@azure/msal-browser/lib/msal-browser.cjs.map

Microsoft Authentication Library for js

{"version":3,"file":"msal-browser.cjs","sources":["../../msal-common/dist/utils/Constants.mjs","../../msal-common/dist/error/AuthErrorCodes.mjs","../../msal-common/dist/error/AuthError.mjs","../../msal-common/dist/error/ClientAuthErrorCodes.mjs","../../msal-common/dist/error/ClientAuthError.mjs","../../msal-common/dist/account/AuthToken.mjs","../../msal-common/dist/authority/AuthorityType.mjs","../../msal-common/dist/authority/OpenIdConfigResponse.mjs","../../msal-common/dist/error/ClientConfigurationErrorCodes.mjs","../../msal-common/dist/error/ClientConfigurationError.mjs","../../msal-common/dist/utils/StringUtils.mjs","../../msal-common/dist/utils/UrlUtils.mjs","../../msal-common/dist/url/UrlString.mjs","../../msal-common/dist/authority/AuthorityMetadata.mjs","../../msal-common/dist/authority/ProtocolMode.mjs","../../msal-common/dist/authority/AuthorityOptions.mjs","../../msal-common/dist/authority/CloudInstanceDiscoveryResponse.mjs","../../msal-common/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs","../../msal-common/dist/telemetry/performance/PerformanceEvent.mjs","../../msal-common/dist/utils/FunctionWrappers.mjs","../../msal-common/dist/authority/RegionDiscovery.mjs","../../msal-common/dist/utils/TimeUtils.mjs","../../msal-common/dist/cache/utils/CacheHelpers.mjs","../../msal-common/dist/authority/Authority.mjs","../../msal-common/dist/authority/AuthorityFactory.mjs","../../msal-common/dist/utils/ClientAssertionUtils.mjs","../../msal-common/dist/constants/AADServerParamKeys.mjs","../../msal-common/dist/crypto/ICrypto.mjs","../../msal-common/dist/logger/Logger.mjs","../../msal-common/dist/packageMetadata.mjs","../../msal-common/dist/request/ScopeSet.mjs","../../msal-common/dist/account/ClientInfo.mjs","../../msal-common/dist/account/AccountInfo.mjs","../../msal-common/dist/account/TokenClaims.mjs","../../msal-common/dist/cache/entities/AccountEntity.mjs","../../msal-common/dist/error/CacheErrorCodes.mjs","../../msal-common/dist/error/CacheError.mjs","../../msal-common/dist/cache/CacheManager.mjs","../../msal-common/dist/config/ClientConfiguration.mjs","../../msal-common/dist/error/ServerError.mjs","../../msal-common/dist/network/ThrottlingUtils.mjs","../../msal-common/dist/network/NetworkManager.mjs","../../msal-common/dist/account/CcsCredential.mjs","../../msal-common/dist/request/RequestValidator.mjs","../../msal-common/dist/request/RequestParameterBuilder.mjs","../../msal-common/dist/client/BaseClient.mjs","../../msal-common/dist/error/InteractionRequiredAuthErrorCodes.mjs","../../msal-common/dist/error/InteractionRequiredAuthError.mjs","../../msal-common/dist/cache/entities/CacheRecord.mjs","../../msal-common/dist/utils/ProtocolUtils.mjs","../../msal-common/dist/crypto/PopTokenGenerator.mjs","../../msal-common/dist/cache/persistence/TokenCacheContext.mjs","../../msal-common/dist/response/ResponseHandler.mjs","../../msal-common/dist/client/AuthorizationCodeClient.mjs","../../msal-common/dist/client/RefreshTokenClient.mjs","../../msal-common/dist/client/SilentFlowClient.mjs","../../msal-common/dist/network/INetworkModule.mjs","../../msal-common/dist/error/JoseHeaderErrorCodes.mjs","../../msal-common/dist/error/JoseHeaderError.mjs","../../msal-common/dist/crypto/JoseHeader.mjs","../../msal-common/dist/request/AuthenticationHeaderParser.mjs","../../msal-common/dist/telemetry/server/ServerTelemetryManager.mjs","../../msal-common/dist/telemetry/performance/StubPerformanceClient.mjs","../../msal-common/dist/telemetry/performance/PerformanceClient.mjs","../src/error/BrowserAuthErrorCodes.ts","../src/error/BrowserAuthError.ts","../src/utils/BrowserConstants.ts","../src/encode/Base64Encode.ts","../src/crypto/BrowserCrypto.ts","../src/error/BrowserConfigurationAuthErrorCodes.ts","../src/error/BrowserConfigurationAuthError.ts","../src/utils/BrowserUtils.ts","../src/navigation/NavigationClient.ts","../src/network/FetchClient.ts","../src/config/Configuration.ts","../src/packageMetadata.ts","../src/operatingcontext/BaseOperatingContext.ts","../src/naa/BridgeStatusCode.ts","../src/naa/BridgeProxy.ts","../src/operatingcontext/NestedAppOperatingContext.ts","../src/operatingcontext/StandardOperatingContext.ts","../src/encode/Base64Decode.ts","../src/cache/DatabaseStorage.ts","../src/cache/MemoryStorage.ts","../src/cache/AsyncMemoryStorage.ts","../src/crypto/CryptoOps.ts","../src/cache/BrowserStorage.ts","../src/utils/BrowserProtocolUtils.ts","../src/cache/BrowserCacheManager.ts","../src/cache/AccountManager.ts","../src/event/EventType.ts","../src/event/EventHandler.ts","../src/interaction_client/BaseInteractionClient.ts","../src/crypto/PkceGenerator.ts","../src/request/RequestHelpers.ts","../src/interaction_client/StandardInteractionClient.ts","../src/error/NativeAuthErrorCodes.ts","../src/broker/nativeBroker/NativeStatusCodes.ts","../src/error/NativeAuthError.ts","../src/interaction_client/SilentCacheClient.ts","../src/interaction_client/NativeInteractionClient.ts","../src/broker/nativeBroker/NativeMessageHandler.ts","../src/interaction_handler/InteractionHandler.ts","../src/response/ResponseHandler.ts","../src/interaction_client/PopupClient.ts","../src/interaction_handler/RedirectHandler.ts","../src/interaction_client/RedirectClient.ts","../src/interaction_handler/SilentHandler.ts","../src/interaction_client/SilentIframeClient.ts","../src/interaction_client/SilentRefreshClient.ts","../src/cache/TokenCache.ts","../src/interaction_client/HybridSpaAuthorizationCodeClient.ts","../src/interaction_client/SilentAuthCodeClient.ts","../src/controllers/StandardController.ts","../src/naa/BridgeError.ts","../src/naa/mapping/NestedAppAuthAdapter.ts","../src/error/NestedAppAuthError.ts","../src/controllers/NestedAppAuthController.ts","../src/controllers/ControllerFactory.ts","../src/app/PublicClientApplication.ts","../src/controllers/UnknownOperatingContextController.ts","../src/operatingcontext/UnknownOperatingContext.ts","../src/app/PublicClientNext.ts","../src/app/IPublicClientApplication.ts","../src/event/EventMessage.ts","../src/crypto/SignedHttpRequest.ts","../src/telemetry/BrowserPerformanceClient.ts","../src/telemetry/BrowserPerformanceMeasurement.ts"],"sourcesContent":["/*! @azure/msal-common v14.10.0 2024-05-28 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst Constants = {\n    LIBRARY_NAME: \"MSAL.JS\",\n    SKU: \"msal.js.common\",\n    // Prefix for all library cache entries\n    CACHE_PREFIX: \"msal\",\n    // default authority\n    DEFAULT_AUTHORITY: \"https://login.microsoftonline.com/common/\",\n    DEFAULT_AUTHORITY_HOST: \"login.microsoftonline.com\",\n    DEFAULT_COMMON_TENANT: \"common\",\n    // ADFS String\n    ADFS: \"adfs\",\n    DSTS: \"dstsv2\",\n    // Default AAD Instance Discovery Endpoint\n    AAD_INSTANCE_DISCOVERY_ENDPT: \"https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=\",\n    // CIAM URL\n    CIAM_AUTH_URL: \".ciamlogin.com\",\n    AAD_TENANT_DOMAIN_SUFFIX: \".onmicrosoft.com\",\n    // Resource delimiter - used for certain cache entries\n    RESOURCE_DELIM: \"|\",\n    // Placeholder for non-existent account ids/objects\n    NO_ACCOUNT: \"NO_ACCOUNT\",\n    // Claims\n    CLAIMS: \"claims\",\n    // Consumer UTID\n    CONSUMER_UTID: \"9188040d-6c67-4c5b-b112-36a304b66dad\",\n    // Default scopes\n    OPENID_SCOPE: \"openid\",\n    PROFILE_SCOPE: \"profile\",\n    OFFLINE_ACCESS_SCOPE: \"offline_access\",\n    EMAIL_SCOPE: \"email\",\n    // Default response type for authorization code flow\n    CODE_RESPONSE_TYPE: \"code\",\n    CODE_GRANT_TYPE: \"authorization_code\",\n    RT_GRANT_TYPE: \"refresh_token\",\n    FRAGMENT_RESPONSE_MODE: \"fragment\",\n    S256_CODE_CHALLENGE_METHOD: \"S256\",\n    URL_FORM_CONTENT_TYPE: \"application/x-www-form-urlencoded;charset=utf-8\",\n    AUTHORIZATION_PENDING: \"authorization_pending\",\n    NOT_DEFINED: \"not_defined\",\n    EMPTY_STRING: \"\",\n    NOT_APPLICABLE: \"N/A\",\n    FORWARD_SLASH: \"/\",\n    IMDS_ENDPOINT: \"http://169.254.169.254/metadata/instance/compute/location\",\n    IMDS_VERSION: \"2020-06-01\",\n    IMDS_TIMEOUT: 2000,\n    AZURE_REGION_AUTO_DISCOVER_FLAG: \"TryAutoDetect\",\n    REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX: \"login.microsoft.com\",\n    KNOWN_PUBLIC_CLOUDS: [\n        \"login.microsoftonline.com\",\n        \"login.windows.net\",\n        \"login.microsoft.com\",\n        \"sts.windows.net\",\n    ],\n    TOKEN_RESPONSE_TYPE: \"token\",\n    ID_TOKEN_RESPONSE_TYPE: \"id_token\",\n    SHR_NONCE_VALIDITY: 240,\n    INVALID_INSTANCE: \"invalid_instance\",\n};\nconst HttpStatus = {\n    SUCCESS: 200,\n    SUCCESS_RANGE_START: 200,\n    SUCCESS_RANGE_END: 299,\n    REDIRECT: 302,\n    CLIENT_ERROR: 400,\n    CLIENT_ERROR_RANGE_START: 400,\n    BAD_REQUEST: 400,\n    UNAUTHORIZED: 401,\n    NOT_FOUND: 404,\n    REQUEST_TIMEOUT: 408,\n    TOO_MANY_REQUESTS: 429,\n    CLIENT_ERROR_RANGE_END: 499,\n    SERVER_ERROR: 500,\n    SERVER_ERROR_RANGE_START: 500,\n    SERVICE_UNAVAILABLE: 503,\n    GATEWAY_TIMEOUT: 504,\n    SERVER_ERROR_RANGE_END: 599,\n    MULTI_SIDED_ERROR: 600,\n};\nconst OIDC_DEFAULT_SCOPES = [\n    Constants.OPENID_SCOPE,\n    Constants.PROFILE_SCOPE,\n    Constants.OFFLINE_ACCESS_SCOPE,\n];\nconst OIDC_SCOPES = [...OIDC_DEFAULT_SCOPES, Constants.EMAIL_SCOPE];\n/**\n * Request header names\n */\nconst HeaderNames = {\n    CONTENT_TYPE: \"Content-Type\",\n    RETRY_AFTER: \"Retry-After\",\n    CCS_HEADER: \"X-AnchorMailbox\",\n    WWWAuthenticate: \"WWW-Authenticate\",\n    AuthenticationInfo: \"Authentication-Info\",\n    X_MS_REQUEST_ID: \"x-ms-request-id\",\n    X_MS_HTTP_VERSION: \"x-ms-httpver\",\n};\n/**\n * Persistent cache keys MSAL which stay while user is logged in.\n */\nconst PersistentCacheKeys = {\n    ID_TOKEN: \"idtoken\",\n    CLIENT_INFO: \"client.info\",\n    ADAL_ID_TOKEN: \"adal.idtoken\",\n    ERROR: \"error\",\n    ERROR_DESC: \"error.description\",\n    ACTIVE_ACCOUNT: \"active-account\",\n    ACTIVE_ACCOUNT_FILTERS: \"active-account-filters\", // new cache entry for active_account for a more robust version for browser\n};\n/**\n * String constants related to AAD Authority\n */\nconst AADAuthorityConstants = {\n    COMMON: \"common\",\n    ORGANIZATIONS: \"organizations\",\n    CONSUMERS: \"consumers\",\n};\n/**\n * Claims request keys\n */\nconst ClaimsRequestKeys = {\n    ACCESS_TOKEN: \"access_token\",\n    XMS_CC: \"xms_cc\",\n};\n/**\n * we considered making this \"enum\" in the request instead of string, however it looks like the allowed list of\n * prompt values kept changing over past couple of years. There are some undocumented prompt values for some\n * internal partners too, hence the choice of generic \"string\" type instead of the \"enum\"\n */\nconst PromptValue = {\n    LOGIN: \"login\",\n    SELECT_ACCOUNT: \"select_account\",\n    CONSENT: \"consent\",\n    NONE: \"none\",\n    CREATE: \"create\",\n    NO_SESSION: \"no_session\",\n};\n/**\n * allowed values for codeVerifier\n */\nconst CodeChallengeMethodValues = {\n    PLAIN: \"plain\",\n    S256: \"S256\",\n};\n/**\n * allowed values for server response type\n */\nconst ServerResponseType = {\n    QUERY: \"query\",\n    FRAGMENT: \"fragment\",\n};\n/**\n * allowed values for response_mode\n */\nconst ResponseMode = {\n    ...ServerResponseType,\n    FORM_POST: \"form_post\",\n};\n/**\n * allowed grant_type\n */\nconst GrantType = {\n    IMPLICIT_GRANT: \"implicit\",\n    AUTHORIZATION_CODE_GRANT: \"authorization_code\",\n    CLIENT_CREDENTIALS_GRANT: \"client_credentials\",\n    RESOURCE_OWNER_PASSWORD_GRANT: \"password\",\n    REFRESH_TOKEN_GRANT: \"refresh_token\",\n    DEVICE_CODE_GRANT: \"device_code\",\n    JWT_BEARER: \"urn:ietf:params:oauth:grant-type:jwt-bearer\",\n};\n/**\n * Account types in Cache\n */\nconst CacheAccountType = {\n    MSSTS_ACCOUNT_TYPE: \"MSSTS\",\n    ADFS_ACCOUNT_TYPE: \"ADFS\",\n    MSAV1_ACCOUNT_TYPE: \"MSA\",\n    GENERIC_ACCOUNT_TYPE: \"Generic\", // NTLM, Kerberos, FBA, Basic etc\n};\n/**\n * Separators used in cache\n */\nconst Separators = {\n    CACHE_KEY_SEPARATOR: \"-\",\n    CLIENT_INFO_SEPARATOR: \".\",\n};\n/**\n * Credential Type stored in the cache\n */\nconst CredentialType = {\n    ID_TOKEN: \"IdToken\",\n    ACCESS_TOKEN: \"AccessToken\",\n    ACCESS_TOKEN_WITH_AUTH_SCHEME: \"AccessToken_With_AuthScheme\",\n    REFRESH_TOKEN: \"RefreshToken\",\n};\n/**\n * Combine all cache types\n */\nconst CacheType = {\n    ADFS: 1001,\n    MSA: 1002,\n    MSSTS: 1003,\n    GENERIC: 1004,\n    ACCESS_TOKEN: 2001,\n    REFRESH_TOKEN: 2002,\n    ID_TOKEN: 2003,\n    APP_METADATA: 3001,\n    UNDEFINED: 9999,\n};\n/**\n * More Cache related constants\n */\nconst APP_METADATA = \"appmetadata\";\nconst CLIENT_INFO = \"client_info\";\nconst THE_FAMILY_ID = \"1\";\nconst AUTHORITY_METADATA_CONSTANTS = {\n    CACHE_KEY: \"authority-metadata\",\n    REFRESH_TIME_SECONDS: 3600 * 24, // 24 Hours\n};\nconst AuthorityMetadataSource = {\n    CONFIG: \"config\",\n    CACHE: \"cache\",\n    NETWORK: \"network\",\n    HARDCODED_VALUES: \"hardcoded_values\",\n};\nconst SERVER_TELEM_CONSTANTS = {\n    SCHEMA_VERSION: 5,\n    MAX_CUR_HEADER_BYTES: 80,\n    MAX_LAST_HEADER_BYTES: 330,\n    MAX_CACHED_ERRORS: 50,\n    CACHE_KEY: \"server-telemetry\",\n    CATEGORY_SEPARATOR: \"|\",\n    VALUE_SEPARATOR: \",\",\n    OVERFLOW_TRUE: \"1\",\n    OVERFLOW_FALSE: \"0\",\n    UNKNOWN_ERROR: \"unknown_error\",\n};\n/**\n * Type of the authentication request\n */\nconst AuthenticationScheme = {\n    BEARER: \"Bearer\",\n    POP: \"pop\",\n    SSH: \"ssh-cert\",\n};\n/**\n * Constants related to throttling\n */\nconst ThrottlingConstants = {\n    // Default time to throttle RequestThumbprint in seconds\n    DEFAULT_THROTTLE_TIME_SECONDS: 60,\n    // Default maximum time to throttle in seconds, overrides what the server sends back\n    DEFAULT_MAX_THROTTLE_TIME_SECONDS: 3600,\n    // Prefix for storing throttling entries\n    THROTTLING_PREFIX: \"throttling\",\n    // Value assigned to the x-ms-lib-capability header to indicate to the server the library supports throttling\n    X_MS_LIB_CAPABILITY_VALUE: \"retry-after, h429\",\n};\nconst Errors = {\n    INVALID_GRANT_ERROR: \"invalid_grant\",\n    CLIENT_MISMATCH_ERROR: \"client_mismatch\",\n};\n/**\n * Password grant parameters\n */\nconst PasswordGrantConstants = {\n    username: \"username\",\n    password: \"password\",\n};\n/**\n * Response codes\n */\nconst ResponseCodes = {\n    httpSuccess: 200,\n    httpBadRequest: 400,\n};\n/**\n * Region Discovery Sources\n */\nconst RegionDiscoverySources = {\n    FAILED_AUTO_DETECTION: \"1\",\n    INTERNAL_CACHE: \"2\",\n    ENVIRONMENT_VARIABLE: \"3\",\n    IMDS: \"4\",\n};\n/**\n * Region Discovery Outcomes\n */\nconst RegionDiscoveryOutcomes = {\n    CONFIGURED_MATCHES_DETECTED: \"1\",\n    CONFIGURED_NO_AUTO_DETECTION: \"2\",\n    CONFIGURED_NOT_DETECTED: \"3\",\n    AUTO_DETECTION_REQUESTED_SUCCESSFUL: \"4\",\n    AUTO_DETECTION_REQUESTED_FAILED: \"5\",\n};\n/**\n * Specifies the reason for fetching the access token from the identity provider\n */\nconst CacheOutcome = {\n    // When a token is found in the cache or the cache is not supposed to be hit when making the request\n    NOT_APPLICABLE: \"0\",\n    // When the token request goes to the identity provider because force_refresh was set to true. Also occurs if claims were requested\n    FORCE_REFRESH_OR_CLAIMS: \"1\",\n    // When the token request goes to the identity provider because no cached access token exists\n    NO_CACHED_ACCESS_TOKEN: \"2\",\n    // When the token request goes to the identity provider because cached access token expired\n    CACHED_ACCESS_TOKEN_EXPIRED: \"3\",\n    // When the token request goes to the identity provider because refresh_in was used and the existing token needs to be refreshed\n    PROACTIVELY_REFRESHED: \"4\",\n};\nconst JsonWebTokenTypes = {\n    Jwt: \"JWT\",\n    Jwk: \"JWK\",\n    Pop: \"pop\",\n};\nconst ONE_DAY_IN_MS = 86400000;\n// Token renewal offset default in seconds\nconst DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;\n\nexport { AADAuthorityConstants, APP_METADATA, AUTHORITY_METADATA_CONSTANTS, AuthenticationScheme, AuthorityMetadataSource, CLIENT_INFO, CacheAccountType, CacheOutcome, CacheType, ClaimsRequestKeys, CodeChallengeMethodValues, Constants, CredentialType, DEFAULT_TOKEN_RENEWAL_OFFSET_SEC, Errors, GrantType, HeaderNames, HttpStatus, JsonWebTokenTypes, OIDC_DEFAULT_SCOPES, OIDC_SCOPES, ONE_DAY_IN_MS, PasswordGrantConstants, PersistentCacheKeys, PromptValue, RegionDiscoveryOutcomes, RegionDiscoverySources, ResponseCodes, ResponseMode, SERVER_TELEM_CONSTANTS, Separators, ServerResponseType, THE_FAMILY_ID, ThrottlingConstants };\n//# sourceMappingURL=Constants.mjs.map\n","/*! @azure/msal-common v14.10.0 2024-05-28 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * AuthErrorMessage class containing string constants used by error codes and messages.\n */\nconst unexpectedError = \"unexpected_error\";\nconst postRequestFailed = \"post_request_failed\";\n\nexport { postRequestFailed, unexpectedError };\n//# sourceMappingURL=AuthErrorCodes.mjs.map\n","/*! @azure/msal-common v14.10.0 2024-05-28 */\n'use strict';\nimport { Constants } from '../utils/Constants.mjs';\nimport { unexpectedError, postRequestFailed } from './AuthErrorCodes.mjs';\nimport * as AuthErrorCodes from './AuthErrorCodes.mjs';\nexport { AuthErrorCodes };\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst AuthErrorMessages = {\n    [unexpectedError]: \"Unexpected error in authentication.\",\n    [postRequestFailed]: \"Post request failed from the network, could be a 4xx/5xx or a network unavailability. Please check the exact error code for details.\",\n};\n/**\n * AuthErrorMessage class containing string constants used by error codes and messages.\n * @deprecated Use AuthErrorCodes instead\n */\nconst AuthErrorMessage = {\n    unexpectedError: {\n        code: unexpectedError,\n        desc: AuthErrorMessages[unexpectedError],\n    },\n    postRequestFailed: {\n        code: postRequestFailed,\n        desc: AuthErrorMessages[postRequestFailed],\n    },\n};\n/**\n * General error class thrown by the MSAL.js library.\n */\nclass AuthError extends Error {\n    constructor(errorCode, errorMessage, suberror) {\n        const errorString = errorMessage\n            ? `${errorCode}: ${errorMessage}`\n            : errorCode;\n        super(errorString);\n        Object.setPrototypeOf(this, AuthError.prototype);\n        this.errorCode = errorCode || Constants.EMPTY_STRING;\n        this.errorMessage = errorMessage || Constants.EMPTY_STRING;\n        this.subError = suberror || Constants.EMPTY_STRING;\n        this.name = \"AuthError\";\n    }\n    setCorrelationId(correlationId) {\n        this.correlationId = correlationId;\n    }\n}\nfunction createAuthError(code, additionalMessage) {\n    return new AuthError(code, additionalMessage\n        ? `${AuthErrorMessages[code]} ${additionalMessage}`\n        : AuthErrorMessages[code]);\n}\n\nexport { AuthError, AuthErrorMessage, AuthErrorMessages, createAuthError };\n//# sourceMappingURL=AuthError.mjs.map\n","/*! @azure/msal-common v14.10.0 2024-05-28 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst clientInfoDecodingError = \"client_info_decoding_error\";\nconst clientInfoEmptyError = \"client_info_empty_error\";\nconst tokenParsingError = \"token_parsing_error\";\nconst nullOrEmptyToken = \"null_or_empty_token\";\nconst endpointResolutionError = \"endpoints_resolution_error\";\nconst networkError = \"network_error\";\nconst openIdConfigError = \"openid_config_error\";\nconst hashNotDeserialized = \"hash_not_deserialized\";\nconst invalidState = \"invalid_state\";\nconst stateMismatch = \"state_mismatch\";\nconst stateNotFound = \"state_not_found\";\nconst nonceMismatch = \"nonce_mismatch\";\nconst authTimeNotFound = \"auth_time_not_found\";\nconst maxAgeTranspired = \"max_age_transpired\";\nconst multipleMatchingTokens = \"multiple_matching_tokens\";\nconst multipleMatchingAccounts = \"multiple_matching_accounts\";\nconst multipleMatchingAppMetadata = \"multiple_matching_appMetadata\";\nconst requestCannotBeMade = \"request_cannot_be_made\";\nconst cannotRemoveEmptyScope = \"cannot_remove_empty_scope\";\nconst cannotAppendScopeSet = \"cannot_append_scopeset\";\nconst emptyInputScopeSet = \"empty_input_scopeset\";\nconst deviceCodePollingCancelled = \"device_code_polling_cancelled\";\nconst deviceCodeExpired = \"device_code_expired\";\nconst deviceCodeUnknownError = \"device_code_unknown_error\";\nconst noAccountInSilentRequest = \"no_account_in_silent_request\";\nconst invalidCacheRecord = \"invalid_cache_record\";\nconst invalidCacheEnvironment = \"invalid_cache_environment\";\nconst noAccountFound = \"no_account_found\";\nconst noCryptoObject = \"no_crypto_object\";\nconst unexpectedCredentialType = \"unexpected_credential_type\";\nconst invalidAssertion = \"invalid_assertion\";\nconst invalidClientCredential = \"invalid_client_credential\";\nconst tokenRefreshRequired = \"token_refresh_required\";\nconst userTimeoutReached = \"user_timeout_reached\";\nconst tokenClaimsCnfRequiredForSignedJwt = \"token_claims_cnf_required_for_signedjwt\";\nconst authorizationCodeMissingFromServerResponse = \"authorization_code_missing_from_server_response\";\nconst bindingKeyNotRemoved = \"binding_key_not_removed\";\nconst endSessionEndpointNotSupported = \"end_session_endpoint_not_supported\";\nconst keyIdMissing = \"key_id_missing\";\nconst noNetworkConnectivity = \"no_network_connectivity\";\nconst userCanceled = \"user_canceled\";\nconst missingTenantIdError = \"missing_tenant_id_error\";\nconst methodNotImplemented = \"method_not_implemented\";\nconst nestedAppAuthBridgeDisabled = \"nested_app_auth_bridge_disabled\";\n\nexport { authTimeNotFound, authorizationCodeMissingFromServerResponse, bindingKeyNotRemoved, cannotAppendScopeSet, cannotRemoveEmptyScope, clientInfoDecodingError, clientInfoEmptyError, deviceCodeExpired, deviceCodePollingCancelled, deviceCodeUnknownError, emptyInputScopeSet, endSessionEndpointNotSupported, endpointResolutionError, hashNotDeserialized, invalidAssertion, invalidCacheEnvironment, invalidCacheRecord, invalidClientCredential, invalidState, keyIdMissing, maxAgeTranspired, methodNotImplemented, missingTenantIdError, multipleMatchingAccounts, multipleMatchingAppMetadata, multipleMatchingTokens, nestedAppAuthBridgeDisabled, networkError, noAccountFound, noAccountInSilentRequest, noCryptoObject, noNetworkConnectivity, nonceMismatch, nullOrEmptyToken, openIdConfigError, requestCannotBeMade, stateMismatch, stateNotFound, tokenClaimsCnfRequiredForSignedJwt, tokenParsingError, tokenRefreshRequired, unexpectedCredentialType, userCanceled, userTimeoutReached };\n//# sourceMappingURL=ClientAuthErrorCodes.mjs.map\n","/*! @azure/msal-common v14.10.0 2024-05-28 */\n'use strict';\nimport { AuthError } from './AuthError.mjs';\nimport { clientInfoDecodingError, clientInfoEmptyError, tokenParsingError, nullOrEmptyToken, endpointResolutionError, networkError, openIdConfigError, hashNotDeserialized, invalidState, stateMismatch, stateNotFound, nonceMismatch, authTimeNotFound, maxAgeTranspired, multipleMatchingTokens, multipleMatchingAccounts, multipleMatchingAppMetadata, requestCannotBeMade, cannotRemoveEmptyScope, cannotAppendScopeSet, emptyInputScopeSet, deviceCodePollingCancelled, deviceCodeExpired, deviceCodeUnknownError, noAccountInSilentRequest, invalidCacheRecord, invalidCacheEnvironment, noAccountFound, noCryptoObject, unexpectedCredentialType, invalidAssertion, invalidClientCredential, tokenRefreshRequired, userTimeoutReached, tokenClaimsCnfRequiredForSignedJwt, authorizationCodeMissingFromServerResponse, bindingKeyNotRemoved, endSessionEndpointNotSupported, keyIdMissing, noNetworkConnectivity, userCanceled, missingTenantIdError, nestedAppAuthBridgeDisabled, methodNotImplemented } from './ClientAuthErrorCodes.mjs';\nimport * as ClientAuthErrorCodes from './ClientAuthErrorCodes.mjs';\nexport { ClientAuthErrorCodes };\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * ClientAuthErrorMessage class containing string constants used by error codes and messages.\n */\nconst ClientAuthErrorMessages = {\n    [clientInfoDecodingError]: \"The client info could not be parsed/decoded correctly\",\n    [clientInfoEmptyError]: \"The client info was empty\",\n    [tokenParsingError]: \"Token cannot be parsed\",\n    [nullOrEmptyToken]: \"The token is null or empty\",\n    [endpointResolutionError]: \"Endpoints cannot be resolved\",\n    [networkError]: \"Network request failed\",\n    [openIdConfigError]: \"Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints.\",\n    [hashNotDeserialized]: \"The hash parameters could not be deserialized\",\n    [invalidState]: \"State was not the expected format\",\n    [stateMismatch]: \"State mismatch error\",\n    [stateNotFound]: \"State not found\",\n    [nonceMismatch]: \"Nonce mismatch error\",\n    [authTimeNotFound]: \"Max Age was requested and the ID token is missing the auth_time variable.\" +\n        \" auth_time is an optional claim and is not enabled by default - it must be enabled.\" +\n        \" See https://aka.ms/msaljs/optional-claims for more information.\",\n    [maxAgeTranspired]: \"Max Age is set to 0, or too much time has elapsed since the last end-user authentication.\",\n    [multipleMatchingTokens]: \"The cache contains multiple tokens satisfying the requirements. \" +\n        \"Call AcquireToken again providing more requirements such as authority or account.\",\n    [multipleMatchingAccounts]: \"The cache contains multiple accounts satisfying the given parameters. Please pass more info to obtain the correct account\",\n    [multipleMatchingAppMetadata]: \"The cache contains multiple appMetadata satisfying the given parameters. Please pass more info to obtain the correct appMetadata\",\n    [requestCannotBeMade]: \"Token request cannot be made without authorization code or refresh token.\",\n    [cannotRemoveEmptyScope]: \"Cannot remove null or empty scope from ScopeSet\",\n    [cannotAppendScopeSet]: \"Cannot append ScopeSet\",\n    [emptyInputScopeSet]: \"Empty input ScopeSet cannot be processed\",\n    [deviceCodePollingCancelled]: \"Caller has cancelled token endpoint polling during device code flow by setting DeviceCodeRequest.cancel = true.\",\n    [deviceCodeExpired]: \"Device code is expired.\",\n    [deviceCodeUnknownError]: \"Device code stopped polling for unknown reasons.\",\n    [noAccountInSilentRequest]: \"Please pass an account object, silent flow is not supported without account information\",\n    [invalidCacheRecord]: \"Cache record object was null or undefined.\",\n    [invalidCacheEnvironment]: \"Invalid environment when attempting to create cache entry\",\n    [noAccountFound]: \"No account found in cache for given key.\",\n    [noCryptoObject]: \"No crypto object detected.\",\n    [unexpectedCredentialType]: \"Unexpected credential type.\",\n    [invalidAssertion]: \"Client assertion must meet requirements described in https://tools.ietf.org/html/rfc7515\",\n    [invalidClientCredential]: \"Client credential (secret, certificate, or assertion) must not be empty when creating a confidential client. An application should at most have one credential\",\n    [tokenRefreshRequired]: \"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.\",\n    [userTimeoutReached]: \"User defined timeout for device code polling reached\",\n    [tokenClaimsCnfRequiredForSignedJwt]: \"Cannot generate a POP jwt if the token_claims are not populated\",\n    [authorizationCodeMissingFromServerResponse]: \"Server response does not contain an authorization code to proceed\",\n    [bindingKeyNotRemoved]: \"Could not remove the credential's binding key from storage.\",\n    [endSessionEndpointNotSupported]: \"The provided authority does not support logout\",\n    [keyIdMissing]: \"A keyId value is missing from the requested bound token's cache record and is required to match the token to it's stored binding key.\",\n    [noNetworkConnectivity]: \"No network connectivity. Check your internet connection.\",\n    [userCanceled]: \"User cancelled the flow.\",\n    [missingTenantIdError]: \"A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.\",\n    [methodNotImplemented]: \"This method has not been implemented\",\n    [nestedAppAuthBridgeDisabled]: \"The nested app auth bridge is disabled\",\n};\n/**\n * String constants used by error codes and messages.\n * @deprecated Use ClientAuthErrorCodes instead\n */\nconst ClientAuthErrorMessage = {\n    clientInfoDecodingError: {\n        code: clientInfoDecodingError,\n        desc: ClientAuthErrorMessages[clientInfoDecodingError],\n    },\n    clientInfoEmptyError: {\n        code: clientInfoEmptyError,\n        desc: ClientAuthErrorMessages[clientInfoEmptyError],\n    },\n    tokenParsingError: {\n        code: tokenParsingError,\n        desc: ClientAuthErrorMessages[tokenParsingError],\n    },\n    nullOrEmptyToken: {\n        code: nullOrEmptyToken,\n        desc: ClientAuthErrorMessages[nullOrEmptyToken],\n    },\n    endpointResolutionError: {\n        code: endpointResolutionError,\n        desc: ClientAuthErrorMessages[endpointResolutionError],\n    },\n    networkError: {\n        code: networkError,\n        desc: ClientAuthErrorMessages[networkError],\n    },\n    unableToGetOpenidConfigError: {\n        code: openIdConfigError,\n        desc: ClientAuthErrorMessages[openIdConfigError],\n    },\n    hashNotDeserialized: {\n        code: hashNotDeserialized,\n        desc: ClientAuthErrorMessages[hashNotDeserialized],\n    },\n    invalidStateError: {\n        code: invalidState,\n        desc: ClientAuthErrorMessages[invalidState],\n    },\n    stateMismatchError: {\n        code: stateMismatch,\n        desc: ClientAuthErrorMessages[stateMismatch],\n    },\n    stateNotFoundError: {\n        code: stateNotFound,\n        desc: ClientAuthErrorMessages[stateNotFound],\n    },\n    nonceMismatchError: {\n        code: nonceMismatch,\n        desc: ClientAuthErrorMessages[nonceMismatch],\n    },\n    authTimeNotFoundError: {\n        code: authTimeNotFound,\n        desc: ClientAuthErrorMessages[authTimeNotFound],\n    },\n    maxAgeTranspired: {\n        code: maxAgeTranspired,\n        desc: ClientAuthErrorMessages[maxAgeTranspired],\n    },\n    multipleMatchingTokens: {\n        code: multipleMatchingTokens,\n        desc: ClientAuthErrorMessages[multipleMatchingTokens],\n    },\n    multipleMatchingAccounts: {\n        code: multipleMatchingAccounts,\n        desc: ClientAuthErrorMessages[multipleMatchingAccounts],\n    },\n    multipleMatchingAppMetadata: {\n        code: multipleMatchingAppMetadata,\n        desc: ClientAuthErrorMessages[multipleMatchingAppMetadata],\n    },\n    tokenRequestCannotBeMade: {\n        code: requestCannotBeMade,\n        desc: ClientAuthErrorMessages[requestCannotBeMade],\n    },\n    removeEmptyScopeError: {\n        code: cannotRemoveEmptyScope,\n        desc: ClientAuthErrorMessages[cannotRemoveEmptyScope],\n    },\n    appendScopeSetError: {\n        code: cannotAppendScopeSet,\n        desc: ClientAuthErrorMessages[cannotAppendScopeSet],\n    },\n    emptyInputScopeSetError: {\n        code: emptyInputScopeSet,\n        desc: ClientAuthErrorMessages[emptyInputScopeSet],\n    },\n    DeviceCodePollingCancelled: {\n        code: deviceCodePollingCancelled,\n        desc: ClientAuthErrorMessages[deviceCodePollingCancelled],\n    },\n    DeviceCodeExpired: {\n        code: deviceCodeExpired,\n        desc: ClientAuthErrorMessages[deviceCodeExpired],\n    },\n    DeviceCodeUnknownError: {\n        code: deviceCodeUnknownError,\n        desc: ClientAuthErrorMessages[deviceCodeUnknownError],\n    },\n    NoAccountInSilentRequest: {\n        code: noAccountInSilentRequest,\n        desc: ClientAuthErrorMessages[noAccountInSilentRequest],\n    },\n    invalidCacheRecord: {\n        code: invalidCacheRecord,\n        desc: ClientAuthErrorMessages[invalidCacheRecord],\n    },\n    invalidCacheEnvironment: {\n        code: invalidCacheEnvironment,\n        desc: ClientAuthErrorMessages[invalidCacheEnvironment],\n    },\n    noAccountFound: {\n        code: noAccountFound,\n        desc: ClientAuthErrorMessages[noAccountFound],\n    },\n    noCryptoObj: {\n        code: noCryptoObject,\n        desc: ClientAuthErrorMessages[noCryptoObject],\n    },\n    unexpectedCredentialType: {\n        code: unexpectedCredentialType,\n        desc: ClientAuthErrorMessages[unexpectedCredentialType],\n    },\n    invalidAssertion: {\n        code: invalidAssertion,\n        desc: ClientAuthErrorMessages[invalidAssertion],\n    },\n    invalidClientCredential: {\n        code: invalidClientCredential,\n        desc: ClientAuthErrorMessages[invalidClientCredential],\n    },\n    tokenRefreshRequired: {\n        code: tokenRefreshRequired,\n        desc: ClientAuthErrorMessages[tokenRefreshRequired],\n    },\n    userTimeoutReached: {\n        code: userTimeoutReached,\n        desc: ClientAuthErrorMessages[userTimeoutReached],\n    },\n    tokenClaimsRequired: {\n        code: tokenClaimsCnfRequiredForSignedJwt,\n        desc: ClientAuthErrorMessages[tokenClaimsCnfRequiredForSignedJwt],\n    },\n    noAuthorizationCodeFromServer: {\n        code: authorizationCodeMissingFromServerResponse,\n        desc: ClientAuthErrorMessages[authorizationCodeMissingFromServerResponse],\n    },\n    bindingKeyNotRemovedError: {\n        code: bindingKeyNotRemoved,\n        desc: ClientAuthErrorMessages[bindingKeyNotRemoved],\n    },\n    logoutNotSupported: {\n        code: endSessionEndpointNotSupported,\n        desc: ClientAuthErrorMessages[endSessionEndpointNotSupported],\n    },\n    keyIdMissing: {\n        code: keyIdMissing,\n        desc: ClientAuthErrorMessages[keyIdMissing],\n    },\n    noNetworkConnectivity: {\n        code: noNetworkConnectivity,\n        desc: ClientAuthErrorMessages[noNetworkConnectivity],\n    },\n    userCanceledError: {\n        code: userCanceled,\n        desc: ClientAuthErrorMessages[userCanceled],\n    },\n    missingTenantIdError: {\n        code: missingTenantIdError,\n        desc: ClientAuthErrorMessages[missingTenantIdError],\n    },\n    nestedAppAuthBridgeDisabled: {\n        code: nestedAppAuthBridgeDisabled,\n        desc: ClientAuthErrorMessages[nestedAppAuthBridgeDisabled],\n    },\n};\n/**\n * Error thrown when there is an error in the client code running on the browser.\n */\nclass ClientAuthError extends AuthError {\n    constructor(errorCode, additionalMessage) {\n        super(errorCode, additionalMessage\n            ? `${ClientAuthErrorMessages[errorCode]}: ${additionalMessage}`\n            : ClientAuthErrorMessages[errorCode]);\n        this.name = \"ClientAuthError\";\n        Object.setPrototypeOf(this, ClientAuthError.prototype);\n    }\n}\nfunction createClientAuthError(errorCode, additionalMessage) {\n    return new ClientAuthError(errorCode, additionalMessage);\n}\n\nexport { ClientAuthError, ClientAuthErrorMessage, ClientAuthErrorMessages, createClientAuthError };\n//# sourceMappingURL=ClientAuthError.mjs.map\n","/*! @azure/msal-common v14.10.0 2024-05-28 */\n'use strict';\nimport { createClientAuthError } from '../error/ClientAuthError.mjs';\nimport { tokenParsingError, nullOrEmptyToken, maxAgeTranspired } from '../error/ClientAuthErrorCodes.mjs';\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Extract token by decoding the rawToken\n *\n * @param encodedToken\n */\nfunction extractTokenClaims(encodedToken, base64Decode) {\n    const jswPayload = getJWSPayload(encodedToken);\n    // token will be decoded to get the username\n    try {\n        // base64Decode() should throw an error if there is an issue\n        const base64Decoded = base64Decode(jswPayload);\n        return JSON.parse(base64Decoded);\n    }\n    catch (err) {\n        throw createClientAuthError(tokenParsingError);\n    }\n}\n/**\n * decode a JWT\n *\n * @param authToken\n */\nfunction getJWSPayload(authToken) {\n    if (!authToken) {\n        throw createClientAuthError(nullOrEmptyToken);\n    }\n    const tokenPartsRegex = /^([^\\.\\s]*)\\.([^\\.\\s]+)\\.([^\\.\\s]*)$/;\n    const matches = tokenPartsRegex.exec(authToken);\n    if (!matches || matches.length < 4) {\n        throw createClientAuthError(tokenParsingError);\n    }\n    /**\n     * const crackedToken = {\n     *  header: matches[1],\n     *  JWSPayload: matches[2],\n     *  JWSSig: matches[3],\n     * };\n     */\n    return matches[2];\n}\n/**\n * Determine if the token's max_age has transpired\n */\nfunction checkMaxAge(authTime, maxAge) {\n    /*\n     * per https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest\n     * To force an immediate re-authentication: If an app requires that a user re-authenticate prior to access,\n     * provide a value of 0 for the max_age parameter and the AS will force a fresh login.\n     */\n    const fiveMinuteSkew = 300000; // five minutes in milliseconds\n    if (maxAge === 0 || Date.now() - fiveMinuteSkew > authTime + maxAge) {\n        throw createClientAuthError(maxAgeTranspired);\n    }\n}\n\nexport { checkMaxAge, extractTokenClaims, getJWSPayload };\n//# sourceMappingURL=AuthToken.mjs.map\n","/*! @azure/msal-common v14.10.0 2024-05-28 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * Authority types supported by MSAL.\n */\nconst AuthorityType = {\n    Default: 0,\n    Adfs: 1,\n    Dsts: 2,\n    Ciam: 3,\n};\n\nexport { AuthorityType };\n//# sourceMappingURL=AuthorityType.mjs.map\n","/*! @azure/msal-common v14.10.0 2024-05-28 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nfunction isOpenIdConfigResponse(response) {\n    return (response.hasOwnProperty(\"authorization_endpoint\") &&\n        response.hasOwnProperty(\"token_endpoint\") &&\n        response.hasOwnProperty(\"issuer\") &&\n        response.hasOwnProperty(\"jwks_uri\"));\n}\n\nexport { isOpenIdConfigResponse };\n//# sourceMappingURL=OpenIdConfigResponse.mjs.map\n","/*! @azure/msal-common v14.10.0 2024-05-28 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst redirectUriEmpty = \"redirect_uri_empty\";\nconst claimsRequestParsingError = \"claims_request_parsing_error\";\nconst authorityUriInsecure = \"authority_uri_insecure\";\nconst urlParseError = \"url_parse_error\";\nconst urlEmptyError = \"empty_url_error\";\nconst emptyInputScopesError = \"empty_input_scopes_error\";\nconst invalidPromptValue = \"invalid_prompt_value\";\nconst invalidClaims = \"invalid_claims\";\nconst tokenRequestEmpty = \"token_request_empty\";\nconst logoutRequestEmpty = \"logout_request_empty\";\nconst invalidCodeChallengeMethod = \"invalid_code_challenge_method\";\nconst pkceParamsMissing = \"pkce_params_missing\";\nconst invalidCloudDiscoveryMetadata = \"invalid_cloud_discovery_metadata\";\nconst invalidAuthorityMetadata = \"invalid_authority_metadata\";\nconst untrustedAuthority = \"untrusted_authority\";\nconst missingSshJwk = \"missing_ssh_jwk\";\nconst missingSshKid = \"missing_ssh_kid\";\nconst missingNonceAuthenticationHeader = \"missing_nonce_authentication_header\";\nconst invalidAuthenticationHeader = \"invalid_authentication_header\";\nconst cannotSetOIDCOptions = \"cannot_set_OIDCOptions\";\nconst cannotAllowNativeBroker = \"cannot_allow_native_broker\";\nconst authorityMismatch = \"authority_mismatch\";\n\nexport { authorityMismatch, authorityUriInsecure, cannotAllowNativeBroker, cannotSetOIDCOptions, claimsRequestParsingError, emptyInputScopesError, invalidAuthenticationHeader, invalidAuthorityMetadata, invalidClaims, invalidCloudDiscoveryMetadata, invalidCodeChallengeMethod, invalidPromptValue, logoutRequestEmpty, missingNonceAuthenticationHeader, missingSshJwk, missingSshKid, pkceParamsMissing, redirectUriEmpty, tokenRequestEmpty, untrustedAuthority, urlEmptyError, urlParseError };\n//# sourceMappingURL=ClientConfigurationErrorCodes.mjs.map\n","/*! @azure/msal-common v14.10.0 2024-05-28 */\n'use strict';\nimport { AuthError } from './AuthError.mjs';\nimport { redirectUriEmpty, claimsRequestParsingError, authorityUriInsecure, urlParseError, urlEmptyError, emptyInputScopesError, invalidPromptValue, invalidClaims, tokenRequestEmpty, logoutRequestEmpty, invalidCodeChallengeMethod, pkceParamsMissing, invalidCloudDiscoveryMetadata, invalidAuthorityMetadata, untrustedAuthority, missingSshJwk, missingSshKid, missingNonceAuthenticationHeader, invalidAuthenticationHeader, cannotSetOIDCOptions, cannotAllowNativeBroker, authorityMismatch } from './ClientConfigurationErrorCodes.mjs';\nimport * as ClientConfigurationErrorCodes from './ClientConfigurationErrorCodes.mjs';\nexport { ClientConfigurationErrorCodes };\n\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\nconst ClientConfigurationErrorMessages = {\n    [redirectUriEmpty]: \"A redirect URI is required for all calls, and none has been set.\",\n    [claimsRequestParsingError]: \"Could not parse the given claims request object.\",\n    [authorityUriInsecure]: \"Authority URIs must use https.  Please see here for valid authority configuration options: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-initializing-client-applications#configuration-options\",\n    [urlParseError]: \"URL could not be parsed into appropriate segments.\",\n    [urlEmptyError]: \"URL was empty or null.\",\n    [emptyInputScopesError]: \"Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token.\",\n    [invalidPromptValue]: \"Please see here for valid configuration options: https://azuread.github.io/microsoft-authentication-library-for-js/ref/modules/_azure_msal_common.html#commonauthorizationurlrequest\",\n    [invalidClaims]: \"Given claims parameter must be a stringified JSON object.\",\n    [tokenRequestEmpty]: \"Token request was empty and not found in cache.\",\n    [logoutRequestEmpty]: \"The logout request was null or undefined.\",\n    [invalidCodeChallengeMethod]: 'code_challenge_method passed is invalid. Valid values are \"plain\" and \"S256\".',\n    [pkceParamsMissing]: \"Both params: code_challenge and code_challenge_method are to be passed if to be sent in the request\",\n    [invalidCloudDiscoveryMetadata]: \"Invalid cloudDiscoveryMetadata provided. Must be a stringified JSON object containing tenant_discovery_endpoint and metadata fields\",\n    [invalidAuthorityMetadata]: \"Invalid authorityMetadata provided. Must by a stringified JSON object containing authorization_endpoint, token_endpoint, issuer fields.\",\n    [untrustedAuthority]: \"The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter.\",\n    [missingSshJwk]: \"Missing sshJwk in SSH certificate request. A stringified JSON Web Key is required when using the SSH authentication scheme.\",\n    [missingSshKid]: \"Missing sshKid in SSH certificate request. A string that uniquely identifies the public SSH key is required when using the SSH authentication scheme.\",\n    [missingNonceAuthenticationHeader]: \"Unable to find an authentication header containing server nonce. Either the Authentication-Info or WWW-Authenticate headers must be present in order to obtain a server nonce.\",\n    [invalidAuthenticationHeader]: \"Invalid authentication header provided\",\n    [cannotSetOIDCOptions]: \"Cannot set OIDCOptions parameter. Please change the protocol mode to OIDC or use a non-Microsoft authority.\",\n    [cannotAllowNativeBroker]: \"Cannot set allowNativeBroker parameter to true when not in AAD protocol mode.\",\n    [authorityMismatch]: \"Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority.\",\n};\n/**\n * ClientConfigurationErrorMessage class containing string constants used by error codes and messages.\n * @deprecated Use ClientConfigurationErrorCodes instead\n */\nconst ClientConfigurationErrorMessage = {\n    redirectUriNotSet: {\n        code: redirectUriEmpty,\n        desc: ClientConfigurationErrorMessages[redirectUriEmpty],\n    },\n    claimsRequestParsingError: {\n        code: claimsRequestParsingError,\n        desc: ClientConfigurationErrorMessages[claimsRequestParsingError],\n    },\n    authorityUriInsecure: {\n        code: authorityUriInsecure,\n        desc: ClientConfigurationErrorMessages[authorityUriInsecure],\n    },\n    urlParseError: {\n        code: urlParseError,\n        desc: ClientConfigurationErrorMessages[urlParseError],\n    },\n    urlEmptyError: {\n        code: urlEmptyError,\n        desc: ClientConfigurationErrorMessages[urlEmptyError],\n    },\n    emptyScopesError: {\n        code: emptyInputScopesError,\n        desc: ClientConfigurationErrorMessages[emptyInputScopesError],\n    },\n    invalidPrompt: {\n        code: invalidPromptValue,\n        desc: ClientConfigurationErrorMessages[invalidPromptValue],\n    },\n    invalidClaimsRequest: {\n        code: invalidClaims,\n        desc: ClientConfigurationErrorMessages[invalidClaims],\n    },\n    tokenRequestEmptyError: {\n        code: tokenRequestEmpty,\n        desc: ClientConfigurationErrorMessages[tokenRequestEmpty],\n    },\n    logoutRequestEmptyError: {\n        code: logoutRequestEmpty,\n        desc: ClientConfigurationErrorMessages[logoutRequestEmpty],\n    },\n    invalidCodeChallengeMethod: {\n        code: invalidCodeChallengeMethod,\n        desc: ClientConfigurationErrorMessages[invalidCodeChallengeMethod],\n    },\n    invalidCodeChallengeParams: {\n        code: pkceParamsMissing,\n        desc: ClientConfigurationErrorMessages[pkceParamsMissing],\n    },\n    invalidCloudDiscoveryMetadata: {\n        code: invalidCloudDiscoveryMetadata,\n        desc: ClientConfigurationErrorMessages[invalidCloudDiscoveryMetadata],\n    },\n    invalidAuthorityMetadata: {\n        code: invalidAuthorityMetadata,\n        desc: ClientConfigurationErrorMessages[invalidAuthorityMetadata],\n    },\n    untrustedAuthority: {\n        code: untrustedAuthority,\n        desc: ClientConfigurationErrorMessages[untrustedAuthority],\n    },\n    missingSshJwk: {\n        code: missingSshJwk,\n        desc: ClientConfigurationErrorMessages[missingSshJwk],\n    },\n    missingSshKid: {\n        code: missingSshKid,\n        desc: ClientConfigurationErrorMessages[missingSshKid],\n    },\n    missingNonceAuthenticationHeader: {\n        code: missingNonceAuthenticationHeader,\n        desc: ClientConfigurationErrorMessages[missingNonceAuthenticationHeader],\n    },\n    invalidAuthenticationHeader: {\n        code: invalidAuthenticationHeader,\n        desc: ClientConfigurationErrorMessages[invalidAuthenticationHeader],\n    },\n    cannotSetOIDCOptions: {\n        code: cannotSetOIDCOptions,\n        desc: ClientConfigurationErrorMessages[cannotSetOIDCOptions],\n    },\n    cannotAllowNativeBroker: {\n        code: cannotAllowNativeBroker,\n        desc: ClientConfigurationErrorMessages[cannotAllowNativeBroker],\n    },\n    authorityMismatch: {\n        code: authorityMismatch,\n        desc: ClientConfigurationErrorMessages[authorityMismatch],\n    },\n};\n/**\n * Error thrown when there is an error in configuration of the MSAL.js library.\n */\nclass ClientConfigurationError extends AuthError {\n    constructor(errorCode) {\n        super(errorCode, ClientConfigurationErrorMessages[errorCode]);\n        this.name = \"ClientConfigurationError\";\n        Object.setPrototypeOf(this, ClientConfigurationError.prototype);\n    }\n}\nfunction createClientConfigurationError(errorCode) {\n    return new ClientConfigurationError(errorCode);\n}\n\nexport { ClientConfigurationError, ClientConfigurationErrorMessage, ClientConfigurationErrorMessages, createClientConfigurationError };\n//# sourceMappingURL=ClientConfigurationError.mjs.map\n","/*! @azure/msal-common v14.10.0 2024-05-28 */\n'use strict';\n/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n/**\n * @hidden\n */\nclass StringUtils {\n    /**\n     * Check if stringified object is empty\n     * @param strObj\n     */\n    static isEmptyObj(strObj) {\n        if (strObj) {\n            try {\n                const obj = JSON.parse(strObj);\n                return Object.keys(obj).length === 0;\n            }\n            catch (e) { }\n        }\n        return true;\n    }\n    static startsWith(str, search) {\n        return str.indexOf(search) === 0;\n    }\n    static endsWith(str, search) {\n        return (str.length >= search.length &&\n            str.lastIndexOf(search) === str.length - search.length);\n    }\n    /**\n     * Parses string into an object.\n     *\n     * @param query\n     */\n    static queryStringToO