{"version":3,"file":"static/js/vendors-b6b02222.816a6245.js","mappings":"2aAoEYA,EAAAA,G,sIC3BUC,EAYlBC,WAAAA,CACIC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,GAEAC,KAAKT,OAASA,EACdS,KAAKC,eAAiBT,EACtBQ,KAAKP,cAAgBA,EACrBO,KAAKE,cAAgBF,KAAKT,OAAOY,OAAOD,cACxCF,KAAKL,aAAeA,EACpBK,KAAKJ,iBAAmBA,EACxBI,KAAKF,qBAAuBA,EAC5BE,KAAKD,cAAgBA,IAAiBK,EAAAA,EAAAA,MACtCJ,KAAKN,OAASA,EAAOW,MACjBC,EAAAA,GAAiBC,SACjBC,EAAAA,EACAR,KAAKD,eAETC,KAAKH,kBAAoBA,C,CAWnB,wBAAMY,CACZC,GAEA,GAAIA,EAAS,CAELC,EAAAA,GAAcC,mBACVF,EACAV,KAAKC,eAAeY,oBACpB,KAGJb,KAAKN,OAAOoB,QAAQ,kCACpBd,KAAKC,eAAec,iBAAiB,OAGzC,UACUf,KAAKC,eAAee,cACtBL,EAAAA,GAAcM,wBAAwBP,IAE1CV,KAAKN,OAAOoB,QACR,+EAEP,CAAC,MAAOI,GACLlB,KAAKN,OAAOwB,MACR,2EAEP,CACJ,MACG,IACIlB,KAAKN,OAAOoB,QACR,mEACAd,KAAKD,qBAGHC,KAAKC,eAAekB,cAEpBnB,KAAKP,cAAc2B,eAC5B,CAAC,MAAOC,GACLrB,KAAKN,OAAOwB,MACR,6EAEP,C,CAWTI,cAAAA,CAAeC,GACXvB,KAAKN,OAAOoB,QAAQ,yBACpB,MAAMU,EAAcD,GAAsBvB,KAAKT,OAAOkC,KAAKD,YAC3D,OAAOE,EAAAA,GAAUC,eACbH,GACAI,EAAAA,EAAAA,M,CAUEC,gCAAAA,CACNC,EACAC,GAEA/B,KAAKN,OAAOoB,QAAQ,2CACpB,MAAMkB,EAA2C,CAC7CC,SAAUjC,KAAKT,OAAOkC,KAAKQ,SAC3BlC,cAAeC,KAAKD,cACpB+B,MAAOA,EACPC,aAAcA,IAAgB,EAC9BG,WAAYlC,KAAKC,eAAekC,qBAAqB,GACrDC,WAAYpC,KAAKC,eAAekC,qBAAqB,IAGzD,OAAO,IAAIE,EAAAA,GACPL,EACAhC,KAAKC,e,CAaH,4BAAMqC,CAAuBC,GAMnC,MAAM,QAAE7B,GAAY6B,EACdC,EACFD,EAAOE,6BACPF,EAAOE,4BAA4BC,eAAe,kBAC5CH,EAAOE,4BAA4C,oBACnDE,EAEV3C,KAAKH,kBAAkB+C,oBACnBC,EAAAA,GAAkBC,gDAClB9C,KAAKD,eAET,MAAMgD,EAAqC,CACvCC,aAAchD,KAAKT,OAAOkC,KAAKuB,aAC/BC,YAAajD,KAAKT,OAAOkC,KAAKwB,YAC9BC,iBAAkBlD,KAAKT,OAAOkC,KAAKyB,iBACnCC,uBAAwBnD,KAAKT,OAAOkC,KAAK0B,uBACzCC,kBAAmBpD,KAAKT,OAAOkC,KAAK2B,kBACpCC,2BACIrD,KAAKT,OAAOkC,KAAK4B,4BAInBC,EACFf,EAAOgB,kBAAoBvD,KAAKT,OAAOkC,KAAK+B,UAC1CC,EAAwBjB,SAAAA,EAAiBkB,OACrB,SAApBlB,EACAxC,KAAKT,OAAOkC,KAAKkC,cAEjBC,EACFlD,GAAW+C,EACLzD,KAAKT,OAAOkC,KAAK+B,UAAUK,QACvBnC,EAAAA,GAAUoC,iBAAiBR,GAC3B5C,EAAQqD,aAEZT,EAGJU,EAAiBC,EAAAA,GAAUC,kBAC7BN,EACArB,EAAO4B,0BACHnE,KAAKT,OAAOkC,KAAK2C,mBAEnBC,QAA4BC,EAAAA,EAAAA,IAC9BC,EAAAA,GAAAA,EACA1B,EAAAA,GAAkB2B,yCAClBxE,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALyBuE,CAO9BN,EACAhE,KAAKT,OAAOY,OAAOD,cACnBF,KAAKC,eACL8C,EACA/C,KAAKN,OACLM,KAAKD,cACLC,KAAKH,mBAGT,GAAIa,IAAY2D,EAAoBI,QAAQ/D,EAAQqD,aAChD,MAAMW,EAAAA,EAAAA,IACFC,EAAAA,GAAAA,IAIR,OAAON,C,oOChLT,MAAOO,UAAgCvF,EAAAA,EASzCC,WAAAA,CACIC,EACAU,EACAR,EACAC,EACAC,EACAC,EACAkC,EACAjC,EACAgF,EACAC,EACAC,EACAhF,GAAsB,IAAAiF,EAEtBC,MACI1F,EACAU,EACAR,EACAC,EACAC,EACAC,EACAC,EACAgF,EACA9E,GAEJC,KAAK8B,MAAQA,EACb9B,KAAK8E,UAAYA,EACjB9E,KAAKF,qBAAuB+E,EAC5B7E,KAAKkF,qBAAuBH,EAC5B/E,KAAKmF,kBAAoB,IAAIC,EAAAA,EACzB7F,EACAS,KAAKkF,qBACLzF,EACAC,EACAC,EACAC,EACAC,EACAgF,EACA9E,GAEJC,KAAKqF,uBAAyBrF,KAAK6B,iCAC/B7B,KAAK8B,OAGT,MAAMwD,EACFtF,KAAKF,qBAAqByF,mBAC1BC,EAAAA,GAAgBC,uBACV,SAC0C,QAA1CT,EAAAhF,KAAKF,qBAAqByF,wBAAgB,IAAAP,GAA1CA,EAA4CtB,OAC5C,eACAf,EACV3C,KAAK0F,KAAOrD,EAAAA,GAAuBsD,mBAAmB,CAClDC,YAAatF,EAAAA,GAAiBC,SAC9BsF,eAAgBrF,EAAAA,EAChB8E,cAAeA,EACfQ,iBAAkB9F,KAAKF,qBAAqBiG,uB,CAS5CC,cAAAA,CAAeC,GACnBA,EAAQC,iBAAeC,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAA,GAChBF,EAAQC,iBAAe,IAC1B,CAACE,EAAAA,GAAAA,IAAwCpG,KAAK0F,M,CAQtD,kBAAMW,CACFJ,GAEAjG,KAAKH,kBAAkB+C,oBACnBC,EAAAA,GAAkByD,oCAClBL,EAAQlG,eAEZC,KAAKN,OAAO6G,MAAM,kDAGlB,MAAMC,EAAsBxG,KAAKH,kBAAkB4G,iBAC/C5D,EAAAA,GAAkByD,oCAClBL,EAAQlG,eAEN2G,EAAeC,EAAAA,GAAAA,aAErB,IAEI,MAAMC,QAAsB5G,KAAK6G,wBAAwBZ,GAGzD,IACI,MAAMa,QAAe9G,KAAK+G,uBACtB/G,KAAK8E,UACL8B,GAOJ,OALAJ,EAAoBQ,IAAI,CACpBC,SAAS,EACTC,gBAAgB,EAChBC,WAAW,IAERL,CACV,CAAC,MAAOzF,GAELrB,KAAKN,OAAO0H,KACR,6EAEP,CAED,MAAWC,EAAkBC,OAAAC,OAAA,KAAAC,EAAAA,EAAAA,GAAKZ,GAAAA,IAG5Ba,EAA0C,CAC5CC,OAAQC,EAAAA,GAAsBC,SAC9B3B,QAASoB,GAGPQ,QACI7H,KAAKF,qBAAqBgI,YAAYL,GAC1CM,EACF/H,KAAKgI,uBAAuBH,GAEhC,aAAa7H,KAAKiI,qBACdF,EACAnB,EACAF,GAECwB,MAAMpB,IACHN,EAAoBQ,IAAI,CACpBC,SAAS,EACTC,gBAAgB,EAChBiB,UAAWrB,EAAOqB,YAEtBnI,KAAKqF,uBAAuB+C,6BACrBtB,KAEVuB,OAAOnH,IAOJ,MANAsF,EAAoBQ,IAAI,CACpBC,SAAS,EACTqB,UAAWpH,EAAMoH,UACjBC,aAAcrH,EAAMsH,SACpBtB,gBAAgB,IAEdhG,CAAK,GAEtB,CAAC,MAAOG,GAML,MALIA,aAAaoH,EAAAA,IACbzI,KAAKqF,uBAAuBqD,yBACxBrH,EAAEiH,WAGJjH,CACT,C,CASGsH,wBAAAA,CACJ1C,EACA2C,GAEA,MAAO,CACHpF,UAAWyC,EAAQzC,UACnBzD,cAAeC,KAAKD,cACpB8I,OAAQC,EAAAA,GAASC,WAAW9C,EAAQ+C,OAAOC,UAC3CvI,QAASkI,EACT7G,cAAc,E,CAUZ,4BAAMgF,CACZmC,EACAjD,GAEA,IAAKiD,EAID,MAHAlJ,KAAKN,OAAOyJ,QACR,iFAEEC,EAAAA,EAAAA,IAAsBC,EAAAA,GAAAA,IAGhC,MAAM3I,EAAUV,KAAKC,eAAeqJ,mBAAmB,CACnDJ,oBAGJ,IAAKxI,EACD,MAAM0I,EAAAA,EAAAA,IAAsBC,EAAAA,GAAAA,IAIhC,IACI,MAAME,EAAgBvJ,KAAK2I,yBACvB1C,EACAvF,GAEEoG,QAAe9G,KAAKmF,kBAAkBkB,aACxCkD,GAGEC,GAAWrD,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAA,GACVzF,GAAO,IACV+I,cAAe3C,aAAM,EAANA,EAAQ2C,cACvBC,QAAS5C,aAAM,EAANA,EAAQ4C,UAGrB,OAAAvD,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAA,GACOW,GAAM,IACTpG,QAAS8I,GAEhB,CAAC,MAAOnI,GACL,MAAMA,CACT,C,CAQL,0BAAMsI,CACF1D,EACA2D,GAEA5J,KAAKN,OAAO6G,MACR,0DAGJ,MAAWsD,EAAmBvC,OAAAC,OAAA,KAAAC,EAAAA,EAAAA,GAAKvB,GAAAA,WAC5B4D,EAAoBC,mBAE3B,MAAMlD,QAAsB5G,KAAK6G,wBAC7BgD,GAGEpC,EAA0C,CAC5CC,OAAQC,EAAAA,GAAsBC,SAC9B3B,QAASW,GAGb,IACI,MAAMiB,QACI7H,KAAKF,qBAAqBgI,YAAYL,GAChDzH,KAAKgI,uBAAuBH,EAC/B,CAAC,MAAOxG,GAEL,GAAIA,aAAaoH,EAAAA,KACbzI,KAAKqF,uBAAuBqD,yBACxBrH,EAAEiH,YAEFyB,EAAAA,EAAAA,IAAuB1I,IACvB,MAAMA,CAGjB,CACDrB,KAAKC,eAAe+J,kBAChBC,EAAAA,GAAmBC,eACnBC,KAAKC,UAAUxD,IACf,GAGJ,MAAMyD,EAAuC,CACzCvI,MAAOwI,EAAAA,GAAMX,qBACbY,QAASvK,KAAKT,OAAOY,OAAOqK,0BAC5BC,WAAW,GAETjJ,EAAcxB,KAAKT,OAAOkC,KAAKiJ,0BAC/BC,OAAOC,SAASC,KAChB7K,KAAKsB,eAAe2E,EAAQzE,aAClCoI,EAAgB5C,IAAI,CAAEC,SAAS,UACzBjH,KAAKJ,iBAAiBkL,iBACxBtJ,EACA6I,E,CASR,2BAAMU,CACFlL,EACAE,GAKA,GAHAC,KAAKN,OAAO6G,MACR,4DAECvG,KAAKC,eAAe+K,yBAAwB,GAI7C,OAHAhL,KAAKN,OAAO0H,KACR,yFAEG,KAIX,MAAM6D,EAAgBjL,KAAKC,eAAeiL,yBAC1C,IAAKD,EAUD,OATAjL,KAAKN,OAAOoB,QACR,0GAEAjB,GAAqBE,IACrBF,SAAAA,EAAmBsL,UACf,CAAE7C,UAAW,qBACbvI,IAGD,KAGX,MAAM,OAAEqL,GAAuBH,EAAZhF,GAAOoF,EAAAA,EAAAA,GAAKJ,EAAaK,GACxCF,GACApL,KAAKN,OAAOoB,QACR,wMAIRd,KAAKC,eAAesL,WAChBvL,KAAKC,eAAeuL,iBAChBvB,EAAAA,GAAmBC,iBAI3B,MAAMzC,EAA0C,CAC5CC,OAAQC,EAAAA,GAAsBC,SAC9B3B,QAASA,GAGPS,EAAeC,EAAAA,GAAAA,aAErB,IACI3G,KAAKN,OAAOoB,QACR,qFAEJ,MAAM+G,QACI7H,KAAKF,qBAAqBgI,YAAYL,GAChDzH,KAAKgI,uBAAuBH,GAC5B,MAAMf,EAAS9G,KAAKiI,qBAChBJ,EACA5B,EACAS,GAEJ1G,KAAKC,eAAewL,0BAAyB,GAC7C,MAAMC,QAAY5E,EAElB,OADA9G,KAAKqF,uBAAuB+C,6BACrBsD,CACV,CAAC,MAAOrK,GAEL,MADArB,KAAKC,eAAewL,0BAAyB,GACvCpK,CACT,C,CAOLsK,MAAAA,GAEI,OADA3L,KAAKN,OAAO6G,MAAM,4CACXqF,QAAQC,OAAO,6B,CAShB,0BAAM5D,CACZJ,EACA5B,EACAS,GAAoB,IAAAoF,EAEpB9L,KAAKN,OAAO6G,MACR,0DAIJ,MAAMkD,EAAgBsC,EAAAA,GAAAA,mBAClBlE,EAASmE,SACTC,EAAAA,GAGEC,EAAwBlM,KAAKmM,4BAC/BtE,EACA4B,GAQJ,GACIyC,KAHE,QAHmBJ,EACrB9L,KAAKC,eAAemM,yBAAyB,CACzClD,gBAAiBjD,EAAQnB,mBAC3B,IAAAgH,OAAA,EAFFA,EAEIO,gBAIJxE,EAASnH,QAAQ4L,KAAOrG,EAAQnB,UAGhC,MAAMyH,EAAAA,EAAAA,IAAsBC,EAAAA,GAIhC,MAAMhJ,QAAkBxD,KAAKsC,uBAAuB,CAChDiB,iBAAkB0C,EAAQzC,YAGxBiJ,GAAcC,EAAAA,EAAAA,IAChB1M,KAAKC,eACLuD,EACA0I,EACAD,EAAAA,EACAxC,EACA5B,EAAS8E,iBACThK,EACA8G,EAAcmD,SACdjK,EACAkF,EAASnH,QAAQ4L,GACjBtM,KAAKN,QAIHoH,QAAe9G,KAAK6M,6BACtBhF,EACA5B,EACAwD,EACAgD,EACAjJ,EAAUsJ,mBACVpG,GAeJ,OAXA1G,KAAK+M,aAAaN,GAClBzM,KAAKgN,kBACDnF,EACA5B,EACAiG,EACAzC,EACA5B,EAASoF,aACTnG,EAAOoG,SACPxG,GAGGI,C,CASDqF,2BAAAA,CACNtE,EACA4B,GAWA,OAR8B9I,EAAAA,GAAcwM,sBACxCtF,EAAS8E,aAAeS,EAAAA,GAAUC,aAClCC,EAAAA,GAAcC,QACdvN,KAAKN,OACLM,KAAKP,cACLgK,E,CAYR+D,cAAAA,CACI3F,EACA5B,GAEA,OAAO4B,EAASmB,MACVF,EAAAA,GAASC,WAAWlB,EAASmB,OAC7BF,EAAAA,GAASC,WAAW9C,EAAQ+C,M,CAQtC,4BAAMyE,CACF5F,EACA5B,GAEA,GACIA,EAAQyH,YAAcC,EAAAA,GAAqBC,KAC3C3H,EAAQ4H,aACV,CAOE,GAAIhG,EAASiG,IAIT,OAHA9N,KAAKN,OAAO6G,MACR,8DAEGsB,EAASiG,IAIpB,MAAMC,EAAuC,IAAIC,EAAAA,GAC7ChO,KAAKP,eAEHwO,EAA6C,CAC/CC,sBAAuBjI,EAAQiI,sBAC/BC,mBAAoBlI,EAAQkI,mBAC5BC,UAAWnI,EAAQmI,UACnBC,SAAUpI,EAAQoI,UAOtB,IAAKpI,EAAQqI,MACT,MAAMlF,EAAAA,EAAAA,IAAsBC,EAAAA,GAAAA,IAEhC,OAAO0E,EAAkBF,aACrBhG,EAASoF,aACThH,EAAQqI,MACRL,EAEP,CACG,OAAOpG,EAASoF,Y,CAcd,kCAAMJ,CACZhF,EACA5B,EACAwD,EACA8E,EACA/K,EACAkD,GAGA,MAAM8H,EAAOxO,KAAKyO,+BAA+B5G,GAG3C6G,EAAiB7G,EAASmB,MAC1BF,EAAAA,GAASC,WAAWlB,EAASmB,OAC7BF,EAAAA,GAASC,WAAW9C,EAAQ+C,OAE5B2F,EAAoB9G,EAASnH,QAAQkO,YAAc,CAAC,EACpDC,EACFF,EAAuB,KACvBlF,EAAcqF,KACdrF,EAAcsF,KACd3B,EAAAA,GAAUC,aACRT,EACF+B,EAA4B,UAC5BlF,EAAcmD,KACdQ,EAAAA,GAAUC,aAER2B,GAAkCC,EAAAA,EAAAA,IACpCV,EAAcW,sBACdvM,EACA8G,EACA5B,EAASmE,UAOTgD,EAAY9F,kBAAoBrB,EAASnH,QAAQ4L,KACjD0C,EAAY9F,gBAAkBrB,EAASnH,QAAQ4L,IAInD,MAAM6C,QAA4BnP,KAAKyN,uBACnC5F,EACA5B,GAEEyH,EACFzH,EAAQyH,YAAcC,EAAAA,GAAqBC,IACrCD,EAAAA,GAAqBC,IACrBD,EAAAA,GAAqByB,OAqB/B,MAnBqC,CACjC5L,UAAWA,EACX6L,SAAUR,EACV3B,SAAUN,EACV/D,OAAQ6F,EAAezF,UACvBvI,QAASsO,EACTtF,QAAS7B,EAASmE,SAClBvC,cAAeA,EACf6F,YAAaH,EACbhI,YAAWqH,GAAOxO,KAAKuP,oBAAoBf,GAC3CgB,UAAW,IAAIC,KACkC,IAA7CC,OAAOhJ,EAAemB,EAAS8H,aAEnCjC,UAAWA,EACX3N,cAAeC,KAAKD,cACpB6P,MAAO/H,EAAS+H,MAChBC,kBAAkB,E,CAU1B9C,YAAAA,CAAawB,GAETvO,KAAKC,eAAe6P,WAAWvB,GAG/BvO,KAAKC,eAAe8P,qBAAqBxB,GAAelG,OAAOhH,IAC3DrB,KAAKN,OAAOwB,MAAM,uEAAD8O,OAC0D3O,GAC1E,G,CAcT2L,iBAAAA,CACInF,EACA5B,EACAiG,EACAzC,EACA0F,EACAjC,EACAxG,GAEA,MAAMuJ,EACFC,EAAAA,GAAAA,oBACIhE,EACAjG,EAAQzC,UACRqE,EAASmE,UAAY,GACrB/F,EAAQhE,SACRwH,EAAcmD,KAAO,IAUvBuD,EAAyBzJ,GAL3BT,EAAQyH,YAAcC,EAAAA,GAAqBC,IACrCR,EAAAA,GAAUgD,oBACsB,iBAAxBvI,EAAS8H,WACXU,SAASxI,EAAS8H,WAAY,IAC9B9H,EAAS8H,aAAe,GAElCjB,EAAiB1O,KAAKwN,eAAe3F,EAAU5B,GAmB/CqK,EAAoB,CACtB5G,QAASuG,EACTX,YAlBAY,EAAAA,GAAAA,wBACIhE,EACAjG,EAAQzC,UACR2L,EACAlJ,EAAQhE,SACRwH,EAAcmD,KAAOM,EACrBwB,EAAe6B,cACfJ,EACA,EACAlE,EAAAA,OACAtJ,EACAsD,EAAQyH,eACR/K,EACAsD,EAAQqI,QAQXtO,KAAKkF,qBAAqBsL,gBAC3BF,EACArK,EAAQwK,a,CAINhC,8BAAAA,CACN5G,GAEA,MAAM2G,EAAOxO,KAAK0Q,oBAAoB7I,GAEtC,OAAK2G,GAILxO,KAAKH,kBAAkBsL,UACnB,CACIwF,YAAa3Q,KAAKF,qBAAqByF,iBACvCO,iBACI9F,KAAKF,qBAAqBiG,sBAC9B6K,kBAAmBpC,EAAKqC,eACxBC,uBAAwBtC,EAAKuC,sBAC7BC,qBAAsBxC,EAAKyC,oBAC3BC,eAAgB1C,EAAK2C,YACrBC,mBAAoB5C,EAAK6C,gBACzBC,iBAAkB9C,EAAK+C,eACvBC,cAAehD,EAAKiD,WACpBC,eAAgBlD,EAAKmD,YACrBC,oBAAqBpD,EAAKqD,mBAC1BC,kBAAmBtD,EAAKuD,eACxBC,iBAAkBxD,EAAKyD,cACvBC,eAAgB1D,EAAK2D,YACrBC,mBAAoB5D,EAAK6D,kBAE7BrS,KAAKD,eAGFyO,GAzBI,I,CAgCPxG,sBAAAA,CAAuBH,GAC3B,GACIA,EAASnF,eAAe,iBACxBmF,EAASnF,eAAe,aACxBmF,EAASnF,eAAe,gBACxBmF,EAASnF,eAAe,YACxBmF,EAASnF,eAAe,UACxBmF,EAASnF,eAAe,cAExB,OAAOmF,EAEP,MAAMyK,EAAAA,EAAAA,IACFC,EAAAA,GAAAA,EACA,wC,CAUJ7B,mBAAAA,CAAoB7I,GACxB,GAAIA,EAAS+G,WAAW4D,KACpB,IACI,OAAOrI,KAAKsI,MAAM5K,EAAS+G,WAAW4D,KACzC,CAAC,MAAOnR,GACLrB,KAAKN,OAAOwB,MACR,iFAEP,CAGL,OAAO,I,CAQDqO,mBAAAA,CAAoBf,GAC1B,YAA8B,IAAnBA,EAAKkE,WACZ1S,KAAKN,OAAOoB,QACR,mIAEG,KAGF0N,EAAKkE,S,CAOR,6BAAM7L,CACZZ,GAEAjG,KAAKN,OAAO6G,MACR,4DAGJ,MAAMhD,EACF0C,EAAQzC,WAAaxD,KAAKT,OAAOkC,KAAK+B,UAEtCyC,EAAQvF,eAEFV,KAAKsC,uBAAuB,CAC9BiB,mBACAY,yBAA0B8B,EAAQ7B,kBAClC1D,QAASuF,EAAQvF,UAIzB,MAAMoM,EAAqB,IAAIpL,EAAAA,GAAU6B,GACzCuJ,EAAmB6F,gBAGnB,MAAM,OAAE9J,GAAmC5C,EAAxB2M,GAAmBvH,EAAAA,EAAAA,GAAKpF,EAAO4M,GAC5CC,EAAW,IAAIhK,EAAAA,GAASD,GAAU,IACxCiK,EAASC,aAAaC,EAAAA,IAEtB,MAwCMC,GAAgB9M,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAA,GACfyM,GAAmB,IACtB9N,UAAW9E,KAAK8E,UAChB7C,SAAUjC,KAAKT,OAAOkC,KAAKQ,SAC3BuB,UAAWsJ,EAAmBoG,UAC9BlK,MAAO8J,EAASvC,cAChB/O,YAAaxB,KAAKsB,eAAe2E,EAAQzE,aACzC4J,OA/Cc+H,MAEd,OAAQnT,KAAK8B,OACT,KAAKwI,EAAAA,GAAM8I,UACX,KAAK9I,EAAAA,GAAM+I,8BAIP,OAHArT,KAAKN,OAAO6G,MACR,+DAEG+M,EAAAA,GAAYC,KAM3B,GAAKtN,EAAQmF,OAQb,OAAQnF,EAAQmF,QACZ,KAAKkI,EAAAA,GAAYC,KACjB,KAAKD,EAAAA,GAAYE,QACjB,KAAKF,EAAAA,GAAYG,MAIb,OAHAzT,KAAKN,OAAO6G,MACR,kEAEGN,EAAQmF,OACnB,QAII,MAHApL,KAAKN,OAAO6G,MAAM,qCAADyJ,OACwB/J,EAAQmF,OAAM,yCAEjDsI,EAAAA,EAAAA,IACFC,EAAAA,SApBR3T,KAAKN,OAAO6G,MACR,mDAqBP,EAUO4M,GACRpT,cAAeC,KAAKD,cACpB2N,UAAWzH,EAAQ2N,qBACnBC,qBAAsBC,SAASC,MAC/B7N,iBAAeC,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAA,GACRF,EAAQ+N,sBACR/N,EAAQgO,sBAEfC,qBAAqB,EACrB5F,MAAOrI,EAAQkO,SAInB,GAAIlB,EAAiBpF,cAAkB5H,EAAQkO,OAC3C,MAAMT,EAAAA,EAAAA,IACFU,EAAAA,IAUR,GANApU,KAAKqU,wBAAwBpB,GAC7BA,EAAiB/M,gBACb+M,EAAiB/M,iBAAmB,CAAC,EACzC+M,EAAiB/M,gBAAgBoO,UAC7B9O,EAAAA,GAAgB+O,eAEhBtO,EAAQ2N,uBAAyBjG,EAAAA,GAAqBC,IAAK,CAE3D,MAAMK,EAA6C,CAC/CE,mBAAoBlI,EAAQkI,mBAC5BD,sBAAuBjI,EAAQiI,sBAC/BE,UAAWnI,EAAQmI,UACnBC,SAAUpI,EAAQoI,UAGhBN,EAAoB,IAAIC,EAAAA,GAAkBhO,KAAKP,eAGrD,IAAI+U,EACJ,GAAKvB,EAAiB3E,MAYlBkG,EAAaxU,KAAKP,cAAcgV,gBAC5BtK,KAAKC,UAAU,CAAEsK,IAAKzB,EAAiB3E,SAE3C2E,EAAiBpF,cAAe,MAfP,CACzB,MAAM8G,QAA4BrQ,EAAAA,EAAAA,IAC9ByJ,EAAkB6G,YAAYC,KAAK9G,GACnClL,EAAAA,GAAkBiS,oBAClB9U,KAAKN,OACLM,KAAKH,kBACLoG,EAAQlG,cALsBuE,CAMhC2J,EAAejO,KAAKN,QACtB8U,EAAaG,EAAoBI,aACjC9B,EAAiB3E,MAAQqG,EAAoBD,IAC7CzB,EAAiBpF,cAAe,CACnC,CAQDoF,EAAiB+B,OAASR,CAC7B,CAGD,OAFAxU,KAAKgG,eAAeiN,GAEbA,C,CAQHoB,uBAAAA,CAAwBpO,GAA2B,IAAAgP,EACvD,MAAMC,EACFjP,EAAQC,iBACRD,EAAQC,gBAAgBxD,eACpB0D,EAAAA,GAAAA,KAEJH,EAAQC,gBAAgBxD,eACpB0D,EAAAA,GAAAA,KAEJH,EAAQC,gBAAgBxD,eACpB0D,EAAAA,GAAAA,IAGR,IAAKH,EAAQkP,mBAAqBD,EAC9B,OAGJ,IAAIE,EAA0B,GAC9B,MAAMC,EAAqBpP,EAAQzE,YAE/ByE,EAAQkP,kBACRlP,EAAQzE,YAAcxB,KAAKT,OAAOkC,KAAKD,YACvC4T,EAAkBnP,EAAQkP,kBACnBlP,EAAQC,kBACfD,EAAQzE,YACJyE,EAAQC,gBAAgBE,EAAAA,GAAAA,IAC5BgP,EACInP,EAAQC,gBAAgBE,EAAAA,GAAAA,KAGhCH,EAAQC,gBAAkB,CACtBkP,kBACAC,sBAGkB,QAAtBJ,EAAAjV,KAAKH,yBAAiB,IAAAoV,GAAtBA,EAAwB9J,UACpB,CACIgK,iBAAkBC,EAClBE,oBAAqBD,GAEzBpP,EAAQlG,c,0LC//Bd,MAAOwV,UAAoBC,EAAAA,EAI7BlW,WAAAA,CACIC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAkF,EACAjF,EACAC,GAEAkF,MACI1F,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,GAGJC,KAAKyV,aAAezV,KAAKyV,aAAaZ,KAAK7U,MAC3CA,KAAK0V,cAAgB3Q,C,CAOzBsB,YAAAA,CAAaJ,GACT,IAAI,IAAA0P,EACA,MAIMC,EAA2B,CAC7BC,UALc7V,KAAK8V,kBACnB7P,EAAQ4C,QAAUmK,EAAAA,GAClB/M,EAAQzC,WAAaxD,KAAKT,OAAOkC,KAAK+B,WAItCuS,sBAAuB9P,EAAQ8P,uBAAyB,CAAC,EACzDC,kBAA4C,QAA3BL,EAAE1P,EAAQ+P,yBAAiB,IAAAL,EAAAA,EAAIhL,QAIpD,OAAI3K,KAAKT,OAAOY,OAAO8V,aACnBjW,KAAKN,OAAOoB,QAAQ,4CAEbd,KAAKkW,uBAAuBjQ,EAAS2P,KAG5C5V,KAAKN,OAAOoB,QACR,iEAEJ8U,EAAYO,MAAQnW,KAAKoW,eACrB,cACAR,GAEG5V,KAAKkW,uBAAuBjQ,EAAS2P,GAEnD,CAAC,MAAOvU,GACL,OAAOuK,QAAQC,OAAOxK,EACzB,C,CAOLsK,MAAAA,CAAO0K,GACH,IAAI,IAAAC,EACAtW,KAAKN,OAAOoB,QAAQ,sBACpB,MAAMyV,EACFvW,KAAKwW,wBAAwBH,GAC3BT,EAA2B,CAC7BC,UAAW7V,KAAKyW,wBAAwBF,GACxCR,uBACIM,aAAa,EAAbA,EAAeN,wBAAyB,CAAC,EAC7CC,kBAAmD,QAAlCM,EAAED,aAAa,EAAbA,EAAeL,yBAAiB,IAAAM,EAAAA,EAAI3L,QAErDnH,EAAY6S,GAAiBA,EAAc7S,UAC3CkT,EACFL,GAAiBA,EAAcK,sBAGnC,OAAI1W,KAAKT,OAAOY,OAAO8V,aACnBjW,KAAKN,OAAOoB,QAAQ,2BAEbd,KAAK2W,iBACRJ,EACAX,EACApS,EACAkT,KAIJ1W,KAAKN,OAAOoB,QAAQ,0CACpB8U,EAAYO,MAAQnW,KAAKoW,eACrB,cACAR,GAEG5V,KAAK2W,iBACRJ,EACAX,EACApS,EACAkT,GAGX,CAAC,MAAOrV,GAEL,OAAOuK,QAAQC,OAAOxK,EACzB,C,CAYK,4BAAM6U,CACZjQ,EACA2P,GAEA5V,KAAKN,OAAOoB,QAAQ,iCACpB,MAAMuE,EAAyBrF,KAAK6B,iCAChCyI,EAAAA,GAAMsM,mBAGJC,QAAqBvS,EAAAA,EAAAA,IACvBtE,KAAK8W,+BAA+BjC,KAAK7U,MACzC6C,EAAAA,GAAkBkU,wDAClB/W,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALkBuE,CAMzB2B,EAAS+Q,EAAAA,GAAgBC,QAE3BC,EAAAA,EAAAA,IAAwBL,EAAarT,WAErC,IAEI,MAAM2T,QACI7S,EAAAA,EAAAA,IACFtE,KAAKoX,mCAAmCvC,KAAK7U,MAC7C6C,EAAAA,GAAkBwU,4DAClBrX,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALHuE,CAMJuS,GAGAS,QAA4ChT,EAAAA,EAAAA,IAC9CtE,KAAKuX,qBAAqB1C,KAAK7U,MAC/B6C,EAAAA,GAAkB2U,8CAClBxX,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALyCuE,CAMhD,CACEe,yBACA9B,iBAAkBsT,EAAarT,UAC/BW,yBAA0B0S,EAAazS,kBACvC3B,4BAA6BoU,EAAa7C,qBAC1CtT,QAASmW,EAAanW,UAGpBwG,EAAiBuQ,EAAAA,EAAqBC,kBACxC1X,KAAKT,OACLS,KAAKN,OACLM,KAAKF,qBACLmG,EAAQ2N,sBAGZ,IAAI+D,EACAzQ,IACAyQ,EACI3X,KAAKH,kBAAkB4G,iBACnB5D,EAAAA,GAAkB+U,+BAClB3R,EAAQlG,gBAKpB,MAAM8X,QAAoBP,EAAWQ,gBAAc3R,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAC,CAAC,EAC9C0Q,GAAY,IACfkB,aAAc7Q,KAIZ8Q,EAAqB,IAAIC,EAAAA,EAC3BX,EACAtX,KAAKC,eACLkX,EACAnX,KAAKN,OACLM,KAAKH,mBAIHqY,EAAsBlY,KAAKmY,oBAC7BN,EACAjC,GAEJ5V,KAAKL,aAAayY,UACdC,EAAAA,EAAUC,aACVtB,EAAAA,GAAgBC,MAChB,CAAEiB,eACF,MAIJ,MAAMK,QAAuBvY,KAAKwY,oBAC9BN,EACAtC,EAAYI,mBAGVyC,GAAeC,EAAAA,EAAAA,IACjBC,EAAAA,EACA9V,EAAAA,GAAkB+V,oBAClB5Y,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALY2Y,CAOjBH,EACAvY,KAAKT,OAAOkC,KAAKwB,YAAY4V,mBAC7B7Y,KAAKN,QAST,GANAoZ,EAAAA,GAAgBC,eACZ/Y,KAAKC,eACLD,KAAKT,OAAOkC,KAAKQ,SACjBkV,GAGAsB,EAAa3T,UAAW,CAYxB,GAXA9E,KAAKN,OAAOoB,QACR,mDAGA6W,GACAA,EAAgC3Q,IAAI,CAChCC,SAAS,EACTC,gBAAgB,KAInBlH,KAAKF,qBACN,MAAM4T,EAAAA,EAAAA,IACFsF,EAAAA,IAGR,MAAMC,EAA0B,IAAIrU,EAAAA,EAChC5E,KAAKT,OACLS,KAAKC,eACLD,KAAKP,cACLO,KAAKN,OACLM,KAAKL,aACLK,KAAKJ,iBACL0K,EAAAA,GAAMsM,kBACN5W,KAAKH,kBACLG,KAAKF,qBACL2Y,EAAa3T,UACb9E,KAAK0V,cACLmB,EAAa9W,gBAEX,iBAAEmZ,GAAqBC,EAAAA,GAAcC,kBACvCpZ,KAAKP,cACLoX,EAAajH,OAEjB,aAAaqJ,EAAwB5S,cAAYF,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAC,CAAC,EAC5C0Q,GAAY,IACfjH,MAAOsJ,EACP9N,YAAQzI,IAEf,CAQD,aALqBqV,EAAmBqB,mBACpCZ,EACA5B,EAIP,CAAC,MAAOxV,GAAG,IAAAiY,EASR,MAPiB,QAAjBA,EAAA1D,EAAYO,aAAK,IAAAmD,GAAjBA,EAAmBC,QAEflY,aAAamY,EAAAA,KACZnY,EAAgBoY,iBAAiBzZ,KAAKD,eACvCsF,EAAuBqU,mBAAmBrY,IAGxCA,CACT,C,CAYK,sBAAMsV,CACZE,EACAjB,EACArS,EACAmT,GAEA1W,KAAKN,OAAOoB,QAAQ,2BACpBd,KAAKL,aAAayY,UACdC,EAAAA,EAAUsB,aACV3C,EAAAA,GAAgBC,MAChBJ,GAGJ,MAAMxR,EAAyBrF,KAAK6B,iCAChCyI,EAAAA,GAAMsP,aAGV,UAEU5Z,KAAKS,mBAAmBoW,EAAanW,SAG3C,MAAM4W,QAAmBhT,EAAAA,EAAAA,IACrBtE,KAAKuX,qBAAqB1C,KAAK7U,MAC/B6C,EAAAA,GAAkB2U,8CAClBxX,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALgBuE,CAMvB,CACEe,yBACA9B,iBAAkBA,EAClB7C,QAASmW,EAAanW,cAAWiC,IAGrC,IACI2U,EAAW9T,UAAUqW,kBACxB,CAAC,MAAAC,GAAM,IAAAC,EACJ,GACwB,QAApBA,EAAAlD,EAAanW,eAAO,IAAAqZ,GAApBA,EAAsB1N,eACtBwK,EAAamD,uBACb1C,EAAW9T,UAAUR,eAAiBiX,EAAAA,GAAaC,KACrD,KAAAC,EAAAC,EAWE,GAVKpa,KAAKC,eAAee,cACD,QADcmZ,EAClCtD,EAAanW,eAAO,IAAAyZ,OAAA,EAApBA,EAAsB9N,eAG1BrM,KAAKL,aAAayY,UACdC,EAAAA,EAAUgC,eACVrD,EAAAA,GAAgBC,MAChBJ,GAGAH,EAAuB,CACvB,MAAMrM,EAAuC,CACzCvI,MAAOwI,EAAAA,GAAMsP,YACbrP,QACIvK,KAAKT,OAAOY,OAAOqK,0BACvBC,WAAW,GAET6P,EAAc5Y,EAAAA,GAAUC,eAC1B+U,GACA9U,EAAAA,EAAAA,aAEE5B,KAAKJ,iBAAiB2a,iBACxBD,EACAjQ,EAEP,CAID,YAFiB,QAAjB+P,EAAAxE,EAAYO,aAAK,IAAAiE,GAAjBA,EAAmBb,QAGtB,CACJ,CAGD,MAAMiB,EAAoBlD,EAAWmD,aAAa5D,GAElD7W,KAAKL,aAAayY,UACdC,EAAAA,EAAUgC,eACVrD,EAAAA,GAAgBC,MAChBJ,GAIJ,MAAMqB,EAAclY,KAAK0a,UAAUF,EAAW5E,GAe9C,GAdA5V,KAAKL,aAAayY,UACdC,EAAAA,EAAUC,aACVtB,EAAAA,GAAgBC,MAChB,CAAEiB,eACF,YAGElY,KAAKwY,oBACPN,EACAtC,EAAYI,mBACd3N,OAAM,SAIJqO,EAAuB,CACvB,MAAMrM,EAAuC,CACzCvI,MAAOwI,EAAAA,GAAMsP,YACbrP,QAASvK,KAAKT,OAAOY,OAAOqK,0BAC5BC,WAAW,GAET6P,EAAc5Y,EAAAA,GAAUC,eAC1B+U,GACA9U,EAAAA,EAAAA,OAGJ5B,KAAKN,OAAOoB,QACR,2DAEJd,KAAKN,OAAOib,WAAW,+BAAD3K,OACasK,UAE7Bta,KAAKJ,iBAAiB2a,iBACxBD,EACAjQ,EAEP,MACGrK,KAAKN,OAAOoB,QAAQ,sCAE3B,CAAC,MAAOO,GAAG,IAAAuZ,EAmBR,MAjBiB,QAAjBA,EAAAhF,EAAYO,aAAK,IAAAyE,GAAjBA,EAAmBrB,QAEflY,aAAamY,EAAAA,KACZnY,EAAgBoY,iBAAiBzZ,KAAKD,eACvCsF,EAAuBqU,mBAAmBrY,IAE9CrB,KAAKC,eAAewL,0BAAyB,GAC7CzL,KAAKL,aAAayY,UACdC,EAAAA,EAAUwC,eACV7D,EAAAA,GAAgBC,MAChB,KACA5V,GAEJrB,KAAKL,aAAayY,UACdC,EAAAA,EAAUyC,WACV9D,EAAAA,GAAgBC,OAEd5V,CACT,CAEDrB,KAAKL,aAAayY,UACdC,EAAAA,EAAUyC,WACV9D,EAAAA,GAAgBC,M,CAQxBkB,mBAAAA,CAAoB4C,EAAoBxY,GAEpC,GAAIwY,EAGA,OAFA/a,KAAKN,OAAOsb,QAAQ,gBAADhL,OAAiB+K,IAE7B/a,KAAK0a,UAAUK,EAAYxY,GAIlC,MADAvC,KAAKN,OAAOwB,MAAM,0BACZwS,EAAAA,EAAAA,IACFuH,EAAAA,G,CAUZzC,mBAAAA,CACIN,EACAlC,GAEA,OAAO,IAAIpK,SAAgB,CAACsP,EAASrP,KACjC7L,KAAKN,OAAOoB,QACR,sDAGJ,MAAMqa,EAAaC,aAAY,KAE3B,GAAIlD,EAAYmD,OAUZ,OATArb,KAAKN,OAAOwB,MACR,oDAEJoa,cAAcH,QACdtP,GACI6H,EAAAA,EAAAA,IACI6H,EAAAA,KAMZ,IAAI1Q,EAAO,GACX,IAMIA,EAAOqN,EAAYtN,SAASC,IAC/B,CAAC,MAAOxJ,GAAI,CAGb,IAAKwJ,GAAiB,gBAATA,EACT,OAEJyQ,cAAcH,GAEd,IAAI5C,EAAiB,GACrB,MAAMiD,EACFxb,KAAKT,OAAOkC,KAAKwB,YAAY4V,mBAC7BX,IAEIK,EADAiD,IAAiBC,EAAAA,GAAmBC,MACnBxD,EAAYtN,SAAS+Q,OAErBzD,EAAYtN,SAASgR,MAI9C5b,KAAKN,OAAOoB,QACR,+EAGJoa,EAAQ3C,EAAe,GACxBvY,KAAKT,OAAOY,OAAO0b,yBAAyB,IAChDC,SAAQ,KACP9b,KAAK+b,WAAW7D,EAAalC,EAAkB,G,CAiBvD0E,SAAAA,CAAUsB,EAAqBpG,GAC3B,IACI,IAAIsC,EAiBJ,GAfItC,EAAYO,OACZ+B,EAActC,EAAYO,MAC1BnW,KAAKN,OAAOib,WAAW,+BAAD3K,OACagM,IAEnC9D,EAAYtN,SAASrD,OAAOyU,SACQ,IAAtBpG,EAAYO,QAE1BnW,KAAKN,OAAOib,WAAW,4BAAD3K,OACUgM,IAEhC9D,EAAclY,KAAKoW,eAAe4F,EAAapG,KAI9CsC,EACD,MAAMxE,EAAAA,EAAAA,IACFuI,EAAAA,IAYR,OATI/D,EAAYgE,OACZhE,EAAYgE,QAEhBlc,KAAKmc,cAAgBjE,EACrBtC,EAAYI,kBAAkBoG,iBAC1B,eACApc,KAAKyV,cAGFyC,CACV,CAAC,MAAO7W,GAKL,MAJArB,KAAKN,OAAOwB,MACR,uBAA0BG,EAAgBgb,SAE9Crc,KAAKC,eAAewL,0BAAyB,IACvCiI,EAAAA,EAAAA,IACF4I,EAAAA,GAEP,C,CAULlG,cAAAA,CACI4F,EAAmBO,GACiD,IAAAC,EAAAC,EAAAC,EAAAC,EAAA,IAApE,UAAE9G,EAAS,sBAAEE,EAAqB,kBAAEC,GAAgCuG,EAMpE,MAAMK,EAAU5G,EAAkB6G,WAC5B7G,EAAkB6G,WAClB7G,EAAkB8G,QAClBC,EAAS/G,EAAkBgH,UAC3BhH,EAAkBgH,UAClBhH,EAAkBiH,QAKlBC,EACFlH,EAAkBmH,YAClBrJ,SAASsJ,gBAAgBC,aACzBvJ,SAASwJ,KAAKD,YACZE,EACFvH,EAAkBwH,aAClB1J,SAASsJ,gBAAgBK,cACzB3J,SAASwJ,KAAKG,aAElB,IAAIC,EAAuC,QAAlClB,EAAGzG,EAAsB4H,iBAAS,IAAAnB,OAAA,EAA/BA,EAAiCkB,MACzCE,EAAwC,QAAlCnB,EAAG1G,EAAsB4H,iBAAS,IAAAlB,OAAA,EAA/BA,EAAiCmB,OAC1CC,EAAyC,QAAtCnB,EAAG3G,EAAsB+H,qBAAa,IAAApB,OAAA,EAAnCA,EAAqCmB,IAC3CE,EAA0C,QAAtCpB,EAAG5G,EAAsB+H,qBAAa,IAAAnB,OAAA,EAAnCA,EAAqCoB,KAoChD,QAlCKL,GAASA,EAAQ,GAAKA,EAAQR,KAC/Bld,KAAKN,OAAOoB,QACR,4EAEJ4c,EAAQpd,EAAAA,GAAiB0d,eAGxBJ,GAAUA,EAAS,GAAKA,EAASL,KAClCvd,KAAKN,OAAOoB,QACR,8EAEJ8c,EAAStd,EAAAA,GAAiB2d,gBAGzBJ,GAAOA,EAAM,GAAKA,EAAMN,KACzBvd,KAAKN,OAAOoB,QACR,iFAEJ+c,EAAMK,KAAKC,IACP,EACAZ,EAAY,EAAIjd,EAAAA,GAAiB2d,aAAe,EAAIlB,MAIvDgB,GAAQA,EAAO,GAAKA,EAAOb,KAC5Bld,KAAKN,OAAOoB,QACR,mFAEJid,EAAOG,KAAKC,IACR,EACAjB,EAAW,EAAI5c,EAAAA,GAAiB0d,YAAc,EAAIpB,IAInD5G,EAAkBoI,KACrBpC,EACAnG,EAAS,SAAA7F,OACA0N,EAAK,aAAA1N,OAAY4N,EAAM,UAAA5N,OAAS6N,EAAG,WAAA7N,OAAU+N,EAAI,oB,CAOlEtI,YAAAA,CAAapU,GACTrB,KAAKC,eAAeoe,8BAChBrH,EAAAA,GAAgBC,OAEhBjX,KAAKmc,eACLnc,KAAKmc,cAAc5C,QAGvBlY,EAAEid,gB,CAONvC,UAAAA,CAAW7D,EAAqBlC,GAE5BkC,EAAYqB,QAGZvD,EAAkBuI,oBACd,eACAve,KAAKyV,cAITzV,KAAKC,eAAewL,0BAAyB,E,CAQjDqK,iBAAAA,CAAkBjN,EAAuBrF,GACrC,MAAO,GAAPwM,OAAU1P,EAAAA,GAAiBke,kBAAiB,KAAAxO,OACxChQ,KAAKT,OAAOkC,KAAKQ,SACrB,KAAA+N,OAAInH,EAAO4V,KAAK,KAAI,KAAAzO,OAAIxM,EAAS,KAAAwM,OAAIhQ,KAAKD,c,CAQ9C0W,uBAAAA,CAAwBxQ,GACpB,MAAMoG,EAAgBpG,EAAQvF,SAAWuF,EAAQvF,QAAQ2L,cACzD,MAAO,GAAP2D,OAAU1P,EAAAA,GAAiBke,kBAAiB,KAAAxO,OAAIhQ,KAAKT,OAAOkC,KAAKQ,SAAQ,KAAA+N,OAAI3D,EAAa,KAAA2D,OAAIhQ,KAAKD,c,wHCtvB9F2e,EAOTpf,WAAAA,CACIqf,EACAnf,EACA2X,EACAzX,EACAG,GAEAG,KAAK4e,WAAaD,EAClB3e,KAAKC,eAAiBT,EACtBQ,KAAKmX,gBAAkBA,EACvBnX,KAAKN,OAASA,EACdM,KAAKH,kBAAoBA,C,CAO7B,yBAAMsY,CACF4C,EACAxY,GAIA,GAFAvC,KAAKN,OAAOoB,QAAQ,8CAEhBia,EAAY,CAERxY,EAAOsc,oBACP7e,KAAKN,OAAOoB,QACR,kFAEJd,KAAKC,eAAe+J,kBAChBC,EAAAA,GAAmB6U,WACnBvc,EAAOsc,mBACP,IAKR7e,KAAKC,eAAe+J,kBAChBC,EAAAA,GAAmB8U,eACnB/e,KAAKmX,gBAAgBpX,eACrB,GAEJC,KAAKC,eAAe+e,iBAAiBhf,KAAKmX,iBAC1CnX,KAAKN,OAAOsb,QAAQ,qDAADhL,OACsC+K,IAEzD,MAAM1Q,EAAuC,CACzCvI,MAAOwI,EAAAA,GAAMX,qBACbY,QAAShI,EAAO0c,gBAChBxU,WAAW,GAIf,GAAyC,mBAA9BlI,EAAOuH,mBAAmC,CACjD9J,KAAKN,OAAOoB,QACR,6EAKJ,OAAiB,IAHAyB,EAAOuH,mBAAmBiR,IAIvC/a,KAAKN,OAAOoB,QACR,uGAEEyB,EAAO3C,iBAAiBkL,iBAC1BiQ,EACA1Q,SAIJrK,KAAKN,OAAOoB,QACR,8FAIX,CASG,OAPAd,KAAKN,OAAOoB,QACR,qFAEEyB,EAAO3C,iBAAiBkL,iBAC1BiQ,EACA1Q,EAIX,CAKG,MAHArK,KAAKN,OAAO0H,KACR,+DAEEsM,EAAAA,EAAAA,IACFuH,EAAAA,G,CASZ,wBAAM5B,CACFxR,EACA+H,GAEA5P,KAAKN,OAAOoB,QAAQ,6CAGpBd,KAAKC,eAAewL,0BAAyB,GAG7C,MAAMyT,EAAWlf,KAAKC,eAAekf,iBAAiBvP,GAChDwP,EAAepf,KAAKC,eAAeof,kBAAkBH,GAC3D,IAAKE,EACD,MAAMhW,EAAAA,EAAAA,IACFC,EAAAA,GAAAA,GACA,gBAIR,IAAIiW,EACJ,IACIA,EAAmBtf,KAAK4e,WAAWW,uBAC/B1X,EACAuX,EAEP,CAAC,MAAO/d,GACL,MACIA,aAAame,EAAAA,IACbne,EAAEmH,WAAa+S,EAAAA,IAGT7H,EAAAA,EAAAA,IACF6H,EAAAA,IAGEla,CAEb,CAGD,MAAMoe,EAAWzf,KAAKC,eAAeyf,iBAAiBN,GAChDO,EAAc3f,KAAKC,eAAeof,kBAAkBI,GAuB1D,GApBAzf,KAAKmX,gBAAgByI,KAAON,EAAiBM,KAGzCN,EAAiBO,gCACXvb,EAAAA,EAAAA,IACFtE,KAAK4e,WAAWkB,gBAAgBjL,KAAK7U,KAAK4e,YAC1C/b,EAAAA,GAAkBkd,6BAClB/f,KAAKN,OACLM,KAAKH,kBACLG,KAAKmX,gBAAgBpX,cALnBuE,CAOFgb,EAAiBO,yBACjB7f,KAAKmX,gBAAgBpX,eAI7Buf,EAAiBU,MAAQL,QAAehd,EACxC2c,EAAiB1P,MAAQwP,EAGrBE,EAAiB3S,YACjB3M,KAAKmX,gBAAgB8I,WAAaX,EAAiB3S,gBAChD,CACH,MAAMuT,EAAgBlgB,KAAKmgB,sBACvBD,IACAlgB,KAAKmX,gBAAgBiJ,cAAgBF,EAE5C,CAGD,MAAMG,QAAuBrgB,KAAK4e,WAAWvY,aACzCrG,KAAKmX,gBACLmI,GAIJ,OADAtf,KAAKC,eAAeqgB,oBAAoB1Q,GACjCyQ,C,CAMDF,mBAAAA,GAEN,MAAMD,EAAgBlgB,KAAKC,eAAeof,kBACtCpV,EAAAA,GAAmBsW,gBACnB,GAEJ,GAAIL,EACA,IACI,OAAO/V,KAAKsI,MAAMyN,EACrB,CAAC,MAAO7e,GACLrB,KAAK4e,WAAWlf,OAAOwB,MACnB,wCAEJlB,KAAK4e,WAAWlf,OAAO8gB,SAAS,yCAADxQ,OACckQ,GAEhD,CAEL,OAAO,I,kECrLT,MAAOO,UAAuBjL,EAAAA,EAGhClW,WAAAA,CACIC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAkF,EACAjF,EACAC,GAEAkF,MACI1F,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,GAEJC,KAAK0V,cAAgB3Q,C,CAOzB,kBAAMsB,CAAaJ,GACf,MAAM4Q,QAAqBvS,EAAAA,EAAAA,IACvBtE,KAAK8W,+BAA+BjC,KAAK7U,MACzC6C,EAAAA,GAAkBkU,wDAClB/W,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALkBuE,CAMzB2B,EAAS+Q,EAAAA,GAAgB0J,UAE3B1gB,KAAKC,eAAe0gB,mBAChB9J,EAAajH,MACbiH,EAAamJ,MACbnJ,EAAarT,UACbqT,EAAa+J,WAAa,GAC1B/J,EAAanW,SAAW,MAE5B,MAAM2E,EAAyBrF,KAAK6B,iCAChCyI,EAAAA,GAAMX,sBAGJkX,EAAoBC,IAElBA,EAAMC,YACN/gB,KAAKN,OAAOoB,QACR,wEAEJd,KAAKC,eAAeqgB,oBAAoBzJ,EAAajH,OACrD5P,KAAKL,aAAayY,UACdC,EAAAA,EAAU2I,qBACVhK,EAAAA,GAAgB0J,UAEvB,EAGL,IAEI,MAAMvJ,QACI7S,EAAAA,EAAAA,IACFtE,KAAKoX,mCAAmCvC,KAAK7U,MAC7C6C,EAAAA,GAAkBwU,4DAClBrX,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALHuE,CAMJuS,GAGAS,QAA4ChT,EAAAA,EAAAA,IAC9CtE,KAAKuX,qBAAqB1C,KAAK7U,MAC/B6C,EAAAA,GAAkB2U,8CAClBxX,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALyCuE,CAMhD,CACEe,yBACA9B,iBAAkBsT,EAAarT,UAC/BW,yBAA0B0S,EAAazS,kBACvC3B,4BAA6BoU,EAAa7C,qBAC1CtT,QAASmW,EAAanW,UAIpBsX,EAAqB,IAAI0G,EAC3BpH,EACAtX,KAAKC,eACLkX,EACAnX,KAAKN,OACLM,KAAKH,mBAIHgY,QAAoBP,EAAWQ,gBAAc3R,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAC,CAAC,EAC9C0Q,GAAY,IACfkB,aAAcN,EAAAA,EAAqBC,kBAC/B1X,KAAKT,OACLS,KAAKN,OACLM,KAAKF,qBACLmG,EAAQ2N,yBAIViL,EAAoB7e,KAAKihB,qBAC3Bhb,EAAQ4Y,mBAQZ,OANA7e,KAAKN,OAAOib,WAAW,wBAAD3K,OAAyB6O,IAG/ClU,OAAOyR,iBAAiB,WAAYyE,SAGvB7I,EAAmBG,oBAAoBN,EAAa,CAC7DjY,iBAAkBI,KAAKJ,iBACvBqf,gBAAiBjf,KAAKT,OAAOY,OAAOqK,0BACpCqU,kBAAmBA,EACnB/U,mBACI7D,EAAQ6D,oBACR9J,KAAKT,OAAOkC,KAAKqI,oBAE5B,CAAC,MAAOzI,GAOL,MANIA,aAAamY,EAAAA,KACbnY,EAAEoY,iBAAiBzZ,KAAKD,eACxBsF,EAAuBqU,mBAAmBrY,IAE9CsJ,OAAO4T,oBAAoB,WAAYsC,GACvC7gB,KAAKC,eAAeqgB,oBAAoBzJ,EAAajH,OAC/CvO,CACT,C,CAUL,2BAAM0J,GAE2C,IAD7C6Q,EAAesF,UAAAxd,OAAA,QAAAf,IAAAue,UAAA,GAAAA,UAAA,MACfC,EAA6CD,UAAAxd,OAAA,EAAAwd,UAAA,QAAAve,EAE7C,MAAM0C,EAAyBrF,KAAK6B,iCAChCyI,EAAAA,GAAMS,uBAGV,IACI,IAAK/K,KAAKC,eAAe+K,yBAAwB,GAI7C,OAHAhL,KAAKN,OAAO0H,KACR,yFAEG,KAEX,MAAOqR,EAAcF,GAAkBvY,KAAKohB,oBACxCxF,GAAQ,IAEZ,IAAKnD,EAiBD,OAfAzY,KAAKN,OAAO0H,KACR,wGAEJpH,KAAKC,eAAeoe,8BAChBrH,EAAAA,GAAgB0J,UAIQ,iBAhM5C,WACI,GACsB,oBAAX/V,aACuB,IAAvBA,OAAO0W,aACiC,mBAAxC1W,OAAO0W,YAAYC,iBAE1B,OAGJ,MAAMC,EAAoB5W,OAAO0W,YAAYC,iBAAiB,cACxDE,EAAaD,EAAkB7d,OAC9B6d,EAAkB,QACnB5e,EACN,OAAO6e,aAAU,EAAVA,EAAYC,IACvB,CAkLoBC,GACAP,EAAkBL,MAAMxY,UAAY,qBAEpCtI,KAAKN,OAAOoB,QACR,mEAGD,KAIX,MAAM6gB,EACF3hB,KAAKC,eAAeof,kBAChBpV,EAAAA,GAAmB6U,YACnB,IACC1R,EAAAA,GAAUC,aACbuU,EACFlgB,EAAAA,GAAUmgB,kBAAkBF,GAKhC,GACIC,IALyBlgB,EAAAA,GAAUmgB,kBACnClX,OAAOC,SAASC,OAKhB7K,KAAKT,OAAOkC,KAAKiJ,0BACnB,CAEE1K,KAAKN,OAAOoB,QACR,sDAGA6gB,EAAgBG,QAAQ,MAAQ,IAEhCC,EAAAA,EAAAA,IAAyBJ,GAQ7B,aAL+B3hB,KAAKgiB,eAChCvJ,EACApT,EAIP,CAAM,IAAKrF,KAAKT,OAAOkC,KAAKiJ,0BAIzB,OAHA1K,KAAKN,OAAOoB,QACR,mEAESd,KAAKgiB,eACdvJ,EACApT,GAED,KACF4c,EAAAA,EAAAA,OACDjiB,KAAKT,OAAOY,OAAO+hB,sBACrB,CAKEliB,KAAKC,eAAe+J,kBAChBC,EAAAA,GAAmBkY,SACnB5J,GACA,GAEJ,MAAMlO,EAAuC,CACzCvI,MAAOwI,EAAAA,GAAMS,sBACbR,QAASvK,KAAKT,OAAOY,OAAOqK,0BAC5BC,WAAW,GAOf,IAAI2X,GAAiC,EACrC,GAAKT,GAAuC,SAApBA,EAmBpB3hB,KAAKN,OAAOoB,QAAQ,kCAADkP,OACmB2R,IAEtCS,QACUpiB,KAAKJ,iBAAiB2a,iBACxBoH,EACAtX,OAzBwC,CAEhD,MAAMgY,GAAWC,EAAAA,EAAAA,MAEjBtiB,KAAKC,eAAe+J,kBAChBC,EAAAA,GAAmB6U,WACnBuD,GACA,GAEJriB,KAAKN,OAAOyJ,QACR,8EAEJiZ,QACUpiB,KAAKJ,iBAAiB2a,iBACxB8H,EACAhY,EAEX,CAaD,IAAK+X,EACD,aAAapiB,KAAKgiB,eACdvJ,EACApT,EAGX,CAED,OAAO,IACV,CAAC,MAAOhE,GAQL,MAPIA,aAAamY,EAAAA,KACZnY,EAAgBoY,iBAAiBzZ,KAAKD,eACvCsF,EAAuBqU,mBAAmBrY,IAE9CrB,KAAKC,eAAeoe,8BAChBrH,EAAAA,GAAgB0J,UAEdrf,CACT,C,CAQK+f,mBAAAA,CACNmB,GAEAviB,KAAKN,OAAOoB,QAAQ,kCAEpB,IAAIyX,EAAiBgK,EAChBhK,IAKGA,EAHAvY,KAAKT,OAAOkC,KAAKwB,YAAY4V,qBAC7B4C,EAAAA,GAAmBC,MAEF/Q,OAAOC,SAAS+Q,OAEhBhR,OAAOC,SAASgR,MAGzC,IAAI/T,EAAW2a,EAAAA,GAAAA,wBAAiCjK,GAEhD,GAAI1Q,EAAU,CACV,KACI4a,EAAAA,EAAAA,GACI5a,EACA7H,KAAKP,cACLuX,EAAAA,GAAgB0J,SAEvB,CAAC,MAAOrf,GAML,OALIA,aAAamY,EAAAA,IACbxZ,KAAKN,OAAOwB,MAAM,6CAAD8O,OACgC3O,EAAEiH,UAAS,MAAA0H,OAAK3O,EAAEqhB,eAGhE,CAAC,KAAM,GACjB,CAMD,OAJAC,EAAAA,EAAAA,IAAuBhY,QACvB3K,KAAKN,OAAOoB,QACR,2DAEG,CAAC+G,EAAU0Q,EACrB,CAED,MAAMqK,EAAa5iB,KAAKC,eAAeof,kBACnCpV,EAAAA,GAAmBkY,UACnB,GAMJ,OAJAniB,KAAKC,eAAesL,WAChBvL,KAAKC,eAAeuL,iBAAiBvB,EAAAA,GAAmBkY,WAGxDS,IACA/a,EAAW2a,EAAAA,GAAAA,wBAAiCI,GACxC/a,IACA7H,KAAKN,OAAOoB,QACR,iEAEG,CAAC+G,EAAU+a,IAInB,CAAC,KAAM,G,CAQR,oBAAMZ,CACZvJ,EACApT,GAEA,MAAMuK,EAAQ6I,EAAa7I,MAC3B,IAAKA,EACD,MAAM8D,EAAAA,EAAAA,IAAuBmP,EAAAA,IAGjC,MAAM5X,EAAgBjL,KAAKC,eAAe6iB,iBAAiBlT,GAG3D,GAFA5P,KAAKN,OAAOoB,QAAQ,mDAEhB2X,EAAa3T,UAAW,CAIxB,GAHA9E,KAAKN,OAAOoB,QACR,oDAECd,KAAKF,qBACN,MAAM4T,EAAAA,EAAAA,IACFsF,EAAAA,IAGR,MAAMC,EAA0B,IAAIrU,EAAAA,EAChC5E,KAAKT,OACLS,KAAKC,eACLD,KAAKP,cACLO,KAAKN,OACLM,KAAKL,aACLK,KAAKJ,iBACL0K,EAAAA,GAAMsM,kBACN5W,KAAKH,kBACLG,KAAKF,qBACL2Y,EAAa3T,UACb9E,KAAK0V,cACLzK,EAAclL,gBAEZ,iBAAEmZ,GAAqBC,EAAAA,GAAcC,kBACvCpZ,KAAKP,cACLmQ,GAEJ,OAAOqJ,EACF5S,cAAYF,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAC,CAAC,EACR8E,GAAa,IAChB2E,MAAOsJ,EACP9N,YAAQzI,KAEXmZ,SAAQ,KACL9b,KAAKC,eAAeqgB,oBAAoB1Q,EAAM,GAEzD,CAGD,MAAMmT,EAAmB/iB,KAAKC,eAAe+iB,mBAAmBpT,GAChE,IAAKmT,EACD,MAAMrP,EAAAA,EAAAA,IACFuP,EAAAA,IAIR,MAAM3L,QAAmBhT,EAAAA,EAAAA,IACrBtE,KAAKuX,qBAAqB1C,KAAK7U,MAC/B6C,EAAAA,GAAkB2U,8CAClBxX,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALgBuE,CAMvB,CAAEe,yBAAwB9B,iBAAkBwf,IAE9CjK,EAAAA,GAAgBC,eACZ/Y,KAAKC,eACLD,KAAKT,OAAOkC,KAAKQ,SACjBgJ,GASJ,OAP2B,IAAIyT,EAC3BpH,EACAtX,KAAKC,eACLgL,EACAjL,KAAKN,OACLM,KAAKH,mBAEiBwZ,mBAAmBZ,EAAc7I,E,CAQ/D,YAAMjE,CAAO0K,GACTrW,KAAKN,OAAOoB,QAAQ,yBACpB,MAAMyV,EAAqBvW,KAAKwW,wBAAwBH,GAClDhR,EAAyBrF,KAAK6B,iCAChCyI,EAAAA,GAAMqB,QAGV,IACI3L,KAAKL,aAAayY,UACdC,EAAAA,EAAUsB,aACV3C,EAAAA,GAAgB0J,SAChBrK,SAIErW,KAAKS,mBAAmB8V,EAAmB7V,SAEjD,MAAM2J,EAAuC,CACzCvI,MAAOwI,EAAAA,GAAMqB,OACbpB,QAASvK,KAAKT,OAAOY,OAAOqK,0BAC5BC,WAAW,GAGT6M,QAAmBhT,EAAAA,EAAAA,IACrBtE,KAAKuX,qBAAqB1C,KAAK7U,MAC/B6C,EAAAA,GAAkB2U,8CAClBxX,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALgBuE,CAMvB,CACEe,yBACA9B,iBAAkB8S,GAAiBA,EAAc7S,UACjDf,4BACI4T,aAAa,EAAbA,EAAerC,qBACnBtT,QAAU2V,GAAiBA,EAAc3V,cAAYiC,IAGzD,GAAI2U,EAAW9T,UAAUR,eAAiBiX,EAAAA,GAAaC,KACnD,IACI5C,EAAW9T,UAAUqW,kBACxB,CAAC,MAAAC,GAAM,IAAAoJ,EAC2CC,EAA/C,GAA8B,QAA9BD,EAAI3M,EAAmB7V,eAAO,IAAAwiB,GAA1BA,EAA4B7W,cAW5B,OAVKrM,KAAKC,eAAee,cACK,QADQmiB,EAClC5M,EAAmB7V,eAAO,IAAAyiB,OAAA,EAA1BA,EAA4B9W,oBAGhCrM,KAAKL,aAAayY,UACdC,EAAAA,EAAUgC,eACVrD,EAAAA,GAAgB0J,SAChBnK,EAKX,CAIL,MAAMiE,EACFlD,EAAWmD,aAAalE,GAQ5B,GANAvW,KAAKL,aAAayY,UACdC,EAAAA,EAAUgC,eACVrD,EAAAA,GAAgB0J,SAChBnK,IAIAF,GAC4C,mBAArCA,EAAcvM,mBAiCrB,OAPK9J,KAAKC,eAAemjB,4BACrBpjB,KAAKC,eAAewL,0BAAyB,cAE3CzL,KAAKJ,iBAAiBkL,iBACxB0P,EACAnQ,GA3BJ,IAAiB,IAFAgM,EAAcvM,mBAAmB0Q,GAc9C,OAXAxa,KAAKN,OAAOoB,QACR,8DAGCd,KAAKC,eAAemjB,4BACrBpjB,KAAKC,eAAewL,0BAAyB,cAE3CzL,KAAKJ,iBAAiBkL,iBACxB0P,EACAnQ,GAKJrK,KAAKC,eAAewL,0BAAyB,GAC7CzL,KAAKN,OAAOoB,QACR,gEAcf,CAAC,MAAOO,GAeL,MAdIA,aAAamY,EAAAA,KACZnY,EAAgBoY,iBAAiBzZ,KAAKD,eACvCsF,EAAuBqU,mBAAmBrY,IAE9CrB,KAAKL,aAAayY,UACdC,EAAAA,EAAUwC,eACV7D,EAAAA,GAAgB0J,SAChB,KACArf,GAEJrB,KAAKL,aAAayY,UACdC,EAAAA,EAAUyC,WACV9D,EAAAA,GAAgB0J,UAEdrf,CACT,CAEDrB,KAAKL,aAAayY,UACdC,EAAAA,EAAUyC,WACV9D,EAAAA,GAAgB0J,S,CAQdO,oBAAAA,CAAqBoC,GAC3B,MAAMxE,EAAoBwE,GAAoB1Y,OAAOC,SAASC,KAC9D,OAAOnJ,EAAAA,GAAUC,eACbkd,GACAjd,EAAAA,EAAAA,M,sGC5oBN,MAAO0hB,UAAyCC,EAAAA,EAClDjkB,WAAAA,CAAYC,GACR0F,MAAM1F,GACNS,KAAKwjB,oBAAqB,C,8BCkB5B,MAAOC,UAA6BjO,EAAAA,EAGtClW,WAAAA,CACIC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAkC,EACAjC,EACAC,EACAC,GAEAkF,MACI1F,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,GAEJC,KAAK8B,MAAQA,C,CAOjB,kBAAMuE,CACFJ,GAGA,IAAKA,EAAQ2Z,KACT,MAAMlM,EAAAA,EAAAA,IACFgQ,EAAAA,IAKR,MAAMna,QAA+CjF,EAAAA,EAAAA,IACjDtE,KAAK8W,+BAA+BjC,KAAK7U,MACzC6C,EAAAA,GAAkBkU,wDAClB/W,KAAKN,OACLM,KAAKH,kBACLoG,EAAQlG,cALyCuE,CAMnD2B,EAAS+Q,EAAAA,GAAgB2M,QAErBte,EAAyBrF,KAAK6B,iCAChC7B,KAAK8B,OAGT,IAEI,MAAMqV,GAAehR,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAA,GACdoD,GAAa,IAChBqW,KAAM3Z,EAAQ2Z,OAIZgE,QAAqBtf,EAAAA,EAAAA,IACvBtE,KAAK6jB,uBAAuBhP,KAAK7U,MACjC6C,EAAAA,GAAkBihB,gDAClB9jB,KAAKN,OACLM,KAAKH,kBACLoG,EAAQlG,cALeuE,CAMzB,CACEe,yBACA9B,iBAAkBgG,EAAc/F,UAChCW,yBAA0BoF,EAAcnF,kBACxC3B,4BAA6B8G,EAAcyK,qBAC3CtT,QAAS6I,EAAc7I,UAErB4W,EACF,IAAIgM,EAAiCM,GACzC5jB,KAAKN,OAAOoB,QAAQ,4BAGpB,MAAMkX,EAAqB,IAAIC,EAAAA,EAC3BX,EACAtX,KAAKC,eACLkX,EACAnX,KAAKN,OACLM,KAAKH,mBAIT,aAAayE,EAAAA,EAAAA,IACT0T,EAAmB+L,6BAA6BlP,KAC5CmD,GAEJnV,EAAAA,GAAkBmhB,6BAClBhkB,KAAKN,OACLM,KAAKH,kBACLoG,EAAQlG,cAPCuE,CAST,CACIsb,KAAM3Z,EAAQ2Z,KACdqE,aAAche,EAAQie,YACtBC,sBAAuBle,EAAQme,mBAC/BvE,yBAA0B5Z,EAAQoe,uBAEtC9a,GACA,EAEP,CAAC,MAAOlI,GAKL,MAJIA,aAAamY,EAAAA,KACZnY,EAAgBoY,iBAAiBzZ,KAAKD,eACvCsF,EAAuBqU,mBAAmBrY,IAExCA,CACT,C,CAMLsK,MAAAA,GAEI,OAAOC,QAAQC,QACX6H,EAAAA,EAAAA,IACI4Q,EAAAA,I,sGCxIV,MAAOlf,UAA0BoQ,OAAAA,EAAAA,EAAAA,EAAyB,QAK5D,kBAAMnP,CACFkD,GAEAvJ,KAAKH,kBAAkB+C,oBACnBC,EAAAA,GAAkB0hB,8BAClBhb,EAAcxJ,eAGlB,MAAMsF,EAAyBrF,KAAK6B,iCAChCyI,EAAAA,GAAM+I,+BAGJuQ,QAAqBtf,EAAAA,EAAAA,IACvBtE,KAAK6jB,uBAAuBhP,KAAK7U,MACjC6C,EAAAA,GAAkBihB,gDAClB9jB,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALkBuE,CAMzB,CACEe,yBACA9B,iBAAkBgG,EAAc/F,UAChCW,yBAA0BoF,EAAcnF,kBACxC1D,QAAS6I,EAAc7I,UAErB8jB,EAAmB,IAAIC,EAAAA,GACzBb,EACA5jB,KAAKH,mBAETG,KAAKN,OAAOoB,QAAQ,8BAEpB,IACI,MAOM4jB,SAPiBpgB,EAAAA,EAAAA,IACnBkgB,EAAiBG,mBAAmB9P,KAAK2P,GACzC3hB,EAAAA,GAAkB+hB,mCAClB5kB,KAAKN,OACLM,KAAKH,kBACL0J,EAAcxJ,cALKuE,CAMrBiF,IAC4B,GAQ9B,OANAvJ,KAAKH,kBAAkBsL,UACnB,CACIhE,WAAW,GAEfoC,EAAcxJ,eAEX2kB,CACV,CAAC,MAAOxjB,GASL,MAPIA,aAAiB2jB,EAAAA,IACjB3jB,EAAMoH,YAAcwc,EAAAA,IAEpB9kB,KAAKN,OAAOoB,QACR,wHAGFI,CACT,C,CAOLyK,MAAAA,CAAO0K,GACHrW,KAAKN,OAAOoB,QAAQ,yBACpB,MAAMyV,EAAqBvW,KAAKwW,wBAAwBH,GACxD,OAAOrW,KAAKS,mBAAmB8V,aAAkB,EAAlBA,EAAoB7V,Q,8HCpEpDqkB,eAAe5M,EAClB4C,EACAlb,EACAH,EACAK,EACAilB,GAOA,GALAnlB,EAAkB+C,oBACdC,EAAAA,GAAkBoiB,iCAClBllB,IAGCgb,EAGD,MADArb,EAAO0H,KAAK,0BACNsM,EAAAA,EAAAA,IAAuBuH,EAAAA,IAEjC,OAAI+J,GACO1gB,EAAAA,EAAAA,IACH4gB,EACAriB,EAAAA,GAAkBsiB,uBAClBzlB,EACAG,EACAE,EALGuE,CAMLyW,EAAYiK,EAAmBnlB,EAAmBE,IAEjD2Y,EAAAA,EAAAA,IACH0M,EACAviB,EAAAA,GAAkBwiB,2BAClB3lB,EACAG,EACAE,EALG2Y,CAMLqC,EACN,CAOOgK,eAAeO,EAClBC,EACAhb,EACAsR,EACAhc,EACAH,EACAK,EACAyb,GAOA,OALA3b,EAAkB+C,oBACdC,EAAAA,GAAkB2iB,kCAClBzlB,GAGG,IAAI6L,SAAgB,CAACsP,EAASrP,KAC7BtB,EAAUkb,EAAAA,IACV/lB,EAAOyJ,QAAQ,qEAAD6G,OAC2DzF,EAAO,0BAAAyF,OAAyByV,EAAAA,GAAyB,sCAQtI,MAAMC,EAAY/a,OAAOgb,YAAW,KAChChb,OAAO2Q,cAAcH,GACrBtP,GACI6H,EAAAA,EAAAA,IACIkS,EAAAA,IAEP,GACFrb,GAEG4Q,EAAaxQ,OAAOyQ,aAAY,KAClC,IAAIvQ,EAAe,GACnB,MAAMgb,EAAgBN,EAAOM,cAC7B,IAMIhb,EAAOgb,EAAgBA,EAAcjb,SAASC,KAAO,EACxD,CAAC,MAAOxJ,GAAI,CAEb,IAAKwJ,GAAiB,gBAATA,EACT,OAGJ,IAAI0N,EAAiB,GACjBsN,IAEItN,EADAiD,IAAiBC,EAAAA,GAAmBC,MACnBmK,EAAcjb,SAAS+Q,OAEvBkK,EAAcjb,SAASgR,MAGhDjR,OAAOmb,aAAaJ,GACpB/a,OAAO2Q,cAAcH,GACrBD,EAAQ3C,EAAe,GACxBsD,EAAyB,IAC7BC,SAAQ,MACPpD,EAAAA,EAAAA,IACIqN,EACAljB,EAAAA,GAAkBmjB,mBAClBtmB,EACAG,EACAE,EALJ2Y,CAME6M,EAAO,GAEjB,CAQA,SAASL,EACLlJ,EACAgJ,EACAnlB,EACAE,GAYA,OAVAF,EAAkB+C,oBACdC,EAAAA,GAAkBsiB,uBAClBplB,GAQG,IAAI6L,SAAQ,CAACsP,EAASrP,KACzB,MAAMoa,EAAcC,IAEpBvb,OAAOgb,YAAW,KACTM,GAKLA,EAAYE,IAAMnK,EAElBd,EAAQ+K,IANJpa,EAAO,wBAMS,GACrBmZ,EAAkB,GAE7B,CAQA,SAASI,EAAcpJ,GACnB,MAAMiK,EAAcC,IAIpB,OAFAD,EAAYE,IAAMnK,EAEXiK,CACX,CAOA,SAASC,IACL,MAAME,EAAYtS,SAASuS,cAAc,UAazC,OAXAD,EAAUE,UAAY,mBACtBF,EAAUG,MAAMC,WAAa,SAC7BJ,EAAUG,MAAME,SAAW,WAC3BL,EAAUG,MAAM7I,MAAQ0I,EAAUG,MAAM3I,OAAS,IACjDwI,EAAUG,MAAMG,OAAS,IACzBN,EAAUO,aACN,UACA,+CAEJ7S,SAASwJ,KAAKsJ,YAAYR,GAEnBA,CACX,CAOA,SAASL,EAAmBR,GACpBzR,SAASwJ,OAASiI,EAAOsB,YACzB/S,SAASwJ,KAAKwJ,YAAYvB,EAElC,C,gEC/KM,MAAOwB,UAA2BvR,EAAAA,EAIpClW,WAAAA,CACIC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAkC,EACAjC,EACAkF,EACAjF,EACAC,GAEAkF,MACI1F,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,EACAC,GAEJC,KAAK8B,MAAQA,EACb9B,KAAK0V,cAAgB3Q,C,CAOzB,kBAAMsB,CACFJ,GAEAjG,KAAKH,kBAAkB+C,oBACnBC,EAAAA,GAAkBmkB,+BAClB/gB,EAAQlG,eAIPkG,EAAQ2a,WACR3a,EAAQghB,KACPhhB,EAAQvF,SAAYuF,EAAQvF,QAAQwmB,UAEtClnB,KAAKN,OAAOyJ,QACR,uGAKR,MAAMge,GAAYhhB,EAAAA,EAAAA,GAAA,GAAQF,GACtBkhB,EAAa/b,OAET+b,EAAa/b,SAAWkI,EAAAA,GAAYC,MACpC4T,EAAa/b,SAAWkI,EAAAA,GAAY8T,aAEpCpnB,KAAKN,OAAOyJ,QAAQ,gDAAD6G,OACiCmX,EAAa/b,OAAM,UAAA4E,OAASsD,EAAAA,GAAYC,OAE5F4T,EAAa/b,OAASkI,EAAAA,GAAYC,MAGtC4T,EAAa/b,OAASkI,EAAAA,GAAYC,KAItC,MAAMhK,QAA+CjF,EAAAA,EAAAA,IACjDtE,KAAK8W,+BAA+BjC,KAAK7U,MACzC6C,EAAAA,GAAkBkU,wDAClB/W,KAAKN,OACLM,KAAKH,kBACLoG,EAAQlG,cALyCuE,CAMnD6iB,EAAcnQ,EAAAA,GAAgB2M,SAChCzM,EAAAA,EAAAA,IAAwB3N,EAAc/F,WAEtC,MAAM6B,EAAyBrF,KAAK6B,iCAChC7B,KAAK8B,OAGT,IAAIwV,EAEJ,IAgBI,OAdAA,QAAmBhT,EAAAA,EAAAA,IACftE,KAAKuX,qBAAqB1C,KAAK7U,MAC/B6C,EAAAA,GAAkB2U,8CAClBxX,KAAKN,OACLM,KAAKH,kBACLoG,EAAQlG,cALOuE,CAMjB,CACEe,yBACA9B,iBAAkBgG,EAAc/F,UAChCW,yBAA0BoF,EAAcnF,kBACxC3B,4BAA6B8G,EAAcyK,qBAC3CtT,QAAS6I,EAAc7I,gBAGd4D,EAAAA,EAAAA,IACTtE,KAAKqnB,kBAAkBxS,KAAK7U,MAC5B6C,EAAAA,GAAkBykB,8BAClBtnB,KAAKN,OACLM,KAAKH,kBACLoG,EAAQlG,cALCuE,CAMXgT,EAAY/N,EACjB,CAAC,MAAOlI,GAML,GALIA,aAAamY,EAAAA,KACZnY,EAAgBoY,iBAAiBzZ,KAAKD,eACvCsF,EAAuBqU,mBAAmBrY,MAIzCiW,GACCjW,aAAamY,EAAAA,IACfnY,EAAEiH,YAAchI,EAAAA,GAAiBinB,qBAEjC,MAAMlmB,EAGVrB,KAAKH,kBAAkBsL,UACnB,CACIqc,WAAYnmB,EAAEiH,WAElBtI,KAAKD,eAGT,MAAM0nB,QACInjB,EAAAA,EAAAA,IACFtE,KAAK8W,+BAA+BjC,KAAK7U,MACzC6C,EAAAA,GAAkBkU,wDAClB/W,KAAKN,OACLM,KAAKH,kBACLoG,EAAQlG,cALNuE,CAMJ6iB,EAAcnQ,EAAAA,GAAgB2M,QAEpC,aAAarf,EAAAA,EAAAA,IACTtE,KAAKqnB,kBAAkBxS,KAAK7U,MAC5B6C,EAAAA,GAAkBykB,8BAClBtnB,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALIuE,CAMXgT,EAAYmQ,EACjB,C,CAML9b,MAAAA,GAEI,OAAOC,QAAQC,QACX6H,EAAAA,EAAAA,IACI4Q,EAAAA,I,CAWF,uBAAM+C,CACZ/P,EACA/N,GAEA,MAAMxJ,EAAgBwJ,EAAcxJ,cACpCC,KAAKH,kBAAkB+C,oBACnBC,EAAAA,GAAkBykB,8BAClBvnB,GAIJ,MAAMoX,QACI7S,EAAAA,EAAAA,IACFtE,KAAKoX,mCAAmCvC,KAAK7U,MAC7C6C,EAAAA,GAAkBwU,4DAClBrX,KAAKN,OACLM,KAAKH,kBACLE,EALEuE,CAMJiF,GAGAsO,QAAoBvT,EAAAA,EAAAA,IACtBgT,EAAWQ,eAAejD,KAAKyC,GAC/BzU,EAAAA,GAAkB6kB,eAClB1nB,KAAKN,OACLM,KAAKH,kBACLE,EALsBuE,EAMzB6B,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAC,CAAC,EACIoD,GAAa,IAChBwO,aAAcN,EAAAA,EAAqBC,kBAC/B1X,KAAKT,OACLS,KAAKN,OACLM,KAAKF,qBACLyJ,EAAcqK,yBAKhBoE,EAAqB,IAAIC,EAAAA,EAC3BX,EACAtX,KAAKC,eACLkX,EACAnX,KAAKN,OACLM,KAAKH,mBAGH8nB,QAAkBrjB,EAAAA,EAAAA,IACpB6T,EACAtV,EAAAA,GAAkBoiB,iCAClBjlB,KAAKN,OACLM,KAAKH,kBACLE,EALoBuE,CAOpBuT,EACA7X,KAAKH,kBACLG,KAAKN,OACLK,EACAC,KAAKT,OAAOY,OAAO6kB,mBAEjBxJ,EAAexb,KAAKT,OAAOkC,KAAKwB,YAAY4V,mBAE5CN,QAAuBjU,EAAAA,EAAAA,IACzBghB,EACAziB,EAAAA,GAAkB2iB,kCAClBxlB,KAAKN,OACLM,KAAKH,kBACLE,EALyBuE,CAOzBqjB,EACA3nB,KAAKT,OAAOY,OAAOynB,kBACnB5nB,KAAKT,OAAOY,OAAO0b,yBACnB7b,KAAKH,kBACLG,KAAKN,OACLK,EACAyb,GAEE/C,GAAeC,EAAAA,EAAAA,IACjBC,EAAAA,EACA9V,EAAAA,GAAkB+V,oBAClB5Y,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALY2Y,CAMnBH,EAAgBiD,EAAcxb,KAAKN,QAErC,GAAI+Y,EAAa3T,UAAW,CAIxB,GAHA9E,KAAKN,OAAOoB,QACR,oDAECd,KAAKF,qBACN,MAAM4T,EAAAA,EAAAA,IACFsF,EAAAA,IAGR,MAAMC,EAA0B,IAAIrU,EAAAA,EAChC5E,KAAKT,OACLS,KAAKC,eACLD,KAAKP,cACLO,KAAKN,OACLM,KAAKL,aACLK,KAAKJ,iBACLI,KAAK8B,MACL9B,KAAKH,kBACLG,KAAKF,qBACL2Y,EAAa3T,UACb9E,KAAKC,eACLF,IAEE,iBAAEmZ,GAAqBC,EAAAA,GAAcC,kBACvCpZ,KAAKP,cACL8J,EAAcqG,OAElB,OAAOtL,EAAAA,EAAAA,IACH2U,EAAwB5S,aAAawO,KACjCoE,GAEJpW,EAAAA,GAAkByD,oCAClBtG,KAAKN,OACLM,KAAKH,kBACLE,EAPGuE,EAQN6B,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAC,CAAC,EACIoD,GAAa,IAChBqG,MAAOsJ,EACP9N,OAAQ7B,EAAc6B,QAAUkI,EAAAA,GAAYC,OAEnD,CAGD,OAAOjP,EAAAA,EAAAA,IACH0T,EAAmBqB,mBAAmBxE,KAAKmD,GAC3CnV,EAAAA,GAAkBglB,mBAClB7nB,KAAKN,OACLM,KAAKH,kBACLE,EALGuE,CAMLmU,EAAclP,E,6HChUlB,MAAOue,UAA4BtS,OAAAA,EAAAA,EAAAA,EAAyB,QAK9D,kBAAMnP,CACFJ,GAEAjG,KAAKH,kBAAkB+C,oBACnBC,EAAAA,GAAkBklB,gCAClB9hB,EAAQlG,eAGZ,MAAMioB,QAAoB1jB,EAAAA,EAAAA,IACtB2jB,EAAAA,EACAplB,EAAAA,GAAkBqlB,sBAClBloB,KAAKN,OACLM,KAAKH,kBACLoG,EAAQlG,cALcuE,CAMxB2B,EAASjG,KAAKT,OAAQS,KAAKH,kBAAmBG,KAAKN,QAC/C6J,GAAapD,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAA,GACZF,GACA+hB,GAGH/hB,EAAQzE,cAER+H,EAAc/H,YAAcxB,KAAKsB,eAC7B2E,EAAQzE,cAIhB,MAAM6D,EAAyBrF,KAAK6B,iCAChCyI,EAAAA,GAAM+I,+BAGJ8U,QAA2BnoB,KAAKooB,yBAAyB,CAC3D/iB,yBACAgjB,aAAc9e,EAAc/F,UAC5BY,kBAAmBmF,EAAcnF,kBACjC1D,QAAS6I,EAAc7I,UAG3B,OAAO4D,EAAAA,EAAAA,IACH6jB,EAAmBG,2BAA2BzT,KAC1CsT,GAEJtlB,EAAAA,GAAkB0lB,6CAClBvoB,KAAKN,OACLM,KAAKH,kBACLoG,EAAQlG,cAPLuE,CAQLiF,GAAelB,OAAOhH,IAGpB,MAFCA,EAAgBoY,iBAAiBzZ,KAAKD,eACvCsF,EAAuBqU,mBAAmBrY,GACpCA,CAAC,G,CAOfsK,MAAAA,GAEI,OAAOC,QAAQC,QACX6H,EAAAA,EAAAA,IACI4Q,EAAAA,I,CAeF,8BAAM8D,CAAyB7lB,GAQrC,MAAMqhB,QAAqBtf,EAAAA,EAAAA,IACvBtE,KAAK6jB,uBAAuBhP,KAAK7U,MACjC6C,EAAAA,GAAkBihB,gDAClB9jB,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALkBuE,CAMzB,CACEe,uBAAwB9C,EAAO8C,uBAC/B9B,iBAAkBhB,EAAO8lB,aACzBlkB,yBAA0B5B,EAAO6B,kBACjC3B,4BAA6BF,EAAOyR,qBACpCtT,QAAS6B,EAAO7B,UAEpB,OAAO,IAAI8nB,EAAAA,GAAmB5E,EAAc5jB,KAAKH,kB,oJCnFnD,MAAgB2V,UAAkCnW,OAAAA,EAAAA,EAAAA,EAAqB,QAK/D,wCAAM+X,CACZnR,GAEAjG,KAAKH,kBAAkB+C,oBACnBC,EAAAA,GAAkBwU,4DAClBrX,KAAKD,eAET,MAAM0oB,QAA4BnkB,EAAAA,EAAAA,IAC9BokB,EAAAA,EACA7lB,EAAAA,GAAkB8lB,kBAClB3oB,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALyBuE,CAMhCtE,KAAKH,kBAAmBG,KAAKN,OAAQM,KAAKD,eAEtCoX,GAAehR,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAA,GACdF,GAAO,IACVzE,YAAayE,EAAQzE,YACrBoe,KAAMxS,EAAAA,GAAUC,aAChBub,aAAcH,EAAoBI,WAMtC,OAHA5iB,EAAQ6iB,cAAgBL,EAAoBM,UAC5C9iB,EAAQ+iB,oBAAsB5b,EAAAA,GAAU6b,2BAEjC9R,C,CAODX,uBAAAA,CACNH,GAEArW,KAAKN,OAAOoB,QACR,iCACAuV,aAAa,EAAbA,EAAetW,eAGnB,MAAMwW,GAAkBpQ,EAAAA,EAAAA,GAAA,CACpBpG,cAAeC,KAAKD,gBAAiBK,EAAAA,EAAAA,OAClCiW,GAOP,GAAIA,EAEA,GAAKA,EAAc6S,WAiBflpB,KAAKN,OAAOoB,QACR,yDAjBJ,GAAIuV,EAAc3V,QAAS,CACvB,MAAMwoB,EAAalpB,KAAKmpB,+BACpB9S,EAAc3V,SAEdwoB,IACAlpB,KAAKN,OAAOoB,QACR,kFAEJyV,EAAmB2S,WAAaA,EAEvC,MACGlpB,KAAKN,OAAOoB,QACR,0GASZd,KAAKN,OAAOoB,QACR,qEAoDR,OA5CKuV,GAAyD,OAAxCA,EAAc2D,sBAsChCha,KAAKN,OAAOoB,QACR,6EACAyV,EAAmBxW,eAvCnBsW,GAAiBA,EAAc2D,uBAC/Bha,KAAKN,OAAOoB,QACR,6DACAyV,EAAmBxW,eAEvBwW,EAAmByD,sBACftY,EAAAA,GAAUC,eACN0U,EAAc2D,uBACdpY,EAAAA,EAAAA,QAE0C,OAA3C5B,KAAKT,OAAOkC,KAAKuY,sBACxBha,KAAKN,OAAOoB,QACR,uGACAyV,EAAmBxW,eAEhBC,KAAKT,OAAOkC,KAAKuY,uBACxBha,KAAKN,OAAOoB,QACR,kDACAyV,EAAmBxW,eAEvBwW,EAAmByD,sBACftY,EAAAA,GAAUC,eACN3B,KAAKT,OAAOkC,KAAKuY,uBACjBpY,EAAAA,EAAAA,SAGR5B,KAAKN,OAAOoB,QACR,gDACAyV,EAAmBxW,eAEvBwW,EAAmByD,sBACftY,EAAAA,GAAUC,gBACNC,EAAAA,EAAAA,OACAA,EAAAA,EAAAA,QAUT2U,C,CAQD4S,8BAAAA,CACNzoB,GAEA,MAAM+I,EAA2C/I,EAAQ+I,cACzD,GAAIA,EAAe,CACf,GAAIA,EAAc2f,WACd,OAAO3f,EAAc2f,WAErBppB,KAAKN,OAAOoB,QACR,qIAGX,MACGd,KAAKN,OAAOoB,QACR,yGAIR,OAAO,I,CAaD,0BAAMyW,CAAqBhV,GAOjCvC,KAAKH,kBAAkB+C,oBACnBC,EAAAA,GAAkB2U,8CAClBxX,KAAKD,eAGT,MAAM6jB,QAAqBtf,EAAAA,EAAAA,IACvBtE,KAAK6jB,uBAAuBhP,KAAK7U,MACjC6C,EAAAA,GAAkBihB,gDAClB9jB,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALkBuE,CAMzB/B,GAEF,OAAO,IAAIghB,EAAAA,EACPK,EACA5jB,KAAKH,kB,CAcH,4BAAMgkB,CAAuBthB,GAOnC,MAAM,uBACF8C,EAAsB,iBACtB9B,EAAgB,yBAChBY,EAAwB,4BACxB1B,EAA2B,QAC3B/B,GACA6B,EAEJvC,KAAKH,kBAAkB+C,oBACnBC,EAAAA,GAAkBihB,gDAClB9jB,KAAKD,eAET,MAAMsE,QAA4BC,EAAAA,EAAAA,IAC9BtE,KAAKsC,uBAAuBuS,KAAK7U,MACjC6C,EAAAA,GAAkBC,gDAClB9C,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALyBuE,CAMhC,CACEf,mBACAY,2BACA1B,8BACA/B,YAEEhB,EAASM,KAAKT,OAAOY,OAAOkpB,cAElC,MAAO,CACHC,YAAa,CACTrnB,SAAUjC,KAAKT,OAAOkC,KAAKQ,SAC3BuB,UAAWa,EACXklB,mBAAoBvpB,KAAKT,OAAOkC,KAAK8nB,mBACrC/nB,YAAaxB,KAAKT,OAAOkC,KAAKD,aAElCgoB,cAAe,CACXC,0BACIzpB,KAAKT,OAAOY,OAAOspB,0BACvBC,sBAAsB,GAE1BL,cAAe,CACXM,eAAgBjqB,EAAOiqB,eACvBC,kBAAmBlqB,EAAOkqB,kBAC1BC,SAAUnqB,EAAOmqB,SACjB9pB,cAAeC,KAAKD,eAExB+pB,aAAc,CACVC,0BACI/pB,KAAKT,OAAOyqB,MAAMD,2BAE1BE,gBAAiBjqB,KAAKP,cACtByqB,iBAAkBlqB,KAAKE,cACvBiqB,iBAAkBnqB,KAAKC,eACvBoF,uBAAwBA,EACxB+kB,YAAa,CACTC,IAAK/pB,EAAAA,GAAiBC,SACtBC,QAASA,EAAAA,EACT8pB,IAAKld,EAAAA,GAAUC,aACfkd,GAAInd,EAAAA,GAAUC,cAElBiH,UAAWtU,KAAKT,OAAO+U,U,CASrB,oCAAMwC,CACZ7Q,EACAukB,GAEAxqB,KAAKH,kBAAkB+C,oBACnBC,EAAAA,GAAkBkU,wDAClB/W,KAAKD,eAGT,MAAMyB,EAAcxB,KAAKsB,eAAe2E,EAAQzE,aAC1CipB,EAAmC,CACrCD,gBAAiBA,GAEf5a,EAAQuJ,EAAAA,GAAcuR,gBACxB1qB,KAAKP,cACJwG,GAAWA,EAAQ2J,OAAUxC,EAAAA,GAAUC,aACxCod,GAGEzC,QAAqC1jB,EAAAA,EAAAA,IACvC2jB,EAAAA,EACAplB,EAAAA,GAAkBqlB,sBAClBloB,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALkCuE,EAM1C6B,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAC,CAAD,EACQF,GAAO,IAAElG,cAAeC,KAAKD,gBAClCC,KAAKT,OACLS,KAAKH,kBACLG,KAAKN,QAGHuT,GAAgB9M,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAA,GACf6hB,GAAW,IACdxmB,YAAaA,EACboO,MAAOA,EACPoQ,MAAO/Z,EAAQ+Z,QAAS5f,EAAAA,EAAAA,MACxBuqB,aAAc3qB,KAAKT,OAAOkC,KAAKwB,YAC1B4V,qBAIT,GAAI5S,EAAQ2a,WAAa3a,EAAQghB,IAC7B,OAAOhU,EAGX,MAAMvS,EACFuF,EAAQvF,SAAWV,KAAKC,eAAeY,mBAc3C,GAbIH,IACAV,KAAKN,OAAOoB,QACR,oCACAd,KAAKD,eAETC,KAAKN,OAAOib,WAAW,sCAAD3K,OACoBtP,EAAQ2L,eAC9CrM,KAAKD,eAETkT,EAAiBvS,QAAUA,IAI1BuS,EAAiB2N,YAAclgB,EAAS,CACzC,MAAMkqB,EAAkB5qB,KAAKC,eAAe4qB,qBACxCD,IACA3X,EAAiB2N,UAAYgK,EAEpC,CAED,OAAO3X,C,oFCzWFgF,EAOT3Y,WAAAA,CACIqf,EACAnf,EACA2X,EACAzX,EACAG,GAEAG,KAAK4e,WAAaD,EAClB3e,KAAKC,eAAiBT,EACtBQ,KAAKmX,gBAAkBA,EACvBnX,KAAKN,OAASA,EACdM,KAAKH,kBAAoBA,C,CAO7B,wBAAMwZ,CACFxR,EACA5B,GAOA,IAAIqZ,EALJtf,KAAKH,kBAAkB+C,oBACnBC,EAAAA,GAAkBglB,mBAClB5hB,EAAQlG,eAIZ,IACIuf,EAAmBtf,KAAK4e,WAAWW,uBAC/B1X,EACA5B,EAAQ2J,MAEf,CAAC,MAAOvO,GACL,MACIA,aAAame,EAAAA,IACbne,EAAEmH,WAAa+S,EAAAA,IAGT7H,EAAAA,EAAAA,IACF6H,EAAAA,IAGEla,CAEb,CAED,OAAOiD,EAAAA,EAAAA,IACHtE,KAAK+jB,6BAA6BlP,KAAK7U,MACvC6C,EAAAA,GAAkBmhB,6BAClBhkB,KAAKN,OACLM,KAAKH,kBACLoG,EAAQlG,cALLuE,CAMLgb,EAAkBrZ,E,CAWxB,kCAAM8d,CACFzE,EACArZ,GAC6B,IAA7B6kB,IAAA5J,UAAAxd,OAAA,QAAAf,IAAAue,UAAA,KAAAA,UAAA,GAiCA,GA/BAlhB,KAAKH,kBAAkB+C,oBACnBC,EAAAA,GAAkBmhB,6BAClB/d,EAAQlG,eAEZC,KAAKN,OAAO6G,MACR,0DAIJvG,KAAKmX,gBAAgByI,KAAON,EAAiBM,KAGzCN,EAAiBO,gCACXvb,EAAAA,EAAAA,IACFtE,KAAK4e,WAAWkB,gBAAgBjL,KAAK7U,KAAK4e,YAC1C/b,EAAAA,GAAkBkd,6BAClB/f,KAAKN,OACLM,KAAKH,kBACLoG,EAAQlG,cALNuE,CAMJgb,EAAiBO,yBAA0B5Z,EAAQlG,eAIrD+qB,IAEAxL,EAAiBU,MAAQ/Z,EAAQ+Z,YAASrd,GAG9C2c,EAAiB1P,MAAQ3J,EAAQ2J,MAG7B0P,EAAiB3S,YACjB3M,KAAKmX,gBAAgB8I,WAAaX,EAAiB3S,gBAChD,CACH,MAAMoe,EAAU/qB,KAAKgrB,qBAAqB/kB,GACtC8kB,IACA/qB,KAAKmX,gBAAgBiJ,cAAgB2K,EAE5C,CAUD,aAP6BzmB,EAAAA,EAAAA,IACzBtE,KAAK4e,WAAWvY,aAAawO,KAAK7U,KAAK4e,YACvC/b,EAAAA,GAAkBooB,uBAClBjrB,KAAKN,OACLM,KAAKH,kBACLoG,EAAQlG,cALiBuE,CAM3BtE,KAAKmX,gBAAiBmI,E,CAOlB0L,oBAAAA,CACN/kB,GAEA,OAAIA,EAAQvF,QACD,CACHwqB,WAAYjlB,EAAQvF,QAAQ2L,cAC5BoV,KAAM0J,EAAAA,GAAkBC,iBAErBnlB,EAAQ2a,UACR,CACHsK,WAAYjlB,EAAQ2a,UACpBa,KAAM0J,EAAAA,GAAkBE,KAIzB,I,sCC1KF,MAAAC,EAAmB,CAC5BC,wBAAyB,4BACzBC,WAAY,cACZC,UAAW,aACXC,eAAgB,kBAChBC,gBAAiB,mBACjBC,SAAU,WACVC,mBAAoB,sBACpBC,yBAA0B,8B,gFCLjBC,EAMTxR,gBAAAA,CACIyR,EACAC,GAEA,OAAOF,EAAiBG,sBAAsBF,EAAKC,E,CAQvDnhB,gBAAAA,CACIkhB,EACAC,GAEA,OAAOF,EAAiBG,sBAAsBF,EAAKC,E,CAQ/C,4BAAOC,CACXF,EACAC,GAQA,OANIA,EAAQxhB,UACRE,OAAOC,SAAS/G,QAAQmoB,GAExBrhB,OAAOC,SAASrD,OAAOykB,GAGpB,IAAIpgB,SAASsP,IAChByK,YAAW,KACPzK,GAAQ,EAAK,GACd+Q,EAAQ1hB,QAAQ,G,+FC/BlB4hB,EAOT,yBAAMC,CACFJ,EACAC,GAEA,IAAIpkB,EACAwkB,EAA0C,CAAC,EAC3CC,EAAiB,EACrB,MAAMC,EAAaC,EAAgBP,GACnC,IACIpkB,QAAiB4kB,MAAMT,EAAK,CACxBtkB,OAAQglB,EAAAA,GAAkBC,IAC1BC,QAASL,GAEhB,CAAC,MAAOlrB,GACL,MAAMqS,EAAAA,EAAAA,IACF/I,OAAOkiB,UAAUC,OACXC,EAAAA,GACAC,EAAAA,GAEb,CAEDX,EAAkBY,EAAcplB,EAAS+kB,SACzC,IAEI,OADAN,EAAiBzkB,EAASqlB,OACnB,CACHN,QAASP,EACT/O,WAAazV,EAASslB,OACtBD,OAAQZ,EAEf,CAAC,MAAOjrB,GACL,MAAM+rB,EAAAA,EAAAA,KACF1Z,EAAAA,EAAAA,IACI2Z,EAAAA,IAEJf,EACAD,EAEP,C,CASL,0BAAMiB,CACFtB,EACAC,GAEA,MAAMsB,EAAWtB,GAAWA,EAAQ3O,MAAS,GACvCiP,EAAaC,EAAgBP,GAEnC,IAAIpkB,EACAykB,EAAiB,EACjBD,EAA0C,CAAC,EAC/C,IACIxkB,QAAiB4kB,MAAMT,EAAK,CACxBtkB,OAAQglB,EAAAA,GAAkBc,KAC1BZ,QAASL,EACTjP,KAAMiQ,GAEb,CAAC,MAAOlsB,GACL,MAAMqS,EAAAA,EAAAA,IACF/I,OAAOkiB,UAAUC,OACXW,EAAAA,GACAT,EAAAA,GAEb,CAEDX,EAAkBY,EAAcplB,EAAS+kB,SACzC,IAEI,OADAN,EAAiBzkB,EAASqlB,OACnB,CACHN,QAASP,EACT/O,WAAazV,EAASslB,OACtBD,OAAQZ,EAEf,CAAC,MAAOjrB,GACL,MAAM+rB,EAAAA,EAAAA,KACF1Z,EAAAA,EAAAA,IACI2Z,EAAAA,IAEJf,EACAD,EAEP,C,EAQT,SAASG,EAAgBP,GACrB,IACI,MAAMW,EAAU,IAAIc,QACpB,IAAMzB,IAAWA,EAAQW,QACrB,OAAOA,EAEX,MAAMe,EAAiB1B,EAAQW,QAI/B,OAHAtlB,OAAOsmB,QAAQD,GAAgBE,SAAQtR,IAAiB,IAAfuR,EAAKC,GAAMxR,EAChDqQ,EAAQoB,OAAOF,EAAKC,EAAM,IAEvBnB,CACV,CAAC,MAAOvrB,GACL,MAAMqS,EAAAA,EAAAA,IACFua,EAAAA,GAEP,CACL,CAOA,SAAShB,EAAcL,GACnB,IACI,MAAMsB,EAAqC,CAAC,EAI5C,OAHAtB,EAAQiB,SAAQ,CAACE,EAAeD,KAC5BI,EAAWJ,GAAOC,CAAK,IAEpBG,CACV,CAAC,MAAO7sB,GACL,MAAMqS,EAAAA,EAAAA,IACFya,EAAAA,GAEP,CACL,C,yGCnIsBC,EAMR,qBAAOzE,CAAe0E,EAAiBhS,GAC7C,OAAQgS,GACJ,KAAKC,EAAAA,GAASC,MAId,KAAKD,EAAAA,GAASE,KAId,KAAKF,EAAAA,GAASG,QAId,KAAKH,EAAAA,GAASI,S,CAWtBpvB,WAAAA,CAAYC,GAAqB,IAAAovB,EAAAC,EAS7B,IAAIC,EAHJ7uB,KAAK8uB,mBAAuC,oBAAXnkB,OACjC3K,KAAKT,QAASwvB,EAAAA,EAAAA,IAAmBxvB,EAAQS,KAAK8uB,oBAG9C,IACID,EAAiBlkB,OAAOqkB,EAAAA,GAAqBC,eAEhD,CAAC,MAAO5tB,GAAI,CAEb,MAAM6tB,EAA4B,QAAjBP,EAAGE,SAAc,IAAAF,OAAA,EAAdA,EAAgBQ,QAAQC,EAAAA,IACtCC,EAA8B,QAAjBT,EAAGC,SAAc,IAAAD,GACJ,QADIA,EAAdA,EAChBO,QAAQG,EAAAA,WAAkB,IAAAV,OAAA,EADVA,EAEhBW,cAEA3F,EACgB,SAAlByF,GAEwB,UAAlBA,QAEA1sB,EACJ0mB,GAAaljB,EAAAA,EAAAA,GAAA,GAAQnG,KAAKT,OAAOY,OAAOkpB,eAExCQ,EACFqF,GAAe5nB,OAAOkoB,KAAKlB,EAAAA,IAAUmB,SAASP,GACxCZ,EAAAA,GAASY,QACTvsB,EACNknB,IACAR,EAAcM,eAAiByE,EAAqBzE,eACpDN,EAAcQ,SAAWA,QAEHlnB,IAAtBinB,IACAP,EAAcO,kBAAoBA,GAGtC5pB,KAAKN,OAAS,IAAIgwB,EAAAA,GAAOrG,EAAesG,EAAAA,EAAMnvB,EAAAA,GAC9CR,KAAK4vB,WAAY,C,CAsBrBC,SAAAA,GACI,OAAO7vB,KAAKT,M,CAOhBuwB,SAAAA,GACI,OAAO9vB,KAAKN,M,CAGhBqwB,WAAAA,GACI,OAAO/vB,KAAK4vB,S,CAGhBI,oBAAAA,GACI,OAAOhwB,KAAK8uB,kB,sGCrGPmB,EAaC,0CAAaC,GACnB,QAAevtB,IAAXgI,OACA,MAAM,IAAI4jB,MAAM,uBAEpB,QAAmC5rB,IAA/BgI,OAAOwlB,oBACP,MAAM,IAAI5B,MAAM,2CAGpB,IACI5jB,OAAOwlB,oBAAoB/T,iBACvB,WACCvU,IACG,MAAMuoB,EACkB,iBAAbvoB,EAAwBA,EAAWA,EAASwoB,KACjDC,EACFnmB,KAAKsI,MAAM2d,GACTnqB,EAAUgqB,EAAYM,eAAeC,MACtCC,GACGA,EAAQtoB,YAAcmoB,EAAiBnoB,iBAE/BxF,IAAZsD,IACAgqB,EAAYM,eAAeG,OACvBT,EAAYM,eAAezO,QAAQ7b,GACnC,GAEAqqB,EAAiBrpB,QACjBhB,EAAQiV,QAAQoV,GAEhBrqB,EAAQ4F,OAAOykB,EAAiBpvB,OAEvC,IAIT,MAAMyvB,QAAuB,IAAI/kB,SAC7B,CAACsP,EAASrP,KACN,MAAMwQ,EAAU4T,EAAYW,aAAa,kBAEnC3qB,EAAyB,CAC3BkC,UAAWkU,EAAQlU,UACnBT,OAAQ2U,EAAQ3U,OAChBwT,QAASA,EACTrP,OAAQA,GAEZokB,EAAYM,eAAeM,KAAK5qB,GAChC0E,OAAOwlB,oBAAoBW,YACvB3mB,KAAKC,UAAUiS,GAClB,IAIT,OAAO4T,EAAYc,4BACfJ,EAAeK,YAEtB,CAAC,MAAO9vB,GAEL,MADAyJ,OAAOsmB,QAAQC,IAAIhwB,GACbA,CACT,C,CAQEiwB,mBAAAA,CAAoBlrB,GACvB,OAAOjG,KAAKoxB,SAAS,gBAAiBnrB,E,CAQnCorB,cAAAA,CAAeprB,GAClB,OAAOjG,KAAKoxB,SAAS,WAAYnrB,E,CAG7B,cAAMmrB,CACVE,EACArrB,GAEA,MAAMa,QAAe9G,KAAKuxB,YAAYD,EAAa,CAC/CE,YAAavrB,IAEjB,MAAO,CACHwrB,MAAOxB,EAAYc,4BAA4BjqB,EAAO2qB,OACtD/wB,QAASuvB,EAAYc,4BAA4BjqB,EAAOpG,S,CAIzDgxB,mBAAAA,GAAmB,IAAAC,EACtB,OAAwB,QAAxBA,EAAO3xB,KAAK4xB,oBAAY,IAAAD,EAAAA,EAAI,I,CAGzBE,iBAAAA,GACH,OAAO7xB,KAAK8xB,eAAiB9xB,KAAK8xB,eAAiB,I,CAG/C,mBAAOlB,CACXlpB,EACAqqB,GAEA,OAAA5rB,EAAAA,EAAAA,GAAA,CACI6rB,YAAa,uBACbtqB,OAAQA,EACRS,WAAW/H,EAAAA,EAAAA,MACX6xB,SAAUxiB,KAAKyiB,MACfC,cAAe7xB,EAAAA,GAAiBC,SAChC6xB,qBAAsB5xB,EAAAA,GACnBuxB,E,CASHR,WAAAA,CACJ7pB,EACAqqB,GAEA,MAAM1V,EAAU4T,EAAYW,aAAalpB,EAAQqqB,GAejD,OAbgB,IAAInmB,SAChB,CAACsP,EAASrP,KACN,MAAM5F,EAAyB,CAC3BkC,UAAWkU,EAAQlU,UACnBT,OAAQ2U,EAAQ3U,OAChBwT,QAASA,EACTrP,OAAQA,GAEZokB,EAAYM,eAAeM,KAAK5qB,GAChC0E,OAAOwlB,oBAAoBW,YAAY3mB,KAAKC,UAAUiS,GAAS,G,CAOnE,kCAAO0U,CAA+BsB,GAC1C,QAAc1vB,IAAV0vB,EAAqB,CAIrB,KAHiC,CAC7BnF,OAAQ5B,EAAAA,EAAiBQ,yBAGhC,CACD,OAAOuG,C,CASX/yB,WAAAA,CACIgzB,EACAC,EACAT,EACAF,GAEA5xB,KAAKsyB,QAAUA,EACftyB,KAAKuyB,WAAaA,EAClBvyB,KAAK8xB,eAAiBA,EACtB9xB,KAAK4xB,aAAeA,C,CAOjB,mBAAaY,GAChB,MAAM3qB,QAAiBooB,EAAYC,gCACnC,OAAO,IAAID,EACPpoB,EAASyqB,QACTzqB,EAAS0qB,WACT1qB,EAASiqB,eACTjqB,EAAS+pB,a,EA/LV3B,EAAcM,eAAoB,GCpBvC,MAAOkC,UAAkCrE,EAAAA,EAA/C9uB,WAAAA,G,oBACc,KAAWozB,iBAA6B/vB,EACxC,KAAcmvB,eAA0B,I,CAkBlDa,aAAAA,GACI,OAAOF,EAA0BG,W,CAOrCC,KAAAA,GACI,OAAOJ,EAA0BK,E,CAOrCC,cAAAA,GACI,OAAO/yB,KAAK0yB,W,CAQhB,gBAAMM,GACF,IACI,GAAsB,oBAAXroB,OAAwB,CACiB,mBAArCA,OAAOsoB,iCACRtoB,OAAOsoB,4BAGjB,MAAMP,QAAkCzC,EAAYuC,SAMpDxyB,KAAK8xB,eAAiBY,EAAYb,oBAClC7xB,KAAK0yB,YAAcA,EACnB1yB,KAAK4vB,eAA4BjtB,IAAhB+vB,CACpB,CACJ,CAAC,MAAOQ,GACLlzB,KAAKN,OAAOsb,QAAQ,gDAADhL,OACiCkjB,EAAE,KAEzD,CAGD,OADAlzB,KAAKN,OAAO0H,KAAK,qCAAD4I,OAAsChQ,KAAK4vB,YACpD5vB,KAAK4vB,S,EA7DA6C,EAAWG,YAAW,GAKtBH,EAAEK,GAAW,2B,mDCtB3B,MAAOK,UAAiC/E,EAAAA,EAiB1CuE,aAAAA,GACI,OAAOQ,EAAyBP,W,CAOpCC,KAAAA,GACI,OAAOM,EAAyBL,E,CAQpC,gBAAME,GAEF,OADAhzB,KAAK4vB,UAA8B,oBAAXjlB,OACjB3K,KAAK4vB,S,EA/BAuD,EAAWP,YAAW,GAKtBO,EAAEL,GAAW,0B,mCCV3B,MAAOM,UAAgChF,EAAAA,EAgBzCyE,KAAAA,GACI,OAAOO,EAAwBN,E,CAQnCH,aAAAA,GACI,OAAOS,EAAwBR,W,CAQnC,gBAAMI,GAKF,OAAO,C,EAlCKI,EAAWR,YAAW,GAKtBQ,EAAEN,GAAW,yB,2CChB1B,MAAMnD,EAAO,sBACPnvB,EAAU,Q,mFCwBhBukB,eAAekD,EAClBhiB,EACA1G,EACAM,EACAH,GAEAG,EAAkB+C,oBACdC,EAAAA,GAAkBqlB,sBAClBjiB,EAAQlG,eAEZ,MAAMyD,EAAYyC,EAAQzC,WAAajE,EAAOkC,KAAK+B,UAE7CqF,EAAS,IAAM5C,GAAWA,EAAQ4C,QAAW,IAE7CoK,GAAgB9M,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAA,GACfF,GAAO,IACVlG,cAAekG,EAAQlG,cACvByD,YACAqF,WAIJ,GAAKoK,EAAiBW,qBAKf,CACH,GACIX,EAAiBW,uBAAyBjG,EAAAA,GAAqB0lB,IACjE,CACE,IAAKptB,EAAQqtB,OACT,MAAM5uB,EAAAA,EAAAA,IACFC,EAAAA,GAAAA,IAGR,IAAKsB,EAAQstB,OACT,MAAM7uB,EAAAA,EAAAA,IACFC,EAAAA,GAAAA,GAGX,CACDjF,EAAOoB,QAAQ,iCAADkP,OACuBiD,EAAiBW,qBAAoB,mCAE7E,MAtBGX,EAAiBW,qBAAuBjG,EAAAA,GAAqByB,OAC7D1P,EAAOoB,QACH,2FAgCR,OARIvB,EAAOyqB,MAAMD,2BACb9jB,EAAQutB,SAEPC,EAAAA,GAAYC,WAAWztB,EAAQutB,UAEhCvgB,EAAiB0gB,0BAA4BC,EAAAA,EAAAA,IAAW3tB,EAAQutB,SAG7DvgB,CACX,CAEO8R,eAAe8O,EAClB5tB,EACAvF,EACAnB,EACAM,EACAH,GAEAG,EAAkB+C,oBACdC,EAAAA,GAAkBixB,wBAClB7tB,EAAQlG,eAGZ,MAAMioB,QAAoB1jB,EAAAA,EAAAA,IACtB2jB,EACAplB,EAAAA,GAAkBqlB,sBAClBxoB,EACAG,EACAoG,EAAQlG,cALcuE,CAMxB2B,EAAS1G,EAAQM,EAAmBH,GACtC,OAAAyG,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAA,GACOF,GACA+hB,GAAW,IACdtnB,QAASA,EACTqB,aAAckE,EAAQlE,eAAgB,GAE9C,C,yGC7FgB4W,EACZJ,EACAwb,EACAr0B,GAGA,MAAM+Y,EAAe+J,EAAAA,GAAAA,wBAAiCjK,GACtD,IAAKE,EACD,MAAK+J,EAAAA,GAAAA,wBAAiCjK,IAOlC7Y,EAAOwB,MAAM,KAAD8O,OACH+jB,EAAgB,6FAAA/jB,OAA4F+jB,EAAgB,gEAErIr0B,EAAO8gB,SAAS,OAADxQ,OACJ+jB,EAAgB,kBAAA/jB,OAAiBuI,KAEtC7E,EAAAA,EAAAA,IACFsgB,EAAAA,MAZJt0B,EAAOwB,MAAM,qDAAD8O,OAC6C+jB,EAAgB,0CAAA/jB,OAAyC+jB,EAAgB,gGAE5HrgB,EAAAA,EAAAA,IAAuBugB,EAAAA,KAarC,OAAOxb,CACX,C,SAKgBgK,EACZ5a,EACApI,EACA+qB,GAEA,IAAK3iB,EAAS+H,MACV,MAAM8D,EAAAA,EAAAA,IAAuBmP,EAAAA,IAGjC,MAAMqR,GAAmBC,EAAAA,EAAAA,GACrB10B,EACAoI,EAAS+H,OAEb,IAAKskB,EACD,MAAMxgB,EAAAA,EAAAA,IAAuB0gB,EAAAA,IAGjC,GAAIF,EAAiB1J,kBAAoBA,EACrC,MAAM9W,EAAAA,EAAAA,IACF2gB,EAAAA,GAGZ,C,6EC9DaC,EAMTh1B,WAAAA,CAAYqwB,EAAc5vB,GACtBC,KAAKD,cAAgBA,EACrBC,KAAKu0B,YAAcD,EAA8BE,gBAC7C7E,EACA5vB,GAEJC,KAAKy0B,UAAYH,EAA8BI,cAC3C/E,EACA5vB,GAEJC,KAAK20B,QAAUL,EAA8BM,YACzCjF,EACA5vB,E,CAIA,sBAAOy0B,CAAgB7E,EAAc5vB,GACzC,MAAO,gBAAPiQ,OAAuB2f,EAAI,KAAA3f,OAAIjQ,E,CAG3B,oBAAO20B,CAAc/E,EAAc5vB,GACvC,MAAO,cAAPiQ,OAAqB2f,EAAI,KAAA3f,OAAIjQ,E,CAGzB,kBAAO60B,CAAYjF,EAAc5vB,GACrC,MAAO,YAAPiQ,OAAmB2f,EAAI,KAAA3f,OAAIjQ,E,CAG/B,iCAAO80B,GACH,MACsB,oBAAXlqB,aACuB,IAAvBA,OAAO0W,aACqB,mBAA5B1W,OAAO0W,YAAYyT,MACY,mBAA/BnqB,OAAO0W,YAAY0T,SACe,mBAAlCpqB,OAAO0W,YAAY2T,YACkB,mBAArCrqB,OAAO0W,YAAY4T,eACqB,mBAAxCtqB,OAAO0W,YAAY6T,gB,CAS3B,wBAAOC,CACVp1B,EACAq1B,GAEA,GAAId,EAA8BO,6BAC9B,IACIO,EAAavH,SAASwH,IAClB,MAAMd,EACFD,EAA8BE,gBAC1Ba,EAAY1F,KACZ5vB,GAGJ4K,OAAO0W,YAAY6T,iBACfX,EACA,WAEkB7wB,OAAS,IAC/BiH,OAAO0W,YAAY4T,cAAcV,GACjC5pB,OAAO0W,YAAY2T,WACfV,EAA8BI,cAC1BH,EACAx0B,IAGR4K,OAAO0W,YAAY2T,WACfV,EAA8BM,YAC1BL,EACAx0B,IAGX,GAER,CAAC,MAAOsB,G,EAMjBoF,gBAAAA,GACI,GAAI6tB,EAA8BO,6BAC9B,IACIlqB,OAAO0W,YAAYyT,KAAK90B,KAAKy0B,UAChC,CAAC,MAAOpzB,G,EAMjBi0B,cAAAA,GACI,GAAIhB,EAA8BO,6BAC9B,IACIlqB,OAAO0W,YAAYyT,KAAK90B,KAAK20B,SAC7BhqB,OAAO0W,YAAY0T,QACf/0B,KAAKu0B,YACLv0B,KAAKy0B,UACLz0B,KAAK20B,QAEZ,CAAC,MAAOtzB,G,EAMjBk0B,gBAAAA,GACI,GAAIjB,EAA8BO,6BAC9B,IACI,MAAMW,EACF7qB,OAAO0W,YAAY6T,iBACfl1B,KAAKu0B,YACL,WAER,GAAIiB,EAAsB9xB,OAAS,EAAG,CAClC,MAAM+xB,EAAaD,EAAsB,GAAGE,SAI5C,OAHA/qB,OAAO0W,YAAY4T,cAAcj1B,KAAKu0B,aACtC5pB,OAAO0W,YAAY2T,WAAWh1B,KAAKy0B,WACnC9pB,OAAO0W,YAAY2T,WAAWh1B,KAAK20B,SAC5Bc,CACV,CACJ,CAAC,MAAOp0B,G,CAIb,OAAO,I,oPCpIF,MAAAf,EAAmB,CAI5Bq1B,8BAA+B,0BAI/BpO,oBAAqB,gBAIrBvJ,YAAa,IAIbC,aAAc,IAIdO,kBAAmB,OAInBoX,yBAA0B,GAI1Br1B,SAAU,mBAGDiF,EAAkB,CAC3BqwB,WAAY,uCACZpwB,uBAAwB,mCACxB8O,eAAgB,QAGP5M,EAAwB,CACjCmuB,iBAAkB,YAClBC,kBAAmB,oBACnBnuB,SAAU,WACVouB,SAAU,YAKDhH,EAAuB,CAChCiH,aAAc,eACdhH,eAAgB,iBAChBiH,cAAe,iBAQNxJ,EAAoB,CAC7BC,IAAK,MACLa,KAAM,QAQGvjB,EAAqB,CAC9BksB,UAAW,YACXC,sBAAuB,uBACvBC,cAAe,gBACfC,cAAe,gBACfC,cAAe,iBACfzX,WAAY,iBACZ0X,aAAc,qBACdrU,SAAU,UACVsU,eAAgB,iBAChBC,OAAQ,SACRC,uBAAwB,qBACxBpW,eAAgB,iBAChBxB,eAAgB,wBAChB7U,eAAgB,iBAChB0sB,iBAAkB,4BAKTC,EAAkB,CAC3BC,aAAc,oBACdC,WAAY,mBAQHC,EAAoB,CAC7BC,YAAa,cACbC,YAAa,mBAWJ5sB,EAAQ,CACjBX,qBAAsB,IACtBiN,kBAAmB,IACnBxD,UAAW,IACX+jB,4BAA6B,IAC7BpsB,sBAAuB,IACvBqsB,mBAAoB,IACpB/jB,8BAA+B,GAC/B1H,OAAQ,IACRiO,YAAa,K,IAOL5C,GAAZ,SAAYA,GACRA,EAAA,oBACAA,EAAA,cACAA,EAAA,gBACAA,EAAA,WACH,CALD,CAAYA,IAAAA,EAKX,KAMY,MAAAqgB,EAAoB,CAI7BC,QAAS,UAITC,MAAO,QAIPC,OAAQ,SAIRC,aAAc,eAIdC,UAAW,YAIXC,eAAgB,iBAIhBC,KAAM,QAKGC,EAAkD,CAC3DhvB,OAAQmK,EAAAA,IAMC8kB,EAAiB,MAGjBC,EAAa,CACtBC,MAAO,oBACPC,QAAS,uBAKAC,EAAU,UACVC,EAAa,EACbC,EAAgB,GAAHpoB,OAAMkoB,EAAO,SAE1BG,EAAoB,CAM7B9qB,QAAS,EAKT+qB,YAAa,EAMbC,2BAA4B,EAM5BC,aAAc,EAMdC,uBAAwB,EAKxBC,KAAM,GAKGC,EAA6C,CACtDN,EAAkB9qB,QAClB8qB,EAAkBK,KAClBL,EAAkBI,wBAGTrJ,EAAsB,yBACtBE,EAAoB,uBAEpBsJ,EAA2B,kC,oDCpOxB,SAAAzE,EACZ10B,EACAmQ,GAEA,IAAKA,EACD,OAAO,KAGX,IAGI,OADIuJ,EAAAA,GAAcC,kBAAkB3Z,EAAemQ,GAC5BipB,aAAaC,IACvC,CAAC,MAAOz3B,GACL,MAAM+H,EAAAA,EAAAA,IAAsBC,EAAAA,GAAAA,GAC/B,CACL,C,uNCjBM,SAAUsZ,EAAUkD,GAEtBA,EAAcjb,SAASgR,KAAO,GACoB,mBAAvCiK,EAAckT,QAAQC,cAE7BnT,EAAckT,QAAQC,aAClB,KACA,GAAE,GAAAhpB,OACC6V,EAAcjb,SAASquB,QAAMjpB,OAAG6V,EAAcjb,SAASsuB,UAAQlpB,OAAG6V,EAAcjb,SAAS+Q,QAGxG,CAKM,SAAUoG,EAAYiK,GACxB,MAAMmN,EAAWnN,EAAIoN,MAAM,KAC3BD,EAASE,QACT1uB,OAAOC,SAASgR,KAAOud,EAASz1B,OAAS,EAAIy1B,EAAS1a,KAAK,KAAO,EACtE,C,SAKgBwD,IACZ,OAAOtX,OAAO2uB,SAAW3uB,MAC7B,C,SAoBgB/I,IACZ,MAAyB,oBAAX+I,QAA0BA,OAAOC,SACzCD,OAAOC,SAASC,KAAKuuB,MAAM,KAAK,GAAGA,MAAM,KAAK,GAC9C,EACV,C,SAKgB9W,IACZ,MACMiX,EADa,IAAI73B,EAAAA,GAAUiJ,OAAOC,SAASC,MAChB2uB,mBACjC,MAAO,GAAPxpB,OAAUupB,EAAcE,SAAQ,MAAAzpB,OAAKupB,EAAcG,gBAAe,IACtE,C,SA+BgBC,IAEZ,GA3DsB,oBAAXhvB,QACLA,OAAOivB,QACTjvB,OAAOivB,SAAWjvB,QACK,iBAAhBA,OAAOglB,MACoD,IAAlEhlB,OAAOglB,KAAK7N,QAAQ,GAAD9R,OAAI1P,EAAAA,GAAiBke,kBAAiB,MAwDzD,MAAM9K,EAAAA,EAAAA,IAAuBmmB,EAAAA,GAErC,C,SAMgBC,IACZ,GAAsB,oBAAXnvB,OACP,MAAM+I,EAAAA,EAAAA,IACFqmB,EAAAA,GAGZ,CAMM,SAAUC,EAA8BC,GAC1C,IAAKA,EACD,MAAMvmB,EAAAA,EAAAA,IACFwmB,EAAAA,GAGZ,CAMM,SAAUC,EAAeF,GAE3BH,I,WAzDA,GAJuBp4B,EAAAA,GAAU04B,4BAC7BzvB,OAAOC,SAASgR,OAGEqG,IAClB,MAAMvO,EAAAA,EAAAA,IAAuB2mB,EAAAA,GAErC,CAyDIC,GAGAX,IAGAK,EAA8BC,EAClC,CAOgB,SAAAM,EACZN,EACA16B,GAKA,GAHA46B,EAAeF,GApEb,SAAgC/X,GAClC,GAAID,MAAiBC,EAEjB,MAAMxO,EAAAA,EAAAA,IAAuB8mB,EAAAA,GAErC,CAgEIC,CAAsBl7B,EAAOY,OAAO+hB,uBAGhC3iB,EAAOyqB,MAAM0Q,gBAAkB1L,EAAAA,GAAqBkH,gBACnD32B,EAAOyqB,MAAM2Q,uBAEd,MAAMC,EAAAA,EAAAA,IACFC,EAAAA,GAGZ,CAOM,SAAU3jB,EAAW1T,GACvB,MAAMs3B,EAAOhnB,SAASuS,cAAc,QACpCyU,EAAKC,IAAM,aACXD,EAAKjwB,KAAO,IAAImwB,IAAIx3B,GAAWy1B,OAC/B6B,EAAKG,YAAc,YACnBnnB,SAASonB,KAAKtU,YAAYkU,GAG1BnwB,OAAOgb,YAAW,KACd,IACI7R,SAASonB,KAAKpU,YAAYgU,EAC7B,CAAC,MAAAhhB,GAAO,IACV,IACP,C,SAMgBqhB,IACZ,OAAO/6B,EAAAA,EAAAA,KACX,C,mFCrJA,MAAAkL,EAAA,iCAAAuH,EAAA,iCAMgB,SAAAuoB,EACZluB,EACAb,GAEA,QACMa,KACAb,GACFa,IAAab,EAAc+sB,MAAM,KAAK,EAE9C,CAUM,SAAUiC,EACZhvB,EACAivB,EACApuB,EACAzD,GAEA,GAAIA,EAAe,CACf,MAAM,IAAEqF,EAAG,IAAEC,EAAG,IAAEnC,EAAG,KAAE+iB,EAAI,IAAE4L,EAAG,IAAEC,GAAQ/xB,EAQpCyD,EAAWN,GAAO2uB,GAAOC,GAAO,GAEtC,MAAO,CACHtuB,SAAUA,EACVouB,eAAgBxsB,GAAOC,GAAO,GAC9B4gB,KAAMA,EACN8L,aAAcL,EAA0BluB,EAAUb,GAEzD,CACG,MAAO,CACHa,WACAouB,iBACAG,aAAcL,EAA0BluB,EAAUb,GAG9D,CAQM,SAAU4C,EACZysB,EACAC,EACAlyB,EACAmyB,GAEA,IAAIC,EAAqBH,EAEzB,GAAIC,EAAe,CAEf,MAAM,aAAEF,GAA2CE,EAA1BG,GAAqBzwB,EAAAA,EAAAA,GAAKswB,EAAarwB,GAChEuwB,GAAkB11B,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAA,GAAQu1B,GAAoBI,EACjD,CAGD,GAAIryB,EAAe,CAGf,MAAAsyB,EACIV,EACIK,EAAgBrvB,cAChBqvB,EAAgBJ,eAChBI,EAAgBxuB,SAChBzD,IALF,aAAEgyB,GAA6CM,EAA5BC,GAA0B3wB,EAAAA,EAAAA,GAAA0wB,EAAAlpB,GAenD,OAPAgpB,GAAkB11B,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAA,GACX01B,GACAG,GAA0B,IAC7BvyB,cAAeA,EACfC,QAASkyB,IAGNC,CACV,CAED,OAAOA,CACX,C,8HChJgB,SAAAI,EACZC,EACAjwB,GAEA,MAAMkwB,EAAaC,EAAcF,GAGjC,IAEI,MAAMG,EAAgBpwB,EAAakwB,GACnC,OAAOhyB,KAAKsI,MAAM4pB,EACrB,CAAC,MAAOC,GACL,MAAMlzB,EAAAA,EAAAA,IAAsBmzB,EAAAA,GAC/B,CACL,CAOM,SAAUH,EAAcI,GAC1B,IAAKA,EACD,MAAMpzB,EAAAA,EAAAA,IAAsBqzB,EAAAA,IAEhC,MACMC,EADkB,uCACQC,KAAKH,GACrC,IAAKE,GAAWA,EAAQh5B,OAAS,EAC7B,MAAM0F,EAAAA,EAAAA,IAAsBmzB,EAAAA,IAUhC,OAAOG,EAAQ,EACnB,CAKgB,SAAAE,EAAYC,EAAkBC,GAO1C,GAAe,IAAXA,GAAgBrtB,KAAKyiB,MADF,IAC2B2K,EAAWC,EACzD,MAAM1zB,EAAAA,EAAAA,IAAsB2zB,EAAAA,GAEpC,C,oCC5Da,MAAA5R,EAAoB,CAC7BC,gBAAiB,kBACjBC,IAAK,M,oFCYO,SAAA2R,EACZC,EACAhxB,GAEA,IAAKgxB,EACD,MAAM7zB,EAAAA,EAAAA,IAAsB8zB,EAAAA,IAGhC,IACI,MAAMC,EAA4BlxB,EAAagxB,GAC/C,OAAO9yB,KAAKsI,MAAM0qB,EACrB,CAAC,MAAO97B,GACL,MAAM+H,EAAAA,EAAAA,IACFg0B,EAAAA,GAEP,CACL,CAMM,SAAUC,EACZhxB,GAEA,IAAKA,EACD,MAAMjD,EAAAA,EAAAA,IACFg0B,EAAAA,IAGR,MAAME,EAA4BjxB,EAAc+sB,MAC5CmE,EAAAA,GAAWC,sBACX,GAEJ,MAAO,CACH3uB,IAAKyuB,EAAgB,GACrBG,KACIH,EAAgB55B,OAAS,EACnB0J,EAAAA,GAAUC,aACViwB,EAAgB,GAElC,C,mBCuBM,SAAUI,EACZj0B,GAEA,GAAIA,EAAe,CAGf,OADIA,EAAcmD,KAAOnD,EAAc8xB,KAAO9xB,EAAc+xB,KACzC,IACtB,CACD,OAAO,IACX,C,qOC7EamC,EAgBTr+B,WAAAA,CACI4qB,EACAxqB,EACAG,EACAE,GAEAC,KAAKkqB,iBAAmBA,EACxBlqB,KAAKN,OAASA,EACdM,KAAKH,kBAAoBA,EACzBG,KAAKD,cAAgBA,C,CAQlB,kBAAM69B,CACTC,EACAC,GAAgD,IAAA7oB,EAE1B,QAAtBA,EAAAjV,KAAKH,yBAAiB,IAAAoV,GAAtBA,EAAwBrS,oBACpBC,EAAAA,GAAkBk7B,4BAClB/9B,KAAKD,eAIT,IAAIi+B,EAAyBH,EAG7B,GAAKG,EA6DDF,EAAwBG,cACpBC,EAAAA,GAAuBC,yBA9DF,CACzB,MAAMlS,EAAU0R,EAAgBS,aAEhC,IACI,MAAMC,QAAiC/5B,EAAAA,EAAAA,GACnCtE,KAAKs+B,kBAAkBzpB,KAAK7U,MAC5B6C,EAAAA,GAAkB07B,iCAClBv+B,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cAL8BuE,CAMrC8I,EAAAA,GAAUoxB,aAAcvS,GAW1B,GATIoS,EAAyBnR,SACzBuR,EAAAA,GAAcC,cAEdV,EAAyBK,EAAyB/gB,KAClDwgB,EAAwBG,cACpBC,EAAAA,GAAuBS,MAK3BN,EAAyBnR,SACzBuR,EAAAA,GAAcG,eAChB,CACE,MAAMC,QAA2Bv6B,EAAAA,EAAAA,GAC7BtE,KAAK8+B,kBAAkBjqB,KAAK7U,MAC5B6C,EAAAA,GAAkBk8B,iCAClB/+B,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALwBuE,CAM/B2nB,GACF,IAAK4S,EAGD,OAFAf,EAAwBG,cACpBC,EAAAA,GAAuBc,sBACpB,KAGX,MAAMC,QAAmC36B,EAAAA,EAAAA,GACrCtE,KAAKs+B,kBAAkBzpB,KAAK7U,MAC5B6C,EAAAA,GAAkB07B,iCAClBv+B,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALgCuE,CAMvCu6B,EAAoB5S,GAElBgT,EAA2B/R,SAC3BuR,EAAAA,GAAcC,cAEdV,EACIiB,EAA2B3hB,KAC/BwgB,EAAwBG,cACpBC,EAAAA,GAAuBS,KAElC,CACJ,CAAC,MAAOt9B,GAGL,OAFAy8B,EAAwBG,cACpBC,EAAAA,GAAuBc,sBACpB,IACV,CACJ,CAWD,OALKhB,IACDF,EAAwBG,cACpBC,EAAAA,GAAuBc,uBAGxBhB,GAA0B,I,CAS7B,uBAAMM,CACV99B,EACAyrB,GAAoB,IAAAiT,EAMpB,OAJsB,QAAtBA,EAAAl/B,KAAKH,yBAAiB,IAAAq/B,GAAtBA,EAAwBt8B,oBACpBC,EAAAA,GAAkB07B,iCAClBv+B,KAAKD,eAEFC,KAAKkqB,iBAAiBkC,oBAAmB,GAAApc,OACzC5C,EAAAA,GAAU+xB,cAAa,iBAAAnvB,OAAgBxP,EAAO,gBACjDyrB,EACA7e,EAAAA,GAAUgyB,a,CASV,uBAAMN,CACV7S,GAAoB,IAAAoT,EAEE,QAAtBA,EAAAr/B,KAAKH,yBAAiB,IAAAw/B,GAAtBA,EAAwBz8B,oBACpBC,EAAAA,GAAkBk8B,iCAClB/+B,KAAKD,eAET,IACI,MAAM8H,QACI7H,KAAKkqB,iBAAiBkC,oBAAmB,GAAApc,OACxC5C,EAAAA,GAAU+xB,cAAa,gBAC1BlT,GAIR,OACIpkB,EAASqlB,SAAWuR,EAAAA,GAAcG,gBAClC/2B,EAASyV,MACTzV,EAASyV,KAAK,oBACdzV,EAASyV,KAAK,mBAAmB5Z,OAAS,EAEnCmE,EAASyV,KAAK,mBAAmB,GAGrC,IACV,CAAC,MAAOjc,GACL,OAAO,IACV,C,EAnKYs8B,EAAAS,aAA4B,CACzCxR,QAAS,CACL0S,SAAU,S,yDCkCTr7B,EAkCT3E,WAAAA,CACIkE,EACA0mB,EACAqV,EACAx8B,EACArD,EACAK,EACAF,EACA2/B,GAEAx/B,KAAK8M,mBAAqBtJ,EAC1BxD,KAAKy/B,oBAAoB9sB,gBACzB3S,KAAKkqB,iBAAmBA,EACxBlqB,KAAKu/B,aAAeA,EACpBv/B,KAAK+C,iBAAmBA,EACxB/C,KAAK89B,wBAA0B,CAC3B4B,iBAAa/8B,EACbs7B,mBAAet7B,EACfg9B,oBAAgBh9B,GAEpB3C,KAAKN,OAASA,EACdM,KAAKH,kBAAoBA,EACzBG,KAAKD,cAAgBA,EACrBC,KAAKw/B,gBAAkBA,IAAmB,EAC1Cx/B,KAAK4/B,gBAAkB,IAAIjC,EACvBzT,EACAlqB,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,c,CASL8/B,gBAAAA,CAAiBC,GAErB,GAAIA,EAAapG,gBAAgBqG,SAAS3yB,EAAAA,GAAU4yB,eAChD,OAAO1yB,EAAAA,EAAc2yB,KAGzB,MAAMC,EAAeJ,EAAaK,aAClC,GAAID,EAAax8B,OACb,OAAQw8B,EAAa,GAAG3Q,eACpB,KAAKniB,EAAAA,GAAUgzB,KACX,OAAO9yB,EAAAA,EAAc+yB,KACzB,KAAKjzB,EAAAA,GAAUkzB,KACX,OAAOhzB,EAAAA,EAAcizB,KAKjC,OAAOjzB,EAAAA,EAAcC,O,CAIzB,iBAAWizB,GACP,OAAOxgC,KAAK6/B,iBAAiB7/B,KAAKygC,gC,CAMtC,gBAAWz9B,GACP,OAAOhD,KAAK+C,iBAAiBC,Y,CAMjC,WAAWipB,GACP,OAAOjsB,KAAK+C,gB,CAMhB,sBAAW+J,GACP,OAAO9M,KAAKy/B,oBAAoBvsB,S,CAMpC,sBAAWpG,CAAmBkf,GAC1BhsB,KAAKy/B,oBAAsB,IAAI/9B,EAAAA,EAAUsqB,GACzChsB,KAAKy/B,oBAAoB9sB,gBACzB3S,KAAK0gC,iCAAmC,I,CAM5C,mCAAWD,GAMP,OALKzgC,KAAK0gC,mCACN1gC,KAAK0gC,iCACD1gC,KAAKy/B,oBAAoBjG,oBAG1Bx5B,KAAK0gC,gC,CAMhB,mBAAWC,GACP,OAAO3gC,KAAKygC,gCAAgC/G,gBAAgBnK,a,CAMhE,UAAWqR,GACP,OAAO5gC,KAAKygC,gCAAgCN,aAAa,E,CAM7D,yBAAWU,GACP,GAAI7gC,KAAK8gC,oBACL,OAAO9gC,KAAK+gC,YAAY/gC,KAAKghC,SAASC,wBAEtC,MAAM73B,EAAAA,EAAAA,IACF83B,EAAAA,G,CAQZ,iBAAWC,GACP,GAAInhC,KAAK8gC,oBACL,OAAO9gC,KAAK+gC,YAAY/gC,KAAKghC,SAASI,gBAEtC,MAAMh4B,EAAAA,EAAAA,IACF83B,EAAAA,G,CAKZ,sBAAWG,GACP,GAAIrhC,KAAK8gC,oBACL,OAAO9gC,KAAK+gC,YACR/gC,KAAKghC,SAASI,eAAev9B,QAAQ,SAAU,gBAGnD,MAAMuF,EAAAA,EAAAA,IACF83B,EAAAA,G,CAQZ,sBAAWrnB,GACP,GAAI7Z,KAAK8gC,oBAAqB,CAE1B,IAAK9gC,KAAKghC,SAASM,qBACf,MAAMl4B,EAAAA,EAAAA,IACFm4B,EAAAA,IAGR,OAAOvhC,KAAK+gC,YAAY/gC,KAAKghC,SAASM,qBACzC,CACG,MAAMl4B,EAAAA,EAAAA,IACF83B,EAAAA,G,CAQZ,yBAAWM,GACP,GAAIxhC,KAAK8gC,oBACL,OAAO9gC,KAAK+gC,YAAY/gC,KAAKghC,SAASS,QAEtC,MAAMr4B,EAAAA,EAAAA,IACF83B,EAAAA,G,CAQZ,WAAWQ,GACP,GAAI1hC,KAAK8gC,oBACL,OAAO9gC,KAAK+gC,YAAY/gC,KAAKghC,SAASW,UAEtC,MAAMv4B,EAAAA,EAAAA,IACF83B,EAAAA,G,CAUJU,gBAAAA,CAAiB9B,GACrB,OACyC,IAArCA,EAAaK,aAAaz8B,SACzBO,EAAU49B,sBAAsBC,IAC7BhC,EAAaK,aAAa,KAE9BngC,KAAK6/B,iBAAiBC,KAAkBxyB,EAAAA,EAAcC,SACtDvN,KAAKgD,eAAiBiX,EAAAA,EAAa8nB,G,CAQnCC,aAAAA,CAAc9uB,GAClB,OAAOA,EAAUrP,QAAQ,uBAAwB7D,KAAK4gC,O,CAOlDG,WAAAA,CAAY7tB,GAChB,IAAI+uB,EAAW/uB,EACf,MAGMgvB,EAHqB,IAAIxgC,EAAAA,EAC3B1B,KAAKghC,SAASmB,qBAGK3I,mBACjB4I,EAAuBF,EAA6B/B,aAiC1D,OA/BIngC,KAAKygC,gCAAgCN,aAEnBtS,SAAQ,CAACwU,EAAaC,KACxC,IAAIC,EAAaH,EAAqBE,GACtC,GACc,IAAVA,GACAtiC,KAAK4hC,iBAAiBM,GACxB,CACE,MAAMh1B,EAAW,IAAIxL,EAAAA,EACjB1B,KAAKghC,SAASC,wBAChBzH,mBAAmB2G,aAAa,GAM9BoC,IAAer1B,IACflN,KAAKN,OAAOoB,QAAQ,gCAADkP,OACiBuyB,EAAU,aAAAvyB,OAAY9C,IAE1Dq1B,EAAar1B,EAEpB,CACGm1B,IAAgBE,IAChBN,EAAWA,EAASp+B,QAAQ,IAADmM,OACnBuyB,EAAU,SAAAvyB,OACVqyB,EAAW,MAEtB,IAGEriC,KAAKgiC,cAAcC,E,CAM9B,sCAAcO,GACV,MAAMC,EAAyBziC,KAAK2gC,gBACpC,OACI3gC,KAAK8M,mBAAmBizB,SAAS,UACjC//B,KAAKwgC,gBAAkBlzB,EAAAA,EAAc+yB,MACpCrgC,KAAKgD,eAAiBiX,EAAAA,EAAa8nB,MAC/B/hC,KAAK0iC,iCAAiCD,GAEpC,GAAPzyB,OAAUhQ,KAAK8M,mBAAkB,oCAE9B,GAAPkD,OAAUhQ,KAAK8M,mBAAkB,wC,CAMrCg0B,iBAAAA,GACI,QAAS9gC,KAAKghC,Q,CAOX,2BAAM2B,GAAqB,IAAA1tB,EAAAiqB,EACR,QAAtBjqB,EAAAjV,KAAKH,yBAAiB,IAAAoV,GAAtBA,EAAwBrS,oBACpBC,EAAAA,GAAkB+/B,+BAClB5iC,KAAKD,eAGT,MAAM8iC,EAAiB7iC,KAAK8iC,2BAEtBC,QAA6Bz+B,EAAAA,EAAAA,GAC/BtE,KAAKgjC,6BAA6BnuB,KAAK7U,MACvC6C,EAAAA,GAAkBogC,sCAClBjjC,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cAL0BuE,CAMjCu+B,GACF7iC,KAAK8M,mBAAqB9M,KAAK8M,mBAAmBjJ,QAC9C7D,KAAK2gC,gBACLkC,EAAeK,mBAEnB,MAAMC,QAAuB7+B,EAAAA,EAAAA,GACzBtE,KAAKojC,uBAAuBvuB,KAAK7U,MACjC6C,EAAAA,GAAkBwgC,gCAClBrjC,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALoBuE,CAM3Bu+B,GACF7iC,KAAKsjC,qBAAqBT,EAAgBE,EAAsB,CAC5DQ,OAAQJ,IAEU,QAAtBjE,EAAAl/B,KAAKH,yBAAiB,IAAAq/B,GAAtBA,EAAwB/zB,UACpB,CACI43B,qBAAsBA,EACtBS,wBAAyBL,GAE7BnjC,KAAKD,c,CASL+iC,wBAAAA,GACJ,IAAID,EACA7iC,KAAKu/B,aAAakE,4BAA4BzjC,KAAK2gC,iBAkBvD,OAhBKkC,IACDA,EAAiB,CACba,QAAS,GACTC,gBAAiB3jC,KAAK2gC,gBACtBuC,kBAAmBljC,KAAK2gC,gBACxBwB,oBAAqBniC,KAAK8M,mBAC1Bm0B,uBAAwB,GACxBG,eAAgB,GAChBE,qBAAsB,GACtBG,OAAQ,GACRmC,oBAAoB,EACpBC,sBAAsB,EACtBC,WAAWC,EAAAA,EAAAA,sCACXpC,SAAU,KAGXkB,C,CAUHS,oBAAAA,CACJT,EACAE,EACAiB,GAMIjB,IAAyBkB,EAAAA,GAAwBC,QACjDF,aAAsB,EAAtBA,EAAwBT,UAAWU,EAAAA,GAAwBC,QAG3DrB,EAAeiB,WACXC,EAAAA,EAAAA,sCACJlB,EAAeV,oBAAsBniC,KAAK8M,oBAG9C,MAAMq3B,EAAWnkC,KAAKu/B,aAAa6E,kCAC/BvB,EAAec,iBAEnB3jC,KAAKu/B,aAAa8E,qBAAqBF,EAAUtB,GACjD7iC,KAAKghC,SAAW6B,C,CAOZ,4BAAMO,CACVP,GAAuC,IAAAxD,EAEjB,QAAtBA,EAAAr/B,KAAKH,yBAAiB,IAAAw/B,GAAtBA,EAAwBz8B,oBACpBC,EAAAA,GAAkBwgC,gCAClBrjC,KAAKD,eAGT,MAAMukC,EACFtkC,KAAKukC,uCAAuC1B,GAGhD,GAAIyB,EAAe,CAIb,IAAAE,EAHF,GACIF,EAAcf,SACdU,EAAAA,GAAwBQ,iBAGxB,GACkD,QADlDD,EACIxkC,KAAK+C,iBAAiB2hC,gCAAwB,IAAAF,GAA9CA,EAAgDG,aAE5CL,EAActD,SAAU,CACxB,MAAM4D,QAA0BtgC,EAAAA,EAAAA,GAC5BtE,KAAK6kC,sCAAsChwB,KACvC7U,MAEJ6C,EAAAA,GAAkBiiC,+CAClB9kC,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cAPuBuE,CAQ9BggC,EAActD,WAChB+D,EAAAA,EAAAA,iCACIlC,EACA+B,GACA,GAEJ/B,EAAeV,oBACXniC,KAAK8M,kBACZ,CAGT,OAAOw3B,EAAcf,MACxB,CAGD,IAAIvC,QAAiB18B,EAAAA,EAAAA,GACjBtE,KAAKglC,+BAA+BnwB,KAAK7U,MACzC6C,EAAAA,GAAkBoiC,wCAClBjlC,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALYuE,GAOP,IAAA4gC,EAAd,GAAIlE,EAiBA,OAfkD,QAAlDkE,EAAIllC,KAAK+C,iBAAiB2hC,gCAAwB,IAAAQ,GAA9CA,EAAgDP,cAChD3D,QAAiB18B,EAAAA,EAAAA,GACbtE,KAAK6kC,sCAAsChwB,KAAK7U,MAChD6C,EAAAA,GAAkBiiC,+CAClB9kC,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALQuE,CAMf08B,KAGN+D,EAAAA,EAAAA,iCACIlC,EACA7B,GACA,GAEGiD,EAAAA,GAAwBkB,QAG/B,MAAM/7B,EAAAA,EAAAA,IACFg8B,EAAAA,GACAplC,KAAKwiC,mC,CAWT+B,sCAAAA,CACJ1B,GAKA7iC,KAAKN,OAAOoB,QACR,oEAEJ,MAAMukC,EAAiBrlC,KAAKslC,gCAC5B,GAAID,EASA,OARArlC,KAAKN,OAAOoB,QACR,uDAEJikC,EAAAA,EAAAA,iCACIlC,EACAwC,GACA,GAEG,CACH9B,OAAQU,EAAAA,GAAwBsB,QASxC,GALAvlC,KAAKN,OAAOoB,QACR,kHAIAd,KAAK+C,iBAAiBM,2BACtBrD,KAAKN,OAAOoB,QACR,+JAED,CACH,MAAM8jC,EACF5kC,KAAKwlC,yCACT,GAAIZ,EAMA,OALAG,EAAAA,EAAAA,iCACIlC,EACA+B,GACA,GAEG,CACHrB,OAAQU,EAAAA,GAAwBQ,iBAChCzD,SAAU4D,GAGd5kC,KAAKN,OAAOoB,QACR,6HAGX,CAGD,MAAM2kC,GACFC,EAAAA,EAAAA,4BAAwC7C,GAC5C,OACI7iC,KAAK2lC,oBAAoB9C,IACzBA,EAAegB,uBACd4B,GAGDzlC,KAAKN,OAAOoB,QAAQ,yCACb,CAAEyiC,OAAQU,EAAAA,GAAwBC,SAClCuB,GACPzlC,KAAKN,OAAOoB,QAAQ,mCAGjB,K,CASH6kC,mBAAAA,CACJ9C,GAOA,OAL2B,IAAInhC,EAAAA,EAC3BmhC,EAAeV,qBAEoB3I,mBAAmB2G,aAG1Cz8B,SACZ1D,KAAKygC,gCAAgCN,aAAaz8B,M,CAOlD4hC,6BAAAA,GACJ,GAAItlC,KAAK+C,iBAAiBK,kBACtB,IACI,OAAO+G,KAAKsI,MACRzS,KAAK+C,iBAAiBK,kBAE7B,CAAC,MAAO/B,GACL,MAAMqD,EAAAA,EAAAA,IACFkhC,EAAAA,GAEP,CAGL,OAAO,I,CAQH,oCAAMZ,GAA8B,IAAAa,EAClB,QAAtBA,EAAA7lC,KAAKH,yBAAiB,IAAAgmC,GAAtBA,EAAwBjjC,oBACpBC,EAAAA,GAAkBoiC,wCAClBjlC,KAAKD,eAGT,MAAMksB,EAAuB,CAAC,EAOxB6Z,EACF9lC,KAAKwiC,mCACTxiC,KAAKN,OAAOoB,QAAQ,yFAADkP,OAC0E81B,IAG7F,IACI,MAAMj+B,QACI7H,KAAKkqB,iBAAiBkC,oBACxB0Z,EACA7Z,GAEF8Z,ECtsBZ,SAAiCl+B,GACnC,OACIA,EAASnF,eAAe,2BACxBmF,EAASnF,eAAe,mBACxBmF,EAASnF,eAAe,WACxBmF,EAASnF,eAAe,WAEhC,CD+rBoCsjC,CAAuBn+B,EAASyV,MACxD,OAAIyoB,EACOl+B,EAASyV,MAEhBtd,KAAKN,OAAOoB,QAAQ,8FAGb,KAEd,CAAC,MAAOO,GAIL,OAHArB,KAAKN,OAAOoB,QAAQ,6CAADkP,OAC8B3O,IAE1C,IACV,C,CAMGmkC,sCAAAA,GACJ,OAAIxlC,KAAK2gC,mBAAmBsF,EAAAA,GACjBA,EAAAA,GAAiBjmC,KAAK2gC,iBAG1B,I,CAOH,2CAAMkE,CACV7D,GAA8B,IAAAkF,EAAAC,EAER,QAAtBD,EAAAlmC,KAAKH,yBAAiB,IAAAqmC,GAAtBA,EAAwBtjC,oBACpBC,EAAAA,GAAkBiiC,+CAClB9kC,KAAKD,eAGT,MAAMqmC,EAC4C,QADnBD,EAC3BnmC,KAAK+C,iBAAiB2hC,gCAAwB,IAAAyB,OAAA,EAA9CA,EAAgDxB,YAEpD,GAAIyB,EAA2B,KAAAC,EAC3B,GACID,IACAh5B,EAAAA,GAAUk5B,gCAMV,OAJAtmC,KAAK89B,wBAAwB6B,eACzB4G,EAAAA,GAAwBC,6BAC5BxmC,KAAK89B,wBAAwB4B,YACzB0G,EACGniC,EAAUwiC,+BACbzF,EACAoF,GAIR,MAAMpI,QAA+B15B,EAAAA,EAAAA,GACjCtE,KAAK4/B,gBAAgBhC,aAAa/oB,KAAK7U,KAAK4/B,iBAC5C/8B,EAAAA,GAAkBk7B,4BAClB/9B,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cAL4BuE,CAOa,QADjD+hC,EACGrmC,KAAK+C,iBAAiB2hC,gCAAwB,IAAA2B,OAAA,EAA9CA,EACMxI,kBACN79B,KAAK89B,yBAGT,GAAIE,EAKA,OAJAh+B,KAAK89B,wBAAwB6B,eACzB4G,EAAAA,GAAwBG,oCAC5B1mC,KAAK89B,wBAAwB4B,YACzB1B,EACG/5B,EAAUwiC,+BACbzF,EACAhD,GAIRh+B,KAAK89B,wBAAwB6B,eACzB4G,EAAAA,GAAwBI,+BAC/B,CAED,OAAO3F,C,CASH,kCAAMgC,CACVH,GAAuC,IAAA+D,EAEjB,QAAtBA,EAAA5mC,KAAKH,yBAAiB,IAAA+mC,GAAtBA,EAAwBhkC,oBACpBC,EAAAA,GAAkBogC,sCAClBjjC,KAAKD,eAET,MAAM8mC,EACF7mC,KAAK8mC,6CAA6CjE,GACtD,GAAIgE,EACA,OAAOA,EAIX,MAAM7F,QAAiB18B,EAAAA,EAAAA,GACnBtE,KAAK+mC,qCAAqClyB,KAAK7U,MAC/C6C,EAAAA,GAAkBmkC,8CAClBhnC,KAAKN,OACLM,KAAKH,kBACLG,KAAKD,cALcuE,GAQvB,GAAI08B,EAMA,OALAgC,EAAAA,EAAAA,8BACIH,EACA7B,GACA,GAEGiD,EAAAA,GAAwBkB,QAInC,MAAMzgC,EAAAA,EAAAA,IACFuiC,EAAAA,G,CAIAH,4CAAAA,CACJjE,GAEA7iC,KAAKN,OAAOoB,QACR,4EAEJd,KAAKN,OAAOib,WAAW,sBAAD3K,OAEdhQ,KAAK+C,iBAAiBG,kBACtBkK,EAAAA,GAAU85B,iBAGlBlnC,KAAKN,OAAOib,WAAW,uBAAD3K,OAEdhQ,KAAK+C,iBAAiBK,mBACtBgK,EAAAA,GAAU85B,iBAGlBlnC,KAAKN,OAAOib,WAAW,wBAAD3K,OAEd6yB,EAAeV,qBAAuB/0B,EAAAA,GAAU85B,iBAGxD,MAAMlG,EAAWhhC,KAAKmnC,sCACtB,GAAInG,EASA,OARAhhC,KAAKN,OAAOoB,QACR,8DAEJkiC,EAAAA,EAAAA,8BACIH,EACA7B,GACA,GAEGiD,EAAAA,GAAwBsB,OAQnC,GAJAvlC,KAAKN,OAAOoB,QACR,gIAGAd,KAAKisB,QAAQ5oB,2BACbrD,KAAKN,OAAOoB,QACR,sLAED,CACH,MAAM8jC,GACFwC,EAAAA,EAAAA,IACIpnC,KAAK2gC,iBAEb,GAAIiE,EASA,OARA5kC,KAAKN,OAAOoB,QACR,0DAEJkiC,EAAAA,EAAAA,8BACIH,EACA+B,GACA,GAEGX,EAAAA,GAAwBQ,iBAGnCzkC,KAAKN,OAAOoB,QACR,2IAEP,CAED,MAAM2kC,GACFC,EAAAA,EAAAA,4BAAwC7C,GAC5C,OACI7iC,KAAK2lC,oBAAoB9C,IACzBA,EAAee,qBACd6B,GAEDzlC,KAAKN,OAAOoB,QAAQ,gDAEbmjC,EAAAA,GAAwBC,QACxBuB,GACPzlC,KAAKN,OAAOoB,QAAQ,mCAGjB,K,CAMHqmC,mCAAAA,GAEJ,GAAInnC,KAAKwgC,gBAAkBlzB,EAAAA,EAAc2yB,KAIrC,OAHAjgC,KAAKN,OAAOoB,QACR,uGAEGmD,EAAUojC,qCACbrnC,KAAK2gC,iBAKb,GAAI3gC,KAAK+C,iBAAiBI,uBAAwB,CAC9CnD,KAAKN,OAAOoB,QACR,wFAEJ,IACId,KAAKN,OAAOoB,QACR,qDAEJ,MAAMwmC,EAAiBn9B,KAAKsI,MACxBzS,KAAK+C,iBAAiBI,wBAEpB69B,GAAWuG,EAAAA,EAAAA,IACbD,EAAetG,SACfhhC,KAAK2gC,iBAGT,GADA3gC,KAAKN,OAAOoB,QAAQ,wCAChBkgC,EAIA,OAHAhhC,KAAKN,OAAOoB,QACR,iFAEGkgC,EAEPhhC,KAAKN,OAAOoB,QACR,wEAGX,CAAC,MAAOO,GAIL,MAHArB,KAAKN,OAAOoB,QACR,mGAEE4D,EAAAA,EAAAA,IACF8iC,EAAAA,GAEP,CACJ,CAGD,OAAIxnC,KAAKynC,wBACLznC,KAAKN,OAAOoB,QACR,kGAEGmD,EAAUojC,qCACbrnC,KAAK2gC,kBAIN,I,CAQH,0CAAMoG,GAAoC,IAAAW,EACxB,QAAtBA,EAAA1nC,KAAKH,yBAAiB,IAAA6nC,GAAtBA,EAAwB9kC,oBACpBC,EAAAA,GAAkBmkC,8CAClBhnC,KAAKD,eAET,MAAM4nC,EAA4B,GAAH33B,OAAM5C,EAAAA,GAAUw6B,8BAA4B53B,OAAGhQ,KAAK8M,mBAAkB,yBAC/Fmf,EAAuB,CAAC,EAO9B,IAAI4b,EAAQ,KACZ,IACI,MAAMhgC,QAAiB7H,KAAKkqB,iBAAiBkC,oBAG3Cub,EAA2B1b,GAC7B,IAAI6b,EAGA9G,EACJ,GE1/BN,SAA2Cn5B,GAC7C,OACIA,EAASnF,eAAe,8BACxBmF,EAASnF,eAAe,WAEhC,CFq/BgBqlC,CAAiClgC,EAASyV,MAC1CwqB,EACIjgC,EAASyV,KACb0jB,EAAW8G,EAAkB9G,SAE7BhhC,KAAKN,OAAOib,WAAW,iCAAD3K,OACe83B,EAAkBE,gCAEpD,KG//Bb,SACFngC,GAEA,OACIA,EAASnF,eAAe,UACxBmF,EAASnF,eAAe,oBAEhC,CHw/BuBulC,CAAsCpgC,EAASyV,MA6BtD,OAHAtd,KAAKN,OAAOwB,MACR,8FAEG,KAtBP,GANAlB,KAAKN,OAAOyJ,QAAQ,sHAAD6G,OACuGnI,EAASqlB,SAGnI4a,EACIjgC,EAASyV,KACTwqB,EAAkB5mC,QAAUkM,EAAAA,GAAU86B,iBAItC,OAHAloC,KAAKN,OAAOwB,MACR,sEAEG,KAGXlB,KAAKN,OAAOyJ,QAAQ,oDAAD6G,OACqC83B,EAAkB5mC,QAE1ElB,KAAKN,OAAOyJ,QAAQ,gEAAD6G,OACiD83B,EAAkBK,oBAGtFnoC,KAAKN,OAAOyJ,QACR,6FAEJ63B,EAAW,EAMd,CAEDhhC,KAAKN,OAAOoB,QACR,0IAEJ+mC,GAAQN,EAAAA,EAAAA,IACJvG,EACAhhC,KAAK2gC,gBAEZ,CAAC,MAAOz/B,GACL,GAAIA,aAAiBsY,EAAAA,GACjBxZ,KAAKN,OAAOwB,MAAM,oGAAD8O,OACuF9O,EAAMoH,UAAS,yBAAA0H,OAAwB9O,EAAMwhB,mBAElJ,CACH,MAAM0lB,EAAalnC,EACnBlB,KAAKN,OAAOwB,MAAM,wGAAD8O,OAC2Fo4B,EAAWzY,KAAI,yBAAA3f,OAAwBo4B,EAAW/rB,SAEjK,CAED,OAAO,IACV,CAeD,OAZKwrB,IACD7nC,KAAKN,OAAOyJ,QACR,wHAEJnJ,KAAKN,OAAOoB,QACR,yDAGJ+mC,EAAQ5jC,EAAUojC,qCACdrnC,KAAK2gC,kBAGNkH,C,CAMHJ,oBAAAA,GAUJ,OATgBznC,KAAK+C,iBAAiBG,iBAAiBmlC,QAClD7kC,GAEOA,GACA9B,EAAAA,EAAUoC,iBAAiBN,GAAW+rB,gBAClCvvB,KAAK2gC,kBAINj9B,OAAS,C,CAQ5B,wBAAOQ,CACHokC,EACAlkC,GAEA,IAAImkC,EAEJ,GACInkC,GACAA,EAAkBokC,qBAAuBC,EAAAA,EAAmB7Q,KAC9D,CACE,MAAMgJ,EAASx8B,EAAkBw8B,OAC3Bx8B,EAAkBw8B,OAClBxzB,EAAAA,GAAUs7B,sBAChBH,EAA8B,GAAHv4B,OAAM5L,EAAkBokC,mBAAkB,KAAAx4B,OAAI4wB,EAAM,IAClF,CAED,OAAO2H,GAEDD,C,CAOV,2CAAOjB,CACHsB,GAEA,MAAO,CACHzF,kBAAmByF,EACnBhF,gBAAiBgF,EACjBjF,QAAS,CAACiF,G,CAOlBC,iBAAAA,GACI,GAAI5oC,KAAKw/B,gBACL,OAAOpyB,EAAAA,GAAUy7B,uBACd,GAAI7oC,KAAK8gC,oBACZ,OAAO9gC,KAAKghC,SAAS2C,gBAErB,MAAMv6B,EAAAA,EAAAA,IACF83B,EAAAA,G,CASZz8B,OAAAA,CAAQkkC,GACJ,OAAO3oC,KAAKghC,SAAS0C,QAAQ5hB,QAAQ6mB,IAAS,C,CAOlDjG,gCAAAA,CAAiCiG,GAC7B,OAAOG,EAAAA,GAAiChH,IAAI6G,E,CAShD,6BAAOI,CAAuBJ,GAC1B,OAAOv7B,EAAAA,GAAU47B,oBAAoBlnB,QAAQ6mB,IAAS,C,CAS1D,mCAAOM,CACHN,EACAO,EACAC,GAGA,MAAMC,EAAuB,IAAI1nC,EAAAA,EAAUinC,GAC3CS,EAAqBz2B,gBAErB,MAAM02B,EAAoBD,EAAqB5P,mBAE/C,IAAI8P,EAAkB,GAAHt5B,OAAMk5B,EAAM,KAAAl5B,OAAIq5B,EAAkB3P,iBAEjD15B,KAAK+oC,uBAAuBM,EAAkB3P,mBAC9C4P,EAAkB,GAAHt5B,OAAMk5B,EAAM,KAAAl5B,OAAI5C,EAAAA,GAAUm8B,oCAI7C,MAAMvd,EAAMtqB,EAAAA,EAAU8nC,iCAA+BrjC,EAAAA,EAAAA,IAAAA,EAAAA,EAAAA,GAAC,CAAC,EAChDijC,EAAqB5P,oBAAkB,IAC1CE,gBAAiB4P,KAClBp2B,UAGH,OAAIi2B,EAAoB,GAAPn5B,OAAUgc,EAAG,KAAAhc,OAAIm5B,GAE3Bnd,C,CASX,qCAAOya,CACHzF,EACA2D,GAEA,MAAM8E,GAAgBtjC,EAAAA,EAAAA,GAAA,GAAQ66B,GAqB9B,OApBAyI,EAAiBxI,uBACbh9B,EAAUglC,6BACNQ,EAAiBxI,uBACjB0D,GAGR8E,EAAiBrI,eACbn9B,EAAUglC,6BACNQ,EAAiBrI,eACjBuD,GAGJ8E,EAAiBnI,uBACjBmI,EAAiBnI,qBACbr9B,EAAUglC,6BACNQ,EAAiBnI,qBACjBqD,IAIL8E,C,CAYX,6BAAOC,CAAuBlmC,GAC1B,IAAImmC,EAAgBnmC,EACpB,MACMomC,EADe,IAAIloC,EAAAA,EAAU8B,GACSg2B,mBAG5C,GACmD,IAA/CoQ,EAAuBzJ,aAAaz8B,QACpCkmC,EAAuBlQ,gBAAgBqG,SACnC3yB,EAAAA,GAAU4yB,eAEhB,CACE,MAAM6J,EACFD,EAAuBlQ,gBAAgBN,MAAM,KAAK,GACtDuQ,EAAgB,GAAH35B,OAAM25B,GAAa35B,OAAG65B,GAAgB75B,OAAG5C,EAAAA,GAAU08B,yBACnE,CAED,OAAOH,C,EAOT,SAAUI,EACZvmC,GAAiB,IAAAwmC,EAEjB,MAUM98B,EAC8C,QADtC88B,EAVO,IAAItoC,EAAAA,EAAU8B,GACSg2B,mBAUjB2G,aAAa8J,OAAO,GAAG,UAAE,IAAAD,OAAA,EAAhDA,EAAkDza,cAEtD,OAAQriB,GACJ,KAAKg9B,EAAAA,GAAsBC,OAC3B,KAAKD,EAAAA,GAAsBE,cAC3B,KAAKF,EAAAA,GAAsBG,UACvB,OACJ,QACI,OAAOn9B,EAEnB,CAEM,SAAUo9B,EAAmBxK,GAC/B,OAAOA,EAAaC,SAAS3yB,EAAAA,GAAUm9B,eACjCzK,EAAY,GAAA9vB,OACT8vB,GAAY9vB,OAAG5C,EAAAA,GAAUm9B,cACtC,CAEM,SAAUC,EACZlhB,GAEA,MAAMmhB,EAA4BnhB,EAAYnmB,uBAC9C,IAAIA,EAEJ,GAAIsnC,EACA,IACItnC,EAAyBgH,KAAKsI,MAAMg4B,EACvC,CAAC,MAAOppC,GACL,MAAMqD,EAAAA,EAAAA,IACF8iC,EAAAA,GAEP,CAEL,MAAO,CACH16B,mBAAoBwc,EAAY9lB,UAC1B8mC,EAAmBhhB,EAAY9lB,gBAC/Bb,EACNO,iBAAkBomB,EAAYpmB,iBAC9BC,uBAAwBA,EAEhC,CAxvCmBc,EAAqB49B,sBAAgB,IAAI6I,IAAI,CACxD,WACA,aACAR,EAAAA,GAAsBC,OACtBD,EAAAA,GAAsBG,UACtBH,EAAAA,GAAsBE,e,oGIpEvBrlB,eAAe4lB,EAClB7K,EACA5/B,EACAq/B,EACAx8B,EACArD,EACAK,EACAF,GAEAA,SAAAA,EAAmB+C,oBACfC,EAAAA,GAAkB2B,yCAClBzE,GAEJ,MAAM6qC,EAAoB3mC,EAAAA,GAAUylC,wBAChCY,EAAAA,EAAAA,IAAmBxK,IAIjB+K,EAAmC,IAAI5mC,EAAAA,GACzC2mC,EACA1qC,EACAq/B,EACAx8B,EACArD,EACAK,EACAF,GAGJ,IAUI,aATMyE,EAAAA,EAAAA,GACFumC,EAAsBlI,sBAAsB9tB,KACxCg2B,GAEJhoC,EAAAA,GAAkB+/B,+BAClBljC,EACAG,EACAE,EAPEuE,GASCumC,CACV,CAAC,MAAOxpC,GACL,MAAM+H,EAAAA,EAAAA,IACF83B,EAAAA,GAEP,CACL,C,qGCvDa,MAgFA+E,EA/ES,CACd,4BAA6B,CACzB7E,eACI,iEACJO,SACI,mEACJF,OAAQ,oDACRR,uBACI,qEACJK,qBACI,mEAER,yBAA0B,CACtBF,eACI,8DACJO,SACI,gEACJF,OAAQ,2DACRR,uBACI,kEACJK,qBACI,gEAER,2BAA4B,CACxBF,eACI,gEACJO,SACI,kEACJF,OAAQ,mDACRR,uBACI,oEACJK,qBACI,mEAgDHwJ,EA7CkB,CACvB9C,0BACI,qEACJhH,SAAU,CACN,CACIkC,kBAAmB,4BACnBS,gBAAiB,oBACjBD,QAAS,CACL,4BACA,oBACA,sBACA,oBAGR,CACIR,kBAAmB,mCACnBS,gBAAiB,mCACjBD,QAAS,CACL,mCACA,2BAGR,CACIR,kBAAmB,2BACnBS,gBAAiB,2BACjBD,QAAS,CAAC,6BAEd,CACIR,kBAAmB,2BACnBS,gBAAiB,2BACjBD,QAAS,CACL,2BACA,4BAGR,CACIR,kBAAmB,+BACnBS,gBAAiB,+BACjBD,QAAS,CAAC,mCAUboF,EAAgD,IAAI4B,IAejD,SAAAK,EACZC,EACAtrC,GAEA,IAAIurC,EACJ,MAAMn+B,EAAqBk+B,EAAuBl+B,mBAClD,GAAIA,EAAoB,KAAAo+B,EACpB,MAAMC,EAAgB,IAAIzpC,EAAAA,EACtBoL,GACF0sB,mBAAmBE,gBACrBuR,EACIG,EACID,EAC6C,QADhCD,EACbF,EAAuB7nC,8BAAsB,IAAA+nC,OAAA,EAA7CA,EAA+ClK,SAC/CiD,EAAAA,GAAwBsB,OACxB7lC,IAEJ0rC,EACID,EACAL,EAA0B9J,SAC1BiD,EAAAA,GAAwBQ,iBACxB/kC,IAEJsrC,EAAuB9nC,gBAC9B,CAED,OAAO+nC,GAAiB,EAC5B,CAQM,SAAUG,EACZD,EACAhoC,EACAogC,EACA7jC,GAGA,GADAA,SAAAA,EAAQ6G,MAAM,8CAADyJ,OAA+CuzB,IACxD4H,GAAiBhoC,EAAwB,CACzC,MAAM69B,EAAWuG,EACbpkC,EACAgoC,GAGJ,GAAInK,EAIA,OAHAthC,SAAAA,EAAQ6G,MAAM,6DAADyJ,OACoDuzB,EAAM,wBAEhEvC,EAAS0C,QAEhBhkC,SAAAA,EAAQ6G,MAAM,oEAADyJ,OAC2DuzB,GAG/E,CAED,OAAO,IACX,CAKM,SAAU6D,EACZ+D,GAMA,OAJiB5D,EACbuD,EAA0B9J,SAC1BmK,EAGR,CAOgB,SAAA5D,EACZ1/B,EACAsjC,GAEA,IAAK,IAAIE,EAAI,EAAGA,EAAIxjC,EAASnE,OAAQ2nC,IAAK,CACtC,MAAMrK,EAAWn5B,EAASwjC,GAC1B,GAAIrK,EAAS0C,QAAQjU,SAAS0b,GAC1B,OAAOnK,CAEd,CAED,OAAO,IACX,CA3GA8J,EAA0B9J,SAASnT,SAC9Byd,IACGA,EAAc5H,QAAQ7V,SAAS0d,IAC3BzC,EAAiC0C,IAAID,EAAM,GAC7C,G,oCC/EG,MAAA9C,EAAqB,CAE9B7Q,KAAM,OAGN6T,YAAa,oCAGbC,SAAU,gCAGVC,WAAY,iCAGZC,aAAc,mCAGdC,kBAAmB,mC,mCCrCV,MAAAv+B,EAAgB,CACzBC,QAAS,EACT8yB,KAAM,EACNE,KAAM,EACNN,KAAM,E,oCCJG,MAAAhmB,EAAe,CACxB8nB,IAAK,MACL7nB,KAAM,O","sources":["../node_modules/@azure/msal-browser/src/telemetry/BrowserPerformanceClient.ts","../node_modules/@azure/msal-browser/src/interaction_client/BaseInteractionClient.ts","../node_modules/@azure/msal-browser/src/interaction_client/NativeInteractionClient.ts","../node_modules/@azure/msal-browser/src/interaction_client/PopupClient.ts","../node_modules/@azure/msal-browser/src/interaction_handler/RedirectHandler.ts","../node_modules/@azure/msal-browser/src/interaction_client/RedirectClient.ts","../node_modules/@azure/msal-browser/src/interaction_client/HybridSpaAuthorizationCodeClient.ts","../node_modules/@azure/msal-browser/src/interaction_client/SilentAuthCodeClient.ts","../node_modules/@azure/msal-browser/src/interaction_client/SilentCacheClient.ts","../node_modules/@azure/msal-browser/src/interaction_handler/SilentHandler.ts","../node_modules/@azure/msal-browser/src/interaction_client/SilentIframeClient.ts","../node_modules/@azure/msal-browser/src/interaction_client/SilentRefreshClient.ts","../node_modules/@azure/msal-browser/src/interaction_client/StandardInteractionClient.ts","../node_modules/@azure/msal-browser/src/interaction_handler/InteractionHandler.ts","../node_modules/@azure/msal-browser/src/naa/BridgeStatusCode.ts","../node_modules/@azure/msal-browser/src/navigation/NavigationClient.ts","../node_modules/@azure/msal-browser/src/network/FetchClient.ts","../node_modules/@azure/msal-browser/src/operatingcontext/BaseOperatingContext.ts","../node_modules/@azure/msal-browser/src/naa/BridgeProxy.ts","../node_modules/@azure/msal-browser/src/operatingcontext/NestedAppOperatingContext.ts","../node_modules/@azure/msal-browser/src/operatingcontext/StandardOperatingContext.ts","../node_modules/@azure/msal-browser/src/operatingcontext/UnknownOperatingContext.ts","../node_modules/@azure/msal-browser/src/packageMetadata.ts","../node_modules/@azure/msal-browser/src/request/RequestHelpers.ts","../node_modules/@azure/msal-browser/src/response/ResponseHandler.ts","../node_modules/@azure/msal-browser/src/telemetry/BrowserPerformanceMeasurement.ts","../node_modules/@azure/msal-browser/src/utils/BrowserConstants.ts","../node_modules/@azure/msal-browser/src/utils/BrowserProtocolUtils.ts","../node_modules/@azure/msal-browser/src/utils/BrowserUtils.ts","../node_modules/@azure/msal-common/src/account/AccountInfo.ts","../node_modules/@azure/msal-common/src/account/AuthToken.ts","../node_modules/@azure/msal-common/src/account/CcsCredential.ts","../node_modules/@azure/msal-common/src/account/ClientInfo.ts","../node_modules/@azure/msal-common/src/account/TokenClaims.ts","../node_modules/@azure/msal-common/src/authority/RegionDiscovery.ts","../node_modules/@azure/msal-common/src/authority/Authority.ts","../node_modules/@azure/msal-common/src/authority/OpenIdConfigResponse.ts","../node_modules/@azure/msal-common/src/authority/CloudInstanceDiscoveryResponse.ts","../node_modules/@azure/msal-common/src/authority/CloudInstanceDiscoveryErrorResponse.ts","../node_modules/@azure/msal-common/src/authority/AuthorityFactory.ts","../node_modules/@azure/msal-common/src/authority/AuthorityMetadata.ts","../node_modules/@azure/msal-common/src/authority/AuthorityOptions.ts","../node_modules/@azure/msal-common/src/authority/AuthorityType.ts","../node_modules/@azure/msal-common/src/authority/ProtocolMode.ts"],"sourcesContent":["/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n Constants,\n InProgressPerformanceEvent,\n IPerformanceClient,\n Logger,\n PerformanceClient,\n PerformanceEvent,\n PerformanceEvents,\n PreQueueEvent,\n SubMeasurement,\n} from \"@azure/msal-common/browser\";\nimport { Configuration } from \"../config/Configuration.js\";\nimport { name, version } from \"../packageMetadata.js\";\nimport {\n BROWSER_PERF_ENABLED_KEY,\n BrowserCacheLocation,\n} from \"../utils/BrowserConstants.js\";\nimport * as BrowserCrypto from \"../crypto/BrowserCrypto.js\";\n\n/**\n * Returns browser performance measurement module if session flag is enabled. Returns undefined otherwise.\n */\nfunction getPerfMeasurementModule() {\n let sessionStorage: Storage | undefined;\n try {\n sessionStorage = window[BrowserCacheLocation.SessionStorage];\n const perfEnabled = sessionStorage?.getItem(BROWSER_PERF_ENABLED_KEY);\n if (Number(perfEnabled) === 1) {\n return import(\"./BrowserPerformanceMeasurement.js\");\n }\n // Mute errors if it's a non-browser environment or cookies are blocked.\n } catch (e) {}\n\n return undefined;\n}\n\n/**\n * Returns boolean, indicating whether browser supports window.performance.now() function.\n */\nfunction supportsBrowserPerformanceNow(): boolean {\n return (\n typeof window !== \"undefined\" &&\n typeof window.performance !== \"undefined\" &&\n typeof window.performance.now === \"function\"\n );\n}\n\n/**\n * Returns event duration in milliseconds using window performance API if available. Returns undefined otherwise.\n * @param startTime {DOMHighResTimeStamp | undefined}\n * @returns {number | undefined}\n */\nfunction getPerfDurationMs(\n startTime: DOMHighResTimeStamp | undefined\n): number | undefined {\n if (!startTime || !supportsBrowserPerformanceNow()) {\n return undefined;\n }\n\n return Math.round(window.performance.now() - startTime);\n}\n\nexport class BrowserPerformanceClient\n extends PerformanceClient\n implements IPerformanceClient\n{\n constructor(\n configuration: Configuration,\n intFields?: Set,\n abbreviations?: Map\n ) {\n super(\n configuration.auth.clientId,\n configuration.auth.authority || `${Constants.DEFAULT_AUTHORITY}`,\n new Logger(\n configuration.system?.loggerOptions || {},\n name,\n version\n ),\n name,\n version,\n configuration.telemetry?.application || {\n appName: \"\",\n appVersion: \"\",\n },\n intFields,\n abbreviations\n );\n }\n\n generateId(): string {\n return BrowserCrypto.createNewGuid();\n }\n\n private getPageVisibility(): string | null {\n return document.visibilityState?.toString() || null;\n }\n\n private deleteIncompleteSubMeasurements(\n inProgressEvent: InProgressPerformanceEvent\n ): void {\n void getPerfMeasurementModule()?.then((module) => {\n const rootEvent = this.eventsByCorrelationId.get(\n inProgressEvent.event.correlationId\n );\n const isRootEvent =\n rootEvent &&\n rootEvent.eventId === inProgressEvent.event.eventId;\n const incompleteMeasurements: SubMeasurement[] = [];\n if (isRootEvent && rootEvent?.incompleteSubMeasurements) {\n rootEvent.incompleteSubMeasurements.forEach(\n (subMeasurement: SubMeasurement) => {\n incompleteMeasurements.push({ ...subMeasurement });\n }\n );\n }\n // Clean up remaining marks for incomplete sub-measurements\n module.BrowserPerformanceMeasurement.flushMeasurements(\n inProgressEvent.event.correlationId,\n incompleteMeasurements\n );\n });\n }\n\n /**\n * Starts measuring performance for a given operation. Returns a function that should be used to end the measurement.\n * Also captures browser page visibilityState.\n *\n * @param {PerformanceEvents} measureName\n * @param {?string} [correlationId]\n * @returns {((event?: Partial) => PerformanceEvent| null)}\n */\n startMeasurement(\n measureName: string,\n correlationId?: string\n ): InProgressPerformanceEvent {\n // Capture page visibilityState and then invoke start/end measurement\n const startPageVisibility = this.getPageVisibility();\n const inProgressEvent = super.startMeasurement(\n measureName,\n correlationId\n );\n const startTime: number | undefined = supportsBrowserPerformanceNow()\n ? window.performance.now()\n : undefined;\n\n const browserMeasurement = getPerfMeasurementModule()?.then(\n (module) => {\n return new module.BrowserPerformanceMeasurement(\n measureName,\n inProgressEvent.event.correlationId\n );\n }\n );\n void browserMeasurement?.then((measurement) =>\n measurement.startMeasurement()\n );\n\n return {\n ...inProgressEvent,\n end: (\n event?: Partial,\n error?: unknown\n ): PerformanceEvent | null => {\n const res = inProgressEvent.end(\n {\n ...event,\n startPageVisibility,\n endPageVisibility: this.getPageVisibility(),\n durationMs: getPerfDurationMs(startTime),\n },\n error\n );\n void browserMeasurement?.then((measurement) =>\n measurement.endMeasurement()\n );\n this.deleteIncompleteSubMeasurements(inProgressEvent);\n\n return res;\n },\n discard: () => {\n inProgressEvent.discard();\n void browserMeasurement?.then((measurement) =>\n measurement.flushMeasurement()\n );\n this.deleteIncompleteSubMeasurements(inProgressEvent);\n },\n };\n }\n\n /**\n * Adds pre-queue time to preQueueTimeByCorrelationId map.\n * @param {PerformanceEvents} eventName\n * @param {?string} correlationId\n * @returns\n */\n setPreQueueTime(\n eventName: PerformanceEvents,\n correlationId?: string\n ): void {\n if (!supportsBrowserPerformanceNow()) {\n this.logger.trace(\n `BrowserPerformanceClient: window performance API not available, unable to set telemetry queue time for ${eventName}`\n );\n return;\n }\n\n if (!correlationId) {\n this.logger.trace(\n `BrowserPerformanceClient: correlationId for ${eventName} not provided, unable to set telemetry queue time`\n );\n return;\n }\n\n const preQueueEvent: PreQueueEvent | undefined =\n this.preQueueTimeByCorrelationId.get(correlationId);\n /**\n * Manually complete queue measurement if there is an incomplete pre-queue event.\n * Incomplete pre-queue events are instrumentation bugs that should be fixed.\n */\n if (preQueueEvent) {\n this.logger.trace(\n `BrowserPerformanceClient: Incomplete pre-queue ${preQueueEvent.name} found`,\n correlationId\n );\n this.addQueueMeasurement(\n preQueueEvent.name,\n correlationId,\n undefined,\n true\n );\n }\n this.preQueueTimeByCorrelationId.set(correlationId, {\n name: eventName,\n time: window.performance.now(),\n });\n }\n\n /**\n * Calculates and adds queue time measurement for given performance event.\n *\n * @param {PerformanceEvents} eventName\n * @param {?string} correlationId\n * @param {?number} queueTime\n * @param {?boolean} manuallyCompleted - indicator for manually completed queue measurements\n * @returns\n */\n addQueueMeasurement(\n eventName: string,\n correlationId?: string,\n queueTime?: number,\n manuallyCompleted?: boolean\n ): void {\n if (!supportsBrowserPerformanceNow()) {\n this.logger.trace(\n `BrowserPerformanceClient: window performance API not available, unable to add queue measurement for ${eventName}`\n );\n return;\n }\n\n if (!correlationId) {\n this.logger.trace(\n `BrowserPerformanceClient: correlationId for ${eventName} not provided, unable to add queue measurement`\n );\n return;\n }\n\n const preQueueTime = super.getPreQueueTime(eventName, correlationId);\n if (!preQueueTime) {\n return;\n }\n\n const currentTime = window.performance.now();\n const resQueueTime =\n queueTime || super.calculateQueuedTime(preQueueTime, currentTime);\n\n return super.addQueueMeasurement(\n eventName,\n correlationId,\n resQueueTime,\n manuallyCompleted\n );\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n ICrypto,\n INetworkModule,\n Logger,\n AccountInfo,\n AccountEntity,\n UrlString,\n ServerTelemetryManager,\n ServerTelemetryRequest,\n createClientConfigurationError,\n ClientConfigurationErrorCodes,\n Authority,\n AuthorityOptions,\n AuthorityFactory,\n IPerformanceClient,\n PerformanceEvents,\n AzureCloudOptions,\n invokeAsync,\n StringDict,\n} from \"@azure/msal-common/browser\";\nimport { BrowserConfiguration } from \"../config/Configuration.js\";\nimport { BrowserCacheManager } from \"../cache/BrowserCacheManager.js\";\nimport { EventHandler } from \"../event/EventHandler.js\";\nimport { EndSessionRequest } from \"../request/EndSessionRequest.js\";\nimport { RedirectRequest } from \"../request/RedirectRequest.js\";\nimport { PopupRequest } from \"../request/PopupRequest.js\";\nimport { SsoSilentRequest } from \"../request/SsoSilentRequest.js\";\nimport { version } from \"../packageMetadata.js\";\nimport { BrowserConstants } from \"../utils/BrowserConstants.js\";\nimport * as BrowserUtils from \"../utils/BrowserUtils.js\";\nimport { INavigationClient } from \"../navigation/INavigationClient.js\";\nimport { NativeMessageHandler } from \"../broker/nativeBroker/NativeMessageHandler.js\";\nimport { AuthenticationResult } from \"../response/AuthenticationResult.js\";\nimport { ClearCacheRequest } from \"../request/ClearCacheRequest.js\";\nimport { createNewGuid } from \"../crypto/BrowserCrypto.js\";\n\nexport abstract class BaseInteractionClient {\n protected config: BrowserConfiguration;\n protected browserStorage: BrowserCacheManager;\n protected browserCrypto: ICrypto;\n protected networkClient: INetworkModule;\n protected logger: Logger;\n protected eventHandler: EventHandler;\n protected navigationClient: INavigationClient;\n protected nativeMessageHandler: NativeMessageHandler | undefined;\n protected correlationId: string;\n protected performanceClient: IPerformanceClient;\n\n constructor(\n config: BrowserConfiguration,\n storageImpl: BrowserCacheManager,\n browserCrypto: ICrypto,\n logger: Logger,\n eventHandler: EventHandler,\n navigationClient: INavigationClient,\n performanceClient: IPerformanceClient,\n nativeMessageHandler?: NativeMessageHandler,\n correlationId?: string\n ) {\n this.config = config;\n this.browserStorage = storageImpl;\n this.browserCrypto = browserCrypto;\n this.networkClient = this.config.system.networkClient;\n this.eventHandler = eventHandler;\n this.navigationClient = navigationClient;\n this.nativeMessageHandler = nativeMessageHandler;\n this.correlationId = correlationId || createNewGuid();\n this.logger = logger.clone(\n BrowserConstants.MSAL_SKU,\n version,\n this.correlationId\n );\n this.performanceClient = performanceClient;\n }\n\n abstract acquireToken(\n request: RedirectRequest | PopupRequest | SsoSilentRequest\n ): Promise;\n\n abstract logout(\n request: EndSessionRequest | ClearCacheRequest | undefined\n ): Promise;\n\n protected async clearCacheOnLogout(\n account?: AccountInfo | null\n ): Promise {\n if (account) {\n if (\n AccountEntity.accountInfoIsEqual(\n account,\n this.browserStorage.getActiveAccount(),\n false\n )\n ) {\n this.logger.verbose(\"Setting active account to null\");\n this.browserStorage.setActiveAccount(null);\n }\n // Clear given account.\n try {\n await this.browserStorage.removeAccount(\n AccountEntity.generateAccountCacheKey(account)\n );\n this.logger.verbose(\n \"Cleared cache items belonging to the account provided in the logout request.\"\n );\n } catch (error) {\n this.logger.error(\n \"Account provided in logout request was not found. Local cache unchanged.\"\n );\n }\n } else {\n try {\n this.logger.verbose(\n \"No account provided in logout request, clearing all cache items.\",\n this.correlationId\n );\n // Clear all accounts and tokens\n await this.browserStorage.clear();\n // Clear any stray keys from IndexedDB\n await this.browserCrypto.clearKeystore();\n } catch (e) {\n this.logger.error(\n \"Attempted to clear all MSAL cache items and failed. Local cache unchanged.\"\n );\n }\n }\n }\n\n /**\n *\n * Use to get the redirect uri configured in MSAL or null.\n * @param requestRedirectUri\n * @returns Redirect URL\n *\n */\n getRedirectUri(requestRedirectUri?: string): string {\n this.logger.verbose(\"getRedirectUri called\");\n const redirectUri = requestRedirectUri || this.config.auth.redirectUri;\n return UrlString.getAbsoluteUrl(\n redirectUri,\n BrowserUtils.getCurrentUri()\n );\n }\n\n /**\n *\n * @param apiId\n * @param correlationId\n * @param forceRefresh\n */\n protected initializeServerTelemetryManager(\n apiId: number,\n forceRefresh?: boolean\n ): ServerTelemetryManager {\n this.logger.verbose(\"initializeServerTelemetryManager called\");\n const telemetryPayload: ServerTelemetryRequest = {\n clientId: this.config.auth.clientId,\n correlationId: this.correlationId,\n apiId: apiId,\n forceRefresh: forceRefresh || false,\n wrapperSKU: this.browserStorage.getWrapperMetadata()[0],\n wrapperVer: this.browserStorage.getWrapperMetadata()[1],\n };\n\n return new ServerTelemetryManager(\n telemetryPayload,\n this.browserStorage\n );\n }\n\n /**\n * Used to get a discovered version of the default authority.\n * @param params {\n * requestAuthority?: string;\n * requestAzureCloudOptions?: AzureCloudOptions;\n * requestExtraQueryParameters?: StringDict;\n * account?: AccountInfo;\n * }\n */\n protected async getDiscoveredAuthority(params: {\n requestAuthority?: string;\n requestAzureCloudOptions?: AzureCloudOptions;\n requestExtraQueryParameters?: StringDict;\n account?: AccountInfo;\n }): Promise {\n const { account } = params;\n const instanceAwareEQ =\n params.requestExtraQueryParameters &&\n params.requestExtraQueryParameters.hasOwnProperty(\"instance_aware\")\n ? params.requestExtraQueryParameters[\"instance_aware\"]\n : undefined;\n\n this.performanceClient.addQueueMeasurement(\n PerformanceEvents.StandardInteractionClientGetDiscoveredAuthority,\n this.correlationId\n );\n const authorityOptions: AuthorityOptions = {\n protocolMode: this.config.auth.protocolMode,\n OIDCOptions: this.config.auth.OIDCOptions,\n knownAuthorities: this.config.auth.knownAuthorities,\n cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata,\n authorityMetadata: this.config.auth.authorityMetadata,\n skipAuthorityMetadataCache:\n this.config.auth.skipAuthorityMetadataCache,\n };\n\n // build authority string based on auth params, precedence - azureCloudInstance + tenant >> authority\n const resolvedAuthority =\n params.requestAuthority || this.config.auth.authority;\n const resolvedInstanceAware = instanceAwareEQ?.length\n ? instanceAwareEQ === \"true\"\n : this.config.auth.instanceAware;\n\n const userAuthority =\n account && resolvedInstanceAware\n ? this.config.auth.authority.replace(\n UrlString.getDomainFromUrl(resolvedAuthority),\n account.environment\n )\n : resolvedAuthority;\n\n // fall back to the authority from config\n const builtAuthority = Authority.generateAuthority(\n userAuthority,\n params.requestAzureCloudOptions ||\n this.config.auth.azureCloudOptions\n );\n const discoveredAuthority = await invokeAsync(\n AuthorityFactory.createDiscoveredInstance,\n PerformanceEvents.AuthorityFactoryCreateDiscoveredInstance,\n this.logger,\n this.performanceClient,\n this.correlationId\n )(\n builtAuthority,\n this.config.system.networkClient,\n this.browserStorage,\n authorityOptions,\n this.logger,\n this.correlationId,\n this.performanceClient\n );\n\n if (account && !discoveredAuthority.isAlias(account.environment)) {\n throw createClientConfigurationError(\n ClientConfigurationErrorCodes.authorityMismatch\n );\n }\n\n return discoveredAuthority;\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n Logger,\n ICrypto,\n PromptValue,\n AuthToken,\n Constants,\n AccountEntity,\n AuthorityType,\n ScopeSet,\n TimeUtils,\n AuthenticationScheme,\n UrlString,\n OIDC_DEFAULT_SCOPES,\n PopTokenGenerator,\n SignedHttpRequestParameters,\n IPerformanceClient,\n PerformanceEvents,\n IdTokenEntity,\n AccessTokenEntity,\n AuthError,\n CommonSilentFlowRequest,\n AccountInfo,\n AADServerParamKeys,\n TokenClaims,\n createClientAuthError,\n ClientAuthErrorCodes,\n invokeAsync,\n createAuthError,\n AuthErrorCodes,\n updateAccountTenantProfileData,\n CacheHelpers,\n buildAccountToCache,\n InProgressPerformanceEvent,\n ServerTelemetryManager,\n} from \"@azure/msal-common/browser\";\nimport { BaseInteractionClient } from \"./BaseInteractionClient.js\";\nimport { BrowserConfiguration } from \"../config/Configuration.js\";\nimport { BrowserCacheManager } from \"../cache/BrowserCacheManager.js\";\nimport { EventHandler } from \"../event/EventHandler.js\";\nimport { PopupRequest } from \"../request/PopupRequest.js\";\nimport { SilentRequest } from \"../request/SilentRequest.js\";\nimport { SsoSilentRequest } from \"../request/SsoSilentRequest.js\";\nimport { NativeMessageHandler } from \"../broker/nativeBroker/NativeMessageHandler.js\";\nimport {\n NativeExtensionMethod,\n ApiId,\n TemporaryCacheKeys,\n NativeConstants,\n BrowserConstants,\n} from \"../utils/BrowserConstants.js\";\nimport {\n NativeExtensionRequestBody,\n NativeTokenRequest,\n} from \"../broker/nativeBroker/NativeRequest.js\";\nimport { MATS, NativeResponse } from \"../broker/nativeBroker/NativeResponse.js\";\nimport {\n NativeAuthError,\n NativeAuthErrorCodes,\n createNativeAuthError,\n isFatalNativeAuthError,\n} from \"../error/NativeAuthError.js\";\nimport { RedirectRequest } from \"../request/RedirectRequest.js\";\nimport { NavigationOptions } from \"../navigation/NavigationOptions.js\";\nimport { INavigationClient } from \"../navigation/INavigationClient.js\";\nimport {\n createBrowserAuthError,\n BrowserAuthErrorCodes,\n} from \"../error/BrowserAuthError.js\";\nimport { SilentCacheClient } from \"./SilentCacheClient.js\";\nimport { AuthenticationResult } from \"../response/AuthenticationResult.js\";\nimport { base64Decode } from \"../encode/Base64Decode.js\";\nimport { version } from \"../packageMetadata.js\";\n\nexport class NativeInteractionClient extends BaseInteractionClient {\n protected apiId: ApiId;\n protected accountId: string;\n protected nativeMessageHandler: NativeMessageHandler;\n protected silentCacheClient: SilentCacheClient;\n protected nativeStorageManager: BrowserCacheManager;\n protected skus: string;\n protected serverTelemetryManager: ServerTelemetryManager;\n\n constructor(\n config: BrowserConfiguration,\n browserStorage: BrowserCacheManager,\n browserCrypto: ICrypto,\n logger: Logger,\n eventHandler: EventHandler,\n navigationClient: INavigationClient,\n apiId: ApiId,\n performanceClient: IPerformanceClient,\n provider: NativeMessageHandler,\n accountId: string,\n nativeStorageImpl: BrowserCacheManager,\n correlationId?: string\n ) {\n super(\n config,\n browserStorage,\n browserCrypto,\n logger,\n eventHandler,\n navigationClient,\n performanceClient,\n provider,\n correlationId\n );\n this.apiId = apiId;\n this.accountId = accountId;\n this.nativeMessageHandler = provider;\n this.nativeStorageManager = nativeStorageImpl;\n this.silentCacheClient = new SilentCacheClient(\n config,\n this.nativeStorageManager,\n browserCrypto,\n logger,\n eventHandler,\n navigationClient,\n performanceClient,\n provider,\n correlationId\n );\n this.serverTelemetryManager = this.initializeServerTelemetryManager(\n this.apiId\n );\n\n const extensionName =\n this.nativeMessageHandler.getExtensionId() ===\n NativeConstants.PREFERRED_EXTENSION_ID\n ? \"chrome\"\n : this.nativeMessageHandler.getExtensionId()?.length\n ? \"unknown\"\n : undefined;\n this.skus = ServerTelemetryManager.makeExtraSkuString({\n libraryName: BrowserConstants.MSAL_SKU,\n libraryVersion: version,\n extensionName: extensionName,\n extensionVersion: this.nativeMessageHandler.getExtensionVersion(),\n });\n }\n\n /**\n * Adds SKUs to request extra query parameters\n * @param request {NativeTokenRequest}\n * @private\n */\n private addRequestSKUs(request: NativeTokenRequest) {\n request.extraParameters = {\n ...request.extraParameters,\n [AADServerParamKeys.X_CLIENT_EXTRA_SKU]: this.skus,\n };\n }\n\n /**\n * Acquire token from native platform via browser extension\n * @param request\n */\n async acquireToken(\n request: PopupRequest | SilentRequest | SsoSilentRequest\n ): Promise {\n this.performanceClient.addQueueMeasurement(\n PerformanceEvents.NativeInteractionClientAcquireToken,\n request.correlationId\n );\n this.logger.trace(\"NativeInteractionClient - acquireToken called.\");\n\n // start the perf measurement\n const nativeATMeasurement = this.performanceClient.startMeasurement(\n PerformanceEvents.NativeInteractionClientAcquireToken,\n request.correlationId\n );\n const reqTimestamp = TimeUtils.nowSeconds();\n\n try {\n // initialize native request\n const nativeRequest = await this.initializeNativeRequest(request);\n\n // check if the tokens can be retrieved from internal cache\n try {\n const result = await this.acquireTokensFromCache(\n this.accountId,\n nativeRequest\n );\n nativeATMeasurement.end({\n success: true,\n isNativeBroker: false, // Should be true only when the result is coming directly from the broker\n fromCache: true,\n });\n return result;\n } catch (e) {\n // continue with a native call for any and all errors\n this.logger.info(\n \"MSAL internal Cache does not contain tokens, proceed to make a native call\"\n );\n }\n\n const { ...nativeTokenRequest } = nativeRequest;\n\n // fall back to native calls\n const messageBody: NativeExtensionRequestBody = {\n method: NativeExtensionMethod.GetToken,\n request: nativeTokenRequest,\n };\n\n const response: object =\n await this.nativeMessageHandler.sendMessage(messageBody);\n const validatedResponse: NativeResponse =\n this.validateNativeResponse(response);\n\n return await this.handleNativeResponse(\n validatedResponse,\n nativeRequest,\n reqTimestamp\n )\n .then((result: AuthenticationResult) => {\n nativeATMeasurement.end({\n success: true,\n isNativeBroker: true,\n requestId: result.requestId,\n });\n this.serverTelemetryManager.clearNativeBrokerErrorCode();\n return result;\n })\n .catch((error: AuthError) => {\n nativeATMeasurement.end({\n success: false,\n errorCode: error.errorCode,\n subErrorCode: error.subError,\n isNativeBroker: true,\n });\n throw error;\n });\n } catch (e) {\n if (e instanceof NativeAuthError) {\n this.serverTelemetryManager.setNativeBrokerErrorCode(\n e.errorCode\n );\n }\n throw e;\n }\n }\n\n /**\n * Creates silent flow request\n * @param request\n * @param cachedAccount\n * @returns CommonSilentFlowRequest\n */\n private createSilentCacheRequest(\n request: NativeTokenRequest,\n cachedAccount: AccountInfo\n ): CommonSilentFlowRequest {\n return {\n authority: request.authority,\n correlationId: this.correlationId,\n scopes: ScopeSet.fromString(request.scope).asArray(),\n account: cachedAccount,\n forceRefresh: false,\n };\n }\n\n /**\n * Fetches the tokens from the cache if un-expired\n * @param nativeAccountId\n * @param request\n * @returns authenticationResult\n */\n protected async acquireTokensFromCache(\n nativeAccountId: string,\n request: NativeTokenRequest\n ): Promise {\n if (!nativeAccountId) {\n this.logger.warning(\n \"NativeInteractionClient:acquireTokensFromCache - No nativeAccountId provided\"\n );\n throw createClientAuthError(ClientAuthErrorCodes.noAccountFound);\n }\n // fetch the account from browser cache\n const account = this.browserStorage.getBaseAccountInfo({\n nativeAccountId,\n });\n\n if (!account) {\n throw createClientAuthError(ClientAuthErrorCodes.noAccountFound);\n }\n\n // leverage silent flow for cached tokens retrieval\n try {\n const silentRequest = this.createSilentCacheRequest(\n request,\n account\n );\n const result = await this.silentCacheClient.acquireToken(\n silentRequest\n );\n\n const fullAccount = {\n ...account,\n idTokenClaims: result?.idTokenClaims as TokenClaims,\n idToken: result?.idToken,\n };\n\n return {\n ...result,\n account: fullAccount,\n };\n } catch (e) {\n throw e;\n }\n }\n\n /**\n * Acquires a token from native platform then redirects to the redirectUri instead of returning the response\n * @param {RedirectRequest} request\n * @param {InProgressPerformanceEvent} rootMeasurement\n */\n async acquireTokenRedirect(\n request: RedirectRequest,\n rootMeasurement: InProgressPerformanceEvent\n ): Promise {\n this.logger.trace(\n \"NativeInteractionClient - acquireTokenRedirect called.\"\n );\n\n const { ...remainingParameters } = request;\n delete remainingParameters.onRedirectNavigate;\n\n const nativeRequest = await this.initializeNativeRequest(\n remainingParameters\n );\n\n const messageBody: NativeExtensionRequestBody = {\n method: NativeExtensionMethod.GetToken,\n request: nativeRequest,\n };\n\n try {\n const response: object =\n await this.nativeMessageHandler.sendMessage(messageBody);\n this.validateNativeResponse(response);\n } catch (e) {\n // Only throw fatal errors here to allow application to fallback to regular redirect. Otherwise proceed and the error will be thrown in handleRedirectPromise\n if (e instanceof NativeAuthError) {\n this.serverTelemetryManager.setNativeBrokerErrorCode(\n e.errorCode\n );\n if (isFatalNativeAuthError(e)) {\n throw e;\n }\n }\n }\n this.browserStorage.setTemporaryCache(\n TemporaryCacheKeys.NATIVE_REQUEST,\n JSON.stringify(nativeRequest),\n true\n );\n\n const navigationOptions: NavigationOptions = {\n apiId: ApiId.acquireTokenRedirect,\n timeout: this.config.system.redirectNavigationTimeout,\n noHistory: false,\n };\n const redirectUri = this.config.auth.navigateToLoginRequestUrl\n ? window.location.href\n : this.getRedirectUri(request.redirectUri);\n rootMeasurement.end({ success: true });\n await this.navigationClient.navigateExternal(\n redirectUri,\n navigationOptions\n ); // Need to treat this as external to ensure handleRedirectPromise is run again\n }\n\n /**\n * If the previous page called native platform for a token using redirect APIs, send the same request again and return the response\n * @param performanceClient {IPerformanceClient?}\n * @param correlationId {string?} correlation identifier\n */\n async handleRedirectPromise(\n performanceClient?: IPerformanceClient,\n correlationId?: string\n ): Promise {\n this.logger.trace(\n \"NativeInteractionClient - handleRedirectPromise called.\"\n );\n if (!this.browserStorage.isInteractionInProgress(true)) {\n this.logger.info(\n \"handleRedirectPromise called but there is no interaction in progress, returning null.\"\n );\n return null;\n }\n\n // remove prompt from the request to prevent WAM from prompting twice\n const cachedRequest = this.browserStorage.getCachedNativeRequest();\n if (!cachedRequest) {\n this.logger.verbose(\n \"NativeInteractionClient - handleRedirectPromise called but there is no cached request, returning null.\"\n );\n if (performanceClient && correlationId) {\n performanceClient?.addFields(\n { errorCode: \"no_cached_request\" },\n correlationId\n );\n }\n return null;\n }\n\n const { prompt, ...request } = cachedRequest;\n if (prompt) {\n this.logger.verbose(\n \"NativeInteractionClient - handleRedirectPromise called and prompt was included in the original request, removing prompt from cached request to prevent second interaction with native broker window.\"\n );\n }\n\n this.browserStorage.removeItem(\n this.browserStorage.generateCacheKey(\n TemporaryCacheKeys.NATIVE_REQUEST\n )\n );\n\n const messageBody: NativeExtensionRequestBody = {\n method: NativeExtensionMethod.GetToken,\n request: request,\n };\n\n const reqTimestamp = TimeUtils.nowSeconds();\n\n try {\n this.logger.verbose(\n \"NativeInteractionClient - handleRedirectPromise sending message to native broker.\"\n );\n const response: object =\n await this.nativeMessageHandler.sendMessage(messageBody);\n this.validateNativeResponse(response);\n const result = this.handleNativeResponse(\n response as NativeResponse,\n request,\n reqTimestamp\n );\n this.browserStorage.setInteractionInProgress(false);\n const res = await result;\n this.serverTelemetryManager.clearNativeBrokerErrorCode();\n return res;\n } catch (e) {\n this.browserStorage.setInteractionInProgress(false);\n throw e;\n }\n }\n\n /**\n * Logout from native platform via browser extension\n * @param request\n */\n logout(): Promise {\n this.logger.trace(\"NativeInteractionClient - logout called.\");\n return Promise.reject(\"Logout not implemented yet\");\n }\n\n /**\n * Transform response from native platform into AuthenticationResult object which will be returned to the end user\n * @param response\n * @param request\n * @param reqTimestamp\n */\n protected async handleNativeResponse(\n response: NativeResponse,\n request: NativeTokenRequest,\n reqTimestamp: number\n ): Promise {\n this.logger.trace(\n \"NativeInteractionClient - handleNativeResponse called.\"\n );\n\n // generate identifiers\n const idTokenClaims = AuthToken.extractTokenClaims(\n response.id_token,\n base64Decode\n );\n\n const homeAccountIdentifier = this.createHomeAccountIdentifier(\n response,\n idTokenClaims\n );\n\n const cachedhomeAccountId =\n this.browserStorage.getAccountInfoFilteredBy({\n nativeAccountId: request.accountId,\n })?.homeAccountId;\n\n if (\n homeAccountIdentifier !== cachedhomeAccountId &&\n response.account.id !== request.accountId\n ) {\n // User switch in native broker prompt is not supported. All users must first sign in through web flow to ensure server state is in sync\n throw createNativeAuthError(NativeAuthErrorCodes.userSwitch);\n }\n\n // Get the preferred_cache domain for the given authority\n const authority = await this.getDiscoveredAuthority({\n requestAuthority: request.authority,\n });\n\n const baseAccount = buildAccountToCache(\n this.browserStorage,\n authority,\n homeAccountIdentifier,\n base64Decode,\n idTokenClaims,\n response.client_info,\n undefined, // environment\n idTokenClaims.tid,\n undefined, // auth code payload\n response.account.id,\n this.logger\n );\n\n // generate authenticationResult\n const result = await this.generateAuthenticationResult(\n response,\n request,\n idTokenClaims,\n baseAccount,\n authority.canonicalAuthority,\n reqTimestamp\n );\n\n // cache accounts and tokens in the appropriate storage\n this.cacheAccount(baseAccount);\n this.cacheNativeTokens(\n response,\n request,\n homeAccountIdentifier,\n idTokenClaims,\n response.access_token,\n result.tenantId,\n reqTimestamp\n );\n\n return result;\n }\n\n /**\n * creates an homeAccountIdentifier for the account\n * @param response\n * @param idTokenObj\n * @returns\n */\n protected createHomeAccountIdentifier(\n response: NativeResponse,\n idTokenClaims: TokenClaims\n ): string {\n // Save account in browser storage\n const homeAccountIdentifier = AccountEntity.generateHomeAccountId(\n response.client_info || Constants.EMPTY_STRING,\n AuthorityType.Default,\n this.logger,\n this.browserCrypto,\n idTokenClaims\n );\n\n return homeAccountIdentifier;\n }\n\n /**\n * Helper to generate scopes\n * @param response\n * @param request\n * @returns\n */\n generateScopes(\n response: NativeResponse,\n request: NativeTokenRequest\n ): ScopeSet {\n return response.scope\n ? ScopeSet.fromString(response.scope)\n : ScopeSet.fromString(request.scope);\n }\n\n /**\n * If PoP token is requesred, records the PoP token if returned from the WAM, else generates one in the browser\n * @param request\n * @param response\n */\n async generatePopAccessToken(\n response: NativeResponse,\n request: NativeTokenRequest\n ): Promise {\n if (\n request.tokenType === AuthenticationScheme.POP &&\n request.signPopToken\n ) {\n /**\n * This code prioritizes SHR returned from the native layer. In case of error/SHR not calculated from WAM and the AT\n * is still received, SHR is calculated locally\n */\n\n // Check if native layer returned an SHR token\n if (response.shr) {\n this.logger.trace(\n \"handleNativeServerResponse: SHR is enabled in native layer\"\n );\n return response.shr;\n }\n\n // Generate SHR in msal js if WAM does not compute it when POP is enabled\n const popTokenGenerator: PopTokenGenerator = new PopTokenGenerator(\n this.browserCrypto\n );\n const shrParameters: SignedHttpRequestParameters = {\n resourceRequestMethod: request.resourceRequestMethod,\n resourceRequestUri: request.resourceRequestUri,\n shrClaims: request.shrClaims,\n shrNonce: request.shrNonce,\n };\n\n /**\n * KeyID must be present in the native request from when the PoP key was generated in order for\n * PopTokenGenerator to query the full key for signing\n */\n if (!request.keyId) {\n throw createClientAuthError(ClientAuthErrorCodes.keyIdMissing);\n }\n return popTokenGenerator.signPopToken(\n response.access_token,\n request.keyId,\n shrParameters\n );\n } else {\n return response.access_token;\n }\n }\n\n /**\n * Generates authentication result\n * @param response\n * @param request\n * @param idTokenObj\n * @param accountEntity\n * @param authority\n * @param reqTimestamp\n * @returns\n */\n protected async generateAuthenticationResult(\n response: NativeResponse,\n request: NativeTokenRequest,\n idTokenClaims: TokenClaims,\n accountEntity: AccountEntity,\n authority: string,\n reqTimestamp: number\n ): Promise {\n // Add Native Broker fields to Telemetry\n const mats = this.addTelemetryFromNativeResponse(response);\n\n // If scopes not returned in server response, use request scopes\n const responseScopes = response.scope\n ? ScopeSet.fromString(response.scope)\n : ScopeSet.fromString(request.scope);\n\n const accountProperties = response.account.properties || {};\n const uid =\n accountProperties[\"UID\"] ||\n idTokenClaims.oid ||\n idTokenClaims.sub ||\n Constants.EMPTY_STRING;\n const tid =\n accountProperties[\"TenantId\"] ||\n idTokenClaims.tid ||\n Constants.EMPTY_STRING;\n\n const accountInfo: AccountInfo | null = updateAccountTenantProfileData(\n accountEntity.getAccountInfo(),\n undefined, // tenantProfile optional\n idTokenClaims,\n response.id_token\n );\n\n /**\n * In pairwise broker flows, this check prevents the broker's native account id\n * from being returned over the embedded app's account id.\n */\n if (accountInfo.nativeAccountId !== response.account.id) {\n accountInfo.nativeAccountId = response.account.id;\n }\n\n // generate PoP token as needed\n const responseAccessToken = await this.generatePopAccessToken(\n response,\n request\n );\n const tokenType =\n request.tokenType === AuthenticationScheme.POP\n ? AuthenticationScheme.POP\n : AuthenticationScheme.BEARER;\n\n const result: AuthenticationResult = {\n authority: authority,\n uniqueId: uid,\n tenantId: tid,\n scopes: responseScopes.asArray(),\n account: accountInfo,\n idToken: response.id_token,\n idTokenClaims: idTokenClaims,\n accessToken: responseAccessToken,\n fromCache: mats ? this.isResponseFromCache(mats) : false,\n expiresOn: new Date(\n Number(reqTimestamp + response.expires_in) * 1000\n ),\n tokenType: tokenType,\n correlationId: this.correlationId,\n state: response.state,\n fromNativeBroker: true,\n };\n\n return result;\n }\n\n /**\n * cache the account entity in browser storage\n * @param accountEntity\n */\n cacheAccount(accountEntity: AccountEntity): void {\n // Store the account info and hence `nativeAccountId` in browser cache\n this.browserStorage.setAccount(accountEntity);\n\n // Remove any existing cached tokens for this account in browser storage\n this.browserStorage.removeAccountContext(accountEntity).catch((e) => {\n this.logger.error(\n `Error occurred while removing account context from browser storage. ${e}`\n );\n });\n }\n\n /**\n * Stores the access_token and id_token in inmemory storage\n * @param response\n * @param request\n * @param homeAccountIdentifier\n * @param idTokenObj\n * @param responseAccessToken\n * @param tenantId\n * @param reqTimestamp\n */\n cacheNativeTokens(\n response: NativeResponse,\n request: NativeTokenRequest,\n homeAccountIdentifier: string,\n idTokenClaims: TokenClaims,\n responseAccessToken: string,\n tenantId: string,\n reqTimestamp: number\n ): void {\n const cachedIdToken: IdTokenEntity | null =\n CacheHelpers.createIdTokenEntity(\n homeAccountIdentifier,\n request.authority,\n response.id_token || \"\",\n request.clientId,\n idTokenClaims.tid || \"\"\n );\n\n // cache accessToken in inmemory storage\n const expiresIn: number =\n request.tokenType === AuthenticationScheme.POP\n ? Constants.SHR_NONCE_VALIDITY\n : (typeof response.expires_in === \"string\"\n ? parseInt(response.expires_in, 10)\n : response.expires_in) || 0;\n const tokenExpirationSeconds = reqTimestamp + expiresIn;\n const responseScopes = this.generateScopes(response, request);\n\n const cachedAccessToken: AccessTokenEntity | null =\n CacheHelpers.createAccessTokenEntity(\n homeAccountIdentifier,\n request.authority,\n responseAccessToken,\n request.clientId,\n idTokenClaims.tid || tenantId,\n responseScopes.printScopes(),\n tokenExpirationSeconds,\n 0,\n base64Decode,\n undefined,\n request.tokenType as AuthenticationScheme,\n undefined,\n request.keyId\n );\n\n const nativeCacheRecord = {\n idToken: cachedIdToken,\n accessToken: cachedAccessToken,\n };\n\n void this.nativeStorageManager.saveCacheRecord(\n nativeCacheRecord,\n request.storeInCache\n );\n }\n\n protected addTelemetryFromNativeResponse(\n response: NativeResponse\n ): MATS | null {\n const mats = this.getMATSFromResponse(response);\n\n if (!mats) {\n return null;\n }\n\n this.performanceClient.addFields(\n {\n extensionId: this.nativeMessageHandler.getExtensionId(),\n extensionVersion:\n this.nativeMessageHandler.getExtensionVersion(),\n matsBrokerVersion: mats.broker_version,\n matsAccountJoinOnStart: mats.account_join_on_start,\n matsAccountJoinOnEnd: mats.account_join_on_end,\n matsDeviceJoin: mats.device_join,\n matsPromptBehavior: mats.prompt_behavior,\n matsApiErrorCode: mats.api_error_code,\n matsUiVisible: mats.ui_visible,\n matsSilentCode: mats.silent_code,\n matsSilentBiSubCode: mats.silent_bi_sub_code,\n matsSilentMessage: mats.silent_message,\n matsSilentStatus: mats.silent_status,\n matsHttpStatus: mats.http_status,\n matsHttpEventCount: mats.http_event_count,\n },\n this.correlationId\n );\n\n return mats;\n }\n\n /**\n * Validates native platform response before processing\n * @param response\n */\n private validateNativeResponse(response: object): NativeResponse {\n if (\n response.hasOwnProperty(\"access_token\") &&\n response.hasOwnProperty(\"id_token\") &&\n response.hasOwnProperty(\"client_info\") &&\n response.hasOwnProperty(\"account\") &&\n response.hasOwnProperty(\"scope\") &&\n response.hasOwnProperty(\"expires_in\")\n ) {\n return response as NativeResponse;\n } else {\n throw createAuthError(\n AuthErrorCodes.unexpectedError,\n \"Response missing expected properties.\"\n );\n }\n }\n\n /**\n * Gets MATS telemetry from native response\n * @param response\n * @returns\n */\n private getMATSFromResponse(response: NativeResponse): MATS | null {\n if (response.properties.MATS) {\n try {\n return JSON.parse(response.properties.MATS);\n } catch (e) {\n this.logger.error(\n \"NativeInteractionClient - Error parsing MATS telemetry, returning null instead\"\n );\n }\n }\n\n return null;\n }\n\n /**\n * Returns whether or not response came from native cache\n * @param response\n * @returns\n */\n protected isResponseFromCache(mats: MATS): boolean {\n if (typeof mats.is_cached === \"undefined\") {\n this.logger.verbose(\n \"NativeInteractionClient - MATS telemetry does not contain field indicating if response was served from cache. Returning false.\"\n );\n return false;\n }\n\n return !!mats.is_cached;\n }\n\n /**\n * Translates developer provided request object into NativeRequest object\n * @param request\n */\n protected async initializeNativeRequest(\n request: PopupRequest | SsoSilentRequest\n ): Promise {\n this.logger.trace(\n \"NativeInteractionClient - initializeNativeRequest called\"\n );\n\n const requestAuthority =\n request.authority || this.config.auth.authority;\n\n if (request.account) {\n // validate authority\n await this.getDiscoveredAuthority({\n requestAuthority,\n requestAzureCloudOptions: request.azureCloudOptions,\n account: request.account,\n });\n }\n\n const canonicalAuthority = new UrlString(requestAuthority);\n canonicalAuthority.validateAsUri();\n\n // scopes are expected to be received by the native broker as \"scope\" and will be added to the request below. Other properties that should be dropped from the request to the native broker can be included in the object destructuring here.\n const { scopes, ...remainingProperties } = request;\n const scopeSet = new ScopeSet(scopes || []);\n scopeSet.appendScopes(OIDC_DEFAULT_SCOPES);\n\n const getPrompt = () => {\n // If request is silent, prompt is always none\n switch (this.apiId) {\n case ApiId.ssoSilent:\n case ApiId.acquireTokenSilent_silentFlow:\n this.logger.trace(\n \"initializeNativeRequest: silent request sets prompt to none\"\n );\n return PromptValue.NONE;\n default:\n break;\n }\n\n // Prompt not provided, request may proceed and native broker decides if it needs to prompt\n if (!request.prompt) {\n this.logger.trace(\n \"initializeNativeRequest: prompt was not provided\"\n );\n return undefined;\n }\n\n // If request is interactive, check if prompt provided is allowed to go directly to native broker\n switch (request.prompt) {\n case PromptValue.NONE:\n case PromptValue.CONSENT:\n case PromptValue.LOGIN:\n this.logger.trace(\n \"initializeNativeRequest: prompt is compatible with native flow\"\n );\n return request.prompt;\n default:\n this.logger.trace(\n `initializeNativeRequest: prompt = ${request.prompt} is not compatible with native flow`\n );\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.nativePromptNotSupported\n );\n }\n };\n\n const validatedRequest: NativeTokenRequest = {\n ...remainingProperties,\n accountId: this.accountId,\n clientId: this.config.auth.clientId,\n authority: canonicalAuthority.urlString,\n scope: scopeSet.printScopes(),\n redirectUri: this.getRedirectUri(request.redirectUri),\n prompt: getPrompt(),\n correlationId: this.correlationId,\n tokenType: request.authenticationScheme,\n windowTitleSubstring: document.title,\n extraParameters: {\n ...request.extraQueryParameters,\n ...request.tokenQueryParameters,\n },\n extendedExpiryToken: false, // Make this configurable?\n keyId: request.popKid,\n };\n\n // Check for PoP token requests: signPopToken should only be set to true if popKid is not set\n if (validatedRequest.signPopToken && !!request.popKid) {\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.invalidPopTokenRequest\n );\n }\n\n this.handleExtraBrokerParams(validatedRequest);\n validatedRequest.extraParameters =\n validatedRequest.extraParameters || {};\n validatedRequest.extraParameters.telemetry =\n NativeConstants.MATS_TELEMETRY;\n\n if (request.authenticationScheme === AuthenticationScheme.POP) {\n // add POP request type\n const shrParameters: SignedHttpRequestParameters = {\n resourceRequestUri: request.resourceRequestUri,\n resourceRequestMethod: request.resourceRequestMethod,\n shrClaims: request.shrClaims,\n shrNonce: request.shrNonce,\n };\n\n const popTokenGenerator = new PopTokenGenerator(this.browserCrypto);\n\n // generate reqCnf if not provided in the request\n let reqCnfData;\n if (!validatedRequest.keyId) {\n const generatedReqCnfData = await invokeAsync(\n popTokenGenerator.generateCnf.bind(popTokenGenerator),\n PerformanceEvents.PopTokenGenerateCnf,\n this.logger,\n this.performanceClient,\n request.correlationId\n )(shrParameters, this.logger);\n reqCnfData = generatedReqCnfData.reqCnfString;\n validatedRequest.keyId = generatedReqCnfData.kid;\n validatedRequest.signPopToken = true;\n } else {\n reqCnfData = this.browserCrypto.base64UrlEncode(\n JSON.stringify({ kid: validatedRequest.keyId })\n );\n validatedRequest.signPopToken = false;\n }\n\n // SPAs require whole string to be passed to broker\n validatedRequest.reqCnf = reqCnfData;\n }\n this.addRequestSKUs(validatedRequest);\n\n return validatedRequest;\n }\n\n /**\n * Handles extra broker request parameters\n * @param request {NativeTokenRequest}\n * @private\n */\n private handleExtraBrokerParams(request: NativeTokenRequest): void {\n const hasExtraBrokerParams =\n request.extraParameters &&\n request.extraParameters.hasOwnProperty(\n AADServerParamKeys.BROKER_CLIENT_ID\n ) &&\n request.extraParameters.hasOwnProperty(\n AADServerParamKeys.BROKER_REDIRECT_URI\n ) &&\n request.extraParameters.hasOwnProperty(\n AADServerParamKeys.CLIENT_ID\n );\n\n if (!request.embeddedClientId && !hasExtraBrokerParams) {\n return;\n }\n\n let child_client_id: string = \"\";\n const child_redirect_uri = request.redirectUri;\n\n if (request.embeddedClientId) {\n request.redirectUri = this.config.auth.redirectUri;\n child_client_id = request.embeddedClientId;\n } else if (request.extraParameters) {\n request.redirectUri =\n request.extraParameters[AADServerParamKeys.BROKER_REDIRECT_URI];\n child_client_id =\n request.extraParameters[AADServerParamKeys.CLIENT_ID];\n }\n\n request.extraParameters = {\n child_client_id,\n child_redirect_uri,\n };\n\n this.performanceClient?.addFields(\n {\n embeddedClientId: child_client_id,\n embeddedRedirectUri: child_redirect_uri,\n },\n request.correlationId\n );\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n CommonAuthorizationCodeRequest,\n AuthorizationCodeClient,\n ThrottlingUtils,\n CommonEndSessionRequest,\n UrlString,\n AuthError,\n OIDC_DEFAULT_SCOPES,\n ProtocolUtils,\n PerformanceEvents,\n IPerformanceClient,\n Logger,\n ICrypto,\n ProtocolMode,\n ServerResponseType,\n invokeAsync,\n invoke,\n} from \"@azure/msal-common/browser\";\nimport { StandardInteractionClient } from \"./StandardInteractionClient.js\";\nimport { EventType } from \"../event/EventType.js\";\nimport {\n InteractionType,\n ApiId,\n BrowserConstants,\n} from \"../utils/BrowserConstants.js\";\nimport { EndSessionPopupRequest } from \"../request/EndSessionPopupRequest.js\";\nimport { NavigationOptions } from \"../navigation/NavigationOptions.js\";\nimport * as BrowserUtils from \"../utils/BrowserUtils.js\";\nimport { PopupRequest } from \"../request/PopupRequest.js\";\nimport { NativeInteractionClient } from \"./NativeInteractionClient.js\";\nimport { NativeMessageHandler } from \"../broker/nativeBroker/NativeMessageHandler.js\";\nimport {\n createBrowserAuthError,\n BrowserAuthErrorCodes,\n} from \"../error/BrowserAuthError.js\";\nimport { INavigationClient } from \"../navigation/INavigationClient.js\";\nimport { EventHandler } from \"../event/EventHandler.js\";\nimport { BrowserCacheManager } from \"../cache/BrowserCacheManager.js\";\nimport { BrowserConfiguration } from \"../config/Configuration.js\";\nimport { InteractionHandler } from \"../interaction_handler/InteractionHandler.js\";\nimport { PopupWindowAttributes } from \"../request/PopupWindowAttributes.js\";\nimport { EventError } from \"../event/EventMessage.js\";\nimport { AuthenticationResult } from \"../response/AuthenticationResult.js\";\nimport * as ResponseHandler from \"../response/ResponseHandler.js\";\n\nexport type PopupParams = {\n popup?: Window | null;\n popupName: string;\n popupWindowAttributes: PopupWindowAttributes;\n popupWindowParent: Window;\n};\n\nexport class PopupClient extends StandardInteractionClient {\n private currentWindow: Window | undefined;\n protected nativeStorage: BrowserCacheManager;\n\n constructor(\n config: BrowserConfiguration,\n storageImpl: BrowserCacheManager,\n browserCrypto: ICrypto,\n logger: Logger,\n eventHandler: EventHandler,\n navigationClient: INavigationClient,\n performanceClient: IPerformanceClient,\n nativeStorageImpl: BrowserCacheManager,\n nativeMessageHandler?: NativeMessageHandler,\n correlationId?: string\n ) {\n super(\n config,\n storageImpl,\n browserCrypto,\n logger,\n eventHandler,\n navigationClient,\n performanceClient,\n nativeMessageHandler,\n correlationId\n );\n // Properly sets this reference for the unload event.\n this.unloadWindow = this.unloadWindow.bind(this);\n this.nativeStorage = nativeStorageImpl;\n }\n\n /**\n * Acquires tokens by opening a popup window to the /authorize endpoint of the authority\n * @param request\n */\n acquireToken(request: PopupRequest): Promise {\n try {\n const popupName = this.generatePopupName(\n request.scopes || OIDC_DEFAULT_SCOPES,\n request.authority || this.config.auth.authority\n );\n const popupParams: PopupParams = {\n popupName,\n popupWindowAttributes: request.popupWindowAttributes || {},\n popupWindowParent: request.popupWindowParent ?? window,\n };\n\n // asyncPopups flag is true. Acquires token without first opening popup. Popup will be opened later asynchronously.\n if (this.config.system.asyncPopups) {\n this.logger.verbose(\"asyncPopups set to true, acquiring token\");\n // Passes on popup position and dimensions if in request\n return this.acquireTokenPopupAsync(request, popupParams);\n } else {\n // asyncPopups flag is set to false. Opens popup before acquiring token.\n this.logger.verbose(\n \"asyncPopup set to false, opening popup before acquiring token\"\n );\n popupParams.popup = this.openSizedPopup(\n \"about:blank\",\n popupParams\n );\n return this.acquireTokenPopupAsync(request, popupParams);\n }\n } catch (e) {\n return Promise.reject(e);\n }\n }\n\n /**\n * Clears local cache for the current user then opens a popup window prompting the user to sign-out of the server\n * @param logoutRequest\n */\n logout(logoutRequest?: EndSessionPopupRequest): Promise {\n try {\n this.logger.verbose(\"logoutPopup called\");\n const validLogoutRequest =\n this.initializeLogoutRequest(logoutRequest);\n const popupParams: PopupParams = {\n popupName: this.generateLogoutPopupName(validLogoutRequest),\n popupWindowAttributes:\n logoutRequest?.popupWindowAttributes || {},\n popupWindowParent: logoutRequest?.popupWindowParent ?? window,\n };\n const authority = logoutRequest && logoutRequest.authority;\n const mainWindowRedirectUri =\n logoutRequest && logoutRequest.mainWindowRedirectUri;\n\n // asyncPopups flag is true. Acquires token without first opening popup. Popup will be opened later asynchronously.\n if (this.config.system.asyncPopups) {\n this.logger.verbose(\"asyncPopups set to true\");\n // Passes on popup position and dimensions if in request\n return this.logoutPopupAsync(\n validLogoutRequest,\n popupParams,\n authority,\n mainWindowRedirectUri\n );\n } else {\n // asyncPopups flag is set to false. Opens popup before logging out.\n this.logger.verbose(\"asyncPopup set to false, opening popup\");\n popupParams.popup = this.openSizedPopup(\n \"about:blank\",\n popupParams\n );\n return this.logoutPopupAsync(\n validLogoutRequest,\n popupParams,\n authority,\n mainWindowRedirectUri\n );\n }\n } catch (e) {\n // Since this function is synchronous we need to reject\n return Promise.reject(e);\n }\n }\n\n /**\n * Helper which obtains an access_token for your API via opening a popup window in the user's browser\n * @param validRequest\n * @param popupName\n * @param popup\n * @param popupWindowAttributes\n *\n * @returns A promise that is fulfilled when this function has completed, or rejected if an error was raised.\n */\n protected async acquireTokenPopupAsync(\n request: PopupRequest,\n popupParams: PopupParams\n ): Promise {\n this.logger.verbose(\"acquireTokenPopupAsync called\");\n const serverTelemetryManager = this.initializeServerTelemetryManager(\n ApiId.acquireTokenPopup\n );\n\n const validRequest = await invokeAsync(\n this.initializeAuthorizationRequest.bind(this),\n PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest,\n this.logger,\n this.performanceClient,\n this.correlationId\n )(request, InteractionType.Popup);\n\n BrowserUtils.preconnect(validRequest.authority);\n\n try {\n // Create auth code request and generate PKCE params\n const authCodeRequest: CommonAuthorizationCodeRequest =\n await invokeAsync(\n this.initializeAuthorizationCodeRequest.bind(this),\n PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest,\n this.logger,\n this.performanceClient,\n this.correlationId\n )(validRequest);\n\n // Initialize the client\n const authClient: AuthorizationCodeClient = await invokeAsync(\n this.createAuthCodeClient.bind(this),\n PerformanceEvents.StandardInteractionClientCreateAuthCodeClient,\n this.logger,\n this.performanceClient,\n this.correlationId\n )({\n serverTelemetryManager,\n requestAuthority: validRequest.authority,\n requestAzureCloudOptions: validRequest.azureCloudOptions,\n requestExtraQueryParameters: validRequest.extraQueryParameters,\n account: validRequest.account,\n });\n\n const isNativeBroker = NativeMessageHandler.isNativeAvailable(\n this.config,\n this.logger,\n this.nativeMessageHandler,\n request.authenticationScheme\n );\n // Start measurement for server calls with native brokering enabled\n let fetchNativeAccountIdMeasurement;\n if (isNativeBroker) {\n fetchNativeAccountIdMeasurement =\n this.performanceClient.startMeasurement(\n PerformanceEvents.FetchAccountIdWithNativeBroker,\n request.correlationId\n );\n }\n\n // Create acquire token url.\n const navigateUrl = await authClient.getAuthCodeUrl({\n ...validRequest,\n nativeBroker: isNativeBroker,\n });\n\n // Create popup interaction handler.\n const interactionHandler = new InteractionHandler(\n authClient,\n this.browserStorage,\n authCodeRequest,\n this.logger,\n this.performanceClient\n );\n\n // Show the UI once the url has been created. Get the window handle for the popup.\n const popupWindow: Window = this.initiateAuthRequest(\n navigateUrl,\n popupParams\n );\n this.eventHandler.emitEvent(\n EventType.POPUP_OPENED,\n InteractionType.Popup,\n { popupWindow },\n null\n );\n\n // Monitor the window for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.\n const responseString = await this.monitorPopupForHash(\n popupWindow,\n popupParams.popupWindowParent\n );\n\n const serverParams = invoke(\n ResponseHandler.deserializeResponse,\n PerformanceEvents.DeserializeResponse,\n this.logger,\n this.performanceClient,\n this.correlationId\n )(\n responseString,\n this.config.auth.OIDCOptions.serverResponseType,\n this.logger\n );\n // Remove throttle if it exists\n ThrottlingUtils.removeThrottle(\n this.browserStorage,\n this.config.auth.clientId,\n authCodeRequest\n );\n\n if (serverParams.accountId) {\n this.logger.verbose(\n \"Account id found in hash, calling WAM for token\"\n );\n // end measurement for server call with native brokering enabled\n if (fetchNativeAccountIdMeasurement) {\n fetchNativeAccountIdMeasurement.end({\n success: true,\n isNativeBroker: true,\n });\n }\n\n if (!this.nativeMessageHandler) {\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.nativeConnectionNotEstablished\n );\n }\n const nativeInteractionClient = new NativeInteractionClient(\n this.config,\n this.browserStorage,\n this.browserCrypto,\n this.logger,\n this.eventHandler,\n this.navigationClient,\n ApiId.acquireTokenPopup,\n this.performanceClient,\n this.nativeMessageHandler,\n serverParams.accountId,\n this.nativeStorage,\n validRequest.correlationId\n );\n const { userRequestState } = ProtocolUtils.parseRequestState(\n this.browserCrypto,\n validRequest.state\n );\n return await nativeInteractionClient.acquireToken({\n ...validRequest,\n state: userRequestState,\n prompt: undefined, // Server should handle the prompt, ideally native broker can do this part silently\n });\n }\n\n // Handle response from hash string.\n const result = await interactionHandler.handleCodeResponse(\n serverParams,\n validRequest\n );\n\n return result;\n } catch (e) {\n // Close the synchronous popup if an error is thrown before the window unload event is registered\n popupParams.popup?.close();\n\n if (e instanceof AuthError) {\n (e as AuthError).setCorrelationId(this.correlationId);\n serverTelemetryManager.cacheFailedRequest(e);\n }\n\n throw e;\n }\n }\n\n /**\n *\n * @param validRequest\n * @param popupName\n * @param requestAuthority\n * @param popup\n * @param mainWindowRedirectUri\n * @param popupWindowAttributes\n */\n protected async logoutPopupAsync(\n validRequest: CommonEndSessionRequest,\n popupParams: PopupParams,\n requestAuthority?: string,\n mainWindowRedirectUri?: string\n ): Promise {\n this.logger.verbose(\"logoutPopupAsync called\");\n this.eventHandler.emitEvent(\n EventType.LOGOUT_START,\n InteractionType.Popup,\n validRequest\n );\n\n const serverTelemetryManager = this.initializeServerTelemetryManager(\n ApiId.logoutPopup\n );\n\n try {\n // Clear cache on logout\n await this.clearCacheOnLogout(validRequest.account);\n\n // Initialize the client\n const authClient = await invokeAsync(\n this.createAuthCodeClient.bind(this),\n PerformanceEvents.StandardInteractionClientCreateAuthCodeClient,\n this.logger,\n this.performanceClient,\n this.correlationId\n )({\n serverTelemetryManager,\n requestAuthority: requestAuthority,\n account: validRequest.account || undefined,\n });\n\n try {\n authClient.authority.endSessionEndpoint;\n } catch {\n if (\n validRequest.account?.homeAccountId &&\n validRequest.postLogoutRedirectUri &&\n authClient.authority.protocolMode === ProtocolMode.OIDC\n ) {\n void this.browserStorage.removeAccount(\n validRequest.account?.homeAccountId\n );\n\n this.eventHandler.emitEvent(\n EventType.LOGOUT_SUCCESS,\n InteractionType.Popup,\n validRequest\n );\n\n if (mainWindowRedirectUri) {\n const navigationOptions: NavigationOptions = {\n apiId: ApiId.logoutPopup,\n timeout:\n this.config.system.redirectNavigationTimeout,\n noHistory: false,\n };\n const absoluteUrl = UrlString.getAbsoluteUrl(\n mainWindowRedirectUri,\n BrowserUtils.getCurrentUri()\n );\n await this.navigationClient.navigateInternal(\n absoluteUrl,\n navigationOptions\n );\n }\n\n popupParams.popup?.close();\n\n return;\n }\n }\n\n // Create logout string and navigate user window to logout.\n const logoutUri: string = authClient.getLogoutUri(validRequest);\n\n this.eventHandler.emitEvent(\n EventType.LOGOUT_SUCCESS,\n InteractionType.Popup,\n validRequest\n );\n\n // Open the popup window to requestUrl.\n const popupWindow = this.openPopup(logoutUri, popupParams);\n this.eventHandler.emitEvent(\n EventType.POPUP_OPENED,\n InteractionType.Popup,\n { popupWindow },\n null\n );\n\n await this.monitorPopupForHash(\n popupWindow,\n popupParams.popupWindowParent\n ).catch(() => {\n // Swallow any errors related to monitoring the window. Server logout is best effort\n });\n\n if (mainWindowRedirectUri) {\n const navigationOptions: NavigationOptions = {\n apiId: ApiId.logoutPopup,\n timeout: this.config.system.redirectNavigationTimeout,\n noHistory: false,\n };\n const absoluteUrl = UrlString.getAbsoluteUrl(\n mainWindowRedirectUri,\n BrowserUtils.getCurrentUri()\n );\n\n this.logger.verbose(\n \"Redirecting main window to url specified in the request\"\n );\n this.logger.verbosePii(\n `Redirecting main window to: ${absoluteUrl}`\n );\n await this.navigationClient.navigateInternal(\n absoluteUrl,\n navigationOptions\n );\n } else {\n this.logger.verbose(\"No main window navigation requested\");\n }\n } catch (e) {\n // Close the synchronous popup if an error is thrown before the window unload event is registered\n popupParams.popup?.close();\n\n if (e instanceof AuthError) {\n (e as AuthError).setCorrelationId(this.correlationId);\n serverTelemetryManager.cacheFailedRequest(e);\n }\n this.browserStorage.setInteractionInProgress(false);\n this.eventHandler.emitEvent(\n EventType.LOGOUT_FAILURE,\n InteractionType.Popup,\n null,\n e as EventError\n );\n this.eventHandler.emitEvent(\n EventType.LOGOUT_END,\n InteractionType.Popup\n );\n throw e;\n }\n\n this.eventHandler.emitEvent(\n EventType.LOGOUT_END,\n InteractionType.Popup\n );\n }\n\n /**\n * Opens a popup window with given request Url.\n * @param requestUrl\n */\n initiateAuthRequest(requestUrl: string, params: PopupParams): Window {\n // Check that request url is not empty.\n if (requestUrl) {\n this.logger.infoPii(`Navigate to: ${requestUrl}`);\n // Open the popup window to requestUrl.\n return this.openPopup(requestUrl, params);\n } else {\n // Throw error if request URL is empty.\n this.logger.error(\"Navigate url is empty\");\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.emptyNavigateUri\n );\n }\n }\n\n /**\n * Monitors a window until it loads a url with the same origin.\n * @param popupWindow - window that is being monitored\n * @param timeout - timeout for processing hash once popup is redirected back to application\n */\n monitorPopupForHash(\n popupWindow: Window,\n popupWindowParent: Window\n ): Promise {\n return new Promise((resolve, reject) => {\n this.logger.verbose(\n \"PopupHandler.monitorPopupForHash - polling started\"\n );\n\n const intervalId = setInterval(() => {\n // Window is closed\n if (popupWindow.closed) {\n this.logger.error(\n \"PopupHandler.monitorPopupForHash - window closed\"\n );\n clearInterval(intervalId);\n reject(\n createBrowserAuthError(\n BrowserAuthErrorCodes.userCancelled\n )\n );\n return;\n }\n\n let href = \"\";\n try {\n /*\n * Will throw if cross origin,\n * which should be caught and ignored\n * since we need the interval to keep running while on STS UI.\n */\n href = popupWindow.location.href;\n } catch (e) {}\n\n // Don't process blank pages or cross domain\n if (!href || href === \"about:blank\") {\n return;\n }\n clearInterval(intervalId);\n\n let responseString = \"\";\n const responseType =\n this.config.auth.OIDCOptions.serverResponseType;\n if (popupWindow) {\n if (responseType === ServerResponseType.QUERY) {\n responseString = popupWindow.location.search;\n } else {\n responseString = popupWindow.location.hash;\n }\n }\n\n this.logger.verbose(\n \"PopupHandler.monitorPopupForHash - popup window is on same origin as caller\"\n );\n\n resolve(responseString);\n }, this.config.system.pollIntervalMilliseconds);\n }).finally(() => {\n this.cleanPopup(popupWindow, popupWindowParent);\n });\n }\n\n /**\n * @hidden\n *\n * Configures popup window for login.\n *\n * @param urlNavigate\n * @param title\n * @param popUpWidth\n * @param popUpHeight\n * @param popupWindowAttributes\n * @ignore\n * @hidden\n */\n openPopup(urlNavigate: string, popupParams: PopupParams): Window {\n try {\n let popupWindow;\n // Popup window passed in, setting url to navigate to\n if (popupParams.popup) {\n popupWindow = popupParams.popup;\n this.logger.verbosePii(\n `Navigating popup window to: ${urlNavigate}`\n );\n popupWindow.location.assign(urlNavigate);\n } else if (typeof popupParams.popup === \"undefined\") {\n // Popup will be undefined if it was not passed in\n this.logger.verbosePii(\n `Opening popup window to: ${urlNavigate}`\n );\n popupWindow = this.openSizedPopup(urlNavigate, popupParams);\n }\n\n // Popup will be null if popups are blocked\n if (!popupWindow) {\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.emptyWindowError\n );\n }\n if (popupWindow.focus) {\n popupWindow.focus();\n }\n this.currentWindow = popupWindow;\n popupParams.popupWindowParent.addEventListener(\n \"beforeunload\",\n this.unloadWindow\n );\n\n return popupWindow;\n } catch (e) {\n this.logger.error(\n \"error opening popup \" + (e as AuthError).message\n );\n this.browserStorage.setInteractionInProgress(false);\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.popupWindowError\n );\n }\n }\n\n /**\n * Helper function to set popup window dimensions and position\n * @param urlNavigate\n * @param popupName\n * @param popupWindowAttributes\n * @returns\n */\n openSizedPopup(\n urlNavigate: string,\n { popupName, popupWindowAttributes, popupWindowParent }: PopupParams\n ): Window | null {\n /**\n * adding winLeft and winTop to account for dual monitor\n * using screenLeft and screenTop for IE8 and earlier\n */\n const winLeft = popupWindowParent.screenLeft\n ? popupWindowParent.screenLeft\n : popupWindowParent.screenX;\n const winTop = popupWindowParent.screenTop\n ? popupWindowParent.screenTop\n : popupWindowParent.screenY;\n /**\n * window.innerWidth displays browser window\"s height and width excluding toolbars\n * using document.documentElement.clientWidth for IE8 and earlier\n */\n const winWidth =\n popupWindowParent.innerWidth ||\n document.documentElement.clientWidth ||\n document.body.clientWidth;\n const winHeight =\n popupWindowParent.innerHeight ||\n document.documentElement.clientHeight ||\n document.body.clientHeight;\n\n let width = popupWindowAttributes.popupSize?.width;\n let height = popupWindowAttributes.popupSize?.height;\n let top = popupWindowAttributes.popupPosition?.top;\n let left = popupWindowAttributes.popupPosition?.left;\n\n if (!width || width < 0 || width > winWidth) {\n this.logger.verbose(\n \"Default popup window width used. Window width not configured or invalid.\"\n );\n width = BrowserConstants.POPUP_WIDTH;\n }\n\n if (!height || height < 0 || height > winHeight) {\n this.logger.verbose(\n \"Default popup window height used. Window height not configured or invalid.\"\n );\n height = BrowserConstants.POPUP_HEIGHT;\n }\n\n if (!top || top < 0 || top > winHeight) {\n this.logger.verbose(\n \"Default popup window top position used. Window top not configured or invalid.\"\n );\n top = Math.max(\n 0,\n winHeight / 2 - BrowserConstants.POPUP_HEIGHT / 2 + winTop\n );\n }\n\n if (!left || left < 0 || left > winWidth) {\n this.logger.verbose(\n \"Default popup window left position used. Window left not configured or invalid.\"\n );\n left = Math.max(\n 0,\n winWidth / 2 - BrowserConstants.POPUP_WIDTH / 2 + winLeft\n );\n }\n\n return popupWindowParent.open(\n urlNavigate,\n popupName,\n `width=${width}, height=${height}, top=${top}, left=${left}, scrollbars=yes`\n );\n }\n\n /**\n * Event callback to unload main window.\n */\n unloadWindow(e: Event): void {\n this.browserStorage.cleanRequestByInteractionType(\n InteractionType.Popup\n );\n if (this.currentWindow) {\n this.currentWindow.close();\n }\n // Guarantees browser unload will happen, so no other errors will be thrown.\n e.preventDefault();\n }\n\n /**\n * Closes popup, removes any state vars created during popup calls.\n * @param popupWindow\n */\n cleanPopup(popupWindow: Window, popupWindowParent: Window): void {\n // Close window.\n popupWindow.close();\n\n // Remove window unload function\n popupWindowParent.removeEventListener(\n \"beforeunload\",\n this.unloadWindow\n );\n\n // Interaction is completed - remove interaction status.\n this.browserStorage.setInteractionInProgress(false);\n }\n\n /**\n * Generates the name for the popup based on the client id and request\n * @param clientId\n * @param request\n */\n generatePopupName(scopes: Array, authority: string): string {\n return `${BrowserConstants.POPUP_NAME_PREFIX}.${\n this.config.auth.clientId\n }.${scopes.join(\"-\")}.${authority}.${this.correlationId}`;\n }\n\n /**\n * Generates the name for the popup based on the client id and request for logouts\n * @param clientId\n * @param request\n */\n generateLogoutPopupName(request: CommonEndSessionRequest): string {\n const homeAccountId = request.account && request.account.homeAccountId;\n return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${homeAccountId}.${this.correlationId}`;\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n AuthorizationCodeClient,\n CommonAuthorizationCodeRequest,\n Logger,\n ServerError,\n IPerformanceClient,\n createClientAuthError,\n ClientAuthErrorCodes,\n CcsCredential,\n invokeAsync,\n PerformanceEvents,\n ServerAuthorizationCodeResponse,\n} from \"@azure/msal-common/browser\";\nimport {\n createBrowserAuthError,\n BrowserAuthErrorCodes,\n} from \"../error/BrowserAuthError.js\";\nimport { ApiId, TemporaryCacheKeys } from \"../utils/BrowserConstants.js\";\nimport { BrowserCacheManager } from \"../cache/BrowserCacheManager.js\";\nimport { INavigationClient } from \"../navigation/INavigationClient.js\";\nimport { NavigationOptions } from \"../navigation/NavigationOptions.js\";\nimport { AuthenticationResult } from \"../response/AuthenticationResult.js\";\n\nexport type RedirectParams = {\n navigationClient: INavigationClient;\n redirectTimeout: number;\n redirectStartPage: string;\n onRedirectNavigate?: (url: string) => void | boolean;\n};\n\nexport class RedirectHandler {\n authModule: AuthorizationCodeClient;\n browserStorage: BrowserCacheManager;\n authCodeRequest: CommonAuthorizationCodeRequest;\n logger: Logger;\n performanceClient: IPerformanceClient;\n\n constructor(\n authCodeModule: AuthorizationCodeClient,\n storageImpl: BrowserCacheManager,\n authCodeRequest: CommonAuthorizationCodeRequest,\n logger: Logger,\n performanceClient: IPerformanceClient\n ) {\n this.authModule = authCodeModule;\n this.browserStorage = storageImpl;\n this.authCodeRequest = authCodeRequest;\n this.logger = logger;\n this.performanceClient = performanceClient;\n }\n\n /**\n * Redirects window to given URL.\n * @param urlNavigate\n */\n async initiateAuthRequest(\n requestUrl: string,\n params: RedirectParams\n ): Promise {\n this.logger.verbose(\"RedirectHandler.initiateAuthRequest called\");\n // Navigate if valid URL\n if (requestUrl) {\n // Cache start page, returns to this page after redirectUri if navigateToLoginRequestUrl is true\n if (params.redirectStartPage) {\n this.logger.verbose(\n \"RedirectHandler.initiateAuthRequest: redirectStartPage set, caching start page\"\n );\n this.browserStorage.setTemporaryCache(\n TemporaryCacheKeys.ORIGIN_URI,\n params.redirectStartPage,\n true\n );\n }\n\n // Set interaction status in the library.\n this.browserStorage.setTemporaryCache(\n TemporaryCacheKeys.CORRELATION_ID,\n this.authCodeRequest.correlationId,\n true\n );\n this.browserStorage.cacheCodeRequest(this.authCodeRequest);\n this.logger.infoPii(\n `RedirectHandler.initiateAuthRequest: Navigate to: ${requestUrl}`\n );\n const navigationOptions: NavigationOptions = {\n apiId: ApiId.acquireTokenRedirect,\n timeout: params.redirectTimeout,\n noHistory: false,\n };\n\n // If onRedirectNavigate is implemented, invoke it and provide requestUrl\n if (typeof params.onRedirectNavigate === \"function\") {\n this.logger.verbose(\n \"RedirectHandler.initiateAuthRequest: Invoking onRedirectNavigate callback\"\n );\n const navigate = params.onRedirectNavigate(requestUrl);\n\n // Returning false from onRedirectNavigate will stop navigation\n if (navigate !== false) {\n this.logger.verbose(\n \"RedirectHandler.initiateAuthRequest: onRedirectNavigate did not return false, navigating\"\n );\n await params.navigationClient.navigateExternal(\n requestUrl,\n navigationOptions\n );\n return;\n } else {\n this.logger.verbose(\n \"RedirectHandler.initiateAuthRequest: onRedirectNavigate returned false, stopping navigation\"\n );\n return;\n }\n } else {\n // Navigate window to request URL\n this.logger.verbose(\n \"RedirectHandler.initiateAuthRequest: Navigating window to navigate url\"\n );\n await params.navigationClient.navigateExternal(\n requestUrl,\n navigationOptions\n );\n return;\n }\n } else {\n // Throw error if request URL is empty.\n this.logger.info(\n \"RedirectHandler.initiateAuthRequest: Navigate url is empty\"\n );\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.emptyNavigateUri\n );\n }\n }\n\n /**\n * Handle authorization code response in the window.\n * @param hash\n */\n async handleCodeResponse(\n response: ServerAuthorizationCodeResponse,\n state: string\n ): Promise {\n this.logger.verbose(\"RedirectHandler.handleCodeResponse called\");\n\n // Interaction is completed - remove interaction status.\n this.browserStorage.setInteractionInProgress(false);\n\n // Handle code response.\n const stateKey = this.browserStorage.generateStateKey(state);\n const requestState = this.browserStorage.getTemporaryCache(stateKey);\n if (!requestState) {\n throw createClientAuthError(\n ClientAuthErrorCodes.stateNotFound,\n \"Cached State\"\n );\n }\n\n let authCodeResponse;\n try {\n authCodeResponse = this.authModule.handleFragmentResponse(\n response,\n requestState\n );\n } catch (e) {\n if (\n e instanceof ServerError &&\n e.subError === BrowserAuthErrorCodes.userCancelled\n ) {\n // Translate server error caused by user closing native prompt to corresponding first class MSAL error\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.userCancelled\n );\n } else {\n throw e;\n }\n }\n\n // Get cached items\n const nonceKey = this.browserStorage.generateNonceKey(requestState);\n const cachedNonce = this.browserStorage.getTemporaryCache(nonceKey);\n\n // Assign code to request\n this.authCodeRequest.code = authCodeResponse.code;\n\n // Check for new cloud instance\n if (authCodeResponse.cloud_instance_host_name) {\n await invokeAsync(\n this.authModule.updateAuthority.bind(this.authModule),\n PerformanceEvents.UpdateTokenEndpointAuthority,\n this.logger,\n this.performanceClient,\n this.authCodeRequest.correlationId\n )(\n authCodeResponse.cloud_instance_host_name,\n this.authCodeRequest.correlationId\n );\n }\n\n authCodeResponse.nonce = cachedNonce || undefined;\n authCodeResponse.state = requestState;\n\n // Add CCS parameters if available\n if (authCodeResponse.client_info) {\n this.authCodeRequest.clientInfo = authCodeResponse.client_info;\n } else {\n const cachedCcsCred = this.checkCcsCredentials();\n if (cachedCcsCred) {\n this.authCodeRequest.ccsCredential = cachedCcsCred;\n }\n }\n\n // Acquire token with retrieved code.\n const tokenResponse = (await this.authModule.acquireToken(\n this.authCodeRequest,\n authCodeResponse\n )) as AuthenticationResult;\n\n this.browserStorage.cleanRequestByState(state);\n return tokenResponse;\n }\n\n /**\n * Looks up ccs creds in the cache\n */\n protected checkCcsCredentials(): CcsCredential | null {\n // Look up ccs credential in temp cache\n const cachedCcsCred = this.browserStorage.getTemporaryCache(\n TemporaryCacheKeys.CCS_CREDENTIAL,\n true\n );\n if (cachedCcsCred) {\n try {\n return JSON.parse(cachedCcsCred) as CcsCredential;\n } catch (e) {\n this.authModule.logger.error(\n \"Cache credential could not be parsed\"\n );\n this.authModule.logger.errorPii(\n `Cache credential could not be parsed: ${cachedCcsCred}`\n );\n }\n }\n return null;\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n CommonAuthorizationCodeRequest,\n AuthorizationCodeClient,\n UrlString,\n AuthError,\n ServerTelemetryManager,\n Constants,\n ProtocolUtils,\n ServerAuthorizationCodeResponse,\n ThrottlingUtils,\n ICrypto,\n Logger,\n IPerformanceClient,\n PerformanceEvents,\n ProtocolMode,\n invokeAsync,\n ServerResponseType,\n UrlUtils,\n InProgressPerformanceEvent,\n} from \"@azure/msal-common/browser\";\nimport { StandardInteractionClient } from \"./StandardInteractionClient.js\";\nimport {\n ApiId,\n InteractionType,\n TemporaryCacheKeys,\n} from \"../utils/BrowserConstants.js\";\nimport { RedirectHandler } from \"../interaction_handler/RedirectHandler.js\";\nimport * as BrowserUtils from \"../utils/BrowserUtils.js\";\nimport { EndSessionRequest } from \"../request/EndSessionRequest.js\";\nimport { EventType } from \"../event/EventType.js\";\nimport { NavigationOptions } from \"../navigation/NavigationOptions.js\";\nimport {\n createBrowserAuthError,\n BrowserAuthErrorCodes,\n} from \"../error/BrowserAuthError.js\";\nimport { RedirectRequest } from \"../request/RedirectRequest.js\";\nimport { NativeInteractionClient } from \"./NativeInteractionClient.js\";\nimport { NativeMessageHandler } from \"../broker/nativeBroker/NativeMessageHandler.js\";\nimport { BrowserConfiguration } from \"../config/Configuration.js\";\nimport { BrowserCacheManager } from \"../cache/BrowserCacheManager.js\";\nimport { EventHandler } from \"../event/EventHandler.js\";\nimport { INavigationClient } from \"../navigation/INavigationClient.js\";\nimport { EventError } from \"../event/EventMessage.js\";\nimport { AuthenticationResult } from \"../response/AuthenticationResult.js\";\nimport * as ResponseHandler from \"../response/ResponseHandler.js\";\n\nfunction getNavigationType(): NavigationTimingType | undefined {\n if (\n typeof window === \"undefined\" ||\n typeof window.performance === \"undefined\" ||\n typeof window.performance.getEntriesByType !== \"function\"\n ) {\n return undefined;\n }\n\n const navigationEntries = window.performance.getEntriesByType(\"navigation\");\n const navigation = navigationEntries.length\n ? (navigationEntries[0] as PerformanceNavigationTiming)\n : undefined;\n return navigation?.type;\n}\n\nexport class RedirectClient extends StandardInteractionClient {\n protected nativeStorage: BrowserCacheManager;\n\n constructor(\n config: BrowserConfiguration,\n storageImpl: BrowserCacheManager,\n browserCrypto: ICrypto,\n logger: Logger,\n eventHandler: EventHandler,\n navigationClient: INavigationClient,\n performanceClient: IPerformanceClient,\n nativeStorageImpl: BrowserCacheManager,\n nativeMessageHandler?: NativeMessageHandler,\n correlationId?: string\n ) {\n super(\n config,\n storageImpl,\n browserCrypto,\n logger,\n eventHandler,\n navigationClient,\n performanceClient,\n nativeMessageHandler,\n correlationId\n );\n this.nativeStorage = nativeStorageImpl;\n }\n\n /**\n * Redirects the page to the /authorize endpoint of the IDP\n * @param request\n */\n async acquireToken(request: RedirectRequest): Promise {\n const validRequest = await invokeAsync(\n this.initializeAuthorizationRequest.bind(this),\n PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest,\n this.logger,\n this.performanceClient,\n this.correlationId\n )(request, InteractionType.Redirect);\n\n this.browserStorage.updateCacheEntries(\n validRequest.state,\n validRequest.nonce,\n validRequest.authority,\n validRequest.loginHint || \"\",\n validRequest.account || null\n );\n const serverTelemetryManager = this.initializeServerTelemetryManager(\n ApiId.acquireTokenRedirect\n );\n\n const handleBackButton = (event: PageTransitionEvent) => {\n // Clear temporary cache if the back button is clicked during the redirect flow.\n if (event.persisted) {\n this.logger.verbose(\n \"Page was restored from back/forward cache. Clearing temporary cache.\"\n );\n this.browserStorage.cleanRequestByState(validRequest.state);\n this.eventHandler.emitEvent(\n EventType.RESTORE_FROM_BFCACHE,\n InteractionType.Redirect\n );\n }\n };\n\n try {\n // Create auth code request and generate PKCE params\n const authCodeRequest: CommonAuthorizationCodeRequest =\n await invokeAsync(\n this.initializeAuthorizationCodeRequest.bind(this),\n PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest,\n this.logger,\n this.performanceClient,\n this.correlationId\n )(validRequest);\n\n // Initialize the client\n const authClient: AuthorizationCodeClient = await invokeAsync(\n this.createAuthCodeClient.bind(this),\n PerformanceEvents.StandardInteractionClientCreateAuthCodeClient,\n this.logger,\n this.performanceClient,\n this.correlationId\n )({\n serverTelemetryManager,\n requestAuthority: validRequest.authority,\n requestAzureCloudOptions: validRequest.azureCloudOptions,\n requestExtraQueryParameters: validRequest.extraQueryParameters,\n account: validRequest.account,\n });\n\n // Create redirect interaction handler.\n const interactionHandler = new RedirectHandler(\n authClient,\n this.browserStorage,\n authCodeRequest,\n this.logger,\n this.performanceClient\n );\n\n // Create acquire token url.\n const navigateUrl = await authClient.getAuthCodeUrl({\n ...validRequest,\n nativeBroker: NativeMessageHandler.isNativeAvailable(\n this.config,\n this.logger,\n this.nativeMessageHandler,\n request.authenticationScheme\n ),\n });\n\n const redirectStartPage = this.getRedirectStartPage(\n request.redirectStartPage\n );\n this.logger.verbosePii(`Redirect start page: ${redirectStartPage}`);\n\n // Clear temporary cache if the back button is clicked during the redirect flow.\n window.addEventListener(\"pageshow\", handleBackButton);\n\n // Show the UI once the url has been created. Response will come back in the hash, which will be handled in the handleRedirectCallback function.\n return await interactionHandler.initiateAuthRequest(navigateUrl, {\n navigationClient: this.navigationClient,\n redirectTimeout: this.config.system.redirectNavigationTimeout,\n redirectStartPage: redirectStartPage,\n onRedirectNavigate:\n request.onRedirectNavigate ||\n this.config.auth.onRedirectNavigate,\n });\n } catch (e) {\n if (e instanceof AuthError) {\n e.setCorrelationId(this.correlationId);\n serverTelemetryManager.cacheFailedRequest(e);\n }\n window.removeEventListener(\"pageshow\", handleBackButton);\n this.browserStorage.cleanRequestByState(validRequest.state);\n throw e;\n }\n }\n\n /**\n * Checks if navigateToLoginRequestUrl is set, and:\n * - if true, performs logic to cache and navigate\n * - if false, handles hash string and parses response\n * @param hash {string} url hash\n * @param parentMeasurement {InProgressPerformanceEvent} parent measurement\n */\n async handleRedirectPromise(\n hash: string = \"\",\n parentMeasurement: InProgressPerformanceEvent\n ): Promise {\n const serverTelemetryManager = this.initializeServerTelemetryManager(\n ApiId.handleRedirectPromise\n );\n\n try {\n if (!this.browserStorage.isInteractionInProgress(true)) {\n this.logger.info(\n \"handleRedirectPromise called but there is no interaction in progress, returning null.\"\n );\n return null;\n }\n const [serverParams, responseString] = this.getRedirectResponse(\n hash || \"\"\n );\n if (!serverParams) {\n // Not a recognized server response hash or hash not associated with a redirect request\n this.logger.info(\n \"handleRedirectPromise did not detect a response as a result of a redirect. Cleaning temporary cache.\"\n );\n this.browserStorage.cleanRequestByInteractionType(\n InteractionType.Redirect\n );\n\n // Do not instrument \"no_server_response\" if user clicked back button\n if (getNavigationType() !== \"back_forward\") {\n parentMeasurement.event.errorCode = \"no_server_response\";\n } else {\n this.logger.verbose(\n \"Back navigation event detected. Muting no_server_response error\"\n );\n }\n return null;\n }\n\n // If navigateToLoginRequestUrl is true, get the url where the redirect request was initiated\n const loginRequestUrl =\n this.browserStorage.getTemporaryCache(\n TemporaryCacheKeys.ORIGIN_URI,\n true\n ) || Constants.EMPTY_STRING;\n const loginRequestUrlNormalized =\n UrlString.removeHashFromUrl(loginRequestUrl);\n const currentUrlNormalized = UrlString.removeHashFromUrl(\n window.location.href\n );\n\n if (\n loginRequestUrlNormalized === currentUrlNormalized &&\n this.config.auth.navigateToLoginRequestUrl\n ) {\n // We are on the page we need to navigate to - handle hash\n this.logger.verbose(\n \"Current page is loginRequestUrl, handling response\"\n );\n\n if (loginRequestUrl.indexOf(\"#\") > -1) {\n // Replace current hash with non-msal hash, if present\n BrowserUtils.replaceHash(loginRequestUrl);\n }\n\n const handleHashResult = await this.handleResponse(\n serverParams,\n serverTelemetryManager\n );\n\n return handleHashResult;\n } else if (!this.config.auth.navigateToLoginRequestUrl) {\n this.logger.verbose(\n \"NavigateToLoginRequestUrl set to false, handling response\"\n );\n return await this.handleResponse(\n serverParams,\n serverTelemetryManager\n );\n } else if (\n !BrowserUtils.isInIframe() ||\n this.config.system.allowRedirectInIframe\n ) {\n /*\n * Returned from authority using redirect - need to perform navigation before processing response\n * Cache the hash to be retrieved after the next redirect\n */\n this.browserStorage.setTemporaryCache(\n TemporaryCacheKeys.URL_HASH,\n responseString,\n true\n );\n const navigationOptions: NavigationOptions = {\n apiId: ApiId.handleRedirectPromise,\n timeout: this.config.system.redirectNavigationTimeout,\n noHistory: true,\n };\n\n /**\n * Default behavior is to redirect to the start page and not process the hash now.\n * The start page is expected to also call handleRedirectPromise which will process the hash in one of the checks above.\n */\n let processHashOnRedirect: boolean = true;\n if (!loginRequestUrl || loginRequestUrl === \"null\") {\n // Redirect to home page if login request url is null (real null or the string null)\n const homepage = BrowserUtils.getHomepage();\n // Cache the homepage under ORIGIN_URI to ensure cached hash is processed on homepage\n this.browserStorage.setTemporaryCache(\n TemporaryCacheKeys.ORIGIN_URI,\n homepage,\n true\n );\n this.logger.warning(\n \"Unable to get valid login request url from cache, redirecting to home page\"\n );\n processHashOnRedirect =\n await this.navigationClient.navigateInternal(\n homepage,\n navigationOptions\n );\n } else {\n // Navigate to page that initiated the redirect request\n this.logger.verbose(\n `Navigating to loginRequestUrl: ${loginRequestUrl}`\n );\n processHashOnRedirect =\n await this.navigationClient.navigateInternal(\n loginRequestUrl,\n navigationOptions\n );\n }\n\n // If navigateInternal implementation returns false, handle the hash now\n if (!processHashOnRedirect) {\n return await this.handleResponse(\n serverParams,\n serverTelemetryManager\n );\n }\n }\n\n return null;\n } catch (e) {\n if (e instanceof AuthError) {\n (e as AuthError).setCorrelationId(this.correlationId);\n serverTelemetryManager.cacheFailedRequest(e);\n }\n this.browserStorage.cleanRequestByInteractionType(\n InteractionType.Redirect\n );\n throw e;\n }\n }\n\n /**\n * Gets the response hash for a redirect request\n * Returns null if interactionType in the state value is not \"redirect\" or the hash does not contain known properties\n * @param hash\n */\n protected getRedirectResponse(\n userProvidedResponse: string\n ): [ServerAuthorizationCodeResponse | null, string] {\n this.logger.verbose(\"getRedirectResponseHash called\");\n // Get current location hash from window or cache.\n let responseString = userProvidedResponse;\n if (!responseString) {\n if (\n this.config.auth.OIDCOptions.serverResponseType ===\n ServerResponseType.QUERY\n ) {\n responseString = window.location.search;\n } else {\n responseString = window.location.hash;\n }\n }\n let response = UrlUtils.getDeserializedResponse(responseString);\n\n if (response) {\n try {\n ResponseHandler.validateInteractionType(\n response,\n this.browserCrypto,\n InteractionType.Redirect\n );\n } catch (e) {\n if (e instanceof AuthError) {\n this.logger.error(\n `Interaction type validation failed due to ${e.errorCode}: ${e.errorMessage}`\n );\n }\n return [null, \"\"];\n }\n\n BrowserUtils.clearHash(window);\n this.logger.verbose(\n \"Hash contains known properties, returning response hash\"\n );\n return [response, responseString];\n }\n\n const cachedHash = this.browserStorage.getTemporaryCache(\n TemporaryCacheKeys.URL_HASH,\n true\n );\n this.browserStorage.removeItem(\n this.browserStorage.generateCacheKey(TemporaryCacheKeys.URL_HASH)\n );\n\n if (cachedHash) {\n response = UrlUtils.getDeserializedResponse(cachedHash);\n if (response) {\n this.logger.verbose(\n \"Hash does not contain known properties, returning cached hash\"\n );\n return [response, cachedHash];\n }\n }\n\n return [null, \"\"];\n }\n\n /**\n * Checks if hash exists and handles in window.\n * @param hash\n * @param state\n */\n protected async handleResponse(\n serverParams: ServerAuthorizationCodeResponse,\n serverTelemetryManager: ServerTelemetryManager\n ): Promise {\n const state = serverParams.state;\n if (!state) {\n throw createBrowserAuthError(BrowserAuthErrorCodes.noStateInHash);\n }\n\n const cachedRequest = this.browserStorage.getCachedRequest(state);\n this.logger.verbose(\"handleResponse called, retrieved cached request\");\n\n if (serverParams.accountId) {\n this.logger.verbose(\n \"Account id found in hash, calling WAM for token\"\n );\n if (!this.nativeMessageHandler) {\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.nativeConnectionNotEstablished\n );\n }\n const nativeInteractionClient = new NativeInteractionClient(\n this.config,\n this.browserStorage,\n this.browserCrypto,\n this.logger,\n this.eventHandler,\n this.navigationClient,\n ApiId.acquireTokenPopup,\n this.performanceClient,\n this.nativeMessageHandler,\n serverParams.accountId,\n this.nativeStorage,\n cachedRequest.correlationId\n );\n const { userRequestState } = ProtocolUtils.parseRequestState(\n this.browserCrypto,\n state\n );\n return nativeInteractionClient\n .acquireToken({\n ...cachedRequest,\n state: userRequestState,\n prompt: undefined, // Server should handle the prompt, ideally native broker can do this part silently\n })\n .finally(() => {\n this.browserStorage.cleanRequestByState(state);\n });\n }\n\n // Hash contains known properties - handle and return in callback\n const currentAuthority = this.browserStorage.getCachedAuthority(state);\n if (!currentAuthority) {\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.noCachedAuthorityError\n );\n }\n\n const authClient = await invokeAsync(\n this.createAuthCodeClient.bind(this),\n PerformanceEvents.StandardInteractionClientCreateAuthCodeClient,\n this.logger,\n this.performanceClient,\n this.correlationId\n )({ serverTelemetryManager, requestAuthority: currentAuthority });\n\n ThrottlingUtils.removeThrottle(\n this.browserStorage,\n this.config.auth.clientId,\n cachedRequest\n );\n const interactionHandler = new RedirectHandler(\n authClient,\n this.browserStorage,\n cachedRequest,\n this.logger,\n this.performanceClient\n );\n return interactionHandler.handleCodeResponse(serverParams, state);\n }\n\n /**\n * Use to log out the current user, and redirect the user to the postLogoutRedirectUri.\n * Default behaviour is to redirect the user to `window.location.href`.\n * @param logoutRequest\n */\n async logout(logoutRequest?: EndSessionRequest): Promise {\n this.logger.verbose(\"logoutRedirect called\");\n const validLogoutRequest = this.initializeLogoutRequest(logoutRequest);\n const serverTelemetryManager = this.initializeServerTelemetryManager(\n ApiId.logout\n );\n\n try {\n this.eventHandler.emitEvent(\n EventType.LOGOUT_START,\n InteractionType.Redirect,\n logoutRequest\n );\n\n // Clear cache on logout\n await this.clearCacheOnLogout(validLogoutRequest.account);\n\n const navigationOptions: NavigationOptions = {\n apiId: ApiId.logout,\n timeout: this.config.system.redirectNavigationTimeout,\n noHistory: false,\n };\n\n const authClient = await invokeAsync(\n this.createAuthCodeClient.bind(this),\n PerformanceEvents.StandardInteractionClientCreateAuthCodeClient,\n this.logger,\n this.performanceClient,\n this.correlationId\n )({\n serverTelemetryManager,\n requestAuthority: logoutRequest && logoutRequest.authority,\n requestExtraQueryParameters:\n logoutRequest?.extraQueryParameters,\n account: (logoutRequest && logoutRequest.account) || undefined,\n });\n\n if (authClient.authority.protocolMode === ProtocolMode.OIDC) {\n try {\n authClient.authority.endSessionEndpoint;\n } catch {\n if (validLogoutRequest.account?.homeAccountId) {\n void this.browserStorage.removeAccount(\n validLogoutRequest.account?.homeAccountId\n );\n\n this.eventHandler.emitEvent(\n EventType.LOGOUT_SUCCESS,\n InteractionType.Redirect,\n validLogoutRequest\n );\n\n return;\n }\n }\n }\n\n // Create logout string and navigate user window to logout.\n const logoutUri: string =\n authClient.getLogoutUri(validLogoutRequest);\n\n this.eventHandler.emitEvent(\n EventType.LOGOUT_SUCCESS,\n InteractionType.Redirect,\n validLogoutRequest\n );\n // Check if onRedirectNavigate is implemented, and invoke it if so\n if (\n logoutRequest &&\n typeof logoutRequest.onRedirectNavigate === \"function\"\n ) {\n const navigate = logoutRequest.onRedirectNavigate(logoutUri);\n\n if (navigate !== false) {\n this.logger.verbose(\n \"Logout onRedirectNavigate did not return false, navigating\"\n );\n // Ensure interaction is in progress\n if (!this.browserStorage.getInteractionInProgress()) {\n this.browserStorage.setInteractionInProgress(true);\n }\n await this.navigationClient.navigateExternal(\n logoutUri,\n navigationOptions\n );\n return;\n } else {\n // Ensure interaction is not in progress\n this.browserStorage.setInteractionInProgress(false);\n this.logger.verbose(\n \"Logout onRedirectNavigate returned false, stopping navigation\"\n );\n }\n } else {\n // Ensure interaction is in progress\n if (!this.browserStorage.getInteractionInProgress()) {\n this.browserStorage.setInteractionInProgress(true);\n }\n await this.navigationClient.navigateExternal(\n logoutUri,\n navigationOptions\n );\n return;\n }\n } catch (e) {\n if (e instanceof AuthError) {\n (e as AuthError).setCorrelationId(this.correlationId);\n serverTelemetryManager.cacheFailedRequest(e);\n }\n this.eventHandler.emitEvent(\n EventType.LOGOUT_FAILURE,\n InteractionType.Redirect,\n null,\n e as EventError\n );\n this.eventHandler.emitEvent(\n EventType.LOGOUT_END,\n InteractionType.Redirect\n );\n throw e;\n }\n\n this.eventHandler.emitEvent(\n EventType.LOGOUT_END,\n InteractionType.Redirect\n );\n }\n\n /**\n * Use to get the redirectStartPage either from request or use current window\n * @param requestStartPage\n */\n protected getRedirectStartPage(requestStartPage?: string): string {\n const redirectStartPage = requestStartPage || window.location.href;\n return UrlString.getAbsoluteUrl(\n redirectStartPage,\n BrowserUtils.getCurrentUri()\n );\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n AuthorizationCodeClient,\n ClientConfiguration,\n} from \"@azure/msal-common/browser\";\n\nexport class HybridSpaAuthorizationCodeClient extends AuthorizationCodeClient {\n constructor(config: ClientConfiguration) {\n super(config);\n this.includeRedirectUri = false;\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n ICrypto,\n Logger,\n CommonAuthorizationCodeRequest,\n AuthError,\n IPerformanceClient,\n PerformanceEvents,\n invokeAsync,\n} from \"@azure/msal-common/browser\";\nimport { StandardInteractionClient } from \"./StandardInteractionClient.js\";\nimport { AuthorizationUrlRequest } from \"../request/AuthorizationUrlRequest.js\";\nimport { BrowserConfiguration } from \"../config/Configuration.js\";\nimport { BrowserCacheManager } from \"../cache/BrowserCacheManager.js\";\nimport { EventHandler } from \"../event/EventHandler.js\";\nimport { INavigationClient } from \"../navigation/INavigationClient.js\";\nimport {\n createBrowserAuthError,\n BrowserAuthErrorCodes,\n} from \"../error/BrowserAuthError.js\";\nimport { InteractionType, ApiId } from \"../utils/BrowserConstants.js\";\nimport { AuthorizationCodeRequest } from \"../request/AuthorizationCodeRequest.js\";\nimport { HybridSpaAuthorizationCodeClient } from \"./HybridSpaAuthorizationCodeClient.js\";\nimport { NativeMessageHandler } from \"../broker/nativeBroker/NativeMessageHandler.js\";\nimport { AuthenticationResult } from \"../response/AuthenticationResult.js\";\nimport { InteractionHandler } from \"../interaction_handler/InteractionHandler.js\";\n\nexport class SilentAuthCodeClient extends StandardInteractionClient {\n private apiId: ApiId;\n\n constructor(\n config: BrowserConfiguration,\n storageImpl: BrowserCacheManager,\n browserCrypto: ICrypto,\n logger: Logger,\n eventHandler: EventHandler,\n navigationClient: INavigationClient,\n apiId: ApiId,\n performanceClient: IPerformanceClient,\n nativeMessageHandler?: NativeMessageHandler,\n correlationId?: string\n ) {\n super(\n config,\n storageImpl,\n browserCrypto,\n logger,\n eventHandler,\n navigationClient,\n performanceClient,\n nativeMessageHandler,\n correlationId\n );\n this.apiId = apiId;\n }\n\n /**\n * Acquires a token silently by redeeming an authorization code against the /token endpoint\n * @param request\n */\n async acquireToken(\n request: AuthorizationCodeRequest\n ): Promise {\n // Auth code payload is required\n if (!request.code) {\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.authCodeRequired\n );\n }\n\n // Create silent request\n const silentRequest: AuthorizationUrlRequest = await invokeAsync(\n this.initializeAuthorizationRequest.bind(this),\n PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest,\n this.logger,\n this.performanceClient,\n request.correlationId\n )(request, InteractionType.Silent);\n\n const serverTelemetryManager = this.initializeServerTelemetryManager(\n this.apiId\n );\n\n try {\n // Create auth code request (PKCE not needed)\n const authCodeRequest: CommonAuthorizationCodeRequest = {\n ...silentRequest,\n code: request.code,\n };\n\n // Initialize the client\n const clientConfig = await invokeAsync(\n this.getClientConfiguration.bind(this),\n PerformanceEvents.StandardInteractionClientGetClientConfiguration,\n this.logger,\n this.performanceClient,\n request.correlationId\n )({\n serverTelemetryManager,\n requestAuthority: silentRequest.authority,\n requestAzureCloudOptions: silentRequest.azureCloudOptions,\n requestExtraQueryParameters: silentRequest.extraQueryParameters,\n account: silentRequest.account,\n });\n const authClient: HybridSpaAuthorizationCodeClient =\n new HybridSpaAuthorizationCodeClient(clientConfig);\n this.logger.verbose(\"Auth code client created\");\n\n // Create silent handler\n const interactionHandler = new InteractionHandler(\n authClient,\n this.browserStorage,\n authCodeRequest,\n this.logger,\n this.performanceClient\n );\n\n // Handle auth code parameters from request\n return await invokeAsync(\n interactionHandler.handleCodeResponseFromServer.bind(\n interactionHandler\n ),\n PerformanceEvents.HandleCodeResponseFromServer,\n this.logger,\n this.performanceClient,\n request.correlationId\n )(\n {\n code: request.code,\n msgraph_host: request.msGraphHost,\n cloud_graph_host_name: request.cloudGraphHostName,\n cloud_instance_host_name: request.cloudInstanceHostName,\n },\n silentRequest,\n false\n );\n } catch (e) {\n if (e instanceof AuthError) {\n (e as AuthError).setCorrelationId(this.correlationId);\n serverTelemetryManager.cacheFailedRequest(e);\n }\n throw e;\n }\n }\n\n /**\n * Currently Unsupported\n */\n logout(): Promise {\n // Synchronous so we must reject\n return Promise.reject(\n createBrowserAuthError(\n BrowserAuthErrorCodes.silentLogoutUnsupported\n )\n );\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { StandardInteractionClient } from \"./StandardInteractionClient.js\";\nimport {\n CommonSilentFlowRequest,\n SilentFlowClient,\n PerformanceEvents,\n invokeAsync,\n} from \"@azure/msal-common/browser\";\nimport { ApiId } from \"../utils/BrowserConstants.js\";\nimport {\n BrowserAuthError,\n BrowserAuthErrorCodes,\n} from \"../error/BrowserAuthError.js\";\nimport { AuthenticationResult } from \"../response/AuthenticationResult.js\";\nimport { ClearCacheRequest } from \"../request/ClearCacheRequest.js\";\n\nexport class SilentCacheClient extends StandardInteractionClient {\n /**\n * Returns unexpired tokens from the cache, if available\n * @param silentRequest\n */\n async acquireToken(\n silentRequest: CommonSilentFlowRequest\n ): Promise {\n this.performanceClient.addQueueMeasurement(\n PerformanceEvents.SilentCacheClientAcquireToken,\n silentRequest.correlationId\n );\n // Telemetry manager only used to increment cacheHits here\n const serverTelemetryManager = this.initializeServerTelemetryManager(\n ApiId.acquireTokenSilent_silentFlow\n );\n\n const clientConfig = await invokeAsync(\n this.getClientConfiguration.bind(this),\n PerformanceEvents.StandardInteractionClientGetClientConfiguration,\n this.logger,\n this.performanceClient,\n this.correlationId\n )({\n serverTelemetryManager,\n requestAuthority: silentRequest.authority,\n requestAzureCloudOptions: silentRequest.azureCloudOptions,\n account: silentRequest.account,\n });\n const silentAuthClient = new SilentFlowClient(\n clientConfig,\n this.performanceClient\n );\n this.logger.verbose(\"Silent auth client created\");\n\n try {\n const response = await invokeAsync(\n silentAuthClient.acquireCachedToken.bind(silentAuthClient),\n PerformanceEvents.SilentFlowClientAcquireCachedToken,\n this.logger,\n this.performanceClient,\n silentRequest.correlationId\n )(silentRequest);\n const authResponse = response[0] as AuthenticationResult;\n\n this.performanceClient.addFields(\n {\n fromCache: true,\n },\n silentRequest.correlationId\n );\n return authResponse;\n } catch (error) {\n if (\n error instanceof BrowserAuthError &&\n error.errorCode === BrowserAuthErrorCodes.cryptoKeyNotFound\n ) {\n this.logger.verbose(\n \"Signing keypair for bound access token not found. Refreshing bound access token and generating a new crypto keypair.\"\n );\n }\n throw error;\n }\n }\n\n /**\n * API to silenty clear the browser cache.\n * @param logoutRequest\n */\n logout(logoutRequest?: ClearCacheRequest): Promise {\n this.logger.verbose(\"logoutRedirect called\");\n const validLogoutRequest = this.initializeLogoutRequest(logoutRequest);\n return this.clearCacheOnLogout(validLogoutRequest?.account);\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n Logger,\n IPerformanceClient,\n PerformanceEvents,\n invokeAsync,\n invoke,\n ServerResponseType,\n} from \"@azure/msal-common/browser\";\nimport {\n createBrowserAuthError,\n BrowserAuthErrorCodes,\n} from \"../error/BrowserAuthError.js\";\nimport { DEFAULT_IFRAME_TIMEOUT_MS } from \"../config/Configuration.js\";\n\n/**\n * Creates a hidden iframe to given URL using user-requested scopes as an id.\n * @param urlNavigate\n * @param userRequestScopes\n */\nexport async function initiateAuthRequest(\n requestUrl: string,\n performanceClient: IPerformanceClient,\n logger: Logger,\n correlationId: string,\n navigateFrameWait?: number\n): Promise {\n performanceClient.addQueueMeasurement(\n PerformanceEvents.SilentHandlerInitiateAuthRequest,\n correlationId\n );\n\n if (!requestUrl) {\n // Throw error if request URL is empty.\n logger.info(\"Navigate url is empty\");\n throw createBrowserAuthError(BrowserAuthErrorCodes.emptyNavigateUri);\n }\n if (navigateFrameWait) {\n return invokeAsync(\n loadFrame,\n PerformanceEvents.SilentHandlerLoadFrame,\n logger,\n performanceClient,\n correlationId\n )(requestUrl, navigateFrameWait, performanceClient, correlationId);\n }\n return invoke(\n loadFrameSync,\n PerformanceEvents.SilentHandlerLoadFrameSync,\n logger,\n performanceClient,\n correlationId\n )(requestUrl);\n}\n\n/**\n * Monitors an iframe content window until it loads a url with a known hash, or hits a specified timeout.\n * @param iframe\n * @param timeout\n */\nexport async function monitorIframeForHash(\n iframe: HTMLIFrameElement,\n timeout: number,\n pollIntervalMilliseconds: number,\n performanceClient: IPerformanceClient,\n logger: Logger,\n correlationId: string,\n responseType: ServerResponseType\n): Promise {\n performanceClient.addQueueMeasurement(\n PerformanceEvents.SilentHandlerMonitorIframeForHash,\n correlationId\n );\n\n return new Promise((resolve, reject) => {\n if (timeout < DEFAULT_IFRAME_TIMEOUT_MS) {\n logger.warning(\n `system.loadFrameTimeout or system.iframeHashTimeout set to lower (${timeout}ms) than the default (${DEFAULT_IFRAME_TIMEOUT_MS}ms). This may result in timeouts.`\n );\n }\n\n /*\n * Polling for iframes can be purely timing based,\n * since we don't need to account for interaction.\n */\n const timeoutId = window.setTimeout(() => {\n window.clearInterval(intervalId);\n reject(\n createBrowserAuthError(\n BrowserAuthErrorCodes.monitorWindowTimeout\n )\n );\n }, timeout);\n\n const intervalId = window.setInterval(() => {\n let href: string = \"\";\n const contentWindow = iframe.contentWindow;\n try {\n /*\n * Will throw if cross origin,\n * which should be caught and ignored\n * since we need the interval to keep running while on STS UI.\n */\n href = contentWindow ? contentWindow.location.href : \"\";\n } catch (e) {}\n\n if (!href || href === \"about:blank\") {\n return;\n }\n\n let responseString = \"\";\n if (contentWindow) {\n if (responseType === ServerResponseType.QUERY) {\n responseString = contentWindow.location.search;\n } else {\n responseString = contentWindow.location.hash;\n }\n }\n window.clearTimeout(timeoutId);\n window.clearInterval(intervalId);\n resolve(responseString);\n }, pollIntervalMilliseconds);\n }).finally(() => {\n invoke(\n removeHiddenIframe,\n PerformanceEvents.RemoveHiddenIframe,\n logger,\n performanceClient,\n correlationId\n )(iframe);\n });\n}\n\n/**\n * @hidden\n * Loads iframe with authorization endpoint URL\n * @ignore\n * @deprecated\n */\nfunction loadFrame(\n urlNavigate: string,\n navigateFrameWait: number,\n performanceClient: IPerformanceClient,\n correlationId: string\n): Promise {\n performanceClient.addQueueMeasurement(\n PerformanceEvents.SilentHandlerLoadFrame,\n correlationId\n );\n\n /*\n * This trick overcomes iframe navigation in IE\n * IE does not load the page consistently in iframe\n */\n\n return new Promise((resolve, reject) => {\n const frameHandle = createHiddenIframe();\n\n window.setTimeout(() => {\n if (!frameHandle) {\n reject(\"Unable to load iframe\");\n return;\n }\n\n frameHandle.src = urlNavigate;\n\n resolve(frameHandle);\n }, navigateFrameWait);\n });\n}\n/**\n * @hidden\n * Loads the iframe synchronously when the navigateTimeFrame is set to `0`\n * @param urlNavigate\n * @param frameName\n * @param logger\n */\nfunction loadFrameSync(urlNavigate: string): HTMLIFrameElement {\n const frameHandle = createHiddenIframe();\n\n frameHandle.src = urlNavigate;\n\n return frameHandle;\n}\n\n/**\n * @hidden\n * Creates a new hidden iframe or gets an existing one for silent token renewal.\n * @ignore\n */\nfunction createHiddenIframe(): HTMLIFrameElement {\n const authFrame = document.createElement(\"iframe\");\n\n authFrame.className = \"msalSilentIframe\";\n authFrame.style.visibility = \"hidden\";\n authFrame.style.position = \"absolute\";\n authFrame.style.width = authFrame.style.height = \"0\";\n authFrame.style.border = \"0\";\n authFrame.setAttribute(\n \"sandbox\",\n \"allow-scripts allow-same-origin allow-forms\"\n );\n document.body.appendChild(authFrame);\n\n return authFrame;\n}\n\n/**\n * @hidden\n * Removes a hidden iframe from the page.\n * @ignore\n */\nfunction removeHiddenIframe(iframe: HTMLIFrameElement): void {\n if (document.body === iframe.parentNode) {\n document.body.removeChild(iframe);\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n ICrypto,\n Logger,\n PromptValue,\n CommonAuthorizationCodeRequest,\n AuthorizationCodeClient,\n AuthError,\n ProtocolUtils,\n IPerformanceClient,\n PerformanceEvents,\n invokeAsync,\n invoke,\n} from \"@azure/msal-common/browser\";\nimport { StandardInteractionClient } from \"./StandardInteractionClient.js\";\nimport { AuthorizationUrlRequest } from \"../request/AuthorizationUrlRequest.js\";\nimport { BrowserConfiguration } from \"../config/Configuration.js\";\nimport { BrowserCacheManager } from \"../cache/BrowserCacheManager.js\";\nimport { EventHandler } from \"../event/EventHandler.js\";\nimport { INavigationClient } from \"../navigation/INavigationClient.js\";\nimport {\n createBrowserAuthError,\n BrowserAuthErrorCodes,\n} from \"../error/BrowserAuthError.js\";\nimport {\n InteractionType,\n ApiId,\n BrowserConstants,\n} from \"../utils/BrowserConstants.js\";\nimport {\n initiateAuthRequest,\n monitorIframeForHash,\n} from \"../interaction_handler/SilentHandler.js\";\nimport { SsoSilentRequest } from \"../request/SsoSilentRequest.js\";\nimport { NativeMessageHandler } from \"../broker/nativeBroker/NativeMessageHandler.js\";\nimport { NativeInteractionClient } from \"./NativeInteractionClient.js\";\nimport { AuthenticationResult } from \"../response/AuthenticationResult.js\";\nimport { InteractionHandler } from \"../interaction_handler/InteractionHandler.js\";\nimport * as BrowserUtils from \"../utils/BrowserUtils.js\";\nimport * as ResponseHandler from \"../response/ResponseHandler.js\";\n\nexport class SilentIframeClient extends StandardInteractionClient {\n protected apiId: ApiId;\n protected nativeStorage: BrowserCacheManager;\n\n constructor(\n config: BrowserConfiguration,\n storageImpl: BrowserCacheManager,\n browserCrypto: ICrypto,\n logger: Logger,\n eventHandler: EventHandler,\n navigationClient: INavigationClient,\n apiId: ApiId,\n performanceClient: IPerformanceClient,\n nativeStorageImpl: BrowserCacheManager,\n nativeMessageHandler?: NativeMessageHandler,\n correlationId?: string\n ) {\n super(\n config,\n storageImpl,\n browserCrypto,\n logger,\n eventHandler,\n navigationClient,\n performanceClient,\n nativeMessageHandler,\n correlationId\n );\n this.apiId = apiId;\n this.nativeStorage = nativeStorageImpl;\n }\n\n /**\n * Acquires a token silently by opening a hidden iframe to the /authorize endpoint with prompt=none or prompt=no_session\n * @param request\n */\n async acquireToken(\n request: SsoSilentRequest\n ): Promise {\n this.performanceClient.addQueueMeasurement(\n PerformanceEvents.SilentIframeClientAcquireToken,\n request.correlationId\n );\n // Check that we have some SSO data\n if (\n !request.loginHint &&\n !request.sid &&\n (!request.account || !request.account.username)\n ) {\n this.logger.warning(\n \"No user hint provided. The authorization server may need more information to complete this request.\"\n );\n }\n\n // Check the prompt value\n const inputRequest = { ...request };\n if (inputRequest.prompt) {\n if (\n inputRequest.prompt !== PromptValue.NONE &&\n inputRequest.prompt !== PromptValue.NO_SESSION\n ) {\n this.logger.warning(\n `SilentIframeClient. Replacing invalid prompt ${inputRequest.prompt} with ${PromptValue.NONE}`\n );\n inputRequest.prompt = PromptValue.NONE;\n }\n } else {\n inputRequest.prompt = PromptValue.NONE;\n }\n\n // Create silent request\n const silentRequest: AuthorizationUrlRequest = await invokeAsync(\n this.initializeAuthorizationRequest.bind(this),\n PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest,\n this.logger,\n this.performanceClient,\n request.correlationId\n )(inputRequest, InteractionType.Silent);\n BrowserUtils.preconnect(silentRequest.authority);\n\n const serverTelemetryManager = this.initializeServerTelemetryManager(\n this.apiId\n );\n\n let authClient: AuthorizationCodeClient | undefined;\n\n try {\n // Initialize the client\n authClient = await invokeAsync(\n this.createAuthCodeClient.bind(this),\n PerformanceEvents.StandardInteractionClientCreateAuthCodeClient,\n this.logger,\n this.performanceClient,\n request.correlationId\n )({\n serverTelemetryManager,\n requestAuthority: silentRequest.authority,\n requestAzureCloudOptions: silentRequest.azureCloudOptions,\n requestExtraQueryParameters: silentRequest.extraQueryParameters,\n account: silentRequest.account,\n });\n\n return await invokeAsync(\n this.silentTokenHelper.bind(this),\n PerformanceEvents.SilentIframeClientTokenHelper,\n this.logger,\n this.performanceClient,\n request.correlationId\n )(authClient, silentRequest);\n } catch (e) {\n if (e instanceof AuthError) {\n (e as AuthError).setCorrelationId(this.correlationId);\n serverTelemetryManager.cacheFailedRequest(e);\n }\n\n if (\n !authClient ||\n !(e instanceof AuthError) ||\n e.errorCode !== BrowserConstants.INVALID_GRANT_ERROR\n ) {\n throw e;\n }\n\n this.performanceClient.addFields(\n {\n retryError: e.errorCode,\n },\n this.correlationId\n );\n\n const retrySilentRequest: AuthorizationUrlRequest =\n await invokeAsync(\n this.initializeAuthorizationRequest.bind(this),\n PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest,\n this.logger,\n this.performanceClient,\n request.correlationId\n )(inputRequest, InteractionType.Silent);\n\n return await invokeAsync(\n this.silentTokenHelper.bind(this),\n PerformanceEvents.SilentIframeClientTokenHelper,\n this.logger,\n this.performanceClient,\n this.correlationId\n )(authClient, retrySilentRequest);\n }\n }\n\n /**\n * Currently Unsupported\n */\n logout(): Promise {\n // Synchronous so we must reject\n return Promise.reject(\n createBrowserAuthError(\n BrowserAuthErrorCodes.silentLogoutUnsupported\n )\n );\n }\n\n /**\n * Helper which acquires an authorization code silently using a hidden iframe from given url\n * using the scopes requested as part of the id, and exchanges the code for a set of OAuth tokens.\n * @param navigateUrl\n * @param userRequestScopes\n */\n protected async silentTokenHelper(\n authClient: AuthorizationCodeClient,\n silentRequest: AuthorizationUrlRequest\n ): Promise {\n const correlationId = silentRequest.correlationId;\n this.performanceClient.addQueueMeasurement(\n PerformanceEvents.SilentIframeClientTokenHelper,\n correlationId\n );\n\n // Create auth code request and generate PKCE params\n const authCodeRequest: CommonAuthorizationCodeRequest =\n await invokeAsync(\n this.initializeAuthorizationCodeRequest.bind(this),\n PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest,\n this.logger,\n this.performanceClient,\n correlationId\n )(silentRequest);\n\n // Create authorize request url\n const navigateUrl = await invokeAsync(\n authClient.getAuthCodeUrl.bind(authClient),\n PerformanceEvents.GetAuthCodeUrl,\n this.logger,\n this.performanceClient,\n correlationId\n )({\n ...silentRequest,\n nativeBroker: NativeMessageHandler.isNativeAvailable(\n this.config,\n this.logger,\n this.nativeMessageHandler,\n silentRequest.authenticationScheme\n ),\n });\n\n // Create silent handler\n const interactionHandler = new InteractionHandler(\n authClient,\n this.browserStorage,\n authCodeRequest,\n this.logger,\n this.performanceClient\n );\n // Get the frame handle for the silent request\n const msalFrame = await invokeAsync(\n initiateAuthRequest,\n PerformanceEvents.SilentHandlerInitiateAuthRequest,\n this.logger,\n this.performanceClient,\n correlationId\n )(\n navigateUrl,\n this.performanceClient,\n this.logger,\n correlationId,\n this.config.system.navigateFrameWait\n );\n const responseType = this.config.auth.OIDCOptions.serverResponseType;\n // Monitor the window for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.\n const responseString = await invokeAsync(\n monitorIframeForHash,\n PerformanceEvents.SilentHandlerMonitorIframeForHash,\n this.logger,\n this.performanceClient,\n correlationId\n )(\n msalFrame,\n this.config.system.iframeHashTimeout,\n this.config.system.pollIntervalMilliseconds,\n this.performanceClient,\n this.logger,\n correlationId,\n responseType\n );\n const serverParams = invoke(\n ResponseHandler.deserializeResponse,\n PerformanceEvents.DeserializeResponse,\n this.logger,\n this.performanceClient,\n this.correlationId\n )(responseString, responseType, this.logger);\n\n if (serverParams.accountId) {\n this.logger.verbose(\n \"Account id found in hash, calling WAM for token\"\n );\n if (!this.nativeMessageHandler) {\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.nativeConnectionNotEstablished\n );\n }\n const nativeInteractionClient = new NativeInteractionClient(\n this.config,\n this.browserStorage,\n this.browserCrypto,\n this.logger,\n this.eventHandler,\n this.navigationClient,\n this.apiId,\n this.performanceClient,\n this.nativeMessageHandler,\n serverParams.accountId,\n this.browserStorage,\n correlationId\n );\n const { userRequestState } = ProtocolUtils.parseRequestState(\n this.browserCrypto,\n silentRequest.state\n );\n return invokeAsync(\n nativeInteractionClient.acquireToken.bind(\n nativeInteractionClient\n ),\n PerformanceEvents.NativeInteractionClientAcquireToken,\n this.logger,\n this.performanceClient,\n correlationId\n )({\n ...silentRequest,\n state: userRequestState,\n prompt: silentRequest.prompt || PromptValue.NONE,\n });\n }\n\n // Handle response from hash string\n return invokeAsync(\n interactionHandler.handleCodeResponse.bind(interactionHandler),\n PerformanceEvents.HandleCodeResponse,\n this.logger,\n this.performanceClient,\n correlationId\n )(serverParams, silentRequest);\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { StandardInteractionClient } from \"./StandardInteractionClient.js\";\nimport {\n CommonSilentFlowRequest,\n ServerTelemetryManager,\n RefreshTokenClient,\n AuthError,\n AzureCloudOptions,\n PerformanceEvents,\n invokeAsync,\n AccountInfo,\n StringDict,\n} from \"@azure/msal-common/browser\";\nimport { ApiId } from \"../utils/BrowserConstants.js\";\nimport {\n createBrowserAuthError,\n BrowserAuthErrorCodes,\n} from \"../error/BrowserAuthError.js\";\nimport { AuthenticationResult } from \"../response/AuthenticationResult.js\";\nimport { initializeBaseRequest } from \"../request/RequestHelpers.js\";\n\nexport class SilentRefreshClient extends StandardInteractionClient {\n /**\n * Exchanges the refresh token for new tokens\n * @param request\n */\n async acquireToken(\n request: CommonSilentFlowRequest\n ): Promise {\n this.performanceClient.addQueueMeasurement(\n PerformanceEvents.SilentRefreshClientAcquireToken,\n request.correlationId\n );\n\n const baseRequest = await invokeAsync(\n initializeBaseRequest,\n PerformanceEvents.InitializeBaseRequest,\n this.logger,\n this.performanceClient,\n request.correlationId\n )(request, this.config, this.performanceClient, this.logger);\n const silentRequest: CommonSilentFlowRequest = {\n ...request,\n ...baseRequest,\n };\n\n if (request.redirectUri) {\n // Make sure any passed redirectUri is converted to an absolute URL - redirectUri is not a required parameter for refresh token redemption so only include if explicitly provided\n silentRequest.redirectUri = this.getRedirectUri(\n request.redirectUri\n );\n }\n\n const serverTelemetryManager = this.initializeServerTelemetryManager(\n ApiId.acquireTokenSilent_silentFlow\n );\n\n const refreshTokenClient = await this.createRefreshTokenClient({\n serverTelemetryManager,\n authorityUrl: silentRequest.authority,\n azureCloudOptions: silentRequest.azureCloudOptions,\n account: silentRequest.account,\n });\n // Send request to renew token. Auth module will throw errors if token cannot be renewed.\n return invokeAsync(\n refreshTokenClient.acquireTokenByRefreshToken.bind(\n refreshTokenClient\n ),\n PerformanceEvents.RefreshTokenClientAcquireTokenByRefreshToken,\n this.logger,\n this.performanceClient,\n request.correlationId\n )(silentRequest).catch((e: AuthError) => {\n (e as AuthError).setCorrelationId(this.correlationId);\n serverTelemetryManager.cacheFailedRequest(e);\n throw e;\n }) as Promise;\n }\n\n /**\n * Currently Unsupported\n */\n logout(): Promise {\n // Synchronous so we must reject\n return Promise.reject(\n createBrowserAuthError(\n BrowserAuthErrorCodes.silentLogoutUnsupported\n )\n );\n }\n\n /**\n * Creates a Refresh Client with the given authority, or the default authority.\n * @param params {\n * serverTelemetryManager: ServerTelemetryManager;\n * authorityUrl?: string;\n * azureCloudOptions?: AzureCloudOptions;\n * extraQueryParams?: StringDict;\n * account?: AccountInfo;\n * }\n */\n protected async createRefreshTokenClient(params: {\n serverTelemetryManager: ServerTelemetryManager;\n authorityUrl?: string;\n azureCloudOptions?: AzureCloudOptions;\n extraQueryParameters?: StringDict;\n account?: AccountInfo;\n }): Promise {\n // Create auth module.\n const clientConfig = await invokeAsync(\n this.getClientConfiguration.bind(this),\n PerformanceEvents.StandardInteractionClientGetClientConfiguration,\n this.logger,\n this.performanceClient,\n this.correlationId\n )({\n serverTelemetryManager: params.serverTelemetryManager,\n requestAuthority: params.authorityUrl,\n requestAzureCloudOptions: params.azureCloudOptions,\n requestExtraQueryParameters: params.extraQueryParameters,\n account: params.account,\n });\n return new RefreshTokenClient(clientConfig, this.performanceClient);\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n ServerTelemetryManager,\n CommonAuthorizationCodeRequest,\n Constants,\n AuthorizationCodeClient,\n ClientConfiguration,\n UrlString,\n CommonEndSessionRequest,\n ProtocolUtils,\n ResponseMode,\n IdTokenClaims,\n AccountInfo,\n AzureCloudOptions,\n PerformanceEvents,\n invokeAsync,\n BaseAuthRequest,\n StringDict,\n} from \"@azure/msal-common/browser\";\nimport { BaseInteractionClient } from \"./BaseInteractionClient.js\";\nimport { AuthorizationUrlRequest } from \"../request/AuthorizationUrlRequest.js\";\nimport {\n BrowserConstants,\n InteractionType,\n} from \"../utils/BrowserConstants.js\";\nimport { version } from \"../packageMetadata.js\";\nimport { BrowserStateObject } from \"../utils/BrowserProtocolUtils.js\";\nimport { EndSessionRequest } from \"../request/EndSessionRequest.js\";\nimport * as BrowserUtils from \"../utils/BrowserUtils.js\";\nimport { RedirectRequest } from \"../request/RedirectRequest.js\";\nimport { PopupRequest } from \"../request/PopupRequest.js\";\nimport { SsoSilentRequest } from \"../request/SsoSilentRequest.js\";\nimport { generatePkceCodes } from \"../crypto/PkceGenerator.js\";\nimport { createNewGuid } from \"../crypto/BrowserCrypto.js\";\nimport { initializeBaseRequest } from \"../request/RequestHelpers.js\";\n\n/**\n * Defines the class structure and helper functions used by the \"standard\", non-brokered auth flows (popup, redirect, silent (RT), silent (iframe))\n */\nexport abstract class StandardInteractionClient extends BaseInteractionClient {\n /**\n * Generates an auth code request tied to the url request.\n * @param request\n */\n protected async initializeAuthorizationCodeRequest(\n request: AuthorizationUrlRequest\n ): Promise {\n this.performanceClient.addQueueMeasurement(\n PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest,\n this.correlationId\n );\n const generatedPkceParams = await invokeAsync(\n generatePkceCodes,\n PerformanceEvents.GeneratePkceCodes,\n this.logger,\n this.performanceClient,\n this.correlationId\n )(this.performanceClient, this.logger, this.correlationId);\n\n const authCodeRequest: CommonAuthorizationCodeRequest = {\n ...request,\n redirectUri: request.redirectUri,\n code: Constants.EMPTY_STRING,\n codeVerifier: generatedPkceParams.verifier,\n };\n\n request.codeChallenge = generatedPkceParams.challenge;\n request.codeChallengeMethod = Constants.S256_CODE_CHALLENGE_METHOD;\n\n return authCodeRequest;\n }\n\n /**\n * Initializer for the logout request.\n * @param logoutRequest\n */\n protected initializeLogoutRequest(\n logoutRequest?: EndSessionRequest\n ): CommonEndSessionRequest {\n this.logger.verbose(\n \"initializeLogoutRequest called\",\n logoutRequest?.correlationId\n );\n\n const validLogoutRequest: CommonEndSessionRequest = {\n correlationId: this.correlationId || createNewGuid(),\n ...logoutRequest,\n };\n\n /**\n * Set logout_hint to be login_hint from ID Token Claims if present\n * and logoutHint attribute wasn't manually set in logout request\n */\n if (logoutRequest) {\n // If logoutHint isn't set and an account was passed in, try to extract logoutHint from ID Token Claims\n if (!logoutRequest.logoutHint) {\n if (logoutRequest.account) {\n const logoutHint = this.getLogoutHintFromIdTokenClaims(\n logoutRequest.account\n );\n if (logoutHint) {\n this.logger.verbose(\n \"Setting logoutHint to login_hint ID Token Claim value for the account provided\"\n );\n validLogoutRequest.logoutHint = logoutHint;\n }\n } else {\n this.logger.verbose(\n \"logoutHint was not set and account was not passed into logout request, logoutHint will not be set\"\n );\n }\n } else {\n this.logger.verbose(\n \"logoutHint has already been set in logoutRequest\"\n );\n }\n } else {\n this.logger.verbose(\n \"logoutHint will not be set since no logout request was configured\"\n );\n }\n\n /*\n * Only set redirect uri if logout request isn't provided or the set uri isn't null.\n * Otherwise, use passed uri, config, or current page.\n */\n if (!logoutRequest || logoutRequest.postLogoutRedirectUri !== null) {\n if (logoutRequest && logoutRequest.postLogoutRedirectUri) {\n this.logger.verbose(\n \"Setting postLogoutRedirectUri to uri set on logout request\",\n validLogoutRequest.correlationId\n );\n validLogoutRequest.postLogoutRedirectUri =\n UrlString.getAbsoluteUrl(\n logoutRequest.postLogoutRedirectUri,\n BrowserUtils.getCurrentUri()\n );\n } else if (this.config.auth.postLogoutRedirectUri === null) {\n this.logger.verbose(\n \"postLogoutRedirectUri configured as null and no uri set on request, not passing post logout redirect\",\n validLogoutRequest.correlationId\n );\n } else if (this.config.auth.postLogoutRedirectUri) {\n this.logger.verbose(\n \"Setting postLogoutRedirectUri to configured uri\",\n validLogoutRequest.correlationId\n );\n validLogoutRequest.postLogoutRedirectUri =\n UrlString.getAbsoluteUrl(\n this.config.auth.postLogoutRedirectUri,\n BrowserUtils.getCurrentUri()\n );\n } else {\n this.logger.verbose(\n \"Setting postLogoutRedirectUri to current page\",\n validLogoutRequest.correlationId\n );\n validLogoutRequest.postLogoutRedirectUri =\n UrlString.getAbsoluteUrl(\n BrowserUtils.getCurrentUri(),\n BrowserUtils.getCurrentUri()\n );\n }\n } else {\n this.logger.verbose(\n \"postLogoutRedirectUri passed as null, not setting post logout redirect uri\",\n validLogoutRequest.correlationId\n );\n }\n\n return validLogoutRequest;\n }\n\n /**\n * Parses login_hint ID Token Claim out of AccountInfo object to be used as\n * logout_hint in end session request.\n * @param account\n */\n protected getLogoutHintFromIdTokenClaims(\n account: AccountInfo\n ): string | null {\n const idTokenClaims: IdTokenClaims | undefined = account.idTokenClaims;\n if (idTokenClaims) {\n if (idTokenClaims.login_hint) {\n return idTokenClaims.login_hint;\n } else {\n this.logger.verbose(\n \"The ID Token Claims tied to the provided account do not contain a login_hint claim, logoutHint will not be added to logout request\"\n );\n }\n } else {\n this.logger.verbose(\n \"The provided account does not contain ID Token Claims, logoutHint will not be added to logout request\"\n );\n }\n\n return null;\n }\n\n /**\n * Creates an Authorization Code Client with the given authority, or the default authority.\n * @param params {\n * serverTelemetryManager: ServerTelemetryManager;\n * authorityUrl?: string;\n * requestAzureCloudOptions?: AzureCloudOptions;\n * requestExtraQueryParameters?: StringDict;\n * account?: AccountInfo;\n * }\n */\n protected async createAuthCodeClient(params: {\n serverTelemetryManager: ServerTelemetryManager;\n requestAuthority?: string;\n requestAzureCloudOptions?: AzureCloudOptions;\n requestExtraQueryParameters?: StringDict;\n account?: AccountInfo;\n }): Promise {\n this.performanceClient.addQueueMeasurement(\n PerformanceEvents.StandardInteractionClientCreateAuthCodeClient,\n this.correlationId\n );\n // Create auth module.\n const clientConfig = await invokeAsync(\n this.getClientConfiguration.bind(this),\n PerformanceEvents.StandardInteractionClientGetClientConfiguration,\n this.logger,\n this.performanceClient,\n this.correlationId\n )(params);\n\n return new AuthorizationCodeClient(\n clientConfig,\n this.performanceClient\n );\n }\n\n /**\n * Creates a Client Configuration object with the given request authority, or the default authority.\n * @param params {\n * serverTelemetryManager: ServerTelemetryManager;\n * requestAuthority?: string;\n * requestAzureCloudOptions?: AzureCloudOptions;\n * requestExtraQueryParameters?: boolean;\n * account?: AccountInfo;\n * }\n */\n protected async getClientConfiguration(params: {\n serverTelemetryManager: ServerTelemetryManager;\n requestAuthority?: string;\n requestAzureCloudOptions?: AzureCloudOptions;\n requestExtraQueryParameters?: StringDict;\n account?: AccountInfo;\n }): Promise {\n const {\n serverTelemetryManager,\n requestAuthority,\n requestAzureCloudOptions,\n requestExtraQueryParameters,\n account,\n } = params;\n\n this.performanceClient.addQueueMeasurement(\n PerformanceEvents.StandardInteractionClientGetClientConfiguration,\n this.correlationId\n );\n const discoveredAuthority = await invokeAsync(\n this.getDiscoveredAuthority.bind(this),\n PerformanceEvents.StandardInteractionClientGetDiscoveredAuthority,\n this.logger,\n this.performanceClient,\n this.correlationId\n )({\n requestAuthority,\n requestAzureCloudOptions,\n requestExtraQueryParameters,\n account,\n });\n const logger = this.config.system.loggerOptions;\n\n return {\n authOptions: {\n clientId: this.config.auth.clientId,\n authority: discoveredAuthority,\n clientCapabilities: this.config.auth.clientCapabilities,\n redirectUri: this.config.auth.redirectUri,\n },\n systemOptions: {\n tokenRenewalOffsetSeconds:\n this.config.system.tokenRenewalOffsetSeconds,\n preventCorsPreflight: true,\n },\n loggerOptions: {\n loggerCallback: logger.loggerCallback,\n piiLoggingEnabled: logger.piiLoggingEnabled,\n logLevel: logger.logLevel,\n correlationId: this.correlationId,\n },\n cacheOptions: {\n claimsBasedCachingEnabled:\n this.config.cache.claimsBasedCachingEnabled,\n },\n cryptoInterface: this.browserCrypto,\n networkInterface: this.networkClient,\n storageInterface: this.browserStorage,\n serverTelemetryManager: serverTelemetryManager,\n libraryInfo: {\n sku: BrowserConstants.MSAL_SKU,\n version: version,\n cpu: Constants.EMPTY_STRING,\n os: Constants.EMPTY_STRING,\n },\n telemetry: this.config.telemetry,\n };\n }\n\n /**\n * Helper to initialize required request parameters for interactive APIs and ssoSilent()\n * @param request\n * @param interactionType\n */\n protected async initializeAuthorizationRequest(\n request: RedirectRequest | PopupRequest | SsoSilentRequest,\n interactionType: InteractionType\n ): Promise {\n this.performanceClient.addQueueMeasurement(\n PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest,\n this.correlationId\n );\n\n const redirectUri = this.getRedirectUri(request.redirectUri);\n const browserState: BrowserStateObject = {\n interactionType: interactionType,\n };\n const state = ProtocolUtils.setRequestState(\n this.browserCrypto,\n (request && request.state) || Constants.EMPTY_STRING,\n browserState\n );\n\n const baseRequest: BaseAuthRequest = await invokeAsync(\n initializeBaseRequest,\n PerformanceEvents.InitializeBaseRequest,\n this.logger,\n this.performanceClient,\n this.correlationId\n )(\n { ...request, correlationId: this.correlationId },\n this.config,\n this.performanceClient,\n this.logger\n );\n\n const validatedRequest: AuthorizationUrlRequest = {\n ...baseRequest,\n redirectUri: redirectUri,\n state: state,\n nonce: request.nonce || createNewGuid(),\n responseMode: this.config.auth.OIDCOptions\n .serverResponseType as ResponseMode,\n };\n\n // Skip active account lookup if either login hint or session id is set\n if (request.loginHint || request.sid) {\n return validatedRequest;\n }\n\n const account =\n request.account || this.browserStorage.getActiveAccount();\n if (account) {\n this.logger.verbose(\n \"Setting validated request account\",\n this.correlationId\n );\n this.logger.verbosePii(\n `Setting validated request account: ${account.homeAccountId}`,\n this.correlationId\n );\n validatedRequest.account = account;\n }\n\n // Check for ADAL/MSAL v1 SSO\n if (!validatedRequest.loginHint && !account) {\n const legacyLoginHint = this.browserStorage.getLegacyLoginHint();\n if (legacyLoginHint) {\n validatedRequest.loginHint = legacyLoginHint;\n }\n }\n\n return validatedRequest;\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n AuthorizationCodePayload,\n CommonAuthorizationCodeRequest,\n AuthorizationCodeClient,\n CcsCredential,\n Logger,\n ServerError,\n IPerformanceClient,\n PerformanceEvents,\n invokeAsync,\n CcsCredentialType,\n ServerAuthorizationCodeResponse,\n} from \"@azure/msal-common/browser\";\n\nimport { BrowserCacheManager } from \"../cache/BrowserCacheManager.js\";\nimport {\n createBrowserAuthError,\n BrowserAuthErrorCodes,\n} from \"../error/BrowserAuthError.js\";\nimport { AuthenticationResult } from \"../response/AuthenticationResult.js\";\nimport { AuthorizationUrlRequest } from \"../request/AuthorizationUrlRequest.js\";\n\n/**\n * Abstract class which defines operations for a browser interaction handling class.\n */\nexport class InteractionHandler {\n protected authModule: AuthorizationCodeClient;\n protected browserStorage: BrowserCacheManager;\n protected authCodeRequest: CommonAuthorizationCodeRequest;\n protected logger: Logger;\n protected performanceClient: IPerformanceClient;\n\n constructor(\n authCodeModule: AuthorizationCodeClient,\n storageImpl: BrowserCacheManager,\n authCodeRequest: CommonAuthorizationCodeRequest,\n logger: Logger,\n performanceClient: IPerformanceClient\n ) {\n this.authModule = authCodeModule;\n this.browserStorage = storageImpl;\n this.authCodeRequest = authCodeRequest;\n this.logger = logger;\n this.performanceClient = performanceClient;\n }\n\n /**\n * Function to handle response parameters from hash.\n * @param locationHash\n */\n async handleCodeResponse(\n response: ServerAuthorizationCodeResponse,\n request: AuthorizationUrlRequest\n ): Promise {\n this.performanceClient.addQueueMeasurement(\n PerformanceEvents.HandleCodeResponse,\n request.correlationId\n );\n\n let authCodeResponse;\n try {\n authCodeResponse = this.authModule.handleFragmentResponse(\n response,\n request.state\n );\n } catch (e) {\n if (\n e instanceof ServerError &&\n e.subError === BrowserAuthErrorCodes.userCancelled\n ) {\n // Translate server error caused by user closing native prompt to corresponding first class MSAL error\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.userCancelled\n );\n } else {\n throw e;\n }\n }\n\n return invokeAsync(\n this.handleCodeResponseFromServer.bind(this),\n PerformanceEvents.HandleCodeResponseFromServer,\n this.logger,\n this.performanceClient,\n request.correlationId\n )(authCodeResponse, request);\n }\n\n /**\n * Process auth code response from AAD\n * @param authCodeResponse\n * @param state\n * @param authority\n * @param networkModule\n * @returns\n */\n async handleCodeResponseFromServer(\n authCodeResponse: AuthorizationCodePayload,\n request: AuthorizationUrlRequest,\n validateNonce: boolean = true\n ): Promise {\n this.performanceClient.addQueueMeasurement(\n PerformanceEvents.HandleCodeResponseFromServer,\n request.correlationId\n );\n this.logger.trace(\n \"InteractionHandler.handleCodeResponseFromServer called\"\n );\n\n // Assign code to request\n this.authCodeRequest.code = authCodeResponse.code;\n\n // Check for new cloud instance\n if (authCodeResponse.cloud_instance_host_name) {\n await invokeAsync(\n this.authModule.updateAuthority.bind(this.authModule),\n PerformanceEvents.UpdateTokenEndpointAuthority,\n this.logger,\n this.performanceClient,\n request.correlationId\n )(authCodeResponse.cloud_instance_host_name, request.correlationId);\n }\n\n // Nonce validation not needed when redirect not involved (e.g. hybrid spa, renewing token via rt)\n if (validateNonce) {\n // TODO: Assigning \"response nonce\" to \"request nonce\" is confusing. Refactor the function doing validation to accept request nonce directly\n authCodeResponse.nonce = request.nonce || undefined;\n }\n\n authCodeResponse.state = request.state;\n\n // Add CCS parameters if available\n if (authCodeResponse.client_info) {\n this.authCodeRequest.clientInfo = authCodeResponse.client_info;\n } else {\n const ccsCred = this.createCcsCredentials(request);\n if (ccsCred) {\n this.authCodeRequest.ccsCredential = ccsCred;\n }\n }\n\n // Acquire token with retrieved code.\n const tokenResponse = (await invokeAsync(\n this.authModule.acquireToken.bind(this.authModule),\n PerformanceEvents.AuthClientAcquireToken,\n this.logger,\n this.performanceClient,\n request.correlationId\n )(this.authCodeRequest, authCodeResponse)) as AuthenticationResult;\n return tokenResponse;\n }\n\n /**\n * Build ccs creds if available\n */\n protected createCcsCredentials(\n request: AuthorizationUrlRequest\n ): CcsCredential | null {\n if (request.account) {\n return {\n credential: request.account.homeAccountId,\n type: CcsCredentialType.HOME_ACCOUNT_ID,\n };\n } else if (request.loginHint) {\n return {\n credential: request.loginHint,\n type: CcsCredentialType.UPN,\n };\n }\n\n return null;\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nexport const BridgeStatusCode = {\n UserInteractionRequired: \"USER_INTERACTION_REQUIRED\",\n UserCancel: \"USER_CANCEL\",\n NoNetwork: \"NO_NETWORK\",\n TransientError: \"TRANSIENT_ERROR\",\n PersistentError: \"PERSISTENT_ERROR\",\n Disabled: \"DISABLED\",\n AccountUnavailable: \"ACCOUNT_UNAVAILABLE\",\n NestedAppAuthUnavailable: \"NESTED_APP_AUTH_UNAVAILABLE\", // NAA is unavailable in the current context, can retry with standard browser based auth\n} as const;\nexport type BridgeStatusCode =\n (typeof BridgeStatusCode)[keyof typeof BridgeStatusCode];\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { INavigationClient } from \"./INavigationClient.js\";\nimport { NavigationOptions } from \"./NavigationOptions.js\";\n\nexport class NavigationClient implements INavigationClient {\n /**\n * Navigates to other pages within the same web application\n * @param url\n * @param options\n */\n navigateInternal(\n url: string,\n options: NavigationOptions\n ): Promise {\n return NavigationClient.defaultNavigateWindow(url, options);\n }\n\n /**\n * Navigates to other pages outside the web application i.e. the Identity Provider\n * @param url\n * @param options\n */\n navigateExternal(\n url: string,\n options: NavigationOptions\n ): Promise {\n return NavigationClient.defaultNavigateWindow(url, options);\n }\n\n /**\n * Default navigation implementation invoked by the internal and external functions\n * @param url\n * @param options\n */\n private static defaultNavigateWindow(\n url: string,\n options: NavigationOptions\n ): Promise {\n if (options.noHistory) {\n window.location.replace(url);\n } else {\n window.location.assign(url);\n }\n\n return new Promise((resolve) => {\n setTimeout(() => {\n resolve(true);\n }, options.timeout);\n });\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n INetworkModule,\n NetworkRequestOptions,\n NetworkResponse,\n createNetworkError,\n} from \"@azure/msal-common/browser\";\nimport {\n createBrowserAuthError,\n BrowserAuthErrorCodes,\n} from \"../error/BrowserAuthError.js\";\nimport { HTTP_REQUEST_TYPE } from \"../utils/BrowserConstants.js\";\n\n/**\n * This class implements the Fetch API for GET and POST requests. See more here: https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API\n */\nexport class FetchClient implements INetworkModule {\n /**\n * Fetch Client for REST endpoints - Get request\n * @param url\n * @param headers\n * @param body\n */\n async sendGetRequestAsync(\n url: string,\n options?: NetworkRequestOptions\n ): Promise> {\n let response: Response;\n let responseHeaders: Record = {};\n let responseStatus = 0;\n const reqHeaders = getFetchHeaders(options);\n try {\n response = await fetch(url, {\n method: HTTP_REQUEST_TYPE.GET,\n headers: reqHeaders,\n });\n } catch (e) {\n throw createBrowserAuthError(\n window.navigator.onLine\n ? BrowserAuthErrorCodes.getRequestFailed\n : BrowserAuthErrorCodes.noNetworkConnectivity\n );\n }\n\n responseHeaders = getHeaderDict(response.headers);\n try {\n responseStatus = response.status;\n return {\n headers: responseHeaders,\n body: (await response.json()) as T,\n status: responseStatus,\n };\n } catch (e) {\n throw createNetworkError(\n createBrowserAuthError(\n BrowserAuthErrorCodes.failedToParseResponse\n ),\n responseStatus,\n responseHeaders\n );\n }\n }\n\n /**\n * Fetch Client for REST endpoints - Post request\n * @param url\n * @param headers\n * @param body\n */\n async sendPostRequestAsync(\n url: string,\n options?: NetworkRequestOptions\n ): Promise> {\n const reqBody = (options && options.body) || \"\";\n const reqHeaders = getFetchHeaders(options);\n\n let response: Response;\n let responseStatus = 0;\n let responseHeaders: Record = {};\n try {\n response = await fetch(url, {\n method: HTTP_REQUEST_TYPE.POST,\n headers: reqHeaders,\n body: reqBody,\n });\n } catch (e) {\n throw createBrowserAuthError(\n window.navigator.onLine\n ? BrowserAuthErrorCodes.postRequestFailed\n : BrowserAuthErrorCodes.noNetworkConnectivity\n );\n }\n\n responseHeaders = getHeaderDict(response.headers);\n try {\n responseStatus = response.status;\n return {\n headers: responseHeaders,\n body: (await response.json()) as T,\n status: responseStatus,\n };\n } catch (e) {\n throw createNetworkError(\n createBrowserAuthError(\n BrowserAuthErrorCodes.failedToParseResponse\n ),\n responseStatus,\n responseHeaders\n );\n }\n }\n}\n\n/**\n * Get Fetch API Headers object from string map\n * @param inputHeaders\n */\nfunction getFetchHeaders(options?: NetworkRequestOptions): Headers {\n try {\n const headers = new Headers();\n if (!(options && options.headers)) {\n return headers;\n }\n const optionsHeaders = options.headers;\n Object.entries(optionsHeaders).forEach(([key, value]) => {\n headers.append(key, value);\n });\n return headers;\n } catch (e) {\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.failedToBuildHeaders\n );\n }\n}\n\n/**\n * Returns object representing response headers\n * @param headers\n * @returns\n */\nfunction getHeaderDict(headers: Headers): Record {\n try {\n const headerDict: Record = {};\n headers.forEach((value: string, key: string) => {\n headerDict[key] = value;\n });\n return headerDict;\n } catch (e) {\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.failedToParseHeaders\n );\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { Logger, LogLevel } from \"@azure/msal-common/browser\";\nimport {\n BrowserConfiguration,\n buildConfiguration,\n Configuration,\n} from \"../config/Configuration.js\";\nimport { version, name } from \"../packageMetadata.js\";\nimport {\n BrowserCacheLocation,\n LOG_LEVEL_CACHE_KEY,\n LOG_PII_CACHE_KEY,\n} from \"../utils/BrowserConstants.js\";\n\n/**\n * Base class for operating context\n * Operating contexts are contexts in which MSAL.js is being run\n * More than one operating context may be available at a time\n * It's important from a logging and telemetry point of view for us to be able to identify the operating context.\n * For example: Some operating contexts will pre-cache tokens impacting performance telemetry\n */\nexport abstract class BaseOperatingContext {\n protected logger: Logger;\n protected config: BrowserConfiguration;\n protected available: boolean;\n protected browserEnvironment: boolean;\n\n protected static loggerCallback(level: LogLevel, message: string): void {\n switch (level) {\n case LogLevel.Error:\n // eslint-disable-next-line no-console\n console.error(message);\n return;\n case LogLevel.Info:\n // eslint-disable-next-line no-console\n console.info(message);\n return;\n case LogLevel.Verbose:\n // eslint-disable-next-line no-console\n console.debug(message);\n return;\n case LogLevel.Warning:\n // eslint-disable-next-line no-console\n console.warn(message);\n return;\n default:\n // eslint-disable-next-line no-console\n console.log(message);\n return;\n }\n }\n\n constructor(config: Configuration) {\n /*\n * If loaded in an environment where window is not available,\n * set internal flag to false so that further requests fail.\n * This is to support server-side rendering environments.\n */\n this.browserEnvironment = typeof window !== \"undefined\";\n this.config = buildConfiguration(config, this.browserEnvironment);\n\n let sessionStorage: Storage | undefined;\n try {\n sessionStorage = window[BrowserCacheLocation.SessionStorage];\n // Mute errors if it's a non-browser environment or cookies are blocked.\n } catch (e) {}\n\n const logLevelKey = sessionStorage?.getItem(LOG_LEVEL_CACHE_KEY);\n const piiLoggingKey = sessionStorage\n ?.getItem(LOG_PII_CACHE_KEY)\n ?.toLowerCase();\n\n const piiLoggingEnabled =\n piiLoggingKey === \"true\"\n ? true\n : piiLoggingKey === \"false\"\n ? false\n : undefined;\n const loggerOptions = { ...this.config.system.loggerOptions };\n\n const logLevel =\n logLevelKey && Object.keys(LogLevel).includes(logLevelKey)\n ? LogLevel[logLevelKey]\n : undefined;\n if (logLevel) {\n loggerOptions.loggerCallback = BaseOperatingContext.loggerCallback;\n loggerOptions.logLevel = logLevel;\n }\n if (piiLoggingEnabled !== undefined) {\n loggerOptions.piiLoggingEnabled = piiLoggingEnabled;\n }\n\n this.logger = new Logger(loggerOptions, name, version);\n this.available = false;\n }\n\n /**\n * returns the name of the module containing the API controller associated with this operating context\n */\n abstract getModuleName(): string;\n\n /**\n * returns the string identifier of this operating context\n */\n abstract getId(): string;\n\n /**\n * returns a boolean indicating whether this operating context is present\n */\n abstract initialize(): Promise;\n\n /**\n * Return the MSAL config\n * @returns BrowserConfiguration\n */\n getConfig(): BrowserConfiguration {\n return this.config;\n }\n\n /**\n * Returns the MSAL Logger\n * @returns Logger\n */\n getLogger(): Logger {\n return this.logger;\n }\n\n isAvailable(): boolean {\n return this.available;\n }\n\n isBrowserEnvironment(): boolean {\n return this.browserEnvironment;\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { AuthBridge, AuthBridgeResponse } from \"./AuthBridge.js\";\nimport { AuthResult } from \"./AuthResult.js\";\nimport { BridgeCapabilities } from \"./BridgeCapabilities.js\";\nimport { AccountContext } from \"./BridgeAccountContext.js\";\nimport { BridgeError } from \"./BridgeError.js\";\nimport { BridgeRequest } from \"./BridgeRequest.js\";\nimport {\n BridgeRequestEnvelope,\n BridgeMethods,\n} from \"./BridgeRequestEnvelope.js\";\nimport { BridgeResponseEnvelope } from \"./BridgeResponseEnvelope.js\";\nimport { BridgeStatusCode } from \"./BridgeStatusCode.js\";\nimport { IBridgeProxy } from \"./IBridgeProxy.js\";\nimport { InitContext } from \"./InitContext.js\";\nimport { TokenRequest } from \"./TokenRequest.js\";\nimport * as BrowserCrypto from \"../crypto/BrowserCrypto.js\";\nimport { BrowserConstants } from \"../utils/BrowserConstants.js\";\nimport { version } from \"../packageMetadata.js\";\n\ndeclare global {\n interface Window {\n nestedAppAuthBridge: AuthBridge;\n }\n}\n\n/**\n * BridgeProxy\n * Provides a proxy for accessing a bridge to a host app and/or\n * platform broker\n */\nexport class BridgeProxy implements IBridgeProxy {\n static bridgeRequests: BridgeRequest[] = [];\n sdkName: string;\n sdkVersion: string;\n capabilities?: BridgeCapabilities;\n accountContext?: AccountContext;\n\n /**\n * initializeNestedAppAuthBridge - Initializes the bridge to the host app\n * @returns a promise that resolves to an InitializeBridgeResponse or rejects with an Error\n * @remarks This method will be called by the create factory method\n * @remarks If the bridge is not available, this method will throw an error\n */\n protected static async initializeNestedAppAuthBridge(): Promise {\n if (window === undefined) {\n throw new Error(\"window is undefined\");\n }\n if (window.nestedAppAuthBridge === undefined) {\n throw new Error(\"window.nestedAppAuthBridge is undefined\");\n }\n\n try {\n window.nestedAppAuthBridge.addEventListener(\n \"message\",\n (response: AuthBridgeResponse) => {\n const responsePayload =\n typeof response === \"string\" ? response : response.data;\n const responseEnvelope: BridgeResponseEnvelope =\n JSON.parse(responsePayload);\n const request = BridgeProxy.bridgeRequests.find(\n (element) =>\n element.requestId === responseEnvelope.requestId\n );\n if (request !== undefined) {\n BridgeProxy.bridgeRequests.splice(\n BridgeProxy.bridgeRequests.indexOf(request),\n 1\n );\n if (responseEnvelope.success) {\n request.resolve(responseEnvelope);\n } else {\n request.reject(responseEnvelope.error);\n }\n }\n }\n );\n\n const bridgeResponse = await new Promise(\n (resolve, reject) => {\n const message = BridgeProxy.buildRequest(\"GetInitContext\");\n\n const request: BridgeRequest = {\n requestId: message.requestId,\n method: message.method,\n resolve: resolve,\n reject: reject,\n };\n BridgeProxy.bridgeRequests.push(request);\n window.nestedAppAuthBridge.postMessage(\n JSON.stringify(message)\n );\n }\n );\n\n return BridgeProxy.validateBridgeResultOrThrow(\n bridgeResponse.initContext\n );\n } catch (error) {\n window.console.log(error);\n throw error;\n }\n }\n\n /**\n * getTokenInteractive - Attempts to get a token interactively from the bridge\n * @param request A token request\n * @returns a promise that resolves to an auth result or rejects with a BridgeError\n */\n public getTokenInteractive(request: TokenRequest): Promise {\n return this.getToken(\"GetTokenPopup\", request);\n }\n\n /**\n * getTokenSilent Attempts to get a token silently from the bridge\n * @param request A token request\n * @returns a promise that resolves to an auth result or rejects with a BridgeError\n */\n public getTokenSilent(request: TokenRequest): Promise {\n return this.getToken(\"GetToken\", request);\n }\n\n private async getToken(\n requestType: BridgeMethods,\n request: TokenRequest\n ): Promise {\n const result = await this.sendRequest(requestType, {\n tokenParams: request,\n });\n return {\n token: BridgeProxy.validateBridgeResultOrThrow(result.token),\n account: BridgeProxy.validateBridgeResultOrThrow(result.account),\n };\n }\n\n public getHostCapabilities(): BridgeCapabilities | null {\n return this.capabilities ?? null;\n }\n\n public getAccountContext(): AccountContext | null {\n return this.accountContext ? this.accountContext : null;\n }\n\n private static buildRequest(\n method: BridgeMethods,\n requestParams?: Partial\n ): BridgeRequestEnvelope {\n return {\n messageType: \"NestedAppAuthRequest\",\n method: method,\n requestId: BrowserCrypto.createNewGuid(),\n sendTime: Date.now(),\n clientLibrary: BrowserConstants.MSAL_SKU,\n clientLibraryVersion: version,\n ...requestParams,\n };\n }\n\n /**\n * A method used to send a request to the bridge\n * @param request A token request\n * @returns a promise that resolves to a response of provided type or rejects with a BridgeError\n */\n private sendRequest(\n method: BridgeMethods,\n requestParams?: Partial\n ): Promise {\n const message = BridgeProxy.buildRequest(method, requestParams);\n\n const promise = new Promise(\n (resolve, reject) => {\n const request: BridgeRequest = {\n requestId: message.requestId,\n method: message.method,\n resolve: resolve,\n reject: reject,\n };\n BridgeProxy.bridgeRequests.push(request);\n window.nestedAppAuthBridge.postMessage(JSON.stringify(message));\n }\n );\n\n return promise;\n }\n\n private static validateBridgeResultOrThrow(input: T | undefined): T {\n if (input === undefined) {\n const bridgeError: BridgeError = {\n status: BridgeStatusCode.NestedAppAuthUnavailable,\n };\n throw bridgeError;\n }\n return input;\n }\n\n /**\n * Private constructor for BridgeProxy\n * @param sdkName The name of the SDK being used to make requests on behalf of the app\n * @param sdkVersion The version of the SDK being used to make requests on behalf of the app\n * @param capabilities The capabilities of the bridge / SDK / platform broker\n */\n private constructor(\n sdkName: string,\n sdkVersion: string,\n accountContext?: AccountContext,\n capabilities?: BridgeCapabilities\n ) {\n this.sdkName = sdkName;\n this.sdkVersion = sdkVersion;\n this.accountContext = accountContext;\n this.capabilities = capabilities;\n }\n\n /**\n * Factory method for creating an implementation of IBridgeProxy\n * @returns A promise that resolves to a BridgeProxy implementation\n */\n public static async create(): Promise {\n const response = await BridgeProxy.initializeNestedAppAuthBridge();\n return new BridgeProxy(\n response.sdkName,\n response.sdkVersion,\n response.accountContext,\n response.capabilities\n );\n }\n}\n\nexport default BridgeProxy;\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { BaseOperatingContext } from \"./BaseOperatingContext.js\";\nimport { IBridgeProxy } from \"../naa/IBridgeProxy.js\";\nimport { BridgeProxy } from \"../naa/BridgeProxy.js\";\nimport { AccountContext } from \"../naa/BridgeAccountContext.js\";\n\ndeclare global {\n interface Window {\n __initializeNestedAppAuth?(): Promise;\n }\n}\n\nexport class NestedAppOperatingContext extends BaseOperatingContext {\n protected bridgeProxy: IBridgeProxy | undefined = undefined;\n protected accountContext: AccountContext | null = null;\n\n /*\n * TODO: Once we have determine the bundling code return here to specify the name of the bundle\n * containing the implementation for this operating context\n */\n static readonly MODULE_NAME: string = \"\";\n\n /**\n * Unique identifier for the operating context\n */\n static readonly ID: string = \"NestedAppOperatingContext\";\n\n /**\n * Return the module name. Intended for use with import() to enable dynamic import\n * of the implementation associated with this operating context\n * @returns\n */\n getModuleName(): string {\n return NestedAppOperatingContext.MODULE_NAME;\n }\n\n /**\n * Returns the unique identifier for this operating context\n * @returns string\n */\n getId(): string {\n return NestedAppOperatingContext.ID;\n }\n\n /**\n * Returns the current BridgeProxy\n * @returns IBridgeProxy | undefined\n */\n getBridgeProxy(): IBridgeProxy | undefined {\n return this.bridgeProxy;\n }\n\n /**\n * Checks whether the operating context is available.\n * Confirms that the code is running a browser rather. This is required.\n * @returns Promise indicating whether this operating context is currently available.\n */\n async initialize(): Promise {\n try {\n if (typeof window !== \"undefined\") {\n if (typeof window.__initializeNestedAppAuth === \"function\") {\n await window.__initializeNestedAppAuth();\n }\n\n const bridgeProxy: IBridgeProxy = await BridgeProxy.create();\n /*\n * Because we want single sign on we expect the host app to provide the account context\n * with a min set of params that can be used to identify the account\n * this.account = nestedApp.getAccountByFilter(bridgeProxy.getAccountContext());\n */\n this.accountContext = bridgeProxy.getAccountContext();\n this.bridgeProxy = bridgeProxy;\n this.available = bridgeProxy !== undefined;\n }\n } catch (ex) {\n this.logger.infoPii(\n `Could not initialize Nested App Auth bridge (${ex})`\n );\n }\n\n this.logger.info(`Nested App Auth Bridge available: ${this.available}`);\n return this.available;\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { BaseOperatingContext } from \"./BaseOperatingContext.js\";\n\nexport class StandardOperatingContext extends BaseOperatingContext {\n /*\n * TODO: Once we have determine the bundling code return here to specify the name of the bundle\n * containing the implementation for this operating context\n */\n static readonly MODULE_NAME: string = \"\";\n\n /**\n * Unique identifier for the operating context\n */\n static readonly ID: string = \"StandardOperatingContext\";\n\n /**\n * Return the module name. Intended for use with import() to enable dynamic import\n * of the implementation associated with this operating context\n * @returns\n */\n getModuleName(): string {\n return StandardOperatingContext.MODULE_NAME;\n }\n\n /**\n * Returns the unique identifier for this operating context\n * @returns string\n */\n getId(): string {\n return StandardOperatingContext.ID;\n }\n\n /**\n * Checks whether the operating context is available.\n * Confirms that the code is running a browser rather. This is required.\n * @returns Promise indicating whether this operating context is currently available.\n */\n async initialize(): Promise {\n this.available = typeof window !== \"undefined\";\n return this.available;\n /*\n * NOTE: The standard context is available as long as there is a window. If/when we split out WAM from Browser\n * We can move the current contents of the initialize method to here and verify that the WAM extension is available\n */\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { BaseOperatingContext } from \"./BaseOperatingContext.js\";\n\nexport class UnknownOperatingContext extends BaseOperatingContext {\n /*\n * TODO: Once we have determine the bundling code return here to specify the name of the bundle\n * containing the implementation for this operating context\n */\n static readonly MODULE_NAME: string = \"\";\n\n /**\n * Unique identifier for the operating context\n */\n static readonly ID: string = \"UnknownOperatingContext\";\n\n /**\n * Returns the unique identifier for this operating context\n * @returns string\n */\n getId(): string {\n return UnknownOperatingContext.ID;\n }\n\n /**\n * Return the module name. Intended for use with import() to enable dynamic import\n * of the implementation associated with this operating context\n * @returns\n */\n getModuleName(): string {\n return UnknownOperatingContext.MODULE_NAME;\n }\n\n /**\n * Checks whether the operating context is available.\n * Confirms that the code is running a browser rather. This is required.\n * @returns Promise indicating whether this operating context is currently available.\n */\n async initialize(): Promise {\n /**\n * This operating context is in use when we have not checked for what the operating context is.\n * The context is unknown until we check it.\n */\n return true;\n }\n}\n","/* eslint-disable header/header */\nexport const name = \"@azure/msal-browser\";\nexport const version = \"3.28.1\";\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n AccountInfo,\n AuthenticationScheme,\n BaseAuthRequest,\n ClientConfigurationErrorCodes,\n CommonSilentFlowRequest,\n IPerformanceClient,\n Logger,\n PerformanceEvents,\n StringUtils,\n createClientConfigurationError,\n invokeAsync,\n} from \"@azure/msal-common/browser\";\nimport { BrowserConfiguration } from \"../config/Configuration.js\";\nimport { SilentRequest } from \"./SilentRequest.js\";\nimport { hashString } from \"../crypto/BrowserCrypto.js\";\n\n/**\n * Initializer function for all request APIs\n * @param request\n */\nexport async function initializeBaseRequest(\n request: Partial & { correlationId: string },\n config: BrowserConfiguration,\n performanceClient: IPerformanceClient,\n logger: Logger\n): Promise {\n performanceClient.addQueueMeasurement(\n PerformanceEvents.InitializeBaseRequest,\n request.correlationId\n );\n const authority = request.authority || config.auth.authority;\n\n const scopes = [...((request && request.scopes) || [])];\n\n const validatedRequest: BaseAuthRequest = {\n ...request,\n correlationId: request.correlationId,\n authority,\n scopes,\n };\n\n // Set authenticationScheme to BEARER if not explicitly set in the request\n if (!validatedRequest.authenticationScheme) {\n validatedRequest.authenticationScheme = AuthenticationScheme.BEARER;\n logger.verbose(\n 'Authentication Scheme wasn\\'t explicitly set in request, defaulting to \"Bearer\" request'\n );\n } else {\n if (\n validatedRequest.authenticationScheme === AuthenticationScheme.SSH\n ) {\n if (!request.sshJwk) {\n throw createClientConfigurationError(\n ClientConfigurationErrorCodes.missingSshJwk\n );\n }\n if (!request.sshKid) {\n throw createClientConfigurationError(\n ClientConfigurationErrorCodes.missingSshKid\n );\n }\n }\n logger.verbose(\n `Authentication Scheme set to \"${validatedRequest.authenticationScheme}\" as configured in Auth request`\n );\n }\n\n // Set requested claims hash if claims-based caching is enabled and claims were requested\n if (\n config.cache.claimsBasedCachingEnabled &&\n request.claims &&\n // Checks for empty stringified object \"{}\" which doesn't qualify as requested claims\n !StringUtils.isEmptyObj(request.claims)\n ) {\n validatedRequest.requestedClaimsHash = await hashString(request.claims);\n }\n\n return validatedRequest;\n}\n\nexport async function initializeSilentRequest(\n request: SilentRequest & { correlationId: string },\n account: AccountInfo,\n config: BrowserConfiguration,\n performanceClient: IPerformanceClient,\n logger: Logger\n): Promise {\n performanceClient.addQueueMeasurement(\n PerformanceEvents.InitializeSilentRequest,\n request.correlationId\n );\n\n const baseRequest = await invokeAsync(\n initializeBaseRequest,\n PerformanceEvents.InitializeBaseRequest,\n logger,\n performanceClient,\n request.correlationId\n )(request, config, performanceClient, logger);\n return {\n ...request,\n ...baseRequest,\n account: account,\n forceRefresh: request.forceRefresh || false,\n };\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n ICrypto,\n Logger,\n ServerAuthorizationCodeResponse,\n UrlUtils,\n} from \"@azure/msal-common/browser\";\nimport {\n BrowserAuthErrorCodes,\n createBrowserAuthError,\n} from \"../error/BrowserAuthError.js\";\nimport { extractBrowserRequestState } from \"../utils/BrowserProtocolUtils.js\";\nimport { InteractionType } from \"../utils/BrowserConstants.js\";\n\nexport function deserializeResponse(\n responseString: string,\n responseLocation: string,\n logger: Logger\n): ServerAuthorizationCodeResponse {\n // Deserialize hash fragment response parameters.\n const serverParams = UrlUtils.getDeserializedResponse(responseString);\n if (!serverParams) {\n if (!UrlUtils.stripLeadingHashOrQuery(responseString)) {\n // Hash or Query string is empty\n logger.error(\n `The request has returned to the redirectUri but a ${responseLocation} is not present. It's likely that the ${responseLocation} has been removed or the page has been redirected by code running on the redirectUri page.`\n );\n throw createBrowserAuthError(BrowserAuthErrorCodes.hashEmptyError);\n } else {\n logger.error(\n `A ${responseLocation} is present in the iframe but it does not contain known properties. It's likely that the ${responseLocation} has been replaced by code running on the redirectUri page.`\n );\n logger.errorPii(\n `The ${responseLocation} detected is: ${responseString}`\n );\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.hashDoesNotContainKnownProperties\n );\n }\n }\n return serverParams;\n}\n\n/**\n * Returns the interaction type that the response object belongs to\n */\nexport function validateInteractionType(\n response: ServerAuthorizationCodeResponse,\n browserCrypto: ICrypto,\n interactionType: InteractionType\n): void {\n if (!response.state) {\n throw createBrowserAuthError(BrowserAuthErrorCodes.noStateInHash);\n }\n\n const platformStateObj = extractBrowserRequestState(\n browserCrypto,\n response.state\n );\n if (!platformStateObj) {\n throw createBrowserAuthError(BrowserAuthErrorCodes.unableToParseState);\n }\n\n if (platformStateObj.interactionType !== interactionType) {\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.stateInteractionTypeMismatch\n );\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n IPerformanceMeasurement,\n SubMeasurement,\n} from \"@azure/msal-common/browser\";\n\nexport class BrowserPerformanceMeasurement implements IPerformanceMeasurement {\n private readonly measureName: string;\n private readonly correlationId: string;\n private readonly startMark: string;\n private readonly endMark: string;\n\n constructor(name: string, correlationId: string) {\n this.correlationId = correlationId;\n this.measureName = BrowserPerformanceMeasurement.makeMeasureName(\n name,\n correlationId\n );\n this.startMark = BrowserPerformanceMeasurement.makeStartMark(\n name,\n correlationId\n );\n this.endMark = BrowserPerformanceMeasurement.makeEndMark(\n name,\n correlationId\n );\n }\n\n private static makeMeasureName(name: string, correlationId: string) {\n return `msal.measure.${name}.${correlationId}`;\n }\n\n private static makeStartMark(name: string, correlationId: string) {\n return `msal.start.${name}.${correlationId}`;\n }\n\n private static makeEndMark(name: string, correlationId: string) {\n return `msal.end.${name}.${correlationId}`;\n }\n\n static supportsBrowserPerformance(): boolean {\n return (\n typeof window !== \"undefined\" &&\n typeof window.performance !== \"undefined\" &&\n typeof window.performance.mark === \"function\" &&\n typeof window.performance.measure === \"function\" &&\n typeof window.performance.clearMarks === \"function\" &&\n typeof window.performance.clearMeasures === \"function\" &&\n typeof window.performance.getEntriesByName === \"function\"\n );\n }\n\n /**\n * Flush browser marks and measurements.\n * @param {string} correlationId\n * @param {SubMeasurement} measurements\n */\n public static flushMeasurements(\n correlationId: string,\n measurements: SubMeasurement[]\n ): void {\n if (BrowserPerformanceMeasurement.supportsBrowserPerformance()) {\n try {\n measurements.forEach((measurement) => {\n const measureName =\n BrowserPerformanceMeasurement.makeMeasureName(\n measurement.name,\n correlationId\n );\n const entriesForMeasurement =\n window.performance.getEntriesByName(\n measureName,\n \"measure\"\n );\n if (entriesForMeasurement.length > 0) {\n window.performance.clearMeasures(measureName);\n window.performance.clearMarks(\n BrowserPerformanceMeasurement.makeStartMark(\n measureName,\n correlationId\n )\n );\n window.performance.clearMarks(\n BrowserPerformanceMeasurement.makeEndMark(\n measureName,\n correlationId\n )\n );\n }\n });\n } catch (e) {\n // Silently catch and return null\n }\n }\n }\n\n startMeasurement(): void {\n if (BrowserPerformanceMeasurement.supportsBrowserPerformance()) {\n try {\n window.performance.mark(this.startMark);\n } catch (e) {\n // Silently catch\n }\n }\n }\n\n endMeasurement(): void {\n if (BrowserPerformanceMeasurement.supportsBrowserPerformance()) {\n try {\n window.performance.mark(this.endMark);\n window.performance.measure(\n this.measureName,\n this.startMark,\n this.endMark\n );\n } catch (e) {\n // Silently catch\n }\n }\n }\n\n flushMeasurement(): number | null {\n if (BrowserPerformanceMeasurement.supportsBrowserPerformance()) {\n try {\n const entriesForMeasurement =\n window.performance.getEntriesByName(\n this.measureName,\n \"measure\"\n );\n if (entriesForMeasurement.length > 0) {\n const durationMs = entriesForMeasurement[0].duration;\n window.performance.clearMeasures(this.measureName);\n window.performance.clearMarks(this.startMark);\n window.performance.clearMarks(this.endMark);\n return durationMs;\n }\n } catch (e) {\n // Silently catch and return null\n }\n }\n return null;\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { OIDC_DEFAULT_SCOPES } from \"@azure/msal-common/browser\";\nimport { PopupRequest } from \"../request/PopupRequest.js\";\nimport { RedirectRequest } from \"../request/RedirectRequest.js\";\n\n/**\n * Constants\n */\nexport const BrowserConstants = {\n /**\n * Interaction in progress cache value\n */\n INTERACTION_IN_PROGRESS_VALUE: \"interaction_in_progress\",\n /**\n * Invalid grant error code\n */\n INVALID_GRANT_ERROR: \"invalid_grant\",\n /**\n * Default popup window width\n */\n POPUP_WIDTH: 483,\n /**\n * Default popup window height\n */\n POPUP_HEIGHT: 600,\n /**\n * Name of the popup window starts with\n */\n POPUP_NAME_PREFIX: \"msal\",\n /**\n * Default popup monitor poll interval in milliseconds\n */\n DEFAULT_POLL_INTERVAL_MS: 30,\n /**\n * Msal-browser SKU\n */\n MSAL_SKU: \"msal.js.browser\",\n};\n\nexport const NativeConstants = {\n CHANNEL_ID: \"53ee284d-920a-4b59-9d30-a60315b26836\",\n PREFERRED_EXTENSION_ID: \"ppnbnpeolgkicgegkbkbjmhlideopiji\",\n MATS_TELEMETRY: \"MATS\",\n};\n\nexport const NativeExtensionMethod = {\n HandshakeRequest: \"Handshake\",\n HandshakeResponse: \"HandshakeResponse\",\n GetToken: \"GetToken\",\n Response: \"Response\",\n} as const;\nexport type NativeExtensionMethod =\n (typeof NativeExtensionMethod)[keyof typeof NativeExtensionMethod];\n\nexport const BrowserCacheLocation = {\n LocalStorage: \"localStorage\",\n SessionStorage: \"sessionStorage\",\n MemoryStorage: \"memoryStorage\",\n} as const;\nexport type BrowserCacheLocation =\n (typeof BrowserCacheLocation)[keyof typeof BrowserCacheLocation];\n\n/**\n * HTTP Request types supported by MSAL.\n */\nexport const HTTP_REQUEST_TYPE = {\n GET: \"GET\",\n POST: \"POST\",\n} as const;\nexport type HTTP_REQUEST_TYPE =\n (typeof HTTP_REQUEST_TYPE)[keyof typeof HTTP_REQUEST_TYPE];\n\n/**\n * Temporary cache keys for MSAL, deleted after any request.\n */\nexport const TemporaryCacheKeys = {\n AUTHORITY: \"authority\",\n ACQUIRE_TOKEN_ACCOUNT: \"acquireToken.account\",\n SESSION_STATE: \"session.state\",\n REQUEST_STATE: \"request.state\",\n NONCE_IDTOKEN: \"nonce.id_token\",\n ORIGIN_URI: \"request.origin\",\n RENEW_STATUS: \"token.renew.status\",\n URL_HASH: \"urlHash\",\n REQUEST_PARAMS: \"request.params\",\n SCOPES: \"scopes\",\n INTERACTION_STATUS_KEY: \"interaction.status\",\n CCS_CREDENTIAL: \"ccs.credential\",\n CORRELATION_ID: \"request.correlationId\",\n NATIVE_REQUEST: \"request.native\",\n REDIRECT_CONTEXT: \"request.redirect.context\",\n} as const;\nexport type TemporaryCacheKeys =\n (typeof TemporaryCacheKeys)[keyof typeof TemporaryCacheKeys];\n\nexport const StaticCacheKeys = {\n ACCOUNT_KEYS: \"msal.account.keys\",\n TOKEN_KEYS: \"msal.token.keys\",\n} as const;\nexport type StaticCacheKeys =\n (typeof StaticCacheKeys)[keyof typeof StaticCacheKeys];\n\n/**\n * Cache keys stored in-memory\n */\nexport const InMemoryCacheKeys = {\n WRAPPER_SKU: \"wrapper.sku\",\n WRAPPER_VER: \"wrapper.version\",\n} as const;\nexport type InMemoryCacheKeys =\n (typeof InMemoryCacheKeys)[keyof typeof InMemoryCacheKeys];\n\n/**\n * API Codes for Telemetry purposes.\n * Before adding a new code you must claim it in the MSAL Telemetry tracker as these number spaces are shared across all MSALs\n * 0-99 Silent Flow\n * 800-899 Auth Code Flow\n */\nexport const ApiId = {\n acquireTokenRedirect: 861,\n acquireTokenPopup: 862,\n ssoSilent: 863,\n acquireTokenSilent_authCode: 864,\n handleRedirectPromise: 865,\n acquireTokenByCode: 866,\n acquireTokenSilent_silentFlow: 61,\n logout: 961,\n logoutPopup: 962,\n} as const;\nexport type ApiId = (typeof ApiId)[keyof typeof ApiId];\n\n/*\n * Interaction type of the API - used for state and telemetry\n */\nexport enum InteractionType {\n Redirect = \"redirect\",\n Popup = \"popup\",\n Silent = \"silent\",\n None = \"none\",\n}\n\n/**\n * Types of interaction currently in progress.\n * Used in events in wrapper libraries to invoke functions when certain interaction is in progress or all interactions are complete.\n */\nexport const InteractionStatus = {\n /**\n * Initial status before interaction occurs\n */\n Startup: \"startup\",\n /**\n * Status set when all login calls occuring\n */\n Login: \"login\",\n /**\n * Status set when logout call occuring\n */\n Logout: \"logout\",\n /**\n * Status set for acquireToken calls\n */\n AcquireToken: \"acquireToken\",\n /**\n * Status set for ssoSilent calls\n */\n SsoSilent: \"ssoSilent\",\n /**\n * Status set when handleRedirect in progress\n */\n HandleRedirect: \"handleRedirect\",\n /**\n * Status set when interaction is complete\n */\n None: \"none\",\n} as const;\nexport type InteractionStatus =\n (typeof InteractionStatus)[keyof typeof InteractionStatus];\n\nexport const DEFAULT_REQUEST: RedirectRequest | PopupRequest = {\n scopes: OIDC_DEFAULT_SCOPES,\n};\n\n/**\n * JWK Key Format string (Type MUST be defined for window crypto APIs)\n */\nexport const KEY_FORMAT_JWK = \"jwk\";\n\n// Supported wrapper SKUs\nexport const WrapperSKU = {\n React: \"@azure/msal-react\",\n Angular: \"@azure/msal-angular\",\n} as const;\nexport type WrapperSKU = (typeof WrapperSKU)[keyof typeof WrapperSKU];\n\n// DatabaseStorage Constants\nexport const DB_NAME = \"msal.db\";\nexport const DB_VERSION = 1;\nexport const DB_TABLE_NAME = `${DB_NAME}.keys`;\n\nexport const CacheLookupPolicy = {\n /*\n * acquireTokenSilent will attempt to retrieve an access token from the cache. If the access token is expired\n * or cannot be found the refresh token will be used to acquire a new one. Finally, if the refresh token\n * is expired acquireTokenSilent will attempt to acquire new access and refresh tokens.\n */\n Default: 0, // 0 is falsy, is equivalent to not passing in a CacheLookupPolicy\n /*\n * acquireTokenSilent will only look for access tokens in the cache. It will not attempt to renew access or\n * refresh tokens.\n */\n AccessToken: 1,\n /*\n * acquireTokenSilent will attempt to retrieve an access token from the cache. If the access token is expired or\n * cannot be found, the refresh token will be used to acquire a new one. If the refresh token is expired, it\n * will not be renewed and acquireTokenSilent will fail.\n */\n AccessTokenAndRefreshToken: 2,\n /*\n * acquireTokenSilent will not attempt to retrieve access tokens from the cache and will instead attempt to\n * exchange the cached refresh token for a new access token. If the refresh token is expired, it will not be\n * renewed and acquireTokenSilent will fail.\n */\n RefreshToken: 3,\n /*\n * acquireTokenSilent will not look in the cache for the access token. It will go directly to network with the\n * cached refresh token. If the refresh token is expired an attempt will be made to renew it. This is equivalent to\n * setting \"forceRefresh: true\".\n */\n RefreshTokenAndNetwork: 4,\n /*\n * acquireTokenSilent will attempt to renew both access and refresh tokens. It will not look in the cache. This will\n * always fail if 3rd party cookies are blocked by the browser.\n */\n Skip: 5,\n} as const;\nexport type CacheLookupPolicy =\n (typeof CacheLookupPolicy)[keyof typeof CacheLookupPolicy];\n\nexport const iFrameRenewalPolicies: CacheLookupPolicy[] = [\n CacheLookupPolicy.Default,\n CacheLookupPolicy.Skip,\n CacheLookupPolicy.RefreshTokenAndNetwork,\n];\n\nexport const LOG_LEVEL_CACHE_KEY = \"msal.browser.log.level\";\nexport const LOG_PII_CACHE_KEY = \"msal.browser.log.pii\";\n\nexport const BROWSER_PERF_ENABLED_KEY = \"msal.browser.performance.enabled\";\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { InteractionType } from \"./BrowserConstants.js\";\nimport {\n ICrypto,\n RequestStateObject,\n ProtocolUtils,\n createClientAuthError,\n ClientAuthErrorCodes,\n} from \"@azure/msal-common/browser\";\n\nexport type BrowserStateObject = {\n interactionType: InteractionType;\n};\n\n/**\n * Extracts the BrowserStateObject from the state string.\n * @param browserCrypto\n * @param state\n */\nexport function extractBrowserRequestState(\n browserCrypto: ICrypto,\n state: string\n): BrowserStateObject | null {\n if (!state) {\n return null;\n }\n\n try {\n const requestStateObj: RequestStateObject =\n ProtocolUtils.parseRequestState(browserCrypto, state);\n return requestStateObj.libraryState.meta as BrowserStateObject;\n } catch (e) {\n throw createClientAuthError(ClientAuthErrorCodes.invalidState);\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { UrlString, invoke, invokeAsync } from \"@azure/msal-common/browser\";\nimport {\n createBrowserAuthError,\n BrowserAuthErrorCodes,\n} from \"../error/BrowserAuthError.js\";\nimport { BrowserConstants, BrowserCacheLocation } from \"./BrowserConstants.js\";\nimport * as BrowserCrypto from \"../crypto/BrowserCrypto.js\";\nimport {\n BrowserConfigurationAuthErrorCodes,\n createBrowserConfigurationAuthError,\n} from \"../error/BrowserConfigurationAuthError.js\";\nimport { BrowserConfiguration } from \"../config/Configuration.js\";\n\n/**\n * Clears hash from window url.\n */\nexport function clearHash(contentWindow: Window): void {\n // Office.js sets history.replaceState to null\n contentWindow.location.hash = \"\";\n if (typeof contentWindow.history.replaceState === \"function\") {\n // Full removes \"#\" from url\n contentWindow.history.replaceState(\n null,\n \"\",\n `${contentWindow.location.origin}${contentWindow.location.pathname}${contentWindow.location.search}`\n );\n }\n}\n\n/**\n * Replaces current hash with hash from provided url\n */\nexport function replaceHash(url: string): void {\n const urlParts = url.split(\"#\");\n urlParts.shift(); // Remove part before the hash\n window.location.hash = urlParts.length > 0 ? urlParts.join(\"#\") : \"\";\n}\n\n/**\n * Returns boolean of whether the current window is in an iframe or not.\n */\nexport function isInIframe(): boolean {\n return window.parent !== window;\n}\n\n/**\n * Returns boolean of whether or not the current window is a popup opened by msal\n */\nexport function isInPopup(): boolean {\n return (\n typeof window !== \"undefined\" &&\n !!window.opener &&\n window.opener !== window &&\n typeof window.name === \"string\" &&\n window.name.indexOf(`${BrowserConstants.POPUP_NAME_PREFIX}.`) === 0\n );\n}\n\n// #endregion\n\n/**\n * Returns current window URL as redirect uri\n */\nexport function getCurrentUri(): string {\n return typeof window !== \"undefined\" && window.location\n ? window.location.href.split(\"?\")[0].split(\"#\")[0]\n : \"\";\n}\n\n/**\n * Gets the homepage url for the current window location.\n */\nexport function getHomepage(): string {\n const currentUrl = new UrlString(window.location.href);\n const urlComponents = currentUrl.getUrlComponents();\n return `${urlComponents.Protocol}//${urlComponents.HostNameAndPort}/`;\n}\n\n/**\n * Throws error if we have completed an auth and are\n * attempting another auth request inside an iframe.\n */\nexport function blockReloadInHiddenIframes(): void {\n const isResponseHash = UrlString.hashContainsKnownProperties(\n window.location.hash\n );\n // return an error if called from the hidden iframe created by the msal js silent calls\n if (isResponseHash && isInIframe()) {\n throw createBrowserAuthError(BrowserAuthErrorCodes.blockIframeReload);\n }\n}\n\n/**\n * Block redirect operations in iframes unless explicitly allowed\n * @param interactionType Interaction type for the request\n * @param allowRedirectInIframe Config value to allow redirects when app is inside an iframe\n */\nexport function blockRedirectInIframe(allowRedirectInIframe: boolean): void {\n if (isInIframe() && !allowRedirectInIframe) {\n // If we are not in top frame, we shouldn't redirect. This is also handled by the service.\n throw createBrowserAuthError(BrowserAuthErrorCodes.redirectInIframe);\n }\n}\n\n/**\n * Block redirectUri loaded in popup from calling AcquireToken APIs\n */\nexport function blockAcquireTokenInPopups(): void {\n // Popups opened by msal popup APIs are given a name that starts with \"msal.\"\n if (isInPopup()) {\n throw createBrowserAuthError(BrowserAuthErrorCodes.blockNestedPopups);\n }\n}\n\n/**\n * Throws error if token requests are made in non-browser environment\n * @param isBrowserEnvironment Flag indicating if environment is a browser.\n */\nexport function blockNonBrowserEnvironment(): void {\n if (typeof window === \"undefined\") {\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.nonBrowserEnvironment\n );\n }\n}\n\n/**\n * Throws error if initialize hasn't been called\n * @param initialized\n */\nexport function blockAPICallsBeforeInitialize(initialized: boolean): void {\n if (!initialized) {\n throw createBrowserAuthError(\n BrowserAuthErrorCodes.uninitializedPublicClientApplication\n );\n }\n}\n\n/**\n * Helper to validate app environment before making an auth request\n * @param initialized\n */\nexport function preflightCheck(initialized: boolean): void {\n // Block request if not in browser environment\n blockNonBrowserEnvironment();\n\n // Block auth requests inside a hidden iframe\n blockReloadInHiddenIframes();\n\n // Block redirectUri opened in a popup from calling MSAL APIs\n blockAcquireTokenInPopups();\n\n // Block token acquisition before initialize has been called\n blockAPICallsBeforeInitialize(initialized);\n}\n\n/**\n * Helper to validate app enviornment before making redirect request\n * @param initialized\n * @param config\n */\nexport function redirectPreflightCheck(\n initialized: boolean,\n config: BrowserConfiguration\n): void {\n preflightCheck(initialized);\n blockRedirectInIframe(config.system.allowRedirectInIframe);\n // Block redirects if memory storage is enabled but storeAuthStateInCookie is not\n if (\n config.cache.cacheLocation === BrowserCacheLocation.MemoryStorage &&\n !config.cache.storeAuthStateInCookie\n ) {\n throw createBrowserConfigurationAuthError(\n BrowserConfigurationAuthErrorCodes.inMemRedirectUnavailable\n );\n }\n}\n\n/**\n * Adds a preconnect link element to the header which begins DNS resolution and SSL connection in anticipation of the /token request\n * @param loginDomain Authority domain, including https protocol e.g. https://login.microsoftonline.com\n * @returns\n */\nexport function preconnect(authority: string): void {\n const link = document.createElement(\"link\");\n link.rel = \"preconnect\";\n link.href = new URL(authority).origin;\n link.crossOrigin = \"anonymous\";\n document.head.appendChild(link);\n\n // The browser will close connection if not used within a few seconds, remove element from the header after 10s\n window.setTimeout(() => {\n try {\n document.head.removeChild(link);\n } catch {}\n }, 10000); // 10s Timeout\n}\n\n/**\n * Wrapper function that creates a UUID v7 from the current timestamp.\n * @returns {string}\n */\nexport function createGuid(): string {\n return BrowserCrypto.createNewGuid();\n}\n\nexport { invoke };\nexport { invokeAsync };\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { TokenClaims } from \"./TokenClaims.js\";\n/**\n * Account object with the following signature:\n * - homeAccountId - Home account identifier for this account object\n * - environment - Entity which issued the token represented by the domain of the issuer (e.g. login.microsoftonline.com)\n * - tenantId - Full tenant or organizational id that this account belongs to\n * - username - preferred_username claim of the id_token that represents this account\n * - localAccountId - Local, tenant-specific account identifer for this account object, usually used in legacy cases\n * - name - Full name for the account, including given name and family name\n * - idToken - raw ID token\n * - idTokenClaims - Object contains claims from ID token\n * - nativeAccountId - The user's native account ID\n * - tenantProfiles - Map of tenant profile objects for each tenant that the account has authenticated with in the browser\n */\nexport type AccountInfo = {\n homeAccountId: string;\n environment: string;\n tenantId: string;\n username: string;\n localAccountId: string;\n name?: string;\n idToken?: string;\n idTokenClaims?: TokenClaims & {\n [key: string]:\n | string\n | number\n | string[]\n | object\n | undefined\n | unknown;\n };\n nativeAccountId?: string;\n authorityType?: string;\n tenantProfiles?: Map;\n};\n\n/**\n * Account details that vary across tenants for the same user\n */\nexport type TenantProfile = Pick<\n AccountInfo,\n \"tenantId\" | \"localAccountId\" | \"name\"\n> & {\n /**\n * - isHomeTenant - True if this is the home tenant profile of the account, false if it's a guest tenant profile\n */\n isHomeTenant?: boolean;\n};\n\nexport type ActiveAccountFilters = {\n homeAccountId: string;\n localAccountId: string;\n tenantId?: string;\n};\n\n/**\n * Returns true if tenantId matches the utid portion of homeAccountId\n * @param tenantId\n * @param homeAccountId\n * @returns\n */\nexport function tenantIdMatchesHomeTenant(\n tenantId?: string,\n homeAccountId?: string\n): boolean {\n return (\n !!tenantId &&\n !!homeAccountId &&\n tenantId === homeAccountId.split(\".\")[1]\n );\n}\n\n/**\n * Build tenant profile\n * @param homeAccountId - Home account identifier for this account object\n * @param localAccountId - Local account identifer for this account object\n * @param tenantId - Full tenant or organizational id that this account belongs to\n * @param idTokenClaims - Claims from the ID token\n * @returns\n */\nexport function buildTenantProfile(\n homeAccountId: string,\n localAccountId: string,\n tenantId: string,\n idTokenClaims?: TokenClaims\n): TenantProfile {\n if (idTokenClaims) {\n const { oid, sub, tid, name, tfp, acr } = idTokenClaims;\n\n /**\n * Since there is no way to determine if the authority is AAD or B2C, we exhaust all the possible claims that can serve as tenant ID with the following precedence:\n * tid - TenantID claim that identifies the tenant that issued the token in AAD. Expected in all AAD ID tokens, not present in B2C ID Tokens.\n * tfp - Trust Framework Policy claim that identifies the policy that was used to authenticate the user. Functions as tenant for B2C scenarios.\n * acr - Authentication Context Class Reference claim used only with older B2C policies. Fallback in case tfp is not present, but likely won't be present anyway.\n */\n const tenantId = tid || tfp || acr || \"\";\n\n return {\n tenantId: tenantId,\n localAccountId: oid || sub || \"\",\n name: name,\n isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId),\n };\n } else {\n return {\n tenantId,\n localAccountId,\n isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId),\n };\n }\n}\n\n/**\n * Replaces account info that varies by tenant profile sourced from the ID token claims passed in with the tenant-specific account info\n * @param baseAccountInfo\n * @param idTokenClaims\n * @returns\n */\nexport function updateAccountTenantProfileData(\n baseAccountInfo: AccountInfo,\n tenantProfile?: TenantProfile,\n idTokenClaims?: TokenClaims,\n idTokenSecret?: string\n): AccountInfo {\n let updatedAccountInfo = baseAccountInfo;\n // Tenant Profile overrides passed in account info\n if (tenantProfile) {\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n const { isHomeTenant, ...tenantProfileOverride } = tenantProfile;\n updatedAccountInfo = { ...baseAccountInfo, ...tenantProfileOverride };\n }\n\n // ID token claims override passed in account info and tenant profile\n if (idTokenClaims) {\n // Ignore isHomeTenant, loginHint, and sid which are part of tenant profile but not base account info\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n const { isHomeTenant, ...claimsSourcedTenantProfile } =\n buildTenantProfile(\n baseAccountInfo.homeAccountId,\n baseAccountInfo.localAccountId,\n baseAccountInfo.tenantId,\n idTokenClaims\n );\n\n updatedAccountInfo = {\n ...updatedAccountInfo,\n ...claimsSourcedTenantProfile,\n idTokenClaims: idTokenClaims,\n idToken: idTokenSecret,\n };\n\n return updatedAccountInfo;\n }\n\n return updatedAccountInfo;\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { TokenClaims } from \"./TokenClaims.js\";\nimport {\n createClientAuthError,\n ClientAuthErrorCodes,\n} from \"../error/ClientAuthError.js\";\n\n/**\n * Extract token by decoding the rawToken\n *\n * @param encodedToken\n */\nexport function extractTokenClaims(\n encodedToken: string,\n base64Decode: (input: string) => string\n): TokenClaims {\n const jswPayload = getJWSPayload(encodedToken);\n\n // token will be decoded to get the username\n try {\n // base64Decode() should throw an error if there is an issue\n const base64Decoded = base64Decode(jswPayload);\n return JSON.parse(base64Decoded) as TokenClaims;\n } catch (err) {\n throw createClientAuthError(ClientAuthErrorCodes.tokenParsingError);\n }\n}\n\n/**\n * decode a JWT\n *\n * @param authToken\n */\nexport function getJWSPayload(authToken: string): string {\n if (!authToken) {\n throw createClientAuthError(ClientAuthErrorCodes.nullOrEmptyToken);\n }\n const tokenPartsRegex = /^([^\\.\\s]*)\\.([^\\.\\s]+)\\.([^\\.\\s]*)$/;\n const matches = tokenPartsRegex.exec(authToken);\n if (!matches || matches.length < 4) {\n throw createClientAuthError(ClientAuthErrorCodes.tokenParsingError);\n }\n /**\n * const crackedToken = {\n * header: matches[1],\n * JWSPayload: matches[2],\n * JWSSig: matches[3],\n * };\n */\n\n return matches[2];\n}\n\n/**\n * Determine if the token's max_age has transpired\n */\nexport function checkMaxAge(authTime: number, maxAge: number): void {\n /*\n * per https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest\n * To force an immediate re-authentication: If an app requires that a user re-authenticate prior to access,\n * provide a value of 0 for the max_age parameter and the AS will force a fresh login.\n */\n const fiveMinuteSkew = 300000; // five minutes in milliseconds\n if (maxAge === 0 || Date.now() - fiveMinuteSkew > authTime + maxAge) {\n throw createClientAuthError(ClientAuthErrorCodes.maxAgeTranspired);\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nexport type CcsCredential = {\n credential: string;\n type: CcsCredentialType;\n};\n\nexport const CcsCredentialType = {\n HOME_ACCOUNT_ID: \"home_account_id\",\n UPN: \"UPN\",\n} as const;\nexport type CcsCredentialType =\n (typeof CcsCredentialType)[keyof typeof CcsCredentialType];\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n createClientAuthError,\n ClientAuthErrorCodes,\n} from \"../error/ClientAuthError.js\";\nimport { Separators, Constants } from \"../utils/Constants.js\";\n\n/**\n * Client info object which consists of two IDs. Need to add more info here.\n */\nexport type ClientInfo = {\n uid: string;\n utid: string;\n};\n\n/**\n * Function to build a client info object from server clientInfo string\n * @param rawClientInfo\n * @param crypto\n */\nexport function buildClientInfo(\n rawClientInfo: string,\n base64Decode: (input: string) => string\n): ClientInfo {\n if (!rawClientInfo) {\n throw createClientAuthError(ClientAuthErrorCodes.clientInfoEmptyError);\n }\n\n try {\n const decodedClientInfo: string = base64Decode(rawClientInfo);\n return JSON.parse(decodedClientInfo) as ClientInfo;\n } catch (e) {\n throw createClientAuthError(\n ClientAuthErrorCodes.clientInfoDecodingError\n );\n }\n}\n\n/**\n * Function to build a client info object from cached homeAccountId string\n * @param homeAccountId\n */\nexport function buildClientInfoFromHomeAccountId(\n homeAccountId: string\n): ClientInfo {\n if (!homeAccountId) {\n throw createClientAuthError(\n ClientAuthErrorCodes.clientInfoDecodingError\n );\n }\n const clientInfoParts: string[] = homeAccountId.split(\n Separators.CLIENT_INFO_SEPARATOR,\n 2\n );\n return {\n uid: clientInfoParts[0],\n utid:\n clientInfoParts.length < 2\n ? Constants.EMPTY_STRING\n : clientInfoParts[1],\n };\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\n/**\n * Type which describes Id Token claims known by MSAL.\n */\nexport type TokenClaims = {\n /**\n * Audience\n */\n aud?: string;\n /**\n * Issuer\n */\n iss?: string;\n /**\n * Issued at\n */\n iat?: number;\n /**\n * Not valid before\n */\n nbf?: number;\n /**\n * Immutable object identifier, this ID uniquely identifies the user across applications\n */\n oid?: string;\n /**\n * Immutable subject identifier, this is a pairwise identifier - it is unique to a particular application ID\n */\n sub?: string;\n /**\n * Users' tenant or '9188040d-6c67-4c5b-b112-36a304b66dad' for personal accounts.\n */\n tid?: string;\n /**\n * Trusted Framework Policy (B2C) The name of the policy that was used to acquire the ID token.\n */\n tfp?: string;\n /**\n * Authentication Context Class Reference (B2C) Used only with older policies.\n */\n acr?: string;\n ver?: string;\n upn?: string;\n preferred_username?: string;\n login_hint?: string;\n emails?: string[];\n name?: string;\n nonce?: string;\n /**\n * Expiration\n */\n exp?: number;\n home_oid?: string;\n sid?: string;\n cloud_instance_host_name?: string;\n cnf?: {\n kid: string;\n };\n x5c_ca?: string[];\n ts?: number;\n at?: string;\n u?: string;\n p?: string;\n m?: string;\n roles?: string[];\n amr?: string[];\n idp?: string;\n auth_time?: number;\n /**\n * \tRegion of the resource tenant\n */\n tenant_region_scope?: string;\n tenant_region_sub_scope?: string;\n};\n\n/**\n * Gets tenantId from available ID token claims to set as credential realm with the following precedence:\n * 1. tid - if the token is acquired from an Azure AD tenant tid will be present\n * 2. tfp - if the token is acquired from a modern B2C tenant tfp should be present\n * 3. acr - if the token is acquired from a legacy B2C tenant acr should be present\n * Downcased to match the realm case-insensitive comparison requirements\n * @param idTokenClaims\n * @returns\n */\nexport function getTenantIdFromIdTokenClaims(\n idTokenClaims?: TokenClaims\n): string | null {\n if (idTokenClaims) {\n const tenantId =\n idTokenClaims.tid || idTokenClaims.tfp || idTokenClaims.acr;\n return tenantId || null;\n }\n return null;\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { INetworkModule } from \"../network/INetworkModule.js\";\nimport { NetworkResponse } from \"../network/NetworkResponse.js\";\nimport { IMDSBadResponse } from \"../response/IMDSBadResponse.js\";\nimport {\n Constants,\n RegionDiscoverySources,\n ResponseCodes,\n} from \"../utils/Constants.js\";\nimport { RegionDiscoveryMetadata } from \"./RegionDiscoveryMetadata.js\";\nimport { ImdsOptions } from \"./ImdsOptions.js\";\nimport { IPerformanceClient } from \"../telemetry/performance/IPerformanceClient.js\";\nimport { PerformanceEvents } from \"../telemetry/performance/PerformanceEvent.js\";\nimport { invokeAsync } from \"../utils/FunctionWrappers.js\";\nimport { Logger } from \"../logger/Logger.js\";\n\nexport class RegionDiscovery {\n // Network interface to make requests with.\n protected networkInterface: INetworkModule;\n // Logger\n private logger: Logger;\n // Performance client\n protected performanceClient: IPerformanceClient | undefined;\n // CorrelationId\n protected correlationId: string | undefined;\n // Options for the IMDS endpoint request\n protected static IMDS_OPTIONS: ImdsOptions = {\n headers: {\n Metadata: \"true\",\n },\n };\n\n constructor(\n networkInterface: INetworkModule,\n logger: Logger,\n performanceClient?: IPerformanceClient,\n correlationId?: string\n ) {\n this.networkInterface = networkInterface;\n this.logger = logger;\n this.performanceClient = performanceClient;\n this.correlationId = correlationId;\n }\n\n /**\n * Detect the region from the application's environment.\n *\n * @returns Promise\n */\n public async detectRegion(\n environmentRegion: string | undefined,\n regionDiscoveryMetadata: RegionDiscoveryMetadata\n ): Promise {\n this.performanceClient?.addQueueMeasurement(\n PerformanceEvents.RegionDiscoveryDetectRegion,\n this.correlationId\n );\n\n // Initialize auto detected region with the region from the envrionment\n let autodetectedRegionName = environmentRegion;\n\n // Check if a region was detected from the environment, if not, attempt to get the region from IMDS\n if (!autodetectedRegionName) {\n const options = RegionDiscovery.IMDS_OPTIONS;\n\n try {\n const localIMDSVersionResponse = await invokeAsync(\n this.getRegionFromIMDS.bind(this),\n PerformanceEvents.RegionDiscoveryGetRegionFromIMDS,\n this.logger,\n this.performanceClient,\n this.correlationId\n )(Constants.IMDS_VERSION, options);\n if (\n localIMDSVersionResponse.status ===\n ResponseCodes.httpSuccess\n ) {\n autodetectedRegionName = localIMDSVersionResponse.body;\n regionDiscoveryMetadata.region_source =\n RegionDiscoverySources.IMDS;\n }\n\n // If the response using the local IMDS version failed, try to fetch the current version of IMDS and retry.\n if (\n localIMDSVersionResponse.status ===\n ResponseCodes.httpBadRequest\n ) {\n const currentIMDSVersion = await invokeAsync(\n this.getCurrentVersion.bind(this),\n PerformanceEvents.RegionDiscoveryGetCurrentVersion,\n this.logger,\n this.performanceClient,\n this.correlationId\n )(options);\n if (!currentIMDSVersion) {\n regionDiscoveryMetadata.region_source =\n RegionDiscoverySources.FAILED_AUTO_DETECTION;\n return null;\n }\n\n const currentIMDSVersionResponse = await invokeAsync(\n this.getRegionFromIMDS.bind(this),\n PerformanceEvents.RegionDiscoveryGetRegionFromIMDS,\n this.logger,\n this.performanceClient,\n this.correlationId\n )(currentIMDSVersion, options);\n if (\n currentIMDSVersionResponse.status ===\n ResponseCodes.httpSuccess\n ) {\n autodetectedRegionName =\n currentIMDSVersionResponse.body;\n regionDiscoveryMetadata.region_source =\n RegionDiscoverySources.IMDS;\n }\n }\n } catch (e) {\n regionDiscoveryMetadata.region_source =\n RegionDiscoverySources.FAILED_AUTO_DETECTION;\n return null;\n }\n } else {\n regionDiscoveryMetadata.region_source =\n RegionDiscoverySources.ENVIRONMENT_VARIABLE;\n }\n\n // If no region was auto detected from the environment or from the IMDS endpoint, mark the attempt as a FAILED_AUTO_DETECTION\n if (!autodetectedRegionName) {\n regionDiscoveryMetadata.region_source =\n RegionDiscoverySources.FAILED_AUTO_DETECTION;\n }\n\n return autodetectedRegionName || null;\n }\n\n /**\n * Make the call to the IMDS endpoint\n *\n * @param imdsEndpointUrl\n * @returns Promise>\n */\n private async getRegionFromIMDS(\n version: string,\n options: ImdsOptions\n ): Promise> {\n this.performanceClient?.addQueueMeasurement(\n PerformanceEvents.RegionDiscoveryGetRegionFromIMDS,\n this.correlationId\n );\n return this.networkInterface.sendGetRequestAsync(\n `${Constants.IMDS_ENDPOINT}?api-version=${version}&format=text`,\n options,\n Constants.IMDS_TIMEOUT\n );\n }\n\n /**\n * Get the most recent version of the IMDS endpoint available\n *\n * @returns Promise\n */\n private async getCurrentVersion(\n options: ImdsOptions\n ): Promise {\n this.performanceClient?.addQueueMeasurement(\n PerformanceEvents.RegionDiscoveryGetCurrentVersion,\n this.correlationId\n );\n try {\n const response =\n await this.networkInterface.sendGetRequestAsync(\n `${Constants.IMDS_ENDPOINT}?format=json`,\n options\n );\n\n // When IMDS endpoint is called without the api version query param, bad request response comes back with latest version.\n if (\n response.status === ResponseCodes.httpBadRequest &&\n response.body &&\n response.body[\"newest-versions\"] &&\n response.body[\"newest-versions\"].length > 0\n ) {\n return response.body[\"newest-versions\"][0];\n }\n\n return null;\n } catch (e) {\n return null;\n }\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { AuthorityType } from \"./AuthorityType.js\";\nimport {\n isOpenIdConfigResponse,\n OpenIdConfigResponse,\n} from \"./OpenIdConfigResponse.js\";\nimport { UrlString } from \"../url/UrlString.js\";\nimport { IUri } from \"../url/IUri.js\";\nimport {\n createClientAuthError,\n ClientAuthErrorCodes,\n} from \"../error/ClientAuthError.js\";\nimport { INetworkModule } from \"../network/INetworkModule.js\";\nimport {\n AADAuthorityConstants,\n AuthorityMetadataSource,\n Constants,\n RegionDiscoveryOutcomes,\n} from \"../utils/Constants.js\";\nimport {\n EndpointMetadata,\n getCloudDiscoveryMetadataFromHardcodedValues,\n getCloudDiscoveryMetadataFromNetworkResponse,\n InstanceDiscoveryMetadataAliases,\n} from \"./AuthorityMetadata.js\";\nimport {\n createClientConfigurationError,\n ClientConfigurationErrorCodes,\n} from \"../error/ClientConfigurationError.js\";\nimport { ProtocolMode } from \"./ProtocolMode.js\";\nimport { ICacheManager } from \"../cache/interface/ICacheManager.js\";\nimport { AuthorityMetadataEntity } from \"../cache/entities/AuthorityMetadataEntity.js\";\nimport {\n AuthorityOptions,\n AzureCloudInstance,\n StaticAuthorityOptions,\n} from \"./AuthorityOptions.js\";\nimport {\n CloudInstanceDiscoveryResponse,\n isCloudInstanceDiscoveryResponse,\n} from \"./CloudInstanceDiscoveryResponse.js\";\nimport {\n CloudInstanceDiscoveryErrorResponse,\n isCloudInstanceDiscoveryErrorResponse,\n} from \"./CloudInstanceDiscoveryErrorResponse.js\";\nimport { CloudDiscoveryMetadata } from \"./CloudDiscoveryMetadata.js\";\nimport { RegionDiscovery } from \"./RegionDiscovery.js\";\nimport { RegionDiscoveryMetadata } from \"./RegionDiscoveryMetadata.js\";\nimport { ImdsOptions } from \"./ImdsOptions.js\";\nimport { AzureCloudOptions } from \"../config/ClientConfiguration.js\";\nimport { Logger } from \"../logger/Logger.js\";\nimport { AuthError } from \"../error/AuthError.js\";\nimport { IPerformanceClient } from \"../telemetry/performance/IPerformanceClient.js\";\nimport { PerformanceEvents } from \"../telemetry/performance/PerformanceEvent.js\";\nimport { invokeAsync } from \"../utils/FunctionWrappers.js\";\nimport * as CacheHelpers from \"../cache/utils/CacheHelpers.js\";\n\n/**\n * The authority class validates the authority URIs used by the user, and retrieves the OpenID Configuration Data from the\n * endpoint. It will store the pertinent config data in this object for use during token calls.\n * @internal\n */\nexport class Authority {\n // Canonical authority url string\n private _canonicalAuthority: UrlString;\n // Canonicaly authority url components\n private _canonicalAuthorityUrlComponents: IUri | null;\n // Network interface to make requests with.\n protected networkInterface: INetworkModule;\n // Cache Manager to cache network responses\n protected cacheManager: ICacheManager;\n // Protocol mode to construct endpoints\n private authorityOptions: AuthorityOptions;\n // Authority metadata\n private metadata: AuthorityMetadataEntity;\n // Region discovery service\n private regionDiscovery: RegionDiscovery;\n // Region discovery metadata\n public regionDiscoveryMetadata: RegionDiscoveryMetadata;\n // Logger object\n private logger: Logger;\n // Performance client\n protected performanceClient: IPerformanceClient | undefined;\n // Correlation Id\n protected correlationId: string;\n // Indicates if the authority is fake, for the purpose of a Managed Identity Application\n private managedIdentity: boolean;\n // Reserved tenant domain names that will not be replaced with tenant id\n private static reservedTenantDomains: Set = new Set([\n \"{tenant}\",\n \"{tenantid}\",\n AADAuthorityConstants.COMMON,\n AADAuthorityConstants.CONSUMERS,\n AADAuthorityConstants.ORGANIZATIONS,\n ]);\n\n constructor(\n authority: string,\n networkInterface: INetworkModule,\n cacheManager: ICacheManager,\n authorityOptions: AuthorityOptions,\n logger: Logger,\n correlationId: string,\n performanceClient?: IPerformanceClient,\n managedIdentity?: boolean\n ) {\n this.canonicalAuthority = authority;\n this._canonicalAuthority.validateAsUri();\n this.networkInterface = networkInterface;\n this.cacheManager = cacheManager;\n this.authorityOptions = authorityOptions;\n this.regionDiscoveryMetadata = {\n region_used: undefined,\n region_source: undefined,\n region_outcome: undefined,\n };\n this.logger = logger;\n this.performanceClient = performanceClient;\n this.correlationId = correlationId;\n this.managedIdentity = managedIdentity || false;\n this.regionDiscovery = new RegionDiscovery(\n networkInterface,\n this.logger,\n this.performanceClient,\n this.correlationId\n );\n }\n\n /**\n * Get {@link AuthorityType}\n * @param authorityUri {@link IUri}\n * @private\n */\n private getAuthorityType(authorityUri: IUri): AuthorityType {\n // CIAM auth url pattern is being standardized as: .ciamlogin.com\n if (authorityUri.HostNameAndPort.endsWith(Constants.CIAM_AUTH_URL)) {\n return AuthorityType.Ciam;\n }\n\n const pathSegments = authorityUri.PathSegments;\n if (pathSegments.length) {\n switch (pathSegments[0].toLowerCase()) {\n case Constants.ADFS:\n return AuthorityType.Adfs;\n case Constants.DSTS:\n return AuthorityType.Dsts;\n default:\n break;\n }\n }\n return AuthorityType.Default;\n }\n\n // See above for AuthorityType\n public get authorityType(): AuthorityType {\n return this.getAuthorityType(this.canonicalAuthorityUrlComponents);\n }\n\n /**\n * ProtocolMode enum representing the way endpoints are constructed.\n */\n public get protocolMode(): ProtocolMode {\n return this.authorityOptions.protocolMode;\n }\n\n /**\n * Returns authorityOptions which can be used to reinstantiate a new authority instance\n */\n public get options(): AuthorityOptions {\n return this.authorityOptions;\n }\n\n /**\n * A URL that is the authority set by the developer\n */\n public get canonicalAuthority(): string {\n return this._canonicalAuthority.urlString;\n }\n\n /**\n * Sets canonical authority.\n */\n public set canonicalAuthority(url: string) {\n this._canonicalAuthority = new UrlString(url);\n this._canonicalAuthority.validateAsUri();\n this._canonicalAuthorityUrlComponents = null;\n }\n\n /**\n * Get authority components.\n */\n public get canonicalAuthorityUrlComponents(): IUri {\n if (!this._canonicalAuthorityUrlComponents) {\n this._canonicalAuthorityUrlComponents =\n this._canonicalAuthority.getUrlComponents();\n }\n\n return this._canonicalAuthorityUrlComponents;\n }\n\n /**\n * Get hostname and port i.e. login.microsoftonline.com\n */\n public get hostnameAndPort(): string {\n return this.canonicalAuthorityUrlComponents.HostNameAndPort.toLowerCase();\n }\n\n /**\n * Get tenant for authority.\n */\n public get tenant(): string {\n return this.canonicalAuthorityUrlComponents.PathSegments[0];\n }\n\n /**\n * OAuth /authorize endpoint for requests\n */\n public get authorizationEndpoint(): string {\n if (this.discoveryComplete()) {\n return this.replacePath(this.metadata.authorization_endpoint);\n } else {\n throw createClientAuthError(\n ClientAuthErrorCodes.endpointResolutionError\n );\n }\n }\n\n /**\n * OAuth /token endpoint for requests\n */\n public get tokenEndpoint(): string {\n if (this.discoveryComplete()) {\n return this.replacePath(this.metadata.token_endpoint);\n } else {\n throw createClientAuthError(\n ClientAuthErrorCodes.endpointResolutionError\n );\n }\n }\n\n public get deviceCodeEndpoint(): string {\n if (this.discoveryComplete()) {\n return this.replacePath(\n this.metadata.token_endpoint.replace(\"/token\", \"/devicecode\")\n );\n } else {\n throw createClientAuthError(\n ClientAuthErrorCodes.endpointResolutionError\n );\n }\n }\n\n /**\n * OAuth logout endpoint for requests\n */\n public get endSessionEndpoint(): string {\n if (this.discoveryComplete()) {\n // ROPC policies may not have end_session_endpoint set\n if (!this.metadata.end_session_endpoint) {\n throw createClientAuthError(\n ClientAuthErrorCodes.endSessionEndpointNotSupported\n );\n }\n return this.replacePath(this.metadata.end_session_endpoint);\n } else {\n throw createClientAuthError(\n ClientAuthErrorCodes.endpointResolutionError\n );\n }\n }\n\n /**\n * OAuth issuer for requests\n */\n public get selfSignedJwtAudience(): string {\n if (this.discoveryComplete()) {\n return this.replacePath(this.metadata.issuer);\n } else {\n throw createClientAuthError(\n ClientAuthErrorCodes.endpointResolutionError\n );\n }\n }\n\n /**\n * Jwks_uri for token signing keys\n */\n public get jwksUri(): string {\n if (this.discoveryComplete()) {\n return this.replacePath(this.metadata.jwks_uri);\n } else {\n throw createClientAuthError(\n ClientAuthErrorCodes.endpointResolutionError\n );\n }\n }\n\n /**\n * Returns a flag indicating that tenant name can be replaced in authority {@link IUri}\n * @param authorityUri {@link IUri}\n * @private\n */\n private canReplaceTenant(authorityUri: IUri): boolean {\n return (\n authorityUri.PathSegments.length === 1 &&\n !Authority.reservedTenantDomains.has(\n authorityUri.PathSegments[0]\n ) &&\n this.getAuthorityType(authorityUri) === AuthorityType.Default &&\n this.protocolMode === ProtocolMode.AAD\n );\n }\n\n /**\n * Replaces tenant in url path with current tenant. Defaults to common.\n * @param urlString\n */\n private replaceTenant(urlString: string): string {\n return urlString.replace(/{tenant}|{tenantid}/g, this.tenant);\n }\n\n /**\n * Replaces path such as tenant or policy with the current tenant or policy.\n * @param urlString\n */\n private replacePath(urlString: string): string {\n let endpoint = urlString;\n const cachedAuthorityUrl = new UrlString(\n this.metadata.canonical_authority\n );\n const cachedAuthorityUrlComponents =\n cachedAuthorityUrl.getUrlComponents();\n const cachedAuthorityParts = cachedAuthorityUrlComponents.PathSegments;\n const currentAuthorityParts =\n this.canonicalAuthorityUrlComponents.PathSegments;\n\n currentAuthorityParts.forEach((currentPart, index) => {\n let cachedPart = cachedAuthorityParts[index];\n if (\n index === 0 &&\n this.canReplaceTenant(cachedAuthorityUrlComponents)\n ) {\n const tenantId = new UrlString(\n this.metadata.authorization_endpoint\n ).getUrlComponents().PathSegments[0];\n /**\n * Check if AAD canonical authority contains tenant domain name, for example \"testdomain.onmicrosoft.com\",\n * by comparing its first path segment to the corresponding authorization endpoint path segment, which is\n * always resolved with tenant id by OIDC.\n */\n if (cachedPart !== tenantId) {\n this.logger.verbose(\n `Replacing tenant domain name ${cachedPart} with id ${tenantId}`\n );\n cachedPart = tenantId;\n }\n }\n if (currentPart !== cachedPart) {\n endpoint = endpoint.replace(\n `/${cachedPart}/`,\n `/${currentPart}/`\n );\n }\n });\n\n return this.replaceTenant(endpoint);\n }\n\n /**\n * The default open id configuration endpoint for any canonical authority.\n */\n protected get defaultOpenIdConfigurationEndpoint(): string {\n const canonicalAuthorityHost = this.hostnameAndPort;\n if (\n this.canonicalAuthority.endsWith(\"v2.0/\") ||\n this.authorityType === AuthorityType.Adfs ||\n (this.protocolMode !== ProtocolMode.AAD &&\n !this.isAliasOfKnownMicrosoftAuthority(canonicalAuthorityHost))\n ) {\n return `${this.canonicalAuthority}.well-known/openid-configuration`;\n }\n return `${this.canonicalAuthority}v2.0/.well-known/openid-configuration`;\n }\n\n /**\n * Boolean that returns whether or not tenant discovery has been completed.\n */\n discoveryComplete(): boolean {\n return !!this.metadata;\n }\n\n /**\n * Perform endpoint discovery to discover aliases, preferred_cache, preferred_network\n * and the /authorize, /token and logout endpoints.\n */\n public async resolveEndpointsAsync(): Promise {\n this.performanceClient?.addQueueMeasurement(\n PerformanceEvents.AuthorityResolveEndpointsAsync,\n this.correlationId\n );\n\n const metadataEntity = this.getCurrentMetadataEntity();\n\n const cloudDiscoverySource = await invokeAsync(\n this.updateCloudDiscoveryMetadata.bind(this),\n PerformanceEvents.AuthorityUpdateCloudDiscoveryMetadata,\n this.logger,\n this.performanceClient,\n this.correlationId\n )(metadataEntity);\n this.canonicalAuthority = this.canonicalAuthority.replace(\n this.hostnameAndPort,\n metadataEntity.preferred_network\n );\n const endpointSource = await invokeAsync(\n this.updateEndpointMetadata.bind(this),\n PerformanceEvents.AuthorityUpdateEndpointMetadata,\n this.logger,\n this.performanceClient,\n this.correlationId\n )(metadataEntity);\n this.updateCachedMetadata(metadataEntity, cloudDiscoverySource, {\n source: endpointSource,\n });\n this.performanceClient?.addFields(\n {\n cloudDiscoverySource: cloudDiscoverySource,\n authorityEndpointSource: endpointSource,\n },\n this.correlationId\n );\n }\n\n /**\n * Returns metadata entity from cache if it exists, otherwiser returns a new metadata entity built\n * from the configured canonical authority\n * @returns\n */\n private getCurrentMetadataEntity(): AuthorityMetadataEntity {\n let metadataEntity: AuthorityMetadataEntity | null =\n this.cacheManager.getAuthorityMetadataByAlias(this.hostnameAndPort);\n\n if (!metadataEntity) {\n metadataEntity = {\n aliases: [],\n preferred_cache: this.hostnameAndPort,\n preferred_network: this.hostnameAndPort,\n canonical_authority: this.canonicalAuthority,\n authorization_endpoint: \"\",\n token_endpoint: \"\",\n end_session_endpoint: \"\",\n issuer: \"\",\n aliasesFromNetwork: false,\n endpointsFromNetwork: false,\n expiresAt: CacheHelpers.generateAuthorityMetadataExpiresAt(),\n jwks_uri: \"\",\n };\n }\n return metadataEntity;\n }\n\n /**\n * Updates cached metadata based on metadata source and sets the instance's metadata\n * property to the same value\n * @param metadataEntity\n * @param cloudDiscoverySource\n * @param endpointMetadataResult\n */\n private updateCachedMetadata(\n metadataEntity: AuthorityMetadataEntity,\n cloudDiscoverySource: AuthorityMetadataSource | null,\n endpointMetadataResult: {\n source: AuthorityMetadataSource;\n metadata?: OpenIdConfigResponse;\n } | null\n ): void {\n if (\n cloudDiscoverySource !== AuthorityMetadataSource.CACHE &&\n endpointMetadataResult?.source !== AuthorityMetadataSource.CACHE\n ) {\n // Reset the expiration time unless both values came from a successful cache lookup\n metadataEntity.expiresAt =\n CacheHelpers.generateAuthorityMetadataExpiresAt();\n metadataEntity.canonical_authority = this.canonicalAuthority;\n }\n\n const cacheKey = this.cacheManager.generateAuthorityMetadataCacheKey(\n metadataEntity.preferred_cache\n );\n this.cacheManager.setAuthorityMetadata(cacheKey, metadataEntity);\n this.metadata = metadataEntity;\n }\n\n /**\n * Update AuthorityMetadataEntity with new endpoints and return where the information came from\n * @param metadataEntity\n */\n private async updateEndpointMetadata(\n metadataEntity: AuthorityMetadataEntity\n ): Promise {\n this.performanceClient?.addQueueMeasurement(\n PerformanceEvents.AuthorityUpdateEndpointMetadata,\n this.correlationId\n );\n\n const localMetadata =\n this.updateEndpointMetadataFromLocalSources(metadataEntity);\n\n // Further update may be required for hardcoded metadata if regional metadata is preferred\n if (localMetadata) {\n if (\n localMetadata.source ===\n AuthorityMetadataSource.HARDCODED_VALUES\n ) {\n // If the user prefers to use an azure region replace the global endpoints with regional information.\n if (\n this.authorityOptions.azureRegionConfiguration?.azureRegion\n ) {\n if (localMetadata.metadata) {\n const hardcodedMetadata = await invokeAsync(\n this.updateMetadataWithRegionalInformation.bind(\n this\n ),\n PerformanceEvents.AuthorityUpdateMetadataWithRegionalInformation,\n this.logger,\n this.performanceClient,\n this.correlationId\n )(localMetadata.metadata);\n CacheHelpers.updateAuthorityEndpointMetadata(\n metadataEntity,\n hardcodedMetadata,\n false\n );\n metadataEntity.canonical_authority =\n this.canonicalAuthority;\n }\n }\n }\n return localMetadata.source;\n }\n\n // Get metadata from network if local sources aren't available\n let metadata = await invokeAsync(\n this.getEndpointMetadataFromNetwork.bind(this),\n PerformanceEvents.AuthorityGetEndpointMetadataFromNetwork,\n this.logger,\n this.performanceClient,\n this.correlationId\n )();\n if (metadata) {\n // If the user prefers to use an azure region replace the global endpoints with regional information.\n if (this.authorityOptions.azureRegionConfiguration?.azureRegion) {\n metadata = await invokeAsync(\n this.updateMetadataWithRegionalInformation.bind(this),\n PerformanceEvents.AuthorityUpdateMetadataWithRegionalInformation,\n this.logger,\n this.performanceClient,\n this.correlationId\n )(metadata);\n }\n\n CacheHelpers.updateAuthorityEndpointMetadata(\n metadataEntity,\n metadata,\n true\n );\n return AuthorityMetadataSource.NETWORK;\n } else {\n // Metadata could not be obtained from the config, cache, network or hardcoded values\n throw createClientAuthError(\n ClientAuthErrorCodes.openIdConfigError,\n this.defaultOpenIdConfigurationEndpoint\n );\n }\n }\n\n /**\n * Updates endpoint metadata from local sources and returns where the information was retrieved from and the metadata config\n * response if the source is hardcoded metadata\n * @param metadataEntity\n * @returns\n */\n private updateEndpointMetadataFromLocalSources(\n metadataEntity: AuthorityMetadataEntity\n ): {\n source: AuthorityMetadataSource;\n metadata?: OpenIdConfigResponse;\n } | null {\n this.logger.verbose(\n \"Attempting to get endpoint metadata from authority configuration\"\n );\n const configMetadata = this.getEndpointMetadataFromConfig();\n if (configMetadata) {\n this.logger.verbose(\n \"Found endpoint metadata in authority configuration\"\n );\n CacheHelpers.updateAuthorityEndpointMetadata(\n metadataEntity,\n configMetadata,\n false\n );\n return {\n source: AuthorityMetadataSource.CONFIG,\n };\n }\n\n this.logger.verbose(\n \"Did not find endpoint metadata in the config... Attempting to get endpoint metadata from the hardcoded values.\"\n );\n\n // skipAuthorityMetadataCache is used to bypass hardcoded authority metadata and force a network metadata cache lookup and network metadata request if no cached response is available.\n if (this.authorityOptions.skipAuthorityMetadataCache) {\n this.logger.verbose(\n \"Skipping hardcoded metadata cache since skipAuthorityMetadataCache is set to true. Attempting to get endpoint metadata from the network metadata cache.\"\n );\n } else {\n const hardcodedMetadata =\n this.getEndpointMetadataFromHardcodedValues();\n if (hardcodedMetadata) {\n CacheHelpers.updateAuthorityEndpointMetadata(\n metadataEntity,\n hardcodedMetadata,\n false\n );\n return {\n source: AuthorityMetadataSource.HARDCODED_VALUES,\n metadata: hardcodedMetadata,\n };\n } else {\n this.logger.verbose(\n \"Did not find endpoint metadata in hardcoded values... Attempting to get endpoint metadata from the network metadata cache.\"\n );\n }\n }\n\n // Check cached metadata entity expiration status\n const metadataEntityExpired =\n CacheHelpers.isAuthorityMetadataExpired(metadataEntity);\n if (\n this.isAuthoritySameType(metadataEntity) &&\n metadataEntity.endpointsFromNetwork &&\n !metadataEntityExpired\n ) {\n // No need to update\n this.logger.verbose(\"Found endpoint metadata in the cache.\");\n return { source: AuthorityMetadataSource.CACHE };\n } else if (metadataEntityExpired) {\n this.logger.verbose(\"The metadata entity is expired.\");\n }\n\n return null;\n }\n\n /**\n * Compares the number of url components after the domain to determine if the cached\n * authority metadata can be used for the requested authority. Protects against same domain different\n * authority such as login.microsoftonline.com/tenant and login.microsoftonline.com/tfp/tenant/policy\n * @param metadataEntity\n */\n private isAuthoritySameType(\n metadataEntity: AuthorityMetadataEntity\n ): boolean {\n const cachedAuthorityUrl = new UrlString(\n metadataEntity.canonical_authority\n );\n const cachedParts = cachedAuthorityUrl.getUrlComponents().PathSegments;\n\n return (\n cachedParts.length ===\n this.canonicalAuthorityUrlComponents.PathSegments.length\n );\n }\n\n /**\n * Parse authorityMetadata config option\n */\n private getEndpointMetadataFromConfig(): OpenIdConfigResponse | null {\n if (this.authorityOptions.authorityMetadata) {\n try {\n return JSON.parse(\n this.authorityOptions.authorityMetadata\n ) as OpenIdConfigResponse;\n } catch (e) {\n throw createClientConfigurationError(\n ClientConfigurationErrorCodes.invalidAuthorityMetadata\n );\n }\n }\n\n return null;\n }\n\n /**\n * Gets OAuth endpoints from the given OpenID configuration endpoint.\n *\n * @param hasHardcodedMetadata boolean\n */\n private async getEndpointMetadataFromNetwork(): Promise {\n this.performanceClient?.addQueueMeasurement(\n PerformanceEvents.AuthorityGetEndpointMetadataFromNetwork,\n this.correlationId\n );\n\n const options: ImdsOptions = {};\n\n /*\n * TODO: Add a timeout if the authority exists in our library's\n * hardcoded list of metadata\n */\n\n const openIdConfigurationEndpoint =\n this.defaultOpenIdConfigurationEndpoint;\n this.logger.verbose(\n `Authority.getEndpointMetadataFromNetwork: attempting to retrieve OAuth endpoints from ${openIdConfigurationEndpoint}`\n );\n\n try {\n const response =\n await this.networkInterface.sendGetRequestAsync(\n openIdConfigurationEndpoint,\n options\n );\n const isValidResponse = isOpenIdConfigResponse(response.body);\n if (isValidResponse) {\n return response.body;\n } else {\n this.logger.verbose(\n `Authority.getEndpointMetadataFromNetwork: could not parse response as OpenID configuration`\n );\n return null;\n }\n } catch (e) {\n this.logger.verbose(\n `Authority.getEndpointMetadataFromNetwork: ${e}`\n );\n return null;\n }\n }\n\n /**\n * Get OAuth endpoints for common authorities.\n */\n private getEndpointMetadataFromHardcodedValues(): OpenIdConfigResponse | null {\n if (this.hostnameAndPort in EndpointMetadata) {\n return EndpointMetadata[this.hostnameAndPort];\n }\n\n return null;\n }\n\n /**\n * Update the retrieved metadata with regional information.\n * User selected Azure region will be used if configured.\n */\n private async updateMetadataWithRegionalInformation(\n metadata: OpenIdConfigResponse\n ): Promise {\n this.performanceClient?.addQueueMeasurement(\n PerformanceEvents.AuthorityUpdateMetadataWithRegionalInformation,\n this.correlationId\n );\n\n const userConfiguredAzureRegion =\n this.authorityOptions.azureRegionConfiguration?.azureRegion;\n\n if (userConfiguredAzureRegion) {\n if (\n userConfiguredAzureRegion !==\n Constants.AZURE_REGION_AUTO_DISCOVER_FLAG\n ) {\n this.regionDiscoveryMetadata.region_outcome =\n RegionDiscoveryOutcomes.CONFIGURED_NO_AUTO_DETECTION;\n this.regionDiscoveryMetadata.region_used =\n userConfiguredAzureRegion;\n return Authority.replaceWithRegionalInformation(\n metadata,\n userConfiguredAzureRegion\n );\n }\n\n const autodetectedRegionName = await invokeAsync(\n this.regionDiscovery.detectRegion.bind(this.regionDiscovery),\n PerformanceEvents.RegionDiscoveryDetectRegion,\n this.logger,\n this.performanceClient,\n this.correlationId\n )(\n this.authorityOptions.azureRegionConfiguration\n ?.environmentRegion,\n this.regionDiscoveryMetadata\n );\n\n if (autodetectedRegionName) {\n this.regionDiscoveryMetadata.region_outcome =\n RegionDiscoveryOutcomes.AUTO_DETECTION_REQUESTED_SUCCESSFUL;\n this.regionDiscoveryMetadata.region_used =\n autodetectedRegionName;\n return Authority.replaceWithRegionalInformation(\n metadata,\n autodetectedRegionName\n );\n }\n\n this.regionDiscoveryMetadata.region_outcome =\n RegionDiscoveryOutcomes.AUTO_DETECTION_REQUESTED_FAILED;\n }\n\n return metadata;\n }\n\n /**\n * Updates the AuthorityMetadataEntity with new aliases, preferred_network and preferred_cache\n * and returns where the information was retrieved from\n * @param metadataEntity\n * @returns AuthorityMetadataSource\n */\n private async updateCloudDiscoveryMetadata(\n metadataEntity: AuthorityMetadataEntity\n ): Promise {\n this.performanceClient?.addQueueMeasurement(\n PerformanceEvents.AuthorityUpdateCloudDiscoveryMetadata,\n this.correlationId\n );\n const localMetadataSource =\n this.updateCloudDiscoveryMetadataFromLocalSources(metadataEntity);\n if (localMetadataSource) {\n return localMetadataSource;\n }\n\n // Fallback to network as metadata source\n const metadata = await invokeAsync(\n this.getCloudDiscoveryMetadataFromNetwork.bind(this),\n PerformanceEvents.AuthorityGetCloudDiscoveryMetadataFromNetwork,\n this.logger,\n this.performanceClient,\n this.correlationId\n )();\n\n if (metadata) {\n CacheHelpers.updateCloudDiscoveryMetadata(\n metadataEntity,\n metadata,\n true\n );\n return AuthorityMetadataSource.NETWORK;\n }\n\n // Metadata could not be obtained from the config, cache, network or hardcoded values\n throw createClientConfigurationError(\n ClientConfigurationErrorCodes.untrustedAuthority\n );\n }\n\n private updateCloudDiscoveryMetadataFromLocalSources(\n metadataEntity: AuthorityMetadataEntity\n ): AuthorityMetadataSource | null {\n this.logger.verbose(\n \"Attempting to get cloud discovery metadata from authority configuration\"\n );\n this.logger.verbosePii(\n `Known Authorities: ${\n this.authorityOptions.knownAuthorities ||\n Constants.NOT_APPLICABLE\n }`\n );\n this.logger.verbosePii(\n `Authority Metadata: ${\n this.authorityOptions.authorityMetadata ||\n Constants.NOT_APPLICABLE\n }`\n );\n this.logger.verbosePii(\n `Canonical Authority: ${\n metadataEntity.canonical_authority || Constants.NOT_APPLICABLE\n }`\n );\n const metadata = this.getCloudDiscoveryMetadataFromConfig();\n if (metadata) {\n this.logger.verbose(\n \"Found cloud discovery metadata in authority configuration\"\n );\n CacheHelpers.updateCloudDiscoveryMetadata(\n metadataEntity,\n metadata,\n false\n );\n return AuthorityMetadataSource.CONFIG;\n }\n\n // If the cached metadata came from config but that config was not passed to this instance, we must go to hardcoded values\n this.logger.verbose(\n \"Did not find cloud discovery metadata in the config... Attempting to get cloud discovery metadata from the hardcoded values.\"\n );\n\n if (this.options.skipAuthorityMetadataCache) {\n this.logger.verbose(\n \"Skipping hardcoded cloud discovery metadata cache since skipAuthorityMetadataCache is set to true. Attempting to get cloud discovery metadata from the network metadata cache.\"\n );\n } else {\n const hardcodedMetadata =\n getCloudDiscoveryMetadataFromHardcodedValues(\n this.hostnameAndPort\n );\n if (hardcodedMetadata) {\n this.logger.verbose(\n \"Found cloud discovery metadata from hardcoded values.\"\n );\n CacheHelpers.updateCloudDiscoveryMetadata(\n metadataEntity,\n hardcodedMetadata,\n false\n );\n return AuthorityMetadataSource.HARDCODED_VALUES;\n }\n\n this.logger.verbose(\n \"Did not find cloud discovery metadata in hardcoded values... Attempting to get cloud discovery metadata from the network metadata cache.\"\n );\n }\n\n const metadataEntityExpired =\n CacheHelpers.isAuthorityMetadataExpired(metadataEntity);\n if (\n this.isAuthoritySameType(metadataEntity) &&\n metadataEntity.aliasesFromNetwork &&\n !metadataEntityExpired\n ) {\n this.logger.verbose(\"Found cloud discovery metadata in the cache.\");\n // No need to update\n return AuthorityMetadataSource.CACHE;\n } else if (metadataEntityExpired) {\n this.logger.verbose(\"The metadata entity is expired.\");\n }\n\n return null;\n }\n\n /**\n * Parse cloudDiscoveryMetadata config or check knownAuthorities\n */\n private getCloudDiscoveryMetadataFromConfig(): CloudDiscoveryMetadata | null {\n // CIAM does not support cloud discovery metadata\n if (this.authorityType === AuthorityType.Ciam) {\n this.logger.verbose(\n \"CIAM authorities do not support cloud discovery metadata, generate the aliases from authority host.\"\n );\n return Authority.createCloudDiscoveryMetadataFromHost(\n this.hostnameAndPort\n );\n }\n\n // Check if network response was provided in config\n if (this.authorityOptions.cloudDiscoveryMetadata) {\n this.logger.verbose(\n \"The cloud discovery metadata has been provided as a network response, in the config.\"\n );\n try {\n this.logger.verbose(\n \"Attempting to parse the cloud discovery metadata.\"\n );\n const parsedResponse = JSON.parse(\n this.authorityOptions.cloudDiscoveryMetadata\n ) as CloudInstanceDiscoveryResponse;\n const metadata = getCloudDiscoveryMetadataFromNetworkResponse(\n parsedResponse.metadata,\n this.hostnameAndPort\n );\n this.logger.verbose(\"Parsed the cloud discovery metadata.\");\n if (metadata) {\n this.logger.verbose(\n \"There is returnable metadata attached to the parsed cloud discovery metadata.\"\n );\n return metadata;\n } else {\n this.logger.verbose(\n \"There is no metadata attached to the parsed cloud discovery metadata.\"\n );\n }\n } catch (e) {\n this.logger.verbose(\n \"Unable to parse the cloud discovery metadata. Throwing Invalid Cloud Discovery Metadata Error.\"\n );\n throw createClientConfigurationError(\n ClientConfigurationErrorCodes.invalidCloudDiscoveryMetadata\n );\n }\n }\n\n // If cloudDiscoveryMetadata is empty or does not contain the host, check knownAuthorities\n if (this.isInKnownAuthorities()) {\n this.logger.verbose(\n \"The host is included in knownAuthorities. Creating new cloud discovery metadata from the host.\"\n );\n return Authority.createCloudDiscoveryMetadataFromHost(\n this.hostnameAndPort\n );\n }\n\n return null;\n }\n\n /**\n * Called to get metadata from network if CloudDiscoveryMetadata was not populated by config\n *\n * @param hasHardcodedMetadata boolean\n */\n private async getCloudDiscoveryMetadataFromNetwork(): Promise {\n this.performanceClient?.addQueueMeasurement(\n PerformanceEvents.AuthorityGetCloudDiscoveryMetadataFromNetwork,\n this.correlationId\n );\n const instanceDiscoveryEndpoint = `${Constants.AAD_INSTANCE_DISCOVERY_ENDPT}${this.canonicalAuthority}oauth2/v2.0/authorize`;\n const options: ImdsOptions = {};\n\n /*\n * TODO: Add a timeout if the authority exists in our library's\n * hardcoded list of metadata\n */\n\n let match = null;\n try {\n const response = await this.networkInterface.sendGetRequestAsync<\n | CloudInstanceDiscoveryResponse\n | CloudInstanceDiscoveryErrorResponse\n >(instanceDiscoveryEndpoint, options);\n let typedResponseBody:\n | CloudInstanceDiscoveryResponse\n | CloudInstanceDiscoveryErrorResponse;\n let metadata: Array;\n if (isCloudInstanceDiscoveryResponse(response.body)) {\n typedResponseBody =\n response.body as CloudInstanceDiscoveryResponse;\n metadata = typedResponseBody.metadata;\n\n this.logger.verbosePii(\n `tenant_discovery_endpoint is: ${typedResponseBody.tenant_discovery_endpoint}`\n );\n } else if (isCloudInstanceDiscoveryErrorResponse(response.body)) {\n this.logger.warning(\n `A CloudInstanceDiscoveryErrorResponse was returned. The cloud instance discovery network request's status code is: ${response.status}`\n );\n\n typedResponseBody =\n response.body as CloudInstanceDiscoveryErrorResponse;\n if (typedResponseBody.error === Constants.INVALID_INSTANCE) {\n this.logger.error(\n \"The CloudInstanceDiscoveryErrorResponse error is invalid_instance.\"\n );\n return null;\n }\n\n this.logger.warning(\n `The CloudInstanceDiscoveryErrorResponse error is ${typedResponseBody.error}`\n );\n this.logger.warning(\n `The CloudInstanceDiscoveryErrorResponse error description is ${typedResponseBody.error_description}`\n );\n\n this.logger.warning(\n \"Setting the value of the CloudInstanceDiscoveryMetadata (returned from the network) to []\"\n );\n metadata = [];\n } else {\n this.logger.error(\n \"AAD did not return a CloudInstanceDiscoveryResponse or CloudInstanceDiscoveryErrorResponse\"\n );\n return null;\n }\n\n this.logger.verbose(\n \"Attempting to find a match between the developer's authority and the CloudInstanceDiscoveryMetadata returned from the network request.\"\n );\n match = getCloudDiscoveryMetadataFromNetworkResponse(\n metadata,\n this.hostnameAndPort\n );\n } catch (error) {\n if (error instanceof AuthError) {\n this.logger.error(\n `There was a network error while attempting to get the cloud discovery instance metadata.\\nError: ${error.errorCode}\\nError Description: ${error.errorMessage}`\n );\n } else {\n const typedError = error as Error;\n this.logger.error(\n `A non-MSALJS error was thrown while attempting to get the cloud instance discovery metadata.\\nError: ${typedError.name}\\nError Description: ${typedError.message}`\n );\n }\n\n return null;\n }\n\n // Custom Domain scenario, host is trusted because Instance Discovery call succeeded\n if (!match) {\n this.logger.warning(\n \"The developer's authority was not found within the CloudInstanceDiscoveryMetadata returned from the network request.\"\n );\n this.logger.verbose(\n \"Creating custom Authority for custom domain scenario.\"\n );\n\n match = Authority.createCloudDiscoveryMetadataFromHost(\n this.hostnameAndPort\n );\n }\n return match;\n }\n\n /**\n * Helper function to determine if this host is included in the knownAuthorities config option\n */\n private isInKnownAuthorities(): boolean {\n const matches = this.authorityOptions.knownAuthorities.filter(\n (authority) => {\n return (\n authority &&\n UrlString.getDomainFromUrl(authority).toLowerCase() ===\n this.hostnameAndPort\n );\n }\n );\n return matches.length > 0;\n }\n\n /**\n * helper function to populate the authority based on azureCloudOptions\n * @param authorityString\n * @param azureCloudOptions\n */\n static generateAuthority(\n authorityString: string,\n azureCloudOptions?: AzureCloudOptions\n ): string {\n let authorityAzureCloudInstance;\n\n if (\n azureCloudOptions &&\n azureCloudOptions.azureCloudInstance !== AzureCloudInstance.None\n ) {\n const tenant = azureCloudOptions.tenant\n ? azureCloudOptions.tenant\n : Constants.DEFAULT_COMMON_TENANT;\n authorityAzureCloudInstance = `${azureCloudOptions.azureCloudInstance}/${tenant}/`;\n }\n\n return authorityAzureCloudInstance\n ? authorityAzureCloudInstance\n : authorityString;\n }\n\n /**\n * Creates cloud discovery metadata object from a given host\n * @param host\n */\n static createCloudDiscoveryMetadataFromHost(\n host: string\n ): CloudDiscoveryMetadata {\n return {\n preferred_network: host,\n preferred_cache: host,\n aliases: [host],\n };\n }\n\n /**\n * helper function to generate environment from authority object\n */\n getPreferredCache(): string {\n if (this.managedIdentity) {\n return Constants.DEFAULT_AUTHORITY_HOST;\n } else if (this.discoveryComplete()) {\n return this.metadata.preferred_cache;\n } else {\n throw createClientAuthError(\n ClientAuthErrorCodes.endpointResolutionError\n );\n }\n }\n\n /**\n * Returns whether or not the provided host is an alias of this authority instance\n * @param host\n */\n isAlias(host: string): boolean {\n return this.metadata.aliases.indexOf(host) > -1;\n }\n\n /**\n * Returns whether or not the provided host is an alias of a known Microsoft authority for purposes of endpoint discovery\n * @param host\n */\n isAliasOfKnownMicrosoftAuthority(host: string): boolean {\n return InstanceDiscoveryMetadataAliases.has(host);\n }\n\n /**\n * Checks whether the provided host is that of a public cloud authority\n *\n * @param authority string\n * @returns bool\n */\n static isPublicCloudAuthority(host: string): boolean {\n return Constants.KNOWN_PUBLIC_CLOUDS.indexOf(host) >= 0;\n }\n\n /**\n * Rebuild the authority string with the region\n *\n * @param host string\n * @param region string\n */\n static buildRegionalAuthorityString(\n host: string,\n region: string,\n queryString?: string\n ): string {\n // Create and validate a Url string object with the initial authority string\n const authorityUrlInstance = new UrlString(host);\n authorityUrlInstance.validateAsUri();\n\n const authorityUrlParts = authorityUrlInstance.getUrlComponents();\n\n let hostNameAndPort = `${region}.${authorityUrlParts.HostNameAndPort}`;\n\n if (this.isPublicCloudAuthority(authorityUrlParts.HostNameAndPort)) {\n hostNameAndPort = `${region}.${Constants.REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX}`;\n }\n\n // Include the query string portion of the url\n const url = UrlString.constructAuthorityUriFromObject({\n ...authorityUrlInstance.getUrlComponents(),\n HostNameAndPort: hostNameAndPort,\n }).urlString;\n\n // Add the query string if a query string was provided\n if (queryString) return `${url}?${queryString}`;\n\n return url;\n }\n\n /**\n * Replace the endpoints in the metadata object with their regional equivalents.\n *\n * @param metadata OpenIdConfigResponse\n * @param azureRegion string\n */\n static replaceWithRegionalInformation(\n metadata: OpenIdConfigResponse,\n azureRegion: string\n ): OpenIdConfigResponse {\n const regionalMetadata = { ...metadata };\n regionalMetadata.authorization_endpoint =\n Authority.buildRegionalAuthorityString(\n regionalMetadata.authorization_endpoint,\n azureRegion\n );\n\n regionalMetadata.token_endpoint =\n Authority.buildRegionalAuthorityString(\n regionalMetadata.token_endpoint,\n azureRegion\n );\n\n if (regionalMetadata.end_session_endpoint) {\n regionalMetadata.end_session_endpoint =\n Authority.buildRegionalAuthorityString(\n regionalMetadata.end_session_endpoint,\n azureRegion\n );\n }\n\n return regionalMetadata;\n }\n\n /**\n * Transform CIAM_AUTHORIY as per the below rules:\n * If no path segments found and it is a CIAM authority (hostname ends with .ciamlogin.com), then transform it\n *\n * NOTE: The transformation path should go away once STS supports CIAM with the format: `tenantIdorDomain.ciamlogin.com`\n * `ciamlogin.com` can also change in the future and we should accommodate the same\n *\n * @param authority\n */\n static transformCIAMAuthority(authority: string): string {\n let ciamAuthority = authority;\n const authorityUrl = new UrlString(authority);\n const authorityUrlComponents = authorityUrl.getUrlComponents();\n\n // check if transformation is needed\n if (\n authorityUrlComponents.PathSegments.length === 0 &&\n authorityUrlComponents.HostNameAndPort.endsWith(\n Constants.CIAM_AUTH_URL\n )\n ) {\n const tenantIdOrDomain =\n authorityUrlComponents.HostNameAndPort.split(\".\")[0];\n ciamAuthority = `${ciamAuthority}${tenantIdOrDomain}${Constants.AAD_TENANT_DOMAIN_SUFFIX}`;\n }\n\n return ciamAuthority;\n }\n}\n\n/**\n * Extract tenantId from authority\n */\nexport function getTenantFromAuthorityString(\n authority: string\n): string | undefined {\n const authorityUrl = new UrlString(authority);\n const authorityUrlComponents = authorityUrl.getUrlComponents();\n /**\n * For credential matching purposes, tenantId is the last path segment of the authority URL:\n * AAD Authority - domain/tenantId -> Credentials are cached with realm = tenantId\n * B2C Authority - domain/{tenantId}?/.../policy -> Credentials are cached with realm = policy\n * tenantId is downcased because B2C policies can have mixed case but tfp claim is downcased\n *\n * Note that we may not have any path segments in certain OIDC scenarios.\n */\n const tenantId =\n authorityUrlComponents.PathSegments.slice(-1)[0]?.toLowerCase();\n\n switch (tenantId) {\n case AADAuthorityConstants.COMMON:\n case AADAuthorityConstants.ORGANIZATIONS:\n case AADAuthorityConstants.CONSUMERS:\n return undefined;\n default:\n return tenantId;\n }\n}\n\nexport function formatAuthorityUri(authorityUri: string): string {\n return authorityUri.endsWith(Constants.FORWARD_SLASH)\n ? authorityUri\n : `${authorityUri}${Constants.FORWARD_SLASH}`;\n}\n\nexport function buildStaticAuthorityOptions(\n authOptions: Partial\n): StaticAuthorityOptions {\n const rawCloudDiscoveryMetadata = authOptions.cloudDiscoveryMetadata;\n let cloudDiscoveryMetadata: CloudInstanceDiscoveryResponse | undefined =\n undefined;\n if (rawCloudDiscoveryMetadata) {\n try {\n cloudDiscoveryMetadata = JSON.parse(rawCloudDiscoveryMetadata);\n } catch (e) {\n throw createClientConfigurationError(\n ClientConfigurationErrorCodes.invalidCloudDiscoveryMetadata\n );\n }\n }\n return {\n canonicalAuthority: authOptions.authority\n ? formatAuthorityUri(authOptions.authority)\n : undefined,\n knownAuthorities: authOptions.knownAuthorities,\n cloudDiscoveryMetadata: cloudDiscoveryMetadata,\n };\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\n/**\n * Tenant Discovery Response which contains the relevant OAuth endpoints and data needed for authentication and authorization.\n */\nexport type OpenIdConfigResponse = {\n authorization_endpoint: string;\n token_endpoint: string;\n end_session_endpoint?: string;\n issuer: string;\n jwks_uri: string;\n};\n\nexport function isOpenIdConfigResponse(response: object): boolean {\n return (\n response.hasOwnProperty(\"authorization_endpoint\") &&\n response.hasOwnProperty(\"token_endpoint\") &&\n response.hasOwnProperty(\"issuer\") &&\n response.hasOwnProperty(\"jwks_uri\")\n );\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { CloudDiscoveryMetadata } from \"./CloudDiscoveryMetadata.js\";\n\n/**\n * The OpenID Configuration Endpoint Response type. Used by the authority class to get relevant OAuth endpoints.\n */\nexport type CloudInstanceDiscoveryResponse = {\n tenant_discovery_endpoint: string;\n metadata: Array;\n};\n\nexport function isCloudInstanceDiscoveryResponse(response: object): boolean {\n return (\n response.hasOwnProperty(\"tenant_discovery_endpoint\") &&\n response.hasOwnProperty(\"metadata\")\n );\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\n/**\n * The OpenID Configuration Endpoint Response type. Used by the authority class to get relevant OAuth endpoints.\n */\nexport type CloudInstanceDiscoveryErrorResponse = {\n error: String;\n error_description: String;\n error_codes?: Array;\n timestamp?: String;\n trace_id?: String;\n correlation_id?: String;\n error_uri?: String;\n};\n\nexport function isCloudInstanceDiscoveryErrorResponse(\n response: object\n): boolean {\n return (\n response.hasOwnProperty(\"error\") &&\n response.hasOwnProperty(\"error_description\")\n );\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { Authority, formatAuthorityUri } from \"./Authority.js\";\nimport { INetworkModule } from \"../network/INetworkModule.js\";\nimport {\n createClientAuthError,\n ClientAuthErrorCodes,\n} from \"../error/ClientAuthError.js\";\nimport { ICacheManager } from \"../cache/interface/ICacheManager.js\";\nimport { AuthorityOptions } from \"./AuthorityOptions.js\";\nimport { Logger } from \"../logger/Logger.js\";\nimport { IPerformanceClient } from \"../telemetry/performance/IPerformanceClient.js\";\nimport { PerformanceEvents } from \"../telemetry/performance/PerformanceEvent.js\";\nimport { invokeAsync } from \"../utils/FunctionWrappers.js\";\n\n/**\n * Create an authority object of the correct type based on the url\n * Performs basic authority validation - checks to see if the authority is of a valid type (i.e. aad, b2c, adfs)\n *\n * Also performs endpoint discovery.\n *\n * @param authorityUri\n * @param networkClient\n * @param protocolMode\n * @internal\n */\nexport async function createDiscoveredInstance(\n authorityUri: string,\n networkClient: INetworkModule,\n cacheManager: ICacheManager,\n authorityOptions: AuthorityOptions,\n logger: Logger,\n correlationId: string,\n performanceClient?: IPerformanceClient\n): Promise {\n performanceClient?.addQueueMeasurement(\n PerformanceEvents.AuthorityFactoryCreateDiscoveredInstance,\n correlationId\n );\n const authorityUriFinal = Authority.transformCIAMAuthority(\n formatAuthorityUri(authorityUri)\n );\n\n // Initialize authority and perform discovery endpoint check.\n const acquireTokenAuthority: Authority = new Authority(\n authorityUriFinal,\n networkClient,\n cacheManager,\n authorityOptions,\n logger,\n correlationId,\n performanceClient\n );\n\n try {\n await invokeAsync(\n acquireTokenAuthority.resolveEndpointsAsync.bind(\n acquireTokenAuthority\n ),\n PerformanceEvents.AuthorityResolveEndpointsAsync,\n logger,\n performanceClient,\n correlationId\n )();\n return acquireTokenAuthority;\n } catch (e) {\n throw createClientAuthError(\n ClientAuthErrorCodes.endpointResolutionError\n );\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { Logger } from \"../logger/Logger.js\";\nimport { UrlString } from \"../url/UrlString.js\";\nimport { AuthorityMetadataSource } from \"../utils/Constants.js\";\nimport { StaticAuthorityOptions } from \"./AuthorityOptions.js\";\nimport { CloudDiscoveryMetadata } from \"./CloudDiscoveryMetadata.js\";\nimport { CloudInstanceDiscoveryResponse } from \"./CloudInstanceDiscoveryResponse.js\";\nimport { OpenIdConfigResponse } from \"./OpenIdConfigResponse.js\";\n\ntype RawMetadata = {\n endpointMetadata: { [key: string]: OpenIdConfigResponse };\n instanceDiscoveryMetadata: CloudInstanceDiscoveryResponse;\n};\n\nexport const rawMetdataJSON: RawMetadata = {\n endpointMetadata: {\n \"login.microsoftonline.com\": {\n token_endpoint:\n \"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token\",\n jwks_uri:\n \"https://login.microsoftonline.com/{tenantid}/discovery/v2.0/keys\",\n issuer: \"https://login.microsoftonline.com/{tenantid}/v2.0\",\n authorization_endpoint:\n \"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/authorize\",\n end_session_endpoint:\n \"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/logout\",\n },\n \"login.chinacloudapi.cn\": {\n token_endpoint:\n \"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/token\",\n jwks_uri:\n \"https://login.chinacloudapi.cn/{tenantid}/discovery/v2.0/keys\",\n issuer: \"https://login.partner.microsoftonline.cn/{tenantid}/v2.0\",\n authorization_endpoint:\n \"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/authorize\",\n end_session_endpoint:\n \"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/logout\",\n },\n \"login.microsoftonline.us\": {\n token_endpoint:\n \"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/token\",\n jwks_uri:\n \"https://login.microsoftonline.us/{tenantid}/discovery/v2.0/keys\",\n issuer: \"https://login.microsoftonline.us/{tenantid}/v2.0\",\n authorization_endpoint:\n \"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/authorize\",\n end_session_endpoint:\n \"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/logout\",\n },\n },\n instanceDiscoveryMetadata: {\n tenant_discovery_endpoint:\n \"https://{canonicalAuthority}/v2.0/.well-known/openid-configuration\",\n metadata: [\n {\n preferred_network: \"login.microsoftonline.com\",\n preferred_cache: \"login.windows.net\",\n aliases: [\n \"login.microsoftonline.com\",\n \"login.windows.net\",\n \"login.microsoft.com\",\n \"sts.windows.net\",\n ],\n },\n {\n preferred_network: \"login.partner.microsoftonline.cn\",\n preferred_cache: \"login.partner.microsoftonline.cn\",\n aliases: [\n \"login.partner.microsoftonline.cn\",\n \"login.chinacloudapi.cn\",\n ],\n },\n {\n preferred_network: \"login.microsoftonline.de\",\n preferred_cache: \"login.microsoftonline.de\",\n aliases: [\"login.microsoftonline.de\"],\n },\n {\n preferred_network: \"login.microsoftonline.us\",\n preferred_cache: \"login.microsoftonline.us\",\n aliases: [\n \"login.microsoftonline.us\",\n \"login.usgovcloudapi.net\",\n ],\n },\n {\n preferred_network: \"login-us.microsoftonline.com\",\n preferred_cache: \"login-us.microsoftonline.com\",\n aliases: [\"login-us.microsoftonline.com\"],\n },\n ],\n },\n};\n\nexport const EndpointMetadata = rawMetdataJSON.endpointMetadata;\nexport const InstanceDiscoveryMetadata =\n rawMetdataJSON.instanceDiscoveryMetadata;\n\nexport const InstanceDiscoveryMetadataAliases: Set = new Set();\nInstanceDiscoveryMetadata.metadata.forEach(\n (metadataEntry: CloudDiscoveryMetadata) => {\n metadataEntry.aliases.forEach((alias: string) => {\n InstanceDiscoveryMetadataAliases.add(alias);\n });\n }\n);\n\n/**\n * Attempts to get an aliases array from the static authority metadata sources based on the canonical authority host\n * @param staticAuthorityOptions\n * @param logger\n * @returns\n */\nexport function getAliasesFromStaticSources(\n staticAuthorityOptions: StaticAuthorityOptions,\n logger?: Logger\n): string[] {\n let staticAliases: string[] | undefined;\n const canonicalAuthority = staticAuthorityOptions.canonicalAuthority;\n if (canonicalAuthority) {\n const authorityHost = new UrlString(\n canonicalAuthority\n ).getUrlComponents().HostNameAndPort;\n staticAliases =\n getAliasesFromMetadata(\n authorityHost,\n staticAuthorityOptions.cloudDiscoveryMetadata?.metadata,\n AuthorityMetadataSource.CONFIG,\n logger\n ) ||\n getAliasesFromMetadata(\n authorityHost,\n InstanceDiscoveryMetadata.metadata,\n AuthorityMetadataSource.HARDCODED_VALUES,\n logger\n ) ||\n staticAuthorityOptions.knownAuthorities;\n }\n\n return staticAliases || [];\n}\n\n/**\n * Returns aliases for from the raw cloud discovery metadata passed in\n * @param authorityHost\n * @param rawCloudDiscoveryMetadata\n * @returns\n */\nexport function getAliasesFromMetadata(\n authorityHost?: string,\n cloudDiscoveryMetadata?: CloudDiscoveryMetadata[],\n source?: AuthorityMetadataSource,\n logger?: Logger\n): string[] | null {\n logger?.trace(`getAliasesFromMetadata called with source: ${source}`);\n if (authorityHost && cloudDiscoveryMetadata) {\n const metadata = getCloudDiscoveryMetadataFromNetworkResponse(\n cloudDiscoveryMetadata,\n authorityHost\n );\n\n if (metadata) {\n logger?.trace(\n `getAliasesFromMetadata: found cloud discovery metadata in ${source}, returning aliases`\n );\n return metadata.aliases;\n } else {\n logger?.trace(\n `getAliasesFromMetadata: did not find cloud discovery metadata in ${source}`\n );\n }\n }\n\n return null;\n}\n\n/**\n * Get cloud discovery metadata for common authorities\n */\nexport function getCloudDiscoveryMetadataFromHardcodedValues(\n authorityHost: string\n): CloudDiscoveryMetadata | null {\n const metadata = getCloudDiscoveryMetadataFromNetworkResponse(\n InstanceDiscoveryMetadata.metadata,\n authorityHost\n );\n return metadata;\n}\n\n/**\n * Searches instance discovery network response for the entry that contains the host in the aliases list\n * @param response\n * @param authority\n */\nexport function getCloudDiscoveryMetadataFromNetworkResponse(\n response: CloudDiscoveryMetadata[],\n authorityHost: string\n): CloudDiscoveryMetadata | null {\n for (let i = 0; i < response.length; i++) {\n const metadata = response[i];\n if (metadata.aliases.includes(authorityHost)) {\n return metadata;\n }\n }\n\n return null;\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { ProtocolMode } from \"./ProtocolMode.js\";\nimport { OIDCOptions } from \"./OIDCOptions.js\";\nimport { AzureRegionConfiguration } from \"./AzureRegionConfiguration.js\";\nimport { CloudInstanceDiscoveryResponse } from \"./CloudInstanceDiscoveryResponse.js\";\n\nexport type AuthorityOptions = {\n protocolMode: ProtocolMode;\n OIDCOptions?: OIDCOptions | null;\n knownAuthorities: Array;\n cloudDiscoveryMetadata: string;\n authorityMetadata: string;\n skipAuthorityMetadataCache?: boolean;\n azureRegionConfiguration?: AzureRegionConfiguration;\n authority?: string;\n};\n\nexport type StaticAuthorityOptions = Partial<\n Pick\n> & {\n canonicalAuthority?: string;\n cloudDiscoveryMetadata?: CloudInstanceDiscoveryResponse;\n};\n\nexport const AzureCloudInstance = {\n // AzureCloudInstance is not specified.\n None: \"none\",\n\n // Microsoft Azure public cloud\n AzurePublic: \"https://login.microsoftonline.com\",\n\n // Microsoft PPE\n AzurePpe: \"https://login.windows-ppe.net\",\n\n // Microsoft Chinese national/regional cloud\n AzureChina: \"https://login.chinacloudapi.cn\",\n\n // Microsoft German national/regional cloud (\"Black Forest\")\n AzureGermany: \"https://login.microsoftonline.de\",\n\n // US Government cloud\n AzureUsGovernment: \"https://login.microsoftonline.us\",\n} as const;\nexport type AzureCloudInstance =\n (typeof AzureCloudInstance)[keyof typeof AzureCloudInstance];\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\n/**\n * Authority types supported by MSAL.\n */\nexport const AuthorityType = {\n Default: 0,\n Adfs: 1,\n Dsts: 2,\n Ciam: 3,\n} as const;\nexport type AuthorityType = (typeof AuthorityType)[keyof typeof AuthorityType];\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\n/**\n * Protocol modes supported by MSAL.\n */\nexport const ProtocolMode = {\n AAD: \"AAD\",\n OIDC: \"OIDC\",\n} as const;\nexport type ProtocolMode = (typeof ProtocolMode)[keyof typeof ProtocolMode];\n"],"names":["PerformanceClient","BaseInteractionClient","constructor","config","storageImpl","browserCrypto","logger","eventHandler","navigationClient","performanceClient","nativeMessageHandler","correlationId","this","browserStorage","networkClient","system","createNewGuid","clone","BrowserConstants","MSAL_SKU","version","clearCacheOnLogout","account","AccountEntity","accountInfoIsEqual","getActiveAccount","verbose","setActiveAccount","removeAccount","generateAccountCacheKey","error","clear","clearKeystore","e","getRedirectUri","requestRedirectUri","redirectUri","auth","UrlString","getAbsoluteUrl","getCurrentUri","initializeServerTelemetryManager","apiId","forceRefresh","telemetryPayload","clientId","wrapperSKU","getWrapperMetadata","wrapperVer","ServerTelemetryManager","getDiscoveredAuthority","params","instanceAwareEQ","requestExtraQueryParameters","hasOwnProperty","undefined","addQueueMeasurement","PerformanceEvents","StandardInteractionClientGetDiscoveredAuthority","authorityOptions","protocolMode","OIDCOptions","knownAuthorities","cloudDiscoveryMetadata","authorityMetadata","skipAuthorityMetadataCache","resolvedAuthority","requestAuthority","authority","resolvedInstanceAware","length","instanceAware","userAuthority","replace","getDomainFromUrl","environment","builtAuthority","Authority","generateAuthority","requestAzureCloudOptions","azureCloudOptions","discoveredAuthority","invokeAsync","AuthorityFactory","AuthorityFactoryCreateDiscoveredInstance","isAlias","createClientConfigurationError","ClientConfigurationErrorCodes","NativeInteractionClient","provider","accountId","nativeStorageImpl","_this$nativeMessageHa","super","nativeStorageManager","silentCacheClient","SilentCacheClient","serverTelemetryManager","extensionName","getExtensionId","NativeConstants","PREFERRED_EXTENSION_ID","skus","makeExtraSkuString","libraryName","libraryVersion","extensionVersion","getExtensionVersion","addRequestSKUs","request","extraParameters","_objectSpread","AADServerParamKeys","acquireToken","NativeInteractionClientAcquireToken","trace","nativeATMeasurement","startMeasurement","reqTimestamp","TimeUtils","nativeRequest","initializeNativeRequest","result","acquireTokensFromCache","end","success","isNativeBroker","fromCache","info","nativeTokenRequest","Object","assign","_objectDestructuringEmpty","messageBody","method","NativeExtensionMethod","GetToken","response","sendMessage","validatedResponse","validateNativeResponse","handleNativeResponse","then","requestId","clearNativeBrokerErrorCode","catch","errorCode","subErrorCode","subError","NativeAuthError","setNativeBrokerErrorCode","createSilentCacheRequest","cachedAccount","scopes","ScopeSet","fromString","scope","asArray","nativeAccountId","warning","createClientAuthError","ClientAuthErrorCodes","getBaseAccountInfo","silentRequest","fullAccount","idTokenClaims","idToken","acquireTokenRedirect","rootMeasurement","remainingParameters","onRedirectNavigate","isFatalNativeAuthError","setTemporaryCache","TemporaryCacheKeys","NATIVE_REQUEST","JSON","stringify","navigationOptions","ApiId","timeout","redirectNavigationTimeout","noHistory","navigateToLoginRequestUrl","window","location","href","navigateExternal","handleRedirectPromise","isInteractionInProgress","cachedRequest","getCachedNativeRequest","addFields","prompt","_objectWithoutProperties","_excluded","removeItem","generateCacheKey","setInteractionInProgress","res","logout","Promise","reject","_this$browserStorage$","AuthToken","id_token","base64Decode","homeAccountIdentifier","createHomeAccountIdentifier","getAccountInfoFilteredBy","homeAccountId","id","createNativeAuthError","userSwitch","baseAccount","buildAccountToCache","client_info","tid","generateAuthenticationResult","canonicalAuthority","cacheAccount","cacheNativeTokens","access_token","tenantId","generateHomeAccountId","Constants","EMPTY_STRING","AuthorityType","Default","generateScopes","generatePopAccessToken","tokenType","AuthenticationScheme","POP","signPopToken","shr","popTokenGenerator","PopTokenGenerator","shrParameters","resourceRequestMethod","resourceRequestUri","shrClaims","shrNonce","keyId","accountEntity","mats","addTelemetryFromNativeResponse","responseScopes","accountProperties","properties","uid","oid","sub","accountInfo","updateAccountTenantProfileData","getAccountInfo","responseAccessToken","BEARER","uniqueId","accessToken","isResponseFromCache","expiresOn","Date","Number","expires_in","state","fromNativeBroker","setAccount","removeAccountContext","concat","cachedIdToken","CacheHelpers","tokenExpirationSeconds","SHR_NONCE_VALIDITY","parseInt","nativeCacheRecord","printScopes","saveCacheRecord","storeInCache","getMATSFromResponse","extensionId","matsBrokerVersion","broker_version","matsAccountJoinOnStart","account_join_on_start","matsAccountJoinOnEnd","account_join_on_end","matsDeviceJoin","device_join","matsPromptBehavior","prompt_behavior","matsApiErrorCode","api_error_code","matsUiVisible","ui_visible","matsSilentCode","silent_code","matsSilentBiSubCode","silent_bi_sub_code","matsSilentMessage","silent_message","matsSilentStatus","silent_status","matsHttpStatus","http_status","matsHttpEventCount","http_event_count","createAuthError","AuthErrorCodes","MATS","parse","is_cached","validateAsUri","remainingProperties","_excluded2","scopeSet","appendScopes","OIDC_DEFAULT_SCOPES","validatedRequest","urlString","getPrompt","ssoSilent","acquireTokenSilent_silentFlow","PromptValue","NONE","CONSENT","LOGIN","createBrowserAuthError","nativePromptNotSupported","authenticationScheme","windowTitleSubstring","document","title","extraQueryParameters","tokenQueryParameters","extendedExpiryToken","popKid","invalidPopTokenRequest","handleExtraBrokerParams","telemetry","MATS_TELEMETRY","reqCnfData","base64UrlEncode","kid","generatedReqCnfData","generateCnf","bind","PopTokenGenerateCnf","reqCnfString","reqCnf","_this$performanceClie","hasExtraBrokerParams","embeddedClientId","child_client_id","child_redirect_uri","embeddedRedirectUri","PopupClient","StandardInteractionClient","unloadWindow","nativeStorage","_request$popupWindowP","popupParams","popupName","generatePopupName","popupWindowAttributes","popupWindowParent","asyncPopups","acquireTokenPopupAsync","popup","openSizedPopup","logoutRequest","_logoutRequest$popupW","validLogoutRequest","initializeLogoutRequest","generateLogoutPopupName","mainWindowRedirectUri","logoutPopupAsync","acquireTokenPopup","validRequest","initializeAuthorizationRequest","StandardInteractionClientInitializeAuthorizationRequest","InteractionType","Popup","preconnect","authCodeRequest","initializeAuthorizationCodeRequest","StandardInteractionClientInitializeAuthorizationCodeRequest","authClient","createAuthCodeClient","StandardInteractionClientCreateAuthCodeClient","NativeMessageHandler","isNativeAvailable","fetchNativeAccountIdMeasurement","FetchAccountIdWithNativeBroker","navigateUrl","getAuthCodeUrl","nativeBroker","interactionHandler","InteractionHandler","popupWindow","initiateAuthRequest","emitEvent","EventType","POPUP_OPENED","responseString","monitorPopupForHash","serverParams","invoke","deserializeResponse","DeserializeResponse","serverResponseType","ThrottlingUtils","removeThrottle","nativeConnectionNotEstablished","nativeInteractionClient","userRequestState","ProtocolUtils","parseRequestState","handleCodeResponse","_popupParams$popup","close","AuthError","setCorrelationId","cacheFailedRequest","LOGOUT_START","logoutPopup","endSessionEndpoint","_unused","_validRequest$account","postLogoutRedirectUri","ProtocolMode","OIDC","_validRequest$account2","_popupParams$popup2","LOGOUT_SUCCESS","absoluteUrl","navigateInternal","logoutUri","getLogoutUri","openPopup","verbosePii","_popupParams$popup3","LOGOUT_FAILURE","LOGOUT_END","requestUrl","infoPii","emptyNavigateUri","resolve","intervalId","setInterval","closed","clearInterval","userCancelled","responseType","ServerResponseType","QUERY","search","hash","pollIntervalMilliseconds","finally","cleanPopup","urlNavigate","emptyWindowError","focus","currentWindow","addEventListener","message","popupWindowError","_ref","_popupWindowAttribute","_popupWindowAttribute2","_popupWindowAttribute3","_popupWindowAttribute4","winLeft","screenLeft","screenX","winTop","screenTop","screenY","winWidth","innerWidth","documentElement","clientWidth","body","winHeight","innerHeight","clientHeight","width","popupSize","height","top","popupPosition","left","POPUP_WIDTH","POPUP_HEIGHT","Math","max","open","cleanRequestByInteractionType","preventDefault","removeEventListener","POPUP_NAME_PREFIX","join","RedirectHandler","authCodeModule","authModule","redirectStartPage","ORIGIN_URI","CORRELATION_ID","cacheCodeRequest","redirectTimeout","stateKey","generateStateKey","requestState","getTemporaryCache","authCodeResponse","handleFragmentResponse","ServerError","nonceKey","generateNonceKey","cachedNonce","code","cloud_instance_host_name","updateAuthority","UpdateTokenEndpointAuthority","nonce","clientInfo","cachedCcsCred","checkCcsCredentials","ccsCredential","tokenResponse","cleanRequestByState","CCS_CREDENTIAL","errorPii","RedirectClient","Redirect","updateCacheEntries","loginHint","handleBackButton","event","persisted","RESTORE_FROM_BFCACHE","getRedirectStartPage","arguments","parentMeasurement","getRedirectResponse","performance","getEntriesByType","navigationEntries","navigation","type","getNavigationType","loginRequestUrl","loginRequestUrlNormalized","removeHashFromUrl","indexOf","replaceHash","handleResponse","isInIframe","allowRedirectInIframe","URL_HASH","processHashOnRedirect","homepage","getHomepage","userProvidedResponse","UrlUtils","validateInteractionType","errorMessage","clearHash","cachedHash","noStateInHash","getCachedRequest","currentAuthority","getCachedAuthority","noCachedAuthorityError","_validLogoutRequest$a","_validLogoutRequest$a2","getInteractionInProgress","requestStartPage","HybridSpaAuthorizationCodeClient","AuthorizationCodeClient","includeRedirectUri","SilentAuthCodeClient","authCodeRequired","Silent","clientConfig","getClientConfiguration","StandardInteractionClientGetClientConfiguration","handleCodeResponseFromServer","HandleCodeResponseFromServer","msgraph_host","msGraphHost","cloud_graph_host_name","cloudGraphHostName","cloudInstanceHostName","silentLogoutUnsupported","SilentCacheClientAcquireToken","silentAuthClient","SilentFlowClient","authResponse","acquireCachedToken","SilentFlowClientAcquireCachedToken","BrowserAuthError","cryptoKeyNotFound","async","navigateFrameWait","SilentHandlerInitiateAuthRequest","loadFrame","SilentHandlerLoadFrame","loadFrameSync","SilentHandlerLoadFrameSync","monitorIframeForHash","iframe","SilentHandlerMonitorIframeForHash","DEFAULT_IFRAME_TIMEOUT_MS","timeoutId","setTimeout","monitorWindowTimeout","contentWindow","clearTimeout","removeHiddenIframe","RemoveHiddenIframe","frameHandle","createHiddenIframe","src","authFrame","createElement","className","style","visibility","position","border","setAttribute","appendChild","parentNode","removeChild","SilentIframeClient","SilentIframeClientAcquireToken","sid","username","inputRequest","NO_SESSION","silentTokenHelper","SilentIframeClientTokenHelper","INVALID_GRANT_ERROR","retryError","retrySilentRequest","GetAuthCodeUrl","msalFrame","iframeHashTimeout","HandleCodeResponse","SilentRefreshClient","SilentRefreshClientAcquireToken","baseRequest","initializeBaseRequest","InitializeBaseRequest","refreshTokenClient","createRefreshTokenClient","authorityUrl","acquireTokenByRefreshToken","RefreshTokenClientAcquireTokenByRefreshToken","RefreshTokenClient","generatedPkceParams","generatePkceCodes","GeneratePkceCodes","codeVerifier","verifier","codeChallenge","challenge","codeChallengeMethod","S256_CODE_CHALLENGE_METHOD","logoutHint","getLogoutHintFromIdTokenClaims","login_hint","loggerOptions","authOptions","clientCapabilities","systemOptions","tokenRenewalOffsetSeconds","preventCorsPreflight","loggerCallback","piiLoggingEnabled","logLevel","cacheOptions","claimsBasedCachingEnabled","cache","cryptoInterface","networkInterface","storageInterface","libraryInfo","sku","cpu","os","interactionType","browserState","setRequestState","responseMode","legacyLoginHint","getLegacyLoginHint","validateNonce","ccsCred","createCcsCredentials","AuthClientAcquireToken","credential","CcsCredentialType","HOME_ACCOUNT_ID","UPN","BridgeStatusCode","UserInteractionRequired","UserCancel","NoNetwork","TransientError","PersistentError","Disabled","AccountUnavailable","NestedAppAuthUnavailable","NavigationClient","url","options","defaultNavigateWindow","FetchClient","sendGetRequestAsync","responseHeaders","responseStatus","reqHeaders","getFetchHeaders","fetch","HTTP_REQUEST_TYPE","GET","headers","navigator","onLine","getRequestFailed","noNetworkConnectivity","getHeaderDict","status","json","createNetworkError","failedToParseResponse","sendPostRequestAsync","reqBody","POST","postRequestFailed","Headers","optionsHeaders","entries","forEach","key","value","append","failedToBuildHeaders","headerDict","failedToParseHeaders","BaseOperatingContext","level","LogLevel","Error","Info","Verbose","Warning","_sessionStorage","_sessionStorage2","sessionStorage","browserEnvironment","buildConfiguration","BrowserCacheLocation","SessionStorage","logLevelKey","getItem","LOG_LEVEL_CACHE_KEY","piiLoggingKey","LOG_PII_CACHE_KEY","toLowerCase","keys","includes","Logger","name","available","getConfig","getLogger","isAvailable","isBrowserEnvironment","BridgeProxy","initializeNestedAppAuthBridge","nestedAppAuthBridge","responsePayload","data","responseEnvelope","bridgeRequests","find","element","splice","bridgeResponse","buildRequest","push","postMessage","validateBridgeResultOrThrow","initContext","console","log","getTokenInteractive","getToken","getTokenSilent","requestType","sendRequest","tokenParams","token","getHostCapabilities","_this$capabilities","capabilities","getAccountContext","accountContext","requestParams","messageType","sendTime","now","clientLibrary","clientLibraryVersion","input","sdkName","sdkVersion","create","NestedAppOperatingContext","bridgeProxy","getModuleName","MODULE_NAME","getId","ID","getBridgeProxy","initialize","__initializeNestedAppAuth","ex","StandardOperatingContext","UnknownOperatingContext","SSH","sshJwk","sshKid","claims","StringUtils","isEmptyObj","requestedClaimsHash","hashString","initializeSilentRequest","InitializeSilentRequest","responseLocation","hashDoesNotContainKnownProperties","hashEmptyError","platformStateObj","extractBrowserRequestState","unableToParseState","stateInteractionTypeMismatch","BrowserPerformanceMeasurement","measureName","makeMeasureName","startMark","makeStartMark","endMark","makeEndMark","supportsBrowserPerformance","mark","measure","clearMarks","clearMeasures","getEntriesByName","flushMeasurements","measurements","measurement","endMeasurement","flushMeasurement","entriesForMeasurement","durationMs","duration","INTERACTION_IN_PROGRESS_VALUE","DEFAULT_POLL_INTERVAL_MS","CHANNEL_ID","HandshakeRequest","HandshakeResponse","Response","LocalStorage","MemoryStorage","AUTHORITY","ACQUIRE_TOKEN_ACCOUNT","SESSION_STATE","REQUEST_STATE","NONCE_IDTOKEN","RENEW_STATUS","REQUEST_PARAMS","SCOPES","INTERACTION_STATUS_KEY","REDIRECT_CONTEXT","StaticCacheKeys","ACCOUNT_KEYS","TOKEN_KEYS","InMemoryCacheKeys","WRAPPER_SKU","WRAPPER_VER","acquireTokenSilent_authCode","acquireTokenByCode","InteractionStatus","Startup","Login","Logout","AcquireToken","SsoSilent","HandleRedirect","None","DEFAULT_REQUEST","KEY_FORMAT_JWK","WrapperSKU","React","Angular","DB_NAME","DB_VERSION","DB_TABLE_NAME","CacheLookupPolicy","AccessToken","AccessTokenAndRefreshToken","RefreshToken","RefreshTokenAndNetwork","Skip","iFrameRenewalPolicies","BROWSER_PERF_ENABLED_KEY","libraryState","meta","history","replaceState","origin","pathname","urlParts","split","shift","parent","urlComponents","getUrlComponents","Protocol","HostNameAndPort","blockAcquireTokenInPopups","opener","blockNestedPopups","blockNonBrowserEnvironment","nonBrowserEnvironment","blockAPICallsBeforeInitialize","initialized","uninitializedPublicClientApplication","preflightCheck","hashContainsKnownProperties","blockIframeReload","blockReloadInHiddenIframes","redirectPreflightCheck","redirectInIframe","blockRedirectInIframe","cacheLocation","storeAuthStateInCookie","createBrowserConfigurationAuthError","inMemRedirectUnavailable","link","rel","URL","crossOrigin","head","createGuid","tenantIdMatchesHomeTenant","buildTenantProfile","localAccountId","tfp","acr","isHomeTenant","baseAccountInfo","tenantProfile","idTokenSecret","updatedAccountInfo","tenantProfileOverride","_buildTenantProfile","claimsSourcedTenantProfile","extractTokenClaims","encodedToken","jswPayload","getJWSPayload","base64Decoded","err","tokenParsingError","authToken","nullOrEmptyToken","matches","exec","checkMaxAge","authTime","maxAge","maxAgeTranspired","buildClientInfo","rawClientInfo","clientInfoEmptyError","decodedClientInfo","clientInfoDecodingError","buildClientInfoFromHomeAccountId","clientInfoParts","Separators","CLIENT_INFO_SEPARATOR","utid","getTenantIdFromIdTokenClaims","RegionDiscovery","detectRegion","environmentRegion","regionDiscoveryMetadata","RegionDiscoveryDetectRegion","autodetectedRegionName","region_source","RegionDiscoverySources","ENVIRONMENT_VARIABLE","IMDS_OPTIONS","localIMDSVersionResponse","getRegionFromIMDS","RegionDiscoveryGetRegionFromIMDS","IMDS_VERSION","ResponseCodes","httpSuccess","IMDS","httpBadRequest","currentIMDSVersion","getCurrentVersion","RegionDiscoveryGetCurrentVersion","FAILED_AUTO_DETECTION","currentIMDSVersionResponse","_this$performanceClie2","IMDS_ENDPOINT","IMDS_TIMEOUT","_this$performanceClie3","Metadata","cacheManager","managedIdentity","_canonicalAuthority","region_used","region_outcome","regionDiscovery","getAuthorityType","authorityUri","endsWith","CIAM_AUTH_URL","Ciam","pathSegments","PathSegments","ADFS","Adfs","DSTS","Dsts","authorityType","canonicalAuthorityUrlComponents","_canonicalAuthorityUrlComponents","hostnameAndPort","tenant","authorizationEndpoint","discoveryComplete","replacePath","metadata","authorization_endpoint","endpointResolutionError","tokenEndpoint","token_endpoint","deviceCodeEndpoint","end_session_endpoint","endSessionEndpointNotSupported","selfSignedJwtAudience","issuer","jwksUri","jwks_uri","canReplaceTenant","reservedTenantDomains","has","AAD","replaceTenant","endpoint","cachedAuthorityUrlComponents","canonical_authority","cachedAuthorityParts","currentPart","index","cachedPart","defaultOpenIdConfigurationEndpoint","canonicalAuthorityHost","isAliasOfKnownMicrosoftAuthority","resolveEndpointsAsync","AuthorityResolveEndpointsAsync","metadataEntity","getCurrentMetadataEntity","cloudDiscoverySource","updateCloudDiscoveryMetadata","AuthorityUpdateCloudDiscoveryMetadata","preferred_network","endpointSource","updateEndpointMetadata","AuthorityUpdateEndpointMetadata","updateCachedMetadata","source","authorityEndpointSource","getAuthorityMetadataByAlias","aliases","preferred_cache","aliasesFromNetwork","endpointsFromNetwork","expiresAt","generateAuthorityMetadataExpiresAt","endpointMetadataResult","AuthorityMetadataSource","CACHE","cacheKey","generateAuthorityMetadataCacheKey","setAuthorityMetadata","localMetadata","updateEndpointMetadataFromLocalSources","_this$authorityOption","HARDCODED_VALUES","azureRegionConfiguration","azureRegion","hardcodedMetadata","updateMetadataWithRegionalInformation","AuthorityUpdateMetadataWithRegionalInformation","updateAuthorityEndpointMetadata","getEndpointMetadataFromNetwork","AuthorityGetEndpointMetadataFromNetwork","_this$authorityOption2","NETWORK","openIdConfigError","configMetadata","getEndpointMetadataFromConfig","CONFIG","getEndpointMetadataFromHardcodedValues","metadataEntityExpired","isAuthorityMetadataExpired","isAuthoritySameType","invalidAuthorityMetadata","_this$performanceClie4","openIdConfigurationEndpoint","isValidResponse","isOpenIdConfigResponse","EndpointMetadata","_this$performanceClie5","_this$authorityOption3","userConfiguredAzureRegion","_this$authorityOption4","AZURE_REGION_AUTO_DISCOVER_FLAG","RegionDiscoveryOutcomes","CONFIGURED_NO_AUTO_DETECTION","replaceWithRegionalInformation","AUTO_DETECTION_REQUESTED_SUCCESSFUL","AUTO_DETECTION_REQUESTED_FAILED","_this$performanceClie6","localMetadataSource","updateCloudDiscoveryMetadataFromLocalSources","getCloudDiscoveryMetadataFromNetwork","AuthorityGetCloudDiscoveryMetadataFromNetwork","untrustedAuthority","NOT_APPLICABLE","getCloudDiscoveryMetadataFromConfig","getCloudDiscoveryMetadataFromHardcodedValues","createCloudDiscoveryMetadataFromHost","parsedResponse","getCloudDiscoveryMetadataFromNetworkResponse","invalidCloudDiscoveryMetadata","isInKnownAuthorities","_this$performanceClie7","instanceDiscoveryEndpoint","AAD_INSTANCE_DISCOVERY_ENDPT","match","typedResponseBody","isCloudInstanceDiscoveryResponse","tenant_discovery_endpoint","isCloudInstanceDiscoveryErrorResponse","INVALID_INSTANCE","error_description","typedError","filter","authorityString","authorityAzureCloudInstance","azureCloudInstance","AzureCloudInstance","DEFAULT_COMMON_TENANT","host","getPreferredCache","DEFAULT_AUTHORITY_HOST","InstanceDiscoveryMetadataAliases","isPublicCloudAuthority","KNOWN_PUBLIC_CLOUDS","buildRegionalAuthorityString","region","queryString","authorityUrlInstance","authorityUrlParts","hostNameAndPort","REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX","constructAuthorityUriFromObject","regionalMetadata","transformCIAMAuthority","ciamAuthority","authorityUrlComponents","tenantIdOrDomain","AAD_TENANT_DOMAIN_SUFFIX","getTenantFromAuthorityString","_authorityUrlComponen","slice","AADAuthorityConstants","COMMON","ORGANIZATIONS","CONSUMERS","formatAuthorityUri","FORWARD_SLASH","buildStaticAuthorityOptions","rawCloudDiscoveryMetadata","Set","createDiscoveredInstance","authorityUriFinal","acquireTokenAuthority","InstanceDiscoveryMetadata","getAliasesFromStaticSources","staticAuthorityOptions","staticAliases","_staticAuthorityOptio","authorityHost","getAliasesFromMetadata","i","metadataEntry","alias","add","AzurePublic","AzurePpe","AzureChina","AzureGermany","AzureUsGovernment"],"sourceRoot":""}