{"version":3,"file":"static/js/vendors-114e6879.0d13c0cb.js","mappings":"yGAaM,SAAUA,EACZC,EACAC,EACAC,EACAC,GAGA,OADAH,EAAOI,QAAQ,yBACRF,EAAcD,EAAeF,eAAeI,GAAiB,EACxE,C,SAOgBE,EACZF,EACAH,EACAC,GAGA,GADAD,EAAOM,MAAM,qBAC6B,IAAtCC,OAAOC,KAAKL,GAAeM,OAE3B,OADAT,EAAOU,QAAQ,yCACR,KAGX,MAAMC,EACFV,EAAeW,yBAAyBT,GAE5C,OAAIQ,GACAX,EAAOI,QACH,iEAEGO,IAEPX,EAAOI,QAAQ,yDACR,KAEf,C,SAUgBS,EACZC,EACAd,EACAC,GAGA,GADAD,EAAOM,MAAM,gCACRQ,EAED,OADAd,EAAOU,QAAQ,8CACR,KAGX,MAAMC,EAAUV,EAAeW,yBAAyB,CACpDE,aAEJ,OAAIH,GACAX,EAAOI,QACH,oEAEJJ,EAAOe,WAAW,yEAADC,OAC4DF,IAEtEH,IAEPX,EAAOI,QACH,mEAEG,KAEf,C,SASgBa,EACZC,EACAlB,EACAC,GAGA,GADAD,EAAOM,MAAM,8BACRY,EAED,OADAlB,EAAOU,QAAQ,iDACR,KAGX,MAAMC,EAAUV,EAAeW,yBAAyB,CACpDM,kBAEJ,OAAIP,GACAX,EAAOI,QACH,uEAEJJ,EAAOe,WAAW,4EAADC,OAC+DE,IAEzEP,IAEPX,EAAOI,QACH,iEAEG,KAEf,C,SASgBe,EACZC,EACApB,EACAC,GAGA,GADAD,EAAOM,MAAM,+BACRc,EAED,OADApB,EAAOU,QAAQ,mDACR,KAGX,MAAMC,EAAUV,EAAeW,yBAAyB,CACpDQ,mBAEJ,OAAIT,GACAX,EAAOI,QACH,yEAEJJ,EAAOe,WAAW,8EAADC,OACiEI,IAE3ET,IAEPX,EAAOI,QACH,kEAEG,KAEf,CAMgB,SAAAiB,EACZV,EACAV,GAEAA,EAAeoB,iBAAiBV,EACpC,CAKM,SAAUW,EACZrB,GAEA,OAAOA,EAAeqB,kBAC1B,C,kOC/KA,MAAMC,EAAyB,M,MAElBC,EACTC,OAAAA,CAAQC,GACJ,MAAMC,EAAO,GAAHX,OAAMY,mBAAmBF,IAC7BG,EAAaC,SAASC,OAAOC,MAAM,KACzC,IAAK,IAAIC,EAAI,EAAGA,EAAIJ,EAAWpB,OAAQwB,IAAK,CACxC,MAAMF,EAASF,EAAWI,IACnBP,KAAQQ,GAAQC,mBAAmBJ,GAAQK,OAAOJ,MAAM,KACzDK,EAAQH,EAAKI,KAAK,KAExB,GAAIZ,IAAQC,EACR,OAAOU,CAEd,CACD,MAAO,E,CAGXE,OAAAA,CACIb,EACAW,EACAG,GACsB,IAAtBC,IAAAC,UAAAjC,OAAA,QAAAkC,IAAAD,UAAA,KAAAA,UAAA,GAEIE,EAAY,GAAH5B,OAAMY,mBAAmBF,GAAI,KAAAV,OAAIY,mBAC1CS,GACH,yBAED,GAAIG,EAAgB,CAChB,MAAMK,EAoCZ,SAAkCL,GACpC,MAAMM,EAAQ,IAAIC,KACZC,EAAO,IAAID,KACbD,EAAMG,UAAYT,EAAiBjB,GAEvC,OAAOyB,EAAKE,aAChB,CA1C+BC,CAAwBX,GAC3CI,GAAa,WAAJ5B,OAAe6B,EAAU,IACrC,CAEGJ,IACAG,GAAa,WAGjBd,SAASC,OAASa,C,CAGtBQ,UAAAA,CAAW1B,GAEP2B,KAAKd,QAAQb,EAAK,IAAK,E,CAG3B4B,OAAAA,GACI,MAAMzB,EAAaC,SAASC,OAAOC,MAAM,KACnCxB,EAAsB,GAM5B,OALAqB,EAAW0B,SAASxB,IAChB,MAAMyB,EAAcrB,mBAAmBJ,GAAQK,OAAOJ,MAAM,KAC5DxB,EAAKiD,KAAKD,EAAY,GAAG,IAGtBhD,C,CAGXkD,WAAAA,CAAYhC,GACR,OAAO2B,KAAKC,UAAUK,SAASjC,E,kBCSjC,MAAOkC,UAA4BC,EAAAA,GAgBrCC,WAAAA,CACIC,EACAC,EACAC,EACAjE,EACAkE,EACAC,GAEAC,MAAML,EAAUE,EAAYjE,EAAQkE,GACpCb,KAAKW,YAAcA,EACnBX,KAAKrD,OAASA,EACdqD,KAAKgB,gBAAkB,IAAIC,EAAAA,EAC3BjB,KAAKpD,eAAiBoD,KAAKkB,oBACvBlB,KAAKW,YAAYQ,eAErBnB,KAAKoB,sBAAwBpB,KAAKkB,oBAC9BlB,KAAKW,YAAYU,wBAErBrB,KAAKsB,cAAgB,IAAInD,EAGrBwC,EAAYY,wBACZvB,KAAKwB,sBACLxB,KAAKyB,iBAGTzB,KAAKc,kBAAoBA,C,CAOnBI,mBAAAA,CACNC,GAEA,IACI,OAAQA,GACJ,KAAKO,EAAAA,GAAqBC,aACtB,OAAO,IAAIA,EAAAA,EACf,KAAKD,EAAAA,GAAqBE,eACtB,OAAO,IAAIA,EAAAA,EACf,KAAKF,EAAAA,GAAqBT,eAIjC,CAAC,MAAOY,GACL7B,KAAKrD,OAAOmF,MAAMD,EACrB,CAED,OADA7B,KAAKW,YAAYQ,cAAgBO,EAAAA,GAAqBT,cAC/C,IAAIA,EAAAA,C,CAOLO,mBAAAA,GACN,MAAMO,EAAa,GAAHpE,OAAMqE,EAAAA,GAAUC,aAAY,KAAAtE,OAAIuE,EAAAA,GAAoBC,UAC9DC,EAAgB,GAAHzE,OAAMqE,EAAAA,GAAUC,aAAY,KAAAtE,OAAIuE,EAAAA,GAAoBG,aACjEC,EAAW,GAAH3E,OAAMqE,EAAAA,GAAUC,aAAY,KAAAtE,OAAIuE,EAAAA,GAAoBK,OAC5DC,EAAe,GAAH7E,OAAMqE,EAAAA,GAAUC,aAAY,KAAAtE,OAAIuE,EAAAA,GAAoBO,YAOhEC,EAAS,CALM1C,KAAKpD,eAAewB,QAAQ2D,GACzB/B,KAAKpD,eAAewB,QAAQgE,GACjCpC,KAAKpD,eAAewB,QAAQkE,GACxBtC,KAAKpD,eAAewB,QAAQoE,IAQ7B,CAClBN,EAAAA,GAAoBC,SACpBD,EAAAA,GAAoBG,YACpBH,EAAAA,GAAoBK,MACpBL,EAAAA,GAAoBO,YAGVvC,SAAQ,CAACyC,EAAkBC,KACrC,MAAM5D,EAAQ0D,EAAOE,GACjB5D,GACAgB,KAAK6C,kBAAkBF,EAAU3D,GAAO,EAC3C,G,CASDyC,aAAAA,GACJzB,KAAKrD,OAAOM,MAAM,+CAClB,MAAM6F,EAAc9C,KAAK5B,QAAQ2E,EAAAA,GAAgBC,cAC3CC,EAAYjD,KAAK5B,QAAQ,GAADT,OACvBoF,EAAAA,GAAgBG,WAAU,KAAAvF,OAAIqC,KAAKU,WAE1C,GAAIoC,GAAeG,EAKf,YAJAjD,KAAKrD,OAAOI,QACR,qGAMQiD,KAAKpD,eAAeqD,UAC5BC,SAAS7B,IACb,GAAI2B,KAAKmD,gBAAgB9E,GAAM,CAE3B,MAAMW,EAAQgB,KAAK5B,QAAQC,GAC3B,GAAIW,EAAO,CACP,MAAMoE,EAAUpD,KAAKqD,qBAAqBrE,GAC1C,GAAIoE,GAAWA,EAAQE,eAAe,kBAClC,OAAQF,EAAwB,gBAC5B,KAAKG,EAAAA,GAAepB,SAChB,GAAIqB,EAAAA,GAAAA,gBAA6BJ,GAAU,CACvCpD,KAAKrD,OAAOM,MACR,kFAEJ+C,KAAKrD,OAAO8G,SAAS,yDAAD9F,OACyCU,EAAG,wCAEhE,MAAMqF,EACFN,EACEO,EACF3D,KAAK4D,yBACDvF,EACAqF,GAMR,YAJA1D,KAAK6D,YACDF,EACAJ,EAAAA,GAAepB,SAGtB,CACGnC,KAAKrD,OAAOM,MACR,iLAEJ+C,KAAKrD,OAAO8G,SAAS,yEAAD9F,OACyDU,IAGjF,MACJ,KAAKkF,EAAAA,GAAeO,aACpB,KAAKP,EAAAA,GAAeQ,8BAChB,GAAIP,EAAAA,GAAAA,oBAAiCJ,GAAU,CAC3CpD,KAAKrD,OAAOM,MACR,sFAEJ+C,KAAKrD,OAAO8G,SAAS,6DAAD9F,OAC6CU,EAAG,wCAEpE,MAAM2F,EACFZ,EACEO,EACF3D,KAAK4D,yBACDvF,EACA2F,GAMR,YAJAhE,KAAK6D,YACDF,EACAJ,EAAAA,GAAeO,aAGtB,CACG9D,KAAKrD,OAAOM,MACR,6LAEJ+C,KAAKrD,OAAO8G,SAAS,6EAAD9F,OAC6DU,IAGrF,MACJ,KAAKkF,EAAAA,GAAeU,cAChB,GACIT,EAAAA,GAAAA,qBAAkCJ,GACpC,CACEpD,KAAKrD,OAAOM,MACR,uFAEJ+C,KAAKrD,OAAO8G,SAAS,8DAAD9F,OAC8CU,EAAG,wCAErE,MAAM6F,EACFd,EACEO,EACF3D,KAAK4D,yBACDvF,EACA6F,GAMR,YAJAlE,KAAK6D,YACDF,EACAJ,EAAAA,GAAeU,cAGtB,CACGjE,KAAKrD,OAAOM,MACR,gMAEJ+C,KAAKrD,OAAO8G,SAAS,8EAAD9F,OAC8DU,IAQrG,CACJ,CAED,GAAI2B,KAAKmE,aAAa9F,GAAM,CACxB,MAAMW,EAAQgB,KAAK5B,QAAQC,GAC3B,GAAIW,EAAO,CACP,MAAMoF,EAAapE,KAAKqD,qBAAqBrE,GAEzCoF,GACAC,EAAAA,GAAcC,gBAAgBF,KAE9BpE,KAAKrD,OAAOM,MACR,oFAEJ+C,KAAKrD,OAAO8G,SAAS,yDAAD9F,OACyCU,EAAG,0CAEhE2B,KAAKuE,mBAAmBlG,GAE/B,CACJ,I,CAQCgF,oBAAAA,CAAqBmB,GAC3B,IACI,MAAMC,EAAaC,KAAKC,MAAMH,GAO9B,OAAOC,GAAoC,iBAAfA,EACtBA,EACA,IACT,CAAC,MAAO3C,GACL,OAAO,IACV,C,CAOL1D,OAAAA,CAAQC,GACJ,OAAO2B,KAAKpD,eAAewB,QAAQC,E,CAQvCa,OAAAA,CAAQb,EAAaW,GACjBgB,KAAKpD,eAAesC,QAAQb,EAAKW,E,CAOrChC,UAAAA,CAAW4H,EAAoBjI,GAC3BqD,KAAKrD,OAAOM,MAAM,yCAClB,MAAM4H,EAAgB7E,KAAK8E,uBAAuBF,GAElD,OAAO5E,KAAK+E,4BACRH,EACAC,EACAlI,E,CAURmI,sBAAAA,CAAuBF,GACnB,MAAMI,EAAoBhF,KAAK5B,QAAQwG,GACvC,IAAKI,EAED,OADAhF,KAAKiF,wBAAwBL,GACtB,KAGX,MAAMM,EAAgBlF,KAAKqD,qBAAqB2B,GAChD,OAAKE,GAAkBb,EAAAA,GAAcC,gBAAgBY,GAK9C1E,EAAAA,GAAa2E,SAChB,IAAId,EAAAA,GACJa,IANAlF,KAAKiF,wBAAwBL,GACtB,K,CAafQ,UAAAA,CAAW9H,GACP0C,KAAKrD,OAAOM,MAAM,yCAClB,MAAMoB,EAAMf,EAAQ+H,qBACpBrF,KAAKd,QAAQb,EAAKqG,KAAKY,UAAUhI,IACjC0C,KAAKuE,mBAAmBlG,E,CAO5BkH,cAAAA,GACIvF,KAAKrD,OAAOM,MAAM,6CAClB,MAAM6F,EAAc9C,KAAK5B,QAAQ2E,EAAAA,GAAgBC,cACjD,OAAIF,EACO4B,KAAKC,MAAM7B,IAGtB9C,KAAKrD,OAAOI,QACR,8DAEG,G,CAOXwH,kBAAAA,CAAmBlG,GACf2B,KAAKrD,OAAOM,MAAM,iDAClB+C,KAAKrD,OAAO8G,SAAS,2DAAD9F,OAC2CU,IAE/D,MAAMyE,EAAc9C,KAAKuF,kBACS,IAA9BzC,EAAY0C,QAAQnH,IAEpByE,EAAY1C,KAAK/B,GACjB2B,KAAKd,QACD6D,EAAAA,GAAgBC,aAChB0B,KAAKY,UAAUxC,IAEnB9C,KAAKrD,OAAOI,QACR,6DAGJiD,KAAKrD,OAAOI,QACR,2E,CASZkI,uBAAAA,CAAwB5G,GACpB2B,KAAKrD,OAAOM,MAAM,sDAClB+C,KAAKrD,OAAO8G,SAAS,gEAAD9F,OACgDU,IAEpE,MAAMyE,EAAc9C,KAAKuF,iBACnBE,EAAe3C,EAAY0C,QAAQnH,GACrCoH,GAAgB,GAChB3C,EAAY4C,OAAOD,EAAc,GACjCzF,KAAKd,QACD6D,EAAAA,GAAgBC,aAChB0B,KAAKY,UAAUxC,IAEnB9C,KAAKrD,OAAOM,MACR,oEAGJ+C,KAAKrD,OAAOM,MACR,4E,CASZ,mBAAM0I,CAActH,GACX0C,MAAM4E,cAActH,GACzB2B,KAAKiF,wBAAwB5G,E,CAOjCuH,qBAAAA,CAAsBhB,GAClB5E,KAAKD,WAAW6E,GAChB5E,KAAKiF,wBAAwBL,E,CAOjCiB,aAAAA,CAAcxH,GACV0C,MAAM8E,cAAcxH,GACpB2B,KAAK8F,eAAezH,EAAKkF,EAAAA,GAAepB,S,CAO5C,uBAAM4D,CAAkB1H,GACf0C,MAAMgF,kBAAkB1H,GAC7B2B,KAAK8F,eAAezH,EAAKkF,EAAAA,GAAeO,a,CAO5CkC,kBAAAA,CAAmB3H,GACf0C,MAAMiF,mBAAmB3H,GACzB2B,KAAK8F,eAAezH,EAAKkF,EAAAA,GAAeU,c,CAO5CgC,YAAAA,GACIjG,KAAKrD,OAAOM,MAAM,2CAClB,MAAMiJ,EAAOlG,KAAK5B,QAAQ,GAADT,OAClBoF,EAAAA,GAAgBG,WAAU,KAAAvF,OAAIqC,KAAKU,WAE1C,GAAIwF,EAAM,CACN,MAAMjD,EAAYjD,KAAKqD,qBAAqB6C,GAC5C,GACIjD,GACAA,EAAUK,eAAe,YACzBL,EAAUK,eAAe,gBACzBL,EAAUK,eAAe,gBAEzB,OAAOL,EAEPjD,KAAKrD,OAAOmF,MACR,yGAGX,MACG9B,KAAKrD,OAAOI,QACR,0DAIR,MAAO,CACHoJ,QAAS,GACTC,YAAa,GACbC,aAAc,G,CAStBxC,WAAAA,CAAYxF,EAAaiI,GACrBtG,KAAKrD,OAAOM,MAAM,0CAClB,MAAMgG,EAAYjD,KAAKiG,eAEvB,OAAQK,GACJ,KAAK/C,EAAAA,GAAepB,UACwB,IAApCc,EAAUkD,QAAQX,QAAQnH,KAC1B2B,KAAKrD,OAAO4J,KACR,2DAEJtD,EAAUkD,QAAQ/F,KAAK/B,IAE3B,MACJ,KAAKkF,EAAAA,GAAeO,cAC4B,IAAxCb,EAAUmD,YAAYZ,QAAQnH,KAC9B2B,KAAKrD,OAAO4J,KACR,+DAEJtD,EAAUmD,YAAYhG,KAAK/B,IAE/B,MACJ,KAAKkF,EAAAA,GAAeU,eAC6B,IAAzChB,EAAUoD,aAAab,QAAQnH,KAC/B2B,KAAKrD,OAAO4J,KACR,gEAEJtD,EAAUoD,aAAajG,KAAK/B,IAEhC,MACJ,QAII,MAHA2B,KAAKrD,OAAOmF,MAAM,sFAADnE,OACyE2I,KAEpFE,EAAAA,EAAAA,IACFC,EAAAA,GAAAA,IAIZzG,KAAKd,QAAQ,GAADvB,OACLoF,EAAAA,GAAgBG,WAAU,KAAAvF,OAAIqC,KAAKU,UACtCgE,KAAKY,UAAUrC,G,CASvB6C,cAAAA,CAAezH,EAAaiI,GACxBtG,KAAKrD,OAAOM,MAAM,6CAClB,MAAMgG,EAAYjD,KAAKiG,eAEvB,OAAQK,GACJ,KAAK/C,EAAAA,GAAepB,SAChBnC,KAAKrD,OAAO+J,QAAQ,gFAAD/I,OACiEU,EAAG,cAEvF,MAAMsI,EAAY1D,EAAUkD,QAAQX,QAAQnH,GACxCsI,GAAa,GACb3G,KAAKrD,OAAO4J,KACR,kEAEJtD,EAAUkD,QAAQT,OAAOiB,EAAW,IAEpC3G,KAAKrD,OAAO4J,KACR,gIAGR,MACJ,KAAKhD,EAAAA,GAAeO,aAChB9D,KAAKrD,OAAO+J,QAAQ,oFAAD/I,OACqEU,EAAG,cAE3F,MAAMuI,EAAgB3D,EAAUmD,YAAYZ,QAAQnH,GAChDuI,GAAiB,GACjB5G,KAAKrD,OAAO4J,KACR,sEAEJtD,EAAUmD,YAAYV,OAAOkB,EAAe,IAE5C5G,KAAKrD,OAAO4J,KACR,oIAGR,MACJ,KAAKhD,EAAAA,GAAeU,cAChBjE,KAAKrD,OAAO+J,QAAQ,qFAAD/I,OACsEU,EAAG,cAE5F,MAAMwI,EAAiB5D,EAAUoD,aAAab,QAAQnH,GAClDwI,GAAkB,GAClB7G,KAAKrD,OAAO4J,KACR,uEAEJtD,EAAUoD,aAAaX,OAAOmB,EAAgB,IAE9C7G,KAAKrD,OAAO4J,KACR,qIAGR,MACJ,QAII,MAHAvG,KAAKrD,OAAOmF,MAAM,yFAADnE,OAC4E2I,KAEvFE,EAAAA,EAAAA,IACFC,EAAAA,GAAAA,IAIZzG,KAAKd,QAAQ,GAADvB,OACLoF,EAAAA,GAAgBG,WAAU,KAAAvF,OAAIqC,KAAKU,UACtCgE,KAAKY,UAAUrC,G,CAQvB6D,oBAAAA,CAAqB/E,GACjB,MAAM/C,EAAQgB,KAAK5B,QAAQ2D,GAC3B,IAAK/C,EAKD,OAJAgB,KAAKrD,OAAOM,MACR,kEAEJ+C,KAAK8F,eAAe/D,EAAYwB,EAAAA,GAAepB,UACxC,KAGX,MAAM4E,EAAgB/G,KAAKqD,qBAAqBrE,GAChD,OAAK+H,GAAkBvD,EAAAA,GAAAA,gBAA6BuD,IAQpD/G,KAAKrD,OAAOM,MACR,uDAEG8J,IAVH/G,KAAKrD,OAAOM,MACR,kEAEJ+C,KAAK8F,eAAe/D,EAAYwB,EAAAA,GAAepB,UACxC,K,CAaf6E,oBAAAA,CAAqBb,GACjBnG,KAAKrD,OAAOM,MAAM,mDAClB,MAAM8E,EAAayB,EAAAA,GAAAA,sBAAmC2C,GAEtDnG,KAAKd,QAAQ6C,EAAY2C,KAAKY,UAAUa,IAExCnG,KAAK6D,YAAY9B,EAAYwB,EAAAA,GAAepB,S,CAOhD8E,wBAAAA,CAAyBC,GACrB,MAAMlI,EAAQgB,KAAK5B,QAAQ8I,GAC3B,IAAKlI,EAKD,OAJAgB,KAAKrD,OAAOM,MACR,sEAEJ+C,KAAK8F,eAAeoB,EAAgB3D,EAAAA,GAAeO,cAC5C,KAEX,MAAMqD,EAAoBnH,KAAKqD,qBAAqBrE,GACpD,OACKmI,GACA3D,EAAAA,GAAAA,oBAAiC2D,IAStCnH,KAAKrD,OAAOM,MACR,2DAEGkK,IAVHnH,KAAKrD,OAAOM,MACR,sEAEJ+C,KAAK8F,eAAeoB,EAAgB3D,EAAAA,GAAeO,cAC5C,K,CAafsD,wBAAAA,CAAyBhB,GACrBpG,KAAKrD,OAAOM,MACR,uDAEJ,MAAMiK,EAAiB1D,EAAAA,GAAAA,sBAAmC4C,GAC1DpG,KAAKd,QAAQgI,EAAgBxC,KAAKY,UAAUc,IAE5CpG,KAAK6D,YAAYqD,EAAgB3D,EAAAA,GAAeO,a,CAOpDuD,yBAAAA,CACIC,GAEA,MAAMtI,EAAQgB,KAAK5B,QAAQkJ,GAC3B,IAAKtI,EAKD,OAJAgB,KAAKrD,OAAOM,MACR,uEAEJ+C,KAAK8F,eAAewB,EAAiB/D,EAAAA,GAAeU,eAC7C,KAEX,MAAMsD,EAAqBvH,KAAKqD,qBAAqBrE,GACrD,OACKuI,GACA/D,EAAAA,GAAAA,qBAAkC+D,IASvCvH,KAAKrD,OAAOM,MACR,4DAEGsK,IAVHvH,KAAKrD,OAAOM,MACR,uEAEJ+C,KAAK8F,eAAewB,EAAiB/D,EAAAA,GAAeU,eAC7C,K,CAafuD,yBAAAA,CAA0BnB,GACtBrG,KAAKrD,OAAOM,MACR,wDAEJ,MAAMqK,EACF9D,EAAAA,GAAAA,sBAAmC6C,GACvCrG,KAAKd,QAAQoI,EAAiB5C,KAAKY,UAAUe,IAE7CrG,KAAK6D,YAAYyD,EAAiB/D,EAAAA,GAAeU,c,CAOrDwD,cAAAA,CAAeC,GACX,MAAM1I,EAAQgB,KAAK5B,QAAQsJ,GAC3B,IAAK1I,EAID,OAHAgB,KAAKrD,OAAOM,MACR,4DAEG,KAGX,MAAM0K,EAAiB3H,KAAKqD,qBAAqBrE,GACjD,OACK2I,GACAnE,EAAAA,GAAAA,oBAAiCkE,EAAgBC,IAQtD3H,KAAKrD,OAAOM,MAAM,iDACX0K,IAPH3H,KAAKrD,OAAOM,MACR,4DAEG,K,CAWf2K,cAAAA,CAAeC,GACX7H,KAAKrD,OAAOM,MAAM,6CAClB,MAAMyK,EAAiBlE,EAAAA,GAAAA,uBAAoCqE,GAC3D7H,KAAKd,QAAQwI,EAAgBhD,KAAKY,UAAUuC,G,CAOhDC,kBAAAA,CACIC,GAEA,MAAM/I,EAAQgB,KAAK5B,QAAQ2J,GAC3B,IAAK/I,EAID,OAHAgB,KAAKrD,OAAOM,MACR,gEAEG,KAEX,MAAM+K,EAAehI,KAAKqD,qBAAqBrE,GAC/C,OACKgJ,GACAxE,EAAAA,GAAAA,wBACGuE,EACAC,IASRhI,KAAKrD,OAAOM,MAAM,qDACX+K,IAPHhI,KAAKrD,OAAOM,MACR,gEAEG,K,CAYfgL,kBAAAA,CACIF,EACAG,GAEAlI,KAAKrD,OAAOM,MAAM,iDAClB+C,KAAKd,QAAQ6I,EAAoBrD,KAAKY,UAAU4C,G,CAMpDC,oBAAAA,CAAqB9J,GACjB,MAAMW,EAAQgB,KAAKgB,gBAAgB5C,QAAQC,GAC3C,IAAKW,EAID,OAHAgB,KAAKrD,OAAOM,MACR,kEAEG,KAEX,MAAM0K,EAAiB3H,KAAKqD,qBAAqBrE,GACjD,OACI2I,GACAnE,EAAAA,GAAAA,0BAAuCnF,EAAKsJ,IAE5C3H,KAAKrD,OAAOM,MACR,uDAEG0K,GAEJ,I,CAMXS,wBAAAA,GAEI,OADgBpI,KAAKgB,gBAAgBf,UACtBoI,QAAQhK,GACZ2B,KAAKsI,oBAAoBjK,I,CASxCkK,kBAAAA,CAAmBC,EAAoBC,GACnCzI,KAAKgB,gBAAgB9B,QAAQwJ,EAAAA,GAAkBC,YAAaH,GAC5DxI,KAAKgB,gBAAgB9B,QACjBwJ,EAAAA,GAAkBE,YAClBH,E,CAORI,kBAAAA,GAOI,MAAO,CALH7I,KAAKgB,gBAAgB5C,QAAQsK,EAAAA,GAAkBC,cAC/C3G,EAAAA,GAAU8G,aAEV9I,KAAKgB,gBAAgB5C,QAAQsK,EAAAA,GAAkBE,cAC/C5G,EAAAA,GAAU8G,a,CAQlBC,oBAAAA,CAAqB1K,EAAa2K,GAC9BhJ,KAAKrD,OAAOM,MAAM,mDAClB+C,KAAKgB,gBAAgB9B,QAAQb,EAAKqG,KAAKY,UAAU0D,G,CAMrD/K,gBAAAA,GACI,MAAMgL,EAA0BjJ,KAAKkJ,iBACjChH,EAAAA,GAAoBiH,wBAElBC,EAA4BpJ,KAAK5B,QAAQ6K,GAC/C,IAAKG,EAA2B,CAE5BpJ,KAAKrD,OAAOM,MACR,iHAEJ,MAAMoM,EAAwBrJ,KAAKkJ,iBAC/BhH,EAAAA,GAAoBoH,gBAElBC,EAA0BvJ,KAAK5B,QAAQiL,GAC7C,IAAKE,EAID,OAHAvJ,KAAKrD,OAAOM,MACR,iEAEG,KAEX,MAAMuM,EAAgBxJ,KAAKzC,yBAAyB,CAChDQ,eAAgBwL,IAEpB,OAAIC,GACAxJ,KAAKrD,OAAOM,MACR,kFAEJ+C,KAAKrD,OAAOM,MACR,oFAEJ+C,KAAKhC,iBAAiBwL,GACfA,GAEJ,IACV,CACD,MAAMC,EAAwBzJ,KAAKqD,qBAC/B+F,GAEJ,OAAIK,GACAzJ,KAAKrD,OAAOM,MACR,6EAEG+C,KAAKzC,yBAAyB,CACjCM,cAAe4L,EAAsB5L,cACrCE,eAAgB0L,EAAsB1L,eACtC2L,SAAUD,EAAsBC,aAGxC1J,KAAKrD,OAAOM,MACR,iEAEG,K,CAOXe,gBAAAA,CAAiBV,GACb,MAAMqM,EAAmB3J,KAAKkJ,iBAC1BhH,EAAAA,GAAoBiH,wBAElBE,EAAwBrJ,KAAKkJ,iBAC/BhH,EAAAA,GAAoBoH,gBAExB,GAAIhM,EAAS,CACT0C,KAAKrD,OAAOI,QAAQ,wCACpB,MAAM6M,EAA2C,CAC7C/L,cAAeP,EAAQO,cACvBE,eAAgBT,EAAQS,eACxB2L,SAAUpM,EAAQoM,UAEtB1J,KAAKpD,eAAesC,QAChByK,EACAjF,KAAKY,UAAUsE,IAEnB5J,KAAKpD,eAAesC,QAChBmK,EACA/L,EAAQS,eAEf,MACGiC,KAAKrD,OAAOI,QACR,+DAEJiD,KAAKpD,eAAemD,WAAW4J,GAC/B3J,KAAKpD,eAAemD,WAAWsJ,E,CAQvCQ,kBAAAA,CAAmBC,GACf,MAAM9K,EAAQgB,KAAK5B,QAAQ0L,GAC3B,IAAK9K,EAID,OAHAgB,KAAKrD,OAAOM,MACR,gEAEG,KAGX,MAAM8M,EAAwB/J,KAAKqD,qBAAqBrE,GACxD,OACK+K,GACAvG,EAAAA,GAAAA,mBACGsG,EACAC,IASR/J,KAAKrD,OAAOM,MAAM,qDACX8M,IAPH/J,KAAKrD,OAAOM,MACR,gEAEG,K,CAYf+M,kBAAAA,CACIF,EACAG,GAEAjK,KAAKrD,OAAOM,MAAM,iDAClB+C,KAAKd,QAAQ4K,EAAoBpF,KAAKY,UAAU2E,G,CAQpDC,iBAAAA,CAAkBvH,EAAkBwH,GAChC,MAAM9L,EAAM8L,EAAcnK,KAAKkJ,iBAAiBvG,GAAYA,EAC5D,GAAI3C,KAAKW,YAAYyJ,uBAAwB,CACzC,MAAMC,EAAarK,KAAKsB,cAAclD,QAAQC,GAC9C,GAAIgM,EAIA,OAHArK,KAAKrD,OAAOM,MACR,uGAEGoN,CAEd,CAED,MAAMrL,EAAQgB,KAAKoB,sBAAsBhD,QAAQC,GACjD,IAAKW,EAAO,CAER,GACIgB,KAAKW,YAAYQ,gBACjBO,EAAAA,GAAqBC,aACvB,CACE,MAAMuE,EAAOlG,KAAKpD,eAAewB,QAAQC,GACzC,GAAI6H,EAIA,OAHAlG,KAAKrD,OAAOM,MACR,sFAEGiJ,CAEd,CAID,OAHAlG,KAAKrD,OAAOM,MACR,+EAEG,IACV,CAID,OAHA+C,KAAKrD,OAAOM,MACR,wEAEG+B,C,CAUX6D,iBAAAA,CACIF,EACA3D,EACAmL,GAEA,MAAM9L,EAAM8L,EAAcnK,KAAKkJ,iBAAiBvG,GAAYA,EAE5D3C,KAAKoB,sBAAsBlC,QAAQb,EAAKW,GACpCgB,KAAKW,YAAYyJ,yBACjBpK,KAAKrD,OAAOM,MACR,kGAEJ+C,KAAKsB,cAAcpC,QACfb,EACAW,OACAM,EACAU,KAAKW,YAAY2J,e,CAS7BvK,UAAAA,CAAW1B,GACP2B,KAAKpD,eAAemD,WAAW1B,E,CAQnCkM,mBAAAA,CAAoBlM,GAChB2B,KAAKoB,sBAAsBrB,WAAW1B,GAClC2B,KAAKW,YAAYyJ,yBACjBpK,KAAKrD,OAAOM,MACR,wFAEJ+C,KAAKsB,cAAcvB,WAAW1B,G,CAOtC4B,OAAAA,GACI,OAAOD,KAAKpD,eAAeqD,S,CAM/B,WAAMuK,SAEIxK,KAAKyK,oBACXzK,KAAK0K,oBAGL1K,KAAKoB,sBAAsBnB,UAAUC,SAASyC,KAEQ,IAA9CA,EAAS6C,QAAQxD,EAAAA,GAAUC,gBACU,IAArCU,EAAS6C,QAAQxF,KAAKU,WAEtBV,KAAKuK,oBAAoB5H,EAC5B,IAIL3C,KAAKpD,eAAeqD,UAAUC,SAASyC,KAEe,IAA9CA,EAAS6C,QAAQxD,EAAAA,GAAUC,gBACU,IAArCU,EAAS6C,QAAQxF,KAAKU,WAEtBV,KAAKpD,eAAemD,WAAW4C,EAClC,IAGL3C,KAAKgB,gBAAgBwJ,O,CASzB,kCAAMG,CACF7J,EACA8J,GAEA9J,EAAkB+J,oBACdC,EAAAA,GAAkBC,6BAClBH,GAGJ,MAAM3H,EAAYjD,KAAKiG,eAEjB+E,EAA4C,GAClD/H,EAAUmD,YAAYlG,SAAS7B,IAE3B,MAAM4M,EAAajL,KAAKiH,yBAAyB5I,GAE7C4M,SAAAA,EAAYC,qBACZ7M,EAAIiC,SAAS2K,EAAWC,oBAAoBC,gBAE5CH,EAAoB5K,KAAKJ,KAAK+F,kBAAkB1H,GACnD,UAEC+M,QAAQC,IAAIL,GAGdA,EAAoB5N,OAAS,GAC7B4C,KAAKrD,OAAOU,QAAQ,GAADM,OACZqN,EAAoB5N,OAAM,kF,CAUzC8L,gBAAAA,CAAiB7K,GAEb,OADqB2B,KAAKqD,qBAAqBhF,GAWxCqG,KAAKY,UAAUjH,GARdiN,EAAAA,GAAYC,WAAWlN,EAAK2D,EAAAA,GAAUC,eACtCqJ,EAAAA,GAAYC,WAAWlN,EAAK6D,EAAAA,GAAoBsJ,eAEzCnN,EAEJ,GAAPV,OAAUqE,EAAAA,GAAUC,aAAY,KAAAtE,OAAIqC,KAAKU,SAAQ,KAAA/C,OAAIU,E,CAU7DoN,oBAAAA,CAAqBC,GACjB,MACIC,cAAgBC,GAAIC,IACpBC,EAAAA,GAAcC,kBAAkB/L,KAAKY,WAAY8K,GAErD,OAAO1L,KAAKkJ,iBAAiB,GAADvL,OACrBqO,EAAAA,GAAmBC,UAAS,KAAAtO,OAAIkO,G,CAQ3CK,gBAAAA,CAAiBR,GACb,MACIC,cAAgBC,GAAIC,IACpBC,EAAAA,GAAcC,kBAAkB/L,KAAKY,WAAY8K,GAErD,OAAO1L,KAAKkJ,iBAAiB,GAADvL,OACrBqO,EAAAA,GAAmBG,cAAa,KAAAxO,OAAIkO,G,CAQ/CO,gBAAAA,CAAiBV,GAEb,MACIC,cAAgBC,GAAIC,IACpBC,EAAAA,GAAcC,kBAAkB/L,KAAKY,WAAY8K,GACrD,OAAO1L,KAAKkJ,iBAAiB,GAADvL,OACrBqO,EAAAA,GAAmBK,cAAa,KAAA1O,OAAIkO,G,CAO/CS,kBAAAA,CAAmBC,GACf,MAAMC,EAAgBxM,KAAKoM,iBAAiBG,GACtCE,EAAQzM,KAAKkK,kBAAkBsC,GACrC,IAAKC,EACD,OAAO,KAGX,MAAMC,EAAoB1M,KAAKyL,qBAAqBgB,GACpD,OAAOzM,KAAKkK,kBAAkBwC,E,CAQlCC,kBAAAA,CACIF,EACAG,EACAC,EACAC,EACAxP,GAEA0C,KAAKrD,OAAOM,MAAM,iDAElB,MAAMuP,EAAgBxM,KAAKoM,iBAAiBK,GAC5CzM,KAAK6C,kBAAkB2J,EAAeC,GAAO,GAG7C,MAAMM,EAAgB/M,KAAKkM,iBAAiBO,GAC5CzM,KAAK6C,kBAAkBkK,EAAeH,GAAO,GAG7C,MAAMF,EAAoB1M,KAAKyL,qBAAqBgB,GAGpD,GAFAzM,KAAK6C,kBAAkB6J,EAAmBG,GAAmB,GAEzDvP,EAAS,CACT,MAAM0P,EAA+B,CACjC/B,WAAY3N,EAAQO,cACpByI,KAAM2G,EAAAA,GAAkBC,iBAE5BlN,KAAK6C,kBACDmJ,EAAAA,GAAmBmB,eACnBzI,KAAKY,UAAU0H,IACf,EAEP,MAAM,GAAIF,EAAW,CAClB,MAAME,EAA+B,CACjC/B,WAAY6B,EACZxG,KAAM2G,EAAAA,GAAkBG,KAE5BpN,KAAK6C,kBACDmJ,EAAAA,GAAmBmB,eACnBzI,KAAKY,UAAU0H,IACf,EAEP,C,CAOLK,iBAAAA,CAAkBZ,GACdzM,KAAKrD,OAAOM,MAAM,gDAEdwP,IACAzM,KAAKoB,sBAAsBnB,UAAUC,SAAS7B,KACd,IAAxBA,EAAImH,QAAQiH,IACZzM,KAAKuK,oBAAoBlM,EAC5B,IAIL2B,KAAKuK,oBAAoBvK,KAAKoM,iBAAiBK,IAC/CzM,KAAKuK,oBAAoBvK,KAAKkM,iBAAiBO,IAC/CzM,KAAKuK,oBAAoBvK,KAAKyL,qBAAqBgB,KAEvDzM,KAAKuK,oBACDvK,KAAKkJ,iBAAiB8C,EAAAA,GAAmBsB,iBAE7CtN,KAAKuK,oBACDvK,KAAKkJ,iBAAiB8C,EAAAA,GAAmBuB,aAE7CvN,KAAKuK,oBACDvK,KAAKkJ,iBAAiB8C,EAAAA,GAAmBwB,WAE7CxN,KAAKuK,oBACDvK,KAAKkJ,iBAAiB8C,EAAAA,GAAmByB,iBAE7CzN,KAAKuK,oBACDvK,KAAKkJ,iBAAiB8C,EAAAA,GAAmBmB,iBAE7CnN,KAAKuK,oBACDvK,KAAKkJ,iBAAiB8C,EAAAA,GAAmB0B,iBAE7C1N,KAAK2N,0BAAyB,E,CAOlCC,mBAAAA,CAAoBlC,GAGhB,GAFA1L,KAAKrD,OAAOM,MAAM,kDAEdyO,EAAa,CACb,MAAMmC,EAAW7N,KAAKoM,iBAAiBV,GACjCa,EAAcvM,KAAKoB,sBAAsBhD,QAAQyP,GACvD7N,KAAKrD,OAAO+J,QAAQ,sFAAD/I,OACuE4O,IAE1FvM,KAAKqN,kBAAkBd,GAAevK,EAAAA,GAAU8G,aACnD,C,CAQLgF,6BAAAA,CAA8BC,GAC1B/N,KAAKrD,OAAOM,MACR,4DAGJ+C,KAAKoB,sBAAsBnB,UAAUC,SAAS7B,IAE1C,IAAuD,IAAnDA,EAAImH,QAAQwG,EAAAA,GAAmBK,eAC/B,OAIJ,MAAM2B,EAAahO,KAAKoB,sBAAsBhD,QAAQC,GACtD,IAAK2P,EACD,OAGJ,MAAMC,GAAcC,EAAAA,EAAAA,GAChBlO,KAAKY,WACLoN,GAGAC,GACAA,EAAYF,kBAAoBA,IAEhC/N,KAAKrD,OAAO+J,QAAQ,gGAAD/I,OACiFqQ,IAEpGhO,KAAKqN,kBAAkBW,GAC1B,IAELhO,KAAK2N,0BAAyB,E,CAGlCQ,gBAAAA,CAAiBC,GACbpO,KAAKrD,OAAOM,MAAM,+CAElB,MAAMoR,GAAeC,EAAAA,EAAAA,IAAa5J,KAAKY,UAAU8I,IACjDpO,KAAK6C,kBACDmJ,EAAAA,GAAmBsB,eACnBe,GACA,E,CAORE,gBAAAA,CAAiB9B,GACbzM,KAAKrD,OAAOM,MAAM,+CAElB,MAAMuR,EAAsBxO,KAAKkK,kBAC7B8B,EAAAA,GAAmBsB,gBACnB,GAEJ,IAAKkB,EACD,MAAMC,EAAAA,EAAAA,IACFC,EAAAA,IAIR,IAAIC,EACJ,IACIA,EAAgBjK,KAAKC,OAAMiK,EAAAA,EAAAA,GAAaJ,GAC3C,CAAC,MAAO3M,GAKL,MAJA7B,KAAKrD,OAAOkS,SAAS,uBAADlR,OAAwB6Q,IAC5CxO,KAAKrD,OAAOmF,MAAM,kDAADnE,OACqCkE,KAEhD4M,EAAAA,EAAAA,IACFK,EAAAA,GAEP,CAMD,GALA9O,KAAKuK,oBACDvK,KAAKkJ,iBAAiB8C,EAAAA,GAAmBsB,kBAIxCqB,EAAcI,UAAW,CAC1B,MAAMrC,EAA4B1M,KAAKyL,qBAAqBgB,GACtDuC,EAAkBhP,KAAKkK,kBAAkBwC,GAC/C,IAAKsC,EACD,MAAMP,EAAAA,EAAAA,IACFQ,EAAAA,IAGRN,EAAcI,UAAYC,CAC7B,CAED,OAAOL,C,CAMXO,sBAAAA,GACIlP,KAAKrD,OAAOM,MAAM,qDAClB,MAAMkS,EAAgBnP,KAAKkK,kBACvB8B,EAAAA,GAAmB0B,gBACnB,GAEJ,IAAKyB,EAID,OAHAnP,KAAKrD,OAAOM,MACR,8EAEG,KAGX,MAAM0R,EAAgB3O,KAAKqD,qBACvB8L,GAEJ,OAAKR,IACD3O,KAAKrD,OAAOmF,MACR,8EAEG,K,CAMfsN,uBAAAA,CAAwBC,GACpB,MAAM3O,EAAWV,KAAKsP,2BAEtB,OAAID,EACO3O,IAAaV,KAAKU,WAEhBA,C,CAIjB4O,wBAAAA,GACI,MAAMjR,EAAM,GAAHV,OAAMqE,EAAAA,GAAUC,aAAY,KAAAtE,OAAIqO,EAAAA,GAAmBuD,wBAC5D,OAAOvP,KAAKkK,kBAAkB7L,GAAK,E,CAGvCsP,wBAAAA,CAAyB6B,GAErB,MAAMnR,EAAM,GAAHV,OAAMqE,EAAAA,GAAUC,aAAY,KAAAtE,OAAIqO,EAAAA,GAAmBuD,wBAC5D,GAAIC,EAAY,CACZ,GAAIxP,KAAKsP,2BACL,MAAMb,EAAAA,EAAAA,IACFgB,EAAAA,GAIJzP,KAAK6C,kBAAkBxE,EAAK2B,KAAKU,UAAU,EAElD,MACI8O,GACDxP,KAAKsP,6BAA+BtP,KAAKU,UAEzCV,KAAKuK,oBAAoBlM,E,CAQjCqR,kBAAAA,GAEI,MAAMC,EAAoB3P,KAAKkK,kBAC3BhI,EAAAA,GAAoBsJ,eAEpBmE,IACA3P,KAAKpD,eAAemD,WAAWmC,EAAAA,GAAoBsJ,eACnDxL,KAAKrD,OAAOI,QAAQ,oCAIxB,MAAM6S,EAAoB5P,KAAKkK,kBAC3BhI,EAAAA,GAAoBC,UACpB,GAEAyN,IACA5P,KAAKpD,eAAemD,WAChBC,KAAKkJ,iBAAiBhH,EAAAA,GAAoBC,WAE9CnC,KAAKrD,OAAOI,QAAQ,yCAGxB,MAAM8S,EAAsBD,GAAqBD,EACjD,GAAIE,EAAqB,CACrB,MAAMC,EAAgBC,EAAAA,GAAAA,mBAClBF,EACAjB,EAAAA,GAEJ,GAAIkB,EAAcE,mBAId,OAHAhQ,KAAKrD,OAAOI,QACR,6GAEG+S,EAAcE,mBAClB,GAAIF,EAAcG,IAIrB,OAHAjQ,KAAKrD,OAAOI,QACR,8FAEG+S,EAAcG,IAErBjQ,KAAKrD,OAAOI,QACR,yJAGX,CAED,OAAO,I,CAMX6G,wBAAAA,CACIsM,EACAjF,GAEA,MAAMkF,EAAkB3M,EAAAA,GAAAA,sBAAmCyH,GAE3D,GAAIiF,IAAoBC,EAAiB,CACrC,MAAMC,EAAYpQ,KAAK5B,QAAQ8R,GAC/B,GAAIE,EAMA,OALApQ,KAAKpD,eAAemD,WAAWmQ,GAC/BlQ,KAAKd,QAAQiR,EAAiBC,GAC9BpQ,KAAKrD,OAAOI,QAAQ,uBAADY,OACQsN,EAAWoF,eAAc,eAE7CF,EAEPnQ,KAAKrD,OAAOmF,MAAM,mCAADnE,OACsBsN,EAAWoF,eAAc,yEAGvE,CAED,OAAOH,C,CAQX,kBAAMI,CACFC,EACAC,GAIkB,IAAAC,EAAAC,EAAAC,EAElB,MAAMjN,EAAgBF,EAAAA,GAAAA,oBACJ,QADoCiN,EAClDF,EAAOjT,eAAO,IAAAmT,OAAA,EAAdA,EAAgB5S,cACF,QADe6S,EAC7BH,EAAOjT,eAAO,IAAAoT,OAAA,EAAdA,EAAgBE,YAChBL,EAAOpK,QACPnG,KAAKU,SACL6P,EAAO7G,UAGX,IAAImH,EACAL,EAAQM,SACRD,QAAmB7Q,KAAKY,WAAWmQ,WAAWP,EAAQM,SAW1D,MAkBME,EAAc,CAChB7K,QAASzC,EACT0C,YApBsB5C,EAAAA,GAAAA,wBACR,QAD4CmN,EAC1DJ,EAAOjT,eAAO,IAAAqT,OAAA,EAAdA,EAAgB9S,cAChB0S,EAAOjT,QAAQsT,YACfL,EAAOnK,YACPpG,KAAKU,SACL6P,EAAO7G,SACP6G,EAAOU,OAAOhS,KAAK,KACnBsR,EAAOW,UAAYX,EAAOW,UAAUtR,UAAY,IAAO,EACvD2Q,EAAOY,aAAeZ,EAAOY,aAAavR,UAAY,IAAO,EAC7DgP,EAAAA,OACAtP,EACAiR,EAAOa,eACP9R,EACAkR,EAAQa,OACRb,EAAQM,OACRD,IAOJ,OAAO7Q,KAAKsR,gBAAgBN,E,CAShC,qBAAMM,CACFN,EACAO,EACA3G,GAEA,UACU7J,MAAMuQ,gBACRN,EACAO,EACA3G,EAEP,CAAC,MAAO/I,GACL,GACIA,aAAa2P,EAAAA,IACbxR,KAAKc,mBACL8J,EAEA,IACI,MAAM3H,EAAYjD,KAAKiG,eAEvBjG,KAAKc,kBAAkB2Q,UACnB,CACIC,aAAczO,EAAUoD,aAAajJ,OACrCuU,aAAc1O,EAAUkD,QAAQ/I,OAChCwU,aAAc3O,EAAUmD,YAAYhJ,QAExCwN,EAEP,CAAC,MAAO/I,GAAI,CAGjB,MAAMA,CACT,C,QAIIgQ,EAAgCA,CACzCnR,EACA/D,KAEA,MAAMmV,EAAuC,CACzC3Q,cAAeO,EAAAA,GAAqBT,cACpCI,uBAAwBK,EAAAA,GAAqBT,cAC7CmJ,wBAAwB,EACxBE,eAAe,EACf/I,uBAAuB,EACvBwQ,2BAA2B,GAE/B,OAAO,IAAIxR,EACPG,EACAoR,EACAE,EAAAA,GACArV,EACH,C,0IClxDQgF,EACTlB,WAAAA,GACI,IAAKwR,OAAOC,aACR,MAAMC,EAAAA,EAAAA,IACFC,EAAAA,G,CAKZhU,OAAAA,CAAQC,GACJ,OAAO4T,OAAOC,aAAa9T,QAAQC,E,CAGvCa,OAAAA,CAAQb,EAAaW,GACjBiT,OAAOC,aAAahT,QAAQb,EAAKW,E,CAGrCe,UAAAA,CAAW1B,GACP4T,OAAOC,aAAanS,WAAW1B,E,CAGnC4B,OAAAA,GACI,OAAO/C,OAAOC,KAAK8U,OAAOC,a,CAG9B7R,WAAAA,CAAYhC,GACR,OAAO4T,OAAOC,aAAa5O,eAAejF,E,4CC9BrC4C,EAGTR,WAAAA,GACIT,KAAKqS,MAAQ,IAAIC,G,CAGrBlU,OAAAA,CAAQC,GACJ,OAAO2B,KAAKqS,MAAME,IAAIlU,IAAQ,I,CAGlCa,OAAAA,CAAQb,EAAaW,GACjBgB,KAAKqS,MAAMG,IAAInU,EAAKW,E,CAGxBe,UAAAA,CAAW1B,GACP2B,KAAKqS,MAAMI,OAAOpU,E,CAGtB4B,OAAAA,GACI,MAAMyS,EAAsB,GAI5B,OAHA1S,KAAKqS,MAAMnS,SAAQ,CAAClB,EAAUX,KAC1BqU,EAAUtS,KAAK/B,EAAI,IAEhBqU,C,CAGXrS,WAAAA,CAAYhC,GACR,OAAO2B,KAAKqS,MAAMM,IAAItU,E,CAG1BmM,KAAAA,GACIxK,KAAKqS,MAAM7H,O,wEC5BN5I,EACTnB,WAAAA,GACI,IAAKwR,OAAOW,eACR,MAAMT,EAAAA,EAAAA,IACFC,EAAAA,G,CAKZhU,OAAAA,CAAQC,GACJ,OAAO4T,OAAOW,eAAexU,QAAQC,E,CAGzCa,OAAAA,CAAQb,EAAaW,GACjBiT,OAAOW,eAAe1T,QAAQb,EAAKW,E,CAGvCe,UAAAA,CAAW1B,GACP4T,OAAOW,eAAe7S,WAAW1B,E,CAGrC4B,OAAAA,GACI,OAAO/C,OAAOC,KAAK8U,OAAOW,e,CAG9BvS,WAAAA,CAAYhC,GACR,OAAO4T,OAAOW,eAAetP,eAAejF,E,2HCF7C,MAAMwU,EAA2B,IAC3BC,EAA4B,IAC5BC,EAA8B,IAC9BC,EAA6C,IA8NpD,SAAUC,EAAkBC,EAO9BC,GAA6B,IALzBC,KAAMC,EACNhB,MAAOiB,EACPC,OAAQC,EACRC,UAAWC,GACCR,EAIhB,MAAMS,EAA4C,CAC9CjT,SAAUsB,EAAAA,GAAU8G,aACpBiG,UAAW,GAAFpR,OAAKqE,EAAAA,GAAU4R,mBACxBC,iBAAkB,GAClBC,uBAAwB9R,EAAAA,GAAU8G,aAClCiL,kBAAmB/R,EAAAA,GAAU8G,aAC7BkL,YACsB,oBAAX/B,QAAyBgC,EAAAA,EAAAA,MAA+B,GACnEC,sBAAuBlS,EAAAA,GAAU8G,aACjCqL,2BAA2B,EAC3BC,mBAAoB,GACpBC,aAAcC,EAAAA,GAAaC,IAC3BC,YAAa,CACTC,mBAAoBC,EAAAA,GAAmBC,SACvCC,cAAe,CACX5S,EAAAA,GAAU6S,aACV7S,EAAAA,GAAU8S,cACV9S,EAAAA,GAAU+S,uBAGlBC,kBAAmB,CACfC,mBAAoBC,EAAAA,GAAmBC,KACvCC,OAAQpT,EAAAA,GAAU8G,cAEtBuM,4BAA4B,EAC5BC,uBAAuB,EACvBC,eAAe,GAIbC,EAAgD,CAClDrU,cAAeO,EAAAA,GAAqBE,eACpCP,uBAAwBK,EAAAA,GAAqBE,eAC7CwI,wBAAwB,EACxBE,eAAe,EAEf/I,yBACI+R,GACAA,EAAenS,gBAAkBO,EAAAA,GAAqBC,cAG1DoQ,2BAA2B,GAIzB0D,EAAwC,CAE1CC,eAAgBA,OAGhBC,SAAUC,EAAAA,GAASC,KACnBC,mBAAmB,GAIjBC,GAA8BC,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAA,GAC7BC,EAAAA,IAAsB,IACzBC,cAAeT,EACfU,cAAehD,EACT,IAAIiD,EAAAA,EACJC,EAAAA,EACNC,iBAAkB,IAAIC,EAAAA,EACtBC,iBAAkB,EAElBC,mBACIjD,aAAe,EAAfA,EAAiBgD,mBAAoB3D,EACzC6D,mBACIlD,aAAe,EAAfA,EAAiBgD,mBAAoB1D,EACzC6D,kBAAmB,EACnBC,0BAA2B7D,EAC3B8D,aAAa,EACbC,uBAAuB,EACvBC,mBAAmB,EACnBC,8BACIxD,aAAe,EAAfA,EAAiBwD,+BACjBhE,EACJiE,yBAA0BC,EAAAA,GAAiBC,2BAGzCC,GAAqBpB,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAA,GACpBD,GACAvC,GAAe,IAClB0C,eAAe1C,aAAe,EAAfA,EAAiB0C,gBAAiBT,IAG/C4B,EAA+D,CACjEC,YAAa,CACTC,QAASvV,EAAAA,GAAU8G,aACnB0O,WAAYxV,EAAAA,GAAU8G,cAE1B2O,OAAQ,IAAIC,EAAAA,IAIhB,IACIrE,aAAa,EAAbA,EAAegB,gBAAiBC,EAAAA,GAAaqD,MAA7C,MACAtE,GAAAA,EAAemB,YACjB,CACiB,IAAIoD,EAAAA,GAAOR,EAAsBlB,eACzC7Y,QACHqH,KAAKY,WACDuS,EAAAA,EAAAA,IACIC,EAAAA,GAAAA,KAIf,CAGD,GACIzE,SAAAA,EAAegB,cACfhB,EAAcgB,eAAiBC,EAAAA,GAAaC,KAD5ClB,MAEA+D,GAAAA,EAAuBL,kBAEvB,MAAMc,EAAAA,EAAAA,IACFC,EAAAA,GAAAA,IAkBR,MAd8C,CAC1C1E,MAAI4C,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAA,GACGrC,GACAN,GAAa,IAChBmB,aAAWwB,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAA,GACJrC,EAAqBa,aACrBnB,aAAa,EAAbA,EAAemB,eAG1BnC,OAAK2D,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAA,GAAOR,GAA0BlC,GACtCC,OAAQ6D,EACR3D,WAASuC,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAA,GAAOqB,GAA8B3D,GAItD,C,mFCvYOqE,eAAeC,EAClBC,EACAzH,GAEA,MAAM0H,EAAW,IAAIC,EAAAA,EAAyBF,GAG9C,aADMC,EAASE,aACRC,EAAAA,EAAmBC,iBAAiBJ,EAAU1H,EACzD,C,2ECJwC+H,EAAAA,G,gSC0B3BC,EAYT/X,WAAAA,CACIgY,EACAC,EACA/b,EACAgc,GAEA3Y,KAAKmT,qBAAyC,oBAAXlB,OACnCjS,KAAKiY,OAASQ,EACdzY,KAAK0Y,QAAUA,EACf1Y,KAAKrD,OAASA,EACdqD,KAAK2Y,UAAYA,C,CAYrBC,kBAAAA,CACIpI,EACAqI,EACAC,GAEA,IAAK9Y,KAAKmT,qBACN,MAAM1E,EAAAA,EAAAA,IACFsK,EAAAA,IAIR,MAAMjJ,EAAgB+I,EAASG,SACzBjJ,EAAAA,GAAAA,mBAA6B8I,EAASG,SAAUpK,EAAAA,QAChDtP,EAEA2Z,EAAqC,CACvC5E,aAAcrU,KAAKiY,OAAO7E,KAAKiB,aAC/BR,iBAAkB7T,KAAKiY,OAAO7E,KAAKS,iBACnCC,uBAAwB9T,KAAKiY,OAAO7E,KAAKU,uBACzCC,kBAAmB/T,KAAKiY,OAAO7E,KAAKW,kBACpCsB,2BACIrV,KAAKiY,OAAO7E,KAAKiC,4BAEnBtG,EAAYyB,EAAQzB,UACpB,IAAImK,EAAAA,GACAA,EAAAA,GAAUC,kBACN3I,EAAQzB,UACRyB,EAAQwE,mBAEZhV,KAAKiY,OAAO1E,OAAO4C,cACnBnW,KAAK0Y,QACLO,EACAjZ,KAAKrD,OACL6T,EAAQ5F,gBAAiBwO,EAAAA,EAAAA,YAE7B9Z,EAEA+Z,EAAoCrZ,KAAKsZ,YAC3C9I,EACAsI,EAAQS,YAAcV,EAASW,aAAe,GAC9C1J,EACAf,GAGE5I,EAAUnG,KAAKyZ,YACjBZ,EACAQ,EAAmBxb,cACnBwb,EAAmBzI,YACnByI,EAAmBK,OAGjBtT,EAAcpG,KAAK2Z,gBACrBnJ,EACAqI,EACAQ,EAAmBxb,cACnBwb,EAAmBzI,YACnByI,EAAmBK,MACnBZ,GAGEzS,EAAerG,KAAK4Z,iBACtBf,EACAQ,EAAmBxb,cACnBwb,EAAmBzI,aAGvB,OAAO5Q,KAAK6Z,6BACRrJ,EACA,CACIlT,QAAS+b,EACTlT,UACAC,cACAC,gBAEJyJ,EACAf,E,CAaAuK,WAAAA,CACJ9I,EACA+I,EACAzJ,EACAf,GAIA,GAFA/O,KAAKrD,OAAOI,QAAQ,gCAEhByT,EAAQlT,QAAS,CACjB,MAAMuH,EAAgBR,EAAAA,GAAcyV,sBAChCtJ,EAAQlT,SAGZ,OADA0C,KAAK0Y,QAAQtT,WAAWP,GACjBA,CACV,CAAM,IAAKkK,IAAewK,IAAezJ,EAItC,MAHA9P,KAAKrD,OAAOmF,MACR,oIAEE2M,EAAAA,EAAAA,IACFsL,EAAAA,IAIR,MAAMlc,EAAgBwG,EAAAA,GAAc2V,sBAChCT,EACAxK,EAAUkL,cACVja,KAAKrD,OACLqD,KAAK2Y,UACL7I,GAGEoK,EAAiBpK,aAAa,EAAbA,EAAeqK,IAEhCC,GAAgBC,EAAAA,EAAAA,IAClBra,KAAK0Y,QACL3J,EACAlR,EACA+Q,EAAAA,EACAkB,EACAyJ,EACAxK,EAAUuL,gBACVJ,OACA5a,OACAA,EACAU,KAAKrD,QAIT,OADAqD,KAAK0Y,QAAQtT,WAAWgV,GACjBA,C,CAWHX,WAAAA,CACJZ,EACAhb,EACA+S,EACAlH,GAEA,IAAKmP,EAASG,SAEV,OADAhZ,KAAKrD,OAAOI,QAAQ,8CACb,KAGXiD,KAAKrD,OAAOI,QAAQ,iCACpB,MAAM2G,EAAgBF,EAAAA,GAAAA,oBAClB3F,EACA+S,EACAiI,EAASG,SACThZ,KAAKiY,OAAO7E,KAAK1S,SACjBgJ,GAIJ,OADA1J,KAAK0Y,QAAQ1R,qBAAqBtD,GAC3BA,C,CAYHiW,eAAAA,CACJnJ,EACAqI,EACAhb,EACA+S,EACAlH,EACAoP,GAEA,IAAKD,EAAS0B,aAIV,OAHAva,KAAKrD,OAAOI,QACR,kDAEG,KACJ,IAAK8b,EAAS2B,WAIjB,OAHAxa,KAAKrD,OAAOmF,MACR,mFAEG,KACJ,KACF+W,EAAS4B,OACRjK,EAAQS,QAAWT,EAAQS,OAAO7T,QAKpC,OAHA4C,KAAKrD,OAAOmF,MACR,gGAEG,KAGX9B,KAAKrD,OAAOI,QAAQ,qCAEpB,MAAMkU,EAAS4H,EAAS4B,MAClBC,EAAAA,GAASC,WAAW9B,EAAS4B,OAC7B,IAAIC,EAAAA,GAASlK,EAAQS,QACrBC,EACF4H,EAAQ5H,WACR2H,EAAS2B,YAAa,IAAI9a,MAAOE,UAAY,IAE3Cgb,EACF9B,EAAQ8B,oBACP/B,EAASgC,gBAAkBhC,EAAS2B,aACjC,IAAI9a,MAAOE,UAAY,IAEzBoE,EAAoBR,EAAAA,GAAAA,wBACtB3F,EACA+S,EACAiI,EAAS0B,aACTva,KAAKiY,OAAO7E,KAAK1S,SACjBgJ,EACAuH,EAAO6J,cACP5J,EACA0J,EACAhM,EAAAA,GAIJ,OADA5O,KAAK0Y,QAAQtR,yBAAyBpD,GAC/BA,C,CAWH4V,gBAAAA,CACJf,EACAhb,EACA+S,GAEA,IAAKiI,EAASkC,cAIV,OAHA/a,KAAKrD,OAAOI,QACR,mDAEG,KAGXiD,KAAKrD,OAAOI,QAAQ,sCACpB,MAAMmH,EAAqBV,EAAAA,GAAAA,yBACvB3F,EACA+S,EACAiI,EAASkC,cACT/a,KAAKiY,OAAO7E,KAAK1S,SACjBmY,EAASmC,UACT1b,EACAuZ,EAASoC,0BAIb,OADAjb,KAAK0Y,QAAQlR,0BAA0BtD,GAChCA,C,CAWH2V,4BAAAA,CACJrJ,EACAQ,EACAlB,EACAf,GAAqB,IAAAmM,EAAAC,EAAAC,EAErB,IAGIjK,EAHA/K,EAAsB,GACtBiV,EAAgC,GAChCnK,EAAyB,KAGzBF,SAAAA,EAAa5K,cACbA,EAAc4K,EAAY5K,YAAYkV,OACtCD,EAAiBX,EAAAA,GAASC,WACtB3J,EAAY5K,YAAYmV,QAC1BC,UACFtK,EAAY,IAAIxR,KACgC,IAA5C+b,OAAOzK,EAAY5K,YAAY8K,YAEnCC,EAAe,IAAIzR,KACqC,IAApD+b,OAAOzK,EAAY5K,YAAYwU,qBAIvC,MAAM/V,EAAgBmM,EAAY1T,QAElC,MAAO,CACHyR,UAAWA,EAAYA,EAAU2M,mBAAqB,GACtDC,SAAU3K,EAAY1T,QAAQS,eAC9B2L,SAAUsH,EAAY1T,QAAQoc,MAC9BzI,OAAQoK,EACR/d,QAASuH,EAAc+W,iBACvBzV,SAA4B,QAAnB+U,EAAAlK,EAAY7K,eAAO,IAAA+U,OAAA,EAAnBA,EAAqBI,SAAU,GACxCxL,cAAeA,GAAiB,CAAC,EACjC1J,YAAaA,EACbyV,WAAW,EACX3K,UAAWA,EACXtG,cAAe4F,EAAQ5F,eAAiB,GACxCkR,UAAW,GACX3K,aAAcA,EACd4K,UAAkC,QAAxBZ,EAAAnK,EAAY3K,oBAAY,IAAA8U,OAAA,EAAxBA,EAA0BY,WAAY,GAChD3K,WAAWJ,SAAwB,QAAboK,EAAXpK,EAAa5K,mBAAW,IAAAgV,OAAA,EAAxBA,EAA0BhK,YAAa,GAClD3E,MAAO+D,EAAQ/D,OAAS,GACxBuP,mBAAoBnX,EAAcmX,oBAAsB,GACxDC,YAAapX,EAAcoX,aAAe,GAC1CC,kBAAkB,E,6ECzT9B,SAASC,EACL7e,GAEA,MAAMwS,EAAgBxS,aAAO,EAAPA,EAASwS,cAC/B,OAAIA,SAAAA,EAAesM,KAAOtM,SAAAA,EAAeuM,IAC9B,MAGNvM,SAAAA,EAAeqK,IAEc,0CAAvBrK,aAAa,EAAbA,EAAeqK,KACf,MAEJ,WALP,CAMJ,CAEA,SAASmC,EACLC,EACAC,GAEA,KACIC,EAAAA,EAAAA,IAA4BF,EAC/B,CAAC,MAAO1a,GAEL,MADA2a,EAAiBE,IAAI,CAAEC,SAAS,GAAS9a,GACnCA,CACT,CACL,C,MAEawW,EAsFT5X,WAAAA,CAAYmc,GACR5c,KAAK4c,iBAAmBA,EACxB5c,KAAKmT,qBACDnT,KAAK4c,iBAAiBzJ,uBAE1BnT,KAAKiY,OAAS2E,EAAiBC,YAC/B7c,KAAKuc,aAAc,EAGnBvc,KAAKrD,OAASqD,KAAK4c,iBAAiBE,YAGpC9c,KAAKmW,cAAgBnW,KAAKiY,OAAO1E,OAAO4C,cAGxCnW,KAAKsW,iBAAmBtW,KAAKiY,OAAO1E,OAAO+C,iBAG3CtW,KAAK+c,iBAAmB,IAAIzK,IAG5BtS,KAAKgd,wBAA0B,IAAI1K,IAGnCtS,KAAKc,kBAAoBd,KAAKiY,OAAOxE,UAAUgE,OAG/CzX,KAAKid,cAAgBjd,KAAKmT,qBACpB,IAAI+J,EAAAA,EAAUld,KAAKrD,OAAQqD,KAAKc,mBAChCkR,EAAAA,GAENhS,KAAKmd,aAAe,IAAIC,EAAAA,EAAapd,KAAKrD,QAG1CqD,KAAKpD,eAAiBoD,KAAKmT,qBACrB,IAAI5S,EAAAA,EACAP,KAAKiY,OAAO7E,KAAK1S,SACjBV,KAAKiY,OAAO5F,MACZrS,KAAKid,cACLjd,KAAKrD,QACL0gB,EAAAA,EAAAA,IAA4Brd,KAAKiY,OAAO7E,MACxCpT,KAAKc,oBAET+Q,EAAAA,EAAAA,GACI7R,KAAKiY,OAAO7E,KAAK1S,SACjBV,KAAKrD,QAIf,MAAM2gB,EAA6C,CAC/Cnc,cAAeO,EAAAA,GAAqBT,cACpCI,uBAAwBK,EAAAA,GAAqBT,cAC7CmJ,wBAAwB,EACxBE,eAAe,EACf/I,uBAAuB,EACvBwQ,2BAA2B,GAE/B/R,KAAKud,sBAAwB,IAAIhd,EAAAA,EAC7BP,KAAKiY,OAAO7E,KAAK1S,SACjB4c,EACAtd,KAAKid,cACLjd,KAAKrD,YACL2C,EACAU,KAAKc,mBAITd,KAAKwd,WAAa,IAAIhF,EAClBxY,KAAKiY,OACLjY,KAAKpD,eACLoD,KAAKrD,OACLqD,KAAKid,eAGTjd,KAAKyd,0BAA4B,IAAInL,IAGrCtS,KAAK0d,oBAAsB1d,KAAK0d,oBAAoBC,KAAK3d,MAGzDA,KAAK4d,mCACD5d,KAAK4d,mCAAmCD,KAAK3d,MAGjDA,KAAK6d,0BAA2B,EAChC7d,KAAK8d,yBACD9d,KAAK8d,yBAAyBH,KAAK3d,K,CAG3C,6BAAasY,CACTsE,EACApM,GAEA,MAAMuN,EAAa,IAAI1F,EAAmBuE,GAE1C,aADMmB,EAAW3F,WAAW5H,GACrBuN,C,CAGHL,mBAAAA,CAAoB9S,GACnBA,IAGL5K,KAAKrD,OAAO4J,KAAK,oCACjBvG,KAAKc,kBAAkBkd,gBACnB,CAAEC,sBAAuB,GACzBrT,G,CAQR,gBAAMwN,CAAW5H,GAEb,GADAxQ,KAAKrD,OAAOM,MAAM,qBACd+C,KAAKuc,YAIL,YAHAvc,KAAKrD,OAAO4J,KACR,sDAKR,IAAKvG,KAAKmT,qBAIN,OAHAnT,KAAKrD,OAAO4J,KAAK,8CACjBvG,KAAKuc,aAAc,OACnBvc,KAAKmd,aAAae,UAAUC,EAAAA,EAAUC,gBAI1C,MAAMC,GACF7N,aAAO,EAAPA,EAAS5F,gBAAiB5K,KAAKse,0BAC7BvH,EAAoB/W,KAAKiY,OAAO1E,OAAOwD,kBACvCwH,EAAkBve,KAAKc,kBAAkB0d,iBAC3C1T,EAAAA,GAAkB2T,4BAClBJ,GAIJ,GAFAre,KAAKmd,aAAae,UAAUC,EAAAA,EAAUO,kBAElC3H,EACA,IACI/W,KAAK2e,8BACKC,EAAAA,EAAqBC,eACvB7e,KAAKrD,OACLqD,KAAKiY,OAAO1E,OAAOyD,6BACnBhX,KAAKc,kBAEhB,CAAC,MAAOe,GACL7B,KAAKrD,OAAOI,QAAQ8E,EACvB,CAGA7B,KAAKiY,OAAO5F,MAAMN,4BACnB/R,KAAKrD,OAAOI,QACR,mFAGE+hB,EAAAA,EAAAA,IACF9e,KAAKpD,eAAe+N,6BAA6BgT,KAC7C3d,KAAKpD,gBAETkO,EAAAA,GAAkBC,6BAClB/K,KAAKrD,OACLqD,KAAKc,kBACLud,EAPES,CAQJ9e,KAAKc,kBAAmBud,IAG9Bre,KAAKuc,aAAc,EACnBvc,KAAKmd,aAAae,UAAUC,EAAAA,EAAUC,gBACtCG,EAAgB7B,IAAI,CAAE3F,oBAAmB4F,SAAS,G,CAYtD,2BAAMoC,CACFC,GAMA,GAJAhf,KAAKrD,OAAOI,QAAQ,iCAEpBkiB,EAAAA,EAAAA,IAA2Cjf,KAAKuc,aAE5Cvc,KAAKmT,qBAAsB,CAM3B,MAAM+L,EAAsBF,GAAQ,GACpC,IAAInG,EAAW7Y,KAAK+c,iBAAiBxK,IAAI2M,GAazC,YAZwB,IAAbrG,GACPA,EAAW7Y,KAAKmf,8BAA8BH,GAC9Chf,KAAK+c,iBAAiBvK,IAAI0M,EAAqBrG,GAC/C7Y,KAAKrD,OAAOI,QACR,kFAGJiD,KAAKrD,OAAOI,QACR,8FAID8b,CACV,CAID,OAHA7Y,KAAKrD,OAAOI,QACR,+DAEG,I,CAQH,mCAAMoiB,CACVH,GAEA,MAAMI,EAAmBpf,KAAKtD,iBACxB8T,EACFxQ,KAAKpD,eAAesS,yBAClBmQ,EACF7O,GACAoO,EAAAA,EAAqBU,kBACjBtf,KAAKiY,OACLjY,KAAKrD,OACLqD,KAAK2e,0BAET3e,KAAK2e,0BACJK,EACCpU,EAAgByU,EAChB7O,aAAO,EAAPA,EAAS5F,cACT5K,KAAKpD,eAAesN,kBAChB8B,EAAAA,GAAmByB,gBACnB,IACC,GACL8R,EAAkBvf,KAAKc,kBAAkB0d,iBAC3C1T,EAAAA,GAAkB0U,qBAClB5U,GAOJ,IAAImS,EACJ,GANA/c,KAAKmd,aAAae,UACdC,EAAAA,EAAUsB,sBACVC,EAAAA,GAAgBC,UAIhBN,GAAarf,KAAK2e,wBAAyB,CAC3C3e,KAAKrD,OAAOM,MACR,gEAEJ,MAAM2iB,EAAe,IAAIC,EAAAA,EACrB7f,KAAKiY,OACLjY,KAAKpD,eACLoD,KAAKid,cACLjd,KAAKrD,OACLqD,KAAKmd,aACLnd,KAAKsW,iBACLwJ,EAAAA,GAAMf,sBACN/e,KAAKc,kBACLd,KAAK2e,wBACLnO,EAAQuP,UACR/f,KAAKud,sBACL/M,EAAQ5F,eAGZmS,GAAmB+B,EAAAA,EAAAA,IACfc,EAAab,sBAAsBpB,KAAKiC,GACxC9U,EAAAA,GAAkBkV,uCAClBhgB,KAAKrD,OACLqD,KAAKc,kBACLye,EAAgBU,MAAMrV,cALPkU,CAMjB9e,KAAKc,kBAAmBye,EAAgBU,MAAMrV,cACnD,KAAM,CACH5K,KAAKrD,OAAOM,MACR,yDAEJ,MAAMijB,EAAiBlgB,KAAKmgB,qBAAqBvV,GACjDmS,GAAmB+B,EAAAA,EAAAA,IACfoB,EAAenB,sBAAsBpB,KAAKuC,GAC1CpV,EAAAA,GAAkBsV,iCAClBpgB,KAAKrD,OACLqD,KAAKc,kBACLye,EAAgBU,MAAMrV,cALPkU,CAMjBE,EAAMO,EACX,CAED,OAAOxC,EACFsD,MAAM9P,IACH,GAAIA,EAAQ,CAIJ6O,EAAiBhiB,OAAS4C,KAAKtD,iBAAiBU,QAEhD4C,KAAKmd,aAAae,UACdC,EAAAA,EAAUmC,cACVZ,EAAAA,GAAgBC,SAChBpP,GAEJvQ,KAAKrD,OAAOI,QACR,2DAGJiD,KAAKmd,aAAae,UACdC,EAAAA,EAAUoC,sBACVb,EAAAA,GAAgBC,SAChBpP,GAEJvQ,KAAKrD,OAAOI,QACR,kEAGRwiB,EAAgB7C,IAAI,CAChBC,SAAS,EACT6D,YAAarE,EAAe5L,EAAOjT,UAE1C,MAKOiiB,EAAgBU,MAAMQ,UACtBlB,EAAgB7C,IAAI,CAAEC,SAAS,IAE/B4C,EAAgBmB,UASxB,OALA1gB,KAAKmd,aAAae,UACdC,EAAAA,EAAUwC,oBACVjB,EAAAA,GAAgBC,UAGbpP,CAAM,IAEhBqQ,OAAO/e,IACJ,MAAMgf,EAAahf,EA6BnB,MA3BIud,EAAiBhiB,OAAS,EAC1B4C,KAAKmd,aAAae,UACdC,EAAAA,EAAU2C,sBACVpB,EAAAA,GAAgBC,SAChB,KACAkB,GAGJ7gB,KAAKmd,aAAae,UACdC,EAAAA,EAAU4C,cACVrB,EAAAA,GAAgBC,SAChB,KACAkB,GAGR7gB,KAAKmd,aAAae,UACdC,EAAAA,EAAUwC,oBACVjB,EAAAA,GAAgBC,UAGpBJ,EAAgB7C,IACZ,CACIC,SAAS,GAEbkE,GAGEhf,CAAC,G,CAanB,0BAAMmf,CAAqBxQ,GAEvB,MAAM5F,EAAgB5K,KAAKse,wBAAwB9N,GACnDxQ,KAAKrD,OAAOI,QAAQ,8BAA+B6N,GAEnD,MAAMqW,EAAiBjhB,KAAKc,kBAAkB0d,iBAC1C1T,EAAAA,GAAkBoW,wBAClBtW,GAEJqW,EAAeE,IAAI,CACfX,YAAarE,EAAe3L,EAAQlT,SACpC8jB,WAAY5Q,EAAQ4Q,aAIxB,MAAMC,EAAuB7Q,EAAQ8Q,mBACrC,GAAID,EACA7Q,EAAQ8Q,mBAAsBC,IAC1B,MAAMC,EAC8B,mBAAzBH,EACDA,EAAqBE,QACrBjiB,EAMV,OALiB,IAAbkiB,EACAP,EAAevE,IAAI,CAAEC,SAAS,IAE9BsE,EAAeP,UAEZc,CAAQ,MAEhB,CACH,MAAMC,EACFzhB,KAAKiY,OAAO7E,KAAKkO,mBACrBthB,KAAKiY,OAAO7E,KAAKkO,mBAAsBC,IACnC,MAAMC,EACoC,mBAA/BC,EACDA,EAA2BF,QAC3BjiB,EAMV,OALiB,IAAbkiB,EACAP,EAAevE,IAAI,CAAEC,SAAS,IAE9BsE,EAAeP,UAEZc,CAAQ,CAEtB,CAGD,MAAME,EAAa1hB,KAAKtD,iBAAiBU,OAAS,EAClD,IAkBI,IAAImT,EAEJ,IAnBAoR,EAAAA,EAAAA,IAAoC3hB,KAAKuc,YAAavc,KAAKiY,QAC3DjY,KAAKpD,eAAe+Q,0BAAyB,GAEzC+T,EACA1hB,KAAKmd,aAAae,UACdC,EAAAA,EAAUyD,oBACVlC,EAAAA,GAAgBC,SAChBnP,GAGJxQ,KAAKmd,aAAae,UACdC,EAAAA,EAAU0D,YACVnC,EAAAA,GAAgBC,SAChBnP,GAMJxQ,KAAK2e,yBAA2B3e,KAAK8hB,aAAatR,GAAU,CAe5DD,EAdqB,IAAIsP,EAAAA,EACrB7f,KAAKiY,OACLjY,KAAKpD,eACLoD,KAAKid,cACLjd,KAAKrD,OACLqD,KAAKmd,aACLnd,KAAKsW,iBACLwJ,EAAAA,GAAMkB,qBACNhhB,KAAKc,kBACLd,KAAK2e,wBACL3e,KAAK+hB,mBAAmBvR,GACxBxQ,KAAKud,sBACL3S,GAGCoW,qBAAqBxQ,EAASyQ,GAC9BL,OAAO/e,IACJ,GACIA,aAAamgB,EAAAA,KACbC,EAAAA,EAAAA,IAAuBpgB,GACzB,CACE7B,KAAK2e,6BAA0Brf,EAG/B,OADIU,KAAKmgB,qBAAqBvV,GACRsX,aAAa1R,EACtC,CAAM,GAAI3O,aAAasgB,EAAAA,GAA8B,CAClDniB,KAAKrD,OAAOI,QACR,mHAIJ,OADIiD,KAAKmgB,qBAAqBvV,GACRsX,aAAa1R,EACtC,CAED,MADAxQ,KAAKpD,eAAe+Q,0BAAyB,GACvC9L,CAAC,GAElB,KAAM,CAEH0O,EADuBvQ,KAAKmgB,qBAAqBvV,GACzBsX,aAAa1R,EACxC,CAED,aAAaD,CAChB,CAAC,MAAO1O,GAiBL,MAhBAof,EAAevE,IAAI,CAAEC,SAAS,GAAS9a,GACnC6f,EACA1hB,KAAKmd,aAAae,UACdC,EAAAA,EAAU2C,sBACVpB,EAAAA,GAAgBC,SAChB,KACA9d,GAGJ7B,KAAKmd,aAAae,UACdC,EAAAA,EAAU4C,cACVrB,EAAAA,GAAgBC,SAChB,KACA9d,GAGFA,CACT,C,CAcLugB,iBAAAA,CAAkB5R,GACd,MAAM5F,EAAgB5K,KAAKse,wBAAwB9N,GAC7C6R,EAAqBriB,KAAKc,kBAAkB0d,iBAC9C1T,EAAAA,GAAkBwX,kBAClB1X,GAGJyX,EAAmBlB,IAAI,CACnBC,WAAY5Q,EAAQ4Q,WACpBZ,YAAarE,EAAe3L,EAAQlT,WAGxC,IACI0C,KAAKrD,OAAOI,QAAQ,2BAA4B6N,GAChD0R,EAAetc,KAAKuc,YAAa8F,GACjCriB,KAAKpD,eAAe+Q,0BAAyB,EAChD,CAAC,MAAO9L,GAEL,OAAOuJ,QAAQmX,OAAO1gB,EACzB,CAGD,MAAMud,EAAmBpf,KAAKtD,iBAe9B,IAAI6T,EAEJ,GAhBI6O,EAAiBhiB,OAAS,EAC1B4C,KAAKmd,aAAae,UACdC,EAAAA,EAAUyD,oBACVlC,EAAAA,GAAgB8C,MAChBhS,GAGJxQ,KAAKmd,aAAae,UACdC,EAAAA,EAAU0D,YACVnC,EAAAA,GAAgB8C,MAChBhS,GAMJxQ,KAAK8hB,aAAatR,GAClBD,EAASvQ,KAAKyiB,oBAAkBzM,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAC,CAAD,EAErBxF,GAAO,IACV5F,kBAEJkV,EAAAA,GAAMsC,mBAEL/B,MAAMxH,IACH7Y,KAAKpD,eAAe+Q,0BAAyB,GAC7C0U,EAAmB3F,IAAI,CACnBC,SAAS,EACT+F,gBAAgB,EAChBlC,YAAarE,EAAetD,EAASvb,WAElCub,KAEV+H,OAAO/e,IACJ,GACIA,aAAamgB,EAAAA,KACbC,EAAAA,EAAAA,IAAuBpgB,GACzB,CACE7B,KAAK2e,6BAA0Brf,EAG/B,OADIU,KAAK2iB,kBAAkB/X,GACRsX,aAAa1R,EACnC,CAAM,GAAI3O,aAAasgB,EAAAA,GAA8B,CAClDniB,KAAKrD,OAAOI,QACR,gHAIJ,OADIiD,KAAK2iB,kBAAkB/X,GACRsX,aAAa1R,EACnC,CAED,MADAxQ,KAAKpD,eAAe+Q,0BAAyB,GACvC9L,CAAC,QAEZ,CAEH0O,EADoBvQ,KAAK2iB,kBAAkB/X,GACtBsX,aAAa1R,EACrC,CAED,OAAOD,EACF8P,MAAM9P,IAKC6O,EAAiBhiB,OAAS4C,KAAKtD,iBAAiBU,OAEhD4C,KAAKmd,aAAae,UACdC,EAAAA,EAAUmC,cACVZ,EAAAA,GAAgB8C,MAChBjS,GAGJvQ,KAAKmd,aAAae,UACdC,EAAAA,EAAUoC,sBACVb,EAAAA,GAAgB8C,MAChBjS,GAIR8R,EAAmB3F,IAAI,CACnBC,SAAS,EACTiG,gBAAiBrS,EAAOnK,YAAYhJ,OACpCylB,YAAatS,EAAOpK,QAAQ/I,OAC5BojB,YAAarE,EAAe5L,EAAOjT,WAEhCiT,KAEVqQ,OAAO/e,IACAud,EAAiBhiB,OAAS,EAC1B4C,KAAKmd,aAAae,UACdC,EAAAA,EAAU2C,sBACVpB,EAAAA,GAAgB8C,MAChB,KACA3gB,GAGJ7B,KAAKmd,aAAae,UACdC,EAAAA,EAAU4C,cACVrB,EAAAA,GAAgB8C,MAChB,KACA3gB,GAIRwgB,EAAmB3F,IACf,CACIC,SAAS,GAEb9a,GAIGuJ,QAAQmX,OAAO1gB,K,CAI1B+b,kCAAAA,GACJ,MAAMkF,EACF9iB,KAAK+iB,sBACL/iB,KAAKgjB,mCACJF,IAIL9iB,KAAKrD,OAAO4J,KACR,uCACAuc,EAAY7C,MAAM3hB,MAEtBwkB,EAAYG,UAAU,CAClBhF,sBAAuB,I,CAsB/B,eAAMiF,CAAU1S,GAAyB,IAAA2S,EAAAC,EACrC,MAAMxY,EAAgB5K,KAAKse,wBAAwB9N,GAC7C6S,GAAYrN,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAA,GACXxF,GAAO,IAEV8S,OAAQ9S,EAAQ8S,OAChB1Y,cAAeA,IA0BnB,IAAI2F,EAEJ,GA1BAvQ,KAAK+iB,qBAAuB/iB,KAAKc,kBAAkB0d,iBAC/C1T,EAAAA,GAAkByY,UAClB3Y,GAEqB,QAAzBuY,EAAAnjB,KAAK+iB,4BAAoB,IAAAI,GAAzBA,EAA2BhC,IAAI,CAC3BC,WAAY5Q,EAAQ4Q,WACpBZ,YAAarE,EAAe3L,EAAQlT,WAExCgf,EAAetc,KAAKuc,YAAavc,KAAK+iB,sBACb,QAAzBK,EAAApjB,KAAK+iB,4BAAoB,IAAAK,GAAzBA,EAA2BH,UAAU,CACjChF,sBAAuB,IAG3Bxf,SAAS+kB,iBACL,mBACAxjB,KAAK4d,oCAET5d,KAAKrD,OAAOI,QAAQ,mBAAoB6N,GACxC5K,KAAKmd,aAAae,UACdC,EAAAA,EAAUsF,iBACV/D,EAAAA,GAAgBgE,OAChBL,GAKArjB,KAAK8hB,aAAauB,GAClB9S,EAASvQ,KAAKyiB,mBACVY,EACAvD,EAAAA,GAAMoD,WACRtC,OAAO/e,IAEL,GAAIA,aAAamgB,EAAAA,KAAmBC,EAAAA,EAAAA,IAAuBpgB,GAAI,CAC3D7B,KAAK2e,6BAA0Brf,EAI/B,OAH2BU,KAAK2jB,yBAC5BN,EAAazY,eAESsX,aAAamB,EAC1C,CACD,MAAMxhB,CAAC,QAER,CAIH0O,EAH2BvQ,KAAK2jB,yBAC5BN,EAAazY,eAEWsX,aAAamB,EAC5C,CAED,OAAO9S,EACF8P,MAAMxH,IAAY,IAAA+K,EAaf,OAZA5jB,KAAKmd,aAAae,UACdC,EAAAA,EAAU0F,mBACVnE,EAAAA,GAAgBgE,OAChB7K,GAEqB,QAAzB+K,EAAA5jB,KAAK+iB,4BAAoB,IAAAa,GAAzBA,EAA2BlH,IAAI,CAC3BC,SAAS,EACT+F,eAAgB7J,EAASqD,iBACzB0G,gBAAiB/J,EAASzS,YAAYhJ,OACtCylB,YAAahK,EAAS1S,QAAQ/I,OAC9BojB,YAAarE,EAAetD,EAASvb,WAElCub,CAAQ,IAElB+H,OAAO/e,IAAY,IAAAiiB,EAahB,MAZA9jB,KAAKmd,aAAae,UACdC,EAAAA,EAAU4F,mBACVrE,EAAAA,GAAgBgE,OAChB,KACA7hB,GAEqB,QAAzBiiB,EAAA9jB,KAAK+iB,4BAAoB,IAAAe,GAAzBA,EAA2BpH,IACvB,CACIC,SAAS,GAEb9a,GAEEA,CAAC,IAEVmiB,SAAQ,KACLvlB,SAASwlB,oBACL,mBACAjkB,KAAK4d,mCACR,G,CAcb,wBAAMsG,CACF1T,GAEA,MAAM5F,EAAgB5K,KAAKse,wBAAwB9N,GACnDxQ,KAAKrD,OAAOM,MAAM,4BAA6B2N,GAC/C,MAAMuZ,EAAkBnkB,KAAKc,kBAAkB0d,iBAC3C1T,EAAAA,GAAkBsZ,mBAClBxZ,GAEJ0R,EAAetc,KAAKuc,YAAa4H,GACjCnkB,KAAKmd,aAAae,UACdC,EAAAA,EAAUkG,4BACV3E,EAAAA,GAAgBgE,OAChBlT,GAEJ2T,EAAgBhD,IAAI,CAAEC,WAAY5Q,EAAQ4Q,aAE1C,IACI,GAAI5Q,EAAQ8T,MAAQ9T,EAAQ+T,gBAExB,MAAM9V,EAAAA,EAAAA,IACF+V,EAAAA,IAED,GAAIhU,EAAQ8T,KAAM,CACrB,MAAMG,EAAiBjU,EAAQ8T,KAC/B,IAAIzL,EAAW7Y,KAAKgd,wBAAwBzK,IAAIkS,GAkDhD,OAjDK5L,GA2CD7Y,KAAKrD,OAAOI,QACR,4CACA6N,GAEJuZ,EAAgBzD,YA9ChB1gB,KAAKrD,OAAOI,QACR,4CACA6N,GAEJiO,EAAW7Y,KAAK0kB,yBAAuB1O,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAC,CAAC,EAClCxF,GAAO,IACV5F,mBAECyV,MAAM9P,IACHvQ,KAAKmd,aAAae,UACdC,EAAAA,EAAUwG,8BACVjF,EAAAA,GAAgBgE,OAChBnT,GAEJvQ,KAAKgd,wBAAwBvK,OAAOgS,GACpCN,EAAgBzH,IAAI,CAChBC,SAAS,EACT+F,eAAgBnS,EAAO2L,iBACvB0G,gBAAiBrS,EAAOnK,YAAYhJ,OACpCylB,YAAatS,EAAOpK,QAAQ/I,OAC5BojB,YAAarE,EAAe5L,EAAOjT,WAEhCiT,KAEVqQ,OAAO9e,IAcJ,MAbA9B,KAAKgd,wBAAwBvK,OAAOgS,GACpCzkB,KAAKmd,aAAae,UACdC,EAAAA,EAAUyG,8BACVlF,EAAAA,GAAgBgE,OAChB,KACA5hB,GAEJqiB,EAAgBzH,IACZ,CACIC,SAAS,GAEb7a,GAEEA,CAAK,IAEnB9B,KAAKgd,wBAAwBxK,IAAIiS,EAAgB5L,UAQxCA,CAChB,CAAM,GAAIrI,EAAQ+T,gBAAiB,CAChC,GAAIvkB,KAAK8hB,aAAatR,EAASA,EAAQ+T,iBAAkB,CACrD,MAAMhU,QAAevQ,KAAKyiB,oBAAkBzM,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAC,CAAD,EAEjCxF,GAAO,IACV5F,kBAEJkV,EAAAA,GAAMoE,mBACN1T,EAAQ+T,iBACV3D,OAAO/e,IAQL,MALIA,aAAamgB,EAAAA,KACbC,EAAAA,EAAAA,IAAuBpgB,KAEvB7B,KAAK2e,6BAA0Brf,GAE7BuC,CAAC,IAMX,OAJAsiB,EAAgBzH,IAAI,CAChB8D,YAAarE,EAAe5L,EAAOjT,SACnCqf,SAAS,IAENpM,CACV,CACG,MAAM9B,EAAAA,EAAAA,IACFoW,EAAAA,GAGX,CACG,MAAMpW,EAAAA,EAAAA,IACFqW,EAAAA,GAGX,CAAC,MAAOjjB,GAaL,MAZA7B,KAAKmd,aAAae,UACdC,EAAAA,EAAUyG,8BACVlF,EAAAA,GAAgBgE,OAChB,KACA7hB,GAEJsiB,EAAgBzH,IACZ,CACIC,SAAS,GAEb9a,GAEEA,CACT,C,CAQG,6BAAM6iB,CACVlU,GAAiC,IAAAuU,EAEjC/kB,KAAKrD,OAAOM,MACR,iCACAuT,EAAQ5F,eAEZ5K,KAAKgjB,mCACDhjB,KAAKc,kBAAkB0d,iBACnB1T,EAAAA,GAAkBka,wBAClBxU,EAAQ5F,eAEuB,QAAvCma,EAAA/kB,KAAKgjB,0CAAkC,IAAA+B,GAAvCA,EAAyC9B,UAAU,CAC/ChF,sBAAuB,IAE3Bxf,SAAS+kB,iBACL,mBACAxjB,KAAK4d,oCAET,MAAMqH,EAAuBjlB,KAAKklB,2BAC9B1U,EAAQ5F,eA2BZ,aAzBgCqa,EAC3B/C,aAAa1R,GACb6P,MAAMxH,IAAY,IAAAsM,EAMf,OALuC,QAAvCA,EAAAnlB,KAAKgjB,0CAAkC,IAAAmC,GAAvCA,EAAyCzI,IAAI,CACzCC,SAAS,EACTd,UAAWhD,EAASgD,UACpB6G,eAAgB7J,EAASqD,mBAEtBrD,CAAQ,IAElB+H,OAAOwE,IAA4B,IAAAC,EAOhC,MANuC,QAAvCA,EAAArlB,KAAKgjB,0CAAkC,IAAAqC,GAAvCA,EAAyC3I,IACrC,CACIC,SAAS,GAEbyI,GAEEA,CAAiB,IAE1BpB,SAAQ,KACLvlB,SAASwlB,oBACL,mBACAjkB,KAAK4d,mCACR,G,CAYH,2BAAM0H,CACZC,EACAC,GAMA,OAJAxlB,KAAKc,kBAAkB+J,oBACnBC,EAAAA,GAAkB2a,sBAClBF,EAAc3a,eAEV4a,GACJ,KAAKE,EAAAA,GAAkBC,QACvB,KAAKD,EAAAA,GAAkBE,YACvB,KAAKF,EAAAA,GAAkBG,2BACnB,MAAMC,EAAoB9lB,KAAK+lB,wBAC3BR,EAAc3a,eAElB,OAAOkU,EAAAA,EAAAA,IACHgH,EAAkB5D,aAAavE,KAAKmI,GACpChb,EAAAA,GAAkBkb,8BAClBhmB,KAAKrD,OACLqD,KAAKc,kBACLykB,EAAc3a,cALXkU,CAMLyG,GACN,QACI,MAAM/e,EAAAA,EAAAA,IACFC,EAAAA,GAAAA,I,CAWT,gCAAMwf,CACTV,EACAC,GAMA,OAJAxlB,KAAKc,kBAAkB+J,oBACnBC,EAAAA,GAAkBob,2BAClBX,EAAc3a,eAEV4a,GACJ,KAAKE,EAAAA,GAAkBC,QACvB,KAAKD,EAAAA,GAAkBG,2BACvB,KAAKH,EAAAA,GAAkBS,aACvB,KAAKT,EAAAA,GAAkBU,uBACnB,MAAMC,EAAsBrmB,KAAKsmB,0BAC7Bf,EAAc3a,eAGlB,OAAOkU,EAAAA,EAAAA,IACHuH,EAAoBnE,aAAavE,KAAK0I,GACtCvb,EAAAA,GAAkByb,gCAClBvmB,KAAKrD,OACLqD,KAAKc,kBACLykB,EAAc3a,cALXkU,CAMLyG,GACN,QACI,MAAM/e,EAAAA,EAAAA,IACFC,EAAAA,GAAAA,I,CAUN,gCAAM+f,CACZhW,GAEAxQ,KAAKc,kBAAkB+J,oBACnBC,EAAAA,GAAkB2b,2BAClBjW,EAAQ5F,eAGZ,MAAM8b,EAAqB1mB,KAAK2jB,yBAC5BnT,EAAQ5F,eAGZ,OAAOkU,EAAAA,EAAAA,IACH4H,EAAmBxE,aAAavE,KAAK+I,GACrC5b,EAAAA,GAAkB6b,+BAClB3mB,KAAKrD,OACLqD,KAAKc,kBACL0P,EAAQ5F,cALLkU,CAMLtO,E,CAYN,YAAMoW,CAAOC,GACT,MAAMjc,EAAgB5K,KAAKse,wBAAwBuI,GAKnD,OAJA7mB,KAAKrD,OAAOU,QACR,mGACAuN,GAEG5K,KAAK8mB,gBAAc9Q,EAAAA,EAAAA,GAAC,CACvBpL,iBACGic,G,CASX,oBAAMC,CAAeD,GACjB,MAAMjc,EAAgB5K,KAAKse,wBAAwBuI,IACnDlF,EAAAA,EAAAA,IAAoC3hB,KAAKuc,YAAavc,KAAKiY,QAC3DjY,KAAKpD,eAAe+Q,0BAAyB,GAG7C,OADuB3N,KAAKmgB,qBAAqBvV,GAC3Bgc,OAAOC,E,CAOjCE,WAAAA,CAAYF,GACR,IACI,MAAMjc,EAAgB5K,KAAKse,wBAAwBuI,IACnDpK,EAAAA,EAAAA,IAA4Bzc,KAAKuc,aACjCvc,KAAKpD,eAAe+Q,0BAAyB,GAG7C,OADoB3N,KAAK2iB,kBAAkB/X,GACxBgc,OAAOC,EAC7B,CAAC,MAAOhlB,GAEL,OAAOuJ,QAAQmX,OAAO1gB,EACzB,C,CAOL,gBAAMmlB,CAAWH,GACb,IAAK7mB,KAAKmT,qBAEN,YADAnT,KAAKrD,OAAO4J,KAAK,gDAGrB,MAAMqE,EAAgB5K,KAAKse,wBAAwBuI,GAEnD,OADoB7mB,KAAK+lB,wBAAwBnb,GAC9Bgc,OAAOC,E,CAY9BnqB,cAAAA,CAAeI,GACX,OAAOJ,EAAAA,EAAAA,IACHsD,KAAKrD,OACLqD,KAAKpD,eACLoD,KAAKmT,qBACLrW,E,CASRE,UAAAA,CAAWF,GACP,OAAOE,EAAAA,EAAAA,IACHF,EACAkD,KAAKrD,OACLqD,KAAKpD,e,CAYbY,oBAAAA,CAAqBC,GACjB,OAAOD,EAAAA,EAAAA,IACHC,EACAuC,KAAKrD,OACLqD,KAAKpD,e,CAWbgB,kBAAAA,CAAmBC,GACf,OAAOD,EAAAA,EAAAA,IACHC,EACAmC,KAAKrD,OACLqD,KAAKpD,e,CAWbkB,mBAAAA,CAAoBC,GAChB,OAAOD,EAAAA,EAAAA,IACHC,EACAiC,KAAKrD,OACLqD,KAAKpD,e,CAQboB,gBAAAA,CAAiBV,IACbU,EAAAA,EAAAA,IAAgCV,EAAS0C,KAAKpD,e,CAMlDqB,gBAAAA,GACI,OAAOA,EAAAA,EAAAA,IAAgC+B,KAAKpD,e,CAWhD,kBAAM0T,CACFC,EACAC,GAMAxQ,KAAKrD,OAAOI,QAAQ,uBAGpB,MAAM8H,EAAgBR,EAAAA,GAAcyV,sBAChCvJ,EAAOjT,QACPiT,EAAOyL,mBACPzL,EAAO0L,aAIX,OAFAjc,KAAKpD,eAAewI,WAAWP,GAE3B0L,EAAO2L,kBACPlc,KAAKrD,OAAOI,QACR,sDAGGiD,KAAKud,sBAAsBjN,aAAaC,EAAQC,IAEhDxQ,KAAKpD,eAAe0T,aAAaC,EAAQC,E,CAUjD,wBAAMiS,CACTjS,EACAyW,EACAlH,GAGA,GADA/f,KAAKrD,OAAOM,MAAM,8BACb+C,KAAK2e,wBACN,MAAMlQ,EAAAA,EAAAA,IACFyY,EAAAA,IAmBR,OAfqB,IAAIrH,EAAAA,EACrB7f,KAAKiY,OACLjY,KAAKpD,eACLoD,KAAKid,cACLjd,KAAKrD,OACLqD,KAAKmd,aACLnd,KAAKsW,iBACL2Q,EACAjnB,KAAKc,kBACLd,KAAK2e,wBACLoB,GAAa/f,KAAK+hB,mBAAmBvR,GACrCxQ,KAAKud,sBACL/M,EAAQ5F,eAGQsX,aAAa1R,E,CAO9BsR,YAAAA,CACHtR,EACAuP,GAGA,GADA/f,KAAKrD,OAAOM,MAAM,wBAEb2hB,EAAAA,EAAqBU,kBAClBtf,KAAKiY,OACLjY,KAAKrD,OACLqD,KAAK2e,wBACLnO,EAAQ2W,sBAMZ,OAHAnnB,KAAKrD,OAAOM,MACR,oEAEG,EAGX,GAAIuT,EAAQ8S,OACR,OAAQ9S,EAAQ8S,QACZ,KAAK8D,EAAAA,GAAYC,KACjB,KAAKD,EAAAA,GAAYE,QACjB,KAAKF,EAAAA,GAAYG,MACbvnB,KAAKrD,OAAOM,MACR,uDAEJ,MACJ,QAII,OAHA+C,KAAKrD,OAAOM,MAAM,0BAADU,OACa6S,EAAQ8S,OAAM,0DAErC,EAInB,SAAKvD,IAAc/f,KAAK+hB,mBAAmBvR,MACvCxQ,KAAKrD,OAAOM,MACR,oEAEG,E,CAWR8kB,kBAAAA,CACHvR,GAEA,MAAMlT,EACFkT,EAAQlT,SACR0C,KAAKhD,WAAW,CACZ8P,UAAW0D,EAAQ1D,UACnB0a,IAAKhX,EAAQgX,OAEjBxnB,KAAK/B,mBAET,OAAQX,GAAWA,EAAQinB,iBAAoB,E,CAO5C5B,iBAAAA,CAAkB/X,GACrB,OAAO,IAAI6c,EAAAA,EACPznB,KAAKiY,OACLjY,KAAKpD,eACLoD,KAAKid,cACLjd,KAAKrD,OACLqD,KAAKmd,aACLnd,KAAKsW,iBACLtW,KAAKc,kBACLd,KAAKud,sBACLvd,KAAK2e,wBACL/T,E,CAQEuV,oBAAAA,CAAqBvV,GAC3B,OAAO,IAAI8c,EAAAA,EACP1nB,KAAKiY,OACLjY,KAAKpD,eACLoD,KAAKid,cACLjd,KAAKrD,OACLqD,KAAKmd,aACLnd,KAAKsW,iBACLtW,KAAKc,kBACLd,KAAKud,sBACLvd,KAAK2e,wBACL/T,E,CAQD+Y,wBAAAA,CACH/Y,GAEA,OAAO,IAAI+c,EAAAA,EACP3nB,KAAKiY,OACLjY,KAAKpD,eACLoD,KAAKid,cACLjd,KAAKrD,OACLqD,KAAKmd,aACLnd,KAAKsW,iBACLwJ,EAAAA,GAAMoD,UACNljB,KAAKc,kBACLd,KAAKud,sBACLvd,KAAK2e,wBACL/T,E,CAOEmb,uBAAAA,CACNnb,GAEA,OAAO,IAAIgd,EAAAA,EACP5nB,KAAKiY,OACLjY,KAAKpD,eACLoD,KAAKid,cACLjd,KAAKrD,OACLqD,KAAKmd,aACLnd,KAAKsW,iBACLtW,KAAKc,kBACLd,KAAK2e,wBACL/T,E,CAOE0b,yBAAAA,CACN1b,GAEA,OAAO,IAAIid,EAAAA,EACP7nB,KAAKiY,OACLjY,KAAKpD,eACLoD,KAAKid,cACLjd,KAAKrD,OACLqD,KAAKmd,aACLnd,KAAKsW,iBACLtW,KAAKc,kBACLd,KAAK2e,wBACL/T,E,CAOEsa,0BAAAA,CACNta,GAEA,OAAO,IAAIkd,EAAAA,EACP9nB,KAAKiY,OACLjY,KAAKpD,eACLoD,KAAKid,cACLjd,KAAKrD,OACLqD,KAAKmd,aACLnd,KAAKsW,iBACLwJ,EAAAA,GAAMoE,mBACNlkB,KAAKc,kBACLd,KAAK2e,wBACL/T,E,CAQRmd,gBAAAA,CACIC,EACAC,GAEA,OAAOjoB,KAAKmd,aAAa4K,iBAAiBC,EAAUC,E,CAOxDC,mBAAAA,CAAoBC,GAChBnoB,KAAKmd,aAAa+K,oBAAoBC,E,CAS1CC,sBAAAA,CAAuBJ,GAEnB,OADAK,EAAAA,EAAAA,MACOroB,KAAKc,kBAAkBsnB,uBAAuBJ,E,CASzDM,yBAAAA,CAA0BH,GACtB,OAAOnoB,KAAKc,kBAAkBwnB,0BAA0BH,E,CAM5DI,0BAAAA,GAC0B,oBAAXtW,SAINjS,KAAK6d,yBAKN7d,KAAKrD,OAAOI,QAAQ,iDAJpBiD,KAAKrD,OAAOI,QAAQ,oCACpBiD,KAAK6d,0BAA2B,EAChC5L,OAAOuR,iBAAiB,UAAWxjB,KAAK8d,2B,CAShD0K,2BAAAA,GAC0B,oBAAXvW,SAIPjS,KAAK6d,0BACL7d,KAAKrD,OAAOI,QAAQ,sCACpBkV,OAAOgS,oBACH,UACAjkB,KAAK8d,0BAET9d,KAAK6d,0BAA2B,GAEhC7d,KAAKrD,OAAOI,QAAQ,2C,CAOlB+gB,wBAAAA,CAAyBjc,GAC/B,IAAI,IAAA4mB,EAES,QAATA,EAAI5mB,EAAExD,WAAG,IAAAoqB,GAALA,EAAOnoB,SAAS4B,EAAAA,GAAoBiH,yBAEpCnJ,KAAKmd,aAAae,UAAUC,EAAAA,EAAUuK,wBAI1C,MAAMC,EAAa9mB,EAAE+mB,UAAY/mB,EAAEgnB,SACnC,IAAKF,EACD,OAEJ,MAAMG,EAAcpkB,KAAKC,MAAMgkB,GAC/B,GAC2B,iBAAhBG,IACNzkB,EAAAA,GAAcC,gBAAgBwkB,GAE/B,OAEJ,MAIMC,EAJgBvoB,EAAAA,GAAa2E,SAC/B,IAAId,EAAAA,GACJykB,GAE8BlN,kBAC7B/Z,EAAEgnB,UAAYhnB,EAAE+mB,UACjB5oB,KAAKrD,OAAO4J,KACR,oDAEJvG,KAAKmd,aAAae,UACdC,EAAAA,EAAU6K,mBACV1pB,EACAypB,KAEIlnB,EAAE+mB,UAAY/mB,EAAEgnB,WACxB7oB,KAAKrD,OAAO4J,KACR,wDAEJvG,KAAKmd,aAAae,UACdC,EAAAA,EAAU8K,qBACV3pB,EACAypB,GAGX,CAAC,MAAOlnB,GACL,MACH,C,CAMLqnB,aAAAA,GACI,OAAOlpB,KAAKwd,U,CAMTV,SAAAA,GACH,OAAO9c,KAAKrD,M,CAOhBwsB,SAAAA,CAAUxsB,GACNqD,KAAKrD,OAASA,C,CAQlBysB,wBAAAA,CAAyBC,EAAiBC,GAEtCtpB,KAAKpD,eAAe2L,mBAAmB8gB,EAAKC,E,CAOhDC,mBAAAA,CAAoBjT,GAChBtW,KAAKsW,iBAAmBA,C,CAMrBkT,gBAAAA,GACH,OAAOxpB,KAAKiY,M,CAMTwR,oBAAAA,GACH,OAAOzpB,KAAKc,iB,CAMT4oB,YAAAA,GACH,OAAO1pB,KAAKmT,oB,CAUNmL,uBAAAA,CACN9N,GAEA,OAAIA,SAAAA,EAAS5F,cACF4F,EAAQ5F,cAGf5K,KAAKmT,sBACEiG,EAAAA,EAAAA,MAOJpX,EAAAA,GAAU8G,Y,CAcrB,mBAAM6gB,CAAcnZ,GAChB,MAAM5F,EAAwB5K,KAAKse,wBAAwB9N,GAE3D,OADAxQ,KAAKrD,OAAOI,QAAQ,uBAAwB6N,GACrC5K,KAAKghB,sBAAoBhL,EAAAA,EAAAA,GAAC,CAC7BpL,iBACI4F,GAAWoZ,EAAAA,I,CAWvBC,UAAAA,CAAWrZ,GACP,MAAM5F,EAAwB5K,KAAKse,wBAAwB9N,GAE3D,OADAxQ,KAAKrD,OAAOI,QAAQ,oBAAqB6N,GAClC5K,KAAKoiB,mBAAiBpM,EAAAA,EAAAA,GAAC,CAC1BpL,iBACI4F,GAAWoZ,EAAAA,I,CAUvB,wBAAME,CACFtZ,GAEA,MAAM5F,EAAgB5K,KAAKse,wBAAwB9N,GAC7CuZ,EAAiB/pB,KAAKc,kBAAkB0d,iBAC1C1T,EAAAA,GAAkBkf,mBAClBpf,GAEJmf,EAAe5I,IAAI,CACfqE,kBAAmBhV,EAAQgV,kBAC3BpE,WAAY5Q,EAAQ4Q,aAGxB9E,EAAetc,KAAKuc,YAAawN,GACjC/pB,KAAKrD,OAAOI,QAAQ,4BAA6B6N,GAEjD,MAAMtN,EAAUkT,EAAQlT,SAAW0C,KAAK/B,mBACxC,IAAKX,EACD,MAAMmR,EAAAA,EAAAA,IAAuBwb,EAAAA,IAEjCF,EAAe5I,IAAI,CAAEX,YAAarE,EAAe7e,KAEjD,MAAM4sB,EAAgC,CAClCxpB,SAAUV,KAAKiY,OAAO7E,KAAK1S,SAC3BqO,UAAWyB,EAAQzB,WAAa/M,EAAAA,GAAU8G,aAC1CmI,OAAQT,EAAQS,OAChBkZ,sBAAuB7sB,EAAQO,cAC/BiT,OAAQN,EAAQM,OAChBqW,qBAAsB3W,EAAQ2W,qBAC9BiD,sBAAuB5Z,EAAQ4Z,sBAC/BC,mBAAoB7Z,EAAQ6Z,mBAC5BC,UAAW9Z,EAAQ8Z,UACnBjZ,OAAQb,EAAQa,OAChBkZ,WAAY/Z,EAAQ+Z,YAElBC,EAAmB9lB,KAAKY,UAAU4kB,GAElCO,EACFzqB,KAAKyd,0BAA0BlL,IAAIiY,GACvC,QAA8B,IAAnBC,EAAgC,CACvCzqB,KAAKrD,OAAOI,QACR,uEACA6N,GAGJ,MAAMiO,GAAWiG,EAAAA,EAAAA,IACb9e,KAAK0qB,wBAAwB/M,KAAK3d,MAClC8K,EAAAA,GAAkB6f,wBAClB3qB,KAAKrD,OACLqD,KAAKc,kBACL8J,EALakU,EAMhB9I,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAC,CAAD,EAEUxF,GAAO,IACV5F,kBAEJtN,GAEC+iB,MAAM9P,IACHvQ,KAAKyd,0BAA0BhL,OAAO+X,GACtCT,EAAerN,IAAI,CACfC,SAAS,EACTd,UAAWtL,EAAOsL,UAClB6G,eAAgBnS,EAAO2L,iBACvBsJ,kBAAmBhV,EAAQgV,kBAC3B5C,gBAAiBrS,EAAOnK,YAAYhJ,OACpCylB,YAAatS,EAAOpK,QAAQ/I,SAEzBmT,KAEVqQ,OAAO9e,IAQJ,MAPA9B,KAAKyd,0BAA0BhL,OAAO+X,GACtCT,EAAerN,IACX,CACIC,SAAS,GAEb7a,GAEEA,CAAK,IAGnB,OADA9B,KAAKyd,0BAA0BjL,IAAIgY,EAAkB3R,IACrD7C,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAA,SACc6C,GAAQ,IAClBpM,MAAO+D,EAAQ/D,OAEtB,CAOG,OANAzM,KAAKrD,OAAOI,QACR,0FACA6N,GAGJmf,EAAerJ,WACf1K,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAA,SACcyU,GAAc,IACxBhe,MAAO+D,EAAQ/D,O,CAWjB,6BAAMie,CACZla,EACAlT,GAEA,MAAMogB,EAAsBA,IACxB1d,KAAK0d,oBAAoBlN,EAAQ5F,eACrC5K,KAAKc,kBAAkB+J,oBACnBC,EAAAA,GAAkB6f,wBAClBna,EAAQ5F,eAGZ5K,KAAKmd,aAAae,UACdC,EAAAA,EAAUyD,oBACVlC,EAAAA,GAAgBgE,OAChBlT,GAGAA,EAAQ5F,eACR5K,KAAKc,kBAAkBkd,gBACnB,CAAEC,sBAAuB,GACzBzN,EAAQ5F,eAIhBnM,SAAS+kB,iBAAiB,mBAAoB9F,GAE9C,MAAMkN,QAAsB9L,EAAAA,EAAAA,IACxB+L,EAAAA,EACA/f,EAAAA,GAAkBggB,wBAClB9qB,KAAKrD,OACLqD,KAAKc,kBACL0P,EAAQ5F,cALgBkU,CAM1BtO,EAASlT,EAAS0C,KAAKiY,OAAQjY,KAAKc,kBAAmBd,KAAKrD,QACxD6oB,EACFhV,EAAQgV,mBAAqBE,EAAAA,GAAkBC,QAqGnD,OAnGe3lB,KAAK+qB,2BAChBH,EACApF,GACF5E,OAAM7I,UACJ,MAAMiT,EAqNlB,SACIC,EACAzF,GAEA,MAAM0F,IACFD,aAA6B9I,EAAAA,IAE7B8I,EAAkBE,WACdC,EAAAA,GAAAA,IAIFC,EACFJ,EAAkBxK,YAAcvJ,EAAAA,GAAiBoU,qBACjDL,EAAkBxK,YACdha,EAAAA,GAAAA,GAGF8kB,EACDL,GAAyBG,GAC1BJ,EAAkBxK,YACd2K,EAAAA,GAAAA,IACJH,EAAkBxK,YACd2K,EAAAA,GAAAA,GAGFI,EAAmBC,EAAAA,GAAsBnrB,SAASklB,GAExD,OAAO+F,GAAwBC,CACnC,CAjPgBE,CACIT,EACAzF,GAGR,GAAIwF,EAA4B,CAC5B,GAAKhrB,KAAK2rB,oBA+BH,IAAInG,IAAsBE,EAAAA,GAAkBkG,KAAM,CACrD,MAAOC,EAAeC,GAClB9rB,KAAK2rB,oBACT3rB,KAAKrD,OAAOI,QAAQ,8FAADY,OAC+EmuB,GAC9FlB,EAAchgB,eAElB,MAAMmhB,EACF/rB,KAAKc,kBAAkB0d,iBACnB1T,EAAAA,GAAkBkhB,sBAClBpB,EAAchgB,eAEtBmhB,EAA6B5K,IAAI,CAC7B8K,yBAA0BH,IAG9B,MAAMI,QAA4BL,EAIlC,GAHAE,EAA6BrP,IAAI,CAC7BC,QAASuP,IAETA,EAMA,OALAlsB,KAAKrD,OAAOI,QAAQ,+CAADY,OACgCmuB,EAAmB,mDAClElB,EAAchgB,eAGX5K,KAAK+qB,2BACRH,EACApF,GAOJ,MAJAxlB,KAAKrD,OAAO4J,KAAK,sCAAD5I,OAC0BmuB,EAAmB,sCAGvDb,CAEb,CAMG,OAJAjrB,KAAKrD,OAAOU,QACR,wQACAutB,EAAchgB,gBAEXkU,EAAAA,EAAAA,IACH9e,KAAKwmB,2BAA2B7I,KAAK3d,MACrC8K,EAAAA,GAAkB2b,2BAClBzmB,KAAKrD,OACLqD,KAAKc,kBACL8pB,EAAchgB,cALXkU,CAML8L,EACL,CAjF8B,CAC3B,IAAIuB,EAYJ,OAVAnsB,KAAK2rB,oBAAsB,CACvB,IAAIvgB,SAASghB,IACTD,EAAWC,CAAO,IAEtBxB,EAAchgB,eAElB5K,KAAKrD,OAAOI,QACR,yGACA6tB,EAAchgB,gBAEXkU,EAAAA,EAAAA,IACH9e,KAAKwmB,2BAA2B7I,KAAK3d,MACrC8K,EAAAA,GAAkB2b,2BAClBzmB,KAAKrD,OACLqD,KAAKc,kBACL8pB,EAAchgB,cALXkU,CAML8L,GACGvK,MAAMgM,IACHF,GAAS,GACFE,KAEVzL,OAAO/e,IAEJ,MADAsqB,GAAS,GACHtqB,CAAC,IAEVmiB,SAAQ,KACLhkB,KAAK2rB,yBAAsBrsB,CAAS,GAE/C,CAmDJ,CAEG,MAAM2rB,CACT,IAIA5K,MAAMxH,IACH7Y,KAAKmd,aAAae,UACdC,EAAAA,EAAUoC,sBACVb,EAAAA,GAAgBgE,OAChB7K,GAEArI,EAAQ5F,eACR5K,KAAKc,kBAAkB2Q,UACnB,CACIoK,UAAWhD,EAASgD,UACpB6G,eAAgB7J,EAASqD,kBAE7B1L,EAAQ5F,eAITiO,KAEV+H,OAAOwE,IAOJ,MANAplB,KAAKmd,aAAae,UACdC,EAAAA,EAAU2C,sBACVpB,EAAAA,GAAgBgE,OAChB,KACA0B,GAEEA,CAAiB,IAE1BpB,SAAQ,KACLvlB,SAASwlB,oBACL,mBACAvG,EACH,G,CAUL,gCAAMqN,CACVH,EACApF,GAEA,OACI5G,EAAAA,EAAqBU,kBACjBtf,KAAKiY,OACLjY,KAAKrD,OACLqD,KAAK2e,wBACLiM,EAAczD,uBAElByD,EAActtB,QAAQinB,iBAEtBvkB,KAAKrD,OAAOI,QACR,yEAEGiD,KAAKyiB,mBACRmI,EACA9K,EAAAA,GAAMwM,+BACR1L,OAAM7I,UAEJ,GAAIlW,aAAamgB,EAAAA,KAAmBC,EAAAA,EAAAA,IAAuBpgB,GAOvD,MANA7B,KAAKrD,OAAOI,QACR,8EAEJiD,KAAK2e,6BAA0Brf,GAGzBkH,EAAAA,EAAAA,IACFC,EAAAA,GAAAA,IAGR,MAAM5E,CAAC,MAGX7B,KAAKrD,OAAOI,QACR,mEAEG+hB,EAAAA,EAAAA,IACH9e,KAAKslB,sBAAsB3H,KAAK3d,MAChC8K,EAAAA,GAAkB2a,sBAClBzlB,KAAKrD,OACLqD,KAAKc,kBACL8pB,EAAchgB,cALXkU,CAML8L,EAAepF,GAAmB5E,OAC/B2L,IACG,GAAI/G,IAAsBE,EAAAA,GAAkBE,YACxC,MAAM2G,EASV,OANAvsB,KAAKmd,aAAae,UACdC,EAAAA,EAAUqO,4BACV9M,EAAAA,GAAgBgE,OAChBkH,IAGG9L,EAAAA,EAAAA,IACH9e,KAAKimB,2BAA2BtI,KAAK3d,MACrC8K,EAAAA,GAAkBob,2BAClBlmB,KAAKrD,OACLqD,KAAKc,kBACL8pB,EAAchgB,cALXkU,CAML8L,EAAepF,EAAkB,I,yOC9uEvD,MAEMiH,EAAgB,UAIhBC,EAA8B,IAAIC,WAAW,CAAC,EAAM,EAAM,IAE1DC,EAAa,mBAEbC,EAAa,IAAIC,YAAY,GAE7BC,EAAkB,0BAElBC,EAAgD,CAClD1uB,KAfyB,oBAgBzB0gB,KAAMyN,EACNQ,cAbmB,KAcnBC,eAAgBR,GAMd,SAAUS,EACZC,GAEA,IAAKnb,OACD,MAAMxD,EAAAA,EAAAA,IACFsK,EAAAA,IAGR,IAAK9G,OAAOob,OACR,MAAM5e,EAAAA,EAAAA,IAAuB6e,EAAAA,IAEjC,IAAKF,IAA6Bnb,OAAOob,OAAOE,OAC5C,MAAM9e,EAAAA,EAAAA,IACF6e,EAAAA,GACAP,EAGZ,CAQOhV,eAAeyV,EAClBC,EACA3sB,EACA8J,GAEA9J,SAAAA,EAAmB+J,oBACfC,EAAAA,GAAkB4iB,aAClB9iB,GAEJ,MACM+iB,GADU,IAAIC,aACCC,OAAOJ,GAC5B,OAAOxb,OAAOob,OAAOE,OAAOO,OACxBrB,EACAkB,EAER,CAMM,SAAUI,EAAgBC,GAC5B,OAAO/b,OAAOob,OAAOU,gBAAgBC,EACzC,CAMA,SAASC,IAEL,OADAhc,OAAOob,OAAOU,gBAAgBlB,GACvBA,EAAW,EACtB,C,SAOgBzT,IACZ,MAAM8U,EAAmBxuB,KAAKyuB,MACxBC,EAA+B,KAApBH,KAAiD,KAApBA,KAGxCI,EAAQ,IAAI1B,WAAW,IAEvB2B,EAAQC,KAAKC,MAAMJ,EAAW,GAAK,IAEnCK,EAAUL,EAAY,GAAK,GAAK,EAEhCM,EAAUT,IAEhBI,EAAM,GAAKH,EAAmB,GAAK,GACnCG,EAAM,GAAKH,EAAmB,GAAK,GACnCG,EAAM,GAAKH,EAAmB,GAAK,GACnCG,EAAM,GAAKH,EAAmB,MAC9BG,EAAM,GAAKH,EAAmB,IAC9BG,EAAM,GAAKH,EACXG,EAAM,GAAK,IAAQC,IAAU,EAC7BD,EAAM,GAAKC,EACXD,EAAM,GAAK,IAAQI,IAAY,GAC/BJ,EAAM,GAAKI,IAAY,GACvBJ,EAAM,IAAMI,IAAY,EACxBJ,EAAM,IAAMI,EACZJ,EAAM,IAAMK,IAAY,GACxBL,EAAM,IAAMK,IAAY,GACxBL,EAAM,IAAMK,IAAY,EACxBL,EAAM,IAAMK,EAEZ,IAAIC,EAAO,GACX,IAAK,IAAI/vB,EAAI,EAAGA,EAAIyvB,EAAMjxB,OAAQwB,IAC9B+vB,GAAQ/B,EAAWgC,OAAOP,EAAMzvB,KAAO,GACvC+vB,GAAQ/B,EAAWgC,OAAkB,GAAXP,EAAMzvB,IACtB,IAANA,GAAiB,IAANA,GAAiB,IAANA,GAAiB,IAANA,IACjC+vB,GAAQ,KAGhB,OAAOA,CACX,CAOO5W,eAAe8W,EAClBC,EACAC,GAEA,OAAO9c,OAAOob,OAAOE,OAAOpjB,YACxB6iB,EACA8B,EACAC,EAER,CAMOhX,eAAeiX,EAAU3wB,GAC5B,OAAO4T,OAAOob,OAAOE,OAAO0B,UACxBC,EAAAA,GACA7wB,EAER,CAQO0Z,eAAeoX,EAClB9wB,EACAywB,EACAC,GAEA,OAAO9c,OAAOob,OAAOE,OAAO6B,UACxBF,EAAAA,GACA7wB,EACA2uB,EACA8B,EACAC,EAER,CAOOhX,eAAesX,EAClBhxB,EACAsvB,GAEA,OAAO1b,OAAOob,OAAOE,OAAO8B,KACxBrC,EACA3uB,EACAsvB,EAER,CAMO5V,eAAehH,EAAWue,GAC7B,MAAMC,QAAgC/B,EAAa8B,GAC7CE,EAAY,IAAI7C,WAAW4C,GACjC,OAAOE,EAAAA,EAAAA,IAAaD,EACxB,C,6IClMaE,EAOTjvB,WAAAA,GACIT,KAAK2vB,OAASC,EAAAA,GACd5vB,KAAKspB,QAAUuG,EAAAA,GACf7vB,KAAK8vB,UAAYC,EAAAA,GACjB/vB,KAAKgwB,QAAS,C,CAMlB,UAAMC,GACF,OAAO,IAAI7kB,SAAQ,CAACghB,EAAS7J,KACzB,MAAM2N,EAASje,OAAOke,UAAUF,KAAKjwB,KAAK2vB,OAAQ3vB,KAAKspB,SACvD4G,EAAO1M,iBACH,iBACC3hB,IACiBA,EACR0Z,OAAOhL,OAAO6f,kBAAkBpwB,KAAK8vB,UAAU,IAG7DI,EAAO1M,iBAAiB,WAAY3hB,IAChC,MAAMoe,EAAQpe,EACd7B,KAAKqwB,GAAKpQ,EAAM1E,OAAOhL,OACvBvQ,KAAKgwB,QAAS,EACd5D,GAAS,IAEb8D,EAAO1M,iBAAiB,SAAS,IAC7BjB,GACI9T,EAAAA,EAAAA,IACI6hB,EAAAA,MAGX,G,CAQTC,eAAAA,GACI,MAAMF,EAAKrwB,KAAKqwB,GACZA,GAAMrwB,KAAKgwB,SACXK,EAAGG,QACHxwB,KAAKgwB,QAAS,E,CAOd,sBAAMS,GACV,IAAKzwB,KAAKgwB,OACN,OAAOhwB,KAAKiwB,M,CAQpB,aAAM7xB,CAAQC,GAEV,aADM2B,KAAKywB,mBACJ,IAAIrlB,SAAW,CAACghB,EAAS7J,KAE5B,IAAKviB,KAAKqwB,GACN,OAAO9N,GACH9T,EAAAA,EAAAA,IACIiiB,EAAAA,KAIZ,MAKMC,EALc3wB,KAAKqwB,GAAGO,YACxB,CAAC5wB,KAAK8vB,WACN,YAE4Be,YAAY7wB,KAAK8vB,WACvBvd,IAAIlU,GAE9BsyB,EAAMnN,iBAAiB,WAAY3hB,IAC/B,MAAMoe,EAAQpe,EACd7B,KAAKuwB,kBACLnE,EAAQnM,EAAM1E,OAAOhL,OAAO,IAGhCogB,EAAMnN,iBAAiB,SAAU3hB,IAC7B7B,KAAKuwB,kBACLhO,EAAO1gB,EAAE,GACX,G,CASV,aAAM3C,CAAQb,EAAayyB,GAEvB,aADM9wB,KAAKywB,mBACJ,IAAIrlB,SAAc,CAACghB,EAAmB7J,KAEzC,IAAKviB,KAAKqwB,GACN,OAAO9N,GACH9T,EAAAA,EAAAA,IACIiiB,EAAAA,KAIZ,MAOMK,EAPc/wB,KAAKqwB,GAAGO,YACxB,CAAC5wB,KAAK8vB,WACN,aAG4Be,YAAY7wB,KAAK8vB,WAEvBkB,IAAIF,EAASzyB,GAEvC0yB,EAAMvN,iBAAiB,WAAW,KAC9BxjB,KAAKuwB,kBACLnE,GAAS,IAGb2E,EAAMvN,iBAAiB,SAAU3hB,IAC7B7B,KAAKuwB,kBACLhO,EAAO1gB,EAAE,GACX,G,CAQV,gBAAM9B,CAAW1B,GAEb,aADM2B,KAAKywB,mBACJ,IAAIrlB,SAAc,CAACghB,EAAmB7J,KACzC,IAAKviB,KAAKqwB,GACN,OAAO9N,GACH9T,EAAAA,EAAAA,IACIiiB,EAAAA,KAKZ,MAKMO,EALcjxB,KAAKqwB,GAAGO,YACxB,CAAC5wB,KAAK8vB,WACN,aAE4Be,YAAY7wB,KAAK8vB,WACpBrd,OAAOpU,GAEpC4yB,EAASzN,iBAAiB,WAAW,KACjCxjB,KAAKuwB,kBACLnE,GAAS,IAGb6E,EAASzN,iBAAiB,SAAU3hB,IAChC7B,KAAKuwB,kBACLhO,EAAO1gB,EAAE,GACX,G,CAOV,aAAM5B,GAEF,aADMD,KAAKywB,mBACJ,IAAIrlB,SAAkB,CAACghB,EAAmB7J,KAC7C,IAAKviB,KAAKqwB,GACN,OAAO9N,GACH9T,EAAAA,EAAAA,IACIiiB,EAAAA,KAKZ,MAKMQ,EALclxB,KAAKqwB,GAAGO,YACxB,CAAC5wB,KAAK8vB,WACN,YAE4Be,YAAY7wB,KAAK8vB,WACnBqB,aAE9BD,EAAU1N,iBAAiB,WAAY3hB,IACnC,MAAMoe,EAAQpe,EACd7B,KAAKuwB,kBACLnE,EAAQnM,EAAM1E,OAAOhL,OAAO,IAGhC2gB,EAAU1N,iBAAiB,SAAU3hB,IACjC7B,KAAKuwB,kBACLhO,EAAO1gB,EAAE,GACX,G,CAQV,iBAAMxB,CAAYhC,GAGd,aAFM2B,KAAKywB,mBAEJ,IAAIrlB,SAAiB,CAACghB,EAAmB7J,KAC5C,IAAKviB,KAAKqwB,GACN,OAAO9N,GACH9T,EAAAA,EAAAA,IACIiiB,EAAAA,KAKZ,MAKMU,EALcpxB,KAAKqwB,GAAGO,YACxB,CAAC5wB,KAAK8vB,WACN,YAE4Be,YAAY7wB,KAAK8vB,WACfuB,MAAMhzB,GAExC+yB,EAAc5N,iBAAiB,WAAY3hB,IACvC,MAAMoe,EAAQpe,EACd7B,KAAKuwB,kBACLnE,EAAgC,IAAxBnM,EAAM1E,OAAOhL,OAAa,IAGtC6gB,EAAc5N,iBAAiB,SAAU3hB,IACrC7B,KAAKuwB,kBACLhO,EAAO1gB,EAAE,GACX,G,CASV,oBAAMyvB,GAOF,OAJItxB,KAAKqwB,IAAMrwB,KAAKgwB,QAChBhwB,KAAKuwB,kBAGF,IAAInlB,SAAiB,CAACghB,EAAmB7J,KAC5C,MAAMgP,EAAkBtf,OAAOke,UAAUmB,eAAe1B,EAAAA,IAClDhkB,EAAK4lB,YAAW,IAAMjP,GAAO,IAAQ,KAC3CgP,EAAgB/N,iBAAiB,WAAW,KACxCiO,aAAa7lB,GACNwgB,GAAQ,MAEnBmF,EAAgB/N,iBAAiB,WAAW,KACxCiO,aAAa7lB,GACNwgB,GAAQ,MAEnBmF,EAAgB/N,iBAAiB,SAAS,KACtCiO,aAAa7lB,GACN2W,GAAO,KAChB,G,wBCvRDmP,EAKTjxB,WAAAA,CAAY9D,GACRqD,KAAK2xB,cAAgB,IAAI1wB,EAAAA,EACzBjB,KAAK4xB,eAAiB,IAAIlC,EAC1B1vB,KAAKrD,OAASA,C,CAGVk1B,yBAAAA,CAA0B/vB,GAC9B,KACIA,aAAiBgwB,EAAAA,IACjBhwB,EAAM2e,YAAc6P,EAAAA,IAMpB,MAAMxuB,EAJN9B,KAAKrD,OAAOmF,MACR,8I,CAWZ,aAAM1D,CAAQC,GACV,MAAM6H,EAAOlG,KAAK2xB,cAAcvzB,QAAQC,GACxC,IAAK6H,EACD,IAII,OAHAlG,KAAKrD,OAAOI,QACR,qFAESiD,KAAK4xB,eAAexzB,QAAQC,EAC5C,CAAC,MAAOwD,GACL7B,KAAK6xB,0BAA0BhwB,EAClC,CAEL,OAAOqE,C,CASX,aAAMhH,CAAQb,EAAaW,GACvBgB,KAAK2xB,cAAczyB,QAAQb,EAAKW,GAChC,UACUgB,KAAK4xB,eAAe1yB,QAAQb,EAAKW,EAC1C,CAAC,MAAO6C,GACL7B,KAAK6xB,0BAA0BhwB,EAClC,C,CAOL,gBAAM9B,CAAW1B,GACb2B,KAAK2xB,cAAc5xB,WAAW1B,GAC9B,UACU2B,KAAK4xB,eAAe7xB,WAAW1B,EACxC,CAAC,MAAOwD,GACL7B,KAAK6xB,0BAA0BhwB,EAClC,C,CAOL,aAAM5B,GACF,MAAMyS,EAAY1S,KAAK2xB,cAAc1xB,UACrC,GAAyB,IAArByS,EAAUtV,OACV,IAII,OAHA4C,KAAKrD,OAAOI,QACR,oEAESiD,KAAK4xB,eAAe3xB,SACpC,CAAC,MAAO4B,GACL7B,KAAK6xB,0BAA0BhwB,EAClC,CAEL,OAAO6Q,C,CAOX,iBAAMrS,CAAYhC,GACd,MAAMgC,EAAcL,KAAK2xB,cAActxB,YAAYhC,GACnD,IAAKgC,EACD,IAII,OAHAL,KAAKrD,OAAOI,QACR,4EAESiD,KAAK4xB,eAAevxB,YAAYhC,EAChD,CAAC,MAAOwD,GACL7B,KAAK6xB,0BAA0BhwB,EAClC,CAEL,OAAOxB,C,CAMX0xB,aAAAA,GAEI/xB,KAAKrD,OAAOI,QAAQ,+BACpBiD,KAAK2xB,cAAcnnB,QACnBxK,KAAKrD,OAAOI,QAAQ,6B,CAOxB,qBAAMi1B,GACF,IACIhyB,KAAKrD,OAAOI,QAAQ,gCACpB,MAAMk1B,QAAkBjyB,KAAK4xB,eAAeN,iBAK5C,OAJIW,GACAjyB,KAAKrD,OAAOI,QAAQ,+BAGjBk1B,CACV,CAAC,MAAOpwB,GAEL,OADA7B,KAAK6xB,0BAA0BhwB,IACxB,CACV,C,QClHIqb,EAaTzc,WAAAA,CACI9D,EACAmE,EACAssB,GAEAptB,KAAKrD,OAASA,GAEdwwB,EAAAA,EAAAA,IACIC,SAAAA,GAEJptB,KAAKqS,MAAQ,IAAIqf,EAAkC1xB,KAAKrD,QACxDqD,KAAKc,kBAAoBA,C,CAO7BsY,aAAAA,GACI,OAAOA,EAAAA,EAAAA,K,CAOX9K,YAAAA,CAAa4jB,GACT,OAAO5jB,EAAAA,EAAAA,IAAa4jB,E,CAOxBtjB,YAAAA,CAAasjB,GACT,OAAOtjB,EAAAA,EAAAA,GAAasjB,E,CAOxBC,eAAAA,CAAgBD,GACZ,OAAOE,EAAAA,EAAAA,IAAUF,E,CAQrBG,SAAAA,CAAUC,GACN,OAAOtyB,KAAKmyB,gBAAgBztB,KAAKY,UAAU,CAAEitB,IAAKD,I,CAOtD,4BAAME,CACFhiB,GAAoC,IAAAiiB,EAEpC,MAAMC,EACoB,QADKD,EAC3BzyB,KAAKc,yBAAiB,IAAA2xB,OAAA,EAAtBA,EAAwBjU,iBACpB1T,EAAAA,GAAkB6nB,iCAClBniB,EAAQ5F,eAIVgoB,QAA+B/D,EAAAA,EAAAA,IACjC3R,EAAU2V,YACV3V,EAAU4V,gBAIRC,QAAiC/D,EAAAA,EAAAA,IACnC4D,EAAQI,WASNC,EACFC,EAPmC,CACnCrxB,EAAGkxB,EAAalxB,EAChBsxB,IAAKJ,EAAaI,IAClBC,EAAGL,EAAaK,IAKdC,QAAsBrzB,KAAK+Q,WAAWkiB,GAGtCK,QAAkCtE,EAAAA,EAAAA,IACpC4D,EAAQW,YAGNC,QACIrE,EAAAA,EAAAA,IAAwBmE,GAAe,EAAO,CAAC,SAgBzD,aAbMtzB,KAAKqS,MAAMnT,QAAQm0B,EAAe,CACpCE,WAAYC,EACZR,UAAWJ,EAAQI,UACnBS,cAAejjB,EAAQ4Z,sBACvBsJ,WAAYljB,EAAQ6Z,qBAGpBqI,GACAA,EAA0BhW,IAAI,CAC1BC,SAAS,IAIV0W,C,CAOX,2BAAMM,CAAsBpB,SAClBvyB,KAAKqS,MAAMtS,WAAWwyB,GAE5B,aADuBvyB,KAAKqS,MAAMhS,YAAYkyB,E,CAOlD,mBAAMqB,GAEF5zB,KAAKqS,MAAM0f,gBAMX,IAEI,aADM/xB,KAAKqS,MAAM2f,mBACV,CACV,CAAC,MAAOnwB,GAWL,OAVIA,aAAagyB,MACb7zB,KAAKrD,OAAOmF,MAAM,wCAADnE,OAC2BkE,EAAEiyB,UAG9C9zB,KAAKrD,OAAOmF,MACR,gDAID,CACV,C,CAQL,aAAMiyB,CACFjD,EACAyB,EACAhI,EACA3f,GAAsB,IAAAopB,EAEtB,MAAMC,EAA2C,QAAzBD,EAAGh0B,KAAKc,yBAAiB,IAAAkzB,OAAA,EAAtBA,EAAwBxV,iBAC/C1T,EAAAA,GAAkBopB,kBAClBtpB,GAEEupB,QAAsBn0B,KAAKqS,MAAMjU,QAAQm0B,GAE/C,IAAK4B,EACD,MAAM1lB,EAAAA,EAAAA,IACF2lB,EAAAA,IAKR,MAAMrB,QAAqB/D,EAAAA,EAAAA,IACvBmF,EAAcnB,WAEZqB,EAAqBnB,EAAsBH,GAE3CuB,GAAyBlC,EAAAA,EAAAA,IAAU1tB,KAAKY,UAAU,CAAEitB,IAAKA,KAEzDgC,EAAYC,EAAAA,GAAWC,oBAAkBze,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAC,CAAC,EAC1CuU,aAAU,EAAVA,EAAYmK,QAAM,IACrBC,IAAK5B,EAAa4B,IAClBpC,IAAK+B,KAGHM,GAAmBxC,EAAAA,EAAAA,IAAUmC,GAGnCzD,EAAQ+D,IAAM,CACVC,IAAKpwB,KAAKC,MAAM0vB,IAEpB,MAAMU,GAAiB3C,EAAAA,EAAAA,IAAU1tB,KAAKY,UAAUwrB,IAG1CkE,EAAc,GAAHr3B,OAAMi3B,EAAgB,KAAAj3B,OAAIo3B,GAIrCE,GADU,IAAIrH,aACQC,OAAOmH,GAC7BE,QAAwB7F,EAAAA,EAAAA,IAC1B8E,EAAcZ,WACd0B,GAEEE,GAAmB1F,EAAAA,EAAAA,IAAa,IAAI9C,WAAWuI,IAE/CE,EAAY,GAAHz3B,OAAMq3B,EAAW,KAAAr3B,OAAIw3B,GAQpC,OANIlB,GACAA,EAAmBvX,IAAI,CACnBC,SAAS,IAIVyY,C,CAOX,gBAAMrkB,CAAWue,GACb,OAAOve,EAAAA,EAAAA,IAAyBue,E,EAIxC,SAAS4D,EAAsBmC,GAC3B,OAAO3wB,KAAKY,UAAU+vB,EAAKn4B,OAAOC,KAAKk4B,GAAKC,OAChD,CA5OmBpY,EAAA4V,eAAkC,CAAC,OAAQ,UAC3C5V,EAAW2V,aAAY,C,oGC5B1C,MAAM0C,EAAyB,GASxBxd,eAAeyd,EAClB10B,EACAnE,EACAiO,GAEA9J,EAAkB+J,oBACdC,EAAAA,GAAkB2qB,kBAClB7qB,GAEJ,MAAM8qB,GAAeC,EAAAA,EAAAA,IACjBC,EACA9qB,EAAAA,GAAkB+qB,qBAClBl5B,EACAmE,EACA8J,EALiB+qB,CAMnB70B,EAAmBnE,EAAQiO,GAQ7B,MAAO,CACHkrB,SAAUJ,EACVK,gBATwBjX,EAAAA,EAAAA,IACxBkX,EACAlrB,EAAAA,GAAkBmrB,kCAClBt5B,EACAmE,EACA8J,EALwBkU,CAM1B4W,EAAc50B,EAAmBnE,EAAQiO,GAK/C,CAMA,SAASgrB,EACL90B,EACAnE,EACAiO,GAEA,IAEI,MAAMsrB,EAAqB,IAAIvJ,WAAW4I,IAC1CI,EAAAA,EAAAA,IACI5H,EAAAA,GACAjjB,EAAAA,GAAkBqrB,gBAClBx5B,EACAmE,EACA8J,EALJ+qB,CAMEO,GAGF,OADoCzG,EAAAA,EAAAA,IAAayG,EAEpD,CAAC,MAAOr0B,GACL,MAAM4M,EAAAA,EAAAA,IAAuB2nB,EAAAA,GAChC,CACL,CAMAre,eAAeie,EACXK,EACAv1B,EACAnE,EACAiO,GAEA9J,EAAkB+J,oBACdC,EAAAA,GAAkBmrB,kCAClBrrB,GAEJ,IAEI,MAAM0rB,QAA+BxX,EAAAA,EAAAA,IACjC0O,EAAAA,GACA1iB,EAAAA,GAAkB4iB,aAClB/wB,EACAmE,EACA8J,EALiCkU,CAMnCuX,EAAkBv1B,EAAmB8J,GAEvC,OAAO6kB,EAAAA,EAAAA,IAAa,IAAI9C,WAAW2J,GACtC,CAAC,MAAOz0B,GACL,MAAM4M,EAAAA,EAAAA,IAAuB2nB,EAAAA,GAChC,CACL,C,8GC/FM,SAAUxnB,EAAasjB,GACzB,OAAO,IAAIqE,aAAcC,OAO7B,SAAwBC,GACpB,IAAIC,EAAgBD,EAAaE,QAAQ,KAAM,KAAKA,QAAQ,KAAM,KAClE,OAAQD,EAAct5B,OAAS,GAC3B,KAAK,EACD,MACJ,KAAK,EACDs5B,GAAiB,KACjB,MACJ,KAAK,EACDA,GAAiB,IACjB,MACJ,QACI,MAAMjoB,EAAAA,EAAAA,IACFmoB,EAAAA,IAGZ,MAAMC,EAAYC,KAAKJ,GACvB,OAAO/J,WAAWoK,KAAKF,GAAYG,GAAMA,EAAEC,YAAY,IAAM,GACjE,CAzBoCC,CAAehF,GACnD,C,mBCPM,SAAUE,EAAUF,GACtB,OAAO3zB,mBACH+P,EAAa4jB,GACRyE,QAAQ,KAAM,IACdA,QAAQ,MAAO,KACfA,QAAQ,MAAO,KAE5B,CAMM,SAAUlH,EAAa0H,GACzB,OAAOC,EAAaD,GACfR,QAAQ,KAAM,IACdA,QAAQ,MAAO,KACfA,QAAQ,MAAO,IACxB,CAMM,SAAUroB,EAAa4jB,GACzB,OAAOkF,GAAa,IAAIxJ,aAAcC,OAAOqE,GACjD,CAMA,SAASkF,EAAaC,GAClB,MAAMR,EAAYS,MAAMP,KAAKM,GAASE,GAAMC,OAAOC,cAAcF,KAAIt4B,KACjE,IAEJ,OAAOy4B,KAAKb,EAChB,C,6GC1CA,MAAMc,EAAY,+CAKLC,EAA2B,CACpC,CAACxB,EAAAA,IACG,+DACJ,CAAC9I,EAAAA,IACG,kDACJ,CAACuK,EAAAA,IACG,mEACJ,CAACC,EAAAA,IAAuC,qHAAHn6B,OAAwHg6B,GAC7J,CAACI,EAAAA,IACG,oFACJ,CAACC,EAAAA,IAA0D,0GAAHr6B,OAA6Gg6B,GACrK,CAACM,EAAAA,IACG,8EACJ,CAACC,EAAAA,IACG,0EACJ,CAACzoB,EAAAA,GAA8C,qIAAH9R,OAAwIg6B,GACpL,CAACQ,EAAAA,IACG,2GACJ,CAACC,EAAAA,IACG,wDACJ,CAACC,EAAAA,IAAsC,2BACvC,CAACC,EAAAA,IAA4C,sDAAH36B,OAAyDg6B,GACnG,CAACY,EAAAA,IAA6C,uDAAH56B,OAA0Dg6B,GACrG,CAACa,EAAAA,IACG,wLACJ,CAACC,EAAAA,IAA0C,2FAAH96B,OAA8Fg6B,GACtI,CAACe,EAAAA,IACG,sFACJ,CAACC,EAAAA,IACG,qDACJ,CAACC,EAAAA,IACG,kFACJ,CAAC3O,EAAAA,IACG,0JACJ,CAAC4O,EAAAA,IACG,iHACJ,CAACnqB,EAAAA,IACG,mCACJ,CAACI,EAAAA,IACG,gDACJ,CAACG,EAAAA,IACG,6BACJ,CAAC6pB,EAAAA,IACG,iGACJ,CAACC,EAAAA,IAAyC,qBAC1C,CAAChgB,EAAAA,IACG,0EACJ,CAAC2X,EAAAA,IAAwC,wBACzC,CAACsI,EAAAA,IACG,2DACJ,CAACC,EAAAA,IACG,4IACJ,CAACC,EAAAA,IACG,kFACJ,CAACC,EAAAA,IACG,yDACJ,CAACpf,EAAAA,IAA0C,gCAC3C,CAACqa,EAAAA,IACG,6DACJ,CAACgF,EAAAA,IACG,+FACJ,CAACtU,EAAAA,IACG,0EACJ,CAACN,EAAAA,IACG,8DACJ,CAAC8L,EAAAA,IACG,gMACJ,CAACzL,EAAAA,IAA+D,kDAAHlnB,OAAqDg6B,GAClH,CAAC0B,EAAAA,IACG,0EACJ,CAACC,EAAAA,IACG,kGACJ,CAACpS,EAAAA,IAAuD,gIAAHvpB,OAAmIg6B,GACxL,CAAC4B,EAAAA,IAA6D,kGAAH57B,OAAqGg6B,GAChK,CAAC6B,EAAAA,IACG,oHACJ,CAAC5C,EAAAA,IACG,iCACJ,CAAC6C,EAAAA,IACG,2GACJ,CAACC,EAAAA,IACG,0CACJ,CAACC,EAAAA,IACG,oCAaMvD,EAAAA,GACyBA,EAAAA,GAGzB9I,EAAAA,GACyBA,EAAAA,GAGzBuK,EAAAA,GACyBA,EAAAA,GAGzBC,EAAAA,GACyBA,EAAAA,GAGzBC,EAAAA,GACyBA,EAAAA,GAGzBC,EAAAA,GAEFA,EAAAA,GAIEC,EAAAA,GAEFA,EAAAA,GAIEC,EAAAA,GAEFA,EAAAA,GAIEzoB,EAAAA,EAEFA,EAAAA,EAIE0oB,EAAAA,GACyBA,EAAAA,GAGzBC,EAAAA,GACyBA,EAAAA,GAGzBC,EAAAA,GACyBA,EAAAA,GAGzBC,EAAAA,GAEFA,EAAAA,GAIEC,EAAAA,GAEFA,EAAAA,GAIEC,EAAAA,GACyBA,EAAAA,GAGzBC,EAAAA,GACyBA,EAAAA,GAGzBC,EAAAA,GACyBA,EAAAA,GAGzBC,EAAAA,GAEFA,EAAAA,GAIEC,EAAAA,GAEFA,EAAAA,GAIE3O,EAAAA,GACyBA,EAAAA,GAGzB4O,EAAAA,GAEFA,EAAAA,GAIEnqB,EAAAA,GAEFA,EAAAA,GAIEI,EAAAA,GAEFA,EAAAA,GAIEG,EAAAA,GAEFA,EAAAA,GAIE6pB,EAAAA,GAEFA,EAAAA,GAIEC,EAAAA,GACyBA,EAAAA,GAGzBhgB,EAAAA,GAEFA,EAAAA,GAIE2X,EAAAA,GACyBA,EAAAA,GAGzBsI,EAAAA,GAEFA,EAAAA,GAIEC,EAAAA,GACyBA,EAAAA,GAGzBC,EAAAA,GACyBA,EAAAA,GAGzBC,EAAAA,GAEFA,EAAAA,GAIEpf,EAAAA,GACyBA,EAAAA,GAGzBqa,EAAAA,GACyBA,EAAAA,GAGzBgF,EAAAA,GACyBA,EAAAA,GAGzBtU,EAAAA,GAEFA,EAAAA,GAIEN,EAAAA,GAEFA,EAAAA,GAIE8L,EAAAA,GAEFA,EAAAA,GAIEzL,EAAAA,GAEFA,EAAAA,GAIEwU,EAAAA,GAEFA,EAAAA,GAIEC,EAAAA,GAEFA,EAAAA,GAIEpS,EAAAA,GAEFA,EAAAA,GAIEqS,EAAAA,GAEFA,EAAAA,GAIEC,EAAAA,GAEFA,EAAAA,GAIE5C,EAAAA,GAEFA,EAAAA,GAIE6C,EAAAA,GAEFA,EAAAA,GAQN,MAAO3H,UAAyBvZ,EAAAA,GAClC9X,WAAAA,CAAYggB,EAAmB0K,GAC3BpqB,MAAM0f,EAAWmX,EAAyBnX,GAAY0K,GAEtDjuB,OAAO08B,eAAe55B,KAAM8xB,EAAiB+H,WAC7C75B,KAAK1B,KAAO,kB,EAIJ,SAAAmQ,EACZgS,EACA0K,GAEA,OAAO,IAAI2G,EAAiBrR,EAAW0K,EAC3C,C,2cCzWO,MAAMiL,EAAiB,mBACjB9I,EAAoB,qBACpBuK,EAAmB,qBACnBC,EAAiB,mBACjBC,EAAgB,mBAChBC,EACT,yCACSC,EAAqB,wBACrBC,EAA+B,kCAC/BzoB,EAAwB,0BACxB0oB,EAAmB,qBACnBC,EAAmB,qBACnBC,EAAgB,iBAChBC,EAAsB,wBACtBC,EAAuB,yBACvBC,EAAmB,qBACnBC,EAAoB,sBACpBC,EAAoB,sBACpBC,EAA0B,4BAC1BC,EAA0B,4BAC1B3O,EAAiB,mBACjB4O,EAAyB,4BACzBnqB,EAA2B,+BAC3BI,EACT,4CACSG,EAAyB,4BACzB6pB,EAAyB,6BACzBC,EAAmB,qBACnBhgB,EAAwB,0BACxB2X,EAAkB,oBAClBsI,EAAwB,0BACxBC,EAAoB,sBACpBC,EAAmB,qBACnBC,EAAwB,2BACxBpf,EAAoB,uBACpBqa,EAAoB,uBACpBgF,EAAmB,qBACnBtU,EACT,wCACSN,EACT,uCACS8L,EAAsB,uBACtBzL,EACT,+CACSwU,EAAyB,2BACzBC,EAA8B,iCAC9BpS,EACT,oCACSqS,EACT,0CACSC,EAA2B,8BAC3B5C,EAAsB,wBACtB6C,EAAyB,4BACzBC,EAAuB,0BACvBC,EAAuB,yB,iEClDvB,MAAAG,EAAwC,CACjD,CAAC1nB,EAAAA,IACG,wDACJ,CAAC2nB,EAAAA,IACG,iLACJ,CAACC,EAAAA,IACG,yRASM5nB,EAAAA,GACA0nB,EACF1nB,EAAAA,IAIE2nB,EAAAA,GACAD,EACFC,EAAAA,IAKEC,EAAAA,GACAF,EACFE,EAAAA,IAQN,MAAOC,UAAsC1hB,EAAAA,GAC/C9X,WAAAA,CAAYggB,EAAmByZ,GAC3Bn5B,MAAM0f,EAAWyZ,GACjBl6B,KAAK1B,KAAO,gCAEZpB,OAAO08B,eAAe55B,KAAMi6B,EAA8BJ,U,EAI5D,SAAU1nB,EACZsO,GAEA,OAAO,IAAIwZ,EACPxZ,EACAqZ,EAAsCrZ,GAE9C,C,uDC1DO,MAAMrO,EAAsB,wBACtB2nB,EACT,2CACSC,EAA2B,6B,sHCoBxC,MAAMG,EAAuB,YAAC,WAAU,KAE3BC,EAA0B,CACnC,CAACC,EAAAA,GACG,sKAGF,MAAOrY,UAAwBzJ,EAAAA,GAGjC9X,WAAAA,CAAYggB,EAAmB6Z,EAAsBC,GACjDx5B,MAAM0f,EAAW6Z,GAEjBp9B,OAAO08B,eAAe55B,KAAMgiB,EAAgB6X,WAC5C75B,KAAK1B,KAAO,kBACZ0B,KAAKu6B,IAAMA,C,EAOb,SAAUtY,EAAuBngB,GACnC,SACIA,EAAMy4B,MACNz4B,EAAMy4B,IAAIC,QACT14B,EAAMy4B,IAAIC,SAAWC,EAAAA,GAClB34B,EAAMy4B,IAAIC,SAAWE,EAAAA,SAMzB54B,EAAMy4B,MACNz4B,EAAMy4B,IAAIz4B,OACVA,EAAMy4B,IAAIz4B,QAAUq4B,IAKhBr4B,EAAM2e,YACLka,EAAAA,EAKb,C,SASgBC,EACZtW,EACAgW,EACAC,GAEA,GAAIA,GAAOA,EAAIC,OACX,OAAQD,EAAIC,QACR,KAAKK,EAAAA,GACD,OAAOC,EAAAA,EAAAA,IACH1P,EAAAA,GAAAA,GAER,KAAK2P,EAAAA,GACD,OAAO,IAAI5Y,EAAAA,GAA6BmC,EAAMgW,GAClD,KAAKU,EAAAA,GACD,OAAOvsB,EAAAA,EAAAA,IACH4pB,EAAAA,IAER,KAAK4C,EAAAA,GACD,OAAOxsB,EAAAA,EAAAA,IACHuqB,EAAAA,IAKhB,OAAO,IAAIhX,EACPsC,EACA8V,EAAwB9V,IAASgW,EACjCC,EAER,C,4CC3GO,MAAMI,EAAe,eACfN,EAAa,a,sECUbjd,EAQT3c,WAAAA,CAAY9D,GACRqD,KAAKk7B,eAAiB,IAAI5oB,IAC1BtS,KAAKrD,OAASA,GAAU,IAAIib,EAAAA,GAAO,CAAC,E,CASxCmQ,gBAAAA,CACIC,EACAC,EACAE,GAEA,GAAsB,oBAAXlW,OAAwB,CAC/B,MAAMrG,EAAKuc,IAAcgT,EAAAA,EAAAA,MACzB,OAAIn7B,KAAKk7B,eAAevoB,IAAI/G,IACxB5L,KAAKrD,OAAOmF,MAAM,2BAADnE,OACciO,EAAE,sGAE1B,OAEX5L,KAAKk7B,eAAe1oB,IAAI5G,EAAI,CAACoc,EAAUC,GAAc,KACrDjoB,KAAKrD,OAAOI,QAAQ,sCAADY,OAAuCiO,IAEnDA,EACV,CAED,OAAO,I,CAOXsc,mBAAAA,CAAoBC,GAChBnoB,KAAKk7B,eAAezoB,OAAO0V,GAC3BnoB,KAAKrD,OAAOI,QAAQ,kBAADY,OAAmBwqB,EAAU,a,CAUpDjK,SAAAA,CACIkd,EACArtB,EACA+iB,EACAhvB,GAEA,GAAsB,oBAAXmQ,OAAwB,CAC/B,MAAM6hB,EAAwB,CAC1BsH,UAAWA,EACXrtB,gBAAiBA,GAAmB,KACpC+iB,QAASA,GAAW,KACpBhvB,MAAOA,GAAS,KAChBu5B,UAAW37B,KAAKyuB,OAGpBnuB,KAAKk7B,eAAeh7B,SAChB,CAAAgT,EAKIiV,KACA,IALCH,EAAUC,GAGV/U,GAIyB,IAAtB+U,EAAW7qB,QACX6qB,EAAW3nB,SAAS86B,MAEpBp7B,KAAKrD,OAAOI,QAAQ,8BAADY,OACewqB,EAAU,MAAAxqB,OAAKy9B,IAEjDpT,EAASsT,MAAM,KAAM,CAACxH,IACzB,GAGZ,C,wEC9DIyH,EAMT,oCAAOC,CACH1H,EACA2H,GAEA,OAAQ3H,EAAQsH,WACZ,KAAKjd,EAAAA,EAAU0D,YACX,OAAO6Z,EAAAA,GAAkBC,MAC7B,KAAKxd,EAAAA,EAAUsF,iBACX,OAAOiY,EAAAA,GAAkBnY,UAC7B,KAAKpF,EAAAA,EAAUyD,oBACX,GACIkS,EAAQ/lB,kBAAoB2R,EAAAA,GAAgBC,UAC5CmU,EAAQ/lB,kBAAoB2R,EAAAA,GAAgB8C,MAE5C,OAAOkZ,EAAAA,GAAkBE,aAE7B,MACJ,KAAKzd,EAAAA,EAAUsB,sBACX,OAAOic,EAAAA,GAAkBG,eAC7B,KAAK1d,EAAAA,EAAU2d,aACX,OAAOJ,EAAAA,GAAkBK,OAC7B,KAAK5d,EAAAA,EAAU0F,mBACf,KAAK1F,EAAAA,EAAU4F,mBACX,GACI0X,GACAA,IAAkBC,EAAAA,GAAkBnY,UAGpC,MAEJ,OAAOmY,EAAAA,GAAkBvmB,KAC7B,KAAKgJ,EAAAA,EAAU6d,WACX,GACIP,GACAA,IAAkBC,EAAAA,GAAkBK,OAGpC,MAEJ,OAAOL,EAAAA,GAAkBvmB,KAC7B,KAAKgJ,EAAAA,EAAUwC,oBACX,GACI8a,GACAA,IAAkBC,EAAAA,GAAkBG,eAGpC,MAEJ,OAAOH,EAAAA,GAAkBvmB,KAC7B,KAAKgJ,EAAAA,EAAUmC,cACf,KAAKnC,EAAAA,EAAU4C,cACf,KAAK5C,EAAAA,EAAUoC,sBACf,KAAKpC,EAAAA,EAAU2C,sBACf,KAAK3C,EAAAA,EAAU8d,qBACX,GACInI,EAAQ/lB,kBAAoB2R,EAAAA,GAAgBC,UAC5CmU,EAAQ/lB,kBAAoB2R,EAAAA,GAAgB8C,MAC9C,CACE,GACIiZ,GACAA,IAAkBC,EAAAA,GAAkBC,OACpCF,IAAkBC,EAAAA,GAAkBE,aAGpC,MAEJ,OAAOF,EAAAA,GAAkBvmB,IAC5B,EAKT,OAAO,I,sCCtHF,MAAAgJ,EAAY,CACrBO,iBAAkB,uBAClBN,eAAgB,qBAChB4K,cAAe,oBACfC,gBAAiB,sBACjBP,uBAAwB,4BACxB7G,YAAa,kBACbvB,cAAe,oBACfS,cAAe,oBACfa,oBAAqB,yBACrBrB,sBAAuB,2BACvBO,sBAAuB,2BACvB0L,4BAA6B,oCAC7B/I,iBAAkB,sBAClBI,mBAAoB,wBACpBE,mBAAoB,wBACpBM,4BAA6B,+BAC7BM,8BAA+B,iCAC/BC,8BAA+B,iCAC/BnF,sBAAuB,2BACvBkB,oBAAqB,yBACrBub,aAAc,mBACdJ,aAAc,mBACdK,eAAgB,qBAChBC,eAAgB,qBAChBJ,WAAY,iBACZC,qBAAsB,0B","sources":["../node_modules/@azure/msal-browser/src/cache/AccountManager.ts","../node_modules/@azure/msal-browser/src/cache/CookieStorage.ts","../node_modules/@azure/msal-browser/src/cache/BrowserCacheManager.ts","../node_modules/@azure/msal-browser/src/cache/LocalStorage.ts","../node_modules/@azure/msal-browser/src/cache/MemoryStorage.ts","../node_modules/@azure/msal-browser/src/cache/SessionStorage.ts","../node_modules/@azure/msal-browser/src/config/Configuration.ts","../node_modules/@azure/msal-browser/src/controllers/ControllerFactory.ts","../node_modules/@azure/msal-browser/src/error/NestedAppAuthError.ts","../node_modules/@azure/msal-browser/src/cache/TokenCache.ts","../node_modules/@azure/msal-browser/src/controllers/StandardController.ts","../node_modules/@azure/msal-browser/src/crypto/BrowserCrypto.ts","../node_modules/@azure/msal-browser/src/cache/DatabaseStorage.ts","../node_modules/@azure/msal-browser/src/cache/AsyncMemoryStorage.ts","../node_modules/@azure/msal-browser/src/crypto/CryptoOps.ts","../node_modules/@azure/msal-browser/src/crypto/PkceGenerator.ts","../node_modules/@azure/msal-browser/src/encode/Base64Decode.ts","../node_modules/@azure/msal-browser/src/encode/Base64Encode.ts","../node_modules/@azure/msal-browser/src/error/BrowserAuthError.ts","../node_modules/@azure/msal-browser/src/error/BrowserAuthErrorCodes.ts","../node_modules/@azure/msal-browser/src/error/BrowserConfigurationAuthError.ts","../node_modules/@azure/msal-browser/src/error/BrowserConfigurationAuthErrorCodes.ts","../node_modules/@azure/msal-browser/src/error/NativeAuthError.ts","../node_modules/@azure/msal-browser/src/error/NativeAuthErrorCodes.ts","../node_modules/@azure/msal-browser/src/event/EventHandler.ts","../node_modules/@azure/msal-browser/src/event/EventMessage.ts","../node_modules/@azure/msal-browser/src/event/EventType.ts"],"sourcesContent":["/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { AccountInfo, AccountFilter, Logger } from \"@azure/msal-common/browser\";\nimport { BrowserCacheManager } from \"./BrowserCacheManager.js\";\n\n/**\n * Returns all the accounts in the cache that match the optional filter. If no filter is provided, all accounts are returned.\n * @param accountFilter - (Optional) filter to narrow down the accounts returned\n * @returns Array of AccountInfo objects in cache\n */\nexport function getAllAccounts(\n logger: Logger,\n browserStorage: BrowserCacheManager,\n isInBrowser: boolean,\n accountFilter?: AccountFilter\n): AccountInfo[] {\n logger.verbose(\"getAllAccounts called\");\n return isInBrowser ? browserStorage.getAllAccounts(accountFilter) : [];\n}\n\n/**\n * Returns the first account found in the cache that matches the account filter passed in.\n * @param accountFilter\n * @returns The first account found in the cache matching the provided filter or null if no account could be found.\n */\nexport function getAccount(\n accountFilter: AccountFilter,\n logger: Logger,\n browserStorage: BrowserCacheManager\n): AccountInfo | null {\n logger.trace(\"getAccount called\");\n if (Object.keys(accountFilter).length === 0) {\n logger.warning(\"getAccount: No accountFilter provided\");\n return null;\n }\n\n const account: AccountInfo | null =\n browserStorage.getAccountInfoFilteredBy(accountFilter);\n\n if (account) {\n logger.verbose(\n \"getAccount: Account matching provided filter found, returning\"\n );\n return account;\n } else {\n logger.verbose(\"getAccount: No matching account found, returning null\");\n return null;\n }\n}\n\n/**\n * Returns the signed in account matching username.\n * (the account object is created at the time of successful login)\n * or null when no matching account is found.\n * This API is provided for convenience but getAccountById should be used for best reliability\n * @param username\n * @returns The account object stored in MSAL\n */\nexport function getAccountByUsername(\n username: string,\n logger: Logger,\n browserStorage: BrowserCacheManager\n): AccountInfo | null {\n logger.trace(\"getAccountByUsername called\");\n if (!username) {\n logger.warning(\"getAccountByUsername: No username provided\");\n return null;\n }\n\n const account = browserStorage.getAccountInfoFilteredBy({\n username,\n });\n if (account) {\n logger.verbose(\n \"getAccountByUsername: Account matching username found, returning\"\n );\n logger.verbosePii(\n `getAccountByUsername: Returning signed-in accounts matching username: ${username}`\n );\n return account;\n } else {\n logger.verbose(\n \"getAccountByUsername: No matching account found, returning null\"\n );\n return null;\n }\n}\n\n/**\n * Returns the signed in account matching homeAccountId.\n * (the account object is created at the time of successful login)\n * or null when no matching account is found\n * @param homeAccountId\n * @returns The account object stored in MSAL\n */\nexport function getAccountByHomeId(\n homeAccountId: string,\n logger: Logger,\n browserStorage: BrowserCacheManager\n): AccountInfo | null {\n logger.trace(\"getAccountByHomeId called\");\n if (!homeAccountId) {\n logger.warning(\"getAccountByHomeId: No homeAccountId provided\");\n return null;\n }\n\n const account = browserStorage.getAccountInfoFilteredBy({\n homeAccountId,\n });\n if (account) {\n logger.verbose(\n \"getAccountByHomeId: Account matching homeAccountId found, returning\"\n );\n logger.verbosePii(\n `getAccountByHomeId: Returning signed-in accounts matching homeAccountId: ${homeAccountId}`\n );\n return account;\n } else {\n logger.verbose(\n \"getAccountByHomeId: No matching account found, returning null\"\n );\n return null;\n }\n}\n\n/**\n * Returns the signed in account matching localAccountId.\n * (the account object is created at the time of successful login)\n * or null when no matching account is found\n * @param localAccountId\n * @returns The account object stored in MSAL\n */\nexport function getAccountByLocalId(\n localAccountId: string,\n logger: Logger,\n browserStorage: BrowserCacheManager\n): AccountInfo | null {\n logger.trace(\"getAccountByLocalId called\");\n if (!localAccountId) {\n logger.warning(\"getAccountByLocalId: No localAccountId provided\");\n return null;\n }\n\n const account = browserStorage.getAccountInfoFilteredBy({\n localAccountId,\n });\n if (account) {\n logger.verbose(\n \"getAccountByLocalId: Account matching localAccountId found, returning\"\n );\n logger.verbosePii(\n `getAccountByLocalId: Returning signed-in accounts matching localAccountId: ${localAccountId}`\n );\n return account;\n } else {\n logger.verbose(\n \"getAccountByLocalId: No matching account found, returning null\"\n );\n return null;\n }\n}\n\n/**\n * Sets the account to use as the active account. If no account is passed to the acquireToken APIs, then MSAL will use this active account.\n * @param account\n */\nexport function setActiveAccount(\n account: AccountInfo | null,\n browserStorage: BrowserCacheManager\n): void {\n browserStorage.setActiveAccount(account);\n}\n\n/**\n * Gets the currently active account\n */\nexport function getActiveAccount(\n browserStorage: BrowserCacheManager\n): AccountInfo | null {\n return browserStorage.getActiveAccount();\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { IWindowStorage } from \"./IWindowStorage.js\";\n\n// Cookie life calculation (hours * minutes * seconds * ms)\nconst COOKIE_LIFE_MULTIPLIER = 24 * 60 * 60 * 1000;\n\nexport class CookieStorage implements IWindowStorage {\n getItem(key: string): string | null {\n const name = `${encodeURIComponent(key)}`;\n const cookieList = document.cookie.split(\";\");\n for (let i = 0; i < cookieList.length; i++) {\n const cookie = cookieList[i];\n const [key, ...rest] = decodeURIComponent(cookie).trim().split(\"=\");\n const value = rest.join(\"=\");\n\n if (key === name) {\n return value;\n }\n }\n return \"\";\n }\n\n setItem(\n key: string,\n value: string,\n cookieLifeDays?: number,\n secure: boolean = true\n ): void {\n let cookieStr = `${encodeURIComponent(key)}=${encodeURIComponent(\n value\n )};path=/;SameSite=Lax;`;\n\n if (cookieLifeDays) {\n const expireTime = getCookieExpirationTime(cookieLifeDays);\n cookieStr += `expires=${expireTime};`;\n }\n\n if (secure) {\n cookieStr += \"Secure;\";\n }\n\n document.cookie = cookieStr;\n }\n\n removeItem(key: string): void {\n // Setting expiration to -1 removes it\n this.setItem(key, \"\", -1);\n }\n\n getKeys(): string[] {\n const cookieList = document.cookie.split(\";\");\n const keys: Array = [];\n cookieList.forEach((cookie) => {\n const cookieParts = decodeURIComponent(cookie).trim().split(\"=\");\n keys.push(cookieParts[0]);\n });\n\n return keys;\n }\n\n containsKey(key: string): boolean {\n return this.getKeys().includes(key);\n }\n}\n\n/**\n * Get cookie expiration time\n * @param cookieLifeDays\n */\nexport function getCookieExpirationTime(cookieLifeDays: number): string {\n const today = new Date();\n const expr = new Date(\n today.getTime() + cookieLifeDays * COOKIE_LIFE_MULTIPLIER\n );\n return expr.toUTCString();\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n Constants,\n PersistentCacheKeys,\n StringUtils,\n CommonAuthorizationCodeRequest,\n ICrypto,\n AccountEntity,\n IdTokenEntity,\n AccessTokenEntity,\n RefreshTokenEntity,\n AppMetadataEntity,\n CacheManager,\n ServerTelemetryEntity,\n ThrottlingEntity,\n ProtocolUtils,\n Logger,\n AuthorityMetadataEntity,\n DEFAULT_CRYPTO_IMPLEMENTATION,\n AccountInfo,\n ActiveAccountFilters,\n CcsCredential,\n CcsCredentialType,\n AuthToken,\n ValidCredentialType,\n TokenKeys,\n CredentialType,\n CacheRecord,\n AuthenticationScheme,\n createClientAuthError,\n ClientAuthErrorCodes,\n PerformanceEvents,\n IPerformanceClient,\n StaticAuthorityOptions,\n CacheHelpers,\n StoreInCache,\n CacheError,\n} from \"@azure/msal-common/browser\";\nimport { CacheOptions } from \"../config/Configuration.js\";\nimport {\n createBrowserAuthError,\n BrowserAuthErrorCodes,\n} from \"../error/BrowserAuthError.js\";\nimport {\n BrowserCacheLocation,\n InteractionType,\n TemporaryCacheKeys,\n InMemoryCacheKeys,\n StaticCacheKeys,\n} from \"../utils/BrowserConstants.js\";\nimport { LocalStorage } from \"./LocalStorage.js\";\nimport { SessionStorage } from \"./SessionStorage.js\";\nimport { MemoryStorage } from \"./MemoryStorage.js\";\nimport { IWindowStorage } from \"./IWindowStorage.js\";\nimport { extractBrowserRequestState } from \"../utils/BrowserProtocolUtils.js\";\nimport { NativeTokenRequest } from \"../broker/nativeBroker/NativeRequest.js\";\nimport { AuthenticationResult } from \"../response/AuthenticationResult.js\";\nimport { SilentRequest } from \"../request/SilentRequest.js\";\nimport { SsoSilentRequest } from \"../request/SsoSilentRequest.js\";\nimport { RedirectRequest } from \"../request/RedirectRequest.js\";\nimport { PopupRequest } from \"../request/PopupRequest.js\";\nimport { base64Decode } from \"../encode/Base64Decode.js\";\nimport { base64Encode } from \"../encode/Base64Encode.js\";\nimport { CookieStorage } from \"./CookieStorage.js\";\n\n/**\n * This class implements the cache storage interface for MSAL through browser local or session storage.\n * Cookies are only used if storeAuthStateInCookie is true, and are only used for\n * parameters such as state and nonce, generally.\n */\nexport class BrowserCacheManager extends CacheManager {\n // Cache configuration, either set by user or default values.\n protected cacheConfig: Required;\n // Window storage object (either local or sessionStorage)\n protected browserStorage: IWindowStorage;\n // Internal in-memory storage object used for data used by msal that does not need to persist across page loads\n protected internalStorage: MemoryStorage;\n // Temporary cache\n protected temporaryCacheStorage: IWindowStorage;\n // Cookie storage\n protected cookieStorage: CookieStorage;\n // Logger instance\n protected logger: Logger;\n // Telemetry perf client\n protected performanceClient?: IPerformanceClient;\n\n constructor(\n clientId: string,\n cacheConfig: Required,\n cryptoImpl: ICrypto,\n logger: Logger,\n staticAuthorityOptions?: StaticAuthorityOptions,\n performanceClient?: IPerformanceClient\n ) {\n super(clientId, cryptoImpl, logger, staticAuthorityOptions);\n this.cacheConfig = cacheConfig;\n this.logger = logger;\n this.internalStorage = new MemoryStorage();\n this.browserStorage = this.setupBrowserStorage(\n this.cacheConfig.cacheLocation\n );\n this.temporaryCacheStorage = this.setupBrowserStorage(\n this.cacheConfig.temporaryCacheLocation\n );\n this.cookieStorage = new CookieStorage();\n\n // Migrate cache entries from older versions of MSAL.\n if (cacheConfig.cacheMigrationEnabled) {\n this.migrateCacheEntries();\n this.createKeyMaps();\n }\n\n this.performanceClient = performanceClient;\n }\n\n /**\n * Returns a window storage class implementing the IWindowStorage interface that corresponds to the configured cacheLocation.\n * @param cacheLocation\n */\n protected setupBrowserStorage(\n cacheLocation: BrowserCacheLocation | string\n ): IWindowStorage {\n try {\n switch (cacheLocation) {\n case BrowserCacheLocation.LocalStorage:\n return new LocalStorage();\n case BrowserCacheLocation.SessionStorage:\n return new SessionStorage();\n case BrowserCacheLocation.MemoryStorage:\n default:\n break;\n }\n } catch (e) {\n this.logger.error(e as string);\n }\n this.cacheConfig.cacheLocation = BrowserCacheLocation.MemoryStorage;\n return new MemoryStorage();\n }\n\n /**\n * Migrate all old cache entries to new schema. No rollback supported.\n * @param storeAuthStateInCookie\n */\n protected migrateCacheEntries(): void {\n const idTokenKey = `${Constants.CACHE_PREFIX}.${PersistentCacheKeys.ID_TOKEN}`;\n const clientInfoKey = `${Constants.CACHE_PREFIX}.${PersistentCacheKeys.CLIENT_INFO}`;\n const errorKey = `${Constants.CACHE_PREFIX}.${PersistentCacheKeys.ERROR}`;\n const errorDescKey = `${Constants.CACHE_PREFIX}.${PersistentCacheKeys.ERROR_DESC}`;\n\n const idTokenValue = this.browserStorage.getItem(idTokenKey);\n const clientInfoValue = this.browserStorage.getItem(clientInfoKey);\n const errorValue = this.browserStorage.getItem(errorKey);\n const errorDescValue = this.browserStorage.getItem(errorDescKey);\n\n const values = [\n idTokenValue,\n clientInfoValue,\n errorValue,\n errorDescValue,\n ];\n const keysToMigrate = [\n PersistentCacheKeys.ID_TOKEN,\n PersistentCacheKeys.CLIENT_INFO,\n PersistentCacheKeys.ERROR,\n PersistentCacheKeys.ERROR_DESC,\n ];\n\n keysToMigrate.forEach((cacheKey: string, index: number) => {\n const value = values[index];\n if (value) {\n this.setTemporaryCache(cacheKey, value, true);\n }\n });\n }\n\n /**\n * Searches all cache entries for MSAL accounts and creates the account key map\n * This is used to migrate users from older versions of MSAL which did not create the map.\n * @returns\n */\n private createKeyMaps(): void {\n this.logger.trace(\"BrowserCacheManager - createKeyMaps called.\");\n const accountKeys = this.getItem(StaticCacheKeys.ACCOUNT_KEYS);\n const tokenKeys = this.getItem(\n `${StaticCacheKeys.TOKEN_KEYS}.${this.clientId}`\n );\n if (accountKeys && tokenKeys) {\n this.logger.verbose(\n \"BrowserCacheManager:createKeyMaps - account and token key maps already exist, skipping migration.\"\n );\n // Key maps already exist, no need to iterate through cache\n return;\n }\n\n const allKeys = this.browserStorage.getKeys();\n allKeys.forEach((key) => {\n if (this.isCredentialKey(key)) {\n // Get item, parse, validate and write key to map\n const value = this.getItem(key);\n if (value) {\n const credObj = this.validateAndParseJson(value);\n if (credObj && credObj.hasOwnProperty(\"credentialType\")) {\n switch (credObj[\"credentialType\"]) {\n case CredentialType.ID_TOKEN:\n if (CacheHelpers.isIdTokenEntity(credObj)) {\n this.logger.trace(\n \"BrowserCacheManager:createKeyMaps - idToken found, saving key to token key map\"\n );\n this.logger.tracePii(\n `BrowserCacheManager:createKeyMaps - idToken with key: ${key} found, saving key to token key map`\n );\n const idTokenEntity =\n credObj as IdTokenEntity;\n const newKey =\n this.updateCredentialCacheKey(\n key,\n idTokenEntity\n );\n this.addTokenKey(\n newKey,\n CredentialType.ID_TOKEN\n );\n return;\n } else {\n this.logger.trace(\n \"BrowserCacheManager:createKeyMaps - key found matching idToken schema with value containing idToken credentialType field but value failed IdTokenEntity validation, skipping.\"\n );\n this.logger.tracePii(\n `BrowserCacheManager:createKeyMaps - failed idToken validation on key: ${key}`\n );\n }\n break;\n case CredentialType.ACCESS_TOKEN:\n case CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME:\n if (CacheHelpers.isAccessTokenEntity(credObj)) {\n this.logger.trace(\n \"BrowserCacheManager:createKeyMaps - accessToken found, saving key to token key map\"\n );\n this.logger.tracePii(\n `BrowserCacheManager:createKeyMaps - accessToken with key: ${key} found, saving key to token key map`\n );\n const accessTokenEntity =\n credObj as AccessTokenEntity;\n const newKey =\n this.updateCredentialCacheKey(\n key,\n accessTokenEntity\n );\n this.addTokenKey(\n newKey,\n CredentialType.ACCESS_TOKEN\n );\n return;\n } else {\n this.logger.trace(\n \"BrowserCacheManager:createKeyMaps - key found matching accessToken schema with value containing accessToken credentialType field but value failed AccessTokenEntity validation, skipping.\"\n );\n this.logger.tracePii(\n `BrowserCacheManager:createKeyMaps - failed accessToken validation on key: ${key}`\n );\n }\n break;\n case CredentialType.REFRESH_TOKEN:\n if (\n CacheHelpers.isRefreshTokenEntity(credObj)\n ) {\n this.logger.trace(\n \"BrowserCacheManager:createKeyMaps - refreshToken found, saving key to token key map\"\n );\n this.logger.tracePii(\n `BrowserCacheManager:createKeyMaps - refreshToken with key: ${key} found, saving key to token key map`\n );\n const refreshTokenEntity =\n credObj as RefreshTokenEntity;\n const newKey =\n this.updateCredentialCacheKey(\n key,\n refreshTokenEntity\n );\n this.addTokenKey(\n newKey,\n CredentialType.REFRESH_TOKEN\n );\n return;\n } else {\n this.logger.trace(\n \"BrowserCacheManager:createKeyMaps - key found matching refreshToken schema with value containing refreshToken credentialType field but value failed RefreshTokenEntity validation, skipping.\"\n );\n this.logger.tracePii(\n `BrowserCacheManager:createKeyMaps - failed refreshToken validation on key: ${key}`\n );\n }\n break;\n default:\n // If credentialType isn't one of our predefined ones, it may not be an MSAL cache value. Ignore.\n }\n }\n }\n }\n\n if (this.isAccountKey(key)) {\n const value = this.getItem(key);\n if (value) {\n const accountObj = this.validateAndParseJson(value);\n if (\n accountObj &&\n AccountEntity.isAccountEntity(accountObj)\n ) {\n this.logger.trace(\n \"BrowserCacheManager:createKeyMaps - account found, saving key to account key map\"\n );\n this.logger.tracePii(\n `BrowserCacheManager:createKeyMaps - account with key: ${key} found, saving key to account key map`\n );\n this.addAccountKeyToMap(key);\n }\n }\n }\n });\n }\n\n /**\n * Parses passed value as JSON object, JSON.parse() will throw an error.\n * @param input\n */\n protected validateAndParseJson(jsonValue: string): object | null {\n try {\n const parsedJson = JSON.parse(jsonValue);\n /**\n * There are edge cases in which JSON.parse will successfully parse a non-valid JSON object\n * (e.g. JSON.parse will parse an escaped string into an unescaped string), so adding a type check\n * of the parsed value is necessary in order to be certain that the string represents a valid JSON object.\n *\n */\n return parsedJson && typeof parsedJson === \"object\"\n ? parsedJson\n : null;\n } catch (error) {\n return null;\n }\n }\n\n /**\n * fetches the entry from the browser storage based off the key\n * @param key\n */\n getItem(key: string): string | null {\n return this.browserStorage.getItem(key);\n }\n\n /**\n * sets the entry in the browser storage\n * @param key\n * @param value\n */\n setItem(key: string, value: string): void {\n this.browserStorage.setItem(key, value);\n }\n\n /**\n * fetch the account entity from the platform cache\n * @param accountKey\n */\n getAccount(accountKey: string, logger?: Logger): AccountEntity | null {\n this.logger.trace(\"BrowserCacheManager.getAccount called\");\n const accountEntity = this.getCachedAccountEntity(accountKey);\n\n return this.updateOutdatedCachedAccount(\n accountKey,\n accountEntity,\n logger\n );\n }\n\n /**\n * Reads account from cache, deserializes it into an account entity and returns it.\n * If account is not found from the key, returns null and removes key from map.\n * @param accountKey\n * @returns\n */\n getCachedAccountEntity(accountKey: string): AccountEntity | null {\n const serializedAccount = this.getItem(accountKey);\n if (!serializedAccount) {\n this.removeAccountKeyFromMap(accountKey);\n return null;\n }\n\n const parsedAccount = this.validateAndParseJson(serializedAccount);\n if (!parsedAccount || !AccountEntity.isAccountEntity(parsedAccount)) {\n this.removeAccountKeyFromMap(accountKey);\n return null;\n }\n\n return CacheManager.toObject(\n new AccountEntity(),\n parsedAccount\n );\n }\n\n /**\n * set account entity in the platform cache\n * @param account\n */\n setAccount(account: AccountEntity): void {\n this.logger.trace(\"BrowserCacheManager.setAccount called\");\n const key = account.generateAccountKey();\n this.setItem(key, JSON.stringify(account));\n this.addAccountKeyToMap(key);\n }\n\n /**\n * Returns the array of account keys currently cached\n * @returns\n */\n getAccountKeys(): Array {\n this.logger.trace(\"BrowserCacheManager.getAccountKeys called\");\n const accountKeys = this.getItem(StaticCacheKeys.ACCOUNT_KEYS);\n if (accountKeys) {\n return JSON.parse(accountKeys);\n }\n\n this.logger.verbose(\n \"BrowserCacheManager.getAccountKeys - No account keys found\"\n );\n return [];\n }\n\n /**\n * Add a new account to the key map\n * @param key\n */\n addAccountKeyToMap(key: string): void {\n this.logger.trace(\"BrowserCacheManager.addAccountKeyToMap called\");\n this.logger.tracePii(\n `BrowserCacheManager.addAccountKeyToMap called with key: ${key}`\n );\n const accountKeys = this.getAccountKeys();\n if (accountKeys.indexOf(key) === -1) {\n // Only add key if it does not already exist in the map\n accountKeys.push(key);\n this.setItem(\n StaticCacheKeys.ACCOUNT_KEYS,\n JSON.stringify(accountKeys)\n );\n this.logger.verbose(\n \"BrowserCacheManager.addAccountKeyToMap account key added\"\n );\n } else {\n this.logger.verbose(\n \"BrowserCacheManager.addAccountKeyToMap account key already exists in map\"\n );\n }\n }\n\n /**\n * Remove an account from the key map\n * @param key\n */\n removeAccountKeyFromMap(key: string): void {\n this.logger.trace(\"BrowserCacheManager.removeAccountKeyFromMap called\");\n this.logger.tracePii(\n `BrowserCacheManager.removeAccountKeyFromMap called with key: ${key}`\n );\n const accountKeys = this.getAccountKeys();\n const removalIndex = accountKeys.indexOf(key);\n if (removalIndex > -1) {\n accountKeys.splice(removalIndex, 1);\n this.setItem(\n StaticCacheKeys.ACCOUNT_KEYS,\n JSON.stringify(accountKeys)\n );\n this.logger.trace(\n \"BrowserCacheManager.removeAccountKeyFromMap account key removed\"\n );\n } else {\n this.logger.trace(\n \"BrowserCacheManager.removeAccountKeyFromMap key not found in existing map\"\n );\n }\n }\n\n /**\n * Extends inherited removeAccount function to include removal of the account key from the map\n * @param key\n */\n async removeAccount(key: string): Promise {\n void super.removeAccount(key);\n this.removeAccountKeyFromMap(key);\n }\n\n /**\n * Remove account entity from the platform cache if it's outdated\n * @param accountKey\n */\n removeOutdatedAccount(accountKey: string): void {\n this.removeItem(accountKey);\n this.removeAccountKeyFromMap(accountKey);\n }\n\n /**\n * Removes given idToken from the cache and from the key map\n * @param key\n */\n removeIdToken(key: string): void {\n super.removeIdToken(key);\n this.removeTokenKey(key, CredentialType.ID_TOKEN);\n }\n\n /**\n * Removes given accessToken from the cache and from the key map\n * @param key\n */\n async removeAccessToken(key: string): Promise {\n void super.removeAccessToken(key);\n this.removeTokenKey(key, CredentialType.ACCESS_TOKEN);\n }\n\n /**\n * Removes given refreshToken from the cache and from the key map\n * @param key\n */\n removeRefreshToken(key: string): void {\n super.removeRefreshToken(key);\n this.removeTokenKey(key, CredentialType.REFRESH_TOKEN);\n }\n\n /**\n * Gets the keys for the cached tokens associated with this clientId\n * @returns\n */\n getTokenKeys(): TokenKeys {\n this.logger.trace(\"BrowserCacheManager.getTokenKeys called\");\n const item = this.getItem(\n `${StaticCacheKeys.TOKEN_KEYS}.${this.clientId}`\n );\n if (item) {\n const tokenKeys = this.validateAndParseJson(item);\n if (\n tokenKeys &&\n tokenKeys.hasOwnProperty(\"idToken\") &&\n tokenKeys.hasOwnProperty(\"accessToken\") &&\n tokenKeys.hasOwnProperty(\"refreshToken\")\n ) {\n return tokenKeys as TokenKeys;\n } else {\n this.logger.error(\n \"BrowserCacheManager.getTokenKeys - Token keys found but in an unknown format. Returning empty key map.\"\n );\n }\n } else {\n this.logger.verbose(\n \"BrowserCacheManager.getTokenKeys - No token keys found\"\n );\n }\n\n return {\n idToken: [],\n accessToken: [],\n refreshToken: [],\n };\n }\n\n /**\n * Adds the given key to the token key map\n * @param key\n * @param type\n */\n addTokenKey(key: string, type: CredentialType): void {\n this.logger.trace(\"BrowserCacheManager addTokenKey called\");\n const tokenKeys = this.getTokenKeys();\n\n switch (type) {\n case CredentialType.ID_TOKEN:\n if (tokenKeys.idToken.indexOf(key) === -1) {\n this.logger.info(\n \"BrowserCacheManager: addTokenKey - idToken added to map\"\n );\n tokenKeys.idToken.push(key);\n }\n break;\n case CredentialType.ACCESS_TOKEN:\n if (tokenKeys.accessToken.indexOf(key) === -1) {\n this.logger.info(\n \"BrowserCacheManager: addTokenKey - accessToken added to map\"\n );\n tokenKeys.accessToken.push(key);\n }\n break;\n case CredentialType.REFRESH_TOKEN:\n if (tokenKeys.refreshToken.indexOf(key) === -1) {\n this.logger.info(\n \"BrowserCacheManager: addTokenKey - refreshToken added to map\"\n );\n tokenKeys.refreshToken.push(key);\n }\n break;\n default:\n this.logger.error(\n `BrowserCacheManager:addTokenKey - CredentialType provided invalid. CredentialType: ${type}`\n );\n throw createClientAuthError(\n ClientAuthErrorCodes.unexpectedCredentialType\n );\n }\n\n this.setItem(\n `${StaticCacheKeys.TOKEN_KEYS}.${this.clientId}`,\n JSON.stringify(tokenKeys)\n );\n }\n\n /**\n * Removes the given key from the token key map\n * @param key\n * @param type\n */\n removeTokenKey(key: string, type: CredentialType): void {\n this.logger.trace(\"BrowserCacheManager removeTokenKey called\");\n const tokenKeys = this.getTokenKeys();\n\n switch (type) {\n case CredentialType.ID_TOKEN:\n this.logger.infoPii(\n `BrowserCacheManager: removeTokenKey - attempting to remove idToken with key: ${key} from map`\n );\n const idRemoval = tokenKeys.idToken.indexOf(key);\n if (idRemoval > -1) {\n this.logger.info(\n \"BrowserCacheManager: removeTokenKey - idToken removed from map\"\n );\n tokenKeys.idToken.splice(idRemoval, 1);\n } else {\n this.logger.info(\n \"BrowserCacheManager: removeTokenKey - idToken does not exist in map. Either it was previously removed or it was never added.\"\n );\n }\n break;\n case CredentialType.ACCESS_TOKEN:\n this.logger.infoPii(\n `BrowserCacheManager: removeTokenKey - attempting to remove accessToken with key: ${key} from map`\n );\n const accessRemoval = tokenKeys.accessToken.indexOf(key);\n if (accessRemoval > -1) {\n this.logger.info(\n \"BrowserCacheManager: removeTokenKey - accessToken removed from map\"\n );\n tokenKeys.accessToken.splice(accessRemoval, 1);\n } else {\n this.logger.info(\n \"BrowserCacheManager: removeTokenKey - accessToken does not exist in map. Either it was previously removed or it was never added.\"\n );\n }\n break;\n case CredentialType.REFRESH_TOKEN:\n this.logger.infoPii(\n `BrowserCacheManager: removeTokenKey - attempting to remove refreshToken with key: ${key} from map`\n );\n const refreshRemoval = tokenKeys.refreshToken.indexOf(key);\n if (refreshRemoval > -1) {\n this.logger.info(\n \"BrowserCacheManager: removeTokenKey - refreshToken removed from map\"\n );\n tokenKeys.refreshToken.splice(refreshRemoval, 1);\n } else {\n this.logger.info(\n \"BrowserCacheManager: removeTokenKey - refreshToken does not exist in map. Either it was previously removed or it was never added.\"\n );\n }\n break;\n default:\n this.logger.error(\n `BrowserCacheManager:removeTokenKey - CredentialType provided invalid. CredentialType: ${type}`\n );\n throw createClientAuthError(\n ClientAuthErrorCodes.unexpectedCredentialType\n );\n }\n\n this.setItem(\n `${StaticCacheKeys.TOKEN_KEYS}.${this.clientId}`,\n JSON.stringify(tokenKeys)\n );\n }\n\n /**\n * generates idToken entity from a string\n * @param idTokenKey\n */\n getIdTokenCredential(idTokenKey: string): IdTokenEntity | null {\n const value = this.getItem(idTokenKey);\n if (!value) {\n this.logger.trace(\n \"BrowserCacheManager.getIdTokenCredential: called, no cache hit\"\n );\n this.removeTokenKey(idTokenKey, CredentialType.ID_TOKEN);\n return null;\n }\n\n const parsedIdToken = this.validateAndParseJson(value);\n if (!parsedIdToken || !CacheHelpers.isIdTokenEntity(parsedIdToken)) {\n this.logger.trace(\n \"BrowserCacheManager.getIdTokenCredential: called, no cache hit\"\n );\n this.removeTokenKey(idTokenKey, CredentialType.ID_TOKEN);\n return null;\n }\n\n this.logger.trace(\n \"BrowserCacheManager.getIdTokenCredential: cache hit\"\n );\n return parsedIdToken as IdTokenEntity;\n }\n\n /**\n * set IdToken credential to the platform cache\n * @param idToken\n */\n setIdTokenCredential(idToken: IdTokenEntity): void {\n this.logger.trace(\"BrowserCacheManager.setIdTokenCredential called\");\n const idTokenKey = CacheHelpers.generateCredentialKey(idToken);\n\n this.setItem(idTokenKey, JSON.stringify(idToken));\n\n this.addTokenKey(idTokenKey, CredentialType.ID_TOKEN);\n }\n\n /**\n * generates accessToken entity from a string\n * @param key\n */\n getAccessTokenCredential(accessTokenKey: string): AccessTokenEntity | null {\n const value = this.getItem(accessTokenKey);\n if (!value) {\n this.logger.trace(\n \"BrowserCacheManager.getAccessTokenCredential: called, no cache hit\"\n );\n this.removeTokenKey(accessTokenKey, CredentialType.ACCESS_TOKEN);\n return null;\n }\n const parsedAccessToken = this.validateAndParseJson(value);\n if (\n !parsedAccessToken ||\n !CacheHelpers.isAccessTokenEntity(parsedAccessToken)\n ) {\n this.logger.trace(\n \"BrowserCacheManager.getAccessTokenCredential: called, no cache hit\"\n );\n this.removeTokenKey(accessTokenKey, CredentialType.ACCESS_TOKEN);\n return null;\n }\n\n this.logger.trace(\n \"BrowserCacheManager.getAccessTokenCredential: cache hit\"\n );\n return parsedAccessToken as AccessTokenEntity;\n }\n\n /**\n * set accessToken credential to the platform cache\n * @param accessToken\n */\n setAccessTokenCredential(accessToken: AccessTokenEntity): void {\n this.logger.trace(\n \"BrowserCacheManager.setAccessTokenCredential called\"\n );\n const accessTokenKey = CacheHelpers.generateCredentialKey(accessToken);\n this.setItem(accessTokenKey, JSON.stringify(accessToken));\n\n this.addTokenKey(accessTokenKey, CredentialType.ACCESS_TOKEN);\n }\n\n /**\n * generates refreshToken entity from a string\n * @param refreshTokenKey\n */\n getRefreshTokenCredential(\n refreshTokenKey: string\n ): RefreshTokenEntity | null {\n const value = this.getItem(refreshTokenKey);\n if (!value) {\n this.logger.trace(\n \"BrowserCacheManager.getRefreshTokenCredential: called, no cache hit\"\n );\n this.removeTokenKey(refreshTokenKey, CredentialType.REFRESH_TOKEN);\n return null;\n }\n const parsedRefreshToken = this.validateAndParseJson(value);\n if (\n !parsedRefreshToken ||\n !CacheHelpers.isRefreshTokenEntity(parsedRefreshToken)\n ) {\n this.logger.trace(\n \"BrowserCacheManager.getRefreshTokenCredential: called, no cache hit\"\n );\n this.removeTokenKey(refreshTokenKey, CredentialType.REFRESH_TOKEN);\n return null;\n }\n\n this.logger.trace(\n \"BrowserCacheManager.getRefreshTokenCredential: cache hit\"\n );\n return parsedRefreshToken as RefreshTokenEntity;\n }\n\n /**\n * set refreshToken credential to the platform cache\n * @param refreshToken\n */\n setRefreshTokenCredential(refreshToken: RefreshTokenEntity): void {\n this.logger.trace(\n \"BrowserCacheManager.setRefreshTokenCredential called\"\n );\n const refreshTokenKey =\n CacheHelpers.generateCredentialKey(refreshToken);\n this.setItem(refreshTokenKey, JSON.stringify(refreshToken));\n\n this.addTokenKey(refreshTokenKey, CredentialType.REFRESH_TOKEN);\n }\n\n /**\n * fetch appMetadata entity from the platform cache\n * @param appMetadataKey\n */\n getAppMetadata(appMetadataKey: string): AppMetadataEntity | null {\n const value = this.getItem(appMetadataKey);\n if (!value) {\n this.logger.trace(\n \"BrowserCacheManager.getAppMetadata: called, no cache hit\"\n );\n return null;\n }\n\n const parsedMetadata = this.validateAndParseJson(value);\n if (\n !parsedMetadata ||\n !CacheHelpers.isAppMetadataEntity(appMetadataKey, parsedMetadata)\n ) {\n this.logger.trace(\n \"BrowserCacheManager.getAppMetadata: called, no cache hit\"\n );\n return null;\n }\n\n this.logger.trace(\"BrowserCacheManager.getAppMetadata: cache hit\");\n return parsedMetadata as AppMetadataEntity;\n }\n\n /**\n * set appMetadata entity to the platform cache\n * @param appMetadata\n */\n setAppMetadata(appMetadata: AppMetadataEntity): void {\n this.logger.trace(\"BrowserCacheManager.setAppMetadata called\");\n const appMetadataKey = CacheHelpers.generateAppMetadataKey(appMetadata);\n this.setItem(appMetadataKey, JSON.stringify(appMetadata));\n }\n\n /**\n * fetch server telemetry entity from the platform cache\n * @param serverTelemetryKey\n */\n getServerTelemetry(\n serverTelemetryKey: string\n ): ServerTelemetryEntity | null {\n const value = this.getItem(serverTelemetryKey);\n if (!value) {\n this.logger.trace(\n \"BrowserCacheManager.getServerTelemetry: called, no cache hit\"\n );\n return null;\n }\n const parsedEntity = this.validateAndParseJson(value);\n if (\n !parsedEntity ||\n !CacheHelpers.isServerTelemetryEntity(\n serverTelemetryKey,\n parsedEntity\n )\n ) {\n this.logger.trace(\n \"BrowserCacheManager.getServerTelemetry: called, no cache hit\"\n );\n return null;\n }\n\n this.logger.trace(\"BrowserCacheManager.getServerTelemetry: cache hit\");\n return parsedEntity as ServerTelemetryEntity;\n }\n\n /**\n * set server telemetry entity to the platform cache\n * @param serverTelemetryKey\n * @param serverTelemetry\n */\n setServerTelemetry(\n serverTelemetryKey: string,\n serverTelemetry: ServerTelemetryEntity\n ): void {\n this.logger.trace(\"BrowserCacheManager.setServerTelemetry called\");\n this.setItem(serverTelemetryKey, JSON.stringify(serverTelemetry));\n }\n\n /**\n *\n */\n getAuthorityMetadata(key: string): AuthorityMetadataEntity | null {\n const value = this.internalStorage.getItem(key);\n if (!value) {\n this.logger.trace(\n \"BrowserCacheManager.getAuthorityMetadata: called, no cache hit\"\n );\n return null;\n }\n const parsedMetadata = this.validateAndParseJson(value);\n if (\n parsedMetadata &&\n CacheHelpers.isAuthorityMetadataEntity(key, parsedMetadata)\n ) {\n this.logger.trace(\n \"BrowserCacheManager.getAuthorityMetadata: cache hit\"\n );\n return parsedMetadata as AuthorityMetadataEntity;\n }\n return null;\n }\n\n /**\n *\n */\n getAuthorityMetadataKeys(): Array {\n const allKeys = this.internalStorage.getKeys();\n return allKeys.filter((key) => {\n return this.isAuthorityMetadata(key);\n });\n }\n\n /**\n * Sets wrapper metadata in memory\n * @param wrapperSKU\n * @param wrapperVersion\n */\n setWrapperMetadata(wrapperSKU: string, wrapperVersion: string): void {\n this.internalStorage.setItem(InMemoryCacheKeys.WRAPPER_SKU, wrapperSKU);\n this.internalStorage.setItem(\n InMemoryCacheKeys.WRAPPER_VER,\n wrapperVersion\n );\n }\n\n /**\n * Returns wrapper metadata from in-memory storage\n */\n getWrapperMetadata(): [string, string] {\n const sku =\n this.internalStorage.getItem(InMemoryCacheKeys.WRAPPER_SKU) ||\n Constants.EMPTY_STRING;\n const version =\n this.internalStorage.getItem(InMemoryCacheKeys.WRAPPER_VER) ||\n Constants.EMPTY_STRING;\n return [sku, version];\n }\n\n /**\n *\n * @param entity\n */\n setAuthorityMetadata(key: string, entity: AuthorityMetadataEntity): void {\n this.logger.trace(\"BrowserCacheManager.setAuthorityMetadata called\");\n this.internalStorage.setItem(key, JSON.stringify(entity));\n }\n\n /**\n * Gets the active account\n */\n getActiveAccount(): AccountInfo | null {\n const activeAccountKeyFilters = this.generateCacheKey(\n PersistentCacheKeys.ACTIVE_ACCOUNT_FILTERS\n );\n const activeAccountValueFilters = this.getItem(activeAccountKeyFilters);\n if (!activeAccountValueFilters) {\n // if new active account cache type isn't found, it's an old version, so look for that instead\n this.logger.trace(\n \"BrowserCacheManager.getActiveAccount: No active account filters cache schema found, looking for legacy schema\"\n );\n const activeAccountKeyLocal = this.generateCacheKey(\n PersistentCacheKeys.ACTIVE_ACCOUNT\n );\n const activeAccountValueLocal = this.getItem(activeAccountKeyLocal);\n if (!activeAccountValueLocal) {\n this.logger.trace(\n \"BrowserCacheManager.getActiveAccount: No active account found\"\n );\n return null;\n }\n const activeAccount = this.getAccountInfoFilteredBy({\n localAccountId: activeAccountValueLocal,\n });\n if (activeAccount) {\n this.logger.trace(\n \"BrowserCacheManager.getActiveAccount: Legacy active account cache schema found\"\n );\n this.logger.trace(\n \"BrowserCacheManager.getActiveAccount: Adding active account filters cache schema\"\n );\n this.setActiveAccount(activeAccount);\n return activeAccount;\n }\n return null;\n }\n const activeAccountValueObj = this.validateAndParseJson(\n activeAccountValueFilters\n ) as AccountInfo;\n if (activeAccountValueObj) {\n this.logger.trace(\n \"BrowserCacheManager.getActiveAccount: Active account filters schema found\"\n );\n return this.getAccountInfoFilteredBy({\n homeAccountId: activeAccountValueObj.homeAccountId,\n localAccountId: activeAccountValueObj.localAccountId,\n tenantId: activeAccountValueObj.tenantId,\n });\n }\n this.logger.trace(\n \"BrowserCacheManager.getActiveAccount: No active account found\"\n );\n return null;\n }\n\n /**\n * Sets the active account's localAccountId in cache\n * @param account\n */\n setActiveAccount(account: AccountInfo | null): void {\n const activeAccountKey = this.generateCacheKey(\n PersistentCacheKeys.ACTIVE_ACCOUNT_FILTERS\n );\n const activeAccountKeyLocal = this.generateCacheKey(\n PersistentCacheKeys.ACTIVE_ACCOUNT\n );\n if (account) {\n this.logger.verbose(\"setActiveAccount: Active account set\");\n const activeAccountValue: ActiveAccountFilters = {\n homeAccountId: account.homeAccountId,\n localAccountId: account.localAccountId,\n tenantId: account.tenantId,\n };\n this.browserStorage.setItem(\n activeAccountKey,\n JSON.stringify(activeAccountValue)\n );\n this.browserStorage.setItem(\n activeAccountKeyLocal,\n account.localAccountId\n );\n } else {\n this.logger.verbose(\n \"setActiveAccount: No account passed, active account not set\"\n );\n this.browserStorage.removeItem(activeAccountKey);\n this.browserStorage.removeItem(activeAccountKeyLocal);\n }\n }\n\n /**\n * fetch throttling entity from the platform cache\n * @param throttlingCacheKey\n */\n getThrottlingCache(throttlingCacheKey: string): ThrottlingEntity | null {\n const value = this.getItem(throttlingCacheKey);\n if (!value) {\n this.logger.trace(\n \"BrowserCacheManager.getThrottlingCache: called, no cache hit\"\n );\n return null;\n }\n\n const parsedThrottlingCache = this.validateAndParseJson(value);\n if (\n !parsedThrottlingCache ||\n !CacheHelpers.isThrottlingEntity(\n throttlingCacheKey,\n parsedThrottlingCache\n )\n ) {\n this.logger.trace(\n \"BrowserCacheManager.getThrottlingCache: called, no cache hit\"\n );\n return null;\n }\n\n this.logger.trace(\"BrowserCacheManager.getThrottlingCache: cache hit\");\n return parsedThrottlingCache as ThrottlingEntity;\n }\n\n /**\n * set throttling entity to the platform cache\n * @param throttlingCacheKey\n * @param throttlingCache\n */\n setThrottlingCache(\n throttlingCacheKey: string,\n throttlingCache: ThrottlingEntity\n ): void {\n this.logger.trace(\"BrowserCacheManager.setThrottlingCache called\");\n this.setItem(throttlingCacheKey, JSON.stringify(throttlingCache));\n }\n\n /**\n * Gets cache item with given key.\n * Will retrieve from cookies if storeAuthStateInCookie is set to true.\n * @param key\n */\n getTemporaryCache(cacheKey: string, generateKey?: boolean): string | null {\n const key = generateKey ? this.generateCacheKey(cacheKey) : cacheKey;\n if (this.cacheConfig.storeAuthStateInCookie) {\n const itemCookie = this.cookieStorage.getItem(key);\n if (itemCookie) {\n this.logger.trace(\n \"BrowserCacheManager.getTemporaryCache: storeAuthStateInCookies set to true, retrieving from cookies\"\n );\n return itemCookie;\n }\n }\n\n const value = this.temporaryCacheStorage.getItem(key);\n if (!value) {\n // If temp cache item not found in session/memory, check local storage for items set by old versions\n if (\n this.cacheConfig.cacheLocation ===\n BrowserCacheLocation.LocalStorage\n ) {\n const item = this.browserStorage.getItem(key);\n if (item) {\n this.logger.trace(\n \"BrowserCacheManager.getTemporaryCache: Temporary cache item found in local storage\"\n );\n return item;\n }\n }\n this.logger.trace(\n \"BrowserCacheManager.getTemporaryCache: No cache item found in local storage\"\n );\n return null;\n }\n this.logger.trace(\n \"BrowserCacheManager.getTemporaryCache: Temporary cache item returned\"\n );\n return value;\n }\n\n /**\n * Sets the cache item with the key and value given.\n * Stores in cookie if storeAuthStateInCookie is set to true.\n * This can cause cookie overflow if used incorrectly.\n * @param key\n * @param value\n */\n setTemporaryCache(\n cacheKey: string,\n value: string,\n generateKey?: boolean\n ): void {\n const key = generateKey ? this.generateCacheKey(cacheKey) : cacheKey;\n\n this.temporaryCacheStorage.setItem(key, value);\n if (this.cacheConfig.storeAuthStateInCookie) {\n this.logger.trace(\n \"BrowserCacheManager.setTemporaryCache: storeAuthStateInCookie set to true, setting item cookie\"\n );\n this.cookieStorage.setItem(\n key,\n value,\n undefined,\n this.cacheConfig.secureCookies\n );\n }\n }\n\n /**\n * Removes the cache item with the given key.\n * @param key\n */\n removeItem(key: string): void {\n this.browserStorage.removeItem(key);\n }\n\n /**\n * Removes the temporary cache item with the given key.\n * Will also clear the cookie item if storeAuthStateInCookie is set to true.\n * @param key\n */\n removeTemporaryItem(key: string): void {\n this.temporaryCacheStorage.removeItem(key);\n if (this.cacheConfig.storeAuthStateInCookie) {\n this.logger.trace(\n \"BrowserCacheManager.removeItem: storeAuthStateInCookie is true, clearing item cookie\"\n );\n this.cookieStorage.removeItem(key);\n }\n }\n\n /**\n * Gets all keys in window.\n */\n getKeys(): string[] {\n return this.browserStorage.getKeys();\n }\n\n /**\n * Clears all cache entries created by MSAL.\n */\n async clear(): Promise {\n // Removes all accounts and their credentials\n await this.removeAllAccounts();\n this.removeAppMetadata();\n\n // Remove temp storage first to make sure any cookies are cleared\n this.temporaryCacheStorage.getKeys().forEach((cacheKey: string) => {\n if (\n cacheKey.indexOf(Constants.CACHE_PREFIX) !== -1 ||\n cacheKey.indexOf(this.clientId) !== -1\n ) {\n this.removeTemporaryItem(cacheKey);\n }\n });\n\n // Removes all remaining MSAL cache items\n this.browserStorage.getKeys().forEach((cacheKey: string) => {\n if (\n cacheKey.indexOf(Constants.CACHE_PREFIX) !== -1 ||\n cacheKey.indexOf(this.clientId) !== -1\n ) {\n this.browserStorage.removeItem(cacheKey);\n }\n });\n\n this.internalStorage.clear();\n }\n\n /**\n * Clears all access tokes that have claims prior to saving the current one\n * @param performanceClient {IPerformanceClient}\n * @param correlationId {string} correlation id\n * @returns\n */\n async clearTokensAndKeysWithClaims(\n performanceClient: IPerformanceClient,\n correlationId: string\n ): Promise {\n performanceClient.addQueueMeasurement(\n PerformanceEvents.ClearTokensAndKeysWithClaims,\n correlationId\n );\n\n const tokenKeys = this.getTokenKeys();\n\n const removedAccessTokens: Array> = [];\n tokenKeys.accessToken.forEach((key: string) => {\n // if the access token has claims in its key, remove the token key and the token\n const credential = this.getAccessTokenCredential(key);\n if (\n credential?.requestedClaimsHash &&\n key.includes(credential.requestedClaimsHash.toLowerCase())\n ) {\n removedAccessTokens.push(this.removeAccessToken(key));\n }\n });\n await Promise.all(removedAccessTokens);\n\n // warn if any access tokens are removed\n if (removedAccessTokens.length > 0) {\n this.logger.warning(\n `${removedAccessTokens.length} access tokens with claims in the cache keys have been removed from the cache.`\n );\n }\n }\n\n /**\n * Prepend msal. to each key; Skip for any JSON object as Key (defined schemas do not need the key appended: AccessToken Keys or the upcoming schema)\n * @param key\n * @param addInstanceId\n */\n generateCacheKey(key: string): string {\n const generatedKey = this.validateAndParseJson(key);\n if (!generatedKey) {\n if (\n StringUtils.startsWith(key, Constants.CACHE_PREFIX) ||\n StringUtils.startsWith(key, PersistentCacheKeys.ADAL_ID_TOKEN)\n ) {\n return key;\n }\n return `${Constants.CACHE_PREFIX}.${this.clientId}.${key}`;\n }\n\n return JSON.stringify(key);\n }\n\n /**\n * Create authorityKey to cache authority\n * @param state\n */\n generateAuthorityKey(stateString: string): string {\n const {\n libraryState: { id: stateId },\n } = ProtocolUtils.parseRequestState(this.cryptoImpl, stateString);\n\n return this.generateCacheKey(\n `${TemporaryCacheKeys.AUTHORITY}.${stateId}`\n );\n }\n\n /**\n * Create Nonce key to cache nonce\n * @param state\n */\n generateNonceKey(stateString: string): string {\n const {\n libraryState: { id: stateId },\n } = ProtocolUtils.parseRequestState(this.cryptoImpl, stateString);\n\n return this.generateCacheKey(\n `${TemporaryCacheKeys.NONCE_IDTOKEN}.${stateId}`\n );\n }\n\n /**\n * Creates full cache key for the request state\n * @param stateString State string for the request\n */\n generateStateKey(stateString: string): string {\n // Use the library state id to key temp storage for uniqueness for multiple concurrent requests\n const {\n libraryState: { id: stateId },\n } = ProtocolUtils.parseRequestState(this.cryptoImpl, stateString);\n return this.generateCacheKey(\n `${TemporaryCacheKeys.REQUEST_STATE}.${stateId}`\n );\n }\n\n /**\n * Gets the cached authority based on the cached state. Returns empty if no cached state found.\n */\n getCachedAuthority(cachedState: string): string | null {\n const stateCacheKey = this.generateStateKey(cachedState);\n const state = this.getTemporaryCache(stateCacheKey);\n if (!state) {\n return null;\n }\n\n const authorityCacheKey = this.generateAuthorityKey(state);\n return this.getTemporaryCache(authorityCacheKey);\n }\n\n /**\n * Updates account, authority, and state in cache\n * @param serverAuthenticationRequest\n * @param account\n */\n updateCacheEntries(\n state: string,\n nonce: string,\n authorityInstance: string,\n loginHint: string,\n account: AccountInfo | null\n ): void {\n this.logger.trace(\"BrowserCacheManager.updateCacheEntries called\");\n // Cache the request state\n const stateCacheKey = this.generateStateKey(state);\n this.setTemporaryCache(stateCacheKey, state, false);\n\n // Cache the nonce\n const nonceCacheKey = this.generateNonceKey(state);\n this.setTemporaryCache(nonceCacheKey, nonce, false);\n\n // Cache authorityKey\n const authorityCacheKey = this.generateAuthorityKey(state);\n this.setTemporaryCache(authorityCacheKey, authorityInstance, false);\n\n if (account) {\n const ccsCredential: CcsCredential = {\n credential: account.homeAccountId,\n type: CcsCredentialType.HOME_ACCOUNT_ID,\n };\n this.setTemporaryCache(\n TemporaryCacheKeys.CCS_CREDENTIAL,\n JSON.stringify(ccsCredential),\n true\n );\n } else if (loginHint) {\n const ccsCredential: CcsCredential = {\n credential: loginHint,\n type: CcsCredentialType.UPN,\n };\n this.setTemporaryCache(\n TemporaryCacheKeys.CCS_CREDENTIAL,\n JSON.stringify(ccsCredential),\n true\n );\n }\n }\n\n /**\n * Reset all temporary cache items\n * @param state\n */\n resetRequestCache(state: string): void {\n this.logger.trace(\"BrowserCacheManager.resetRequestCache called\");\n // check state and remove associated cache items\n if (state) {\n this.temporaryCacheStorage.getKeys().forEach((key) => {\n if (key.indexOf(state) !== -1) {\n this.removeTemporaryItem(key);\n }\n });\n\n // delete generic interactive request parameters\n this.removeTemporaryItem(this.generateStateKey(state));\n this.removeTemporaryItem(this.generateNonceKey(state));\n this.removeTemporaryItem(this.generateAuthorityKey(state));\n }\n this.removeTemporaryItem(\n this.generateCacheKey(TemporaryCacheKeys.REQUEST_PARAMS)\n );\n this.removeTemporaryItem(\n this.generateCacheKey(TemporaryCacheKeys.ORIGIN_URI)\n );\n this.removeTemporaryItem(\n this.generateCacheKey(TemporaryCacheKeys.URL_HASH)\n );\n this.removeTemporaryItem(\n this.generateCacheKey(TemporaryCacheKeys.CORRELATION_ID)\n );\n this.removeTemporaryItem(\n this.generateCacheKey(TemporaryCacheKeys.CCS_CREDENTIAL)\n );\n this.removeTemporaryItem(\n this.generateCacheKey(TemporaryCacheKeys.NATIVE_REQUEST)\n );\n this.setInteractionInProgress(false);\n }\n\n /**\n * Removes temporary cache for the provided state\n * @param stateString\n */\n cleanRequestByState(stateString: string): void {\n this.logger.trace(\"BrowserCacheManager.cleanRequestByState called\");\n // Interaction is completed - remove interaction status.\n if (stateString) {\n const stateKey = this.generateStateKey(stateString);\n const cachedState = this.temporaryCacheStorage.getItem(stateKey);\n this.logger.infoPii(\n `BrowserCacheManager.cleanRequestByState: Removing temporary cache items for state: ${cachedState}`\n );\n this.resetRequestCache(cachedState || Constants.EMPTY_STRING);\n }\n }\n\n /**\n * Looks in temporary cache for any state values with the provided interactionType and removes all temporary cache items for that state\n * Used in scenarios where temp cache needs to be cleaned but state is not known, such as clicking browser back button.\n * @param interactionType\n */\n cleanRequestByInteractionType(interactionType: InteractionType): void {\n this.logger.trace(\n \"BrowserCacheManager.cleanRequestByInteractionType called\"\n );\n // Loop through all keys to find state key\n this.temporaryCacheStorage.getKeys().forEach((key) => {\n // If this key is not the state key, move on\n if (key.indexOf(TemporaryCacheKeys.REQUEST_STATE) === -1) {\n return;\n }\n\n // Retrieve state value, return if not a valid value\n const stateValue = this.temporaryCacheStorage.getItem(key);\n if (!stateValue) {\n return;\n }\n // Extract state and ensure it matches given InteractionType, then clean request cache\n const parsedState = extractBrowserRequestState(\n this.cryptoImpl,\n stateValue\n );\n if (\n parsedState &&\n parsedState.interactionType === interactionType\n ) {\n this.logger.infoPii(\n `BrowserCacheManager.cleanRequestByInteractionType: Removing temporary cache items for state: ${stateValue}`\n );\n this.resetRequestCache(stateValue);\n }\n });\n this.setInteractionInProgress(false);\n }\n\n cacheCodeRequest(authCodeRequest: CommonAuthorizationCodeRequest): void {\n this.logger.trace(\"BrowserCacheManager.cacheCodeRequest called\");\n\n const encodedValue = base64Encode(JSON.stringify(authCodeRequest));\n this.setTemporaryCache(\n TemporaryCacheKeys.REQUEST_PARAMS,\n encodedValue,\n true\n );\n }\n\n /**\n * Gets the token exchange parameters from the cache. Throws an error if nothing is found.\n */\n getCachedRequest(state: string): CommonAuthorizationCodeRequest {\n this.logger.trace(\"BrowserCacheManager.getCachedRequest called\");\n // Get token request from cache and parse as TokenExchangeParameters.\n const encodedTokenRequest = this.getTemporaryCache(\n TemporaryCacheKeys.REQUEST_PARAMS,\n true\n );\n if (!encodedTokenRequest) {\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.noTokenRequestCacheError\n );\n }\n\n let parsedRequest: CommonAuthorizationCodeRequest;\n try {\n parsedRequest = JSON.parse(base64Decode(encodedTokenRequest));\n } catch (e) {\n this.logger.errorPii(`Attempted to parse: ${encodedTokenRequest}`);\n this.logger.error(\n `Parsing cached token request threw with error: ${e}`\n );\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.unableToParseTokenRequestCacheError\n );\n }\n this.removeTemporaryItem(\n this.generateCacheKey(TemporaryCacheKeys.REQUEST_PARAMS)\n );\n\n // Get cached authority and use if no authority is cached with request.\n if (!parsedRequest.authority) {\n const authorityCacheKey: string = this.generateAuthorityKey(state);\n const cachedAuthority = this.getTemporaryCache(authorityCacheKey);\n if (!cachedAuthority) {\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.noCachedAuthorityError\n );\n }\n parsedRequest.authority = cachedAuthority;\n }\n\n return parsedRequest;\n }\n\n /**\n * Gets cached native request for redirect flows\n */\n getCachedNativeRequest(): NativeTokenRequest | null {\n this.logger.trace(\"BrowserCacheManager.getCachedNativeRequest called\");\n const cachedRequest = this.getTemporaryCache(\n TemporaryCacheKeys.NATIVE_REQUEST,\n true\n );\n if (!cachedRequest) {\n this.logger.trace(\n \"BrowserCacheManager.getCachedNativeRequest: No cached native request found\"\n );\n return null;\n }\n\n const parsedRequest = this.validateAndParseJson(\n cachedRequest\n ) as NativeTokenRequest;\n if (!parsedRequest) {\n this.logger.error(\n \"BrowserCacheManager.getCachedNativeRequest: Unable to parse native request\"\n );\n return null;\n }\n\n return parsedRequest;\n }\n\n isInteractionInProgress(matchClientId?: boolean): boolean {\n const clientId = this.getInteractionInProgress();\n\n if (matchClientId) {\n return clientId === this.clientId;\n } else {\n return !!clientId;\n }\n }\n\n getInteractionInProgress(): string | null {\n const key = `${Constants.CACHE_PREFIX}.${TemporaryCacheKeys.INTERACTION_STATUS_KEY}`;\n return this.getTemporaryCache(key, false);\n }\n\n setInteractionInProgress(inProgress: boolean): void {\n // Ensure we don't overwrite interaction in progress for a different clientId\n const key = `${Constants.CACHE_PREFIX}.${TemporaryCacheKeys.INTERACTION_STATUS_KEY}`;\n if (inProgress) {\n if (this.getInteractionInProgress()) {\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.interactionInProgress\n );\n } else {\n // No interaction is in progress\n this.setTemporaryCache(key, this.clientId, false);\n }\n } else if (\n !inProgress &&\n this.getInteractionInProgress() === this.clientId\n ) {\n this.removeTemporaryItem(key);\n }\n }\n\n /**\n * Returns username retrieved from ADAL or MSAL v1 idToken\n * @deprecated\n */\n getLegacyLoginHint(): string | null {\n // Only check for adal/msal token if no SSO params are being used\n const adalIdTokenString = this.getTemporaryCache(\n PersistentCacheKeys.ADAL_ID_TOKEN\n );\n if (adalIdTokenString) {\n this.browserStorage.removeItem(PersistentCacheKeys.ADAL_ID_TOKEN);\n this.logger.verbose(\"Cached ADAL id token retrieved.\");\n }\n\n // Check for cached MSAL v1 id token\n const msalIdTokenString = this.getTemporaryCache(\n PersistentCacheKeys.ID_TOKEN,\n true\n );\n if (msalIdTokenString) {\n this.browserStorage.removeItem(\n this.generateCacheKey(PersistentCacheKeys.ID_TOKEN)\n );\n this.logger.verbose(\"Cached MSAL.js v1 id token retrieved\");\n }\n\n const cachedIdTokenString = msalIdTokenString || adalIdTokenString;\n if (cachedIdTokenString) {\n const idTokenClaims = AuthToken.extractTokenClaims(\n cachedIdTokenString,\n base64Decode\n );\n if (idTokenClaims.preferred_username) {\n this.logger.verbose(\n \"No SSO params used and ADAL/MSAL v1 token retrieved, setting ADAL/MSAL v1 preferred_username as loginHint\"\n );\n return idTokenClaims.preferred_username;\n } else if (idTokenClaims.upn) {\n this.logger.verbose(\n \"No SSO params used and ADAL/MSAL v1 token retrieved, setting ADAL/MSAL v1 upn as loginHint\"\n );\n return idTokenClaims.upn;\n } else {\n this.logger.verbose(\n \"No SSO params used and ADAL/MSAL v1 token retrieved, however, no account hint claim found. Enable preferred_username or upn id token claim to get SSO.\"\n );\n }\n }\n\n return null;\n }\n\n /**\n * Updates a credential's cache key if the current cache key is outdated\n */\n updateCredentialCacheKey(\n currentCacheKey: string,\n credential: ValidCredentialType\n ): string {\n const updatedCacheKey = CacheHelpers.generateCredentialKey(credential);\n\n if (currentCacheKey !== updatedCacheKey) {\n const cacheItem = this.getItem(currentCacheKey);\n if (cacheItem) {\n this.browserStorage.removeItem(currentCacheKey);\n this.setItem(updatedCacheKey, cacheItem);\n this.logger.verbose(\n `Updated an outdated ${credential.credentialType} cache key`\n );\n return updatedCacheKey;\n } else {\n this.logger.error(\n `Attempted to update an outdated ${credential.credentialType} cache key but no item matching the outdated key was found in storage`\n );\n }\n }\n\n return currentCacheKey;\n }\n\n /**\n * Builds credential entities from AuthenticationResult object and saves the resulting credentials to the cache\n * @param result\n * @param request\n */\n async hydrateCache(\n result: AuthenticationResult,\n request:\n | SilentRequest\n | SsoSilentRequest\n | RedirectRequest\n | PopupRequest\n ): Promise {\n const idTokenEntity = CacheHelpers.createIdTokenEntity(\n result.account?.homeAccountId,\n result.account?.environment,\n result.idToken,\n this.clientId,\n result.tenantId\n );\n\n let claimsHash;\n if (request.claims) {\n claimsHash = await this.cryptoImpl.hashString(request.claims);\n }\n\n /**\n * meta data for cache stores time in seconds from epoch\n * AuthenticationResult returns expiresOn and extExpiresOn in milliseconds (as a Date object which is in ms)\n * We need to map these for the cache when building tokens from AuthenticationResult\n *\n * The next MSAL VFuture should map these both to same value if possible\n */\n\n const accessTokenEntity = CacheHelpers.createAccessTokenEntity(\n result.account?.homeAccountId,\n result.account.environment,\n result.accessToken,\n this.clientId,\n result.tenantId,\n result.scopes.join(\" \"),\n result.expiresOn ? result.expiresOn.getTime() / 1000 : 0,\n result.extExpiresOn ? result.extExpiresOn.getTime() / 1000 : 0,\n base64Decode,\n undefined, // refreshOn\n result.tokenType as AuthenticationScheme,\n undefined, // userAssertionHash\n request.sshKid,\n request.claims,\n claimsHash\n );\n\n const cacheRecord = {\n idToken: idTokenEntity,\n accessToken: accessTokenEntity,\n };\n return this.saveCacheRecord(cacheRecord);\n }\n\n /**\n * saves a cache record\n * @param cacheRecord {CacheRecord}\n * @param storeInCache {?StoreInCache}\n * @param correlationId {?string} correlation id\n */\n async saveCacheRecord(\n cacheRecord: CacheRecord,\n storeInCache?: StoreInCache,\n correlationId?: string\n ): Promise {\n try {\n await super.saveCacheRecord(\n cacheRecord,\n storeInCache,\n correlationId\n );\n } catch (e) {\n if (\n e instanceof CacheError &&\n this.performanceClient &&\n correlationId\n ) {\n try {\n const tokenKeys = this.getTokenKeys();\n\n this.performanceClient.addFields(\n {\n cacheRtCount: tokenKeys.refreshToken.length,\n cacheIdCount: tokenKeys.idToken.length,\n cacheAtCount: tokenKeys.accessToken.length,\n },\n correlationId\n );\n } catch (e) {}\n }\n\n throw e;\n }\n }\n}\n\nexport const DEFAULT_BROWSER_CACHE_MANAGER = (\n clientId: string,\n logger: Logger\n): BrowserCacheManager => {\n const cacheOptions: Required = {\n cacheLocation: BrowserCacheLocation.MemoryStorage,\n temporaryCacheLocation: BrowserCacheLocation.MemoryStorage,\n storeAuthStateInCookie: false,\n secureCookies: false,\n cacheMigrationEnabled: false,\n claimsBasedCachingEnabled: false,\n };\n return new BrowserCacheManager(\n clientId,\n cacheOptions,\n DEFAULT_CRYPTO_IMPLEMENTATION,\n logger\n );\n};\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n BrowserConfigurationAuthErrorCodes,\n createBrowserConfigurationAuthError,\n} from \"../error/BrowserConfigurationAuthError.js\";\nimport { IWindowStorage } from \"./IWindowStorage.js\";\n\nexport class LocalStorage implements IWindowStorage {\n constructor() {\n if (!window.localStorage) {\n throw createBrowserConfigurationAuthError(\n BrowserConfigurationAuthErrorCodes.storageNotSupported\n );\n }\n }\n\n getItem(key: string): string | null {\n return window.localStorage.getItem(key);\n }\n\n setItem(key: string, value: string): void {\n window.localStorage.setItem(key, value);\n }\n\n removeItem(key: string): void {\n window.localStorage.removeItem(key);\n }\n\n getKeys(): string[] {\n return Object.keys(window.localStorage);\n }\n\n containsKey(key: string): boolean {\n return window.localStorage.hasOwnProperty(key);\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { IWindowStorage } from \"./IWindowStorage.js\";\n\nexport class MemoryStorage implements IWindowStorage {\n private cache: Map;\n\n constructor() {\n this.cache = new Map();\n }\n\n getItem(key: string): T | null {\n return this.cache.get(key) || null;\n }\n\n setItem(key: string, value: T): void {\n this.cache.set(key, value);\n }\n\n removeItem(key: string): void {\n this.cache.delete(key);\n }\n\n getKeys(): string[] {\n const cacheKeys: string[] = [];\n this.cache.forEach((value: T, key: string) => {\n cacheKeys.push(key);\n });\n return cacheKeys;\n }\n\n containsKey(key: string): boolean {\n return this.cache.has(key);\n }\n\n clear(): void {\n this.cache.clear();\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n BrowserConfigurationAuthErrorCodes,\n createBrowserConfigurationAuthError,\n} from \"../error/BrowserConfigurationAuthError.js\";\nimport { IWindowStorage } from \"./IWindowStorage.js\";\n\nexport class SessionStorage implements IWindowStorage {\n constructor() {\n if (!window.sessionStorage) {\n throw createBrowserConfigurationAuthError(\n BrowserConfigurationAuthErrorCodes.storageNotSupported\n );\n }\n }\n\n getItem(key: string): string | null {\n return window.sessionStorage.getItem(key);\n }\n\n setItem(key: string, value: string): void {\n window.sessionStorage.setItem(key, value);\n }\n\n removeItem(key: string): void {\n window.sessionStorage.removeItem(key);\n }\n\n getKeys(): string[] {\n return Object.keys(window.sessionStorage);\n }\n\n containsKey(key: string): boolean {\n return window.sessionStorage.hasOwnProperty(key);\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n SystemOptions,\n LoggerOptions,\n INetworkModule,\n DEFAULT_SYSTEM_OPTIONS,\n Constants,\n ProtocolMode,\n OIDCOptions,\n ServerResponseType,\n LogLevel,\n StubbedNetworkModule,\n AzureCloudInstance,\n AzureCloudOptions,\n ApplicationTelemetry,\n createClientConfigurationError,\n ClientConfigurationErrorCodes,\n IPerformanceClient,\n StubPerformanceClient,\n Logger,\n} from \"@azure/msal-common/browser\";\nimport {\n BrowserCacheLocation,\n BrowserConstants,\n} from \"../utils/BrowserConstants.js\";\nimport { INavigationClient } from \"../navigation/INavigationClient.js\";\nimport { NavigationClient } from \"../navigation/NavigationClient.js\";\nimport { FetchClient } from \"../network/FetchClient.js\";\nimport * as BrowserUtils from \"../utils/BrowserUtils.js\";\n\n// Default timeout for popup windows and iframes in milliseconds\nexport const DEFAULT_POPUP_TIMEOUT_MS = 60000;\nexport const DEFAULT_IFRAME_TIMEOUT_MS = 10000;\nexport const DEFAULT_REDIRECT_TIMEOUT_MS = 30000;\nexport const DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS = 2000;\n\n/**\n * Use this to configure the auth options in the Configuration object\n */\nexport type BrowserAuthOptions = {\n /**\n * Client ID of your app registered with our Application registration portal : https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview in Microsoft Identity Platform\n */\n clientId: string;\n /**\n * You can configure a specific authority, defaults to \" \" or \"https://login.microsoftonline.com/common\"\n */\n authority?: string;\n /**\n * An array of URIs that are known to be valid. Used in B2C scenarios.\n */\n knownAuthorities?: Array;\n /**\n * A string containing the cloud discovery response. Used in AAD scenarios.\n */\n cloudDiscoveryMetadata?: string;\n /**\n * A string containing the .well-known/openid-configuration endpoint response\n */\n authorityMetadata?: string;\n /**\n * The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal.\n */\n redirectUri?: string;\n /**\n * The redirect URI where the window navigates after a successful logout.\n */\n postLogoutRedirectUri?: string | null;\n /**\n * Boolean indicating whether to navigate to the original request URL after the auth server navigates to the redirect URL.\n */\n navigateToLoginRequestUrl?: boolean;\n /**\n * Array of capabilities which will be added to the claims.access_token.xms_cc request property on every network request.\n */\n clientCapabilities?: Array;\n /**\n * Enum that represents the protocol that msal follows. Used for configuring proper endpoints.\n */\n protocolMode?: ProtocolMode;\n /**\n * Enum that configures options for the OIDC protocol mode.\n */\n OIDCOptions?: OIDCOptions;\n /**\n * Enum that represents the Azure Cloud to use.\n */\n azureCloudOptions?: AzureCloudOptions;\n /**\n * Flag of whether to use the local metadata cache\n */\n skipAuthorityMetadataCache?: boolean;\n /**\n * App supports nested app auth or not; defaults to\n *\n * @deprecated This flag is deprecated and will be removed in the next major version. createNestablePublicClientApplication should be used instead.\n */\n supportsNestedAppAuth?: boolean;\n /**\n * Callback that will be passed the url that MSAL will navigate to in redirect flows. Returning false in the callback will stop navigation.\n */\n onRedirectNavigate?: (url: string) => boolean | void;\n /**\n * Flag of whether the STS will send back additional parameters to specify where the tokens should be retrieved from.\n */\n instanceAware?: boolean;\n};\n\n/** @internal */\nexport type InternalAuthOptions = Omit<\n Required,\n \"onRedirectNavigate\"\n> & {\n OIDCOptions: Required;\n onRedirectNavigate?: (url: string) => boolean | void;\n};\n\n/**\n * Use this to configure the below cache configuration options:\n */\nexport type CacheOptions = {\n /**\n * Used to specify the cacheLocation user wants to set. Valid values are \"localStorage\", \"sessionStorage\" and \"memoryStorage\".\n */\n cacheLocation?: BrowserCacheLocation | string;\n /**\n * Used to specify the temporaryCacheLocation user wants to set. Valid values are \"localStorage\", \"sessionStorage\" and \"memoryStorage\".\n */\n temporaryCacheLocation?: BrowserCacheLocation | string;\n /**\n * If set, MSAL stores the auth request state required for validation of the auth flows in the browser cookies. By default this flag is set to false.\n */\n storeAuthStateInCookie?: boolean;\n /**\n * If set, MSAL sets the \"Secure\" flag on cookies so they can only be sent over HTTPS. By default this flag is set to false.\n */\n secureCookies?: boolean;\n /**\n * If set, MSAL will attempt to migrate cache entries from older versions on initialization. By default this flag is set to true if cacheLocation is localStorage, otherwise false.\n */\n cacheMigrationEnabled?: boolean;\n /**\n * Flag that determines whether access tokens are stored based on requested claims\n */\n claimsBasedCachingEnabled?: boolean;\n};\n\nexport type BrowserSystemOptions = SystemOptions & {\n /**\n * Used to initialize the Logger object (See ClientConfiguration.ts)\n */\n loggerOptions?: LoggerOptions;\n /**\n * Network interface implementation\n */\n networkClient?: INetworkModule;\n /**\n * Override the methods used to navigate to other webpages. Particularly useful if you are using a client-side router\n */\n navigationClient?: INavigationClient;\n /**\n * Sets the timeout for waiting for a response hash in a popup. Will take precedence over loadFrameTimeout if both are set.\n */\n windowHashTimeout?: number;\n /**\n * Sets the timeout for waiting for a response hash in an iframe. Will take precedence over loadFrameTimeout if both are set.\n */\n iframeHashTimeout?: number;\n /**\n * Sets the timeout for waiting for a response hash in an iframe or popup\n */\n loadFrameTimeout?: number;\n /**\n * Maximum time the library should wait for a frame to load\n * @deprecated This was previously needed for older browsers which are no longer supported by MSAL.js. This option will be removed in the next major version\n */\n navigateFrameWait?: number;\n /**\n * Time to wait for redirection to occur before resolving promise\n */\n redirectNavigationTimeout?: number;\n /**\n * Sets whether popups are opened asynchronously. By default, this flag is set to false. When set to false, blank popups are opened before anything else happens. When set to true, popups are opened when making the network request.\n */\n asyncPopups?: boolean;\n /**\n * Flag to enable redirect opertaions when the app is rendered in an iframe (to support scenarios such as embedded B2C login).\n */\n allowRedirectInIframe?: boolean;\n /**\n * Flag to enable native broker support (e.g. acquiring tokens from WAM on Windows)\n */\n allowNativeBroker?: boolean;\n /**\n * Sets the timeout for waiting for the native broker handshake to resolve\n */\n nativeBrokerHandshakeTimeout?: number;\n /**\n * Sets the interval length in milliseconds for polling the location attribute in popup windows (default is 30ms)\n */\n pollIntervalMilliseconds?: number;\n};\n\n/**\n * Telemetry Options\n */\nexport type BrowserTelemetryOptions = {\n /**\n * Telemetry information sent on request\n * - appName: Unique string name of an application\n * - appVersion: Version of the application using MSAL\n */\n application?: ApplicationTelemetry;\n\n client?: IPerformanceClient;\n};\n\n/**\n * This object allows you to configure important elements of MSAL functionality and is passed into the constructor of PublicClientApplication\n */\nexport type Configuration = {\n /**\n * This is where you configure auth elements like clientID, authority used for authenticating against the Microsoft Identity Platform\n */\n auth: BrowserAuthOptions;\n /**\n * This is where you configure cache location and whether to store cache in cookies\n */\n cache?: CacheOptions;\n /**\n * This is where you can configure the network client, logger, token renewal offset\n */\n system?: BrowserSystemOptions;\n /**\n * This is where you can configure telemetry data and options\n */\n telemetry?: BrowserTelemetryOptions;\n};\n\n/** @internal */\nexport type BrowserConfiguration = {\n auth: InternalAuthOptions;\n cache: Required;\n system: Required;\n telemetry: Required;\n};\n\n/**\n * MSAL function that sets the default options when not explicitly configured from app developer\n *\n * @param auth\n * @param cache\n * @param system\n *\n * @returns Configuration object\n */\nexport function buildConfiguration(\n {\n auth: userInputAuth,\n cache: userInputCache,\n system: userInputSystem,\n telemetry: userInputTelemetry,\n }: Configuration,\n isBrowserEnvironment: boolean\n): BrowserConfiguration {\n // Default auth options for browser\n const DEFAULT_AUTH_OPTIONS: InternalAuthOptions = {\n clientId: Constants.EMPTY_STRING,\n authority: `${Constants.DEFAULT_AUTHORITY}`,\n knownAuthorities: [],\n cloudDiscoveryMetadata: Constants.EMPTY_STRING,\n authorityMetadata: Constants.EMPTY_STRING,\n redirectUri:\n typeof window !== \"undefined\" ? BrowserUtils.getCurrentUri() : \"\",\n postLogoutRedirectUri: Constants.EMPTY_STRING,\n navigateToLoginRequestUrl: true,\n clientCapabilities: [],\n protocolMode: ProtocolMode.AAD,\n OIDCOptions: {\n serverResponseType: ServerResponseType.FRAGMENT,\n defaultScopes: [\n Constants.OPENID_SCOPE,\n Constants.PROFILE_SCOPE,\n Constants.OFFLINE_ACCESS_SCOPE,\n ],\n },\n azureCloudOptions: {\n azureCloudInstance: AzureCloudInstance.None,\n tenant: Constants.EMPTY_STRING,\n },\n skipAuthorityMetadataCache: false,\n supportsNestedAppAuth: false,\n instanceAware: false,\n };\n\n // Default cache options for browser\n const DEFAULT_CACHE_OPTIONS: Required = {\n cacheLocation: BrowserCacheLocation.SessionStorage,\n temporaryCacheLocation: BrowserCacheLocation.SessionStorage,\n storeAuthStateInCookie: false,\n secureCookies: false,\n // Default cache migration to true if cache location is localStorage since entries are preserved across tabs/windows. Migration has little to no benefit in sessionStorage and memoryStorage\n cacheMigrationEnabled:\n userInputCache &&\n userInputCache.cacheLocation === BrowserCacheLocation.LocalStorage\n ? true\n : false,\n claimsBasedCachingEnabled: false,\n };\n\n // Default logger options for browser\n const DEFAULT_LOGGER_OPTIONS: LoggerOptions = {\n // eslint-disable-next-line @typescript-eslint/no-empty-function\n loggerCallback: (): void => {\n // allow users to not set logger call back\n },\n logLevel: LogLevel.Info,\n piiLoggingEnabled: false,\n };\n\n // Default system options for browser\n const DEFAULT_BROWSER_SYSTEM_OPTIONS: Required = {\n ...DEFAULT_SYSTEM_OPTIONS,\n loggerOptions: DEFAULT_LOGGER_OPTIONS,\n networkClient: isBrowserEnvironment\n ? new FetchClient()\n : StubbedNetworkModule,\n navigationClient: new NavigationClient(),\n loadFrameTimeout: 0,\n // If loadFrameTimeout is provided, use that as default.\n windowHashTimeout:\n userInputSystem?.loadFrameTimeout || DEFAULT_POPUP_TIMEOUT_MS,\n iframeHashTimeout:\n userInputSystem?.loadFrameTimeout || DEFAULT_IFRAME_TIMEOUT_MS,\n navigateFrameWait: 0,\n redirectNavigationTimeout: DEFAULT_REDIRECT_TIMEOUT_MS,\n asyncPopups: false,\n allowRedirectInIframe: false,\n allowNativeBroker: false,\n nativeBrokerHandshakeTimeout:\n userInputSystem?.nativeBrokerHandshakeTimeout ||\n DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS,\n pollIntervalMilliseconds: BrowserConstants.DEFAULT_POLL_INTERVAL_MS,\n };\n\n const providedSystemOptions: Required = {\n ...DEFAULT_BROWSER_SYSTEM_OPTIONS,\n ...userInputSystem,\n loggerOptions: userInputSystem?.loggerOptions || DEFAULT_LOGGER_OPTIONS,\n };\n\n const DEFAULT_TELEMETRY_OPTIONS: Required = {\n application: {\n appName: Constants.EMPTY_STRING,\n appVersion: Constants.EMPTY_STRING,\n },\n client: new StubPerformanceClient(),\n };\n\n // Throw an error if user has set OIDCOptions without being in OIDC protocol mode\n if (\n userInputAuth?.protocolMode !== ProtocolMode.OIDC &&\n userInputAuth?.OIDCOptions\n ) {\n const logger = new Logger(providedSystemOptions.loggerOptions);\n logger.warning(\n JSON.stringify(\n createClientConfigurationError(\n ClientConfigurationErrorCodes.cannotSetOIDCOptions\n )\n )\n );\n }\n\n // Throw an error if user has set allowNativeBroker to true without being in AAD protocol mode\n if (\n userInputAuth?.protocolMode &&\n userInputAuth.protocolMode !== ProtocolMode.AAD &&\n providedSystemOptions?.allowNativeBroker\n ) {\n throw createClientConfigurationError(\n ClientConfigurationErrorCodes.cannotAllowNativeBroker\n );\n }\n\n const overlayedConfig: BrowserConfiguration = {\n auth: {\n ...DEFAULT_AUTH_OPTIONS,\n ...userInputAuth,\n OIDCOptions: {\n ...DEFAULT_AUTH_OPTIONS.OIDCOptions,\n ...userInputAuth?.OIDCOptions,\n },\n },\n cache: { ...DEFAULT_CACHE_OPTIONS, ...userInputCache },\n system: providedSystemOptions,\n telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...userInputTelemetry },\n };\n\n return overlayedConfig;\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { NestedAppOperatingContext } from \"../operatingcontext/NestedAppOperatingContext.js\";\nimport { StandardOperatingContext } from \"../operatingcontext/StandardOperatingContext.js\";\nimport { IController } from \"./IController.js\";\nimport { Configuration } from \"../config/Configuration.js\";\nimport { StandardController } from \"./StandardController.js\";\nimport { NestedAppAuthController } from \"./NestedAppAuthController.js\";\nimport { InitializeApplicationRequest } from \"../request/InitializeApplicationRequest.js\";\n\nexport async function createV3Controller(\n config: Configuration,\n request?: InitializeApplicationRequest\n): Promise {\n const standard = new StandardOperatingContext(config);\n\n await standard.initialize();\n return StandardController.createController(standard, request);\n}\n\nexport async function createController(\n config: Configuration\n): Promise {\n const standard = new StandardOperatingContext(config);\n const nestedApp = new NestedAppOperatingContext(config);\n\n const operatingContexts = [standard.initialize(), nestedApp.initialize()];\n\n await Promise.all(operatingContexts);\n\n if (nestedApp.isAvailable() && config.auth.supportsNestedAppAuth) {\n return NestedAppAuthController.createController(nestedApp);\n } else if (standard.isAvailable()) {\n return StandardController.createController(standard);\n } else {\n // Since neither of the actual operating contexts are available keep the UnknownOperatingContextController\n return null;\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { AuthError } from \"@azure/msal-common/browser\";\n\n/**\n * NestedAppAuthErrorMessage class containing string constants used by error codes and messages.\n */\nexport const NestedAppAuthErrorMessage = {\n unsupportedMethod: {\n code: \"unsupported_method\",\n desc: \"This method is not supported in nested app environment.\",\n },\n};\n\nexport class NestedAppAuthError extends AuthError {\n constructor(errorCode: string, errorMessage?: string) {\n super(errorCode, errorMessage);\n\n Object.setPrototypeOf(this, NestedAppAuthError.prototype);\n this.name = \"NestedAppAuthError\";\n }\n\n public static createUnsupportedError(): NestedAppAuthError {\n return new NestedAppAuthError(\n NestedAppAuthErrorMessage.unsupportedMethod.code,\n NestedAppAuthErrorMessage.unsupportedMethod.desc\n );\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n AccessTokenEntity,\n ICrypto,\n IdTokenEntity,\n Logger,\n ScopeSet,\n Authority,\n AuthorityOptions,\n ExternalTokenResponse,\n AccountEntity,\n AuthToken,\n RefreshTokenEntity,\n CacheRecord,\n TokenClaims,\n CacheHelpers,\n buildAccountToCache,\n} from \"@azure/msal-common/browser\";\nimport { BrowserConfiguration } from \"../config/Configuration.js\";\nimport { SilentRequest } from \"../request/SilentRequest.js\";\nimport { BrowserCacheManager } from \"./BrowserCacheManager.js\";\nimport { ITokenCache } from \"./ITokenCache.js\";\nimport {\n createBrowserAuthError,\n BrowserAuthErrorCodes,\n} from \"../error/BrowserAuthError.js\";\nimport { AuthenticationResult } from \"../response/AuthenticationResult.js\";\nimport { base64Decode } from \"../encode/Base64Decode.js\";\nimport * as BrowserCrypto from \"../crypto/BrowserCrypto.js\";\n\nexport type LoadTokenOptions = {\n clientInfo?: string;\n expiresOn?: number;\n extendedExpiresOn?: number;\n};\n\n/**\n * Token cache manager\n */\nexport class TokenCache implements ITokenCache {\n // Flag to indicate if in browser environment\n public isBrowserEnvironment: boolean;\n // Input configuration by developer/user\n protected config: BrowserConfiguration;\n // Browser cache storage\n private storage: BrowserCacheManager;\n // Logger\n private logger: Logger;\n // Crypto class\n private cryptoObj: ICrypto;\n\n constructor(\n configuration: BrowserConfiguration,\n storage: BrowserCacheManager,\n logger: Logger,\n cryptoObj: ICrypto\n ) {\n this.isBrowserEnvironment = typeof window !== \"undefined\";\n this.config = configuration;\n this.storage = storage;\n this.logger = logger;\n this.cryptoObj = cryptoObj;\n }\n\n // Move getAllAccounts here and cache utility APIs\n\n /**\n * API to load tokens to msal-browser cache.\n * @param request\n * @param response\n * @param options\n * @returns `AuthenticationResult` for the response that was loaded.\n */\n loadExternalTokens(\n request: SilentRequest,\n response: ExternalTokenResponse,\n options: LoadTokenOptions\n ): AuthenticationResult {\n if (!this.isBrowserEnvironment) {\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.nonBrowserEnvironment\n );\n }\n\n const idTokenClaims = response.id_token\n ? AuthToken.extractTokenClaims(response.id_token, base64Decode)\n : undefined;\n\n const authorityOptions: AuthorityOptions = {\n protocolMode: this.config.auth.protocolMode,\n knownAuthorities: this.config.auth.knownAuthorities,\n cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata,\n authorityMetadata: this.config.auth.authorityMetadata,\n skipAuthorityMetadataCache:\n this.config.auth.skipAuthorityMetadataCache,\n };\n const authority = request.authority\n ? new Authority(\n Authority.generateAuthority(\n request.authority,\n request.azureCloudOptions\n ),\n this.config.system.networkClient,\n this.storage,\n authorityOptions,\n this.logger,\n request.correlationId || BrowserCrypto.createNewGuid()\n )\n : undefined;\n\n const cacheRecordAccount: AccountEntity = this.loadAccount(\n request,\n options.clientInfo || response.client_info || \"\",\n idTokenClaims,\n authority\n );\n\n const idToken = this.loadIdToken(\n response,\n cacheRecordAccount.homeAccountId,\n cacheRecordAccount.environment,\n cacheRecordAccount.realm\n );\n\n const accessToken = this.loadAccessToken(\n request,\n response,\n cacheRecordAccount.homeAccountId,\n cacheRecordAccount.environment,\n cacheRecordAccount.realm,\n options\n );\n\n const refreshToken = this.loadRefreshToken(\n response,\n cacheRecordAccount.homeAccountId,\n cacheRecordAccount.environment\n );\n\n return this.generateAuthenticationResult(\n request,\n {\n account: cacheRecordAccount,\n idToken,\n accessToken,\n refreshToken,\n },\n idTokenClaims,\n authority\n );\n }\n\n /**\n * Helper function to load account to msal-browser cache\n * @param idToken\n * @param environment\n * @param clientInfo\n * @param authorityType\n * @param requestHomeAccountId\n * @returns `AccountEntity`\n */\n private loadAccount(\n request: SilentRequest,\n clientInfo: string,\n idTokenClaims?: TokenClaims,\n authority?: Authority\n ): AccountEntity {\n this.logger.verbose(\"TokenCache - loading account\");\n\n if (request.account) {\n const accountEntity = AccountEntity.createFromAccountInfo(\n request.account\n );\n this.storage.setAccount(accountEntity);\n return accountEntity;\n } else if (!authority || (!clientInfo && !idTokenClaims)) {\n this.logger.error(\n \"TokenCache - if an account is not provided on the request, authority and either clientInfo or idToken must be provided instead.\"\n );\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.unableToLoadToken\n );\n }\n\n const homeAccountId = AccountEntity.generateHomeAccountId(\n clientInfo,\n authority.authorityType,\n this.logger,\n this.cryptoObj,\n idTokenClaims\n );\n\n const claimsTenantId = idTokenClaims?.tid;\n\n const cachedAccount = buildAccountToCache(\n this.storage,\n authority,\n homeAccountId,\n base64Decode,\n idTokenClaims,\n clientInfo,\n authority.hostnameAndPort,\n claimsTenantId,\n undefined, // authCodePayload\n undefined, // nativeAccountId\n this.logger\n );\n\n this.storage.setAccount(cachedAccount);\n return cachedAccount;\n }\n\n /**\n * Helper function to load id tokens to msal-browser cache\n * @param idToken\n * @param homeAccountId\n * @param environment\n * @param tenantId\n * @returns `IdTokenEntity`\n */\n private loadIdToken(\n response: ExternalTokenResponse,\n homeAccountId: string,\n environment: string,\n tenantId: string\n ): IdTokenEntity | null {\n if (!response.id_token) {\n this.logger.verbose(\"TokenCache - no id token found in response\");\n return null;\n }\n\n this.logger.verbose(\"TokenCache - loading id token\");\n const idTokenEntity = CacheHelpers.createIdTokenEntity(\n homeAccountId,\n environment,\n response.id_token,\n this.config.auth.clientId,\n tenantId\n );\n\n this.storage.setIdTokenCredential(idTokenEntity);\n return idTokenEntity;\n }\n\n /**\n * Helper function to load access tokens to msal-browser cache\n * @param request\n * @param response\n * @param homeAccountId\n * @param environment\n * @param tenantId\n * @returns `AccessTokenEntity`\n */\n private loadAccessToken(\n request: SilentRequest,\n response: ExternalTokenResponse,\n homeAccountId: string,\n environment: string,\n tenantId: string,\n options: LoadTokenOptions\n ): AccessTokenEntity | null {\n if (!response.access_token) {\n this.logger.verbose(\n \"TokenCache - no access token found in response\"\n );\n return null;\n } else if (!response.expires_in) {\n this.logger.error(\n \"TokenCache - no expiration set on the access token. Cannot add it to the cache.\"\n );\n return null;\n } else if (\n !response.scope &&\n (!request.scopes || !request.scopes.length)\n ) {\n this.logger.error(\n \"TokenCache - scopes not specified in the request or response. Cannot add token to the cache.\"\n );\n return null;\n }\n\n this.logger.verbose(\"TokenCache - loading access token\");\n\n const scopes = response.scope\n ? ScopeSet.fromString(response.scope)\n : new ScopeSet(request.scopes);\n const expiresOn =\n options.expiresOn ||\n response.expires_in + new Date().getTime() / 1000;\n\n const extendedExpiresOn =\n options.extendedExpiresOn ||\n (response.ext_expires_in || response.expires_in) +\n new Date().getTime() / 1000;\n\n const accessTokenEntity = CacheHelpers.createAccessTokenEntity(\n homeAccountId,\n environment,\n response.access_token,\n this.config.auth.clientId,\n tenantId,\n scopes.printScopes(),\n expiresOn,\n extendedExpiresOn,\n base64Decode\n );\n\n this.storage.setAccessTokenCredential(accessTokenEntity);\n return accessTokenEntity;\n }\n\n /**\n * Helper function to load refresh tokens to msal-browser cache\n * @param request\n * @param response\n * @param homeAccountId\n * @param environment\n * @returns `RefreshTokenEntity`\n */\n private loadRefreshToken(\n response: ExternalTokenResponse,\n homeAccountId: string,\n environment: string\n ): RefreshTokenEntity | null {\n if (!response.refresh_token) {\n this.logger.verbose(\n \"TokenCache - no refresh token found in response\"\n );\n return null;\n }\n\n this.logger.verbose(\"TokenCache - loading refresh token\");\n const refreshTokenEntity = CacheHelpers.createRefreshTokenEntity(\n homeAccountId,\n environment,\n response.refresh_token,\n this.config.auth.clientId,\n response.foci,\n undefined, // userAssertionHash\n response.refresh_token_expires_in\n );\n\n this.storage.setRefreshTokenCredential(refreshTokenEntity);\n return refreshTokenEntity;\n }\n\n /**\n * Helper function to generate an `AuthenticationResult` for the result.\n * @param request\n * @param idTokenObj\n * @param cacheRecord\n * @param authority\n * @returns `AuthenticationResult`\n */\n private generateAuthenticationResult(\n request: SilentRequest,\n cacheRecord: CacheRecord & { account: AccountEntity },\n idTokenClaims?: TokenClaims,\n authority?: Authority\n ): AuthenticationResult {\n let accessToken: string = \"\";\n let responseScopes: Array = [];\n let expiresOn: Date | null = null;\n let extExpiresOn: Date | undefined;\n\n if (cacheRecord?.accessToken) {\n accessToken = cacheRecord.accessToken.secret;\n responseScopes = ScopeSet.fromString(\n cacheRecord.accessToken.target\n ).asArray();\n expiresOn = new Date(\n Number(cacheRecord.accessToken.expiresOn) * 1000\n );\n extExpiresOn = new Date(\n Number(cacheRecord.accessToken.extendedExpiresOn) * 1000\n );\n }\n\n const accountEntity = cacheRecord.account;\n\n return {\n authority: authority ? authority.canonicalAuthority : \"\",\n uniqueId: cacheRecord.account.localAccountId,\n tenantId: cacheRecord.account.realm,\n scopes: responseScopes,\n account: accountEntity.getAccountInfo(),\n idToken: cacheRecord.idToken?.secret || \"\",\n idTokenClaims: idTokenClaims || {},\n accessToken: accessToken,\n fromCache: true,\n expiresOn: expiresOn,\n correlationId: request.correlationId || \"\",\n requestId: \"\",\n extExpiresOn: extExpiresOn,\n familyId: cacheRecord.refreshToken?.familyId || \"\",\n tokenType: cacheRecord?.accessToken?.tokenType || \"\",\n state: request.state || \"\",\n cloudGraphHostName: accountEntity.cloudGraphHostName || \"\",\n msGraphHost: accountEntity.msGraphHost || \"\",\n fromNativeBroker: false,\n };\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { CryptoOps } from \"../crypto/CryptoOps.js\";\nimport {\n InteractionRequiredAuthError,\n AccountInfo,\n Constants,\n INetworkModule,\n Logger,\n CommonSilentFlowRequest,\n ICrypto,\n DEFAULT_CRYPTO_IMPLEMENTATION,\n AuthError,\n PerformanceEvents,\n PerformanceCallbackFunction,\n IPerformanceClient,\n BaseAuthRequest,\n PromptValue,\n InProgressPerformanceEvent,\n RequestThumbprint,\n AccountEntity,\n invokeAsync,\n createClientAuthError,\n ClientAuthErrorCodes,\n AccountFilter,\n buildStaticAuthorityOptions,\n InteractionRequiredAuthErrorCodes,\n PersistentCacheKeys,\n CacheManager,\n} from \"@azure/msal-common/browser\";\nimport {\n BrowserCacheManager,\n DEFAULT_BROWSER_CACHE_MANAGER,\n} from \"../cache/BrowserCacheManager.js\";\nimport * as AccountManager from \"../cache/AccountManager.js\";\nimport { BrowserConfiguration, CacheOptions } from \"../config/Configuration.js\";\nimport {\n InteractionType,\n ApiId,\n BrowserCacheLocation,\n WrapperSKU,\n TemporaryCacheKeys,\n CacheLookupPolicy,\n DEFAULT_REQUEST,\n BrowserConstants,\n iFrameRenewalPolicies,\n} from \"../utils/BrowserConstants.js\";\nimport * as BrowserUtils from \"../utils/BrowserUtils.js\";\nimport { RedirectRequest } from \"../request/RedirectRequest.js\";\nimport { PopupRequest } from \"../request/PopupRequest.js\";\nimport { SsoSilentRequest } from \"../request/SsoSilentRequest.js\";\nimport { EventCallbackFunction, EventError } from \"../event/EventMessage.js\";\nimport { EventType } from \"../event/EventType.js\";\nimport { EndSessionRequest } from \"../request/EndSessionRequest.js\";\nimport { EndSessionPopupRequest } from \"../request/EndSessionPopupRequest.js\";\nimport { INavigationClient } from \"../navigation/INavigationClient.js\";\nimport { EventHandler } from \"../event/EventHandler.js\";\nimport { PopupClient } from \"../interaction_client/PopupClient.js\";\nimport { RedirectClient } from \"../interaction_client/RedirectClient.js\";\nimport { SilentIframeClient } from \"../interaction_client/SilentIframeClient.js\";\nimport { SilentRefreshClient } from \"../interaction_client/SilentRefreshClient.js\";\nimport { TokenCache } from \"../cache/TokenCache.js\";\nimport { ITokenCache } from \"../cache/ITokenCache.js\";\nimport { NativeInteractionClient } from \"../interaction_client/NativeInteractionClient.js\";\nimport { NativeMessageHandler } from \"../broker/nativeBroker/NativeMessageHandler.js\";\nimport { SilentRequest } from \"../request/SilentRequest.js\";\nimport {\n NativeAuthError,\n isFatalNativeAuthError,\n} from \"../error/NativeAuthError.js\";\nimport { SilentCacheClient } from \"../interaction_client/SilentCacheClient.js\";\nimport { SilentAuthCodeClient } from \"../interaction_client/SilentAuthCodeClient.js\";\nimport {\n createBrowserAuthError,\n BrowserAuthErrorCodes,\n} from \"../error/BrowserAuthError.js\";\nimport { AuthorizationCodeRequest } from \"../request/AuthorizationCodeRequest.js\";\nimport { NativeTokenRequest } from \"../broker/nativeBroker/NativeRequest.js\";\nimport { StandardOperatingContext } from \"../operatingcontext/StandardOperatingContext.js\";\nimport { BaseOperatingContext } from \"../operatingcontext/BaseOperatingContext.js\";\nimport { IController } from \"./IController.js\";\nimport { AuthenticationResult } from \"../response/AuthenticationResult.js\";\nimport { ClearCacheRequest } from \"../request/ClearCacheRequest.js\";\nimport { createNewGuid } from \"../crypto/BrowserCrypto.js\";\nimport { initializeSilentRequest } from \"../request/RequestHelpers.js\";\nimport { InitializeApplicationRequest } from \"../request/InitializeApplicationRequest.js\";\n\nfunction getAccountType(\n account?: AccountInfo\n): \"AAD\" | \"MSA\" | \"B2C\" | undefined {\n const idTokenClaims = account?.idTokenClaims;\n if (idTokenClaims?.tfp || idTokenClaims?.acr) {\n return \"B2C\";\n }\n\n if (!idTokenClaims?.tid) {\n return undefined;\n } else if (idTokenClaims?.tid === \"9188040d-6c67-4c5b-b112-36a304b66dad\") {\n return \"MSA\";\n }\n return \"AAD\";\n}\n\nfunction preflightCheck(\n initialized: boolean,\n performanceEvent: InProgressPerformanceEvent\n) {\n try {\n BrowserUtils.preflightCheck(initialized);\n } catch (e) {\n performanceEvent.end({ success: false }, e);\n throw e;\n }\n}\n\nexport class StandardController implements IController {\n // OperatingContext\n protected readonly operatingContext: StandardOperatingContext;\n\n // Crypto interface implementation\n protected readonly browserCrypto: ICrypto;\n\n // Storage interface implementation\n protected readonly browserStorage: BrowserCacheManager;\n\n // Native Cache in memory storage implementation\n protected readonly nativeInternalStorage: BrowserCacheManager;\n\n // Network interface implementation\n protected readonly networkClient: INetworkModule;\n\n // Navigation interface implementation\n protected navigationClient: INavigationClient;\n\n // Input configuration by developer/user\n protected readonly config: BrowserConfiguration;\n\n // Token cache implementation\n private tokenCache: TokenCache;\n\n // Logger\n protected logger: Logger;\n\n // Flag to indicate if in browser environment\n protected isBrowserEnvironment: boolean;\n\n protected readonly eventHandler: EventHandler;\n\n // Redirect Response Object\n protected readonly redirectResponse: Map<\n string,\n Promise\n >;\n\n // Native Extension Provider\n protected nativeExtensionProvider: NativeMessageHandler | undefined;\n\n // Hybrid auth code responses\n private hybridAuthCodeResponses: Map>;\n\n // Performance telemetry client\n protected readonly performanceClient: IPerformanceClient;\n\n // Flag representing whether or not the initialize API has been called and completed\n protected initialized: boolean;\n\n // Active requests\n private activeSilentTokenRequests: Map<\n string,\n Promise\n >;\n\n // Active Iframe request\n private activeIframeRequest: [Promise, string] | undefined;\n\n private ssoSilentMeasurement?: InProgressPerformanceEvent;\n private acquireTokenByCodeAsyncMeasurement?: InProgressPerformanceEvent;\n\n // Flag which indicates if we're currently listening for account storage events\n private listeningToStorageEvents: boolean;\n /**\n * @constructor\n * Constructor for the PublicClientApplication used to instantiate the PublicClientApplication object\n *\n * Important attributes in the Configuration object for auth are:\n * - clientID: the application ID of your application. You can obtain one by registering your application with our Application registration portal : https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview\n * - authority: the authority URL for your application.\n * - redirect_uri: the uri of your application registered in the portal.\n *\n * In Azure AD, authority is a URL indicating the Azure active directory that MSAL uses to obtain tokens.\n * It is of the form https://login.microsoftonline.com/{Enter_the_Tenant_Info_Here}\n * If your application supports Accounts in one organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com).\n * If your application supports Accounts in any organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with organizations.\n * If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace \"Enter_the_Tenant_Info_Here\" value with common.\n * To restrict support to Personal Microsoft accounts only, replace \"Enter_the_Tenant_Info_Here\" value with consumers.\n *\n * In Azure B2C, authority is of the form https://{instance}/tfp/{tenant}/{policyName}/\n * Full B2C functionality will be available in this library in future versions.\n *\n * @param configuration Object for the MSAL PublicClientApplication instance\n */\n constructor(operatingContext: StandardOperatingContext) {\n this.operatingContext = operatingContext;\n this.isBrowserEnvironment =\n this.operatingContext.isBrowserEnvironment();\n // Set the configuration.\n this.config = operatingContext.getConfig();\n this.initialized = false;\n\n // Initialize logger\n this.logger = this.operatingContext.getLogger();\n\n // Initialize the network module class.\n this.networkClient = this.config.system.networkClient;\n\n // Initialize the navigation client class.\n this.navigationClient = this.config.system.navigationClient;\n\n // Initialize redirectResponse Map\n this.redirectResponse = new Map();\n\n // Initial hybrid spa map\n this.hybridAuthCodeResponses = new Map();\n\n // Initialize performance client\n this.performanceClient = this.config.telemetry.client;\n\n // Initialize the crypto class.\n this.browserCrypto = this.isBrowserEnvironment\n ? new CryptoOps(this.logger, this.performanceClient)\n : DEFAULT_CRYPTO_IMPLEMENTATION;\n\n this.eventHandler = new EventHandler(this.logger);\n\n // Initialize the browser storage class.\n this.browserStorage = this.isBrowserEnvironment\n ? new BrowserCacheManager(\n this.config.auth.clientId,\n this.config.cache,\n this.browserCrypto,\n this.logger,\n buildStaticAuthorityOptions(this.config.auth),\n this.performanceClient\n )\n : DEFAULT_BROWSER_CACHE_MANAGER(\n this.config.auth.clientId,\n this.logger\n );\n\n // initialize in memory storage for native flows\n const nativeCacheOptions: Required = {\n cacheLocation: BrowserCacheLocation.MemoryStorage,\n temporaryCacheLocation: BrowserCacheLocation.MemoryStorage,\n storeAuthStateInCookie: false,\n secureCookies: false,\n cacheMigrationEnabled: false,\n claimsBasedCachingEnabled: false,\n };\n this.nativeInternalStorage = new BrowserCacheManager(\n this.config.auth.clientId,\n nativeCacheOptions,\n this.browserCrypto,\n this.logger,\n undefined,\n this.performanceClient\n );\n\n // Initialize the token cache\n this.tokenCache = new TokenCache(\n this.config,\n this.browserStorage,\n this.logger,\n this.browserCrypto\n );\n\n this.activeSilentTokenRequests = new Map();\n\n // Register listener functions\n this.trackPageVisibility = this.trackPageVisibility.bind(this);\n\n // Register listener functions\n this.trackPageVisibilityWithMeasurement =\n this.trackPageVisibilityWithMeasurement.bind(this);\n\n // account storage events\n this.listeningToStorageEvents = false;\n this.handleAccountCacheChange =\n this.handleAccountCacheChange.bind(this);\n }\n\n static async createController(\n operatingContext: BaseOperatingContext,\n request?: InitializeApplicationRequest\n ): Promise {\n const controller = new StandardController(operatingContext);\n await controller.initialize(request);\n return controller;\n }\n\n private trackPageVisibility(correlationId?: string): void {\n if (!correlationId) {\n return;\n }\n this.logger.info(\"Perf: Visibility change detected\");\n this.performanceClient.incrementFields(\n { visibilityChangeCount: 1 },\n correlationId\n );\n }\n\n /**\n * Initializer function to perform async startup tasks such as connecting to WAM extension\n * @param request {?InitializeApplicationRequest} correlation id\n */\n async initialize(request?: InitializeApplicationRequest): Promise {\n this.logger.trace(\"initialize called\");\n if (this.initialized) {\n this.logger.info(\n \"initialize has already been called, exiting early.\"\n );\n return;\n }\n\n if (!this.isBrowserEnvironment) {\n this.logger.info(\"in non-browser environment, exiting early.\");\n this.initialized = true;\n this.eventHandler.emitEvent(EventType.INITIALIZE_END);\n return;\n }\n\n const initCorrelationId =\n request?.correlationId || this.getRequestCorrelationId();\n const allowNativeBroker = this.config.system.allowNativeBroker;\n const initMeasurement = this.performanceClient.startMeasurement(\n PerformanceEvents.InitializeClientApplication,\n initCorrelationId\n );\n this.eventHandler.emitEvent(EventType.INITIALIZE_START);\n\n if (allowNativeBroker) {\n try {\n this.nativeExtensionProvider =\n await NativeMessageHandler.createProvider(\n this.logger,\n this.config.system.nativeBrokerHandshakeTimeout,\n this.performanceClient\n );\n } catch (e) {\n this.logger.verbose(e as string);\n }\n }\n\n if (!this.config.cache.claimsBasedCachingEnabled) {\n this.logger.verbose(\n \"Claims-based caching is disabled. Clearing the previous cache with claims\"\n );\n\n await invokeAsync(\n this.browserStorage.clearTokensAndKeysWithClaims.bind(\n this.browserStorage\n ),\n PerformanceEvents.ClearTokensAndKeysWithClaims,\n this.logger,\n this.performanceClient,\n initCorrelationId\n )(this.performanceClient, initCorrelationId);\n }\n\n this.initialized = true;\n this.eventHandler.emitEvent(EventType.INITIALIZE_END);\n initMeasurement.end({ allowNativeBroker, success: true });\n }\n\n // #region Redirect Flow\n\n /**\n * Event handler function which allows users to fire events after the PublicClientApplication object\n * has loaded during redirect flows. This should be invoked on all page loads involved in redirect\n * auth flows.\n * @param hash Hash to process. Defaults to the current value of window.location.hash. Only needs to be provided explicitly if the response to be handled is not contained in the current value.\n * @returns Token response or null. If the return value is null, then no auth redirect was detected.\n */\n async handleRedirectPromise(\n hash?: string\n ): Promise {\n this.logger.verbose(\"handleRedirectPromise called\");\n // Block token acquisition before initialize has been called\n BrowserUtils.blockAPICallsBeforeInitialize(this.initialized);\n\n if (this.isBrowserEnvironment) {\n /**\n * Store the promise on the PublicClientApplication instance if this is the first invocation of handleRedirectPromise,\n * otherwise return the promise from the first invocation. Prevents race conditions when handleRedirectPromise is called\n * several times concurrently.\n */\n const redirectResponseKey = hash || \"\";\n let response = this.redirectResponse.get(redirectResponseKey);\n if (typeof response === \"undefined\") {\n response = this.handleRedirectPromiseInternal(hash);\n this.redirectResponse.set(redirectResponseKey, response);\n this.logger.verbose(\n \"handleRedirectPromise has been called for the first time, storing the promise\"\n );\n } else {\n this.logger.verbose(\n \"handleRedirectPromise has been called previously, returning the result from the first call\"\n );\n }\n\n return response;\n }\n this.logger.verbose(\n \"handleRedirectPromise returns null, not browser environment\"\n );\n return null;\n }\n\n /**\n * The internal details of handleRedirectPromise. This is separated out to a helper to allow handleRedirectPromise to memoize requests\n * @param hash\n * @returns\n */\n private async handleRedirectPromiseInternal(\n hash?: string\n ): Promise {\n const loggedInAccounts = this.getAllAccounts();\n const request: NativeTokenRequest | null =\n this.browserStorage.getCachedNativeRequest();\n const useNative =\n request &&\n NativeMessageHandler.isNativeAvailable(\n this.config,\n this.logger,\n this.nativeExtensionProvider\n ) &&\n this.nativeExtensionProvider &&\n !hash;\n const correlationId = useNative\n ? request?.correlationId\n : this.browserStorage.getTemporaryCache(\n TemporaryCacheKeys.CORRELATION_ID,\n true\n ) || \"\";\n const rootMeasurement = this.performanceClient.startMeasurement(\n PerformanceEvents.AcquireTokenRedirect,\n correlationId\n );\n this.eventHandler.emitEvent(\n EventType.HANDLE_REDIRECT_START,\n InteractionType.Redirect\n );\n\n let redirectResponse: Promise;\n if (useNative && this.nativeExtensionProvider) {\n this.logger.trace(\n \"handleRedirectPromise - acquiring token from native platform\"\n );\n const nativeClient = new NativeInteractionClient(\n this.config,\n this.browserStorage,\n this.browserCrypto,\n this.logger,\n this.eventHandler,\n this.navigationClient,\n ApiId.handleRedirectPromise,\n this.performanceClient,\n this.nativeExtensionProvider,\n request.accountId,\n this.nativeInternalStorage,\n request.correlationId\n );\n\n redirectResponse = invokeAsync(\n nativeClient.handleRedirectPromise.bind(nativeClient),\n PerformanceEvents.HandleNativeRedirectPromiseMeasurement,\n this.logger,\n this.performanceClient,\n rootMeasurement.event.correlationId\n )(this.performanceClient, rootMeasurement.event.correlationId);\n } else {\n this.logger.trace(\n \"handleRedirectPromise - acquiring token from web flow\"\n );\n const redirectClient = this.createRedirectClient(correlationId);\n redirectResponse = invokeAsync(\n redirectClient.handleRedirectPromise.bind(redirectClient),\n PerformanceEvents.HandleRedirectPromiseMeasurement,\n this.logger,\n this.performanceClient,\n rootMeasurement.event.correlationId\n )(hash, rootMeasurement);\n }\n\n return redirectResponse\n .then((result: AuthenticationResult | null) => {\n if (result) {\n // Emit login event if number of accounts change\n\n const isLoggingIn =\n loggedInAccounts.length < this.getAllAccounts().length;\n if (isLoggingIn) {\n this.eventHandler.emitEvent(\n EventType.LOGIN_SUCCESS,\n InteractionType.Redirect,\n result\n );\n this.logger.verbose(\n \"handleRedirectResponse returned result, login success\"\n );\n } else {\n this.eventHandler.emitEvent(\n EventType.ACQUIRE_TOKEN_SUCCESS,\n InteractionType.Redirect,\n result\n );\n this.logger.verbose(\n \"handleRedirectResponse returned result, acquire token success\"\n );\n }\n rootMeasurement.end({\n success: true,\n accountType: getAccountType(result.account),\n });\n } else {\n /*\n * Instrument an event only if an error code is set. Otherwise, discard it when the redirect response\n * is empty and the error code is missing.\n */\n if (rootMeasurement.event.errorCode) {\n rootMeasurement.end({ success: false });\n } else {\n rootMeasurement.discard();\n }\n }\n\n this.eventHandler.emitEvent(\n EventType.HANDLE_REDIRECT_END,\n InteractionType.Redirect\n );\n\n return result;\n })\n .catch((e) => {\n const eventError = e as EventError;\n // Emit login event if there is an account\n if (loggedInAccounts.length > 0) {\n this.eventHandler.emitEvent(\n EventType.ACQUIRE_TOKEN_FAILURE,\n InteractionType.Redirect,\n null,\n eventError\n );\n } else {\n this.eventHandler.emitEvent(\n EventType.LOGIN_FAILURE,\n InteractionType.Redirect,\n null,\n eventError\n );\n }\n this.eventHandler.emitEvent(\n EventType.HANDLE_REDIRECT_END,\n InteractionType.Redirect\n );\n\n rootMeasurement.end(\n {\n success: false,\n },\n eventError\n );\n\n throw e;\n });\n }\n\n /**\n * Use when you want to obtain an access_token for your API by redirecting the user's browser window to the authorization endpoint. This function redirects\n * the page, so any code that follows this function will not execute.\n *\n * IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current\n * browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function.\n *\n * @param request\n */\n async acquireTokenRedirect(request: RedirectRequest): Promise {\n // Preflight request\n const correlationId = this.getRequestCorrelationId(request);\n this.logger.verbose(\"acquireTokenRedirect called\", correlationId);\n\n const atrMeasurement = this.performanceClient.startMeasurement(\n PerformanceEvents.AcquireTokenPreRedirect,\n correlationId\n );\n atrMeasurement.add({\n accountType: getAccountType(request.account),\n scenarioId: request.scenarioId,\n });\n\n // Override on request only if set, as onRedirectNavigate field is deprecated\n const onRedirectNavigateCb = request.onRedirectNavigate;\n if (onRedirectNavigateCb) {\n request.onRedirectNavigate = (url: string) => {\n const navigate =\n typeof onRedirectNavigateCb === \"function\"\n ? onRedirectNavigateCb(url)\n : undefined;\n if (navigate !== false) {\n atrMeasurement.end({ success: true });\n } else {\n atrMeasurement.discard();\n }\n return navigate;\n };\n } else {\n const configOnRedirectNavigateCb =\n this.config.auth.onRedirectNavigate;\n this.config.auth.onRedirectNavigate = (url: string) => {\n const navigate =\n typeof configOnRedirectNavigateCb === \"function\"\n ? configOnRedirectNavigateCb(url)\n : undefined;\n if (navigate !== false) {\n atrMeasurement.end({ success: true });\n } else {\n atrMeasurement.discard();\n }\n return navigate;\n };\n }\n\n // If logged in, emit acquire token events\n const isLoggedIn = this.getAllAccounts().length > 0;\n try {\n BrowserUtils.redirectPreflightCheck(this.initialized, this.config);\n this.browserStorage.setInteractionInProgress(true);\n\n if (isLoggedIn) {\n this.eventHandler.emitEvent(\n EventType.ACQUIRE_TOKEN_START,\n InteractionType.Redirect,\n request\n );\n } else {\n this.eventHandler.emitEvent(\n EventType.LOGIN_START,\n InteractionType.Redirect,\n request\n );\n }\n\n let result: Promise;\n\n if (this.nativeExtensionProvider && this.canUseNative(request)) {\n const nativeClient = new NativeInteractionClient(\n this.config,\n this.browserStorage,\n this.browserCrypto,\n this.logger,\n this.eventHandler,\n this.navigationClient,\n ApiId.acquireTokenRedirect,\n this.performanceClient,\n this.nativeExtensionProvider,\n this.getNativeAccountId(request),\n this.nativeInternalStorage,\n correlationId\n );\n result = nativeClient\n .acquireTokenRedirect(request, atrMeasurement)\n .catch((e: AuthError) => {\n if (\n e instanceof NativeAuthError &&\n isFatalNativeAuthError(e)\n ) {\n this.nativeExtensionProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt\n const redirectClient =\n this.createRedirectClient(correlationId);\n return redirectClient.acquireToken(request);\n } else if (e instanceof InteractionRequiredAuthError) {\n this.logger.verbose(\n \"acquireTokenRedirect - Resolving interaction required error thrown by native broker by falling back to web flow\"\n );\n const redirectClient =\n this.createRedirectClient(correlationId);\n return redirectClient.acquireToken(request);\n }\n this.browserStorage.setInteractionInProgress(false);\n throw e;\n });\n } else {\n const redirectClient = this.createRedirectClient(correlationId);\n result = redirectClient.acquireToken(request);\n }\n\n return await result;\n } catch (e) {\n atrMeasurement.end({ success: false }, e);\n if (isLoggedIn) {\n this.eventHandler.emitEvent(\n EventType.ACQUIRE_TOKEN_FAILURE,\n InteractionType.Redirect,\n null,\n e as EventError\n );\n } else {\n this.eventHandler.emitEvent(\n EventType.LOGIN_FAILURE,\n InteractionType.Redirect,\n null,\n e as EventError\n );\n }\n throw e;\n }\n }\n\n // #endregion\n\n // #region Popup Flow\n\n /**\n * Use when you want to obtain an access_token for your API via opening a popup window in the user's browser\n *\n * @param request\n *\n * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised.\n */\n acquireTokenPopup(request: PopupRequest): Promise {\n const correlationId = this.getRequestCorrelationId(request);\n const atPopupMeasurement = this.performanceClient.startMeasurement(\n PerformanceEvents.AcquireTokenPopup,\n correlationId\n );\n\n atPopupMeasurement.add({\n scenarioId: request.scenarioId,\n accountType: getAccountType(request.account),\n });\n\n try {\n this.logger.verbose(\"acquireTokenPopup called\", correlationId);\n preflightCheck(this.initialized, atPopupMeasurement);\n this.browserStorage.setInteractionInProgress(true);\n } catch (e) {\n // Since this function is syncronous we need to reject\n return Promise.reject(e);\n }\n\n // If logged in, emit acquire token events\n const loggedInAccounts = this.getAllAccounts();\n if (loggedInAccounts.length > 0) {\n this.eventHandler.emitEvent(\n EventType.ACQUIRE_TOKEN_START,\n InteractionType.Popup,\n request\n );\n } else {\n this.eventHandler.emitEvent(\n EventType.LOGIN_START,\n InteractionType.Popup,\n request\n );\n }\n\n let result: Promise;\n\n if (this.canUseNative(request)) {\n result = this.acquireTokenNative(\n {\n ...request,\n correlationId,\n },\n ApiId.acquireTokenPopup\n )\n .then((response) => {\n this.browserStorage.setInteractionInProgress(false);\n atPopupMeasurement.end({\n success: true,\n isNativeBroker: true,\n accountType: getAccountType(response.account),\n });\n return response;\n })\n .catch((e: AuthError) => {\n if (\n e instanceof NativeAuthError &&\n isFatalNativeAuthError(e)\n ) {\n this.nativeExtensionProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt\n const popupClient =\n this.createPopupClient(correlationId);\n return popupClient.acquireToken(request);\n } else if (e instanceof InteractionRequiredAuthError) {\n this.logger.verbose(\n \"acquireTokenPopup - Resolving interaction required error thrown by native broker by falling back to web flow\"\n );\n const popupClient =\n this.createPopupClient(correlationId);\n return popupClient.acquireToken(request);\n }\n this.browserStorage.setInteractionInProgress(false);\n throw e;\n });\n } else {\n const popupClient = this.createPopupClient(correlationId);\n result = popupClient.acquireToken(request);\n }\n\n return result\n .then((result) => {\n /*\n * If logged in, emit acquire token events\n */\n const isLoggingIn =\n loggedInAccounts.length < this.getAllAccounts().length;\n if (isLoggingIn) {\n this.eventHandler.emitEvent(\n EventType.LOGIN_SUCCESS,\n InteractionType.Popup,\n result\n );\n } else {\n this.eventHandler.emitEvent(\n EventType.ACQUIRE_TOKEN_SUCCESS,\n InteractionType.Popup,\n result\n );\n }\n\n atPopupMeasurement.end({\n success: true,\n accessTokenSize: result.accessToken.length,\n idTokenSize: result.idToken.length,\n accountType: getAccountType(result.account),\n });\n return result;\n })\n .catch((e: Error) => {\n if (loggedInAccounts.length > 0) {\n this.eventHandler.emitEvent(\n EventType.ACQUIRE_TOKEN_FAILURE,\n InteractionType.Popup,\n null,\n e\n );\n } else {\n this.eventHandler.emitEvent(\n EventType.LOGIN_FAILURE,\n InteractionType.Popup,\n null,\n e\n );\n }\n\n atPopupMeasurement.end(\n {\n success: false,\n },\n e\n );\n\n // Since this function is syncronous we need to reject\n return Promise.reject(e);\n });\n }\n\n private trackPageVisibilityWithMeasurement(): void {\n const measurement =\n this.ssoSilentMeasurement ||\n this.acquireTokenByCodeAsyncMeasurement;\n if (!measurement) {\n return;\n }\n\n this.logger.info(\n \"Perf: Visibility change detected in \",\n measurement.event.name\n );\n measurement.increment({\n visibilityChangeCount: 1,\n });\n }\n // #endregion\n\n // #region Silent Flow\n\n /**\n * This function uses a hidden iframe to fetch an authorization code from the eSTS. There are cases where this may not work:\n * - Any browser using a form of Intelligent Tracking Prevention\n * - If there is not an established session with the service\n *\n * In these cases, the request must be done inside a popup or full frame redirect.\n *\n * For the cases where interaction is required, you cannot send a request with prompt=none.\n *\n * If your refresh token has expired, you can use this function to fetch a new set of tokens silently as long as\n * you session on the server still exists.\n * @param request {@link SsoSilentRequest}\n *\n * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised.\n */\n async ssoSilent(request: SsoSilentRequest): Promise {\n const correlationId = this.getRequestCorrelationId(request);\n const validRequest = {\n ...request,\n // will be PromptValue.NONE or PromptValue.NO_SESSION\n prompt: request.prompt,\n correlationId: correlationId,\n };\n this.ssoSilentMeasurement = this.performanceClient.startMeasurement(\n PerformanceEvents.SsoSilent,\n correlationId\n );\n this.ssoSilentMeasurement?.add({\n scenarioId: request.scenarioId,\n accountType: getAccountType(request.account),\n });\n preflightCheck(this.initialized, this.ssoSilentMeasurement);\n this.ssoSilentMeasurement?.increment({\n visibilityChangeCount: 0,\n });\n\n document.addEventListener(\n \"visibilitychange\",\n this.trackPageVisibilityWithMeasurement\n );\n this.logger.verbose(\"ssoSilent called\", correlationId);\n this.eventHandler.emitEvent(\n EventType.SSO_SILENT_START,\n InteractionType.Silent,\n validRequest\n );\n\n let result: Promise;\n\n if (this.canUseNative(validRequest)) {\n result = this.acquireTokenNative(\n validRequest,\n ApiId.ssoSilent\n ).catch((e: AuthError) => {\n // If native token acquisition fails for availability reasons fallback to standard flow\n if (e instanceof NativeAuthError && isFatalNativeAuthError(e)) {\n this.nativeExtensionProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt\n const silentIframeClient = this.createSilentIframeClient(\n validRequest.correlationId\n );\n return silentIframeClient.acquireToken(validRequest);\n }\n throw e;\n });\n } else {\n const silentIframeClient = this.createSilentIframeClient(\n validRequest.correlationId\n );\n result = silentIframeClient.acquireToken(validRequest);\n }\n\n return result\n .then((response) => {\n this.eventHandler.emitEvent(\n EventType.SSO_SILENT_SUCCESS,\n InteractionType.Silent,\n response\n );\n this.ssoSilentMeasurement?.end({\n success: true,\n isNativeBroker: response.fromNativeBroker,\n accessTokenSize: response.accessToken.length,\n idTokenSize: response.idToken.length,\n accountType: getAccountType(response.account),\n });\n return response;\n })\n .catch((e: Error) => {\n this.eventHandler.emitEvent(\n EventType.SSO_SILENT_FAILURE,\n InteractionType.Silent,\n null,\n e\n );\n this.ssoSilentMeasurement?.end(\n {\n success: false,\n },\n e\n );\n throw e;\n })\n .finally(() => {\n document.removeEventListener(\n \"visibilitychange\",\n this.trackPageVisibilityWithMeasurement\n );\n });\n }\n\n /**\n * This function redeems an authorization code (passed as code) from the eSTS token endpoint.\n * This authorization code should be acquired server-side using a confidential client to acquire a spa_code.\n * This API is not indended for normal authorization code acquisition and redemption.\n *\n * Redemption of this authorization code will not require PKCE, as it was acquired by a confidential client.\n *\n * @param request {@link AuthorizationCodeRequest}\n * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised.\n */\n async acquireTokenByCode(\n request: AuthorizationCodeRequest\n ): Promise {\n const correlationId = this.getRequestCorrelationId(request);\n this.logger.trace(\"acquireTokenByCode called\", correlationId);\n const atbcMeasurement = this.performanceClient.startMeasurement(\n PerformanceEvents.AcquireTokenByCode,\n correlationId\n );\n preflightCheck(this.initialized, atbcMeasurement);\n this.eventHandler.emitEvent(\n EventType.ACQUIRE_TOKEN_BY_CODE_START,\n InteractionType.Silent,\n request\n );\n atbcMeasurement.add({ scenarioId: request.scenarioId });\n\n try {\n if (request.code && request.nativeAccountId) {\n // Throw error in case server returns both spa_code and spa_accountid in exchange for auth code.\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.spaCodeAndNativeAccountIdPresent\n );\n } else if (request.code) {\n const hybridAuthCode = request.code;\n let response = this.hybridAuthCodeResponses.get(hybridAuthCode);\n if (!response) {\n this.logger.verbose(\n \"Initiating new acquireTokenByCode request\",\n correlationId\n );\n response = this.acquireTokenByCodeAsync({\n ...request,\n correlationId,\n })\n .then((result: AuthenticationResult) => {\n this.eventHandler.emitEvent(\n EventType.ACQUIRE_TOKEN_BY_CODE_SUCCESS,\n InteractionType.Silent,\n result\n );\n this.hybridAuthCodeResponses.delete(hybridAuthCode);\n atbcMeasurement.end({\n success: true,\n isNativeBroker: result.fromNativeBroker,\n accessTokenSize: result.accessToken.length,\n idTokenSize: result.idToken.length,\n accountType: getAccountType(result.account),\n });\n return result;\n })\n .catch((error: Error) => {\n this.hybridAuthCodeResponses.delete(hybridAuthCode);\n this.eventHandler.emitEvent(\n EventType.ACQUIRE_TOKEN_BY_CODE_FAILURE,\n InteractionType.Silent,\n null,\n error\n );\n atbcMeasurement.end(\n {\n success: false,\n },\n error\n );\n throw error;\n });\n this.hybridAuthCodeResponses.set(hybridAuthCode, response);\n } else {\n this.logger.verbose(\n \"Existing acquireTokenByCode request found\",\n correlationId\n );\n atbcMeasurement.discard();\n }\n return await response;\n } else if (request.nativeAccountId) {\n if (this.canUseNative(request, request.nativeAccountId)) {\n const result = await this.acquireTokenNative(\n {\n ...request,\n correlationId,\n },\n ApiId.acquireTokenByCode,\n request.nativeAccountId\n ).catch((e: AuthError) => {\n // If native token acquisition fails for availability reasons fallback to standard flow\n if (\n e instanceof NativeAuthError &&\n isFatalNativeAuthError(e)\n ) {\n this.nativeExtensionProvider = undefined; // If extension gets uninstalled during session prevent future requests from continuing to attempt\n }\n throw e;\n });\n atbcMeasurement.end({\n accountType: getAccountType(result.account),\n success: true,\n });\n return result;\n } else {\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.unableToAcquireTokenFromNativePlatform\n );\n }\n } else {\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.authCodeOrNativeAccountIdRequired\n );\n }\n } catch (e) {\n this.eventHandler.emitEvent(\n EventType.ACQUIRE_TOKEN_BY_CODE_FAILURE,\n InteractionType.Silent,\n null,\n e as EventError\n );\n atbcMeasurement.end(\n {\n success: false,\n },\n e\n );\n throw e;\n }\n }\n\n /**\n * Creates a SilentAuthCodeClient to redeem an authorization code.\n * @param request\n * @returns Result of the operation to redeem the authorization code\n */\n private async acquireTokenByCodeAsync(\n request: AuthorizationCodeRequest\n ): Promise {\n this.logger.trace(\n \"acquireTokenByCodeAsync called\",\n request.correlationId\n );\n this.acquireTokenByCodeAsyncMeasurement =\n this.performanceClient.startMeasurement(\n PerformanceEvents.AcquireTokenByCodeAsync,\n request.correlationId\n );\n this.acquireTokenByCodeAsyncMeasurement?.increment({\n visibilityChangeCount: 0,\n });\n document.addEventListener(\n \"visibilitychange\",\n this.trackPageVisibilityWithMeasurement\n );\n const silentAuthCodeClient = this.createSilentAuthCodeClient(\n request.correlationId\n );\n const silentTokenResult = await silentAuthCodeClient\n .acquireToken(request)\n .then((response) => {\n this.acquireTokenByCodeAsyncMeasurement?.end({\n success: true,\n fromCache: response.fromCache,\n isNativeBroker: response.fromNativeBroker,\n });\n return response;\n })\n .catch((tokenRenewalError: Error) => {\n this.acquireTokenByCodeAsyncMeasurement?.end(\n {\n success: false,\n },\n tokenRenewalError\n );\n throw tokenRenewalError;\n })\n .finally(() => {\n document.removeEventListener(\n \"visibilitychange\",\n this.trackPageVisibilityWithMeasurement\n );\n });\n return silentTokenResult;\n }\n\n /**\n * Attempt to acquire an access token from the cache\n * @param silentCacheClient SilentCacheClient\n * @param commonRequest CommonSilentFlowRequest\n * @param silentRequest SilentRequest\n * @returns A promise that, when resolved, returns the access token\n */\n protected async acquireTokenFromCache(\n commonRequest: CommonSilentFlowRequest,\n cacheLookupPolicy: CacheLookupPolicy\n ): Promise {\n this.performanceClient.addQueueMeasurement(\n PerformanceEvents.AcquireTokenFromCache,\n commonRequest.correlationId\n );\n switch (cacheLookupPolicy) {\n case CacheLookupPolicy.Default:\n case CacheLookupPolicy.AccessToken:\n case CacheLookupPolicy.AccessTokenAndRefreshToken:\n const silentCacheClient = this.createSilentCacheClient(\n commonRequest.correlationId\n );\n return invokeAsync(\n silentCacheClient.acquireToken.bind(silentCacheClient),\n PerformanceEvents.SilentCacheClientAcquireToken,\n this.logger,\n this.performanceClient,\n commonRequest.correlationId\n )(commonRequest);\n default:\n throw createClientAuthError(\n ClientAuthErrorCodes.tokenRefreshRequired\n );\n }\n }\n\n /**\n * Attempt to acquire an access token via a refresh token\n * @param commonRequest CommonSilentFlowRequest\n * @param cacheLookupPolicy CacheLookupPolicy\n * @returns A promise that, when resolved, returns the access token\n */\n public async acquireTokenByRefreshToken(\n commonRequest: CommonSilentFlowRequest,\n cacheLookupPolicy: CacheLookupPolicy\n ): Promise {\n this.performanceClient.addQueueMeasurement(\n PerformanceEvents.AcquireTokenByRefreshToken,\n commonRequest.correlationId\n );\n switch (cacheLookupPolicy) {\n case CacheLookupPolicy.Default:\n case CacheLookupPolicy.AccessTokenAndRefreshToken:\n case CacheLookupPolicy.RefreshToken:\n case CacheLookupPolicy.RefreshTokenAndNetwork:\n const silentRefreshClient = this.createSilentRefreshClient(\n commonRequest.correlationId\n );\n\n return invokeAsync(\n silentRefreshClient.acquireToken.bind(silentRefreshClient),\n PerformanceEvents.SilentRefreshClientAcquireToken,\n this.logger,\n this.performanceClient,\n commonRequest.correlationId\n )(commonRequest);\n default:\n throw createClientAuthError(\n ClientAuthErrorCodes.tokenRefreshRequired\n );\n }\n }\n\n /**\n * Attempt to acquire an access token via an iframe\n * @param request CommonSilentFlowRequest\n * @returns A promise that, when resolved, returns the access token\n */\n protected async acquireTokenBySilentIframe(\n request: CommonSilentFlowRequest\n ): Promise {\n this.performanceClient.addQueueMeasurement(\n PerformanceEvents.AcquireTokenBySilentIframe,\n request.correlationId\n );\n\n const silentIframeClient = this.createSilentIframeClient(\n request.correlationId\n );\n\n return invokeAsync(\n silentIframeClient.acquireToken.bind(silentIframeClient),\n PerformanceEvents.SilentIframeClientAcquireToken,\n this.logger,\n this.performanceClient,\n request.correlationId\n )(request);\n }\n\n // #endregion\n\n // #region Logout\n\n /**\n * Deprecated logout function. Use logoutRedirect or logoutPopup instead\n * @param logoutRequest\n * @deprecated\n */\n async logout(logoutRequest?: EndSessionRequest): Promise {\n const correlationId = this.getRequestCorrelationId(logoutRequest);\n this.logger.warning(\n \"logout API is deprecated and will be removed in msal-browser v3.0.0. Use logoutRedirect instead.\",\n correlationId\n );\n return this.logoutRedirect({\n correlationId,\n ...logoutRequest,\n });\n }\n\n /**\n * Use to log out the current user, and redirect the user to the postLogoutRedirectUri.\n * Default behaviour is to redirect the user to `window.location.href`.\n * @param logoutRequest\n */\n async logoutRedirect(logoutRequest?: EndSessionRequest): Promise {\n const correlationId = this.getRequestCorrelationId(logoutRequest);\n BrowserUtils.redirectPreflightCheck(this.initialized, this.config);\n this.browserStorage.setInteractionInProgress(true);\n\n const redirectClient = this.createRedirectClient(correlationId);\n return redirectClient.logout(logoutRequest);\n }\n\n /**\n * Clears local cache for the current user then opens a popup window prompting the user to sign-out of the server\n * @param logoutRequest\n */\n logoutPopup(logoutRequest?: EndSessionPopupRequest): Promise {\n try {\n const correlationId = this.getRequestCorrelationId(logoutRequest);\n BrowserUtils.preflightCheck(this.initialized);\n this.browserStorage.setInteractionInProgress(true);\n\n const popupClient = this.createPopupClient(correlationId);\n return popupClient.logout(logoutRequest);\n } catch (e) {\n // Since this function is syncronous we need to reject\n return Promise.reject(e);\n }\n }\n\n /**\n * Creates a cache interaction client to clear broswer cache.\n * @param logoutRequest\n */\n async clearCache(logoutRequest?: ClearCacheRequest): Promise {\n if (!this.isBrowserEnvironment) {\n this.logger.info(\"in non-browser environment, returning early.\");\n return;\n }\n const correlationId = this.getRequestCorrelationId(logoutRequest);\n const cacheClient = this.createSilentCacheClient(correlationId);\n return cacheClient.logout(logoutRequest);\n }\n\n // #endregion\n\n // #region Account APIs\n\n /**\n * Returns all the accounts in the cache that match the optional filter. If no filter is provided, all accounts are returned.\n * @param accountFilter - (Optional) filter to narrow down the accounts returned\n * @returns Array of AccountInfo objects in cache\n */\n getAllAccounts(accountFilter?: AccountFilter): AccountInfo[] {\n return AccountManager.getAllAccounts(\n this.logger,\n this.browserStorage,\n this.isBrowserEnvironment,\n accountFilter\n );\n }\n\n /**\n * Returns the first account found in the cache that matches the account filter passed in.\n * @param accountFilter\n * @returns The first account found in the cache matching the provided filter or null if no account could be found.\n */\n getAccount(accountFilter: AccountFilter): AccountInfo | null {\n return AccountManager.getAccount(\n accountFilter,\n this.logger,\n this.browserStorage\n );\n }\n\n /**\n * Returns the signed in account matching username.\n * (the account object is created at the time of successful login)\n * or null when no matching account is found.\n * This API is provided for convenience but getAccountById should be used for best reliability\n * @param username\n * @returns The account object stored in MSAL\n */\n getAccountByUsername(username: string): AccountInfo | null {\n return AccountManager.getAccountByUsername(\n username,\n this.logger,\n this.browserStorage\n );\n }\n\n /**\n * Returns the signed in account matching homeAccountId.\n * (the account object is created at the time of successful login)\n * or null when no matching account is found\n * @param homeAccountId\n * @returns The account object stored in MSAL\n */\n getAccountByHomeId(homeAccountId: string): AccountInfo | null {\n return AccountManager.getAccountByHomeId(\n homeAccountId,\n this.logger,\n this.browserStorage\n );\n }\n\n /**\n * Returns the signed in account matching localAccountId.\n * (the account object is created at the time of successful login)\n * or null when no matching account is found\n * @param localAccountId\n * @returns The account object stored in MSAL\n */\n getAccountByLocalId(localAccountId: string): AccountInfo | null {\n return AccountManager.getAccountByLocalId(\n localAccountId,\n this.logger,\n this.browserStorage\n );\n }\n\n /**\n * Sets the account to use as the active account. If no account is passed to the acquireToken APIs, then MSAL will use this active account.\n * @param account\n */\n setActiveAccount(account: AccountInfo | null): void {\n AccountManager.setActiveAccount(account, this.browserStorage);\n }\n\n /**\n * Gets the currently active account\n */\n getActiveAccount(): AccountInfo | null {\n return AccountManager.getActiveAccount(this.browserStorage);\n }\n\n // #endregion\n\n /**\n * Hydrates the cache with the tokens from an AuthenticationResult\n * @param result\n * @param request\n * @returns\n */\n async hydrateCache(\n result: AuthenticationResult,\n request:\n | SilentRequest\n | SsoSilentRequest\n | RedirectRequest\n | PopupRequest\n ): Promise {\n this.logger.verbose(\"hydrateCache called\");\n\n // Account gets saved to browser storage regardless of native or not\n const accountEntity = AccountEntity.createFromAccountInfo(\n result.account,\n result.cloudGraphHostName,\n result.msGraphHost\n );\n this.browserStorage.setAccount(accountEntity);\n\n if (result.fromNativeBroker) {\n this.logger.verbose(\n \"Response was from native broker, storing in-memory\"\n );\n // Tokens from native broker are stored in-memory\n return this.nativeInternalStorage.hydrateCache(result, request);\n } else {\n return this.browserStorage.hydrateCache(result, request);\n }\n }\n\n // #region Helpers\n\n /**\n * Acquire a token from native device (e.g. WAM)\n * @param request\n */\n public async acquireTokenNative(\n request: PopupRequest | SilentRequest | SsoSilentRequest,\n apiId: ApiId,\n accountId?: string\n ): Promise {\n this.logger.trace(\"acquireTokenNative called\");\n if (!this.nativeExtensionProvider) {\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.nativeConnectionNotEstablished\n );\n }\n\n const nativeClient = new NativeInteractionClient(\n this.config,\n this.browserStorage,\n this.browserCrypto,\n this.logger,\n this.eventHandler,\n this.navigationClient,\n apiId,\n this.performanceClient,\n this.nativeExtensionProvider,\n accountId || this.getNativeAccountId(request),\n this.nativeInternalStorage,\n request.correlationId\n );\n\n return nativeClient.acquireToken(request);\n }\n\n /**\n * Returns boolean indicating if this request can use the native broker\n * @param request\n */\n public canUseNative(\n request: RedirectRequest | PopupRequest | SsoSilentRequest,\n accountId?: string\n ): boolean {\n this.logger.trace(\"canUseNative called\");\n if (\n !NativeMessageHandler.isNativeAvailable(\n this.config,\n this.logger,\n this.nativeExtensionProvider,\n request.authenticationScheme\n )\n ) {\n this.logger.trace(\n \"canUseNative: isNativeAvailable returned false, returning false\"\n );\n return false;\n }\n\n if (request.prompt) {\n switch (request.prompt) {\n case PromptValue.NONE:\n case PromptValue.CONSENT:\n case PromptValue.LOGIN:\n this.logger.trace(\n \"canUseNative: prompt is compatible with native flow\"\n );\n break;\n default:\n this.logger.trace(\n `canUseNative: prompt = ${request.prompt} is not compatible with native flow, returning false`\n );\n return false;\n }\n }\n\n if (!accountId && !this.getNativeAccountId(request)) {\n this.logger.trace(\n \"canUseNative: nativeAccountId is not available, returning false\"\n );\n return false;\n }\n\n return true;\n }\n\n /**\n * Get the native accountId from the account\n * @param request\n * @returns\n */\n public getNativeAccountId(\n request: RedirectRequest | PopupRequest | SsoSilentRequest\n ): string {\n const account =\n request.account ||\n this.getAccount({\n loginHint: request.loginHint,\n sid: request.sid,\n }) ||\n this.getActiveAccount();\n\n return (account && account.nativeAccountId) || \"\";\n }\n\n /**\n * Returns new instance of the Popup Interaction Client\n * @param correlationId\n */\n public createPopupClient(correlationId?: string): PopupClient {\n return new PopupClient(\n this.config,\n this.browserStorage,\n this.browserCrypto,\n this.logger,\n this.eventHandler,\n this.navigationClient,\n this.performanceClient,\n this.nativeInternalStorage,\n this.nativeExtensionProvider,\n correlationId\n );\n }\n\n /**\n * Returns new instance of the Redirect Interaction Client\n * @param correlationId\n */\n protected createRedirectClient(correlationId?: string): RedirectClient {\n return new RedirectClient(\n this.config,\n this.browserStorage,\n this.browserCrypto,\n this.logger,\n this.eventHandler,\n this.navigationClient,\n this.performanceClient,\n this.nativeInternalStorage,\n this.nativeExtensionProvider,\n correlationId\n );\n }\n\n /**\n * Returns new instance of the Silent Iframe Interaction Client\n * @param correlationId\n */\n public createSilentIframeClient(\n correlationId?: string\n ): SilentIframeClient {\n return new SilentIframeClient(\n this.config,\n this.browserStorage,\n this.browserCrypto,\n this.logger,\n this.eventHandler,\n this.navigationClient,\n ApiId.ssoSilent,\n this.performanceClient,\n this.nativeInternalStorage,\n this.nativeExtensionProvider,\n correlationId\n );\n }\n\n /**\n * Returns new instance of the Silent Cache Interaction Client\n */\n protected createSilentCacheClient(\n correlationId?: string\n ): SilentCacheClient {\n return new SilentCacheClient(\n this.config,\n this.browserStorage,\n this.browserCrypto,\n this.logger,\n this.eventHandler,\n this.navigationClient,\n this.performanceClient,\n this.nativeExtensionProvider,\n correlationId\n );\n }\n\n /**\n * Returns new instance of the Silent Refresh Interaction Client\n */\n protected createSilentRefreshClient(\n correlationId?: string\n ): SilentRefreshClient {\n return new SilentRefreshClient(\n this.config,\n this.browserStorage,\n this.browserCrypto,\n this.logger,\n this.eventHandler,\n this.navigationClient,\n this.performanceClient,\n this.nativeExtensionProvider,\n correlationId\n );\n }\n\n /**\n * Returns new instance of the Silent AuthCode Interaction Client\n */\n protected createSilentAuthCodeClient(\n correlationId?: string\n ): SilentAuthCodeClient {\n return new SilentAuthCodeClient(\n this.config,\n this.browserStorage,\n this.browserCrypto,\n this.logger,\n this.eventHandler,\n this.navigationClient,\n ApiId.acquireTokenByCode,\n this.performanceClient,\n this.nativeExtensionProvider,\n correlationId\n );\n }\n\n /**\n * Adds event callbacks to array\n * @param callback\n */\n addEventCallback(\n callback: EventCallbackFunction,\n eventTypes?: Array\n ): string | null {\n return this.eventHandler.addEventCallback(callback, eventTypes);\n }\n\n /**\n * Removes callback with provided id from callback array\n * @param callbackId\n */\n removeEventCallback(callbackId: string): void {\n this.eventHandler.removeEventCallback(callbackId);\n }\n\n /**\n * Registers a callback to receive performance events.\n *\n * @param {PerformanceCallbackFunction} callback\n * @returns {string}\n */\n addPerformanceCallback(callback: PerformanceCallbackFunction): string {\n BrowserUtils.blockNonBrowserEnvironment();\n return this.performanceClient.addPerformanceCallback(callback);\n }\n\n /**\n * Removes a callback registered with addPerformanceCallback.\n *\n * @param {string} callbackId\n * @returns {boolean}\n */\n removePerformanceCallback(callbackId: string): boolean {\n return this.performanceClient.removePerformanceCallback(callbackId);\n }\n\n /**\n * Adds event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window\n */\n enableAccountStorageEvents(): void {\n if (typeof window === \"undefined\") {\n return;\n }\n\n if (!this.listeningToStorageEvents) {\n this.logger.verbose(\"Adding account storage listener.\");\n this.listeningToStorageEvents = true;\n window.addEventListener(\"storage\", this.handleAccountCacheChange);\n } else {\n this.logger.verbose(\"Account storage listener already registered.\");\n }\n }\n\n /**\n * Removes event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window\n */\n disableAccountStorageEvents(): void {\n if (typeof window === \"undefined\") {\n return;\n }\n\n if (this.listeningToStorageEvents) {\n this.logger.verbose(\"Removing account storage listener.\");\n window.removeEventListener(\n \"storage\",\n this.handleAccountCacheChange\n );\n this.listeningToStorageEvents = false;\n } else {\n this.logger.verbose(\"No account storage listener registered.\");\n }\n }\n\n /**\n * Emit account added/removed events when cached accounts are changed in a different tab or frame\n */\n protected handleAccountCacheChange(e: StorageEvent): void {\n try {\n // Handle active account filter change\n if (e.key?.includes(PersistentCacheKeys.ACTIVE_ACCOUNT_FILTERS)) {\n // This event has no payload, it only signals cross-tab app instances that the results of calling getActiveAccount() will have changed\n this.eventHandler.emitEvent(EventType.ACTIVE_ACCOUNT_CHANGED);\n }\n\n // Handle account object change\n const cacheValue = e.newValue || e.oldValue;\n if (!cacheValue) {\n return;\n }\n const parsedValue = JSON.parse(cacheValue);\n if (\n typeof parsedValue !== \"object\" ||\n !AccountEntity.isAccountEntity(parsedValue)\n ) {\n return;\n }\n const accountEntity = CacheManager.toObject(\n new AccountEntity(),\n parsedValue\n );\n const accountInfo = accountEntity.getAccountInfo();\n if (!e.oldValue && e.newValue) {\n this.logger.info(\n \"Account was added to cache in a different window\"\n );\n this.eventHandler.emitEvent(\n EventType.ACCOUNT_ADDED,\n undefined,\n accountInfo\n );\n } else if (!e.newValue && e.oldValue) {\n this.logger.info(\n \"Account was removed from cache in a different window\"\n );\n this.eventHandler.emitEvent(\n EventType.ACCOUNT_REMOVED,\n undefined,\n accountInfo\n );\n }\n } catch (e) {\n return;\n }\n }\n\n /**\n * Gets the token cache for the application.\n */\n getTokenCache(): ITokenCache {\n return this.tokenCache;\n }\n\n /**\n * Returns the logger instance\n */\n public getLogger(): Logger {\n return this.logger;\n }\n\n /**\n * Replaces the default logger set in configurations with new Logger with new configurations\n * @param logger Logger instance\n */\n setLogger(logger: Logger): void {\n this.logger = logger;\n }\n\n /**\n * Called by wrapper libraries (Angular & React) to set SKU and Version passed down to telemetry, logger, etc.\n * @param sku\n * @param version\n */\n initializeWrapperLibrary(sku: WrapperSKU, version: string): void {\n // Validate the SKU passed in is one we expect\n this.browserStorage.setWrapperMetadata(sku, version);\n }\n\n /**\n * Sets navigation client\n * @param navigationClient\n */\n setNavigationClient(navigationClient: INavigationClient): void {\n this.navigationClient = navigationClient;\n }\n\n /**\n * Returns the configuration object\n */\n public getConfiguration(): BrowserConfiguration {\n return this.config;\n }\n\n /**\n * Returns the performance client\n */\n public getPerformanceClient(): IPerformanceClient {\n return this.performanceClient;\n }\n\n /**\n * Returns the browser env indicator\n */\n public isBrowserEnv(): boolean {\n return this.isBrowserEnvironment;\n }\n\n /**\n * Generates a correlation id for a request if none is provided.\n *\n * @protected\n * @param {?Partial} [request]\n * @returns {string}\n */\n protected getRequestCorrelationId(\n request?: Partial\n ): string {\n if (request?.correlationId) {\n return request.correlationId;\n }\n\n if (this.isBrowserEnvironment) {\n return createNewGuid();\n }\n\n /*\n * Included for fallback for non-browser environments,\n * and to ensure this method always returns a string.\n */\n return Constants.EMPTY_STRING;\n }\n\n // #endregion\n\n /**\n * Use when initiating the login process by redirecting the user's browser to the authorization endpoint. This function redirects the page, so\n * any code that follows this function will not execute.\n *\n * IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current\n * browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function.\n *\n * @param request\n */\n async loginRedirect(request?: RedirectRequest): Promise {\n const correlationId: string = this.getRequestCorrelationId(request);\n this.logger.verbose(\"loginRedirect called\", correlationId);\n return this.acquireTokenRedirect({\n correlationId,\n ...(request || DEFAULT_REQUEST),\n });\n }\n\n /**\n * Use when initiating the login process via opening a popup window in the user's browser\n *\n * @param request\n *\n * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised.\n */\n loginPopup(request?: PopupRequest): Promise {\n const correlationId: string = this.getRequestCorrelationId(request);\n this.logger.verbose(\"loginPopup called\", correlationId);\n return this.acquireTokenPopup({\n correlationId,\n ...(request || DEFAULT_REQUEST),\n });\n }\n\n /**\n * Silently acquire an access token for a given set of scopes. Returns currently processing promise if parallel requests are made.\n *\n * @param {@link (SilentRequest:type)}\n * @returns {Promise.} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse} object\n */\n async acquireTokenSilent(\n request: SilentRequest\n ): Promise {\n const correlationId = this.getRequestCorrelationId(request);\n const atsMeasurement = this.performanceClient.startMeasurement(\n PerformanceEvents.AcquireTokenSilent,\n correlationId\n );\n atsMeasurement.add({\n cacheLookupPolicy: request.cacheLookupPolicy,\n scenarioId: request.scenarioId,\n });\n\n preflightCheck(this.initialized, atsMeasurement);\n this.logger.verbose(\"acquireTokenSilent called\", correlationId);\n\n const account = request.account || this.getActiveAccount();\n if (!account) {\n throw createBrowserAuthError(BrowserAuthErrorCodes.noAccountError);\n }\n atsMeasurement.add({ accountType: getAccountType(account) });\n\n const thumbprint: RequestThumbprint = {\n clientId: this.config.auth.clientId,\n authority: request.authority || Constants.EMPTY_STRING,\n scopes: request.scopes,\n homeAccountIdentifier: account.homeAccountId,\n claims: request.claims,\n authenticationScheme: request.authenticationScheme,\n resourceRequestMethod: request.resourceRequestMethod,\n resourceRequestUri: request.resourceRequestUri,\n shrClaims: request.shrClaims,\n sshKid: request.sshKid,\n shrOptions: request.shrOptions,\n };\n const silentRequestKey = JSON.stringify(thumbprint);\n\n const cachedResponse =\n this.activeSilentTokenRequests.get(silentRequestKey);\n if (typeof cachedResponse === \"undefined\") {\n this.logger.verbose(\n \"acquireTokenSilent called for the first time, storing active request\",\n correlationId\n );\n\n const response = invokeAsync(\n this.acquireTokenSilentAsync.bind(this),\n PerformanceEvents.AcquireTokenSilentAsync,\n this.logger,\n this.performanceClient,\n correlationId\n )(\n {\n ...request,\n correlationId,\n },\n account\n )\n .then((result) => {\n this.activeSilentTokenRequests.delete(silentRequestKey);\n atsMeasurement.end({\n success: true,\n fromCache: result.fromCache,\n isNativeBroker: result.fromNativeBroker,\n cacheLookupPolicy: request.cacheLookupPolicy,\n accessTokenSize: result.accessToken.length,\n idTokenSize: result.idToken.length,\n });\n return result;\n })\n .catch((error: Error) => {\n this.activeSilentTokenRequests.delete(silentRequestKey);\n atsMeasurement.end(\n {\n success: false,\n },\n error\n );\n throw error;\n });\n this.activeSilentTokenRequests.set(silentRequestKey, response);\n return {\n ...(await response),\n state: request.state,\n };\n } else {\n this.logger.verbose(\n \"acquireTokenSilent has been called previously, returning the result from the first call\",\n correlationId\n );\n // Discard measurements for memoized calls, as they are usually only a couple of ms and will artificially deflate metrics\n atsMeasurement.discard();\n return {\n ...(await cachedResponse),\n state: request.state,\n };\n }\n }\n\n /**\n * Silently acquire an access token for a given set of scopes. Will use cached token if available, otherwise will attempt to acquire a new token from the network via refresh token.\n * @param {@link (SilentRequest:type)}\n * @param {@link (AccountInfo:type)}\n * @returns {Promise.} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse}\n */\n protected async acquireTokenSilentAsync(\n request: SilentRequest & { correlationId: string },\n account: AccountInfo\n ): Promise {\n const trackPageVisibility = () =>\n this.trackPageVisibility(request.correlationId);\n this.performanceClient.addQueueMeasurement(\n PerformanceEvents.AcquireTokenSilentAsync,\n request.correlationId\n );\n\n this.eventHandler.emitEvent(\n EventType.ACQUIRE_TOKEN_START,\n InteractionType.Silent,\n request\n );\n\n if (request.correlationId) {\n this.performanceClient.incrementFields(\n { visibilityChangeCount: 0 },\n request.correlationId\n );\n }\n\n document.addEventListener(\"visibilitychange\", trackPageVisibility);\n\n const silentRequest = await invokeAsync(\n initializeSilentRequest,\n PerformanceEvents.InitializeSilentRequest,\n this.logger,\n this.performanceClient,\n request.correlationId\n )(request, account, this.config, this.performanceClient, this.logger);\n const cacheLookupPolicy =\n request.cacheLookupPolicy || CacheLookupPolicy.Default;\n\n const result = this.acquireTokenSilentNoIframe(\n silentRequest,\n cacheLookupPolicy\n ).catch(async (refreshTokenError: AuthError) => {\n const shouldTryToResolveSilently =\n checkIfRefreshTokenErrorCanBeResolvedSilently(\n refreshTokenError,\n cacheLookupPolicy\n );\n\n if (shouldTryToResolveSilently) {\n if (!this.activeIframeRequest) {\n let _resolve: (result: boolean) => void;\n // Always set the active request tracker immediately after checking it to prevent races\n this.activeIframeRequest = [\n new Promise((resolve) => {\n _resolve = resolve;\n }),\n silentRequest.correlationId,\n ];\n this.logger.verbose(\n \"Refresh token expired/invalid or CacheLookupPolicy is set to Skip, attempting acquire token by iframe.\",\n silentRequest.correlationId\n );\n return invokeAsync(\n this.acquireTokenBySilentIframe.bind(this),\n PerformanceEvents.AcquireTokenBySilentIframe,\n this.logger,\n this.performanceClient,\n silentRequest.correlationId\n )(silentRequest)\n .then((iframeResult) => {\n _resolve(true);\n return iframeResult;\n })\n .catch((e) => {\n _resolve(false);\n throw e;\n })\n .finally(() => {\n this.activeIframeRequest = undefined;\n });\n } else if (cacheLookupPolicy !== CacheLookupPolicy.Skip) {\n const [activePromise, activeCorrelationId] =\n this.activeIframeRequest;\n this.logger.verbose(\n `Iframe request is already in progress, awaiting resolution for request with correlationId: ${activeCorrelationId}`,\n silentRequest.correlationId\n );\n const awaitConcurrentIframeMeasure =\n this.performanceClient.startMeasurement(\n PerformanceEvents.AwaitConcurrentIframe,\n silentRequest.correlationId\n );\n awaitConcurrentIframeMeasure.add({\n awaitIframeCorrelationId: activeCorrelationId,\n });\n\n const activePromiseResult = await activePromise;\n awaitConcurrentIframeMeasure.end({\n success: activePromiseResult,\n });\n if (activePromiseResult) {\n this.logger.verbose(\n `Parallel iframe request with correlationId: ${activeCorrelationId} succeeded. Retrying cache and/or RT redemption`,\n silentRequest.correlationId\n );\n // Retry cache lookup and/or RT exchange after iframe completes\n return this.acquireTokenSilentNoIframe(\n silentRequest,\n cacheLookupPolicy\n );\n } else {\n this.logger.info(\n `Iframe request with correlationId: ${activeCorrelationId} failed. Interaction is required.`\n );\n // If previous iframe request failed, it's unlikely to succeed this time. Throw original error.\n throw refreshTokenError;\n }\n } else {\n // Cache policy set to skip and another iframe request is already in progress\n this.logger.warning(\n \"Another iframe request is currently in progress and CacheLookupPolicy is set to Skip. This may result in degraded performance and/or reliability for both calls. Please consider changing the CacheLookupPolicy to take advantage of request queuing and token cache.\",\n silentRequest.correlationId\n );\n return invokeAsync(\n this.acquireTokenBySilentIframe.bind(this),\n PerformanceEvents.AcquireTokenBySilentIframe,\n this.logger,\n this.performanceClient,\n silentRequest.correlationId\n )(silentRequest);\n }\n } else {\n // Error cannot be silently resolved or iframe renewal is not allowed, interaction required\n throw refreshTokenError;\n }\n });\n\n return result\n .then((response) => {\n this.eventHandler.emitEvent(\n EventType.ACQUIRE_TOKEN_SUCCESS,\n InteractionType.Silent,\n response\n );\n if (request.correlationId) {\n this.performanceClient.addFields(\n {\n fromCache: response.fromCache,\n isNativeBroker: response.fromNativeBroker,\n },\n request.correlationId\n );\n }\n\n return response;\n })\n .catch((tokenRenewalError: Error) => {\n this.eventHandler.emitEvent(\n EventType.ACQUIRE_TOKEN_FAILURE,\n InteractionType.Silent,\n null,\n tokenRenewalError\n );\n throw tokenRenewalError;\n })\n .finally(() => {\n document.removeEventListener(\n \"visibilitychange\",\n trackPageVisibility\n );\n });\n }\n\n /**\n * AcquireTokenSilent without the iframe fallback. This is used to enable the correct fallbacks in cases where there's a potential for multiple silent requests to be made in parallel and prevent those requests from making concurrent iframe requests.\n * @param silentRequest\n * @param cacheLookupPolicy\n * @returns\n */\n private async acquireTokenSilentNoIframe(\n silentRequest: CommonSilentFlowRequest,\n cacheLookupPolicy: CacheLookupPolicy\n ): Promise {\n if (\n NativeMessageHandler.isNativeAvailable(\n this.config,\n this.logger,\n this.nativeExtensionProvider,\n silentRequest.authenticationScheme\n ) &&\n silentRequest.account.nativeAccountId\n ) {\n this.logger.verbose(\n \"acquireTokenSilent - attempting to acquire token from native platform\"\n );\n return this.acquireTokenNative(\n silentRequest,\n ApiId.acquireTokenSilent_silentFlow\n ).catch(async (e: AuthError) => {\n // If native token acquisition fails for availability reasons fallback to web flow\n if (e instanceof NativeAuthError && isFatalNativeAuthError(e)) {\n this.logger.verbose(\n \"acquireTokenSilent - native platform unavailable, falling back to web flow\"\n );\n this.nativeExtensionProvider = undefined; // Prevent future requests from continuing to attempt\n\n // Cache will not contain tokens, given that previous WAM requests succeeded. Skip cache and RT renewal and go straight to iframe renewal\n throw createClientAuthError(\n ClientAuthErrorCodes.tokenRefreshRequired\n );\n }\n throw e;\n });\n } else {\n this.logger.verbose(\n \"acquireTokenSilent - attempting to acquire token from web flow\"\n );\n return invokeAsync(\n this.acquireTokenFromCache.bind(this),\n PerformanceEvents.AcquireTokenFromCache,\n this.logger,\n this.performanceClient,\n silentRequest.correlationId\n )(silentRequest, cacheLookupPolicy).catch(\n (cacheError: AuthError) => {\n if (cacheLookupPolicy === CacheLookupPolicy.AccessToken) {\n throw cacheError;\n }\n\n this.eventHandler.emitEvent(\n EventType.ACQUIRE_TOKEN_NETWORK_START,\n InteractionType.Silent,\n silentRequest\n );\n\n return invokeAsync(\n this.acquireTokenByRefreshToken.bind(this),\n PerformanceEvents.AcquireTokenByRefreshToken,\n this.logger,\n this.performanceClient,\n silentRequest.correlationId\n )(silentRequest, cacheLookupPolicy);\n }\n );\n }\n }\n}\n\n/**\n * Determines whether an error thrown by the refresh token endpoint can be resolved without interaction\n * @param refreshTokenError\n * @param silentRequest\n * @param cacheLookupPolicy\n * @returns\n */\nfunction checkIfRefreshTokenErrorCanBeResolvedSilently(\n refreshTokenError: AuthError,\n cacheLookupPolicy: CacheLookupPolicy\n): boolean {\n const noInteractionRequired = !(\n refreshTokenError instanceof InteractionRequiredAuthError &&\n // For refresh token errors, bad_token does not always require interaction (silently resolvable)\n refreshTokenError.subError !==\n InteractionRequiredAuthErrorCodes.badToken\n );\n\n // Errors that result when the refresh token needs to be replaced\n const refreshTokenRefreshRequired =\n refreshTokenError.errorCode === BrowserConstants.INVALID_GRANT_ERROR ||\n refreshTokenError.errorCode ===\n ClientAuthErrorCodes.tokenRefreshRequired;\n\n // Errors that may be resolved before falling back to interaction (through iframe renewal)\n const isSilentlyResolvable =\n (noInteractionRequired && refreshTokenRefreshRequired) ||\n refreshTokenError.errorCode ===\n InteractionRequiredAuthErrorCodes.noTokensFound ||\n refreshTokenError.errorCode ===\n InteractionRequiredAuthErrorCodes.refreshTokenExpired;\n\n // Only these policies allow for an iframe renewal attempt\n const tryIframeRenewal = iFrameRenewalPolicies.includes(cacheLookupPolicy);\n\n return isSilentlyResolvable && tryIframeRenewal;\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n createBrowserAuthError,\n BrowserAuthErrorCodes,\n} from \"../error/BrowserAuthError.js\";\nimport {\n IPerformanceClient,\n PerformanceEvents,\n} from \"@azure/msal-common/browser\";\nimport { KEY_FORMAT_JWK } from \"../utils/BrowserConstants.js\";\nimport { urlEncodeArr } from \"../encode/Base64Encode.js\";\n\n/**\n * This file defines functions used by the browser library to perform cryptography operations such as\n * hashing and encoding. It also has helper functions to validate the availability of specific APIs.\n */\n\n/**\n * See here for more info on RsaHashedKeyGenParams: https://developer.mozilla.org/en-US/docs/Web/API/RsaHashedKeyGenParams\n */\n// RSA KeyGen Algorithm\nconst PKCS1_V15_KEYGEN_ALG = \"RSASSA-PKCS1-v1_5\";\n// SHA-256 hashing algorithm\nconst S256_HASH_ALG = \"SHA-256\";\n// MOD length for PoP tokens\nconst MODULUS_LENGTH = 2048;\n// Public Exponent\nconst PUBLIC_EXPONENT: Uint8Array = new Uint8Array([0x01, 0x00, 0x01]);\n// UUID hex digits\nconst UUID_CHARS = \"0123456789abcdef\";\n// Array to store UINT32 random value\nconst UINT32_ARR = new Uint32Array(1);\n\nconst SUBTLE_SUBERROR = \"crypto_subtle_undefined\";\n\nconst keygenAlgorithmOptions: RsaHashedKeyGenParams = {\n name: PKCS1_V15_KEYGEN_ALG,\n hash: S256_HASH_ALG,\n modulusLength: MODULUS_LENGTH,\n publicExponent: PUBLIC_EXPONENT,\n};\n\n/**\n * Check whether browser crypto is available.\n */\nexport function validateCryptoAvailable(\n skipValidateSubtleCrypto: boolean\n): void {\n if (!window) {\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.nonBrowserEnvironment\n );\n }\n if (!window.crypto) {\n throw createBrowserAuthError(BrowserAuthErrorCodes.cryptoNonExistent);\n }\n if (!skipValidateSubtleCrypto && !window.crypto.subtle) {\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.cryptoNonExistent,\n SUBTLE_SUBERROR\n );\n }\n}\n\n/**\n * Returns a sha-256 hash of the given dataString as an ArrayBuffer.\n * @param dataString {string} data string\n * @param performanceClient {?IPerformanceClient}\n * @param correlationId {?string} correlation id\n */\nexport async function sha256Digest(\n dataString: string,\n performanceClient?: IPerformanceClient,\n correlationId?: string\n): Promise {\n performanceClient?.addQueueMeasurement(\n PerformanceEvents.Sha256Digest,\n correlationId\n );\n const encoder = new TextEncoder();\n const data = encoder.encode(dataString);\n return window.crypto.subtle.digest(\n S256_HASH_ALG,\n data\n ) as Promise;\n}\n\n/**\n * Populates buffer with cryptographically random values.\n * @param dataBuffer\n */\nexport function getRandomValues(dataBuffer: Uint8Array): Uint8Array {\n return window.crypto.getRandomValues(dataBuffer);\n}\n\n/**\n * Returns random Uint32 value.\n * @returns {number}\n */\nfunction getRandomUint32(): number {\n window.crypto.getRandomValues(UINT32_ARR);\n return UINT32_ARR[0];\n}\n\n/**\n * Creates a UUID v7 from the current timestamp.\n * Implementation relies on the system clock to guarantee increasing order of generated identifiers.\n * @returns {number}\n */\nexport function createNewGuid(): string {\n const currentTimestamp = Date.now();\n const baseRand = getRandomUint32() * 0x400 + (getRandomUint32() & 0x3ff);\n\n // Result byte array\n const bytes = new Uint8Array(16);\n // A 12-bit `rand_a` field value\n const randA = Math.trunc(baseRand / 2 ** 30);\n // The higher 30 bits of 62-bit `rand_b` field value\n const randBHi = baseRand & (2 ** 30 - 1);\n // The lower 32 bits of 62-bit `rand_b` field value\n const randBLo = getRandomUint32();\n\n bytes[0] = currentTimestamp / 2 ** 40;\n bytes[1] = currentTimestamp / 2 ** 32;\n bytes[2] = currentTimestamp / 2 ** 24;\n bytes[3] = currentTimestamp / 2 ** 16;\n bytes[4] = currentTimestamp / 2 ** 8;\n bytes[5] = currentTimestamp;\n bytes[6] = 0x70 | (randA >>> 8);\n bytes[7] = randA;\n bytes[8] = 0x80 | (randBHi >>> 24);\n bytes[9] = randBHi >>> 16;\n bytes[10] = randBHi >>> 8;\n bytes[11] = randBHi;\n bytes[12] = randBLo >>> 24;\n bytes[13] = randBLo >>> 16;\n bytes[14] = randBLo >>> 8;\n bytes[15] = randBLo;\n\n let text = \"\";\n for (let i = 0; i < bytes.length; i++) {\n text += UUID_CHARS.charAt(bytes[i] >>> 4);\n text += UUID_CHARS.charAt(bytes[i] & 0xf);\n if (i === 3 || i === 5 || i === 7 || i === 9) {\n text += \"-\";\n }\n }\n return text;\n}\n\n/**\n * Generates a keypair based on current keygen algorithm config.\n * @param extractable\n * @param usages\n */\nexport async function generateKeyPair(\n extractable: boolean,\n usages: Array\n): Promise {\n return window.crypto.subtle.generateKey(\n keygenAlgorithmOptions,\n extractable,\n usages\n ) as Promise;\n}\n\n/**\n * Export key as Json Web Key (JWK)\n * @param key\n */\nexport async function exportJwk(key: CryptoKey): Promise {\n return window.crypto.subtle.exportKey(\n KEY_FORMAT_JWK,\n key\n ) as Promise;\n}\n\n/**\n * Imports key as Json Web Key (JWK), can set extractable and usages.\n * @param key\n * @param extractable\n * @param usages\n */\nexport async function importJwk(\n key: JsonWebKey,\n extractable: boolean,\n usages: Array\n): Promise {\n return window.crypto.subtle.importKey(\n KEY_FORMAT_JWK,\n key,\n keygenAlgorithmOptions,\n extractable,\n usages\n ) as Promise;\n}\n\n/**\n * Signs given data with given key\n * @param key\n * @param data\n */\nexport async function sign(\n key: CryptoKey,\n data: ArrayBuffer\n): Promise {\n return window.crypto.subtle.sign(\n keygenAlgorithmOptions,\n key,\n data\n ) as Promise;\n}\n\n/**\n * Returns the SHA-256 hash of an input string\n * @param plainText\n */\nexport async function hashString(plainText: string): Promise {\n const hashBuffer: ArrayBuffer = await sha256Digest(plainText);\n const hashBytes = new Uint8Array(hashBuffer);\n return urlEncodeArr(hashBytes);\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n createBrowserAuthError,\n BrowserAuthErrorCodes,\n} from \"../error/BrowserAuthError.js\";\nimport {\n DB_NAME,\n DB_TABLE_NAME,\n DB_VERSION,\n} from \"../utils/BrowserConstants.js\";\nimport { IAsyncStorage } from \"./IAsyncStorage.js\";\n\ninterface IDBOpenDBRequestEvent extends Event {\n target: IDBOpenDBRequest & EventTarget;\n}\n\ninterface IDBOpenOnUpgradeNeededEvent extends IDBVersionChangeEvent {\n target: IDBOpenDBRequest & EventTarget;\n}\n\ninterface IDBRequestEvent extends Event {\n target: IDBRequest & EventTarget;\n}\n\n/**\n * Storage wrapper for IndexedDB storage in browsers: https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API\n */\nexport class DatabaseStorage implements IAsyncStorage {\n private db: IDBDatabase | undefined;\n private dbName: string;\n private tableName: string;\n private version: number;\n private dbOpen: boolean;\n\n constructor() {\n this.dbName = DB_NAME;\n this.version = DB_VERSION;\n this.tableName = DB_TABLE_NAME;\n this.dbOpen = false;\n }\n\n /**\n * Opens IndexedDB instance.\n */\n async open(): Promise {\n return new Promise((resolve, reject) => {\n const openDB = window.indexedDB.open(this.dbName, this.version);\n openDB.addEventListener(\n \"upgradeneeded\",\n (e: IDBVersionChangeEvent) => {\n const event = e as IDBOpenOnUpgradeNeededEvent;\n event.target.result.createObjectStore(this.tableName);\n }\n );\n openDB.addEventListener(\"success\", (e: Event) => {\n const event = e as IDBOpenDBRequestEvent;\n this.db = event.target.result;\n this.dbOpen = true;\n resolve();\n });\n openDB.addEventListener(\"error\", () =>\n reject(\n createBrowserAuthError(\n BrowserAuthErrorCodes.databaseUnavailable\n )\n )\n );\n });\n }\n\n /**\n * Closes the connection to IndexedDB database when all pending transactions\n * complete.\n */\n closeConnection(): void {\n const db = this.db;\n if (db && this.dbOpen) {\n db.close();\n this.dbOpen = false;\n }\n }\n\n /**\n * Opens database if it's not already open\n */\n private async validateDbIsOpen(): Promise {\n if (!this.dbOpen) {\n return this.open();\n }\n }\n\n /**\n * Retrieves item from IndexedDB instance.\n * @param key\n */\n async getItem(key: string): Promise {\n await this.validateDbIsOpen();\n return new Promise((resolve, reject) => {\n // TODO: Add timeouts?\n if (!this.db) {\n return reject(\n createBrowserAuthError(\n BrowserAuthErrorCodes.databaseNotOpen\n )\n );\n }\n const transaction = this.db.transaction(\n [this.tableName],\n \"readonly\"\n );\n const objectStore = transaction.objectStore(this.tableName);\n const dbGet = objectStore.get(key);\n\n dbGet.addEventListener(\"success\", (e: Event) => {\n const event = e as IDBRequestEvent;\n this.closeConnection();\n resolve(event.target.result);\n });\n\n dbGet.addEventListener(\"error\", (e: Event) => {\n this.closeConnection();\n reject(e);\n });\n });\n }\n\n /**\n * Adds item to IndexedDB under given key\n * @param key\n * @param payload\n */\n async setItem(key: string, payload: T): Promise {\n await this.validateDbIsOpen();\n return new Promise((resolve: Function, reject: Function) => {\n // TODO: Add timeouts?\n if (!this.db) {\n return reject(\n createBrowserAuthError(\n BrowserAuthErrorCodes.databaseNotOpen\n )\n );\n }\n const transaction = this.db.transaction(\n [this.tableName],\n \"readwrite\"\n );\n\n const objectStore = transaction.objectStore(this.tableName);\n\n const dbPut = objectStore.put(payload, key);\n\n dbPut.addEventListener(\"success\", () => {\n this.closeConnection();\n resolve();\n });\n\n dbPut.addEventListener(\"error\", (e) => {\n this.closeConnection();\n reject(e);\n });\n });\n }\n\n /**\n * Removes item from IndexedDB under given key\n * @param key\n */\n async removeItem(key: string): Promise {\n await this.validateDbIsOpen();\n return new Promise((resolve: Function, reject: Function) => {\n if (!this.db) {\n return reject(\n createBrowserAuthError(\n BrowserAuthErrorCodes.databaseNotOpen\n )\n );\n }\n\n const transaction = this.db.transaction(\n [this.tableName],\n \"readwrite\"\n );\n const objectStore = transaction.objectStore(this.tableName);\n const dbDelete = objectStore.delete(key);\n\n dbDelete.addEventListener(\"success\", () => {\n this.closeConnection();\n resolve();\n });\n\n dbDelete.addEventListener(\"error\", (e) => {\n this.closeConnection();\n reject(e);\n });\n });\n }\n\n /**\n * Get all the keys from the storage object as an iterable array of strings.\n */\n async getKeys(): Promise {\n await this.validateDbIsOpen();\n return new Promise((resolve: Function, reject: Function) => {\n if (!this.db) {\n return reject(\n createBrowserAuthError(\n BrowserAuthErrorCodes.databaseNotOpen\n )\n );\n }\n\n const transaction = this.db.transaction(\n [this.tableName],\n \"readonly\"\n );\n const objectStore = transaction.objectStore(this.tableName);\n const dbGetKeys = objectStore.getAllKeys();\n\n dbGetKeys.addEventListener(\"success\", (e: Event) => {\n const event = e as IDBRequestEvent;\n this.closeConnection();\n resolve(event.target.result);\n });\n\n dbGetKeys.addEventListener(\"error\", (e: Event) => {\n this.closeConnection();\n reject(e);\n });\n });\n }\n\n /**\n *\n * Checks whether there is an object under the search key in the object store\n */\n async containsKey(key: string): Promise {\n await this.validateDbIsOpen();\n\n return new Promise((resolve: Function, reject: Function) => {\n if (!this.db) {\n return reject(\n createBrowserAuthError(\n BrowserAuthErrorCodes.databaseNotOpen\n )\n );\n }\n\n const transaction = this.db.transaction(\n [this.tableName],\n \"readonly\"\n );\n const objectStore = transaction.objectStore(this.tableName);\n const dbContainsKey = objectStore.count(key);\n\n dbContainsKey.addEventListener(\"success\", (e: Event) => {\n const event = e as IDBRequestEvent;\n this.closeConnection();\n resolve(event.target.result === 1);\n });\n\n dbContainsKey.addEventListener(\"error\", (e: Event) => {\n this.closeConnection();\n reject(e);\n });\n });\n }\n\n /**\n * Deletes the MSAL database. The database is deleted rather than cleared to make it possible\n * for client applications to downgrade to a previous MSAL version without worrying about forward compatibility issues\n * with IndexedDB database versions.\n */\n async deleteDatabase(): Promise {\n // Check if database being deleted exists\n\n if (this.db && this.dbOpen) {\n this.closeConnection();\n }\n\n return new Promise((resolve: Function, reject: Function) => {\n const deleteDbRequest = window.indexedDB.deleteDatabase(DB_NAME);\n const id = setTimeout(() => reject(false), 200); // Reject if events aren't raised within 200ms\n deleteDbRequest.addEventListener(\"success\", () => {\n clearTimeout(id);\n return resolve(true);\n });\n deleteDbRequest.addEventListener(\"blocked\", () => {\n clearTimeout(id);\n return resolve(true);\n });\n deleteDbRequest.addEventListener(\"error\", () => {\n clearTimeout(id);\n return reject(false);\n });\n });\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { Logger } from \"@azure/msal-common/browser\";\nimport {\n BrowserAuthError,\n BrowserAuthErrorCodes,\n} from \"../error/BrowserAuthError.js\";\nimport { DatabaseStorage } from \"./DatabaseStorage.js\";\nimport { IAsyncStorage } from \"./IAsyncStorage.js\";\nimport { MemoryStorage } from \"./MemoryStorage.js\";\n\n/**\n * This class allows MSAL to store artifacts asynchronously using the DatabaseStorage IndexedDB wrapper,\n * backed up with the more volatile MemoryStorage object for cases in which IndexedDB may be unavailable.\n */\nexport class AsyncMemoryStorage implements IAsyncStorage {\n private inMemoryCache: MemoryStorage;\n private indexedDBCache: DatabaseStorage;\n private logger: Logger;\n\n constructor(logger: Logger) {\n this.inMemoryCache = new MemoryStorage();\n this.indexedDBCache = new DatabaseStorage();\n this.logger = logger;\n }\n\n private handleDatabaseAccessError(error: unknown): void {\n if (\n error instanceof BrowserAuthError &&\n error.errorCode === BrowserAuthErrorCodes.databaseUnavailable\n ) {\n this.logger.error(\n \"Could not access persistent storage. This may be caused by browser privacy features which block persistent storage in third-party contexts.\"\n );\n } else {\n throw error;\n }\n }\n /**\n * Get the item matching the given key. Tries in-memory cache first, then in the asynchronous\n * storage object if item isn't found in-memory.\n * @param key\n */\n async getItem(key: string): Promise {\n const item = this.inMemoryCache.getItem(key);\n if (!item) {\n try {\n this.logger.verbose(\n \"Queried item not found in in-memory cache, now querying persistent storage.\"\n );\n return await this.indexedDBCache.getItem(key);\n } catch (e) {\n this.handleDatabaseAccessError(e);\n }\n }\n return item;\n }\n\n /**\n * Sets the item in the in-memory cache and then tries to set it in the asynchronous\n * storage object with the given key.\n * @param key\n * @param value\n */\n async setItem(key: string, value: T): Promise {\n this.inMemoryCache.setItem(key, value);\n try {\n await this.indexedDBCache.setItem(key, value);\n } catch (e) {\n this.handleDatabaseAccessError(e);\n }\n }\n\n /**\n * Removes the item matching the key from the in-memory cache, then tries to remove it from the asynchronous storage object.\n * @param key\n */\n async removeItem(key: string): Promise {\n this.inMemoryCache.removeItem(key);\n try {\n await this.indexedDBCache.removeItem(key);\n } catch (e) {\n this.handleDatabaseAccessError(e);\n }\n }\n\n /**\n * Get all the keys from the in-memory cache as an iterable array of strings. If no keys are found, query the keys in the\n * asynchronous storage object.\n */\n async getKeys(): Promise {\n const cacheKeys = this.inMemoryCache.getKeys();\n if (cacheKeys.length === 0) {\n try {\n this.logger.verbose(\n \"In-memory cache is empty, now querying persistent storage.\"\n );\n return await this.indexedDBCache.getKeys();\n } catch (e) {\n this.handleDatabaseAccessError(e);\n }\n }\n return cacheKeys;\n }\n\n /**\n * Returns true or false if the given key is present in the cache.\n * @param key\n */\n async containsKey(key: string): Promise {\n const containsKey = this.inMemoryCache.containsKey(key);\n if (!containsKey) {\n try {\n this.logger.verbose(\n \"Key not found in in-memory cache, now querying persistent storage.\"\n );\n return await this.indexedDBCache.containsKey(key);\n } catch (e) {\n this.handleDatabaseAccessError(e);\n }\n }\n return containsKey;\n }\n\n /**\n * Clears in-memory Map\n */\n clearInMemory(): void {\n // InMemory cache is a Map instance, clear is straightforward\n this.logger.verbose(`Deleting in-memory keystore`);\n this.inMemoryCache.clear();\n this.logger.verbose(`In-memory keystore deleted`);\n }\n\n /**\n * Tries to delete the IndexedDB database\n * @returns\n */\n async clearPersistent(): Promise {\n try {\n this.logger.verbose(\"Deleting persistent keystore\");\n const dbDeleted = await this.indexedDBCache.deleteDatabase();\n if (dbDeleted) {\n this.logger.verbose(\"Persistent keystore deleted\");\n }\n\n return dbDeleted;\n } catch (e) {\n this.handleDatabaseAccessError(e);\n return false;\n }\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n ICrypto,\n IPerformanceClient,\n JoseHeader,\n Logger,\n PerformanceEvents,\n ShrOptions,\n SignedHttpRequest,\n SignedHttpRequestParameters,\n} from \"@azure/msal-common/browser\";\nimport {\n base64Encode,\n urlEncode,\n urlEncodeArr,\n} from \"../encode/Base64Encode.js\";\nimport { base64Decode } from \"../encode/Base64Decode.js\";\nimport * as BrowserCrypto from \"./BrowserCrypto.js\";\nimport {\n createBrowserAuthError,\n BrowserAuthErrorCodes,\n} from \"../error/BrowserAuthError.js\";\nimport { AsyncMemoryStorage } from \"../cache/AsyncMemoryStorage.js\";\n\nexport type CachedKeyPair = {\n publicKey: CryptoKey;\n privateKey: CryptoKey;\n requestMethod?: string;\n requestUri?: string;\n};\n\n/**\n * This class implements MSAL's crypto interface, which allows it to perform base64 encoding and decoding, generating cryptographically random GUIDs and\n * implementing Proof Key for Code Exchange specs for the OAuth Authorization Code Flow using PKCE (rfc here: https://tools.ietf.org/html/rfc7636).\n */\nexport class CryptoOps implements ICrypto {\n private logger: Logger;\n\n /**\n * CryptoOps can be used in contexts outside a PCA instance,\n * meaning there won't be a performance manager available.\n */\n private performanceClient: IPerformanceClient | undefined;\n\n private static POP_KEY_USAGES: Array = [\"sign\", \"verify\"];\n private static EXTRACTABLE: boolean = true;\n private cache: AsyncMemoryStorage;\n\n constructor(\n logger: Logger,\n performanceClient?: IPerformanceClient,\n skipValidateSubtleCrypto?: boolean\n ) {\n this.logger = logger;\n // Browser crypto needs to be validated first before any other classes can be set.\n BrowserCrypto.validateCryptoAvailable(\n skipValidateSubtleCrypto ?? false\n );\n this.cache = new AsyncMemoryStorage(this.logger);\n this.performanceClient = performanceClient;\n }\n\n /**\n * Creates a new random GUID - used to populate state and nonce.\n * @returns string (GUID)\n */\n createNewGuid(): string {\n return BrowserCrypto.createNewGuid();\n }\n\n /**\n * Encodes input string to base64.\n * @param input\n */\n base64Encode(input: string): string {\n return base64Encode(input);\n }\n\n /**\n * Decodes input string from base64.\n * @param input\n */\n base64Decode(input: string): string {\n return base64Decode(input);\n }\n\n /**\n * Encodes input string to base64 URL safe string.\n * @param input\n */\n base64UrlEncode(input: string): string {\n return urlEncode(input);\n }\n\n /**\n * Stringifies and base64Url encodes input public key\n * @param inputKid\n * @returns Base64Url encoded public key\n */\n encodeKid(inputKid: string): string {\n return this.base64UrlEncode(JSON.stringify({ kid: inputKid }));\n }\n\n /**\n * Generates a keypair, stores it and returns a thumbprint\n * @param request\n */\n async getPublicKeyThumbprint(\n request: SignedHttpRequestParameters\n ): Promise {\n const publicKeyThumbMeasurement =\n this.performanceClient?.startMeasurement(\n PerformanceEvents.CryptoOptsGetPublicKeyThumbprint,\n request.correlationId\n );\n\n // Generate Keypair\n const keyPair: CryptoKeyPair = await BrowserCrypto.generateKeyPair(\n CryptoOps.EXTRACTABLE,\n CryptoOps.POP_KEY_USAGES\n );\n\n // Generate Thumbprint for Public Key\n const publicKeyJwk: JsonWebKey = await BrowserCrypto.exportJwk(\n keyPair.publicKey\n );\n\n const pubKeyThumprintObj: JsonWebKey = {\n e: publicKeyJwk.e,\n kty: publicKeyJwk.kty,\n n: publicKeyJwk.n,\n };\n\n const publicJwkString: string =\n getSortedObjectString(pubKeyThumprintObj);\n const publicJwkHash = await this.hashString(publicJwkString);\n\n // Generate Thumbprint for Private Key\n const privateKeyJwk: JsonWebKey = await BrowserCrypto.exportJwk(\n keyPair.privateKey\n );\n // Re-import private key to make it unextractable\n const unextractablePrivateKey: CryptoKey =\n await BrowserCrypto.importJwk(privateKeyJwk, false, [\"sign\"]);\n\n // Store Keypair data in keystore\n await this.cache.setItem(publicJwkHash, {\n privateKey: unextractablePrivateKey,\n publicKey: keyPair.publicKey,\n requestMethod: request.resourceRequestMethod,\n requestUri: request.resourceRequestUri,\n });\n\n if (publicKeyThumbMeasurement) {\n publicKeyThumbMeasurement.end({\n success: true,\n });\n }\n\n return publicJwkHash;\n }\n\n /**\n * Removes cryptographic keypair from key store matching the keyId passed in\n * @param kid\n */\n async removeTokenBindingKey(kid: string): Promise {\n await this.cache.removeItem(kid);\n const keyFound = await this.cache.containsKey(kid);\n return !keyFound;\n }\n\n /**\n * Removes all cryptographic keys from IndexedDB storage\n */\n async clearKeystore(): Promise {\n // Delete in-memory keystores\n this.cache.clearInMemory();\n\n /**\n * There is only one database, so calling clearPersistent on asymmetric keystore takes care of\n * every persistent keystore\n */\n try {\n await this.cache.clearPersistent();\n return true;\n } catch (e) {\n if (e instanceof Error) {\n this.logger.error(\n `Clearing keystore failed with error: ${e.message}`\n );\n } else {\n this.logger.error(\n \"Clearing keystore failed with unknown error\"\n );\n }\n\n return false;\n }\n }\n\n /**\n * Signs the given object as a jwt payload with private key retrieved by given kid.\n * @param payload\n * @param kid\n */\n async signJwt(\n payload: SignedHttpRequest,\n kid: string,\n shrOptions?: ShrOptions,\n correlationId?: string\n ): Promise {\n const signJwtMeasurement = this.performanceClient?.startMeasurement(\n PerformanceEvents.CryptoOptsSignJwt,\n correlationId\n );\n const cachedKeyPair = await this.cache.getItem(kid);\n\n if (!cachedKeyPair) {\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.cryptoKeyNotFound\n );\n }\n\n // Get public key as JWK\n const publicKeyJwk = await BrowserCrypto.exportJwk(\n cachedKeyPair.publicKey\n );\n const publicKeyJwkString = getSortedObjectString(publicKeyJwk);\n // Base64URL encode public key thumbprint with keyId only: BASE64URL({ kid: \"FULL_PUBLIC_KEY_HASH\" })\n const encodedKeyIdThumbprint = urlEncode(JSON.stringify({ kid: kid }));\n // Generate header\n const shrHeader = JoseHeader.getShrHeaderString({\n ...shrOptions?.header,\n alg: publicKeyJwk.alg,\n kid: encodedKeyIdThumbprint,\n });\n\n const encodedShrHeader = urlEncode(shrHeader);\n\n // Generate payload\n payload.cnf = {\n jwk: JSON.parse(publicKeyJwkString),\n };\n const encodedPayload = urlEncode(JSON.stringify(payload));\n\n // Form token string\n const tokenString = `${encodedShrHeader}.${encodedPayload}`;\n\n // Sign token\n const encoder = new TextEncoder();\n const tokenBuffer = encoder.encode(tokenString);\n const signatureBuffer = await BrowserCrypto.sign(\n cachedKeyPair.privateKey,\n tokenBuffer\n );\n const encodedSignature = urlEncodeArr(new Uint8Array(signatureBuffer));\n\n const signedJwt = `${tokenString}.${encodedSignature}`;\n\n if (signJwtMeasurement) {\n signJwtMeasurement.end({\n success: true,\n });\n }\n\n return signedJwt;\n }\n\n /**\n * Returns the SHA-256 hash of an input string\n * @param plainText\n */\n async hashString(plainText: string): Promise {\n return BrowserCrypto.hashString(plainText);\n }\n}\n\nfunction getSortedObjectString(obj: object): string {\n return JSON.stringify(obj, Object.keys(obj).sort());\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n IPerformanceClient,\n Logger,\n PerformanceEvents,\n PkceCodes,\n invoke,\n invokeAsync,\n} from \"@azure/msal-common/browser\";\nimport {\n createBrowserAuthError,\n BrowserAuthErrorCodes,\n} from \"../error/BrowserAuthError.js\";\nimport { urlEncodeArr } from \"../encode/Base64Encode.js\";\nimport { getRandomValues, sha256Digest } from \"./BrowserCrypto.js\";\n\n// Constant byte array length\nconst RANDOM_BYTE_ARR_LENGTH = 32;\n\n/**\n * This file defines APIs to generate PKCE codes and code verifiers.\n */\n\n/**\n * Generates PKCE Codes. See the RFC for more information: https://tools.ietf.org/html/rfc7636\n */\nexport async function generatePkceCodes(\n performanceClient: IPerformanceClient,\n logger: Logger,\n correlationId: string\n): Promise {\n performanceClient.addQueueMeasurement(\n PerformanceEvents.GeneratePkceCodes,\n correlationId\n );\n const codeVerifier = invoke(\n generateCodeVerifier,\n PerformanceEvents.GenerateCodeVerifier,\n logger,\n performanceClient,\n correlationId\n )(performanceClient, logger, correlationId);\n const codeChallenge = await invokeAsync(\n generateCodeChallengeFromVerifier,\n PerformanceEvents.GenerateCodeChallengeFromVerifier,\n logger,\n performanceClient,\n correlationId\n )(codeVerifier, performanceClient, logger, correlationId);\n return {\n verifier: codeVerifier,\n challenge: codeChallenge,\n };\n}\n\n/**\n * Generates a random 32 byte buffer and returns the base64\n * encoded string to be used as a PKCE Code Verifier\n */\nfunction generateCodeVerifier(\n performanceClient: IPerformanceClient,\n logger: Logger,\n correlationId: string\n): string {\n try {\n // Generate random values as utf-8\n const buffer: Uint8Array = new Uint8Array(RANDOM_BYTE_ARR_LENGTH);\n invoke(\n getRandomValues,\n PerformanceEvents.GetRandomValues,\n logger,\n performanceClient,\n correlationId\n )(buffer);\n // encode verifier as base64\n const pkceCodeVerifierB64: string = urlEncodeArr(buffer);\n return pkceCodeVerifierB64;\n } catch (e) {\n throw createBrowserAuthError(BrowserAuthErrorCodes.pkceNotCreated);\n }\n}\n\n/**\n * Creates a base64 encoded PKCE Code Challenge string from the\n * hash created from the PKCE Code Verifier supplied\n */\nasync function generateCodeChallengeFromVerifier(\n pkceCodeVerifier: string,\n performanceClient: IPerformanceClient,\n logger: Logger,\n correlationId: string\n): Promise {\n performanceClient.addQueueMeasurement(\n PerformanceEvents.GenerateCodeChallengeFromVerifier,\n correlationId\n );\n try {\n // hashed verifier\n const pkceHashedCodeVerifier = await invokeAsync(\n sha256Digest,\n PerformanceEvents.Sha256Digest,\n logger,\n performanceClient,\n correlationId\n )(pkceCodeVerifier, performanceClient, correlationId);\n // encode hash as base64\n return urlEncodeArr(new Uint8Array(pkceHashedCodeVerifier));\n } catch (e) {\n throw createBrowserAuthError(BrowserAuthErrorCodes.pkceNotCreated);\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n BrowserAuthErrorCodes,\n createBrowserAuthError,\n} from \"../error/BrowserAuthError.js\";\n\n/**\n * Class which exposes APIs to decode base64 strings to plaintext. See here for implementation details:\n * https://developer.mozilla.org/en-US/docs/Glossary/Base64#the_unicode_problem\n */\n\n/**\n * Returns a URL-safe plaintext decoded string from b64 encoded input.\n * @param input\n */\nexport function base64Decode(input: string): string {\n return new TextDecoder().decode(base64DecToArr(input));\n}\n\n/**\n * Decodes base64 into Uint8Array\n * @param base64String\n */\nfunction base64DecToArr(base64String: string): Uint8Array {\n let encodedString = base64String.replace(/-/g, \"+\").replace(/_/g, \"/\");\n switch (encodedString.length % 4) {\n case 0:\n break;\n case 2:\n encodedString += \"==\";\n break;\n case 3:\n encodedString += \"=\";\n break;\n default:\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.invalidBase64String\n );\n }\n const binString = atob(encodedString);\n return Uint8Array.from(binString, (m) => m.codePointAt(0) || 0);\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\n/**\n * Class which exposes APIs to encode plaintext to base64 encoded string. See here for implementation details:\n * https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/Base64_encoding_and_decoding#Solution_2_%E2%80%93_JavaScript's_UTF-16_%3E_UTF-8_%3E_base64\n */\n\n/**\n * Returns URL Safe b64 encoded string from a plaintext string.\n * @param input\n */\nexport function urlEncode(input: string): string {\n return encodeURIComponent(\n base64Encode(input)\n .replace(/=/g, \"\")\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n );\n}\n\n/**\n * Returns URL Safe b64 encoded string from an int8Array.\n * @param inputArr\n */\nexport function urlEncodeArr(inputArr: Uint8Array): string {\n return base64EncArr(inputArr)\n .replace(/=/g, \"\")\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\");\n}\n\n/**\n * Returns b64 encoded string from plaintext string.\n * @param input\n */\nexport function base64Encode(input: string): string {\n return base64EncArr(new TextEncoder().encode(input));\n}\n\n/**\n * Base64 encode byte array\n * @param aBytes\n */\nfunction base64EncArr(aBytes: Uint8Array): string {\n const binString = Array.from(aBytes, (x) => String.fromCodePoint(x)).join(\n \"\"\n );\n return btoa(binString);\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { AuthError } from \"@azure/msal-common/browser\";\nimport * as BrowserAuthErrorCodes from \"./BrowserAuthErrorCodes.js\";\nexport { BrowserAuthErrorCodes }; // Allow importing as \"BrowserAuthErrorCodes\"\n\nconst ErrorLink = \"For more visit: aka.ms/msaljs/browser-errors\";\n\n/**\n * BrowserAuthErrorMessage class containing string constants used by error codes and messages.\n */\nexport const BrowserAuthErrorMessages = {\n [BrowserAuthErrorCodes.pkceNotCreated]:\n \"The PKCE code challenge and verifier could not be generated.\",\n [BrowserAuthErrorCodes.cryptoNonExistent]:\n \"The crypto object or function is not available.\",\n [BrowserAuthErrorCodes.emptyNavigateUri]:\n \"Navigation URI is empty. Please check stack trace for more info.\",\n [BrowserAuthErrorCodes.hashEmptyError]: `Hash value cannot be processed because it is empty. Please verify that your redirectUri is not clearing the hash. ${ErrorLink}`,\n [BrowserAuthErrorCodes.noStateInHash]:\n \"Hash does not contain state. Please verify that the request originated from msal.\",\n [BrowserAuthErrorCodes.hashDoesNotContainKnownProperties]: `Hash does not contain known properites. Please verify that your redirectUri is not changing the hash. ${ErrorLink}`,\n [BrowserAuthErrorCodes.unableToParseState]:\n \"Unable to parse state. Please verify that the request originated from msal.\",\n [BrowserAuthErrorCodes.stateInteractionTypeMismatch]:\n \"Hash contains state but the interaction type does not match the caller.\",\n [BrowserAuthErrorCodes.interactionInProgress]: `Interaction is currently in progress. Please ensure that this interaction has been completed before calling an interactive API. ${ErrorLink}`,\n [BrowserAuthErrorCodes.popupWindowError]:\n \"Error opening popup window. This can happen if you are using IE or if popups are blocked in the browser.\",\n [BrowserAuthErrorCodes.emptyWindowError]:\n \"window.open returned null or undefined window object.\",\n [BrowserAuthErrorCodes.userCancelled]: \"User cancelled the flow.\",\n [BrowserAuthErrorCodes.monitorPopupTimeout]: `Token acquisition in popup failed due to timeout. ${ErrorLink}`,\n [BrowserAuthErrorCodes.monitorWindowTimeout]: `Token acquisition in iframe failed due to timeout. ${ErrorLink}`,\n [BrowserAuthErrorCodes.redirectInIframe]:\n \"Redirects are not supported for iframed or brokered applications. Please ensure you are using MSAL.js in a top frame of the window if using the redirect APIs, or use the popup APIs.\",\n [BrowserAuthErrorCodes.blockIframeReload]: `Request was blocked inside an iframe because MSAL detected an authentication response. ${ErrorLink}`,\n [BrowserAuthErrorCodes.blockNestedPopups]:\n \"Request was blocked inside a popup because MSAL detected it was running in a popup.\",\n [BrowserAuthErrorCodes.iframeClosedPrematurely]:\n \"The iframe being monitored was closed prematurely.\",\n [BrowserAuthErrorCodes.silentLogoutUnsupported]:\n \"Silent logout not supported. Please call logoutRedirect or logoutPopup instead.\",\n [BrowserAuthErrorCodes.noAccountError]:\n \"No account object provided to acquireTokenSilent and no active account has been set. Please call setActiveAccount or provide an account on the request.\",\n [BrowserAuthErrorCodes.silentPromptValueError]:\n \"The value given for the prompt value is not valid for silent requests - must be set to 'none' or 'no_session'.\",\n [BrowserAuthErrorCodes.noTokenRequestCacheError]:\n \"No token request found in cache.\",\n [BrowserAuthErrorCodes.unableToParseTokenRequestCacheError]:\n \"The cached token request could not be parsed.\",\n [BrowserAuthErrorCodes.noCachedAuthorityError]:\n \"No cached authority found.\",\n [BrowserAuthErrorCodes.authRequestNotSetError]:\n \"Auth Request not set. Please ensure initiateAuthRequest was called from the InteractionHandler\",\n [BrowserAuthErrorCodes.invalidCacheType]: \"Invalid cache type\",\n [BrowserAuthErrorCodes.nonBrowserEnvironment]:\n \"Login and token requests are not supported in non-browser environments.\",\n [BrowserAuthErrorCodes.databaseNotOpen]: \"Database is not open!\",\n [BrowserAuthErrorCodes.noNetworkConnectivity]:\n \"No network connectivity. Check your internet connection.\",\n [BrowserAuthErrorCodes.postRequestFailed]:\n \"Network request failed: If the browser threw a CORS error, check that the redirectUri is registered in the Azure App Portal as type 'SPA'\",\n [BrowserAuthErrorCodes.getRequestFailed]:\n \"Network request failed. Please check the network trace to determine root cause.\",\n [BrowserAuthErrorCodes.failedToParseResponse]:\n \"Failed to parse network response. Check network trace.\",\n [BrowserAuthErrorCodes.unableToLoadToken]: \"Error loading token to cache.\",\n [BrowserAuthErrorCodes.cryptoKeyNotFound]:\n \"Cryptographic Key or Keypair not found in browser storage.\",\n [BrowserAuthErrorCodes.authCodeRequired]:\n \"An authorization code must be provided (as the `code` property on the request) to this flow.\",\n [BrowserAuthErrorCodes.authCodeOrNativeAccountIdRequired]:\n \"An authorization code or nativeAccountId must be provided to this flow.\",\n [BrowserAuthErrorCodes.spaCodeAndNativeAccountIdPresent]:\n \"Request cannot contain both spa code and native account id.\",\n [BrowserAuthErrorCodes.databaseUnavailable]:\n \"IndexedDB, which is required for persistent cryptographic key storage, is unavailable. This may be caused by browser privacy features which block persistent storage in third-party contexts.\",\n [BrowserAuthErrorCodes.unableToAcquireTokenFromNativePlatform]: `Unable to acquire token from native platform. ${ErrorLink}`,\n [BrowserAuthErrorCodes.nativeHandshakeTimeout]:\n \"Timed out while attempting to establish connection to browser extension\",\n [BrowserAuthErrorCodes.nativeExtensionNotInstalled]:\n \"Native extension is not installed. If you think this is a mistake call the initialize function.\",\n [BrowserAuthErrorCodes.nativeConnectionNotEstablished]: `Connection to native platform has not been established. Please install a compatible browser extension and run initialize(). ${ErrorLink}`,\n [BrowserAuthErrorCodes.uninitializedPublicClientApplication]: `You must call and await the initialize function before attempting to call any other MSAL API. ${ErrorLink}`,\n [BrowserAuthErrorCodes.nativePromptNotSupported]:\n \"The provided prompt is not supported by the native platform. This request should be routed to the web based flow.\",\n [BrowserAuthErrorCodes.invalidBase64String]:\n \"Invalid base64 encoded string.\",\n [BrowserAuthErrorCodes.invalidPopTokenRequest]:\n \"Invalid PoP token request. The request should not have both a popKid value and signPopToken set to true.\",\n [BrowserAuthErrorCodes.failedToBuildHeaders]:\n \"Failed to build request headers object.\",\n [BrowserAuthErrorCodes.failedToParseHeaders]:\n \"Failed to parse response headers\",\n};\n\n/**\n * BrowserAuthErrorMessage class containing string constants used by error codes and messages.\n * @deprecated Use exported BrowserAuthErrorCodes instead.\n * In your app you can do :\n * ```\n * import { BrowserAuthErrorCodes } from \"@azure/msal-browser\";\n * ```\n */\nexport const BrowserAuthErrorMessage = {\n pkceNotGenerated: {\n code: BrowserAuthErrorCodes.pkceNotCreated,\n desc: BrowserAuthErrorMessages[BrowserAuthErrorCodes.pkceNotCreated],\n },\n cryptoDoesNotExist: {\n code: BrowserAuthErrorCodes.cryptoNonExistent,\n desc: BrowserAuthErrorMessages[BrowserAuthErrorCodes.cryptoNonExistent],\n },\n emptyNavigateUriError: {\n code: BrowserAuthErrorCodes.emptyNavigateUri,\n desc: BrowserAuthErrorMessages[BrowserAuthErrorCodes.emptyNavigateUri],\n },\n hashEmptyError: {\n code: BrowserAuthErrorCodes.hashEmptyError,\n desc: BrowserAuthErrorMessages[BrowserAuthErrorCodes.hashEmptyError],\n },\n hashDoesNotContainStateError: {\n code: BrowserAuthErrorCodes.noStateInHash,\n desc: BrowserAuthErrorMessages[BrowserAuthErrorCodes.noStateInHash],\n },\n hashDoesNotContainKnownPropertiesError: {\n code: BrowserAuthErrorCodes.hashDoesNotContainKnownProperties,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.hashDoesNotContainKnownProperties\n ],\n },\n unableToParseStateError: {\n code: BrowserAuthErrorCodes.unableToParseState,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.unableToParseState\n ],\n },\n stateInteractionTypeMismatchError: {\n code: BrowserAuthErrorCodes.stateInteractionTypeMismatch,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.stateInteractionTypeMismatch\n ],\n },\n interactionInProgress: {\n code: BrowserAuthErrorCodes.interactionInProgress,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.interactionInProgress\n ],\n },\n popupWindowError: {\n code: BrowserAuthErrorCodes.popupWindowError,\n desc: BrowserAuthErrorMessages[BrowserAuthErrorCodes.popupWindowError],\n },\n emptyWindowError: {\n code: BrowserAuthErrorCodes.emptyWindowError,\n desc: BrowserAuthErrorMessages[BrowserAuthErrorCodes.emptyWindowError],\n },\n userCancelledError: {\n code: BrowserAuthErrorCodes.userCancelled,\n desc: BrowserAuthErrorMessages[BrowserAuthErrorCodes.userCancelled],\n },\n monitorPopupTimeoutError: {\n code: BrowserAuthErrorCodes.monitorPopupTimeout,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.monitorPopupTimeout\n ],\n },\n monitorIframeTimeoutError: {\n code: BrowserAuthErrorCodes.monitorWindowTimeout,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.monitorWindowTimeout\n ],\n },\n redirectInIframeError: {\n code: BrowserAuthErrorCodes.redirectInIframe,\n desc: BrowserAuthErrorMessages[BrowserAuthErrorCodes.redirectInIframe],\n },\n blockTokenRequestsInHiddenIframeError: {\n code: BrowserAuthErrorCodes.blockIframeReload,\n desc: BrowserAuthErrorMessages[BrowserAuthErrorCodes.blockIframeReload],\n },\n blockAcquireTokenInPopupsError: {\n code: BrowserAuthErrorCodes.blockNestedPopups,\n desc: BrowserAuthErrorMessages[BrowserAuthErrorCodes.blockNestedPopups],\n },\n iframeClosedPrematurelyError: {\n code: BrowserAuthErrorCodes.iframeClosedPrematurely,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.iframeClosedPrematurely\n ],\n },\n silentLogoutUnsupportedError: {\n code: BrowserAuthErrorCodes.silentLogoutUnsupported,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.silentLogoutUnsupported\n ],\n },\n noAccountError: {\n code: BrowserAuthErrorCodes.noAccountError,\n desc: BrowserAuthErrorMessages[BrowserAuthErrorCodes.noAccountError],\n },\n silentPromptValueError: {\n code: BrowserAuthErrorCodes.silentPromptValueError,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.silentPromptValueError\n ],\n },\n noTokenRequestCacheError: {\n code: BrowserAuthErrorCodes.noTokenRequestCacheError,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.noTokenRequestCacheError\n ],\n },\n unableToParseTokenRequestCacheError: {\n code: BrowserAuthErrorCodes.unableToParseTokenRequestCacheError,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.unableToParseTokenRequestCacheError\n ],\n },\n noCachedAuthorityError: {\n code: BrowserAuthErrorCodes.noCachedAuthorityError,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.noCachedAuthorityError\n ],\n },\n authRequestNotSet: {\n code: BrowserAuthErrorCodes.authRequestNotSetError,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.authRequestNotSetError\n ],\n },\n invalidCacheType: {\n code: BrowserAuthErrorCodes.invalidCacheType,\n desc: BrowserAuthErrorMessages[BrowserAuthErrorCodes.invalidCacheType],\n },\n notInBrowserEnvironment: {\n code: BrowserAuthErrorCodes.nonBrowserEnvironment,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.nonBrowserEnvironment\n ],\n },\n databaseNotOpen: {\n code: BrowserAuthErrorCodes.databaseNotOpen,\n desc: BrowserAuthErrorMessages[BrowserAuthErrorCodes.databaseNotOpen],\n },\n noNetworkConnectivity: {\n code: BrowserAuthErrorCodes.noNetworkConnectivity,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.noNetworkConnectivity\n ],\n },\n postRequestFailed: {\n code: BrowserAuthErrorCodes.postRequestFailed,\n desc: BrowserAuthErrorMessages[BrowserAuthErrorCodes.postRequestFailed],\n },\n getRequestFailed: {\n code: BrowserAuthErrorCodes.getRequestFailed,\n desc: BrowserAuthErrorMessages[BrowserAuthErrorCodes.getRequestFailed],\n },\n failedToParseNetworkResponse: {\n code: BrowserAuthErrorCodes.failedToParseResponse,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.failedToParseResponse\n ],\n },\n unableToLoadTokenError: {\n code: BrowserAuthErrorCodes.unableToLoadToken,\n desc: BrowserAuthErrorMessages[BrowserAuthErrorCodes.unableToLoadToken],\n },\n signingKeyNotFoundInStorage: {\n code: BrowserAuthErrorCodes.cryptoKeyNotFound,\n desc: BrowserAuthErrorMessages[BrowserAuthErrorCodes.cryptoKeyNotFound],\n },\n authCodeRequired: {\n code: BrowserAuthErrorCodes.authCodeRequired,\n desc: BrowserAuthErrorMessages[BrowserAuthErrorCodes.authCodeRequired],\n },\n authCodeOrNativeAccountRequired: {\n code: BrowserAuthErrorCodes.authCodeOrNativeAccountIdRequired,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.authCodeOrNativeAccountIdRequired\n ],\n },\n spaCodeAndNativeAccountPresent: {\n code: BrowserAuthErrorCodes.spaCodeAndNativeAccountIdPresent,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.spaCodeAndNativeAccountIdPresent\n ],\n },\n databaseUnavailable: {\n code: BrowserAuthErrorCodes.databaseUnavailable,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.databaseUnavailable\n ],\n },\n unableToAcquireTokenFromNativePlatform: {\n code: BrowserAuthErrorCodes.unableToAcquireTokenFromNativePlatform,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.unableToAcquireTokenFromNativePlatform\n ],\n },\n nativeHandshakeTimeout: {\n code: BrowserAuthErrorCodes.nativeHandshakeTimeout,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.nativeHandshakeTimeout\n ],\n },\n nativeExtensionNotInstalled: {\n code: BrowserAuthErrorCodes.nativeExtensionNotInstalled,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.nativeExtensionNotInstalled\n ],\n },\n nativeConnectionNotEstablished: {\n code: BrowserAuthErrorCodes.nativeConnectionNotEstablished,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.nativeConnectionNotEstablished\n ],\n },\n uninitializedPublicClientApplication: {\n code: BrowserAuthErrorCodes.uninitializedPublicClientApplication,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.uninitializedPublicClientApplication\n ],\n },\n nativePromptNotSupported: {\n code: BrowserAuthErrorCodes.nativePromptNotSupported,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.nativePromptNotSupported\n ],\n },\n invalidBase64StringError: {\n code: BrowserAuthErrorCodes.invalidBase64String,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.invalidBase64String\n ],\n },\n invalidPopTokenRequest: {\n code: BrowserAuthErrorCodes.invalidPopTokenRequest,\n desc: BrowserAuthErrorMessages[\n BrowserAuthErrorCodes.invalidPopTokenRequest\n ],\n },\n};\n\n/**\n * Browser library error class thrown by the MSAL.js library for SPAs\n */\nexport class BrowserAuthError extends AuthError {\n constructor(errorCode: string, subError?: string) {\n super(errorCode, BrowserAuthErrorMessages[errorCode], subError);\n\n Object.setPrototypeOf(this, BrowserAuthError.prototype);\n this.name = \"BrowserAuthError\";\n }\n}\n\nexport function createBrowserAuthError(\n errorCode: string,\n subError?: string\n): BrowserAuthError {\n return new BrowserAuthError(errorCode, subError);\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nexport const pkceNotCreated = \"pkce_not_created\";\nexport const cryptoNonExistent = \"crypto_nonexistent\";\nexport const emptyNavigateUri = \"empty_navigate_uri\";\nexport const hashEmptyError = \"hash_empty_error\";\nexport const noStateInHash = \"no_state_in_hash\";\nexport const hashDoesNotContainKnownProperties =\n \"hash_does_not_contain_known_properties\";\nexport const unableToParseState = \"unable_to_parse_state\";\nexport const stateInteractionTypeMismatch = \"state_interaction_type_mismatch\";\nexport const interactionInProgress = \"interaction_in_progress\";\nexport const popupWindowError = \"popup_window_error\";\nexport const emptyWindowError = \"empty_window_error\";\nexport const userCancelled = \"user_cancelled\";\nexport const monitorPopupTimeout = \"monitor_popup_timeout\";\nexport const monitorWindowTimeout = \"monitor_window_timeout\";\nexport const redirectInIframe = \"redirect_in_iframe\";\nexport const blockIframeReload = \"block_iframe_reload\";\nexport const blockNestedPopups = \"block_nested_popups\";\nexport const iframeClosedPrematurely = \"iframe_closed_prematurely\";\nexport const silentLogoutUnsupported = \"silent_logout_unsupported\";\nexport const noAccountError = \"no_account_error\";\nexport const silentPromptValueError = \"silent_prompt_value_error\";\nexport const noTokenRequestCacheError = \"no_token_request_cache_error\";\nexport const unableToParseTokenRequestCacheError =\n \"unable_to_parse_token_request_cache_error\";\nexport const noCachedAuthorityError = \"no_cached_authority_error\";\nexport const authRequestNotSetError = \"auth_request_not_set_error\";\nexport const invalidCacheType = \"invalid_cache_type\";\nexport const nonBrowserEnvironment = \"non_browser_environment\";\nexport const databaseNotOpen = \"database_not_open\";\nexport const noNetworkConnectivity = \"no_network_connectivity\";\nexport const postRequestFailed = \"post_request_failed\";\nexport const getRequestFailed = \"get_request_failed\";\nexport const failedToParseResponse = \"failed_to_parse_response\";\nexport const unableToLoadToken = \"unable_to_load_token\";\nexport const cryptoKeyNotFound = \"crypto_key_not_found\";\nexport const authCodeRequired = \"auth_code_required\";\nexport const authCodeOrNativeAccountIdRequired =\n \"auth_code_or_nativeAccountId_required\";\nexport const spaCodeAndNativeAccountIdPresent =\n \"spa_code_and_nativeAccountId_present\";\nexport const databaseUnavailable = \"database_unavailable\";\nexport const unableToAcquireTokenFromNativePlatform =\n \"unable_to_acquire_token_from_native_platform\";\nexport const nativeHandshakeTimeout = \"native_handshake_timeout\";\nexport const nativeExtensionNotInstalled = \"native_extension_not_installed\";\nexport const nativeConnectionNotEstablished =\n \"native_connection_not_established\";\nexport const uninitializedPublicClientApplication =\n \"uninitialized_public_client_application\";\nexport const nativePromptNotSupported = \"native_prompt_not_supported\";\nexport const invalidBase64String = \"invalid_base64_string\";\nexport const invalidPopTokenRequest = \"invalid_pop_token_request\";\nexport const failedToBuildHeaders = \"failed_to_build_headers\";\nexport const failedToParseHeaders = \"failed_to_parse_headers\";\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { AuthError } from \"@azure/msal-common/browser\";\nimport * as BrowserConfigurationAuthErrorCodes from \"./BrowserConfigurationAuthErrorCodes.js\";\nexport { BrowserConfigurationAuthErrorCodes };\n\nexport const BrowserConfigurationAuthErrorMessages = {\n [BrowserConfigurationAuthErrorCodes.storageNotSupported]:\n \"Given storage configuration option was not supported.\",\n [BrowserConfigurationAuthErrorCodes.stubbedPublicClientApplicationCalled]:\n \"Stub instance of Public Client Application was called. If using msal-react, please ensure context is not used without a provider. For more visit: aka.ms/msaljs/browser-errors\",\n [BrowserConfigurationAuthErrorCodes.inMemRedirectUnavailable]:\n \"Redirect cannot be supported. In-memory storage was selected and storeAuthStateInCookie=false, which would cause the library to be unable to handle the incoming hash. If you would like to use the redirect API, please use session/localStorage or set storeAuthStateInCookie=true.\",\n};\n\n/**\n * BrowserAuthErrorMessage class containing string constants used by error codes and messages.\n * @deprecated Use BrowserAuthErrorCodes instead\n */\nexport const BrowserConfigurationAuthErrorMessage = {\n storageNotSupportedError: {\n code: BrowserConfigurationAuthErrorCodes.storageNotSupported,\n desc: BrowserConfigurationAuthErrorMessages[\n BrowserConfigurationAuthErrorCodes.storageNotSupported\n ],\n },\n stubPcaInstanceCalled: {\n code: BrowserConfigurationAuthErrorCodes.stubbedPublicClientApplicationCalled,\n desc: BrowserConfigurationAuthErrorMessages[\n BrowserConfigurationAuthErrorCodes\n .stubbedPublicClientApplicationCalled\n ],\n },\n inMemRedirectUnavailable: {\n code: BrowserConfigurationAuthErrorCodes.inMemRedirectUnavailable,\n desc: BrowserConfigurationAuthErrorMessages[\n BrowserConfigurationAuthErrorCodes.inMemRedirectUnavailable\n ],\n },\n};\n\n/**\n * Browser library error class thrown by the MSAL.js library for SPAs\n */\nexport class BrowserConfigurationAuthError extends AuthError {\n constructor(errorCode: string, errorMessage?: string) {\n super(errorCode, errorMessage);\n this.name = \"BrowserConfigurationAuthError\";\n\n Object.setPrototypeOf(this, BrowserConfigurationAuthError.prototype);\n }\n}\n\nexport function createBrowserConfigurationAuthError(\n errorCode: string\n): BrowserConfigurationAuthError {\n return new BrowserConfigurationAuthError(\n errorCode,\n BrowserConfigurationAuthErrorMessages[errorCode]\n );\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nexport const storageNotSupported = \"storage_not_supported\";\nexport const stubbedPublicClientApplicationCalled =\n \"stubbed_public_client_application_called\";\nexport const inMemRedirectUnavailable = \"in_mem_redirect_unavailable\";\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n AuthError,\n InteractionRequiredAuthError,\n InteractionRequiredAuthErrorCodes,\n createInteractionRequiredAuthError,\n} from \"@azure/msal-common/browser\";\nimport {\n createBrowserAuthError,\n BrowserAuthErrorCodes,\n} from \"./BrowserAuthError.js\";\n\nimport * as NativeAuthErrorCodes from \"./NativeAuthErrorCodes.js\";\nimport * as NativeStatusCodes from \"../broker/nativeBroker/NativeStatusCodes.js\";\nexport { NativeAuthErrorCodes };\n\nexport type OSError = {\n error?: number;\n protocol_error?: string;\n properties?: object;\n status?: string;\n retryable?: boolean;\n};\n\nconst INVALID_METHOD_ERROR = -2147186943;\n\nexport const NativeAuthErrorMessages = {\n [NativeAuthErrorCodes.userSwitch]:\n \"User attempted to switch accounts in the native broker, which is not allowed. All new accounts must sign-in through the standard web flow first, please try again.\",\n};\n\nexport class NativeAuthError extends AuthError {\n ext: OSError | undefined;\n\n constructor(errorCode: string, description?: string, ext?: OSError) {\n super(errorCode, description);\n\n Object.setPrototypeOf(this, NativeAuthError.prototype);\n this.name = \"NativeAuthError\";\n this.ext = ext;\n }\n}\n\n/**\n * These errors should result in a fallback to the 'standard' browser based auth flow.\n */\nexport function isFatalNativeAuthError(error: NativeAuthError): boolean {\n if (\n error.ext &&\n error.ext.status &&\n (error.ext.status === NativeStatusCodes.PERSISTENT_ERROR ||\n error.ext.status === NativeStatusCodes.DISABLED)\n ) {\n return true;\n }\n\n if (\n error.ext &&\n error.ext.error &&\n error.ext.error === INVALID_METHOD_ERROR\n ) {\n return true;\n }\n\n switch (error.errorCode) {\n case NativeAuthErrorCodes.contentError:\n return true;\n default:\n return false;\n }\n}\n\n/**\n * Create the appropriate error object based on the WAM status code.\n * @param code\n * @param description\n * @param ext\n * @returns\n */\nexport function createNativeAuthError(\n code: string,\n description?: string,\n ext?: OSError\n): AuthError {\n if (ext && ext.status) {\n switch (ext.status) {\n case NativeStatusCodes.ACCOUNT_UNAVAILABLE:\n return createInteractionRequiredAuthError(\n InteractionRequiredAuthErrorCodes.nativeAccountUnavailable\n );\n case NativeStatusCodes.USER_INTERACTION_REQUIRED:\n return new InteractionRequiredAuthError(code, description);\n case NativeStatusCodes.USER_CANCEL:\n return createBrowserAuthError(\n BrowserAuthErrorCodes.userCancelled\n );\n case NativeStatusCodes.NO_NETWORK:\n return createBrowserAuthError(\n BrowserAuthErrorCodes.noNetworkConnectivity\n );\n }\n }\n\n return new NativeAuthError(\n code,\n NativeAuthErrorMessages[code] || description,\n ext\n );\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nexport const contentError = \"ContentError\";\nexport const userSwitch = \"user_switch\";\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { Logger } from \"@azure/msal-common/browser\";\nimport { InteractionType } from \"../utils/BrowserConstants.js\";\nimport {\n EventCallbackFunction,\n EventError,\n EventMessage,\n EventPayload,\n} from \"./EventMessage.js\";\nimport { EventType } from \"./EventType.js\";\nimport { createGuid } from \"../utils/BrowserUtils.js\";\n\nexport class EventHandler {\n // Callback for subscribing to events\n private eventCallbacks: Map<\n string,\n [EventCallbackFunction, Array]\n >;\n private logger: Logger;\n\n constructor(logger?: Logger) {\n this.eventCallbacks = new Map();\n this.logger = logger || new Logger({});\n }\n\n /**\n * Adds event callbacks to array\n * @param callback - callback to be invoked when an event is raised\n * @param eventTypes - list of events that this callback will be invoked for, if not provided callback will be invoked for all events\n * @param callbackId - Identifier for the callback, used to locate and remove the callback when no longer required\n */\n addEventCallback(\n callback: EventCallbackFunction,\n eventTypes?: Array,\n callbackId?: string\n ): string | null {\n if (typeof window !== \"undefined\") {\n const id = callbackId || createGuid();\n if (this.eventCallbacks.has(id)) {\n this.logger.error(\n `Event callback with id: ${id} is already registered. Please provide a unique id or remove the existing callback and try again.`\n );\n return null;\n }\n this.eventCallbacks.set(id, [callback, eventTypes || []]);\n this.logger.verbose(`Event callback registered with id: ${id}`);\n\n return id;\n }\n\n return null;\n }\n\n /**\n * Removes callback with provided id from callback array\n * @param callbackId\n */\n removeEventCallback(callbackId: string): void {\n this.eventCallbacks.delete(callbackId);\n this.logger.verbose(`Event callback ${callbackId} removed.`);\n }\n\n /**\n * Emits events by calling callback with event message\n * @param eventType\n * @param interactionType\n * @param payload\n * @param error\n */\n emitEvent(\n eventType: EventType,\n interactionType?: InteractionType,\n payload?: EventPayload,\n error?: EventError\n ): void {\n if (typeof window !== \"undefined\") {\n const message: EventMessage = {\n eventType: eventType,\n interactionType: interactionType || null,\n payload: payload || null,\n error: error || null,\n timestamp: Date.now(),\n };\n\n this.eventCallbacks.forEach(\n (\n [callback, eventTypes]: [\n EventCallbackFunction,\n Array\n ],\n callbackId: string\n ) => {\n if (\n eventTypes.length === 0 ||\n eventTypes.includes(eventType)\n ) {\n this.logger.verbose(\n `Emitting event to callback ${callbackId}: ${eventType}`\n );\n callback.apply(null, [message]);\n }\n }\n );\n }\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { AuthError, AccountInfo } from \"@azure/msal-common/browser\";\nimport { EventType } from \"./EventType.js\";\nimport {\n InteractionStatus,\n InteractionType,\n} from \"../utils/BrowserConstants.js\";\nimport { PopupRequest } from \"../request/PopupRequest.js\";\nimport { RedirectRequest } from \"../request/RedirectRequest.js\";\nimport { SilentRequest } from \"../request/SilentRequest.js\";\nimport { SsoSilentRequest } from \"../request/SsoSilentRequest.js\";\nimport { EndSessionRequest } from \"../request/EndSessionRequest.js\";\nimport { AuthenticationResult } from \"../response/AuthenticationResult.js\";\n\nexport type EventMessage = {\n eventType: EventType;\n interactionType: InteractionType | null;\n payload: EventPayload;\n error: EventError;\n timestamp: number;\n};\n\nexport type PopupEvent = {\n popupWindow: Window;\n};\n\nexport type EventPayload =\n | AccountInfo\n | PopupRequest\n | RedirectRequest\n | SilentRequest\n | SsoSilentRequest\n | EndSessionRequest\n | AuthenticationResult\n | PopupEvent\n | null;\n\nexport type EventError = AuthError | Error | null;\n\nexport type EventCallbackFunction = (message: EventMessage) => void;\n\nexport class EventMessageUtils {\n /**\n * Gets interaction status from event message\n * @param message\n * @param currentStatus\n */\n static getInteractionStatusFromEvent(\n message: EventMessage,\n currentStatus?: InteractionStatus\n ): InteractionStatus | null {\n switch (message.eventType) {\n case EventType.LOGIN_START:\n return InteractionStatus.Login;\n case EventType.SSO_SILENT_START:\n return InteractionStatus.SsoSilent;\n case EventType.ACQUIRE_TOKEN_START:\n if (\n message.interactionType === InteractionType.Redirect ||\n message.interactionType === InteractionType.Popup\n ) {\n return InteractionStatus.AcquireToken;\n }\n break;\n case EventType.HANDLE_REDIRECT_START:\n return InteractionStatus.HandleRedirect;\n case EventType.LOGOUT_START:\n return InteractionStatus.Logout;\n case EventType.SSO_SILENT_SUCCESS:\n case EventType.SSO_SILENT_FAILURE:\n if (\n currentStatus &&\n currentStatus !== InteractionStatus.SsoSilent\n ) {\n // Prevent this event from clearing any status other than ssoSilent\n break;\n }\n return InteractionStatus.None;\n case EventType.LOGOUT_END:\n if (\n currentStatus &&\n currentStatus !== InteractionStatus.Logout\n ) {\n // Prevent this event from clearing any status other than logout\n break;\n }\n return InteractionStatus.None;\n case EventType.HANDLE_REDIRECT_END:\n if (\n currentStatus &&\n currentStatus !== InteractionStatus.HandleRedirect\n ) {\n // Prevent this event from clearing any status other than handleRedirect\n break;\n }\n return InteractionStatus.None;\n case EventType.LOGIN_SUCCESS:\n case EventType.LOGIN_FAILURE:\n case EventType.ACQUIRE_TOKEN_SUCCESS:\n case EventType.ACQUIRE_TOKEN_FAILURE:\n case EventType.RESTORE_FROM_BFCACHE:\n if (\n message.interactionType === InteractionType.Redirect ||\n message.interactionType === InteractionType.Popup\n ) {\n if (\n currentStatus &&\n currentStatus !== InteractionStatus.Login &&\n currentStatus !== InteractionStatus.AcquireToken\n ) {\n // Prevent this event from clearing any status other than login or acquireToken\n break;\n }\n return InteractionStatus.None;\n }\n break;\n default:\n break;\n }\n return null;\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nexport const EventType = {\n INITIALIZE_START: \"msal:initializeStart\",\n INITIALIZE_END: \"msal:initializeEnd\",\n ACCOUNT_ADDED: \"msal:accountAdded\",\n ACCOUNT_REMOVED: \"msal:accountRemoved\",\n ACTIVE_ACCOUNT_CHANGED: \"msal:activeAccountChanged\",\n LOGIN_START: \"msal:loginStart\",\n LOGIN_SUCCESS: \"msal:loginSuccess\",\n LOGIN_FAILURE: \"msal:loginFailure\",\n ACQUIRE_TOKEN_START: \"msal:acquireTokenStart\",\n ACQUIRE_TOKEN_SUCCESS: \"msal:acquireTokenSuccess\",\n ACQUIRE_TOKEN_FAILURE: \"msal:acquireTokenFailure\",\n ACQUIRE_TOKEN_NETWORK_START: \"msal:acquireTokenFromNetworkStart\",\n SSO_SILENT_START: \"msal:ssoSilentStart\",\n SSO_SILENT_SUCCESS: \"msal:ssoSilentSuccess\",\n SSO_SILENT_FAILURE: \"msal:ssoSilentFailure\",\n ACQUIRE_TOKEN_BY_CODE_START: \"msal:acquireTokenByCodeStart\",\n ACQUIRE_TOKEN_BY_CODE_SUCCESS: \"msal:acquireTokenByCodeSuccess\",\n ACQUIRE_TOKEN_BY_CODE_FAILURE: \"msal:acquireTokenByCodeFailure\",\n HANDLE_REDIRECT_START: \"msal:handleRedirectStart\",\n HANDLE_REDIRECT_END: \"msal:handleRedirectEnd\",\n POPUP_OPENED: \"msal:popupOpened\",\n LOGOUT_START: \"msal:logoutStart\",\n LOGOUT_SUCCESS: \"msal:logoutSuccess\",\n LOGOUT_FAILURE: \"msal:logoutFailure\",\n LOGOUT_END: \"msal:logoutEnd\",\n RESTORE_FROM_BFCACHE: \"msal:restoreFromBFCache\",\n} as const;\nexport type EventType = (typeof EventType)[keyof typeof EventType];\n"],"names":["getAllAccounts","logger","browserStorage","isInBrowser","accountFilter","verbose","getAccount","trace","Object","keys","length","warning","account","getAccountInfoFilteredBy","getAccountByUsername","username","verbosePii","concat","getAccountByHomeId","homeAccountId","getAccountByLocalId","localAccountId","setActiveAccount","getActiveAccount","COOKIE_LIFE_MULTIPLIER","CookieStorage","getItem","key","name","encodeURIComponent","cookieList","document","cookie","split","i","rest","decodeURIComponent","trim","value","join","setItem","cookieLifeDays","secure","arguments","undefined","cookieStr","expireTime","today","Date","expr","getTime","toUTCString","getCookieExpirationTime","removeItem","this","getKeys","forEach","cookieParts","push","containsKey","includes","BrowserCacheManager","CacheManager","constructor","clientId","cacheConfig","cryptoImpl","staticAuthorityOptions","performanceClient","super","internalStorage","MemoryStorage","setupBrowserStorage","cacheLocation","temporaryCacheStorage","temporaryCacheLocation","cookieStorage","cacheMigrationEnabled","migrateCacheEntries","createKeyMaps","BrowserCacheLocation","LocalStorage","SessionStorage","e","error","idTokenKey","Constants","CACHE_PREFIX","PersistentCacheKeys","ID_TOKEN","clientInfoKey","CLIENT_INFO","errorKey","ERROR","errorDescKey","ERROR_DESC","values","cacheKey","index","setTemporaryCache","accountKeys","StaticCacheKeys","ACCOUNT_KEYS","tokenKeys","TOKEN_KEYS","isCredentialKey","credObj","validateAndParseJson","hasOwnProperty","CredentialType","CacheHelpers","tracePii","idTokenEntity","newKey","updateCredentialCacheKey","addTokenKey","ACCESS_TOKEN","ACCESS_TOKEN_WITH_AUTH_SCHEME","accessTokenEntity","REFRESH_TOKEN","refreshTokenEntity","isAccountKey","accountObj","AccountEntity","isAccountEntity","addAccountKeyToMap","jsonValue","parsedJson","JSON","parse","accountKey","accountEntity","getCachedAccountEntity","updateOutdatedCachedAccount","serializedAccount","removeAccountKeyFromMap","parsedAccount","toObject","setAccount","generateAccountKey","stringify","getAccountKeys","indexOf","removalIndex","splice","removeAccount","removeOutdatedAccount","removeIdToken","removeTokenKey","removeAccessToken","removeRefreshToken","getTokenKeys","item","idToken","accessToken","refreshToken","type","info","createClientAuthError","ClientAuthErrorCodes","infoPii","idRemoval","accessRemoval","refreshRemoval","getIdTokenCredential","parsedIdToken","setIdTokenCredential","getAccessTokenCredential","accessTokenKey","parsedAccessToken","setAccessTokenCredential","getRefreshTokenCredential","refreshTokenKey","parsedRefreshToken","setRefreshTokenCredential","getAppMetadata","appMetadataKey","parsedMetadata","setAppMetadata","appMetadata","getServerTelemetry","serverTelemetryKey","parsedEntity","setServerTelemetry","serverTelemetry","getAuthorityMetadata","getAuthorityMetadataKeys","filter","isAuthorityMetadata","setWrapperMetadata","wrapperSKU","wrapperVersion","InMemoryCacheKeys","WRAPPER_SKU","WRAPPER_VER","getWrapperMetadata","EMPTY_STRING","setAuthorityMetadata","entity","activeAccountKeyFilters","generateCacheKey","ACTIVE_ACCOUNT_FILTERS","activeAccountValueFilters","activeAccountKeyLocal","ACTIVE_ACCOUNT","activeAccountValueLocal","activeAccount","activeAccountValueObj","tenantId","activeAccountKey","activeAccountValue","getThrottlingCache","throttlingCacheKey","parsedThrottlingCache","setThrottlingCache","throttlingCache","getTemporaryCache","generateKey","storeAuthStateInCookie","itemCookie","secureCookies","removeTemporaryItem","clear","removeAllAccounts","removeAppMetadata","clearTokensAndKeysWithClaims","correlationId","addQueueMeasurement","PerformanceEvents","ClearTokensAndKeysWithClaims","removedAccessTokens","credential","requestedClaimsHash","toLowerCase","Promise","all","StringUtils","startsWith","ADAL_ID_TOKEN","generateAuthorityKey","stateString","libraryState","id","stateId","ProtocolUtils","parseRequestState","TemporaryCacheKeys","AUTHORITY","generateNonceKey","NONCE_IDTOKEN","generateStateKey","REQUEST_STATE","getCachedAuthority","cachedState","stateCacheKey","state","authorityCacheKey","updateCacheEntries","nonce","authorityInstance","loginHint","nonceCacheKey","ccsCredential","CcsCredentialType","HOME_ACCOUNT_ID","CCS_CREDENTIAL","UPN","resetRequestCache","REQUEST_PARAMS","ORIGIN_URI","URL_HASH","CORRELATION_ID","NATIVE_REQUEST","setInteractionInProgress","cleanRequestByState","stateKey","cleanRequestByInteractionType","interactionType","stateValue","parsedState","extractBrowserRequestState","cacheCodeRequest","authCodeRequest","encodedValue","base64Encode","getCachedRequest","encodedTokenRequest","createBrowserAuthError","noTokenRequestCacheError","parsedRequest","base64Decode","errorPii","unableToParseTokenRequestCacheError","authority","cachedAuthority","noCachedAuthorityError","getCachedNativeRequest","cachedRequest","isInteractionInProgress","matchClientId","getInteractionInProgress","INTERACTION_STATUS_KEY","inProgress","interactionInProgress","getLegacyLoginHint","adalIdTokenString","msalIdTokenString","cachedIdTokenString","idTokenClaims","AuthToken","preferred_username","upn","currentCacheKey","updatedCacheKey","cacheItem","credentialType","hydrateCache","result","request","_result$account","_result$account2","_result$account3","environment","claimsHash","claims","hashString","cacheRecord","scopes","expiresOn","extExpiresOn","tokenType","sshKid","saveCacheRecord","storeInCache","CacheError","addFields","cacheRtCount","cacheIdCount","cacheAtCount","DEFAULT_BROWSER_CACHE_MANAGER","cacheOptions","claimsBasedCachingEnabled","DEFAULT_CRYPTO_IMPLEMENTATION","window","localStorage","createBrowserConfigurationAuthError","storageNotSupported","cache","Map","get","set","delete","cacheKeys","has","sessionStorage","DEFAULT_POPUP_TIMEOUT_MS","DEFAULT_IFRAME_TIMEOUT_MS","DEFAULT_REDIRECT_TIMEOUT_MS","DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS","buildConfiguration","_ref","isBrowserEnvironment","auth","userInputAuth","userInputCache","system","userInputSystem","telemetry","userInputTelemetry","DEFAULT_AUTH_OPTIONS","DEFAULT_AUTHORITY","knownAuthorities","cloudDiscoveryMetadata","authorityMetadata","redirectUri","getCurrentUri","postLogoutRedirectUri","navigateToLoginRequestUrl","clientCapabilities","protocolMode","ProtocolMode","AAD","OIDCOptions","serverResponseType","ServerResponseType","FRAGMENT","defaultScopes","OPENID_SCOPE","PROFILE_SCOPE","OFFLINE_ACCESS_SCOPE","azureCloudOptions","azureCloudInstance","AzureCloudInstance","None","tenant","skipAuthorityMetadataCache","supportsNestedAppAuth","instanceAware","DEFAULT_CACHE_OPTIONS","DEFAULT_LOGGER_OPTIONS","loggerCallback","logLevel","LogLevel","Info","piiLoggingEnabled","DEFAULT_BROWSER_SYSTEM_OPTIONS","_objectSpread","DEFAULT_SYSTEM_OPTIONS","loggerOptions","networkClient","FetchClient","StubbedNetworkModule","navigationClient","NavigationClient","loadFrameTimeout","windowHashTimeout","iframeHashTimeout","navigateFrameWait","redirectNavigationTimeout","asyncPopups","allowRedirectInIframe","allowNativeBroker","nativeBrokerHandshakeTimeout","pollIntervalMilliseconds","BrowserConstants","DEFAULT_POLL_INTERVAL_MS","providedSystemOptions","DEFAULT_TELEMETRY_OPTIONS","application","appName","appVersion","client","StubPerformanceClient","OIDC","Logger","createClientConfigurationError","ClientConfigurationErrorCodes","async","createV3Controller","config","standard","StandardOperatingContext","initialize","StandardController","createController","AuthError","TokenCache","configuration","storage","cryptoObj","loadExternalTokens","response","options","nonBrowserEnvironment","id_token","authorityOptions","Authority","generateAuthority","createNewGuid","cacheRecordAccount","loadAccount","clientInfo","client_info","loadIdToken","realm","loadAccessToken","loadRefreshToken","generateAuthenticationResult","createFromAccountInfo","unableToLoadToken","generateHomeAccountId","authorityType","claimsTenantId","tid","cachedAccount","buildAccountToCache","hostnameAndPort","access_token","expires_in","scope","ScopeSet","fromString","extendedExpiresOn","ext_expires_in","printScopes","refresh_token","foci","refresh_token_expires_in","_cacheRecord$idToken","_cacheRecord$refreshT","_cacheRecord$accessTo","responseScopes","secret","target","asArray","Number","canonicalAuthority","uniqueId","getAccountInfo","fromCache","requestId","familyId","cloudGraphHostName","msGraphHost","fromNativeBroker","getAccountType","tfp","acr","preflightCheck","initialized","performanceEvent","preflightCheck$1","end","success","operatingContext","getConfig","getLogger","redirectResponse","hybridAuthCodeResponses","browserCrypto","CryptoOps","eventHandler","EventHandler","buildStaticAuthorityOptions","nativeCacheOptions","nativeInternalStorage","tokenCache","activeSilentTokenRequests","trackPageVisibility","bind","trackPageVisibilityWithMeasurement","listeningToStorageEvents","handleAccountCacheChange","controller","incrementFields","visibilityChangeCount","emitEvent","EventType","INITIALIZE_END","initCorrelationId","getRequestCorrelationId","initMeasurement","startMeasurement","InitializeClientApplication","INITIALIZE_START","nativeExtensionProvider","NativeMessageHandler","createProvider","invokeAsync","handleRedirectPromise","hash","blockAPICallsBeforeInitialize","redirectResponseKey","handleRedirectPromiseInternal","loggedInAccounts","useNative","isNativeAvailable","rootMeasurement","AcquireTokenRedirect","HANDLE_REDIRECT_START","InteractionType","Redirect","nativeClient","NativeInteractionClient","ApiId","accountId","HandleNativeRedirectPromiseMeasurement","event","redirectClient","createRedirectClient","HandleRedirectPromiseMeasurement","then","LOGIN_SUCCESS","ACQUIRE_TOKEN_SUCCESS","accountType","errorCode","discard","HANDLE_REDIRECT_END","catch","eventError","ACQUIRE_TOKEN_FAILURE","LOGIN_FAILURE","acquireTokenRedirect","atrMeasurement","AcquireTokenPreRedirect","add","scenarioId","onRedirectNavigateCb","onRedirectNavigate","url","navigate","configOnRedirectNavigateCb","isLoggedIn","redirectPreflightCheck","ACQUIRE_TOKEN_START","LOGIN_START","canUseNative","getNativeAccountId","NativeAuthError","isFatalNativeAuthError","acquireToken","InteractionRequiredAuthError","acquireTokenPopup","atPopupMeasurement","AcquireTokenPopup","reject","Popup","acquireTokenNative","isNativeBroker","createPopupClient","accessTokenSize","idTokenSize","measurement","ssoSilentMeasurement","acquireTokenByCodeAsyncMeasurement","increment","ssoSilent","_this$ssoSilentMeasur","_this$ssoSilentMeasur2","validRequest","prompt","SsoSilent","addEventListener","SSO_SILENT_START","Silent","createSilentIframeClient","_this$ssoSilentMeasur3","SSO_SILENT_SUCCESS","_this$ssoSilentMeasur4","SSO_SILENT_FAILURE","finally","removeEventListener","acquireTokenByCode","atbcMeasurement","AcquireTokenByCode","ACQUIRE_TOKEN_BY_CODE_START","code","nativeAccountId","spaCodeAndNativeAccountIdPresent","hybridAuthCode","acquireTokenByCodeAsync","ACQUIRE_TOKEN_BY_CODE_SUCCESS","ACQUIRE_TOKEN_BY_CODE_FAILURE","unableToAcquireTokenFromNativePlatform","authCodeOrNativeAccountIdRequired","_this$acquireTokenByC","AcquireTokenByCodeAsync","silentAuthCodeClient","createSilentAuthCodeClient","_this$acquireTokenByC2","tokenRenewalError","_this$acquireTokenByC3","acquireTokenFromCache","commonRequest","cacheLookupPolicy","AcquireTokenFromCache","CacheLookupPolicy","Default","AccessToken","AccessTokenAndRefreshToken","silentCacheClient","createSilentCacheClient","SilentCacheClientAcquireToken","acquireTokenByRefreshToken","AcquireTokenByRefreshToken","RefreshToken","RefreshTokenAndNetwork","silentRefreshClient","createSilentRefreshClient","SilentRefreshClientAcquireToken","acquireTokenBySilentIframe","AcquireTokenBySilentIframe","silentIframeClient","SilentIframeClientAcquireToken","logout","logoutRequest","logoutRedirect","logoutPopup","clearCache","apiId","nativeConnectionNotEstablished","authenticationScheme","PromptValue","NONE","CONSENT","LOGIN","sid","PopupClient","RedirectClient","SilentIframeClient","SilentCacheClient","SilentRefreshClient","SilentAuthCodeClient","addEventCallback","callback","eventTypes","removeEventCallback","callbackId","addPerformanceCallback","blockNonBrowserEnvironment","removePerformanceCallback","enableAccountStorageEvents","disableAccountStorageEvents","_e$key","ACTIVE_ACCOUNT_CHANGED","cacheValue","newValue","oldValue","parsedValue","accountInfo","ACCOUNT_ADDED","ACCOUNT_REMOVED","getTokenCache","setLogger","initializeWrapperLibrary","sku","version","setNavigationClient","getConfiguration","getPerformanceClient","isBrowserEnv","loginRedirect","DEFAULT_REQUEST","loginPopup","acquireTokenSilent","atsMeasurement","AcquireTokenSilent","noAccountError","thumbprint","homeAccountIdentifier","resourceRequestMethod","resourceRequestUri","shrClaims","shrOptions","silentRequestKey","cachedResponse","acquireTokenSilentAsync","AcquireTokenSilentAsync","silentRequest","initializeSilentRequest","InitializeSilentRequest","acquireTokenSilentNoIframe","shouldTryToResolveSilently","refreshTokenError","noInteractionRequired","subError","InteractionRequiredAuthErrorCodes","refreshTokenRefreshRequired","INVALID_GRANT_ERROR","isSilentlyResolvable","tryIframeRenewal","iFrameRenewalPolicies","checkIfRefreshTokenErrorCanBeResolvedSilently","activeIframeRequest","Skip","activePromise","activeCorrelationId","awaitConcurrentIframeMeasure","AwaitConcurrentIframe","awaitIframeCorrelationId","activePromiseResult","_resolve","resolve","iframeResult","acquireTokenSilent_silentFlow","cacheError","ACQUIRE_TOKEN_NETWORK_START","S256_HASH_ALG","PUBLIC_EXPONENT","Uint8Array","UUID_CHARS","UINT32_ARR","Uint32Array","SUBTLE_SUBERROR","keygenAlgorithmOptions","modulusLength","publicExponent","validateCryptoAvailable","skipValidateSubtleCrypto","crypto","cryptoNonExistent","subtle","sha256Digest","dataString","Sha256Digest","data","TextEncoder","encode","digest","getRandomValues","dataBuffer","getRandomUint32","currentTimestamp","now","baseRand","bytes","randA","Math","trunc","randBHi","randBLo","text","charAt","generateKeyPair","extractable","usages","exportJwk","exportKey","KEY_FORMAT_JWK","importJwk","importKey","sign","plainText","hashBuffer","hashBytes","urlEncodeArr","DatabaseStorage","dbName","DB_NAME","DB_VERSION","tableName","DB_TABLE_NAME","dbOpen","open","openDB","indexedDB","createObjectStore","db","databaseUnavailable","closeConnection","close","validateDbIsOpen","databaseNotOpen","dbGet","transaction","objectStore","payload","dbPut","put","dbDelete","dbGetKeys","getAllKeys","dbContainsKey","count","deleteDatabase","deleteDbRequest","setTimeout","clearTimeout","AsyncMemoryStorage","inMemoryCache","indexedDBCache","handleDatabaseAccessError","BrowserAuthError","clearInMemory","clearPersistent","dbDeleted","input","base64UrlEncode","urlEncode","encodeKid","inputKid","kid","getPublicKeyThumbprint","_this$performanceClie","publicKeyThumbMeasurement","CryptoOptsGetPublicKeyThumbprint","keyPair","EXTRACTABLE","POP_KEY_USAGES","publicKeyJwk","publicKey","publicJwkString","getSortedObjectString","kty","n","publicJwkHash","privateKeyJwk","privateKey","unextractablePrivateKey","requestMethod","requestUri","removeTokenBindingKey","clearKeystore","Error","message","signJwt","_this$performanceClie2","signJwtMeasurement","CryptoOptsSignJwt","cachedKeyPair","cryptoKeyNotFound","publicKeyJwkString","encodedKeyIdThumbprint","shrHeader","JoseHeader","getShrHeaderString","header","alg","encodedShrHeader","cnf","jwk","encodedPayload","tokenString","tokenBuffer","signatureBuffer","encodedSignature","signedJwt","obj","sort","RANDOM_BYTE_ARR_LENGTH","generatePkceCodes","GeneratePkceCodes","codeVerifier","invoke","generateCodeVerifier","GenerateCodeVerifier","verifier","challenge","generateCodeChallengeFromVerifier","GenerateCodeChallengeFromVerifier","buffer","GetRandomValues","pkceNotCreated","pkceCodeVerifier","pkceHashedCodeVerifier","TextDecoder","decode","base64String","encodedString","replace","invalidBase64String","binString","atob","from","m","codePointAt","base64DecToArr","inputArr","base64EncArr","aBytes","Array","x","String","fromCodePoint","btoa","ErrorLink","BrowserAuthErrorMessages","emptyNavigateUri","hashEmptyError","noStateInHash","hashDoesNotContainKnownProperties","unableToParseState","stateInteractionTypeMismatch","popupWindowError","emptyWindowError","userCancelled","monitorPopupTimeout","monitorWindowTimeout","redirectInIframe","blockIframeReload","blockNestedPopups","iframeClosedPrematurely","silentLogoutUnsupported","silentPromptValueError","authRequestNotSetError","invalidCacheType","noNetworkConnectivity","postRequestFailed","getRequestFailed","failedToParseResponse","authCodeRequired","nativeHandshakeTimeout","nativeExtensionNotInstalled","uninitializedPublicClientApplication","nativePromptNotSupported","invalidPopTokenRequest","failedToBuildHeaders","failedToParseHeaders","setPrototypeOf","prototype","BrowserConfigurationAuthErrorMessages","stubbedPublicClientApplicationCalled","inMemRedirectUnavailable","BrowserConfigurationAuthError","errorMessage","INVALID_METHOD_ERROR","NativeAuthErrorMessages","userSwitch","description","ext","status","PERSISTENT_ERROR","DISABLED","contentError","createNativeAuthError","ACCOUNT_UNAVAILABLE","createInteractionRequiredAuthError","USER_INTERACTION_REQUIRED","USER_CANCEL","NO_NETWORK","eventCallbacks","createGuid","eventType","timestamp","apply","EventMessageUtils","getInteractionStatusFromEvent","currentStatus","InteractionStatus","Login","AcquireToken","HandleRedirect","LOGOUT_START","Logout","LOGOUT_END","RESTORE_FROM_BFCACHE","POPUP_OPENED","LOGOUT_SUCCESS","LOGOUT_FAILURE"],"sourceRoot":""}