MSAL_SKU,libraryVersion:tt,extensionName:A,extensionVersion:this.nativeMessageHandler.getExtensionVersion()})}addRequestSKUs(e){e.extraParameters={...e.extraParameters,[Ac]:this.skus}}async acquireToken(e,t){this.performanceClient.addQueueMeasurement(l.NativeInteractionClientAcquireToken,e.correlationId),this.logger.trace("NativeInteractionClient - acquireToken called.");const n=this.performanceClient.startMeasurement(l.NativeInteractionClientAcquireToken,e.correlationId),o=j(),i=this.initializeServerTelemetryManager(this.apiId);try{const s=await this.initializeNativeRequest(e);try{const u=await this.acquireTokensFromCache(this.accountId,s);return n.end({success:!0,isNativeBroker:!1,fromCache:!0}),u}catch(u){if(t===H.AccessToken)throw this.logger.info("MSAL internal Cache does not contain tokens, return error as per cache policy"),u;this.logger.info("MSAL internal Cache does not contain tokens, proceed to make a native call")}const{...a}=s,c={method:Le.GetToken,request:a},d=await this.nativeMessageHandler.sendMessage(c),h=this.validateNativeResponse(d);return await this.handleNativeResponse(h,s,o).then(u=>(n.end({success:!0,isNativeBroker:!0,requestId:u.requestId}),i.clearNativeBrokerErrorCode(),u)).catch(u=>{throw n.end({success:!1,errorCode:u.errorCode,subErrorCode:u.subError,isNativeBroker:!0}),u})}catch(s){throw s instanceof de&&i.setNativeBrokerErrorCode(s.errorCode),s}}createSilentCacheRequest(e,t){return{authority:e.authority,correlationId:this.correlationId,scopes:M.fromString(e.scope).asArray(),account:t,forceRefresh:!1}}async acquireTokensFromCache(e,t){if(!e)throw this.logger.warning("NativeInteractionClient:acquireTokensFromCache - No nativeAccountId provided"),p(Lt);const n=this.browserStorage.getBaseAccountInfo({nativeAccountId:e});if(!n)throw p(Lt);try{const o=this.createSilentCacheRequest(t,n),i=await this.silentCacheClient.acquireToken(o),s={...n,idTokenClaims:i==null?void 0:i.idTokenClaims,idToken:i==null?void 0:i.idToken};return{...i,account:s}}catch(o){throw o}}async acquireTokenRedirect(e,t){this.logger.trace("NativeInteractionClient - acquireTokenRedirect called.");const{...n}=e;delete n.onRedirectNavigate;const o=await this.initializeNativeRequest(n),i={method:Le.GetToken,request:o};try{const c=await this.nativeMessageHandler.sendMessage(i);this.validateNativeResponse(c)}catch(c){if(c instanceof de&&(this.initializeServerTelemetryManager(this.apiId).setNativeBrokerErrorCode(c.errorCode),qe(c)))throw c}this.browserStorage.setTemporaryCache(U.NATIVE_REQUEST,JSON.stringify(o),!0);const s={apiId:O.acquireTokenRedirect,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},a=this.config.auth.navigateToLoginRequestUrl?window.location.href:this.getRedirectUri(e.redirectUri);t.end({success:!0}),await this.navigationClient.navigateExternal(a,s)}async handleRedirectPromise(e,t){if(this.logger.trace("NativeInteractionClient - handleRedirectPromise called."),!this.browserStorage.isInteractionInProgress(!0))return this.logger.info("handleRedirectPromise called but there is no interaction in progress, returning null."),null;const n=this.browserStorage.getCachedNativeRequest();if(!n)return this.logger.verbose("NativeInteractionClient - handleRedirectPromise called but there is no cached request, returning null."),e&&t&&(e==null\|\|e.addFields({errorCode:"no_cached_request"},t)),null;const{prompt:o,...i}=n;o&&this.logger.verbose("NativeInteractionClient - handleRedirectPromise called and prompt was included in the original request, removing prompt from cached request to prevent second interaction with native broker window."),this.browserStorage.removeItem(this.browserStorage.generateCacheKey(U.NATIVE_REQUEST));const s={method:Le.GetToken,request:i},a=j();try{this.logger.verbose("NativeInteractionClient - handleRedirectPromise sending message to native broker.");const c=await this.nativeMessageHandler.sendMessage(s);this.validateNativeResponse(c);const h=await this.handleNativeResponse(c,i,a);return this.initializeServerTelemetryManager(this.apiId).clearNativeBrokerErrorCode(),h}catch(c){throw c}}logout(){return this.logger.trace("NativeInteractionClient - logout called."),Promise.reject("Logout not implemented yet")}async handleNativeResponse(e,t,n){var h,u;this.logger.trace("NativeInteractionClient - handleNativeResponse called.");const o=be(e.id_token,se),i=this.createHomeAccountIdentifier(e,o),s=(h=this.browserStorage.getAccountInfoFilteredBy({nativeAccountId:t.accountId}))==null?void 0:h.homeAccountId;if((u=t.extraParameters)!=null&&u.child_client_id&&e.account.id!==t.accountId)this.logger.info("handleNativeServerResponse: Double broker flow detected, ignoring accountId mismatch");else if(i!==s&&e.account.id!==t.accountId)throw Bn(Fs);const a=await this.getDiscoveredAuthority({requestAuthority:t.authority}),c=mo(this.browserStorage,a,i,se,o,e.client_info,void 0,o.tid,void 0,e.account.id,this.logger);e.expires_in=Number(e.expires_in);const d=await this.generateAuthenticationResult(e,t,o,c,a.canonicalAuthority,n);return await this.cacheAccount(c),await this.cacheNativeTokens(e,t,i,o,e.access_token,d.tenantId,n),d}createHomeAccountIdentifier(e,t){return q.generateHomeAccountId(e.client_info\|\|g.EMPTY_STRING,oe.Default,this.logger,this.browserCrypto,t)}generateScopes(e,t){return e.scope?M.fromString(e.scope):M.fromString(t.scope)}async generatePopAccessToken(e,t){if(t.tokenType===_.POP&&t.signPopToken){if(e.shr)return this.logger.trace("handleNativeServerResponse: SHR is enabled in native layer"),e.shr;const n=new We(this.browserCrypto),o={resourceRequestMethod:t.resourceRequestMethod,resourceRequestUri:t.resourceRequestUri,shrClaims:t.shrClaims,shrNonce:t.shrNonce};if(!t.keyId)throw p(jn);return n.signPopToken(e.access_token,t.keyId,o)}else return e.access_token}async generateAuthenticationResult(e,t,n,o,i,s){const a=this.addTelemetryFromNativeResponse(e),c=e.scope?M.fromString(e.scope):M.fromString(t.scope),d=e.account.properties\|\|{},h=d.UID\|\|n.oid\|\|n.sub\|\|g.EMPTY_STRING,u=d.TenantId\|\|n.tid\|\|g.EMPTY_STRING,m=to(o.getAccountInfo(),void 0,n,e.id_token);m.nativeAccountId!==e.account.id&&(m.nativeAccountId=e.account.id);const A=await this.generatePopAccessToken(e,t),E=t.tokenType===_.POP?_.POP:_.BEARER;return{authority:i,uniqueId:h,tenantId:u,scopes:c.asArray(),account:m,idToken:e.id_token,idTokenClaims:n,accessToken:A,fromCache:a?this.isResponseFromCache(a):!1,expiresOn:Te(s+e.expires_in),tokenType:E,correlationId:this.correlationId,state:e.state,fromNativeBroker:!0}}async cacheAccount(e){await this.browserStorage.setAccount(e,this.correlationId),this.browserStorage.removeAccountContext(e).catch(t=>{this.logger.error(`Error occurred while removing account context from browser storage. ${t}`)})}cacheNativeTokens(e,t,n,o,i,s,a){const c=Jt(n,t.authority,e.id_token\|\|"",t.clientId,o.tid\|\|""),d=t.tokenType===_.POP?g.SHR_NONCE_VALIDITY:(typeof e.expires_in=="string"?parseInt(e.expires_in,10):e.expires_in)\|\|0,h=a+d,u=this.generateScopes(e,t),m=Xt(n,t.authority,i,t.clientId,o.tid\|\|s,u.printScopes(),h,0,se,void 0,t.tokenType,void 0,t.keyId),A={idToken:c,accessToken:m};return this.nativeStorageManager.saveCacheRecord(A,this.correlationId,t.storeInCache)}addTelemetryFromNativeResponse(e){const t=this.getMATSFromResponse(e);return t?(this.performanceClient.addFields({extensionId:this.nativeMessageHandler.getExtensionId(),extensionVersion:this.nativeMessageHandler.getExtensionVersion(),matsBrokerVersion:t.broker_version,matsAccountJoinOnStart:t.account_join_on_start,matsAccountJoinOnEnd:t.account_join_on_end,matsDeviceJoin:t.device_join,matsPromptBehavior:t.prompt_behavior,matsApiErrorCode:t.api_error_code,matsUiVisible:t.ui_visible,matsSilentCode:t.silent_code,matsSilentBiSubCode:t.silent_bi_sub_code,matsSilentMessage:t.silent_message,matsSilentStatus:t.silent_status,matsHttpStatus:t.http_status,matsHttpEventCount:t.http_event_count},this.correlationId),t):null}validateNativeResponse(e){if(e.hasOwnProperty("access_token")&&e.hasOwnProperty("id_token")&&e.hasOwnProperty("client_info")&&e.hasOwnProperty("account")&&e.hasOwnProperty("scope")&&e.hasOwnProperty("expires_in"))return e;throw kr(zn,"Response missing expected properties.")}getMATSFromResponse(e){if(e.properties.MATS)try{return JSON.parse(e.properties.MATS)}catch{this.logger.error("NativeInteractionClient - Error parsing MATS telemetry, returning null instead")}return null}isResponseFromCache(e){return typeof e.is_cached>"u"?(this.logger.verbose("NativeInteractionClient - MATS telemetry does not contain field indicating if response was served from cache. Returning false."),!1):!!e.is_cached}async initializeNativeRequest(e){this.logger.trace("NativeInteractionClient - initializeNativeRequest called");const t=e.authority\|\|this.config.auth.authority;e.account&&await this.getDiscoveredAuthority({requestAuthority:t,requestAzureCloudOptions:e.azureCloudOptions,account:e.account});const n=new S(t);n.validateAsUri();const{scopes:o,...i}=e,s=new M(o\|\|[]);s.appendScopes(Be);const a=()=>{switch(this.apiId){case O.ssoSilent:case O.acquireTokenSilent_silentFlow:return this.logger.trace("initializeNativeRequest: silent request sets prompt to none"),K.NONE}if(!e.prompt){this.logger.trace("initializeNativeRequest: prompt was not provided");return}switch(e.prompt){case K.NONE:case K.CONSENT:case K.LOGIN:return this.logger.trace("initializeNativeRequest: prompt is compatible with native flow"),e.prompt;default:throw this.logger.trace(`initializeNativeRequest: prompt = ${e.prompt} is not compatible with native flow`),C(us)}},c={...i,accountId:this.accountId,clientId:this.config.auth.clientId,authority:n.urlString,scope:s.printScopes(),redirectUri:this.getRedirectUri(e.redirectUri),prompt:a(),correlationId:this.correlationId,tokenType:e.authenticationScheme,windowTitleSubstring:document.title,extraParameters:{...e.extraQueryParameters,...e.tokenQueryParameters},extendedExpiryToken:!1,keyId:e.popKid};if(c.signPopToken&&e.popKid)throw C(fs);if(this.handleExtraBrokerParams(c),c.extraParameters=c.extraParameters\|\|{},c.extraParameters.telemetry=$e.MATS_TELEMETRY,e.authenticationScheme===_.POP){const d={resourceRequestUri:e.resourceRequestUri,resourceRequestMethod:e.resourceRequestMethod,shrClaims:e.shrClaims,shrNonce:e.shrNonce},h=new We(this.browserCrypto);let u;if(c.keyId)u=this.browserCrypto.base64UrlEncode(JSON.stringify({kid:c.keyId})),c.signPopToken=!1;else{const m=await f(h.generateCnf.bind(h),l.PopTokenGenerateCnf,this.logger,this.performanceClient,e.correlationId)(d,this.logger);u=m.reqCnfString,c.keyId=m.kid,c.signPopToken=!0}c.reqCnf=u}return this.addRequestSKUs(c),c}handleExtraBrokerParams(e){var i;const t=e.extraParameters&&e.extraParameters.hasOwnProperty(Kt)&&e.extraParameters.hasOwnProperty(Bt)&&e.extraParameters.hasOwnProperty(xe);if(!e.embeddedClientId&&!t)return;let n="";const o=e.redirectUri;e.embeddedClientId?(e.redirectUri=this.config.auth.redirectUri,n=e.embeddedClientId):e.extraParameters&&(e.redirectUri=e.extraParameters[Bt],n=e.extraParameters[xe]),e.extraParameters={child_client_id:n,child_redirect_uri:o},(i=this.performanceClient)==null\|\|i.addFields({embeddedClientId:n,embeddedRedirectUri:o},e.correlationId)}}/! @azure/msal-browser v4.9.0 2025-03-25 /async function Gs(r,e,t,n,o){const i=Zc({...r.auth,authority:e},t,n,o);if(lo(i,{sku:Q.MSAL_SKU,version:tt,os:"",cpu:""}),r.auth.protocolMode!==Y.OIDC&&ho(i,r.telemetry.application),t.platformBroker&&(vc(i),t.authenticationScheme===_.POP)){const s=new ue(n,o),a=new We(s);let c;t.popKid?c=s.encodeKid(t.popKid):c=(await f(a.generateCnf.bind(a),l.PopTokenGenerateCnf,n,o,t.correlationId)(t,n)).reqCnfString,go(i,c)}return on(i,t.correlationId,o),i}async function Ho(r,e,t,n,o){if(!t.codeChallenge)throw b(en);const i=await f(Gs,l.GetStandardParams,n,o,t.correlationId)(r,e,t,n,o);return Ti(i,vr.CODE),Oc(i,t.codeChallenge,g.S256_CODE_CHALLENGE_METHOD),He(i,t.extraQueryParameters\|\|{}),Di(e,i)}async function Do(r,e,t,n,o,i){if(!n.earJwk)throw C(Ao);const s=await Gs(e,t,n,o,i);Ti(s,vr.IDTOKEN_TOKEN_REFRESHTOKEN),Lc(s,n.earJwk);const a=new Map;He(a,n.extraQueryParameters\|\|{});const c=Di(t,a);return pd(r,c,s)}function pd(r,e,t){const n=r.createElement("form");return n.method="post",n.action=e,t.forEach((o,i)=>{const s=r.createElement("input");s.hidden=!0,s.name=i,s.value=o,n.appendChild(s)}),r.body.appendChild(n),n}async function zs(r,e,t,n,o,i,s,a,c,d){if(!d)throw C(vo);const h=new ue(a,c),u=new Ot(n,o,h,a,s,n.system.navigationClient,t,c,d,e,i,r.correlationId),{userRequestState:m}=Ze.parseRequestState(h,r.state);return f(u.acquireToken.bind(u),l.NativeInteractionClientAcquireToken,a,c,r.correlationId)({...r,state:m,prompt:void 0})}async function xo(r,e,t,n,o,i,s,a,c,d,h,u){if(le.removeThrottle(s,o.auth.clientId,r),e.accountId)return f(zs,l.HandleResponsePlatformBroker,d,h,r.correlationId)(r,e.accountId,n,o,s,a,c,d,h,u);const m={...r,code:e.code\|\|"",codeVerifier:t},A=new Ks(i,s,m,d,h);return await f(A.handleCodeResponse.bind(A),l.HandleCodeResponse,d,h,r.correlationId)(e,r)}async function Fo(r,e,t,n,o,i,s,a,c,d,h){if(le.removeThrottle(i,n.auth.clientId,r),xi(e,r.state),!e.ear_jwe)throw C(Gi);if(!r.earJwk)throw C(Ao);const u=JSON.parse(await f(Ol,l.DecryptEarResponse,c,d,r.correlationId)(r.earJwk,e.ear_jwe));if(u.accountId)return f(zs,l.HandleResponsePlatformBroker,c,d,r.correlationId)(r,u.accountId,t,n,i,s,a,c,d,h);const m=new Fe(n.auth.clientId,i,new ue(c,d),c,null,null,d);m.validateTokenResponse(u);const A={code:"",state:r.state,nonce:r.nonce,client_info:u.client_info,cloud_graph_host_name:u.cloud_graph_host_name,cloud_instance_host_name:u.cloud_instance_host_name,cloud_instance_name:u.cloud_instance_name,msgraph_host:u.msgraph_host};return await f(m.handleServerTokenResponse.bind(m),l.HandleServerTokenResponse,c,d,r.correlationId)(u,o,j(),r,A,void 0,void 0,void 0,void 0)}/! @azure/msal-browser v4.9.0 2025-03-25 /const md=32;async function pn(r,e,t){r.addQueueMeasurement(l.GeneratePkceCodes,t);const n=ae(Cd,l.GenerateCodeVerifier,e,r,t)(r,e,t),o=await f(yd,l.GenerateCodeChallengeFromVerifier,e,r,t)(n,r,e,t);return{verifier:n,challenge:o}}function Cd(r,e,t){try{const n=new Uint8Array(md);return ae(Sl,l.GetRandomValues,e,r,t)(n),Oe(n)}catch{throw C(To)}}async function yd(r,e,t,n){e.addQueueMeasurement(l.GenerateCodeChallengeFromVerifier,n);try{const o=await f(Is,l.Sha256Digest,t,e,n)(r,e,n);return Oe(new Uint8Array(o))}catch{throw C(To)}}/! @azure/msal-browser v4.9.0 2025-03-25 /class Td extends nt{constructor(e,t,n,o,i,s,a,c,d,h){super(e,t,n,o,i,s,a,d,h),this.unloadWindow=this.unloadWindow.bind(this),this.nativeStorage=c,this.eventHandler=i}acquireToken(e,t){try{const o={popupName:this.generatePopupName(e.scopes\|\|Be,e.authority\|\|this.config.auth.authority),popupWindowAttributes:e.popupWindowAttributes\|\|{},popupWindowParent:e.popupWindowParent??window};return this.performanceClient.addFields({isAsyncPopup:this.config.system.asyncPopups},this.correlationId),this.config.system.asyncPopups?(this.logger.verbose("asyncPopups set to true, acquiring token"),this.acquireTokenPopupAsync(e,o,t)):(this.logger.verbose("asyncPopup set to false, opening popup before acquiring token"),o.popup=this.openSizedPopup("about:blank",o),this.acquireTokenPopupAsync(e,o,t))}catch(n){return Promise.reject(n)}}logout(e){try{this.logger.verbose("logoutPopup called");const t=this.initializeLogoutRequest(e),n={popupName:this.generateLogoutPopupName(t),popupWindowAttributes:(e==null?void 0:e.popupWindowAttributes)\|\|{},popupWindowParent:(e==null?void 0:e.popupWindowParent)??window},o=e&&e.authority,i=e&&e.mainWindowRedirectUri;return this.config.system.asyncPopups?(this.logger.verbose("asyncPopups set to true"),this.logoutPopupAsync(t,n,o,i)):(this.logger.verbose("asyncPopup set to false, opening popup"),n.popup=this.openSizedPopup("about:blank",n),this.logoutPopupAsync(t,n,o,i))}catch(t){return Promise.reject(t)}}async acquireTokenPopupAsync(e,t,n){this.logger.verbose("acquireTokenPopupAsync called");const o=await f(this.initializeAuthorizationRequest.bind(this),l.StandardInteractionClientInitializeAuthorizationRequest,this.logger,this.performanceClient,this.correlationId)(e,T.Popup);t.popup&&Rs(o.authority);const i=he.isPlatformBrokerAvailable(this.config,this.logger,this.nativeMessageHandler,e.authenticationScheme);return o.platformBroker=i,this.config.auth.protocolMode===Y.EAR?this.executeEarFlow(o,t):this.executeCodeFlow(o,t,n)}async executeCodeFlow(e,t,n){var c;const o=e.correlationId,i=this.initializeServerTelemetryManager(O.acquireTokenPopup),s=n\|\|await f(pn,l.GeneratePkceCodes,this.logger,this.performanceClient,o)(this.performanceClient,this.logger,o),a={...e,codeChallenge:s.challenge};try{const d=await f(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,o)({serverTelemetryManager:i,requestAuthority:a.authority,requestAzureCloudOptions:a.azureCloudOptions,requestExtraQueryParameters:a.extraQueryParameters,account:a.account}),h=await f(Ho,l.GetAuthCodeUrl,this.logger,this.performanceClient,o)(this.config,d.authority,a,this.logger,this.performanceClient),u=this.initiateAuthRequest(h,t);this.eventHandler.emitEvent(y.POPUP_OPENED,T.Popup,{popupWindow:u},null);const m=await this.monitorPopupForHash(u,t.popupWindowParent),A=ae(Yt,l.DeserializeResponse,this.logger,this.performanceClient,this.correlationId)(m,this.config.auth.OIDCOptions.serverResponseType,this.logger);return await f(xo,l.HandleResponseCode,this.logger,this.performanceClient,o)(e,A,s.verifier,O.acquireTokenPopup,this.config,d,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.nativeMessageHandler)}catch(d){throw(c=t.popup)==null\|\|c.close(),d instanceof R&&(d.setCorrelationId(this.correlationId),i.cacheFailedRequest(d)),d}}async executeEarFlow(e,t){const n=e.correlationId,o=await f(this.getDiscoveredAuthority.bind(this),l.StandardInteractionClientGetDiscoveredAuthority,this.logger,this.performanceClient,n)({requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account}),i=await f(bo,l.GenerateEarKey,this.logger,this.performanceClient,n)(),s={...e,earJwk:i},a=t.popup\|\|this.openPopup("about:blank",t);(await Do(a.document,this.config,o,s,this.logger,this.performanceClient)).submit();const d=await f(this.monitorPopupForHash.bind(this),l.SilentHandlerMonitorIframeForHash,this.logger,this.performanceClient,n)(a,t.popupWindowParent),h=ae(Yt,l.DeserializeResponse,this.logger,this.performanceClient,this.correlationId)(d,this.config.auth.OIDCOptions.serverResponseType,this.logger);return f(Fo,l.HandleResponseEar,this.logger,this.performanceClient,n)(s,h,O.acquireTokenPopup,this.config,o,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.nativeMessageHandler)}async logoutPopupAsync(e,t,n,o){var s,a,c,d;this.logger.verbose("logoutPopupAsync called"),this.eventHandler.emitEvent(y.LOGOUT_START,T.Popup,e);const i=this.initializeServerTelemetryManager(O.logoutPopup);try{await this.clearCacheOnLogout(e.account);const h=await f(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:i,requestAuthority:n,account:e.account\|\|void 0});try{h.authority.endSessionEndpoint}catch{if((s=e.account)!=null&&s.homeAccountId&&e.postLogoutRedirectUri&&h.authority.protocolMode===Y.OIDC){if(this.browserStorage.removeAccount((a=e.account)==null?void 0:a.homeAccountId),this.eventHandler.emitEvent(y.LOGOUT_SUCCESS,T.Popup,e),o){const A={apiId:O.logoutPopup,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},E=S.getAbsoluteUrl(o,Ce());await this.navigationClient.navigateInternal(E,A)}(c=t.popup)==null\|\|c.close();return}}const u=h.getLogoutUri(e);this.eventHandler.emitEvent(y.LOGOUT_SUCCESS,T.Popup,e);const m=this.openPopup(u,t);if(this.eventHandler.emitEvent(y.POPUP_OPENED,T.Popup,{popupWindow:m},null),await this.monitorPopupForHash(m,t.popupWindowParent).catch(()=>{}),o){const A={apiId:O.logoutPopup,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},E=S.getAbsoluteUrl(o,Ce());this.logger.verbose("Redirecting main window to url specified in the request"),this.logger.verbosePii(`Redirecting main window to: ${E}`),await this.navigationClient.navigateInternal(E,A)}else this.logger.verbose("No main window navigation requested")}catch(h){throw(d=t.popup)==null\|\|d.close(),h instanceof R&&(h.setCorrelationId(this.correlationId),i.cacheFailedRequest(h)),this.eventHandler.emitEvent(y.LOGOUT_FAILURE,T.Popup,null,h),this.eventHandler.emitEvent(y.LOGOUT_END,T.Popup),h}this.eventHandler.emitEvent(y.LOGOUT_END,T.Popup)}initiateAuthRequest(e,t){if(e)return this.logger.infoPii(`Navigate to: ${e}`),this.openPopup(e,t);throw this.logger.error("Navigate url is empty"),C(dn)}monitorPopupForHash(e,t){return new Promise((n,o)=>{this.logger.verbose("PopupHandler.monitorPopupForHash - polling started");const i=setInterval(()=>{if(e.closed){this.logger.error("PopupHandler.monitorPopupForHash - window closed"),clearInterval(i),o(C(ft));return}let s="";try{s=e.location.href}catch{}if(!s\|\|s==="about:blank")return;clearInterval(i);let a="";const c=this.config.auth.OIDCOptions.serverResponseType;e&&(c===Wt.QUERY?a=e.location.search:a=e.location.hash),this.logger.verbose("PopupHandler.monitorPopupForHash - popup window is on same origin as caller"),n(a)},this.config.system.pollIntervalMilliseconds)}).finally(()=>{this.cleanPopup(e,t)})}openPopup(e,t){try{let n;if(t.popup?(n=t.popup,this.logger.verbosePii(`Navigating popup window to: ${e}`),n.location.assign(e)):typeof t.popup>"u"&&(this.logger.verbosePii(`Opening popup window to: ${e}`),n=this.openSizedPopup(e,t)),!n)throw C(ji);return n.focus&&n.focus(),this.currentWindow=n,t.popupWindowParent.addEventListener("beforeunload",this.unloadWindow),n}catch(n){throw this.logger.error("error opening popup "+n.message),C(Yi)}}openSizedPopup(e,{popupName:t,popupWindowAttributes:n,popupWindowParent:o}){var A,E,w,D;const i=o.screenLeft?o.screenLeft:o.screenX,s=o.screenTop?o.screenTop:o.screenY,a=o.innerWidth\|\|document.documentElement.clientWidth\|\|document.body.clientWidth,c=o.innerHeight\|\|document.documentElement.clientHeight\|\|document.body.clientHeight;let d=(A=n.popupSize)==null?void 0:A.width,h=(E=n.popupSize)==null?void 0:E.height,u=(w=n.popupPosition)==null?void 0:w.top,m=(D=n.popupPosition)==null?void 0:D.left;return(!d\|\|d<0\|\|d>a)&&(this.logger.verbose("Default popup window width used. Window width not configured or invalid."),d=Q.POPUP_WIDTH),(!h\|\|h<0\|\|h>c)&&(this.logger.verbose("Default popup window height used. Window height not configured or invalid."),h=Q.POPUP_HEIGHT),(!u\|\|u<0\|\|u>c)&&(this.logger.verbose("Default popup window top position used. Window top not configured or invalid."),u=Math.max(0,c/2-Q.POPUP_HEIGHT/2+s)),(!m\|\|m<0\|\|m>a)&&(this.logger.verbose("Default popup window left position used. Window left not configured or invalid."),m=Math.max(0,a/2-Q.POPUP_WIDTH/2+i)),o.open(e,t,`width=${d}, height=${h}, top=${u}, left=${m}, scrollbars=yes`)}unloadWindow(e){this.currentWindow&&this.currentWindow.close(),e.preventDefault()}cleanPopup(e,t){e.close(),t.removeEventListener("beforeunload",this.unloadWindow)}generatePopupName(e,t){return`${Q.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${e.join("-")}.${t}.${this.correlationId}`}generateLogoutPopupName(e){const t=e.account&&e.account.homeAccountId;return`${Q.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${t}.${this.correlationId}`}}/! @azure/msal-browser v4.9.0 2025-03-25 /function Ad(){if(typeof window>"u"\|\|typeof window.performance>"u"\|\|typeof window.performance.getEntriesByType!="function")return;const r=window.performance.getEntriesByType("navigation"),e=r.length?r[0]:void 0;return e==null?void 0:e.type}class Id extends nt{constructor(e,t,n,o,i,s,a,c,d,h){super(e,t,n,o,i,s,a,d,h),this.nativeStorage=c}async acquireToken(e){const t=await f(this.initializeAuthorizationRequest.bind(this),l.StandardInteractionClientInitializeAuthorizationRequest,this.logger,this.performanceClient,this.correlationId)(e,T.Redirect);t.platformBroker=he.isPlatformBrokerAvailable(this.config,this.logger,this.nativeMessageHandler,e.authenticationScheme);const n=i=>{i.persisted&&(this.logger.verbose("Page was restored from back/forward cache. Clearing temporary cache."),this.browserStorage.resetRequestCache(),this.eventHandler.emitEvent(y.RESTORE_FROM_BFCACHE,T.Redirect))},o=this.getRedirectStartPage(e.redirectStartPage);this.logger.verbosePii(`Redirect start page: ${o}`),this.browserStorage.setTemporaryCache(U.ORIGIN_URI,o,!0),window.addEventListener("pageshow",n);try{this.config.auth.protocolMode===Y.EAR?await this.executeEarFlow(t):await this.executeCodeFlow(t,e.onRedirectNavigate)}catch(i){throw i instanceof R&&i.setCorrelationId(this.correlationId),window.removeEventListener("pageshow",n),i}}async executeCodeFlow(e,t){const n=e.correlationId,o=this.initializeServerTelemetryManager(O.acquireTokenRedirect),i=await f(pn,l.GeneratePkceCodes,this.logger,this.performanceClient,n)(this.performanceClient,this.logger,n),s={...e,codeChallenge:i.challenge};this.browserStorage.cacheAuthorizeRequest(s,i.verifier);try{const a=await f(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:o,requestAuthority:s.authority,requestAzureCloudOptions:s.azureCloudOptions,requestExtraQueryParameters:s.extraQueryParameters,account:s.account}),c=await f(Ho,l.GetAuthCodeUrl,this.logger,this.performanceClient,e.correlationId)(this.config,a.authority,s,this.logger,this.performanceClient);return await this.initiateAuthRequest(c,t)}catch(a){throw a instanceof R&&(a.setCorrelationId(this.correlationId),o.cacheFailedRequest(a)),a}}async executeEarFlow(e){const t=e.correlationId,n=await f(this.getDiscoveredAuthority.bind(this),l.StandardInteractionClientGetDiscoveredAuthority,this.logger,this.performanceClient,t)({requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account}),o=await f(bo,l.GenerateEarKey,this.logger,this.performanceClient,t)(),i={...e,earJwk:o};this.browserStorage.cacheAuthorizeRequest(i),(await Do(document,this.config,n,i,this.logger,this.performanceClient)).submit()}async handleRedirectPromise(e="",t,n,o){const i=this.initializeServerTelemetryManager(O.handleRedirectPromise);try{const[s,a]=this.getRedirectResponse(e\|\|"");if(!s)return this.logger.info("handleRedirectPromise did not detect a response as a result of a redirect. Cleaning temporary cache."),this.browserStorage.resetRequestCache(),Ad()!=="back_forward"?o.event.errorCode="no_server_response":this.logger.verbose("Back navigation event detected. Muting no_server_response error"),null;const c=this.browserStorage.getTemporaryCache(U.ORIGIN_URI,!0)\|\|g.EMPTY_STRING,d=S.removeHashFromUrl(c),h=S.removeHashFromUrl(window.location.href);if(d===h&&this.config.auth.navigateToLoginRequestUrl)return this.logger.verbose("Current page is loginRequestUrl, handling response"),c.indexOf("#")>-1&&Hl(c),await this.handleResponse(s,t,n,i);if(this.config.auth.navigateToLoginRequestUrl){if(!Mo()\|\|this.config.system.allowRedirectInIframe){this.browserStorage.setTemporaryCache(U.URL_HASH,a,!0);const u={apiId:O.handleRedirectPromise,timeout:this.config.system.redirectNavigationTimeout,noHistory:!0};let m=!0;if(!c\|\|c==="null"){const A=xl();this.browserStorage.setTemporaryCache(U.ORIGIN_URI,A,!0),this.logger.warning("Unable to get valid login request url from cache, redirecting to home page"),m=await this.navigationClient.navigateInternal(A,u)}else this.logger.verbose(`Navigating to loginRequestUrl: ${c}`),m=await this.navigationClient.navigateInternal(c,u);if(!m)return await this.handleResponse(s,t,n,i)}}else return this.logger.verbose("NavigateToLoginRequestUrl set to false, handling response"),await this.handleResponse(s,t,n,i);return null}catch(s){throw s instanceof R&&(s.setCorrelationId(this.correlationId),i.cacheFailedRequest(s)),s}}getRedirectResponse(e){this.logger.verbose("getRedirectResponseHash called");let t=e;t\|\|(this.config.auth.OIDCOptions.serverResponseType===Wt.QUERY?t=window.location.search:t=window.location.hash);let n=xt(t);if(n){try{fd(n,this.browserCrypto,T.Redirect)}catch(i){return i instanceof R&&this.logger.error(`Interaction type validation failed due to ${i.errorCode}: ${i.errorMessage}`),[null,""]}return Ll(window),this.logger.verbose("Hash contains known properties, returning response hash"),[n,t]}const o=this.browserStorage.getTemporaryCache(U.URL_HASH,!0);return this.browserStorage.removeItem(this.browserStorage.generateCacheKey(U.URL_HASH)),o&&(n=xt(o),n)?(this.logger.verbose("Hash does not contain known properties, returning cached hash"),[n,o]):[null,""]}async handleResponse(e,t,n,o){if(!e.state)throw C(Io);if(e.ear_jwe){const a=await f(this.getDiscoveredAuthority.bind(this),l.StandardInteractionClientGetDiscoveredAuthority,this.logger,this.performanceClient,t.correlationId)({requestAuthority:t.authority,requestAzureCloudOptions:t.azureCloudOptions,requestExtraQueryParameters:t.extraQueryParameters,account:t.account});return f(Fo,l.HandleResponseEar,this.logger,this.performanceClient,t.correlationId)(t,e,O.acquireTokenRedirect,this.config,a,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.nativeMessageHandler)}const s=await f(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:o,requestAuthority:t.authority});return f(xo,l.HandleResponseCode,this.logger,this.performanceClient,t.correlationId)(t,e,n,O.acquireTokenRedirect,this.config,s,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.nativeMessageHandler)}async initiateAuthRequest(e,t){if(this.logger.verbose("RedirectHandler.initiateAuthRequest called"),e){this.logger.infoPii(`RedirectHandler.initiateAuthRequest: Navigate to: ${e}`);const n={apiId:O.acquireTokenRedirect,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},o=t\|\|this.config.auth.onRedirectNavigate;if(typeof o=="function")if(this.logger.verbose("RedirectHandler.initiateAuthRequest: Invoking onRedirectNavigate callback"),o(e)!==!1){this.logger.verbose("RedirectHandler.initiateAuthRequest: onRedirectNavigate did not return false, navigating"),await this.navigationClient.navigateExternal(e,n);return}else{this.logger.verbose("RedirectHandler.initiateAuthRequest: onRedirectNavigate returned false, stopping navigation");return}else{this.logger.verbose("RedirectHandler.initiateAuthRequest: Navigating window to navigate url"),await this.navigationClient.navigateExternal(e,n);return}}else throw this.logger.info("RedirectHandler.initiateAuthRequest: Navigate url is empty"),C(dn)}async logout(e){var o,i;this.logger.verbose("logoutRedirect called");const t=this.initializeLogoutRequest(e),n=this.initializeServerTelemetryManager(O.logout);try{this.eventHandler.emitEvent(y.LOGOUT_START,T.Redirect,e),await this.clearCacheOnLogout(t.account);const s={apiId:O.logout,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},a=await f(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:n,requestAuthority:e&&e.authority,requestExtraQueryParameters:e==null?void 0:e.extraQueryParameters,account:e&&e.account\|\|void 0});if(a.authority.protocolMode===Y.OIDC)try{a.authority.endSessionEndpoint}catch{if((o=t.account)!=null&&o.homeAccountId){this.browserStorage.removeAccount((i=t.account)==null?void 0:i.homeAccountId),this.eventHandler.emitEvent(y.LOGOUT_SUCCESS,T.Redirect,t);return}}const c=a.getLogoutUri(t);if(this.eventHandler.emitEvent(y.LOGOUT_SUCCESS,T.Redirect,t),e&&typeof e.onRedirectNavigate=="function")if(e.onRedirectNavigate(c)!==!1){this.logger.verbose("Logout onRedirectNavigate did not return false, navigating"),this.browserStorage.getInteractionInProgress()\|\|this.browserStorage.setInteractionInProgress(!0),await this.navigationClient.navigateExternal(c,s);return}else this.browserStorage.setInteractionInProgress(!1),this.logger.verbose("Logout onRedirectNavigate returned false, stopping navigation");else{this.browserStorage.getInteractionInProgress()\|\|this.browserStorage.setInteractionInProgress(!0),await this.navigationClient.navigateExternal(c,s);return}}catch(s){throw s instanceof R&&(s.setCorrelationId(this.correlationId),n.cacheFailedRequest(s)),this.eventHandler.emitEvent(y.LOGOUT_FAILURE,T.Redirect,null,s),this.eventHandler.emitEvent(y.LOGOUT_END,T.Redirect),s}this.eventHandler.emitEvent(y.LOGOUT_END,T.Redirect)}getRedirectStartPage(e){const t=e\|\|window.location.href;return S.getAbsoluteUrl(t,Ce())}}/! @azure/msal-browser v4.9.0 2025-03-25 /async function Ed(r,e,t,n,o){if(e.addQueueMeasurement(l.SilentHandlerInitiateAuthRequest,n),!r)throw t.info("Navigate url is empty"),C(dn);return o?f(vd,l.SilentHandlerLoadFrame,t,e,n)(r,o,e,n):ae(Sd,l.SilentHandlerLoadFrameSync,t,e,n)(r)}async function wd(r,e,t,n,o){const i=Ko();if(!i.contentDocument)throw"No document associated with iframe!";return(await Do(i.contentDocument,r,e,t,n,o)).submit(),i}async function Ir(r,e,t,n,o,i,s){return n.addQueueMeasurement(l.SilentHandlerMonitorIframeForHash,i),new Promise((a,c)=>{e<Hn&&o.warning(`system.loadFrameTimeout or system.iframeHashTimeout set to lower (${e}ms) than the default (${Hn}ms). This may result in timeouts.`);const d=window.setTimeout(()=>{window.clearInterval(h),c(C(Wi))},e),h=window.setInterval(()=>{let u="";const m=r.contentWindow;try{u=m?m.location.href:""}catch{}if(!u\|\|u==="about:blank")return;let A="";m&&(s===Wt.QUERY?A=m.location.search:A=m.location.hash),window.clearTimeout(d),window.clearInterval(h),a(A)},t)}).finally(()=>{ae(kd,l.RemoveHiddenIframe,o,n,i)(r)})}function vd(r,e,t,n){return t.addQueueMeasurement(l.SilentHandlerLoadFrame,n),new Promise((o,i)=>{const s=Ko();window.setTimeout(()=>{if(!s){i("Unable to load iframe");return}s.src=r,o(s)},e)})}function Sd(r){const e=Ko();return e.src=r,e}function Ko(){const r=document.createElement("iframe");return r.className="msalSilentIframe",r.style.visibility="hidden",r.style.position="absolute",r.style.width=r.style.height="0",r.style.border="0",r.setAttribute("sandbox","allow-scripts allow-same-origin allow-forms"),document.body.appendChild(r),r}function kd(r){document.body===r.parentNode&&document.body.removeChild(r)}/! @azure/msal-browser v4.9.0 2025-03-25 /class _d extends nt{constructor(e,t,n,o,i,s,a,c,d,h,u){super(e,t,n,o,i,s,c,h,u),this.apiId=a,this.nativeStorage=d}async acquireToken(e){this.performanceClient.addQueueMeasurement(l.SilentIframeClientAcquireToken,e.correlationId),!e.loginHint&&!e.sid&&(!e.account\|\|!e.account.username)&&this.logger.warning("No user hint provided. The authorization server may need more information to complete this request.");const t={...e};t.prompt?t.prompt!==K.NONE&&t.prompt!==K.NO_SESSION&&(this.logger.warning(`SilentIframeClient. Replacing invalid prompt ${t.prompt} with ${K.NONE}`),t.prompt=K.NONE):t.prompt=K.NONE;const n=await f(this.initializeAuthorizationRequest.bind(this),l.StandardInteractionClientInitializeAuthorizationRequest,this.logger,this.performanceClient,e.correlationId)(t,T.Silent);return n.platformBroker=he.isPlatformBrokerAvailable(this.config,this.logger,this.nativeMessageHandler,n.authenticationScheme),Rs(n.authority),this.config.auth.protocolMode===Y.EAR?this.executeEarFlow(n):this.executeCodeFlow(n)}async executeCodeFlow(e){let t;const n=this.initializeServerTelemetryManager(this.apiId);try{return t=await f(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,e.correlationId)({serverTelemetryManager:n,requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account}),await f(this.silentTokenHelper.bind(this),l.SilentIframeClientTokenHelper,this.logger,this.performanceClient,e.correlationId)(t,e)}catch(o){if(o instanceof R&&(o.setCorrelationId(this.correlationId),n.cacheFailedRequest(o)),!t\|\|!(o instanceof R)\|\|o.errorCode!==Q.INVALID_GRANT_ERROR)throw o;return this.performanceClient.addFields({retryError:o.errorCode},this.correlationId),await f(this.silentTokenHelper.bind(this),l.SilentIframeClientTokenHelper,this.logger,this.performanceClient,this.correlationId)(t,e)}}async executeEarFlow(e){const t=e.correlationId,n=await f(this.getDiscoveredAuthority.bind(this),l.StandardInteractionClientGetDiscoveredAuthority,this.logger,this.performanceClient,t)({requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account}),o=await f(bo,l.GenerateEarKey,this.logger,this.performanceClient,t)(),i={...e,earJwk:o},s=await f(wd,l.SilentHandlerInitiateAuthRequest,this.logger,this.performanceClient,t)(this.config,n,i,this.logger,this.performanceClient),a=this.config.auth.OIDCOptions.serverResponseType,c=await f(Ir,l.SilentHandlerMonitorIframeForHash,this.logger,this.performanceClient,t)(s,this.config.system.iframeHashTimeout,this.config.system.pollIntervalMilliseconds,this.performanceClient,this.logger,t,a),d=ae(Yt,l.DeserializeResponse,this.logger,this.performanceClient,t)(c,a,this.logger);return f(Fo,l.HandleResponseEar,this.logger,this.performanceClient,t)(i,d,this.apiId,this.config,n,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.nativeMessageHandler)}logout(){return Promise.reject(C(hn))}async silentTokenHelper(e,t){const n=t.correlationId;this.performanceClient.addQueueMeasurement(l.SilentIframeClientTokenHelper,n);const o=await f(pn,l.GeneratePkceCodes,this.logger,this.performanceClient,n)(this.performanceClient,this.logger,n),i={...t,codeChallenge:o.challenge},s=await f(Ho,l.GetAuthCodeUrl,this.logger,this.performanceClient,n)(this.config,e.authority,i,this.logger,this.performanceClient),a=await f(Ed,l.SilentHandlerInitiateAuthRequest,this.logger,this.performanceClient,n)(s,this.performanceClient,this.logger,n,this.config.system.navigateFrameWait),c=this.config.auth.OIDCOptions.serverResponseType,d=await f(Ir,l.SilentHandlerMonitorIframeForHash,this.logger,this.performanceClient,n)(a,this.config.system.iframeHashTimeout,this.config.system.pollIntervalMilliseconds,this.performanceClient,this.logger,n,c),h=ae(Yt,l.DeserializeResponse,this.logger,this.performanceClient,n)(d,c,this.logger);return f(xo,l.HandleResponseCode,this.logger,this.performanceClient,n)(t,h,o.verifier,this.apiId,this.config,e,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.nativeMessageHandler)}}/! @azure/msal-browser v4.9.0 2025-03-25 /class Rd extends nt{async acquireToken(e){this.performanceClient.addQueueMeasurement(l.SilentRefreshClientAcquireToken,e.correlationId);const t=await f(Lo,l.InitializeBaseRequest,this.logger,this.performanceClient,e.correlationId)(e,this.config,this.performanceClient,this.logger),n={...e,...t};e.redirectUri&&(n.redirectUri=this.getRedirectUri(e.redirectUri));const o=this.initializeServerTelemetryManager(O.acquireTokenSilent_silentFlow),i=await this.createRefreshTokenClient({serverTelemetryManager:o,authorityUrl:n.authority,azureCloudOptions:n.azureCloudOptions,account:n.account});return f(i.acquireTokenByRefreshToken.bind(i),l.RefreshTokenClientAcquireTokenByRefreshToken,this.logger,this.performanceClient,e.correlationId)(n).catch(s=>{throw s.setCorrelationId(this.correlationId),o.cacheFailedRequest(s),s})}logout(){return Promise.reject(C(hn))}async createRefreshTokenClient(e){const t=await f(this.getClientConfiguration.bind(this),l.StandardInteractionClientGetClientConfiguration,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:e.serverTelemetryManager,requestAuthority:e.authorityUrl,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account});return new Wc(t,this.performanceClient)}}/! @azure/msal-browser v4.9.0 2025-03-25 /class bd{constructor(e,t,n,o){this.isBrowserEnvironment=typeof window<"u",this.config=e,this.storage=t,this.logger=n,this.cryptoObj=o}async loadExternalTokens(e,t,n){if(!this.isBrowserEnvironment)throw C(un);const o=e.correlationId\|\|Z(),i=t.id_token?be(t.id_token,se):void 0,s={protocolMode:this.config.auth.protocolMode,knownAuthorities:this.config.auth.knownAuthorities,cloudDiscoveryMetadata:this.config.auth.cloudDiscoveryMetadata,authorityMetadata:this.config.auth.authorityMetadata,skipAuthorityMetadataCache:this.config.auth.skipAuthorityMetadataCache},a=e.authority?new G(G.generateAuthority(e.authority,e.azureCloudOptions),this.config.system.networkClient,this.storage,s,this.logger,e.correlationId\|\|Z()):void 0,c=await this.loadAccount(e,n.clientInfo\|\|t.client_info\|\|"",o,i,a),d=await this.loadIdToken(t,c.homeAccountId,c.environment,c.realm,o),h=await this.loadAccessToken(e,t,c.homeAccountId,c.environment,c.realm,n,o),u=await this.loadRefreshToken(t,c.homeAccountId,c.environment,o);return this.generateAuthenticationResult(e,{account:c,idToken:d,accessToken:h,refreshToken:u},i,a)}async loadAccount(e,t,n,o,i){if(this.logger.verbose("TokenCache - loading account"),e.account){const d=q.createFromAccountInfo(e.account);return await this.storage.setAccount(d,n),d}else if(!i\|\|!t&&!o)throw this.logger.error("TokenCache - if an account is not provided on the request, authority and either clientInfo or idToken must be provided instead."),C(is);const s=q.generateHomeAccountId(t,i.authorityType,this.logger,this.cryptoObj,o),a=o==null?void 0:o.tid,c=mo(this.storage,i,s,se,o,t,i.hostnameAndPort,a,void 0,void 0,this.logger);return await this.storage.setAccount(c,n),c}async loadIdToken(e,t,n,o,i){if(!e.id_token)return this.logger.verbose("TokenCache - no id token found in response"),null;this.logger.verbose("TokenCache - loading id token");const s=Jt(t,n,e.id_token,this.config.auth.clientId,o);return await this.storage.setIdTokenCredential(s,i),s}async loadAccessToken(e,t,n,o,i,s,a){if(t.access_token)if(t.expires_in){if(!t.scope&&(!e.scopes\|\|!e.scopes.length))return this.logger.error("TokenCache - scopes not specified in the request or response. Cannot add token to the cache."),null}else return this.logger.error("TokenCache - no expiration set on the access token. Cannot add it to the cache."),null;else return this.logger.verbose("TokenCache - no access token found in response"),null;this.logger.verbose("TokenCache - loading access token");const c=t.scope?M.fromString(t.scope):new M(e.scopes),d=s.expiresOn\|\|t.expires_in+j(),h=s.extendedExpiresOn\|\|(t.ext_expires_in\|\|t.expires_in)+j(),u=Xt(n,o,t.access_token,this.config.auth.clientId,i,c.printScopes(),d,h,se);return await this.storage.setAccessTokenCredential(u,a),u}async loadRefreshToken(e,t,n,o){if(!e.refresh_token)return this.logger.verbose("TokenCache - no refresh token found in response"),null;this.logger.verbose("TokenCache - loading refresh token");const i=Yr(t,n,e.refresh_token,this.config.auth.clientId,e.foci,void 0,e.refresh_token_expires_in);return await this.storage.setRefreshTokenCredential(i,o),i}generateAuthenticationResult(e,t,n,o){var h,u,m;let i="",s=[],a=null,c;t!=null&&t.accessToken&&(i=t.accessToken.secret,s=M.fromString(t.accessToken.target).asArray(),a=Te(t.accessToken.expiresOn),c=Te(t.accessToken.extendedExpiresOn));const d=t.account;return{authority:o?o.canonicalAuthority:"",uniqueId:t.account.localAccountId,tenantId:t.account.realm,scopes:s,account:d.getAccountInfo(),idToken:((h=t.idToken)==null?void 0:h.secret)\|\|"",idTokenClaims:n\|\|{},accessToken:i,fromCache:!0,expiresOn:a,correlationId:e.correlationId\|\|"",requestId:"",extExpiresOn:c,familyId:((u=t.refreshToken)==null?void 0:u.familyId)\|\|"",tokenType:((m=t==null?void 0:t.accessToken)==null?void 0:m.tokenType)\|\|"",state:e.state\|\|"",cloudGraphHostName:d.cloudGraphHostName\|\|"",msGraphHost:d.msGraphHost\|\|"",fromNativeBroker:!1}}}/! @azure/msal-browser v4.9.0 2025-03-25 /class Od extends Hi{constructor(e){super(e),this.includeRedirectUri=!1}}/! @azure/msal-browser v4.9.0 2025-03-25 /class Pd extends nt{constructor(e,t,n,o,i,s,a,c,d,h){super(e,t,n,o,i,s,c,d,h),this.apiId=a}async acquireToken(e){if(!e.code)throw C(ss);const t=await f(this.initializeAuthorizationRequest.bind(this),l.StandardInteractionClientInitializeAuthorizationRequest,this.logger,this.performanceClient,e.correlationId)(e,T.Silent),n=this.initializeServerTelemetryManager(this.apiId);try{const o={...t,code:e.code},i=await f(this.getClientConfiguration.bind(this),l.StandardInteractionClientGetClientConfiguration,this.logger,this.performanceClient,e.correlationId)({serverTelemetryManager:n,requestAuthority:t.authority,requestAzureCloudOptions:t.azureCloudOptions,requestExtraQueryParameters:t.extraQueryParameters,account:t.account}),s=new Od(i);this.logger.verbose("Auth code client created");const a=new Ks(s,this.browserStorage,o,this.logger,this.performanceClient);return await f(a.handleCodeResponseFromServer.bind(a),l.HandleCodeResponseFromServer,this.logger,this.performanceClient,e.correlationId)({code:e.code,msgraph_host:e.msGraphHost,cloud_graph_host_name:e.cloudGraphHostName,cloud_instance_host_name:e.cloudInstanceHostName},t,!1)}catch(o){throw o instanceof R&&(o.setCorrelationId(this.correlationId),n.cacheFailedRequest(o)),o}}logout(){return Promise.reject(C(hn))}}/! @azure/msal-browser v4.9.0 2025-03-25 /function ce(r){const e=r==null?void 0:r.idTokenClaims;if(e!=null&&e.tfp\|\|e!=null&&e.acr)return"B2C";if(e!=null&&e.tid){if((e==null?void 0:e.tid)==="9188040d-6c67-4c5b-b112-36a304b66dad")return"MSA"}else return;return"AAD"}function Rt(r,e){try{Uo(r)}catch(t){throw e.end({success:!1},t),t}}class mn{constructor(e){this.operatingContext=e,this.isBrowserEnvironment=this.operatingContext.isBrowserEnvironment(),this.config=e.getConfig(),this.initialized=!1,this.logger=this.operatingContext.getLogger(),this.networkClient=this.config.system.networkClient,this.navigationClient=this.config.system.navigationClient,this.redirectResponse=new Map,this.hybridAuthCodeResponses=new Map,this.performanceClient=this.config.telemetry.client,this.browserCrypto=this.isBrowserEnvironment?new ue(this.logger,this.performanceClient):ht,this.eventHandler=new Ds(this.logger),this.browserStorage=this.isBrowserEnvironment?new Qt(this.config.auth.clientId,this.config.cache,this.browserCrypto,this.logger,this.performanceClient,this.eventHandler,Pi(this.config.auth)):Os(this.config.auth.clientId,this.logger,this.performanceClient,this.eventHandler);const t={cacheLocation:B.MemoryStorage,temporaryCacheLocation:B.MemoryStorage,storeAuthStateInCookie:!1,secureCookies:!1,cacheMigrationEnabled:!1,claimsBasedCachingEnabled:!1};this.nativeInternalStorage=new Qt(this.config.auth.clientId,t,this.browserCrypto,this.logger,this.performanceClient,this.eventHandler),this.tokenCache=new bd(this.config,this.browserStorage,this.logger,this.browserCrypto),this.activeSilentTokenRequests=new Map,this.trackPageVisibility=this.trackPageVisibility.bind(this),this.trackPageVisibilityWithMeasurement=this.trackPageVisibilityWithMeasurement.bind(this)}static async createController(e,t){const n=new mn(e);return await n.initialize(t),n}trackPageVisibility(e){e&&(this.logger.info("Perf: Visibility change detected"),this.performanceClient.incrementFields({visibilityChangeCount:1},e))}async initialize(e){if(this.logger.trace("initialize called"),this.initialized){this.logger.info("initialize has already been called, exiting early.");return}if(!this.isBrowserEnvironment){this.logger.info("in non-browser environment, exiting early."),this.initialized=!0,this.eventHandler.emitEvent(y.INITIALIZE_END);return}const t=(e==null?void 0:e.correlationId)\|\|this.getRequestCorrelationId(),n=this.config.system.allowPlatformBroker,o=this.performanceClient.startMeasurement(l.InitializeClientApplication,t);if(this.eventHandler.emitEvent(y.INITIALIZE_START),await f(this.browserStorage.initialize.bind(this.browserStorage),l.InitializeCache,this.logger,this.performanceClient,t)(t),n)try{this.nativeExtensionProvider=await he.createProvider(this.logger,this.config.system.nativeBrokerHandshakeTimeout,this.performanceClient)}catch(i){this.logger.verbose(i)}this.config.cache.claimsBasedCachingEnabled\|\|(this.logger.verbose("Claims-based caching is disabled. Clearing the previous cache with claims"),await f(this.browserStorage.clearTokensAndKeysWithClaims.bind(this.browserStorage),l.ClearTokensAndKeysWithClaims,this.logger,this.performanceClient,t)(this.performanceClient,t)),this.config.system.asyncPopups&&await this.preGeneratePkceCodes(t),this.initialized=!0,this.eventHandler.emitEvent(y.INITIALIZE_END),o.end({allowPlatformBroker:n,success:!0})}async handleRedirectPromise(e){if(this.logger.verbose("handleRedirectPromise called"),_s(this.initialized),this.isBrowserEnvironment){const t=e\|\|"";let n=this.redirectResponse.get(t);return typeof n>"u"?(n=this.handleRedirectPromiseInternal(e),this.redirectResponse.set(t,n),this.logger.verbose("handleRedirectPromise has been called for the first time, storing the promise")):this.logger.verbose("handleRedirectPromise has been called previously, returning the result from the first call"),n}return this.logger.verbose("handleRedirectPromise returns null, not browser environment"),null}async handleRedirectPromiseInternal(e){if(!this.browserStorage.isInteractionInProgress(!0))return this.logger.info("handleRedirectPromise called but there is no interaction in progress, returning null."),null;const t=this.getAllAccounts(),n=this.browserStorage.getCachedNativeRequest(),o=n&&he.isPlatformBrokerAvailable(this.config,this.logger,this.nativeExtensionProvider)&&this.nativeExtensionProvider&&!e;let i=this.performanceClient.startMeasurement(l.AcquireTokenRedirect,(n==null?void 0:n.correlationId)\|\|"");this.eventHandler.emitEvent(y.HANDLE_REDIRECT_START,T.Redirect);let s;if(o&&this.nativeExtensionProvider){this.logger.trace("handleRedirectPromise - acquiring token from native platform");const a=new Ot(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,O.handleRedirectPromise,this.performanceClient,this.nativeExtensionProvider,n.accountId,this.nativeInternalStorage,n.correlationId);s=f(a.handleRedirectPromise.bind(a),l.HandleNativeRedirectPromiseMeasurement,this.logger,this.performanceClient,i.event.correlationId)(this.performanceClient,i.event.correlationId)}else{const[a,c]=this.browserStorage.getCachedRequest(),d=a.correlationId;i.discard(),i=this.performanceClient.startMeasurement(l.AcquireTokenRedirect,d),this.logger.trace("handleRedirectPromise - acquiring token from web flow");const h=this.createRedirectClient(d);s=f(h.handleRedirectPromise.bind(h),l.HandleRedirectPromiseMeasurement,this.logger,this.performanceClient,i.event.correlationId)(e,a,c,i)}return s.then(a=>(a?(this.browserStorage.resetRequestCache(),t.length<this.getAllAccounts().length?(this.eventHandler.emitEvent(y.LOGIN_SUCCESS,T.Redirect,a),this.logger.verbose("handleRedirectResponse returned result, login success")):(this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_SUCCESS,T.Redirect,a),this.logger.verbose("handleRedirectResponse returned result, acquire token success")),i.end({success:!0,accountType:ce(a.account)})):i.event.errorCode?i.end({success:!1}):i.discard(),this.eventHandler.emitEvent(y.HANDLE_REDIRECT_END,T.Redirect),a)).catch(a=>{this.browserStorage.resetRequestCache();const c=a;throw t.length>0?this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_FAILURE,T.Redirect,null,c):this.eventHandler.emitEvent(y.LOGIN_FAILURE,T.Redirect,null,c),this.eventHandler.emitEvent(y.HANDLE_REDIRECT_END,T.Redirect),i.end({success:!1},c),a})}async acquireTokenRedirect(e){const t=this.getRequestCorrelationId(e);this.logger.verbose("acquireTokenRedirect called",t);const n=this.performanceClient.startMeasurement(l.AcquireTokenPreRedirect,t);n.add({accountType:ce(e.account),scenarioId:e.scenarioId});const o=e.onRedirectNavigate;if(o)e.onRedirectNavigate=s=>{const a=typeof o=="function"?o(s):void 0;return a!==!1?n.end({success:!0}):n.discard(),a};else{const s=this.config.auth.onRedirectNavigate;this.config.auth.onRedirectNavigate=a=>{const c=typeof s=="function"?s(a):void 0;return c!==!1?n.end({success:!0}):n.discard(),c}}const i=this.getAllAccounts().length>0;try{pr(this.initialized,this.config),this.browserStorage.setInteractionInProgress(!0),i?this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_START,T.Redirect,e):this.eventHandler.emitEvent(y.LOGIN_START,T.Redirect,e);let s;return this.nativeExtensionProvider&&this.canUsePlatformBroker(e)?s=new Ot(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,O.acquireTokenRedirect,this.performanceClient,this.nativeExtensionProvider,this.getNativeAccountId(e),this.nativeInternalStorage,t).acquireTokenRedirect(e,n).catch(c=>{if(c instanceof de&&qe(c))return this.nativeExtensionProvider=void 0,this.createRedirectClient(t).acquireToken(e);if(c instanceof ne)return this.logger.verbose("acquireTokenRedirect - Resolving interaction required error thrown by native broker by falling back to web flow"),this.createRedirectClient(t).acquireToken(e);throw c}):s=this.createRedirectClient(t).acquireToken(e),await s}catch(s){throw this.browserStorage.resetRequestCache(),n.end({success:!1},s),i?this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_FAILURE,T.Redirect,null,s):this.eventHandler.emitEvent(y.LOGIN_FAILURE,T.Redirect,null,s),s}}acquireTokenPopup(e){const t=this.getRequestCorrelationId(e),n=this.performanceClient.startMeasurement(l.AcquireTokenPopup,t);n.add({scenarioId:e.scenarioId,accountType:ce(e.account)});try{this.logger.verbose("acquireTokenPopup called",t),Rt(this.initialized,n),this.browserStorage.setInteractionInProgress(!0)}catch(a){return Promise.reject(a)}const o=this.getAllAccounts();o.length>0?this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_START,T.Popup,e):this.eventHandler.emitEvent(y.LOGIN_START,T.Popup,e);let i;const s=this.getPreGeneratedPkceCodes(t);return this.canUsePlatformBroker(e)?i=this.acquireTokenNative({...e,correlationId:t},O.acquireTokenPopup).then(a=>(n.end({success:!0,isNativeBroker:!0,accountType:ce(a.account)}),a)).catch(a=>{if(a instanceof de&&qe(a))return this.nativeExtensionProvider=void 0,this.createPopupClient(t).acquireToken(e,s);if(a instanceof ne)return this.logger.verbose("acquireTokenPopup - Resolving interaction required error thrown by native broker by falling back to web flow"),this.createPopupClient(t).acquireToken(e,s);throw a}):i=this.createPopupClient(t).acquireToken(e,s),i.then(a=>(o.length<this.getAllAccounts().length?this.eventHandler.emitEvent(y.LOGIN_SUCCESS,T.Popup,a):this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_SUCCESS,T.Popup,a),n.end({success:!0,accessTokenSize:a.accessToken.length,idTokenSize:a.idToken.length,accountType:ce(a.account)}),a)).catch(a=>(o.length>0?this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_FAILURE,T.Popup,null,a):this.eventHandler.emitEvent(y.LOGIN_FAILURE,T.Popup,null,a),n.end({success:!1},a),Promise.reject(a))).finally(async()=>{this.browserStorage.setInteractionInProgress(!1),this.config.system.asyncPopups&&await this.preGeneratePkceCodes(t)})}trackPageVisibilityWithMeasurement(){const e=this.ssoSilentMeasurement\|\|this.acquireTokenByCodeAsyncMeasurement;e&&(this.logger.info("Perf: Visibility change detected in ",e.event.name),e.increment({visibilityChangeCount:1}))}async ssoSilent(e){var i,s;const t=this.getRequestCorrelationId(e),n={...e,prompt:e.prompt,correlationId:t};this.ssoSilentMeasurement=this.performanceClient.startMeasurement(l.SsoSilent,t),(i=this.ssoSilentMeasurement)==null\|\|i.add({scenarioId:e.scenarioId,accountType:ce(e.account)}),Rt(this.initialized,this.ssoSilentMeasurement),(s=this.ssoSilentMeasurement)==null\|\|s.increment({visibilityChangeCount:0}),document.addEventListener("visibilitychange",this.trackPageVisibilityWithMeasurement),this.logger.verbose("ssoSilent called",t),this.eventHandler.emitEvent(y.SSO_SILENT_START,T.Silent,n);let o;return this.canUsePlatformBroker(n)?o=this.acquireTokenNative(n,O.ssoSilent).catch(a=>{if(a instanceof de&&qe(a))return this.nativeExtensionProvider=void 0,this.createSilentIframeClient(n.correlationId).acquireToken(n);throw a}):o=this.createSilentIframeClient(n.correlationId).acquireToken(n),o.then(a=>{var c;return this.eventHandler.emitEvent(y.SSO_SILENT_SUCCESS,T.Silent,a),(c=this.ssoSilentMeasurement)==null\|\|c.end({success:!0,isNativeBroker:a.fromNativeBroker,accessTokenSize:a.accessToken.length,idTokenSize:a.idToken.length,accountType:ce(a.account)}),a}).catch(a=>{var c;throw this.eventHandler.emitEvent(y.SSO_SILENT_FAILURE,T.Silent,null,a),(c=this.ssoSilentMeasurement)==null\|\|c.end({success:!1},a),a}).finally(()=>{document.removeEventListener("visibilitychange",this.trackPageVisibilityWithMeasurement)})}async acquireTokenByCode(e){const t=this.getRequestCorrelationId(e);this.logger.trace("acquireTokenByCode called",t);const n=this.performanceClient.startMeasurement(l.AcquireTokenByCode,t);Rt(this.initialized,n),this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_BY_CODE_START,T.Silent,e),n.add({scenarioId:e.scenarioId});try{if(e.code&&e.nativeAccountId)throw C(cs);if(e.code){const o=e.code;let i=this.hybridAuthCodeResponses.get(o);return i?(this.logger.verbose("Existing acquireTokenByCode request found",t),n.discard()):(this.logger.verbose("Initiating new acquireTokenByCode request",t),i=this.acquireTokenByCodeAsync({...e,correlationId:t}).then(s=>(this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_BY_CODE_SUCCESS,T.Silent,s),this.hybridAuthCodeResponses.delete(o),n.end({success:!0,isNativeBroker:s.fromNativeBroker,accessTokenSize:s.accessToken.length,idTokenSize:s.idToken.length,accountType:ce(s.account)}),s)).catch(s=>{throw this.hybridAuthCodeResponses.delete(o),this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_BY_CODE_FAILURE,T.Silent,null,s),n.end({success:!1},s),s}),this.hybridAuthCodeResponses.set(o,i)),await i}else if(e.nativeAccountId)if(this.canUsePlatformBroker(e,e.nativeAccountId)){const o=await this.acquireTokenNative({...e,correlationId:t},O.acquireTokenByCode,e.nativeAccountId).catch(i=>{throw i instanceof de&&qe(i)&&(this.nativeExtensionProvider=void 0),i});return n.end({accountType:ce(o.account),success:!0}),o}else throw C(ls);else throw C(as)}catch(o){throw this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_BY_CODE_FAILURE,T.Silent,null,o),n.end({success:!1},o),o}}async acquireTokenByCodeAsync(e){var o;return this.logger.trace("acquireTokenByCodeAsync called",e.correlationId),this.acquireTokenByCodeAsyncMeasurement=this.performanceClient.startMeasurement(l.AcquireTokenByCodeAsync,e.correlationId),(o=this.acquireTokenByCodeAsyncMeasurement)==null\|\|o.increment({visibilityChangeCount:0}),document.addEventListener("visibilitychange",this.trackPageVisibilityWithMeasurement),await this.createSilentAuthCodeClient(e.correlationId).acquireToken(e).then(i=>{var s;return(s=this.acquireTokenByCodeAsyncMeasurement)==null\|\|s.end({success:!0,fromCache:i.fromCache,isNativeBroker:i.fromNativeBroker}),i}).catch(i=>{var s;throw(s=this.acquireTokenByCodeAsyncMeasurement)==null\|\|s.end({success:!1},i),i}).finally(()=>{document.removeEventListener("visibilitychange",this.trackPageVisibilityWithMeasurement)})}async acquireTokenFromCache(e,t){switch(this.performanceClient.addQueueMeasurement(l.AcquireTokenFromCache,e.correlationId),t){case H.Default:case H.AccessToken:case H.AccessTokenAndRefreshToken:const n=this.createSilentCacheClient(e.correlationId);return f(n.acquireToken.bind(n),l.SilentCacheClientAcquireToken,this.logger,this.performanceClient,e.correlationId)(e);default:throw p(_e)}}async acquireTokenByRefreshToken(e,t){switch(this.performanceClient.addQueueMeasurement(l.AcquireTokenByRefreshToken,e.correlationId),t){case H.Default:case H.AccessTokenAndRefreshToken:case H.RefreshToken:case H.RefreshTokenAndNetwork:const n=this.createSilentRefreshClient(e.correlationId);return f(n.acquireToken.bind(n),l.SilentRefreshClientAcquireToken,this.logger,this.performanceClient,e.correlationId)(e);default:throw p(_e)}}async acquireTokenBySilentIframe(e){this.performanceClient.addQueueMeasurement(l.AcquireTokenBySilentIframe,e.correlationId);const t=this.createSilentIframeClient(e.correlationId);return f(t.acquireToken.bind(t),l.SilentIframeClientAcquireToken,this.logger,this.performanceClient,e.correlationId)(e)}async logout(e){const t=this.getRequestCorrelationId(e);return this.logger.warning("logout API is deprecated and will be removed in msal-browser v3.0.0. Use logoutRedirect instead.",t),this.logoutRedirect({correlationId:t,...e})}async logoutRedirect(e){const t=this.getRequestCorrelationId(e);return pr(this.initialized,this.config),this.browserStorage.setInteractionInProgress(!0),this.createRedirectClient(t).logout(e)}logoutPopup(e){try{const t=this.getRequestCorrelationId(e);return Uo(this.initialized),this.browserStorage.setInteractionInProgress(!0),this.createPopupClient(t).logout(e).finally(()=>{this.browserStorage.setInteractionInProgress(!1)})}catch(t){return Promise.reject(t)}}async clearCache(e){if(!this.isBrowserEnvironment){this.logger.info("in non-browser environment, returning early.");return}const t=this.getRequestCorrelationId(e);return this.createSilentCacheClient(t).logout(e)}getAllAccounts(e){return Ps(this.logger,this.browserStorage,this.isBrowserEnvironment,e)}getAccount(e){return Kn(e,this.logger,this.browserStorage)}getAccountByUsername(e){return Ns(e,this.logger,this.browserStorage)}getAccountByHomeId(e){return Ms(e,this.logger,this.browserStorage)}getAccountByLocalId(e){return Us(e,this.logger,this.browserStorage)}setActiveAccount(e){Ls(e,this.browserStorage)}getActiveAccount(){return Hs(this.browserStorage)}async hydrateCache(e,t){this.logger.verbose("hydrateCache called");const n=q.createFromAccountInfo(e.account,e.cloudGraphHostName,e.msGraphHost);return await this.browserStorage.setAccount(n,e.correlationId),e.fromNativeBroker?(this.logger.verbose("Response was from native broker, storing in-memory"),this.nativeInternalStorage.hydrateCache(e,t)):this.browserStorage.hydrateCache(e,t)}async acquireTokenNative(e,t,n,o){if(this.logger.trace("acquireTokenNative called"),!this.nativeExtensionProvider)throw C(vo);return new Ot(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,t,this.performanceClient,this.nativeExtensionProvider,n\|\|this.getNativeAccountId(e),this.nativeInternalStorage,e.correlationId).acquireToken(e,o)}canUsePlatformBroker(e,t){if(this.logger.trace("canUsePlatformBroker called"),!he.isPlatformBrokerAvailable(this.config,this.logger,this.nativeExtensionProvider,e.authenticationScheme))return this.logger.trace("canUsePlatformBroker: isPlatformBrokerAvailable returned false, returning false"),!1;if(e.prompt)switch(e.prompt){case K.NONE:case K.CONSENT:case K.LOGIN:this.logger.trace("canUsePlatformBroker: prompt is compatible with platform broker flow");break;default:return this.logger.trace(`canUsePlatformBroker: prompt = ${e.prompt} is not compatible with platform broker flow, returning false`),!1}return!t&&!this.getNativeAccountId(e)?(this.logger.trace("canUsePlatformBroker: nativeAccountId is not available, returning false"),!1):!0}getNativeAccountId(e){const t=e.account\|\|this.getAccount({loginHint:e.loginHint,sid:e.sid})\|\|this.getActiveAccount();return t&&t.nativeAccountId\|\|""}createPopupClient(e){return new Td(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeInternalStorage,this.nativeExtensionProvider,e)}createRedirectClient(e){return new Id(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeInternalStorage,this.nativeExtensionProvider,e)}createSilentIframeClient(e){return new _d(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,O.ssoSilent,this.performanceClient,this.nativeInternalStorage,this.nativeExtensionProvider,e)}createSilentCacheClient(e){return new Bs(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeExtensionProvider,e)}createSilentRefreshClient(e){return new Rd(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeExtensionProvider,e)}createSilentAuthCodeClient(e){return new Pd(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,O.acquireTokenByCode,this.performanceClient,this.nativeExtensionProvider,e)}addEventCallback(e,t){return this.eventHandler.addEventCallback(e,t)}removeEventCallback(e){this.eventHandler.removeEventCallback(e)}addPerformanceCallback(e){return ks(),this.performanceClient.addPerformanceCallback(e)}removePerformanceCallback(e){return this.performanceClient.removePerformanceCallback(e)}enableAccountStorageEvents(){if(this.config.cache.cacheLocation!==B.LocalStorage){this.logger.info("Account storage events are only available when cacheLocation is set to localStorage");return}this.eventHandler.subscribeCrossTab()}disableAccountStorageEvents(){if(this.config.cache.cacheLocation!==B.LocalStorage){this.logger.info("Account storage events are only available when cacheLocation is set to localStorage");return}this.eventHandler.unsubscribeCrossTab()}getTokenCache(){return this.tokenCache}getLogger(){return this.logger}setLogger(e){this.logger=e}initializeWrapperLibrary(e,t){this.browserStorage.setWrapperMetadata(e,t)}setNavigationClient(e){this.navigationClient=e}getConfiguration(){return this.config}getPerformanceClient(){return this.performanceClient}isBrowserEnv(){return this.isBrowserEnvironment}getRequestCorrelationId(e){return e!=null&&e.correlationId?e.correlationId:this.isBrowserEnvironment?Z():g.EMPTY_STRING}async loginRedirect(e){const t=this.getRequestCorrelationId(e);return this.logger.verbose("loginRedirect called",t),this.acquireTokenRedirect({correlationId:t,...e\|\|Un})}loginPopup(e){const t=this.getRequestCorrelationId(e);return this.logger.verbose("loginPopup called",t),this.acquireTokenPopup({correlationId:t,...e\|\|Un})}async acquireTokenSilent(e){const t=this.getRequestCorrelationId(e),n=this.performanceClient.startMeasurement(l.AcquireTokenSilent,t);n.add({cacheLookupPolicy:e.cacheLookupPolicy,scenarioId:e.scenarioId}),Rt(this.initialized,n),this.logger.verbose("acquireTokenSilent called",t);const o=e.account\|\|this.getActiveAccount();if(!o)throw C(es);return n.add({accountType:ce(o)}),this.acquireTokenSilentDeduped(e,o,t).then(i=>(n.end({success:!0,fromCache:i.fromCache,isNativeBroker:i.fromNativeBroker,accessTokenSize:i.accessToken.length,idTokenSize:i.idToken.length}),{...i,state:e.state,correlationId:t})).catch(i=>{throw i instanceof R&&i.setCorrelationId(t),n.end({success:!1},i),i})}async acquireTokenSilentDeduped(e,t,n){const o=an(this.config.auth.clientId,{...e,authority:e.authority\|\|this.config.auth.authority},t.homeAccountId),i=JSON.stringify(o),s=this.activeSilentTokenRequests.get(i);if(typeof s>"u"){this.logger.verbose("acquireTokenSilent called for the first time, storing active request",n),this.performanceClient.addFields({deduped:!1},n);const a=f(this.acquireTokenSilentAsync.bind(this),l.AcquireTokenSilentAsync,this.logger,this.performanceClient,n)({...e,correlationId:n},t);return this.activeSilentTokenRequests.set(i,a),a.finally(()=>{this.activeSilentTokenRequests.delete(i)})}else return this.logger.verbose("acquireTokenSilent has been called previously, returning the result from the first call",n),this.performanceClient.addFields({deduped:!0},n),s}async acquireTokenSilentAsync(e,t){const n=()=>this.trackPageVisibility(e.correlationId);this.performanceClient.addQueueMeasurement(l.AcquireTokenSilentAsync,e.correlationId),this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_START,T.Silent,e),e.correlationId&&this.performanceClient.incrementFields({visibilityChangeCount:0},e.correlationId),document.addEventListener("visibilitychange",n);const o=await f(od,l.InitializeSilentRequest,this.logger,this.performanceClient,e.correlationId)(e,t,this.config,this.performanceClient,this.logger),i=e.cacheLookupPolicy\|\|H.Default;return this.acquireTokenSilentNoIframe(o,i).catch(async a=>{if(Nd(a,i))if(this.activeIframeRequest)if(i!==H.Skip){const[d,h]=this.activeIframeRequest;this.logger.verbose(`Iframe request is already in progress, awaiting resolution for request with correlationId: ${h}`,o.correlationId);const u=this.performanceClient.startMeasurement(l.AwaitConcurrentIframe,o.correlationId);u.add({awaitIframeCorrelationId:h});const m=await d;if(u.end({success:m}),m)return this.logger.verbose(`Parallel iframe request with correlationId: ${h} succeeded. Retrying cache and/or RT redemption`,o.correlationId),this.acquireTokenSilentNoIframe(o,i);throw this.logger.info(`Iframe request with correlationId: ${h} failed. Interaction is required.`),a}else return this.logger.warning("Another iframe request is currently in progress and CacheLookupPolicy is set to Skip. This may result in degraded performance and/or reliability for both calls. Please consider changing the CacheLookupPolicy to take advantage of request queuing and token cache.",o.correlationId),f(this.acquireTokenBySilentIframe.bind(this),l.AcquireTokenBySilentIframe,this.logger,this.performanceClient,o.correlationId)(o);else{let d;return this.activeIframeRequest=[new Promise(h=>{d=h}),o.correlationId],this.logger.verbose("Refresh token expired/invalid or CacheLookupPolicy is set to Skip, attempting acquire token by iframe.",o.correlationId),f(this.acquireTokenBySilentIframe.bind(this),l.AcquireTokenBySilentIframe,this.logger,this.performanceClient,o.correlationId)(o).then(h=>(d(!0),h)).catch(h=>{throw d(!1),h}).finally(()=>{this.activeIframeRequest=void 0})}else throw a}).then(a=>(this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_SUCCESS,T.Silent,a),e.correlationId&&this.performanceClient.addFields({fromCache:a.fromCache,isNativeBroker:a.fromNativeBroker},e.correlationId),a)).catch(a=>{throw this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_FAILURE,T.Silent,null,a),a}).finally(()=>{document.removeEventListener("visibilitychange",n)})}async acquireTokenSilentNoIframe(e,t){return he.isPlatformBrokerAvailable(this.config,this.logger,this.nativeExtensionProvider,e.authenticationScheme)&&e.account.nativeAccountId?(this.logger.verbose("acquireTokenSilent - attempting to acquire token from native platform"),this.acquireTokenNative(e,O.acquireTokenSilent_silentFlow,e.account.nativeAccountId,t).catch(async n=>{throw n instanceof de&&qe(n)?(this.logger.verbose("acquireTokenSilent - native platform unavailable, falling back to web flow"),this.nativeExtensionProvider=void 0,p(_e)):n})):(this.logger.verbose("acquireTokenSilent - attempting to acquire token from web flow"),t===H.AccessToken&&this.logger.verbose("acquireTokenSilent - cache lookup policy set to AccessToken, attempting to acquire token from local cache"),f(this.acquireTokenFromCache.bind(this),l.AcquireTokenFromCache,this.logger,this.performanceClient,e.correlationId)(e,t).catch(n=>{if(t===H.AccessToken)throw n;return this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_NETWORK_START,T.Silent,e),f(this.acquireTokenByRefreshToken.bind(this),l.AcquireTokenByRefreshToken,this.logger,this.performanceClient,e.correlationId)(e,t)}))}async preGeneratePkceCodes(e){return this.logger.verbose("Generating new PKCE codes"),this.pkceCode=await f(pn,l.GeneratePkceCodes,this.logger,this.performanceClient,e)(this.performanceClient,this.logger,e),Promise.resolve()}getPreGeneratedPkceCodes(e){this.logger.verbose("Attempting to pick up pre-generated PKCE codes");const t=this.pkceCode?{...this.pkceCode}:void 0;return this.pkceCode=void 0,this.logger.verbose(`${t?"Found":"Did not find"} pre-generated PKCE codes`),this.performanceClient.addFields({usePreGeneratedPkce:!!t},e),t}}function Nd(r,e){const t=!(r instanceof ne&&r.subError!==ln),n=r.errorCode===Q.INVALID_GRANT_ERROR\|\|r.errorCode===_e,o=t&&n\|\|r.errorCode===zt\|\|r.errorCode===po,i=ml.includes(e);return o&&i}/! @azure/msal-browser v4.9.0 2025-03-25 /function Md(r){return r.status!==void 0}/! @azure/msal-browser v4.9.0 2025-03-25 /class Ud{constructor(e,t,n,o){this.clientId=e,this.clientCapabilities=t,this.crypto=n,this.logger=o}toNaaTokenRequest(e){var a;let t;e.extraQueryParameters===void 0?t=new Map:t=new Map(Object.entries(e.extraQueryParameters));const n=e.correlationId\|\|this.crypto.createNewGuid(),o=ki(e.claims,this.clientCapabilities),i=e.scopes\|\|Be;return{platformBrokerId:(a=e.account)==null?void 0:a.homeAccountId,clientId:this.clientId,authority:e.authority,scope:i.join(" "),correlationId:n,claims:ie.isEmptyObj(o)?void 0:o,state:e.state,authenticationScheme:e.authenticationScheme\|\|_.BEARER,extraParameters:t}}fromNaaTokenResponse(e,t,n){if(!t.token.id_token\|\|!t.token.access_token)throw p(Ut);const o=Te(n+(t.token.expires_in\|\|0)),i=be(t.token.id_token,this.crypto.base64Decode),s=this.fromNaaAccountInfo(t.account,t.token.id_token,i),a=t.token.scope\|\|e.scope;return{authority:t.token.authority\|\|s.environment,uniqueId:s.localAccountId,tenantId:s.tenantId,scopes:a.split(" "),account:s,idToken:t.token.id_token,idTokenClaims:i,accessToken:t.token.access_token,fromCache:!1,expiresOn:o,tokenType:e.authenticationScheme\|\|_.BEARER,correlationId:e.correlationId,extExpiresOn:o,state:e.state}}fromNaaAccountInfo(e,t,n){const o=n\|\|e.idTokenClaims,i=e.localAccountId\|\|(o==null?void 0:o.oid)\|\|(o==null?void 0:o.sub)\|\|"",s=e.tenantId\|\|(o==null?void 0:o.tid)\|\|"",a=e.homeAccountId\|\|`${i}.${s}`,c=e.username\|\|(o==null?void 0:o.preferred_username)\|\|"",d=e.name\|\|(o==null?void 0:o.name),h=new Map,u=nn(a,i,s,o);return h.set(s,u),{homeAccountId:a,environment:e.environment,tenantId:s,username:c,localAccountId:i,name:d,idToken:t,idTokenClaims:o,tenantProfiles:h}}fromBridgeError(e){if(Md(e))switch(e.status){case fe.UserCancel:return new ve(qr);case fe.NoNetwork:return new ve(zr);case fe.AccountUnavailable:return new ve(Lt);case fe.Disabled:return new ve(Rn);case fe.NestedAppAuthUnavailable:return new ve(e.code\|\|Rn,e.description);case fe.TransientError:case fe.PersistentError:return new Ne(e.code,e.description);case fe.UserInteractionRequired:return new ne(e.code,e.description);default:return new R(e.code,e.description)}else return new R("unknown_error","An unknown error occurred")}toAuthenticationResultFromCache(e,t,n,o,i){if(!t\|\|!n)throw p(Ut);const s=be(t.secret,this.crypto.base64Decode),a=n.target\|\|o.scopes.join(" ");return{authority:n.environment\|\|e.environment,uniqueId:e.localAccountId,tenantId:e.tenantId,scopes:a.split(" "),account:e,idToken:t.secret,idTokenClaims:s\|\|{},accessToken:n.secret,fromCache:!0,expiresOn:Te(n.expiresOn),extExpiresOn:Te(n.extendedExpiresOn),tokenType:o.authenticationScheme\|\|_.BEARER,correlationId:i,state:o.state}}}/! @azure/msal-browser v4.9.0 2025-03-25 /const Er={unsupportedMethod:{code:"unsupported_method",desc:"This method is not supported in nested app environment."}};class L extends R{constructor(e,t){super(e,t),Object.setPrototypeOf(this,L.prototype),this.name="NestedAppAuthError"}static createUnsupportedError(){return new L(Er.unsupportedMethod.code,Er.unsupportedMethod.desc)}}/! @azure/msal-browser v4.9.0 2025-03-25 /class Bo{constructor(e){this.operatingContext=e;const t=this.operatingContext.getBridgeProxy();if(t!==void 0)this.bridgeProxy=t;else throw new Error("unexpected: bridgeProxy is undefined");this.config=e.getConfig(),this.logger=this.operatingContext.getLogger(),this.performanceClient=this.config.telemetry.client,this.browserCrypto=e.isBrowserEnvironment()?new ue(this.logger,this.performanceClient,!0):ht,this.eventHandler=new Ds(this.logger),this.browserStorage=this.operatingContext.isBrowserEnvironment()?new Qt(this.config.auth.clientId,this.config.cache,this.browserCrypto,this.logger,this.performanceClient,this.eventHandler,Pi(this.config.auth)):Os(this.config.auth.clientId,this.logger,this.performanceClient,this.eventHandler),this.nestedAppAuthAdapter=new Ud(this.config.auth.clientId,this.config.auth.clientCapabilities,this.browserCrypto,this.logger);const n=this.bridgeProxy.getAccountContext();this.currentAccountContext=n\|\|null}static async createController(e){const t=new Bo(e);return Promise.resolve(t)}async initialize(e){const t=(e==null?void 0:e.correlationId)\|\|Z();return await this.browserStorage.initialize(t),Promise.resolve()}ensureValidRequest(e){return e!=null&&e.correlationId?e:{...e,correlationId:this.browserCrypto.createNewGuid()}}async acquireTokenInteractive(e){const t=this.ensureValidRequest(e);this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_START,T.Popup,t);const n=this.performanceClient.startMeasurement(l.AcquireTokenPopup,t.correlationId);n==null\|\|n.add({nestedAppAuthRequest:!0});try{const o=this.nestedAppAuthAdapter.toNaaTokenRequest(t),i=j(),s=await this.bridgeProxy.getTokenInteractive(o),a={...this.nestedAppAuthAdapter.fromNaaTokenResponse(o,s,i)};return await this.hydrateCache(a,e),this.currentAccountContext={homeAccountId:a.account.homeAccountId,environment:a.account.environment,tenantId:a.account.tenantId},this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_SUCCESS,T.Popup,a),n.add({accessTokenSize:a.accessToken.length,idTokenSize:a.idToken.length}),n.end({success:!0,requestId:a.requestId}),a}catch(o){const i=o instanceof R?o:this.nestedAppAuthAdapter.fromBridgeError(o);throw this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_FAILURE,T.Popup,null,o),n.end({success:!1},o),i}}async acquireTokenSilentInternal(e){const t=this.ensureValidRequest(e);this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_START,T.Silent,t);const n=await this.acquireTokenFromCache(t);if(n)return this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_SUCCESS,T.Silent,n),n;const o=this.performanceClient.startMeasurement(l.SsoSilent,t.correlationId);o==null\|\|o.increment({visibilityChangeCount:0}),o==null\|\|o.add({nestedAppAuthRequest:!0});try{const i=this.nestedAppAuthAdapter.toNaaTokenRequest(t),s=j(),a=await this.bridgeProxy.getTokenSilent(i),c=this.nestedAppAuthAdapter.fromNaaTokenResponse(i,a,s);return await this.hydrateCache(c,e),this.currentAccountContext={homeAccountId:c.account.homeAccountId,environment:c.account.environment,tenantId:c.account.tenantId},this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_SUCCESS,T.Silent,c),o==null\|\|o.add({accessTokenSize:c.accessToken.length,idTokenSize:c.idToken.length}),o==null\|\|o.end({success:!0,requestId:c.requestId}),c}catch(i){const s=i instanceof R?i:this.nestedAppAuthAdapter.fromBridgeError(i);throw this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_FAILURE,T.Silent,null,i),o==null\|\|o.end({success:!1},i),s}}async acquireTokenFromCache(e){const t=this.performanceClient.startMeasurement(l.AcquireTokenSilent,e.correlationId);if(t==null\|\|t.add({nestedAppAuthRequest:!0}),e.claims)return this.logger.verbose("Claims are present in the request, skipping cache lookup"),null;if(e.forceRefresh)return this.logger.verbose("forceRefresh is set to true, skipping cache lookup"),null;let n=null;switch(e.cacheLookupPolicy\|\|(e.cacheLookupPolicy=H.Default),e.cacheLookupPolicy){case H.Default:case H.AccessToken:case H.AccessTokenAndRefreshToken:n=await this.acquireTokenFromCacheInternal(e);break;default:return null}return n?(this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_SUCCESS,T.Silent,n),t==null\|\|t.add({accessTokenSize:n==null?void 0:n.accessToken.length,idTokenSize:n==null?void 0:n.idToken.length}),t==null\|\|t.end({success:!0}),n):(this.logger.error("Cached tokens are not found for the account, proceeding with silent token request."),this.eventHandler.emitEvent(y.ACQUIRE_TOKEN_FAILURE,T.Silent,null),t==null\|\|t.end({success:!1}),null)}async acquireTokenFromCacheInternal(e){var c;const t=this.bridgeProxy.getAccountContext()\|\|this.currentAccountContext;let n=null;if(t&&(n=Kn(t,this.logger,this.browserStorage)),!n)return this.logger.verbose("No active account found, falling back to the host"),Promise.resolve(null);this.logger.verbose("active account found, attempting to acquire token silently");const o={...e,correlationId:e.correlationId\|\|this.browserCrypto.createNewGuid(),authority:e.authority\|\|n.environment,scopes:(c=e.scopes)!=null&&c.length?e.scopes:[...Be]},i=this.browserStorage.getTokenKeys(),s=this.browserStorage.getAccessToken(n,o,i,n.tenantId,this.performanceClient,o.correlationId);if(s){if(Qr(s.cachedAt)\|\|Ht(s.expiresOn,this.config.system.tokenRenewalOffsetSeconds))return this.logger.verbose("Cached access token has expired"),Promise.resolve(null)}else return this.logger.verbose("No cached access token found"),Promise.resolve(null);const a=this.browserStorage.getIdToken(n,i,n.tenantId,this.performanceClient,o.correlationId);return a?this.nestedAppAuthAdapter.toAuthenticationResultFromCache(n,a,s,o,o.correlationId):(this.logger.verbose("No cached id token found"),Promise.resolve(null))}async acquireTokenPopup(e){return this.acquireTokenInteractive(e)}acquireTokenRedirect(e){throw L.createUnsupportedError()}async acquireTokenSilent(e){return this.acquireTokenSilentInternal(e)}acquireTokenByCode(e){throw L.createUnsupportedError()}acquireTokenNative(e,t,n){throw L.createUnsupportedError()}acquireTokenByRefreshToken(e,t){throw L.createUnsupportedError()}addEventCallback(e,t){return this.eventHandler.addEventCallback(e,t)}removeEventCallback(e){this.eventHandler.removeEventCallback(e)}addPerformanceCallback(e){throw L.createUnsupportedError()}removePerformanceCallback(e){throw L.createUnsupportedError()}enableAccountStorageEvents(){throw L.createUnsupportedError()}disableAccountStorageEvents(){throw L.createUnsupportedError()}getAllAccounts(e){return Ps(this.logger,this.browserStorage,this.isBrowserEnv(),e)}getAccount(e){return Kn(e,this.logger,this.browserStorage)}getAccountByUsername(e){return Ns(e,this.logger,this.browserStorage)}getAccountByHomeId(e){return Ms(e,this.logger,this.browserStorage)}getAccountByLocalId(e){return Us(e,this.logger,this.browserStorage)}setActiveAccount(e){return Ls(e,this.browserStorage)}getActiveAccount(){return Hs(this.browserStorage)}handleRedirectPromise(e){return Promise.resolve(null)}loginPopup(e){return this.acquireTokenInteractive(e\|\|Un)}loginRedirect(e){throw L.createUnsupportedError()}logout(e){throw L.createUnsupportedError()}logoutRedirect(e){throw L.createUnsupportedError()}logoutPopup(e){throw L.createUnsupportedError()}ssoSilent(e){return this.acquireTokenSilentInternal(e)}getTokenCache(){throw L.createUnsupportedError()}getLogger(){return this.logger}setLogger(e){this.logger=e}initializeWrapperLibrary(e,t){}setNavigationClient(e){this.logger.warning("setNavigationClient is not supported in nested app auth")}getConfiguration(){return this.config}isBrowserEnv(){return this.operatingContext.isBrowserEnvironment()}getBrowserCrypto(){return this.browserCrypto}getPerformanceClient(){throw L.createUnsupportedError()}getRedirectResponse(){throw L.createUnsupportedError()}async clearCache(e){throw L.createUnsupportedError()}async hydrateCache(e,t){this.logger.verbose("hydrateCache called");const n=q.createFromAccountInfo(e.account,e.cloudGraphHostName,e.msGraphHost);return await this.browserStorage.setAccount(n,e.correlationId),this.browserStorage.hydrateCache(e,t)}}/! @azure/msal-browser v4.9.0 2025-03-25 /async function Ld(r,e){const t=new Ke(r);return await t.initialize(),mn.createController(t,e)}/! @azure/msal-browser v4.9.0 2025-03-25 /class Cn{static async createPublicClientApplication(e){const t=await Ld(e);return new Cn(e,t)}constructor(e,t){this.controller=t\|\|new mn(new Ke(e))}async initialize(e){return this.controller.initialize(e)}async acquireTokenPopup(e){return this.controller.acquireTokenPopup(e)}acquireTokenRedirect(e){return this.controller.acquireTokenRedirect(e)}acquireTokenSilent(e){return this.controller.acquireTokenSilent(e)}acquireTokenByCode(e){return this.controller.acquireTokenByCode(e)}addEventCallback(e,t){return this.controller.addEventCallback(e,t)}removeEventCallback(e){return this.controller.removeEventCallback(e)}addPerformanceCallback(e){return this.controller.addPerformanceCallback(e)}removePerformanceCallback(e){return this.controller.removePerformanceCallback(e)}enableAccountStorageEvents(){this.controller.enableAccountStorageEvents()}disableAccountStorageEvents(){this.controller.disableAccountStorageEvents()}getAccount(e){return this.controller.getAccount(e)}getAccountByHomeId(e){return this.controller.getAccountByHomeId(e)}getAccountByLocalId(e){return this.controller.getAccountByLocalId(e)}getAccountByUsername(e){return this.controller.getAccountByUsername(e)}getAllAccounts(e){return this.controller.getAllAccounts(e)}handleRedirectPromise(e){return this.controller.handleRedirectPromise(e)}loginPopup(e){return this.controller.loginPopup(e)}loginRedirect(e){return this.controller.loginRedirect(e)}logout(e){return this.controller.logout(e)}logoutRedirect(e){return this.controller.logoutRedirect(e)}logoutPopup(e){return this.controller.logoutPopup(e)}ssoSilent(e){return this.controller.ssoSilent(e)}getTokenCache(){return this.controller.getTokenCache()}getLogger(){return this.controller.getLogger()}setLogger(e){this.controller.setLogger(e)}setActiveAccount(e){this.controller.setActiveAccount(e)}getActiveAccount(){return this.controller.getActiveAccount()}initializeWrapperLibrary(e,t){return this.controller.initializeWrapperLibrary(e,t)}setNavigationClient(e){this.controller.setNavigationClient(e)}getConfiguration(){return this.controller.getConfiguration()}async hydrateCache(e,t){return this.controller.hydrateCache(e,t)}clearCache(e){return this.controller.clearCache(e)}}async function Hd(r){const e=new Je(r);if(await e.initialize(),e.isAvailable()){const t=new Bo(e),n=new Cn(r,t);return await n.initialize(),n}return Dd(r)}async function Dd(r){const e=new Cn(r);return await e.initialize(),e}const qs=(0,eval)("this"),k=qs.Office;qs.messages;let Ue=[],Pe=[],Ie=[],P={encrypted:!1,signed:!1,drafts:[],fetched:!1,fetching:!1,folderId:"",features:[],viewerOpen:!1},x=null,wn,ye=null;k.onReady(async()=>{var r;Ie=((r=localStorage.getItem("verifiedNativeClients"))==null?void 0:r.split(";"))??[],k.context.requirements.isSetSupported("NestedAppAuth","1.1")&&await Wd(),Vs(),k.context.mailbox.addHandlerAsync(k.EventType.ItemChanged,e=>{P.fetching=!1,P.fetched=!1,k.context.mailbox.item?(console.log(k.context.mailbox.convertToEwsId(k.context.mailbox.item.itemId,k.MailboxEnums.RestVersion.v2_0),k.context.mailbox.item.itemId),lt()):we(J("No item selected")),Xe()}),xd()});function xd(){let r=document.createElement("h2");r.classList.add("mb-0"),r.appendChild(document.createTextNode(J("Drafts"))),rt("draftscaption",r),Ue={decrypt:me("view","",function(){$s()}),newemail:me("new",te("@action:button","New secure email"),function(){zd()}),reply:me("reply",te("@action:button","Reply securely"),function(){Bd()}),forward:me("forward",te("@action:button","Forward securely"),function(){Gd()}),reencrypt:me("reencrypt",te("@action:button","Reencrypt folder"),function(){Kd()})};for(let[t,n]of Object.entries(Ue))rt(t,n);let e=js("<small>"+te("@info","Viewer already open.")+"</small>");rt("vieweropenbox",e),Xe()}function Go(){let r=[];for(dev of Pe){let t=dt(J("Unknown device: %1. Do you trust this device?",dev.name));t.replaceChildren.apply(t,[Pt("warning")].concat(t.childNodes()));let n=document.createElement("div");n.classList.add("d-flex","flex-row","gap"),n.appendChild(me("",J("Don't Trust"),Qd.bind(null,device.id))),n.appendChild(me("",J("Trust"),Vd.bind(null,device.id))),r.push(t),r.push(n)}let e=De("pairingbox");e.replaceChildren.apply(e,r),Nt(e,r.length>0),Xe()}function Xe(){let r=J("This mail is not encrypted nor signed.");if(P.fetched){P.encrypted?r=P.signed?J("This mail is encrypted and signed."):J("This mail is encrypted."):P.signed&&(r=J("This mail is signed."));for(let[e,t]of Object.entries(Ue))t.disabled=!1}else{Pe.length>0?r=te("Loading placeholder","Waiting for authorization"):r=Ws()?"":te("Loading placeholder","Loading…");for(let[e,t]of Object.entries(Ue))t.disabled=!0}De("statusbox").replaceChildren(document.createTextNode(r)),Nt(De("vieweropenbox"),P.viewerOpen),Ue.decrypt.setIconAndText("view",P.encrypted?te("@action:button","Decrypt"):te("@action:button","View email")),Ue.decrypt.disabled=Ue.decrypt.disabled&&!P.viewerOpen,Fd()}function Fd(){if(P.drafts.length>0){let r=document.createElement("ul");r.classList.add("my-0","list-unstyled","gap","d-flex");for(let e of P.drafts){let t=document.createElement("li");t.classList.add("d-flex","flex-row");let n=me("opendraft",J("Last Modified: %1",Yd(e.last_modification)),function(){qd(e.id)},["btn","w-100","d-flex","flex-row","align-items-center","rounded-e-md"]);t.appendChild(n),n=me("delete",'<span class="sr-only">'+te("@action:button","Delete")+"</span>",function(){$d(e.id)},["btn","btn-danger","ms-auto","py-1","rounded-e-md"]),t.appendChild(n),r.appendChild(t)}rt("draftslist",r)}else rt("draftslist",dt("<p>"+te("Placeholder","No draft found")+"</p>"))}function jt(r,e){console.log(r,e),x&&x.send(JSON.stringify({command:"log",arguments:{message:r,args:JSON.stringify(e)}}))}function Ct(r){x.send(JSON.stringify({command:r,arguments:{email:k.context.mailbox.userProfile.emailAddress,displayName:k.context.mailbox.userProfile.displayName,folderId:P.folderId,itemId:k.context.mailbox.convertToEwsId(k.context.mailbox.item.itemId,k.MailboxEnums.RestVersion.v2_0),ewsAccessToken:ye,verifiedNativeClients:Ie}}))}function Kd(){Ct("reencrypt")}function $s(){Ct("view")}function Bd(){Ct("reply")}function Gd(){Ct("forward")}function zd(){Ct("composer")}function qd(r){x.send(JSON.stringify({command:"open-draft",arguments:{id:r,email:k.context.mailbox.userProfile.emailAddress,displayName:k.context.mailbox.userProfile.displayName,ewsAccessToken:ye,verifiedNativeClients:Ie}}))}function $d(r){x.send(JSON.stringify({command:"delete-draft",arguments:{id:r,email:k.context.mailbox.userProfile.emailAddress,displayName:k.context.mailbox.userProfile.displayName,ewsAccessToken:ye,verifiedNativeClients:Ie}}))}function lt(){P.fetching\|\|Ie.length===0\|\|(P.fetched=!1,P.fetching=!0,Xe(),x.send(JSON.stringify({command:"info",arguments:{itemId:k.context.mailbox.convertToEwsId(k.context.mailbox.item.itemId,k.MailboxEnums.RestVersion.v2_0),email:k.context.mailbox.userProfile.emailAddress,ewsAccessToken:ye,verifiedNativeClients:Ie}})))}function Vd(r){Pe.splice(Pe.findIndex(e=>e.id===r),1),Ie.push(r),localStorage.setItem("verifiedNativeClients",Ie.join(";")),lt(),Go()}function Qd(r){Pe.splice(Pe.findIndex(e=>e.id===r),1),Go()}function Yd(r){const e=new Date(r*1e3);let t=new Date;return new Date(e).setHours(0,0,0,0)===t.setHours(0,0,0,0)?e.toLocaleTimeString([],{hour:"numeric",minute:"numeric"}):e.toLocaleDateString()}async function jd(r){k.context.mailbox.makeEwsRequestAsync(r.arguments.body,e=>{if(e.error){jt("Error while trying to send email via EWS",{error:e.error,value:e.value});return}jt("Email sent",{value:e.value}),x.send(JSON.stringify({command:"ews-response",arguments:{requestId:r.arguments.requestId,email:k.context.mailbox.userProfile.emailAddress,body:e.value}}))})}function Vs(){console.log("Set socket",x),!(x&&x.readyState===WebSocket.OPEN)&&(console.log("Set socket"),x=new WebSocket("wss://"+window.location.host+"/websocket"),x.addEventListener("open",r=>{we(""),x.send(JSON.stringify({command:"register",arguments:{emails:[k.context.mailbox.userProfile.emailAddress],type:"webclient"}})),x.send(JSON.stringify({command:"restore-autosave",arguments:{email:k.context.mailbox.userProfile.emailAddress,displayName:k.context.mailbox.userProfile.displayName,ewsAccessToken:ye}})),lt()}),x.addEventListener("close",r=>{we(J("Native client was disconnected, reconnecting in 1 second.")),console.log(r.reason),setTimeout(function(){Vs()},1e3)}),x.addEventListener("error",r=>{we(J("Native client received an error")),x.close()}),x.addEventListener("message",function(r){const{data:e}=r,t=JSON.parse(e);switch(jt("Received message from server",{command:t.command}),t.command){case"ews":jd(t);break;case"error":we(t.arguments.error);break;case"status-update":P.drafts=t.arguments.drafts,P.features=t.arguments.features,P.viewerOpen=t.arguments.viewerOpen,Xe();break;case"disconnection":we(J("Native client was disconnected"));break;case"connection":if(we(""),Ie.includes(t.arguments.id))lt();else{if(Pe.findIndex(c=>c.id===t.arguments.id)>=0)break;Pe.push({id:t.arguments.id,name:t.arguments.name}),Go()}break;case"info-fetched":console.log(t.arguments);const{itemId:n,folderId:o,encrypted:i,signed:s,version:a}=t.arguments;if(P.fetching=!1,n===k.context.mailbox.convertToEwsId(k.context.mailbox.item.itemId,k.MailboxEnums.RestVersion.v2_0)){P.fetched=!0,P.encrypted=i,P.signed=s,P.folderId=o,P.viewerOpen&&$s();let d=new URLSearchParams(document.location.search).get("version");a!==d&&wr("versionbox",te("@info","Version mismatch. Make sure you installed the last manifest.xml."),"warning")}else P.fetched=!1,jt("Received info for wrong email",{itemId:n,currentItemId:k.context.mailbox.convertToEwsId(k.context.mailbox.item.itemId,k.MailboxEnums.RestVersion.v2_0)}),lt();Xe()}}))}async function Wd(){wn=await Hd({auth:{clientId:"1d6f4a59-be04-4274-8793-71b4c081eb72",authority:"https://login.microsoftonline.com/common"}});{const r={scopes:["https://outlook.office365.com/EWS.AccessAsUser.All"]};try{console.log("Trying to acquire token silently...");const e=await wn.acquireTokenSilent(r);console.log("Acquired token silently."),ye=e.accessToken}catch(e){console.log(`Unable to acquire token silently: ${e}`)}if(ye===null)try{console.log("Trying to acquire token interactively...");const e=await wn.acquireTokenPopup(r);console.log("Acquired token interactively."),ye=e.accessToken}catch(e){console.error(`Unable to acquire token interactively: ${e}`)}ye===null&&we(J("Unable to acquire access token."))}}
	diff --git a/web/dist/index.html b/web/dist/index.html
	index d97fee5..d096670 100644
	--- a/web/dist/index.html
	+++ b/web/dist/index.html
	@@ -1,80 +1,80 @@
	<!doctype html>
	<html>
	<head>
	<meta charset="utf-8" />
	<title>Encryption information</title>
	<script type="text/javascript" src="https://appsforoffice.microsoft.com/lib/beta/hosted/office.js"></script>
	- <script type="module" crossorigin src="/assets/index-BCHqCfnY.js"></script>
	+ <script type="module" crossorigin src="/assets/index-BDpwQls6.js"></script>
	<link rel="stylesheet" crossorigin href="/assets/index-C8C8AKuF.css">
	</head>
	<body>
	<div class="d-flex gap" id="app">
	<div id="errorbox" class="alert alert-error rounded-md p-2 d-flex flex-row gap d-none"></div>
	<div id="versionbox" class="alert alert-warning rounded-md p-2 d-flex flex-row gap d-none"></div>

	<div id="pairing" class="alert alert-warning rounded-md p-2 d-flex flex-column gap d-none"></div>

	<div id="statusbox" class="mt-3"></div>
	<div id="viewbox">
	<div id="buttonbox">
	<span id="decrypt"></span>
	<span id="vieweropenbox"></span>
	<hr class="w-100 my-0"/>
	<span id="newemail"></span>
	<span id="reply"></span>
	<span id="forward"></span>
	<span id="reencrypt"></span>
	</div>
	<div class="draft-container">
	<span id="draftscaption"></span>
	<span id="draftslist"></span>
	</div>
	</div>

	<div id="icons" class="d-none">
	<!-- TODO: For error and warning, we could also just use unicode symbols -->
	<svg id="icon-error" width="24" height="24" fill="none" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg" class="h-32 w-32"
	style="color: rgb(33, 33, 33);">
	<path
	d="M12 2c5.523 0 10 4.478 10 10s-4.477 10-10 10S2 17.522 2 12 6.477 2 12 2Zm0 1.667c-4.595 0-8.333 3.738-8.333 8.333 0 4.595 3.738 8.333 8.333 8.333 4.595 0 8.333-3.738 8.333-8.333 0-4.595-3.738-8.333-8.333-8.333Zm-.001 10.835a.999.999 0 1 1 0 1.998.999.999 0 0 1 0-1.998ZM11.994 7a.75.75 0 0 1 .744.648l.007.101.004 4.502a.75.75 0 0 1-1.493.103l-.007-.102-.004-4.501a.75.75 0 0 1 .75-.751Z"
	fill="currentColor" fill-opacity="1"></path>
	</svg>
	<svg id="icon-warning" width="24" height="24" fill="none" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg" class="h-32 w-32" style="color: rgb(33, 33, 33);">
	<path
	d="M10.91 2.782a2.25 2.25 0 0 1 2.975.74l.083.138 7.759 14.009a2.25 2.25 0 0 1-1.814 3.334l-.154.006H4.243a2.25 2.25 0 0 1-2.041-3.197l.072-.143L10.031 3.66a2.25 2.25 0 0 1 .878-.878Zm9.505 15.613-7.76-14.008a.75.75 0 0 0-1.254-.088l-.057.088-7.757 14.008a.75.75 0 0 0 .561 1.108l.095.006h15.516a.75.75 0 0 0 .696-1.028l-.04-.086-7.76-14.008 7.76 14.008ZM12 16.002a.999.999 0 1 1 0 1.997.999.999 0 0 1 0-1.997ZM11.995 8.5a.75.75 0 0 1 .744.647l.007.102.004 4.502a.75.75 0 0 1-1.494.103l-.006-.102-.004-4.502a.75.75 0 0 1 .75-.75Z"
	fill="currentColor" fill-opacity="1"></path>
	</svg>
	<svg id="icon-view" xmlns="http://www.w3.org/2000/svg" width="1.5em" height="1.5em" viewBox="0 0 20 20">
	<path fill="currentColor"
	d="M18 5.95a2.5 2.5 0 1 0-1.002-4.9A2.5 2.5 0 0 0 18 5.95M4.5 3h9.535a3.5 3.5 0 0 0 0 1H4.5A1.5 1.5 0 0 0 3 5.5v.302l7 4.118l5.754-3.386c.375.217.795.365 1.241.43l-6.741 3.967a.5.5 0 0 1-.426.038l-.082-.038L3 6.963V13.5A1.5 1.5 0 0 0 4.5 15h11a1.5 1.5 0 0 0 1.5-1.5V6.965a3.5 3.5 0 0 0 1 0V13.5a2.5 2.5 0 0 1-2.5 2.5h-11A2.5 2.5 0 0 1 2 13.5v-8A2.5 2.5 0 0 1 4.5 3"/>
	</svg>
	<svg id="icon-new" xmlns="http://www.w3.org/2000/svg" width="1.5em" height="1.5em" viewBox="0 0 20 20">
	<path fill="currentColor"
	d="M15.5 4A2.5 2.5 0 0 1 18 6.5v8a2.5 2.5 0 0 1-2.5 2.5h-11A2.5 2.5 0 0 1 2 14.5v-8A2.5 2.5 0 0 1 4.5 4zM17 7.961l-6.746 3.97a.5.5 0 0 1-.426.038l-.082-.038L3 7.963V14.5A1.5 1.5 0 0 0 4.5 16h11a1.5 1.5 0 0 0 1.5-1.5zM15.5 5h-11A1.5 1.5 0 0 0 3 6.5v.302l7 4.118l7-4.12v-.3A1.5 1.5 0 0 0 15.5 5"/>
	</svg>
	<svg id="icon-reply" xmlns="http://www.w3.org/2000/svg" width="1.5em" height="1.5em" viewBox="0 0 20 20">
	<path fill="currentColor"
	d="M7.354 3.646a.5.5 0 0 1 0 .708L3.707 8H10.5a7.5 7.5 0 0 1 7.5 7.5a.5.5 0 0 1-1 0A6.5 6.5 0 0 0 10.5 9H3.707l3.647 3.646a.5.5 0 0 1-.708.708l-4.5-4.5a.5.5 0 0 1 0-.708l4.5-4.5a.5.5 0 0 1 .708 0"/>
	</svg>
	<svg id="icon-forward" xmlns="http://www.w3.org/2000/svg" width="1.5em" height="1.5em" viewBox="0 0 20 20">
	<path fill="currentColor"
	d="m16.293 9l-3.39 3.39a.5.5 0 0 0 .639.765l.069-.058l4.243-4.243a.5.5 0 0 0 .057-.638l-.057-.07l-4.243-4.242a.5.5 0 0 0-.765.638l.058.07L16.293 8H10a7.5 7.5 0 0 0-7.496 7.258L2.5 15.5a.5.5 0 0 0 1 0a6.5 6.5 0 0 1 6.267-6.496L10 9z"/>
	</svg>
	<!-- TODO: currently same as forward -->
	<svg id="icon-reencrypt" xmlns="http://www.w3.org/2000/svg" width="1.5em" height="1.5em" viewBox="0 0 20 20">
	<path fill="currentColor"
	d="m16.293 9l-3.39 3.39a.5.5 0 0 0 .639.765l.069-.058l4.243-4.243a.5.5 0 0 0 .057-.638l-.057-.07l-4.243-4.242a.5.5 0 0 0-.765.638l.058.07L16.293 8H10a7.5 7.5 0 0 0-7.496 7.258L2.5 15.5a.5.5 0 0 0 1 0a6.5 6.5 0 0 1 6.267-6.496L10 9z"/>
	</svg>
	<svg id="icon-opendraft" xmlns="http://www.w3.org/2000/svg" width="1.5em" height="1.5em" viewBox="0 0 20 20">
	<path fill="currentColor"
	d="M15.5 3.001a2.5 2.5 0 0 1 2.5 2.5v3.633a2.9 2.9 0 0 0-1-.131V6.962l-6.746 3.97a.5.5 0 0 1-.426.038l-.082-.038L3 6.964v6.537a1.5 1.5 0 0 0 1.5 1.5h5.484c-.227.3-.4.639-.51 1H4.5a2.5 2.5 0 0 1-2.5-2.5v-8a2.5 2.5 0 0 1 2.5-2.5zm0 1h-11a1.5 1.5 0 0 0-1.5 1.5v.302l7 4.118l7-4.119v-.301a1.5 1.5 0 0 0-1.5-1.5m-4.52 11.376l4.83-4.83a1.87 1.87 0 1 1 2.644 2.646l-4.83 4.829a2.2 2.2 0 0 1-1.02.578l-1.498.374a.89.89 0 0 1-1.079-1.078l.375-1.498a2.2 2.2 0 0 1 .578-1.02"/>
	</svg>
	<svg id="icon-delete" xmlns="http://www.w3.org/2000/svg" width="1em" height="1em" viewBox="0 0 24 24">
	<path fill="currentColor"
	d="M10 5h4a2 2 0 1 0-4 0M8.5 5a3.5 3.5 0 1 1 7 0h5.75a.75.75 0 0 1 0 1.5h-1.32l-1.17 12.111A3.75 3.75 0 0 1 15.026 22H8.974a3.75 3.75 0 0 1-3.733-3.389L4.07 6.5H2.75a.75.75 0 0 1 0-1.5zm2 4.75a.75.75 0 0 0-1.5 0v7.5a.75.75 0 0 0 1.5 0zM14.25 9a.75.75 0 0 1 .75.75v7.5a.75.75 0 0 1-1.5 0v-7.5a.75.75 0 0 1 .75-.75m-7.516 9.467a2.25 2.25 0 0 0 2.24 2.033h6.052a2.25 2.25 0 0 0 2.24-2.033L18.424 6.5H5.576z"/>
	</svg>

	</div>

	</body>
	</html>
	diff --git a/web/src/script.js b/web/src/script.js
	index 8de34e0..6a07be0 100644
	--- a/web/src/script.js
	+++ b/web/src/script.js
	@@ -1,502 +1,435 @@
	// SPDX-FileCopyrightText: 2023 g10 code GmbH
	// SPDX-Contributor: Carl Schwan <carl.schwan@gnupg.com>
	// SPDX-License-Identifier: GPL-2.0-or-later

	const global = (0, eval)("this");
	const Office = global.Office;
	const messages = global.messages;

	import {i18n, i18nc} from './services/i18n.js'
	+import {getElement, changeElement, getIcon, spanFromHTML, divFromHTML, showElement,
	+ makeButton, setMessage, setErrorMessage, haveError} from './utils.js'
	import {createNestablePublicClientApplication} from "@azure/msal-browser";

	"use strict";

	+let mainButtons = [];
	+let devicesToVerify = [];
	+let verifiedNativeClients = [];
	+let status = {
	+ encrypted: false,
	+ signed: false,
	+ drafts: [],
	+ fetched: false,
	+ fetching: false,
	+ folderId: '',
	+ features: [],
	+ viewerOpen: false,
	+};
	+let socket = null;
	+let pca = undefined;
	+let ewsAccessToken = null;
	+
	Office.onReady(async () => {
	verifiedNativeClients = localStorage.getItem("verifiedNativeClients")?.split(';') ?? []
	if (Office.context.requirements.isSetSupported("NestedAppAuth", "1.1")) {
	await auth();
	}

	webSocketConnect();
	Office.context.mailbox.addHandlerAsync(Office.EventType.ItemChanged, (eventArgs) => {
	status.fetching = false;
	status.fetched = false;
	if (Office.context.mailbox.item) {
	+ console.log(Office.context.mailbox.convertToEwsId(Office.context.mailbox.item.itemId, Office.MailboxEnums.RestVersion.v2_0), Office.context.mailbox.item.itemId);
	info();
	} else {
	setErrorMessage(i18n("No item selected"));
	}
	updateStatusText();
	});

	+ initUI();
	+})
	+
	+function initUI() {
	let h2 = document.createElement("h2");
	h2.classList.add("mb-0");
	h2.appendChild(document.createTextNode(i18n("Drafts")));
	changeElement("draftscaption", h2);

	mainButtons = {
	"decrypt": makeButton("view", "", function() { view(); }),
	"newemail": makeButton("new", i18nc("@action:button", "New secure email"), function() { newEmail(); }),
	"reply": makeButton("reply", i18nc("@action:button", "Reply securely"), function() { reply(); }),
	"forward": makeButton("forward", i18nc("@action:button", "Forward securely"), function() { forward(); }),
	"reencrypt": makeButton("reencrypt", i18nc("@action:button", "Reencrypt folder"), function() { reencrypt(); }),
	}
	for (let [id, button] of Object.entries(mainButtons)) {
	changeElement(id, button);
	}
	- viewerOpenBox = divFromHTML("<small>" + i18nc("@info", "Viewer already open.") + "</small>");
	- changeElement("vieweropenbox", viewerOpenBox);
	- showElement(viewerOpenBox, false);
	-})
	-
	-function changeElement(id, newElement) {
	- let oldElement = getElement(id);
	- oldElement.replaceWith(newElement);
	- newElement.id = id;
	-}
	-
	-function getIcon(id) {
	- return (getElement("icon-" + id).cloneNode(true));
	-}
	-
	-function spanFromHTML(html) {
	- let span = document.createElement("span");
	- span.innerHTML = html;
	- return span;
	-}
	-
	-function divFromHTML(html) {
	- let div = document.createElement("div");
	- div.innerHTML = html;
	- return div;
	-}
	-
	-function getElement(id) {
	- return document.getElementById(id);
	-}
	-
	-function setMessage(divid, msg, icon) {
	- let box = getElement(divid);
	- if (msg.length == 0) {
	- console.log("hide", divid);
	- showElement(box, false);
	- box.replaceChildren();
	- } else {
	- showElement(box, true);
	- box.replaceChildren(getIcon(icon), spanFromHTML(msg));
	- }
	-}
	-
	-function setErrorMessage(msg) {
	- setMessage("errorbox", msg, "error");
	-}
	-
	-function haveError() {
	- return getElement("errorbox").classList.contains("d-none");
	-}
	-
	-function showElement(el, show) {
	- if (show) {
	- el.classList.remove("d-none");
	- } else {
	- el.classList.add("d-none");
	- }
	-}
	-
	-function makeButton(icon, text, callback, classes=["w-100", "btn", "rounded-md", "mt-3"]) {
	- let button = document.createElement("button");
	- button.setIconAndText = function(icon, text) {
	- this.replaceChildren(getIcon(icon), spanFromHTML(text));
	- }.bind(button);
	- button.setIconAndText(icon, text);
	- button.replaceChildren(getIcon(icon), spanFromHTML(text));
	- button.classList.add.apply(button.classList, classes);
	- button.addEventListener("click", (event) => { callback() });
	- return button;
	+ let box = divFromHTML("<small>" + i18nc("@info", "Viewer already open.") + "</small>");
	+ changeElement("vieweropenbox", box);
	+ updateStatusText();
	}

	function updatePairing() {
	let elems = [];
	for (dev of devicesToVerify) {
	let caption = spanFromHTML(i18n("Unknown device: %1. Do you trust this device?", dev.name), "div");
	caption.replaceChildren.apply(caption, [getIcon("warning")].concat(caption.childNodes()));
	let buttons = document.createElement("div");
	buttons.classList.add("d-flex", "flex-row", "gap");
	buttons.appendChild(makeButton("", i18n("Don't Trust"), ignore.bind(null, device.id)));
	buttons.appendChild(makeButton("", i18n("Trust"), trust.bind(null, device.id)));
	elems.push(caption);
	elems.push(buttons);
	}
	let box = getElement("pairingbox");
	box.replaceChildren.apply(box, elems);
	showElement(box, elems.length > 0);
	updateStatusText();
	}

	-let mainButtons = [];
	-let devicesToVerify = [];
	-let viewerOpenBox;
	-
	-let viewerOpen = false;
	-let verifiedNativeClients = [];
	-let status = {
	- encrypted: false,
	- signed: false,
	- drafts: [],
	- fetched: false,
	- fetching: false,
	- folderId: '',
	- features: [],
	-};
	-let socket = null;
	-let pca = undefined;
	-let ewsAccessToken = null;
	-
	function updateStatusText() {
	let msg = i18n("This mail is not encrypted nor signed.");
	if (!status.fetched) {
	if (devicesToVerify.length > 0) {
	msg = i18nc("Loading placeholder", "Waiting for authorization");
	} else {
	msg = haveError() ? "" : i18nc("Loading placeholder", "Loading…");
	}
	for (let [id, button] of Object.entries(mainButtons)) {
	button.disabled = true;
	}
	} else {
	if (status.encrypted) {
	msg = status.signed ? i18n("This mail is encrypted and signed.") : i18n("This mail is encrypted.");
	} else if (status.signed) {
	msg = i18n("This mail is signed.")
	}
	for (let [id, button] of Object.entries(mainButtons)) {
	button.disabled = false;
	}
	}
	getElement("statusbox").replaceChildren(document.createTextNode(msg));
	- mainButtons.decrypt.setIconAndText("view", decryptButtonText());
	+ showElement(getElement("vieweropenbox"), status.viewerOpen);
	+ mainButtons.decrypt.setIconAndText("view", status.encrypted ? i18nc("@action:button", "Decrypt") : i18nc("@action:button", "View email"));
	+ mainButtons.decrypt.disabled = mainButtons.decrypt.disabled && !status.viewerOpen;
	updateDraftList(); // TODO: perhaps only on changes
	}

	-function decryptButtonText() {
	- if (status.encrypted) {
	- return i18nc("@action:button", "Decrypt");
	- }
	- return i18nc("@action:button", "View email");
	-}
	-
	function updateDraftList() {
	if (status.drafts.length > 0) {
	let draftsList = document.createElement("ul");
	draftsList.classList.add("my-0", "list-unstyled", "gap", "d-flex");

	for (let draft of status.drafts) {
	let li = document.createElement("li");
	li.classList.add("d-flex", "flex-row");

	let button = makeButton("opendraft",
	i18n("Last Modified: %1", displayDate(draft.last_modification)),
	function() { openDraft(draft.id); },
	["btn", "w-100", "d-flex", "flex-row", "align-items-center", "rounded-e-md"]);
	li.appendChild(button);

	button = makeButton("delete",
	'<span class="sr-only">' + i18nc("@action:button", "Delete") + '</span>',
	function() { deleteDraft(draft.id) },
	["btn", "btn-danger", "ms-auto", "py-1", "rounded-e-md"]);
	li.appendChild(button);

	draftsList.appendChild(li);
	}
	changeElement("draftslist", draftsList);
	} else {
	changeElement("draftslist", spanFromHTML("<p>" + i18nc("Placeholder", "No draft found") + "</p>"));
	}
	}

	function gpgolLog(message, args) {
	console.log(message, args);
	if (socket) {
	socket.send(JSON.stringify({
	command: "log",
	arguments: {
	message,
	args: JSON.stringify(args),
	},
	}));
	}
	}

	function genericMailAction(command) {
	socket.send(JSON.stringify({
	command,
	arguments: {
	email: Office.context.mailbox.userProfile.emailAddress,
	displayName: Office.context.mailbox.userProfile.displayName,
	folderId: status.folderId,
	itemId: Office.context.mailbox.convertToEwsId(Office.context.mailbox.item.itemId, Office.MailboxEnums.RestVersion.v2_0),
	ewsAccessToken,
	verifiedNativeClients,
	}
	}));
	}

	function reencrypt() {
	genericMailAction('reencrypt');
	}

	function view() {
	genericMailAction('view');
	}

	function reply() {
	genericMailAction('reply');
	}

	function forward() {
	genericMailAction('forward');
	}

	function newEmail() {
	genericMailAction('composer');
	}

	function openDraft(id) {
	socket.send(JSON.stringify({
	command: 'open-draft',
	arguments: {
	id,
	email: Office.context.mailbox.userProfile.emailAddress,
	displayName: Office.context.mailbox.userProfile.displayName,
	ewsAccessToken,
	verifiedNativeClients,
	}
	}));
	}

	function deleteDraft(id) {
	socket.send(JSON.stringify({
	command: 'delete-draft',
	arguments: {
	id: id,
	email: Office.context.mailbox.userProfile.emailAddress,
	displayName: Office.context.mailbox.userProfile.displayName,
	ewsAccessToken,
	verifiedNativeClients,
	}
	}));
	- // TODO this.status.drafts.splice(this.status.drafts.findIndex((draft) => draft.id === id), 1);
	}


	function info() {
	if (status.fetching \|\| verifiedNativeClients.length === 0) {
	return;
	}
	status.fetched = false;
	status.fetching = true;
	updateStatusText();
	socket.send(JSON.stringify({
	command: 'info',
	arguments: {
	itemId: Office.context.mailbox.convertToEwsId(Office.context.mailbox.item.itemId, Office.MailboxEnums.RestVersion.v2_0),
	email: Office.context.mailbox.userProfile.emailAddress,
	ewsAccessToken,
	verifiedNativeClients,
	}
	}));
	}

	function trust(deviceId) {
	devicesToVerify.splice(devicesToVerify.findIndex((device) => device.id === deviceId), 1);
	verifiedNativeClients.push(deviceId);
	localStorage.setItem("verifiedNativeClients", verifiedNativeClients.join(';'));
	info();
	updatePairing();
	}

	function ignore(deviceId) {
	devicesToVerify.splice(devicesToVerify.findIndex((device) => device.id === deviceId), 1);
	updatePairing();
	}

	function displayDate(timestamp) {
	const date = new Date(timestamp * 1000);
	let todayDate = new Date();
	if ((new Date(date)).setHours(0, 0, 0, 0) === todayDate.setHours(0, 0, 0, 0)) {
	return date.toLocaleTimeString([], {
	hour: 'numeric',
	minute: 'numeric',
	});
	} else {
	return date.toLocaleDateString();
	}
	}

	/// Only called when not using Office365
	async function executeEws(message) {
	Office.context.mailbox.makeEwsRequestAsync(message.arguments.body, (asyncResult) => {
	if (asyncResult.error) {
	gpgolLog("Error while trying to send email via EWS", {error: asyncResult.error, value: asyncResult.value,});
	return;
	}

	gpgolLog("Email sent", {value: asyncResult.value});
	// let the client known that the email was sent
	socket.send(JSON.stringify({
	command: 'ews-response',
	arguments: {
	requestId: message.arguments.requestId,
	email: Office.context.mailbox.userProfile.emailAddress,
	body: asyncResult.value,
	}
	}));
	});
	}

	function webSocketConnect() {
	console.log("Set socket", socket)
	if (socket && socket.readyState === WebSocket.OPEN) {
	return;
	}
	console.log("Set socket")
	socket = new WebSocket("wss://" + window.location.host + '/websocket');

	// Connection opened
	socket.addEventListener("open", (event) => {
	setErrorMessage('');
	socket.send(JSON.stringify({
	command: "register",
	arguments: {
	emails: [Office.context.mailbox.userProfile.emailAddress],
	type: 'webclient',
	},
	}));

	socket.send(JSON.stringify({
	command: 'restore-autosave',
	arguments: {
	email: Office.context.mailbox.userProfile.emailAddress,
	displayName: Office.context.mailbox.userProfile.displayName,
	ewsAccessToken,
	}
	}));

	info()
	});

	socket.addEventListener("close", (event) => {
	setErrorMessage(i18n("Native client was disconnected, reconnecting in 1 second."));
	console.log(event.reason)
	setTimeout(function () {
	webSocketConnect();
	}, 1000);
	});

	socket.addEventListener("error", (event) => {
	setErrorMessage(i18n("Native client received an error"));
	socket.close();
	});

	// Listen for messages
	socket.addEventListener("message", function (result) {
	const {data} = result;
	const message = JSON.parse(data);
	gpgolLog("Received message from server", {command: message.command});
	switch (message.command) {
	case 'ews':
	executeEws(message);
	break;
	case 'error':
	setErrorMessage(message.arguments.error);
	break;
	case 'status-update':
	- viewerOpen = message.arguments.viewerOpen;
	status.drafts = message.arguments.drafts;
	status.features = message.arguments.features;
	+ status.viewerOpen = message.arguments.viewerOpen;
	updateStatusText();
	break;
	case 'disconnection':
	setErrorMessage(i18n("Native client was disconnected"));
	break;
	case 'connection':
	setErrorMessage('');
	if (!verifiedNativeClients.includes(message.arguments.id)) {
	if (devicesToVerify.findIndex(device => device.id === message.arguments.id) >= 0) {
	break;
	}
	devicesToVerify.push({
	id: message.arguments.id,
	name: message.arguments.name,
	})
	updatePairing();
	} else {
	info();
	}
	break;
	case 'info-fetched':
	console.log(message.arguments)
	const {itemId, folderId, encrypted, signed, version} = message.arguments;
	status.fetching = false;
	if (itemId === Office.context.mailbox.convertToEwsId(Office.context.mailbox.item.itemId, Office.MailboxEnums.RestVersion.v2_0)) {
	status.fetched = true;
	status.encrypted = encrypted;
	status.signed = signed;
	status.folderId = folderId;

	- if (viewerOpen) {
	+ if (status.viewerOpen) {
	view();
	}
	let params = new URLSearchParams(document.location.search);
	let manifestVersion = params.get("version");
	if (version !== manifestVersion) {
	setMessage("versionbox", i18nc("@info", "Version mismatch. Make sure you installed the last manifest.xml."), "warning");
	}
	} else {
	status.fetched = false;
	gpgolLog("Received info for wrong email", {itemId, currentItemId: Office.context.mailbox.convertToEwsId(Office.context.mailbox.item.itemId, Office.MailboxEnums.RestVersion.v2_0) });
	info();
	}
	updateStatusText();
	}
	});
	}

	async function auth() {
	pca = await createNestablePublicClientApplication({
	auth: {
	clientId: "1d6f4a59-be04-4274-8793-71b4c081eb72",
	authority: "https://login.microsoftonline.com/common"
	},
	});

	{
	const tokenRequest = {
	scopes: ["https://outlook.office365.com/EWS.AccessAsUser.All"]
	}
	try {
	console.log("Trying to acquire token silently...");
	const userAccount = await pca.acquireTokenSilent(tokenRequest);
	console.log("Acquired token silently.");
	ewsAccessToken = userAccount.accessToken;
	} catch (error) {
	console.log(`Unable to acquire token silently: ${error}`);
	}
	if (ewsAccessToken === null) {
	// Acquire token silent failure. Send an interactive request via popup.
	try {
	console.log("Trying to acquire token interactively...");
	const userAccount = await pca.acquireTokenPopup(tokenRequest);
	console.log("Acquired token interactively.");
	ewsAccessToken = userAccount.accessToken;
	} catch (popupError) {
	// Acquire token interactive failure.
	console.error( `Unable to acquire token interactively: ${popupError}`);
	}
	}
	// Log error if both silent and popup requests failed.
	if (ewsAccessToken === null) {
	setErrorMessage(i18n("Unable to acquire access token."));
	}
	}
	}
	diff --git a/web/src/utils.js b/web/src/utils.js
	new file mode 100644
	index 0000000..b59727b
	--- /dev/null
	+++ b/web/src/utils.js
	@@ -0,0 +1,71 @@
	+// SPDX-FileCopyrightText: 2026 g10 code GmbH
	+// SPDX-Contributor: Thomas Friedrichsmeier <thomas.friedrichsmeier@gnupg.com>
	+// SPDX-License-Identifier: GPL-2.0-or-later
	+
	+// More of less generic/low-level helper functions
	+
	+export function getElement(id) {
	+ return document.getElementById(id);
	+}
	+
	+export function changeElement(id, newElement) {
	+ let oldElement = getElement(id);
	+ oldElement.replaceWith(newElement);
	+ newElement.id = id;
	+}
	+
	+export function getIcon(id) {
	+ return (getElement("icon-" + id).cloneNode(true));
	+}
	+
	+export function spanFromHTML(html) {
	+ let span = document.createElement("span");
	+ span.innerHTML = html;
	+ return span;
	+}
	+
	+export function divFromHTML(html) {
	+ let div = document.createElement("div");
	+ div.innerHTML = html;
	+ return div;
	+}
	+
	+export function showElement(el, show) {
	+ if (show) {
	+ el.classList.remove("d-none");
	+ } else {
	+ el.classList.add("d-none");
	+ }
	+}
	+
	+export function makeButton(icon, text, callback, classes=["w-100", "btn", "rounded-md", "mt-3"]) {
	+ let button = document.createElement("button");
	+ button.setIconAndText = function(icon, text) {
	+ this.replaceChildren(getIcon(icon), spanFromHTML(text));
	+ }.bind(button);
	+ button.setIconAndText(icon, text);
	+ button.replaceChildren(getIcon(icon), spanFromHTML(text));
	+ button.classList.add.apply(button.classList, classes);
	+ button.addEventListener("click", (event) => { callback() });
	+ return button;
	+}
	+
	+export function setMessage(divid, msg, icon) {
	+ let box = getElement(divid);
	+ if (msg.length == 0) {
	+ console.log("hide", divid);
	+ showElement(box, false);
	+ box.replaceChildren();
	+ } else {
	+ showElement(box, true);
	+ box.replaceChildren(getIcon(icon), spanFromHTML(msg));
	+ }
	+}
	+
	+export function setErrorMessage(msg) {
	+ setMessage("errorbox", msg, "error");
	+}
	+
	+export function haveError() {
	+ return getElement("errorbox").classList.contains("d-none");
	+}

File Metadata

Mime Type: text/x-diff
Expires: Sun, Feb 1, 7:52 PM (21 h, 34 m)
Storage Engine: local-disk
Storage Format: Raw Data
Storage Handle: 19/90/1bc8497ee73d39a0c61c29ed82ab

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions