UNPKG

@azure/msal-browser

Version:

Microsoft Authentication Library for js

github.com/AzureAD/microsoft-authentication-library-for-js

AzureAD/microsoft-authentication-library-for-js

27 lines 298 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
/*! @azure/msal-browser v3.15.0 2024-05-28 */ "use strict";!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).msal={})}(this,(function(e){ /*! @azure/msal-common v14.10.0 2024-05-28 */ const t={LIBRARY_NAME:"MSAL.JS",SKU:"msal.js.common",CACHE_PREFIX:"msal",DEFAULT_AUTHORITY:"https://login.microsoftonline.com/common/",DEFAULT_AUTHORITY_HOST:"login.microsoftonline.com",DEFAULT_COMMON_TENANT:"common",ADFS:"adfs",DSTS:"dstsv2",AAD_INSTANCE_DISCOVERY_ENDPT:"https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=",CIAM_AUTH_URL:".ciamlogin.com",AAD_TENANT_DOMAIN_SUFFIX:".onmicrosoft.com",RESOURCE_DELIM:"|",NO_ACCOUNT:"NO_ACCOUNT",CLAIMS:"claims",CONSUMER_UTID:"9188040d-6c67-4c5b-b112-36a304b66dad",OPENID_SCOPE:"openid",PROFILE_SCOPE:"profile",OFFLINE_ACCESS_SCOPE:"offline_access",EMAIL_SCOPE:"email",CODE_RESPONSE_TYPE:"code",CODE_GRANT_TYPE:"authorization_code",RT_GRANT_TYPE:"refresh_token",FRAGMENT_RESPONSE_MODE:"fragment",S256_CODE_CHALLENGE_METHOD:"S256",URL_FORM_CONTENT_TYPE:"application/x-www-form-urlencoded;charset=utf-8",AUTHORIZATION_PENDING:"authorization_pending",NOT_DEFINED:"not_defined",EMPTY_STRING:"",NOT_APPLICABLE:"N/A",FORWARD_SLASH:"/",IMDS_ENDPOINT:"http://169.254.169.254/metadata/instance/compute/location",IMDS_VERSION:"2020-06-01",IMDS_TIMEOUT:2e3,AZURE_REGION_AUTO_DISCOVER_FLAG:"TryAutoDetect",REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX:"login.microsoft.com",KNOWN_PUBLIC_CLOUDS:["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"],TOKEN_RESPONSE_TYPE:"token",ID_TOKEN_RESPONSE_TYPE:"id_token",SHR_NONCE_VALIDITY:240,INVALID_INSTANCE:"invalid_instance"},r=400,n=499,o=500,i=599,a=[t.OPENID_SCOPE,t.PROFILE_SCOPE,t.OFFLINE_ACCESS_SCOPE],s=[...a,t.EMAIL_SCOPE],c="Content-Type",l="Retry-After",h="X-AnchorMailbox",d="WWW-Authenticate",u="Authentication-Info",g="x-ms-request-id",p="x-ms-httpver",m="idtoken",f="client.info",C="adal.idtoken",y="error",v="error.description",T="active-account",I="active-account-filters",w="common",A="organizations",k="consumers",S="access_token",E="xms_cc",R={LOGIN:"login",SELECT_ACCOUNT:"select_account",CONSENT:"consent",NONE:"none",CREATE:"create",NO_SESSION:"no_session"},b={PLAIN:"plain",S256:"S256"},_={QUERY:"query",FRAGMENT:"fragment"},P={..._,FORM_POST:"form_post"},M="authorization_code",N="refresh_token",O="MSSTS",q="ADFS",L="Generic",U={CACHE_KEY_SEPARATOR:"-",CLIENT_INFO_SEPARATOR:"."},H={ID_TOKEN:"IdToken",ACCESS_TOKEN:"AccessToken",ACCESS_TOKEN_WITH_AUTH_SCHEME:"AccessToken_With_AuthScheme",REFRESH_TOKEN:"RefreshToken"},B="appmetadata",D="1",x="authority-metadata",F=86400,K="config",z="cache",G="network",$="hardcoded_values",Q={SCHEMA_VERSION:5,MAX_CUR_HEADER_BYTES:80,MAX_LAST_HEADER_BYTES:330,MAX_CACHED_ERRORS:50,CACHE_KEY:"server-telemetry",CATEGORY_SEPARATOR:"|",VALUE_SEPARATOR:",",OVERFLOW_TRUE:"1",OVERFLOW_FALSE:"0",UNKNOWN_ERROR:"unknown_error"},W={BEARER:"Bearer",POP:"pop",SSH:"ssh-cert"},j=60,Y=3600,V="throttling",J="retry-after, h429",X="invalid_grant",Z="client_mismatch",ee="username",te="password",re=200,ne=400,oe="1",ie="3",ae="4",se="2",ce="4",le="5",he="0",de="1",ue="2",ge="3",pe="4",me={Jwt:"JWT",Jwk:"JWK",Pop:"pop"},fe="unexpected_error",Ce="post_request_failed";var ye=Object.freeze({__proto__:null,postRequestFailed:Ce,unexpectedError:fe}); /*! @azure/msal-common v14.10.0 2024-05-28 */const ve={[fe]:"Unexpected error in authentication.",[Ce]:"Post request failed from the network, could be a 4xx/5xx or a network unavailability. Please check the exact error code for details."},Te={unexpectedError:{code:fe,desc:ve[fe]},postRequestFailed:{code:Ce,desc:ve[Ce]}};class Ie extends Error{constructor(e,r,n){super(r?`${e}: ${r}`:e),Object.setPrototypeOf(this,Ie.prototype),this.errorCode=e||t.EMPTY_STRING,this.errorMessage=r||t.EMPTY_STRING,this.subError=n||t.EMPTY_STRING,this.name="AuthError"}setCorrelationId(e){this.correlationId=e}}function we(e,t){return new Ie(e,t?`${ve[e]} ${t}`:ve[e])} /*! @azure/msal-common v14.10.0 2024-05-28 */const Ae="client_info_decoding_error",ke="client_info_empty_error",Se="token_parsing_error",Ee="null_or_empty_token",Re="endpoints_resolution_error",be="network_error",_e="openid_config_error",Pe="hash_not_deserialized",Me="invalid_state",Ne="state_mismatch",Oe="state_not_found",qe="nonce_mismatch",Le="auth_time_not_found",Ue="max_age_transpired",He="multiple_matching_tokens",Be="multiple_matching_accounts",De="multiple_matching_appMetadata",xe="request_cannot_be_made",Fe="cannot_remove_empty_scope",Ke="cannot_append_scopeset",ze="empty_input_scopeset",Ge="device_code_polling_cancelled",$e="device_code_expired",Qe="device_code_unknown_error",We="no_account_in_silent_request",je="invalid_cache_record",Ye="invalid_cache_environment",Ve="no_account_found",Je="no_crypto_object",Xe="unexpected_credential_type",Ze="invalid_assertion",et="invalid_client_credential",tt="token_refresh_required",rt="user_timeout_reached",nt="token_claims_cnf_required_for_signedjwt",ot="authorization_code_missing_from_server_response",it="binding_key_not_removed",at="end_session_endpoint_not_supported",st="key_id_missing",ct="no_network_connectivity",lt="user_canceled",ht="missing_tenant_id_error",dt="method_not_implemented",ut="nested_app_auth_bridge_disabled";var gt=Object.freeze({__proto__:null,authTimeNotFound:Le,authorizationCodeMissingFromServerResponse:ot,bindingKeyNotRemoved:it,cannotAppendScopeSet:Ke,cannotRemoveEmptyScope:Fe,clientInfoDecodingError:Ae,clientInfoEmptyError:ke,deviceCodeExpired:$e,deviceCodePollingCancelled:Ge,deviceCodeUnknownError:Qe,emptyInputScopeSet:ze,endSessionEndpointNotSupported:at,endpointResolutionError:Re,hashNotDeserialized:Pe,invalidAssertion:Ze,invalidCacheEnvironment:Ye,invalidCacheRecord:je,invalidClientCredential:et,invalidState:Me,keyIdMissing:st,maxAgeTranspired:Ue,methodNotImplemented:dt,missingTenantIdError:ht,multipleMatchingAccounts:Be,multipleMatchingAppMetadata:De,multipleMatchingTokens:He,nestedAppAuthBridgeDisabled:ut,networkError:be,noAccountFound:Ve,noAccountInSilentRequest:We,noCryptoObject:Je,noNetworkConnectivity:ct,nonceMismatch:qe,nullOrEmptyToken:Ee,openIdConfigError:_e,requestCannotBeMade:xe,stateMismatch:Ne,stateNotFound:Oe,tokenClaimsCnfRequiredForSignedJwt:nt,tokenParsingError:Se,tokenRefreshRequired:tt,unexpectedCredentialType:Xe,userCanceled:lt,userTimeoutReached:rt}); /*! @azure/msal-common v14.10.0 2024-05-28 */const pt={[Ae]:"The client info could not be parsed/decoded correctly",[ke]:"The client info was empty",[Se]:"Token cannot be parsed",[Ee]:"The token is null or empty",[Re]:"Endpoints cannot be resolved",[be]:"Network request failed",[_e]:"Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints.",[Pe]:"The hash parameters could not be deserialized",[Me]:"State was not the expected format",[Ne]:"State mismatch error",[Oe]:"State not found",[qe]:"Nonce mismatch error",[Le]:"Max Age was requested and the ID token is missing the auth_time variable. auth_time is an optional claim and is not enabled by default - it must be enabled. See https://aka.ms/msaljs/optional-claims for more information.",[Ue]:"Max Age is set to 0, or too much time has elapsed since the last end-user authentication.",[He]:"The cache contains multiple tokens satisfying the requirements. Call AcquireToken again providing more requirements such as authority or account.",[Be]:"The cache contains multiple accounts satisfying the given parameters. Please pass more info to obtain the correct account",[De]:"The cache contains multiple appMetadata satisfying the given parameters. Please pass more info to obtain the correct appMetadata",[xe]:"Token request cannot be made without authorization code or refresh token.",[Fe]:"Cannot remove null or empty scope from ScopeSet",[Ke]:"Cannot append ScopeSet",[ze]:"Empty input ScopeSet cannot be processed",[Ge]:"Caller has cancelled token endpoint polling during device code flow by setting DeviceCodeRequest.cancel = true.",[$e]:"Device code is expired.",[Qe]:"Device code stopped polling for unknown reasons.",[We]:"Please pass an account object, silent flow is not supported without account information",[je]:"Cache record object was null or undefined.",[Ye]:"Invalid environment when attempting to create cache entry",[Ve]:"No account found in cache for given key.",[Je]:"No crypto object detected.",[Xe]:"Unexpected credential type.",[Ze]:"Client assertion must meet requirements described in https://tools.ietf.org/html/rfc7515",[et]:"Client credential (secret, certificate, or assertion) must not be empty when creating a confidential client. An application should at most have one credential",[tt]:"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.",[rt]:"User defined timeout for device code polling reached",[nt]:"Cannot generate a POP jwt if the token_claims are not populated",[ot]:"Server response does not contain an authorization code to proceed",[it]:"Could not remove the credential's binding key from storage.",[at]:"The provided authority does not support logout",[st]:"A keyId value is missing from the requested bound token's cache record and is required to match the token to it's stored binding key.",[ct]:"No network connectivity. Check your internet connection.",[lt]:"User cancelled the flow.",[ht]:"A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.",[dt]:"This method has not been implemented",[ut]:"The nested app auth bridge is disabled"},mt={clientInfoDecodingError:{code:Ae,desc:pt[Ae]},clientInfoEmptyError:{code:ke,desc:pt[ke]},tokenParsingError:{code:Se,desc:pt[Se]},nullOrEmptyToken:{code:Ee,desc:pt[Ee]},endpointResolutionError:{code:Re,desc:pt[Re]},networkError:{code:be,desc:pt[be]},unableToGetOpenidConfigError:{code:_e,desc:pt[_e]},hashNotDeserialized:{code:Pe,desc:pt[Pe]},invalidStateError:{code:Me,desc:pt[Me]},stateMismatchError:{code:Ne,desc:pt[Ne]},stateNotFoundError:{code:Oe,desc:pt[Oe]},nonceMismatchError:{code:qe,desc:pt[qe]},authTimeNotFoundError:{code:Le,desc:pt[Le]},maxAgeTranspired:{code:Ue,desc:pt[Ue]},multipleMatchingTokens:{code:He,desc:pt[He]},multipleMatchingAccounts:{code:Be,desc:pt[Be]},multipleMatchingAppMetadata:{code:De,desc:pt[De]},tokenRequestCannotBeMade:{code:xe,desc:pt[xe]},removeEmptyScopeError:{code:Fe,desc:pt[Fe]},appendScopeSetError:{code:Ke,desc:pt[Ke]},emptyInputScopeSetError:{code:ze,desc:pt[ze]},DeviceCodePollingCancelled:{code:Ge,desc:pt[Ge]},DeviceCodeExpired:{code:$e,desc:pt[$e]},DeviceCodeUnknownError:{code:Qe,desc:pt[Qe]},NoAccountInSilentRequest:{code:We,desc:pt[We]},invalidCacheRecord:{code:je,desc:pt[je]},invalidCacheEnvironment:{code:Ye,desc:pt[Ye]},noAccountFound:{code:Ve,desc:pt[Ve]},noCryptoObj:{code:Je,desc:pt[Je]},unexpectedCredentialType:{code:Xe,desc:pt[Xe]},invalidAssertion:{code:Ze,desc:pt[Ze]},invalidClientCredential:{code:et,desc:pt[et]},tokenRefreshRequired:{code:tt,desc:pt[tt]},userTimeoutReached:{code:rt,desc:pt[rt]},tokenClaimsRequired:{code:nt,desc:pt[nt]},noAuthorizationCodeFromServer:{code:ot,desc:pt[ot]},bindingKeyNotRemovedError:{code:it,desc:pt[it]},logoutNotSupported:{code:at,desc:pt[at]},keyIdMissing:{code:st,desc:pt[st]},noNetworkConnectivity:{code:ct,desc:pt[ct]},userCanceledError:{code:lt,desc:pt[lt]},missingTenantIdError:{code:ht,desc:pt[ht]},nestedAppAuthBridgeDisabled:{code:ut,desc:pt[ut]}};class ft extends Ie{constructor(e,t){super(e,t?`${pt[e]}: ${t}`:pt[e]),this.name="ClientAuthError",Object.setPrototypeOf(this,ft.prototype)}}function Ct(e,t){return new ft(e,t)} /*! @azure/msal-common v14.10.0 2024-05-28 */function yt(e,t){const r=function(e){if(!e)throw Ct(Ee);const t=/^([^\.\s]*)\.([^\.\s]+)\.([^\.\s]*)$/.exec(e);if(!t||t.length<4)throw Ct(Se);return t[2]}(e);try{const e=t(r);return JSON.parse(e)}catch(e){throw Ct(Se)}}function vt(e,t){if(0===t||Date.now()-3e5>e+t)throw Ct(Ue)} /*! @azure/msal-common v14.10.0 2024-05-28 */const Tt=0,It=1,wt=2,At=3; /*! @azure/msal-common v14.10.0 2024-05-28 */ /*! @azure/msal-common v14.10.0 2024-05-28 */ const kt="redirect_uri_empty",St="claims_request_parsing_error",Et="authority_uri_insecure",Rt="url_parse_error",bt="empty_url_error",_t="empty_input_scopes_error",Pt="invalid_prompt_value",Mt="invalid_claims",Nt="token_request_empty",Ot="logout_request_empty",qt="invalid_code_challenge_method",Lt="pkce_params_missing",Ut="invalid_cloud_discovery_metadata",Ht="invalid_authority_metadata",Bt="untrusted_authority",Dt="missing_ssh_jwk",xt="missing_ssh_kid",Ft="missing_nonce_authentication_header",Kt="invalid_authentication_header",zt="cannot_set_OIDCOptions",Gt="cannot_allow_native_broker",$t="authority_mismatch";var Qt=Object.freeze({__proto__:null,authorityMismatch:$t,authorityUriInsecure:Et,cannotAllowNativeBroker:Gt,cannotSetOIDCOptions:zt,claimsRequestParsingError:St,emptyInputScopesError:_t,invalidAuthenticationHeader:Kt,invalidAuthorityMetadata:Ht,invalidClaims:Mt,invalidCloudDiscoveryMetadata:Ut,invalidCodeChallengeMethod:qt,invalidPromptValue:Pt,logoutRequestEmpty:Ot,missingNonceAuthenticationHeader:Ft,missingSshJwk:Dt,missingSshKid:xt,pkceParamsMissing:Lt,redirectUriEmpty:kt,tokenRequestEmpty:Nt,untrustedAuthority:Bt,urlEmptyError:bt,urlParseError:Rt}); /*! @azure/msal-common v14.10.0 2024-05-28 */const Wt={[kt]:"A redirect URI is required for all calls, and none has been set.",[St]:"Could not parse the given claims request object.",[Et]:"Authority URIs must use https. Please see here for valid authority configuration options: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-initializing-client-applications#configuration-options",[Rt]:"URL could not be parsed into appropriate segments.",[bt]:"URL was empty or null.",[_t]:"Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token.",[Pt]:"Please see here for valid configuration options: https://azuread.github.io/microsoft-authentication-library-for-js/ref/modules/_azure_msal_common.html#commonauthorizationurlrequest",[Mt]:"Given claims parameter must be a stringified JSON object.",[Nt]:"Token request was empty and not found in cache.",[Ot]:"The logout request was null or undefined.",[qt]:'code_challenge_method passed is invalid. Valid values are "plain" and "S256".',[Lt]:"Both params: code_challenge and code_challenge_method are to be passed if to be sent in the request",[Ut]:"Invalid cloudDiscoveryMetadata provided. Must be a stringified JSON object containing tenant_discovery_endpoint and metadata fields",[Ht]:"Invalid authorityMetadata provided. Must by a stringified JSON object containing authorization_endpoint, token_endpoint, issuer fields.",[Bt]:"The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter.",[Dt]:"Missing sshJwk in SSH certificate request. A stringified JSON Web Key is required when using the SSH authentication scheme.",[xt]:"Missing sshKid in SSH certificate request. A string that uniquely identifies the public SSH key is required when using the SSH authentication scheme.",[Ft]:"Unable to find an authentication header containing server nonce. Either the Authentication-Info or WWW-Authenticate headers must be present in order to obtain a server nonce.",[Kt]:"Invalid authentication header provided",[zt]:"Cannot set OIDCOptions parameter. Please change the protocol mode to OIDC or use a non-Microsoft authority.",[Gt]:"Cannot set allowNativeBroker parameter to true when not in AAD protocol mode.",[$t]:"Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority."},jt={redirectUriNotSet:{code:kt,desc:Wt[kt]},claimsRequestParsingError:{code:St,desc:Wt[St]},authorityUriInsecure:{code:Et,desc:Wt[Et]},urlParseError:{code:Rt,desc:Wt[Rt]},urlEmptyError:{code:bt,desc:Wt[bt]},emptyScopesError:{code:_t,desc:Wt[_t]},invalidPrompt:{code:Pt,desc:Wt[Pt]},invalidClaimsRequest:{code:Mt,desc:Wt[Mt]},tokenRequestEmptyError:{code:Nt,desc:Wt[Nt]},logoutRequestEmptyError:{code:Ot,desc:Wt[Ot]},invalidCodeChallengeMethod:{code:qt,desc:Wt[qt]},invalidCodeChallengeParams:{code:Lt,desc:Wt[Lt]},invalidCloudDiscoveryMetadata:{code:Ut,desc:Wt[Ut]},invalidAuthorityMetadata:{code:Ht,desc:Wt[Ht]},untrustedAuthority:{code:Bt,desc:Wt[Bt]},missingSshJwk:{code:Dt,desc:Wt[Dt]},missingSshKid:{code:xt,desc:Wt[xt]},missingNonceAuthenticationHeader:{code:Ft,desc:Wt[Ft]},invalidAuthenticationHeader:{code:Kt,desc:Wt[Kt]},cannotSetOIDCOptions:{code:zt,desc:Wt[zt]},cannotAllowNativeBroker:{code:Gt,desc:Wt[Gt]},authorityMismatch:{code:$t,desc:Wt[$t]}};class Yt extends Ie{constructor(e){super(e,Wt[e]),this.name="ClientConfigurationError",Object.setPrototypeOf(this,Yt.prototype)}}function Vt(e){return new Yt(e)} /*! @azure/msal-common v14.10.0 2024-05-28 */class Jt{static isEmptyObj(e){if(e)try{const t=JSON.parse(e);return 0===Object.keys(t).length}catch(e){}return!0}static startsWith(e,t){return 0===e.indexOf(t)}static endsWith(e,t){return e.length>=t.length&&e.lastIndexOf(t)===e.length-t.length}static queryStringToObject(e){const t={},r=e.split("&"),n=e=>decodeURIComponent(e.replace(/\+/g," "));return r.forEach((e=>{if(e.trim()){const[r,o]=e.split(/=(.+)/g,2);r&&o&&(t[n(r)]=n(o))}})),t}static trimArrayEntries(e){return e.map((e=>e.trim()))}static removeEmptyStringsFromArray(e){return e.filter((e=>!!e))}static jsonParseHelper(e){try{return JSON.parse(e)}catch(e){return null}}static matchPattern(e,t){return new RegExp(e.replace(/\\/g,"\\\\").replace(/\*/g,"[^ ]*").replace(/\?/g,"\\?")).test(t)}} /*! @azure/msal-common v14.10.0 2024-05-28 */function Xt(e){return e.startsWith("#/")?e.substring(2):e.startsWith("#")||e.startsWith("?")?e.substring(1):e}function Zt(e){if(!e||e.indexOf("=")<0)return null;try{const t=Xt(e),r=Object.fromEntries(new URLSearchParams(t));if(r.code||r.error||r.error_description||r.state)return r}catch(e){throw Ct(Pe)}return null} /*! @azure/msal-common v14.10.0 2024-05-28 */class er{get urlString(){return this._urlString}constructor(e){if(this._urlString=e,!this._urlString)throw Vt(bt);e.includes("#")||(this._urlString=er.canonicalizeUri(e))}static canonicalizeUri(e){if(e){let t=e.toLowerCase();return Jt.endsWith(t,"?")?t=t.slice(0,-1):Jt.endsWith(t,"?/")&&(t=t.slice(0,-2)),Jt.endsWith(t,"/")||(t+="/"),t}return e}validateAsUri(){let e;try{e=this.getUrlComponents()}catch(e){throw Vt(Rt)}if(!e.HostNameAndPort||!e.PathSegments)throw Vt(Rt);if(!e.Protocol||"https:"!==e.Protocol.toLowerCase())throw Vt(Et)}static appendQueryString(e,t){return t?e.indexOf("?")<0?`${e}?${t}`:`${e}&${t}`:e}static removeHashFromUrl(e){return er.canonicalizeUri(e.split("#")[0])}replaceTenantPath(e){const t=this.getUrlComponents(),r=t.PathSegments;return!e||0===r.length||r[0]!==w&&r[0]!==A||(r[0]=e),er.constructAuthorityUriFromObject(t)}getUrlComponents(){const e=RegExp("^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?"),t=this.urlString.match(e);if(!t)throw Vt(Rt);const r={Protocol:t[1],HostNameAndPort:t[4],AbsolutePath:t[5],QueryString:t[7]};let n=r.AbsolutePath.split("/");return n=n.filter((e=>e&&e.length>0)),r.PathSegments=n,r.QueryString&&r.QueryString.endsWith("/")&&(r.QueryString=r.QueryString.substring(0,r.QueryString.length-1)),r}static getDomainFromUrl(e){const t=RegExp("^([^:/?#]+://)?([^/?#]*)"),r=e.match(t);if(!r)throw Vt(Rt);return r[2]}static getAbsoluteUrl(e,r){if(e[0]===t.FORWARD_SLASH){const t=new er(r).getUrlComponents();return t.Protocol+"//"+t.HostNameAndPort+e}return e}static constructAuthorityUriFromObject(e){return new er(e.Protocol+"//"+e.HostNameAndPort+"/"+e.PathSegments.join("/"))}static hashContainsKnownProperties(e){return!!Zt(e)}} /*! @azure/msal-common v14.10.0 2024-05-28 */const tr={"login.microsoftonline.com":{token_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.microsoftonline.com/{tenantid}/discovery/v2.0/keys",issuer:"https://login.microsoftonline.com/{tenantid}/v2.0",authorization_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/logout"},"login.chinacloudapi.cn":{token_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.chinacloudapi.cn/{tenantid}/discovery/v2.0/keys",issuer:"https://login.partner.microsoftonline.cn/{tenantid}/v2.0",authorization_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/logout"},"login.microsoftonline.us":{token_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.microsoftonline.us/{tenantid}/discovery/v2.0/keys",issuer:"https://login.microsoftonline.us/{tenantid}/v2.0",authorization_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/logout"}},rr={tenant_discovery_endpoint:"https://{canonicalAuthority}/v2.0/.well-known/openid-configuration",metadata:[{preferred_network:"login.microsoftonline.com",preferred_cache:"login.windows.net",aliases:["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"]},{preferred_network:"login.partner.microsoftonline.cn",preferred_cache:"login.partner.microsoftonline.cn",aliases:["login.partner.microsoftonline.cn","login.chinacloudapi.cn"]},{preferred_network:"login.microsoftonline.de",preferred_cache:"login.microsoftonline.de",aliases:["login.microsoftonline.de"]},{preferred_network:"login.microsoftonline.us",preferred_cache:"login.microsoftonline.us",aliases:["login.microsoftonline.us","login.usgovcloudapi.net"]},{preferred_network:"login-us.microsoftonline.com",preferred_cache:"login-us.microsoftonline.com",aliases:["login-us.microsoftonline.com"]}]},nr=new Set;function or(e,t,r,n){if(n?.trace(`getAliasesFromMetadata called with source: ${r}`),e&&t){const o=ir(t,e);if(o)return n?.trace(`getAliasesFromMetadata: found cloud discovery metadata in ${r}, returning aliases`),o.aliases;n?.trace(`getAliasesFromMetadata: did not find cloud discovery metadata in ${r}`)}return null}function ir(e,t){for(let r=0;r<e.length;r++){const n=e[r];if(n.aliases.includes(t))return n}return null} /*! @azure/msal-common v14.10.0 2024-05-28 */rr.metadata.forEach((e=>{e.aliases.forEach((e=>{nr.add(e)}))}));const ar={AAD:"AAD",OIDC:"OIDC"},sr={None:"none",AzurePublic:"https://login.microsoftonline.com",AzurePpe:"https://login.windows-ppe.net",AzureChina:"https://login.chinacloudapi.cn",AzureGermany:"https://login.microsoftonline.de",AzureUsGovernment:"https://login.microsoftonline.us"}; /*! @azure/msal-common v14.10.0 2024-05-28 */ /*! @azure/msal-common v14.10.0 2024-05-28 */ const cr={AcquireTokenByCode:"acquireTokenByCode",AcquireTokenByRefreshToken:"acquireTokenByRefreshToken",AcquireTokenSilent:"acquireTokenSilent",AcquireTokenSilentAsync:"acquireTokenSilentAsync",AcquireTokenPopup:"acquireTokenPopup",AcquireTokenRedirect:"acquireTokenRedirect",CryptoOptsGetPublicKeyThumbprint:"cryptoOptsGetPublicKeyThumbprint",CryptoOptsSignJwt:"cryptoOptsSignJwt",SilentCacheClientAcquireToken:"silentCacheClientAcquireToken",SilentIframeClientAcquireToken:"silentIframeClientAcquireToken",AwaitConcurrentIframe:"awaitConcurrentIframe",SilentRefreshClientAcquireToken:"silentRefreshClientAcquireToken",SsoSilent:"ssoSilent",StandardInteractionClientGetDiscoveredAuthority:"standardInteractionClientGetDiscoveredAuthority",FetchAccountIdWithNativeBroker:"fetchAccountIdWithNativeBroker",NativeInteractionClientAcquireToken:"nativeInteractionClientAcquireToken",BaseClientCreateTokenRequestHeaders:"baseClientCreateTokenRequestHeaders",RefreshTokenClientExecutePostToTokenEndpoint:"refreshTokenClientExecutePostToTokenEndpoint",AuthorizationCodeClientExecutePostToTokenEndpoint:"authorizationCodeClientExecutePostToTokenEndpoint",BrokerHandhshake:"brokerHandshake",AcquireTokenByRefreshTokenInBroker:"acquireTokenByRefreshTokenInBroker",AcquireTokenByBroker:"acquireTokenByBroker",RefreshTokenClientExecuteTokenRequest:"refreshTokenClientExecuteTokenRequest",RefreshTokenClientAcquireToken:"refreshTokenClientAcquireToken",RefreshTokenClientAcquireTokenWithCachedRefreshToken:"refreshTokenClientAcquireTokenWithCachedRefreshToken",RefreshTokenClientAcquireTokenByRefreshToken:"refreshTokenClientAcquireTokenByRefreshToken",RefreshTokenClientCreateTokenRequestBody:"refreshTokenClientCreateTokenRequestBody",AcquireTokenFromCache:"acquireTokenFromCache",SilentFlowClientAcquireCachedToken:"silentFlowClientAcquireCachedToken",SilentFlowClientGenerateResultFromCacheRecord:"silentFlowClientGenerateResultFromCacheRecord",AcquireTokenBySilentIframe:"acquireTokenBySilentIframe",InitializeBaseRequest:"initializeBaseRequest",InitializeSilentRequest:"initializeSilentRequest",InitializeClientApplication:"initializeClientApplication",SilentIframeClientTokenHelper:"silentIframeClientTokenHelper",SilentHandlerInitiateAuthRequest:"silentHandlerInitiateAuthRequest",SilentHandlerMonitorIframeForHash:"silentHandlerMonitorIframeForHash",SilentHandlerLoadFrame:"silentHandlerLoadFrame",SilentHandlerLoadFrameSync:"silentHandlerLoadFrameSync",StandardInteractionClientCreateAuthCodeClient:"standardInteractionClientCreateAuthCodeClient",StandardInteractionClientGetClientConfiguration:"standardInteractionClientGetClientConfiguration",StandardInteractionClientInitializeAuthorizationRequest:"standardInteractionClientInitializeAuthorizationRequest",StandardInteractionClientInitializeAuthorizationCodeRequest:"standardInteractionClientInitializeAuthorizationCodeRequest",GetAuthCodeUrl:"getAuthCodeUrl",HandleCodeResponseFromServer:"handleCodeResponseFromServer",HandleCodeResponse:"handleCodeResponse",UpdateTokenEndpointAuthority:"updateTokenEndpointAuthority",AuthClientAcquireToken:"authClientAcquireToken",AuthClientExecuteTokenRequest:"authClientExecuteTokenRequest",AuthClientCreateTokenRequestBody:"authClientCreateTokenRequestBody",AuthClientCreateQueryString:"authClientCreateQueryString",PopTokenGenerateCnf:"popTokenGenerateCnf",PopTokenGenerateKid:"popTokenGenerateKid",HandleServerTokenResponse:"handleServerTokenResponse",DeserializeResponse:"deserializeResponse",AuthorityFactoryCreateDiscoveredInstance:"authorityFactoryCreateDiscoveredInstance",AuthorityResolveEndpointsAsync:"authorityResolveEndpointsAsync",AuthorityResolveEndpointsFromLocalSources:"authorityResolveEndpointsFromLocalSources",AuthorityGetCloudDiscoveryMetadataFromNetwork:"authorityGetCloudDiscoveryMetadataFromNetwork",AuthorityUpdateCloudDiscoveryMetadata:"authorityUpdateCloudDiscoveryMetadata",AuthorityGetEndpointMetadataFromNetwork:"authorityGetEndpointMetadataFromNetwork",AuthorityUpdateEndpointMetadata:"authorityUpdateEndpointMetadata",AuthorityUpdateMetadataWithRegionalInformation:"authorityUpdateMetadataWithRegionalInformation",RegionDiscoveryDetectRegion:"regionDiscoveryDetectRegion",RegionDiscoveryGetRegionFromIMDS:"regionDiscoveryGetRegionFromIMDS",RegionDiscoveryGetCurrentVersion:"regionDiscoveryGetCurrentVersion",AcquireTokenByCodeAsync:"acquireTokenByCodeAsync",GetEndpointMetadataFromNetwork:"getEndpointMetadataFromNetwork",GetCloudDiscoveryMetadataFromNetworkMeasurement:"getCloudDiscoveryMetadataFromNetworkMeasurement",HandleRedirectPromiseMeasurement:"handleRedirectPromise",HandleNativeRedirectPromiseMeasurement:"handleNativeRedirectPromise",UpdateCloudDiscoveryMetadataMeasurement:"updateCloudDiscoveryMetadataMeasurement",UsernamePasswordClientAcquireToken:"usernamePasswordClientAcquireToken",NativeMessageHandlerHandshake:"nativeMessageHandlerHandshake",NativeGenerateAuthResult:"nativeGenerateAuthResult",RemoveHiddenIframe:"removeHiddenIframe",ClearTokensAndKeysWithClaims:"clearTokensAndKeysWithClaims",CacheManagerGetRefreshToken:"cacheManagerGetRefreshToken",GeneratePkceCodes:"generatePkceCodes",GenerateCodeVerifier:"generateCodeVerifier",GenerateCodeChallengeFromVerifier:"generateCodeChallengeFromVerifier",Sha256Digest:"sha256Digest",GetRandomValues:"getRandomValues"},lr=new Map([[cr.AcquireTokenByCode,"ATByCode"],[cr.AcquireTokenByRefreshToken,"ATByRT"],[cr.AcquireTokenSilent,"ATS"],[cr.AcquireTokenSilentAsync,"ATSAsync"],[cr.AcquireTokenPopup,"ATPopup"],[cr.AcquireTokenRedirect,"ATRedirect"],[cr.CryptoOptsGetPublicKeyThumbprint,"CryptoGetPKThumb"],[cr.CryptoOptsSignJwt,"CryptoSignJwt"],[cr.SilentCacheClientAcquireToken,"SltCacheClientAT"],[cr.SilentIframeClientAcquireToken,"SltIframeClientAT"],[cr.SilentRefreshClientAcquireToken,"SltRClientAT"],[cr.SsoSilent,"SsoSlt"],[cr.StandardInteractionClientGetDiscoveredAuthority,"StdIntClientGetDiscAuth"],[cr.FetchAccountIdWithNativeBroker,"FetchAccIdWithNtvBroker"],[cr.NativeInteractionClientAcquireToken,"NtvIntClientAT"],[cr.BaseClientCreateTokenRequestHeaders,"BaseClientCreateTReqHead"],[cr.RefreshTokenClientExecutePostToTokenEndpoint,"RTClientExecPost"],[cr.AuthorizationCodeClientExecutePostToTokenEndpoint,"AuthCodeClientExecPost"],[cr.BrokerHandhshake,"BrokerHandshake"],[cr.AcquireTokenByRefreshTokenInBroker,"ATByRTInBroker"],[cr.AcquireTokenByBroker,"ATByBroker"],[cr.RefreshTokenClientExecuteTokenRequest,"RTClientExecTReq"],[cr.RefreshTokenClientAcquireToken,"RTClientAT"],[cr.RefreshTokenClientAcquireTokenWithCachedRefreshToken,"RTClientATWithCachedRT"],[cr.RefreshTokenClientAcquireTokenByRefreshToken,"RTClientATByRT"],[cr.RefreshTokenClientCreateTokenRequestBody,"RTClientCreateTReqBody"],[cr.AcquireTokenFromCache,"ATFromCache"],[cr.SilentFlowClientAcquireCachedToken,"SltFlowClientATCached"],[cr.SilentFlowClientGenerateResultFromCacheRecord,"SltFlowClientGenResFromCache"],[cr.AcquireTokenBySilentIframe,"ATBySltIframe"],[cr.InitializeBaseRequest,"InitBaseReq"],[cr.InitializeSilentRequest,"InitSltReq"],[cr.InitializeClientApplication,"InitClientApplication"],[cr.SilentIframeClientTokenHelper,"SIClientTHelper"],[cr.SilentHandlerInitiateAuthRequest,"SHandlerInitAuthReq"],[cr.SilentHandlerMonitorIframeForHash,"SltHandlerMonitorIframeForHash"],[cr.SilentHandlerLoadFrame,"SHandlerLoadFrame"],[cr.SilentHandlerLoadFrameSync,"SHandlerLoadFrameSync"],[cr.StandardInteractionClientCreateAuthCodeClient,"StdIntClientCreateAuthCodeClient"],[cr.StandardInteractionClientGetClientConfiguration,"StdIntClientGetClientConf"],[cr.StandardInteractionClientInitializeAuthorizationRequest,"StdIntClientInitAuthReq"],[cr.StandardInteractionClientInitializeAuthorizationCodeRequest,"StdIntClientInitAuthCodeReq"],[cr.GetAuthCodeUrl,"GetAuthCodeUrl"],[cr.HandleCodeResponseFromServer,"HandleCodeResFromServer"],[cr.HandleCodeResponse,"HandleCodeResp"],[cr.UpdateTokenEndpointAuthority,"UpdTEndpointAuth"],[cr.AuthClientAcquireToken,"AuthClientAT"],[cr.AuthClientExecuteTokenRequest,"AuthClientExecTReq"],[cr.AuthClientCreateTokenRequestBody,"AuthClientCreateTReqBody"],[cr.AuthClientCreateQueryString,"AuthClientCreateQueryStr"],[cr.PopTokenGenerateCnf,"PopTGenCnf"],[cr.PopTokenGenerateKid,"PopTGenKid"],[cr.HandleServerTokenResponse,"HandleServerTRes"],[cr.DeserializeResponse,"DeserializeRes"],[cr.AuthorityFactoryCreateDiscoveredInstance,"AuthFactCreateDiscInst"],[cr.AuthorityResolveEndpointsAsync,"AuthResolveEndpointsAsync"],[cr.AuthorityResolveEndpointsFromLocalSources,"AuthResolveEndpointsFromLocal"],[cr.AuthorityGetCloudDiscoveryMetadataFromNetwork,"AuthGetCDMetaFromNet"],[cr.AuthorityUpdateCloudDiscoveryMetadata,"AuthUpdCDMeta"],[cr.AuthorityGetEndpointMetadataFromNetwork,"AuthUpdCDMetaFromNet"],[cr.AuthorityUpdateEndpointMetadata,"AuthUpdEndpointMeta"],[cr.AuthorityUpdateMetadataWithRegionalInformation,"AuthUpdMetaWithRegInfo"],[cr.RegionDiscoveryDetectRegion,"RegDiscDetectReg"],[cr.RegionDiscoveryGetRegionFromIMDS,"RegDiscGetRegFromIMDS"],[cr.RegionDiscoveryGetCurrentVersion,"RegDiscGetCurrentVer"],[cr.AcquireTokenByCodeAsync,"ATByCodeAsync"],[cr.GetEndpointMetadataFromNetwork,"GetEndpointMetaFromNet"],[cr.GetCloudDiscoveryMetadataFromNetworkMeasurement,"GetCDMetaFromNet"],[cr.HandleRedirectPromiseMeasurement,"HandleRedirectPromise"],[cr.HandleNativeRedirectPromiseMeasurement,"HandleNtvRedirectPromise"],[cr.UpdateCloudDiscoveryMetadataMeasurement,"UpdateCDMeta"],[cr.UsernamePasswordClientAcquireToken,"UserPassClientAT"],[cr.NativeMessageHandlerHandshake,"NtvMsgHandlerHandshake"],[cr.NativeGenerateAuthResult,"NtvGenAuthRes"],[cr.RemoveHiddenIframe,"RemoveHiddenIframe"],[cr.ClearTokensAndKeysWithClaims,"ClearTAndKeysWithClaims"],[cr.CacheManagerGetRefreshToken,"CacheManagerGetRT"],[cr.GeneratePkceCodes,"GenPkceCodes"],[cr.GenerateCodeVerifier,"GenCodeVerifier"],[cr.GenerateCodeChallengeFromVerifier,"GenCodeChallengeFromVerifier"],[cr.Sha256Digest,"Sha256Digest"],[cr.GetRandomValues,"GetRandomValues"]]),hr=1,dr=2,ur=new Set(["accessTokenSize","durationMs","idTokenSize","matsSilentStatus","matsHttpStatus","refreshTokenSize","queuedTimeMs","startTimeMs","status","multiMatchedAT","multiMatchedID","multiMatchedRT"]),gr=(e,t,r,n,o)=>(...i)=>{r.trace(`Executing function ${t}`);const a=n?.startMeasurement(t,o);if(o){const e=t+"CallCount";n?.incrementFields({[e]:1},o)}try{const n=e(...i);return a?.end({success:!0}),r.trace(`Returning result from ${t}`),n}catch(e){r.trace(`Error occurred in ${t}`);try{r.trace(JSON.stringify(e))}catch(e){r.trace("Unable to print error message.")}throw a?.end({success:!1},e),e}},pr=(e,t,r,n,o)=>(...i)=>{r.trace(`Executing function ${t}`);const a=n?.startMeasurement(t,o);if(o){const e=t+"CallCount";n?.incrementFields({[e]:1},o)}return n?.setPreQueueTime(t,o),e(...i).then((e=>(r.trace(`Returning result from ${t}`),a?.end({success:!0}),e))).catch((e=>{r.trace(`Error occurred in ${t}`);try{r.trace(JSON.stringify(e))}catch(e){r.trace("Unable to print error message.")}throw a?.end({success:!1},e),e}))}; /*! @azure/msal-common v14.10.0 2024-05-28 */ class mr{constructor(e,t,r,n){this.networkInterface=e,this.logger=t,this.performanceClient=r,this.correlationId=n}async detectRegion(e,r){this.performanceClient?.addQueueMeasurement(cr.RegionDiscoveryDetectRegion,this.correlationId);let n=e;if(n)r.region_source=ie;else{const e=mr.IMDS_OPTIONS;try{const o=await pr(this.getRegionFromIMDS.bind(this),cr.RegionDiscoveryGetRegionFromIMDS,this.logger,this.performanceClient,this.correlationId)(t.IMDS_VERSION,e);if(o.status===re&&(n=o.body,r.region_source=ae),o.status===ne){const t=await pr(this.getCurrentVersion.bind(this),cr.RegionDiscoveryGetCurrentVersion,this.logger,this.performanceClient,this.correlationId)(e);if(!t)return r.region_source=oe,null;const o=await pr(this.getRegionFromIMDS.bind(this),cr.RegionDiscoveryGetRegionFromIMDS,this.logger,this.performanceClient,this.correlationId)(t,e);o.status===re&&(n=o.body,r.region_source=ae)}}catch(e){return r.region_source=oe,null}}return n||(r.region_source=oe),n||null}async getRegionFromIMDS(e,r){return this.performanceClient?.addQueueMeasurement(cr.RegionDiscoveryGetRegionFromIMDS,this.correlationId),this.networkInterface.sendGetRequestAsync(`${t.IMDS_ENDPOINT}?api-version=${e}&format=text`,r,t.IMDS_TIMEOUT)}async getCurrentVersion(e){this.performanceClient?.addQueueMeasurement(cr.RegionDiscoveryGetCurrentVersion,this.correlationId);try{const r=await this.networkInterface.sendGetRequestAsync(`${t.IMDS_ENDPOINT}?format=json`,e);return r.status===ne&&r.body&&r.body["newest-versions"]&&r.body["newest-versions"].length>0?r.body["newest-versions"][0]:null}catch(e){return null}}} /*! @azure/msal-common v14.10.0 2024-05-28 */ function fr(){return Math.round((new Date).getTime()/1e3)}function Cr(e,t){const r=Number(e)||0;return fr()+t>r}function yr(e){return Number(e)>fr()} /*! @azure/msal-common v14.10.0 2024-05-28 */function vr(e){return[Rr(e),br(e),_r(e),Pr(e),Mr(e)].join(U.CACHE_KEY_SEPARATOR).toLowerCase()}function Tr(e,t,r,n,o){return{credentialType:H.ID_TOKEN,homeAccountId:e,environment:t,clientId:n,secret:r,realm:o}}function Ir(e,t,r,n,o,i,a,s,c,l,h,d,u,g,p){const m={homeAccountId:e,credentialType:H.ACCESS_TOKEN,secret:r,cachedAt:fr().toString(),expiresOn:a.toString(),extendedExpiresOn:s.toString(),environment:t,clientId:n,realm:o,target:i,tokenType:h||W.BEARER};if(d&&(m.userAssertionHash=d),l&&(m.refreshOn=l.toString()),g&&(m.requestedClaims=g,m.requestedClaimsHash=p),m.tokenType?.toLowerCase()!==W.BEARER.toLowerCase())switch(m.credentialType=H.ACCESS_TOKEN_WITH_AUTH_SCHEME,m.tokenType){case W.POP:const e=yt(r,c);if(!e?.cnf?.kid)throw Ct(nt);m.keyId=e.cnf.kid;break;case W.SSH:m.keyId=u}return m}function wr(e,t,r,n,o,i,a){const s={credentialType:H.REFRESH_TOKEN,homeAccountId:e,environment:t,clientId:n,secret:r};return i&&(s.userAssertionHash=i),o&&(s.familyId=o),a&&(s.expiresOn=a.toString()),s}function Ar(e){return e.hasOwnProperty("homeAccountId")&&e.hasOwnProperty("environment")&&e.hasOwnProperty("credentialType")&&e.hasOwnProperty("clientId")&&e.hasOwnProperty("secret")}function kr(e){return!!e&&(Ar(e)&&e.hasOwnProperty("realm")&&e.hasOwnProperty("target")&&(e.credentialType===H.ACCESS_TOKEN||e.credentialType===H.ACCESS_TOKEN_WITH_AUTH_SCHEME))}function Sr(e){return!!e&&(Ar(e)&&e.hasOwnProperty("realm")&&e.credentialType===H.ID_TOKEN)}function Er(e){return!!e&&(Ar(e)&&e.credentialType===H.REFRESH_TOKEN)}function Rr(e){return[e.homeAccountId,e.environment].join(U.CACHE_KEY_SEPARATOR).toLowerCase()}function br(e){const t=e.credentialType===H.REFRESH_TOKEN&&e.familyId||e.clientId;return[e.credentialType,t,e.realm||""].join(U.CACHE_KEY_SEPARATOR).toLowerCase()}function _r(e){return(e.target||"").toLowerCase()}function Pr(e){return(e.requestedClaimsHash||"").toLowerCase()}function Mr(e){return e.tokenType&&e.tokenType.toLowerCase()!==W.BEARER.toLowerCase()?e.tokenType.toLowerCase():""}function Nr(){return fr()+F}function Or(e,t,r){e.authorization_endpoint=t.authorization_endpoint,e.token_endpoint=t.token_endpoint,e.end_session_endpoint=t.end_session_endpoint,e.issuer=t.issuer,e.endpointsFromNetwork=r,e.jwks_uri=t.jwks_uri}function qr(e,t,r){e.aliases=t.aliases,e.preferred_cache=t.preferred_cache,e.preferred_network=t.preferred_network,e.aliasesFromNetwork=r}function Lr(e){return e.expiresAt<=fr()} /*! @azure/msal-common v14.10.0 2024-05-28 */mr.IMDS_OPTIONS={headers:{Metadata:"true"}};class Ur{constructor(e,t,r,n,o,i,a,s){this.canonicalAuthority=e,this._canonicalAuthority.validateAsUri(),this.networkInterface=t,this.cacheManager=r,this.authorityOptions=n,this.regionDiscoveryMetadata={region_used:void 0,region_source:void 0,region_outcome:void 0},this.logger=o,this.performanceClient=a,this.correlationId=i,this.managedIdentity=s||!1,this.regionDiscovery=new mr(t,this.logger,this.performanceClient,this.correlationId)}getAuthorityType(e){if(e.HostNameAndPort.endsWith(t.CIAM_AUTH_URL))return At;const r=e.PathSegments;if(r.length)switch(r[0].toLowerCase()){case t.ADFS:return It;case t.DSTS:return wt}return Tt}get authorityType(){return this.getAuthorityType(this.canonicalAuthorityUrlComponents)}get protocolMode(){return this.authorityOptions.protocolMode}get options(){return this.authorityOptions}get canonicalAuthority(){return this._canonicalAuthority.urlString}set canonicalAuthority(e){this._canonicalAuthority=new er(e),this._canonicalAuthority.validateAsUri(),this._canonicalAuthorityUrlComponents=null}get canonicalAuthorityUrlComponents(){return this._canonicalAuthorityUrlComponents||(this._canonicalAuthorityUrlComponents=this._canonicalAuthority.getUrlComponents()),this._canonicalAuthorityUrlComponents}get hostnameAndPort(){return this.canonicalAuthorityUrlComponents.HostNameAndPort.toLowerCase()}get tenant(){return this.canonicalAuthorityUrlComponents.PathSegments[0]}get authorizationEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.authorization_endpoint);throw Ct(Re)}get tokenEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.token_endpoint);throw Ct(Re)}get deviceCodeEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.token_endpoint.replace("/token","/devicecode"));throw Ct(Re)}get endSessionEndpoint(){if(this.discoveryComplete()){if(!this.metadata.end_session_endpoint)throw Ct(at);return this.replacePath(this.metadata.end_session_endpoint)}throw Ct(Re)}get selfSignedJwtAudience(){if(this.discoveryComplete())return this.replacePath(this.metadata.issuer);throw Ct(Re)}get jwksUri(){if(this.discoveryComplete())return this.replacePath(this.metadata.jwks_uri);throw Ct(Re)}canReplaceTenant(e){return 1===e.PathSegments.length&&!Ur.reservedTenantDomains.has(e.PathSegments[0])&&this.getAuthorityType(e)===Tt&&this.protocolMode===ar.AAD}replaceTenant(e){return e.replace(/{tenant}|{tenantid}/g,this.tenant)}replacePath(e){let t=e;const r=new er(this.metadata.canonical_authority).getUrlComponents(),n=r.PathSegments;return this.canonicalAuthorityUrlComponents.PathSegments.forEach(((e,o)=>{let i=n[o];if(0===o&&this.canReplaceTenant(r)){const e=new er(this.metadata.authorization_endpoint).getUrlComponents().PathSegments[0];i!==e&&(this.logger.verbose(`Replacing tenant domain name ${i} with id ${e}`),i=e)}e!==i&&(t=t.replace(`/${i}/`,`/${e}/`))})),this.replaceTenant(t)}get defaultOpenIdConfigurationEndpoint(){const e=this.hostnameAndPort;return this.canonicalAuthority.endsWith("v2.0/")||this.authorityType===It||this.protocolMode!==ar.AAD&&!this.isAliasOfKnownMicrosoftAuthority(e)?`${this.canonicalAuthority}.well-known/openid-configuration`:`${this.canonicalAuthority}v2.0/.well-known/openid-configuration`}discoveryComplete(){return!!this.metadata}async resolveEndpointsAsync(){this.performanceClient?.addQueueMeasurement(cr.AuthorityResolveEndpointsAsync,this.correlationId);const e=this.getCurrentMetadataEntity(),t=await pr(this.updateCloudDiscoveryMetadata.bind(this),cr.AuthorityUpdateCloudDiscoveryMetadata,this.logger,this.performanceClient,this.correlationId)(e);this.canonicalAuthority=this.canonicalAuthority.replace(this.hostnameAndPort,e.preferred_network);const r=await pr(this.updateEndpointMetadata.bind(this),cr.AuthorityUpdateEndpointMetadata,this.logger,this.performanceClient,this.correlationId)(e);this.updateCachedMetadata(e,t,{source:r}),this.performanceClient?.addFields({cloudDiscoverySource:t,authorityEndpointSource:r},this.correlationId)}getCurrentMetadataEntity(){let e=this.cacheManager.getAuthorityMetadataByAlias(this.hostnameAndPort);return e||(e={aliases:[],preferred_cache:this.hostnameAndPort,preferred_network:this.hostnameAndPort,canonical_authority:this.canonicalAuthority,authorization_endpoint:"",token_endpoint:"",end_session_endpoint:"",issuer:"",aliasesFromNetwork:!1,endpointsFromNetwork:!1,expiresAt:Nr(),jwks_uri:""}),e}updateCachedMetadata(e,t,r){t!==z&&r?.source!==z&&(e.expiresAt=Nr(),e.canonical_authority=this.canonicalAuthority);const n=this.cacheManager.generateAuthorityMetadataCacheKey(e.preferred_cache);this.cacheManager.setAuthorityMetadata(n,e),this.metadata=e}async updateEndpointMetadata(e){this.performanceClient?.addQueueMeasurement(cr.AuthorityUpdateEndpointMetadata,this.correlationId);const t=this.updateEndpointMetadataFromLocalSources(e);if(t){if(t.source===$&&this.authorityOptions.azureRegionConfiguration?.azureRegion&&t.metadata){Or(e,await pr(this.updateMetadataWithRegionalInformation.bind(this),cr.AuthorityUpdateMetadataWithRegionalInformation,this.logger,this.performanceClient,this.correlationId)(t.metadata),!1),e.canonical_authority=this.canonicalAuthority}return t.source}let r=await pr(this.getEndpointMetadataFromNetwork.bind(this),cr.AuthorityGetEndpointMetadataFromNetwork,this.logger,this.performanceClient,this.correlationId)();if(r)return this.authorityOptions.azureRegionConfiguration?.azureRegion&&(r=await pr(this.updateMetadataWithRegionalInformation.bind(this),cr.AuthorityUpdateMetadataWithRegionalInformation,this.logger,this.performanceClient,this.correlationId)(r)),Or(e,r,!0),G;throw Ct(_e,this.defaultOpenIdConfigurationEndpoint)}updateEndpointMetadataFromLocalSources(e){this.logger.verbose("Attempting to get endpoint metadata from authority configuration");const t=this.getEndpointMetadataFromConfig();if(t)return this.logger.verbose("Found endpoint metadata in authority configuration"),Or(e,t,!1),{source:K};if(this.logger.verbose("Did not find endpoint metadata in the config... Attempting to get endpoint metadata from the hardcoded values."),this.authorityOptions.skipAuthorityMetadataCache)this.logger.verbose("Skipping hardcoded metadata cache since skipAuthorityMetadataCache is set to true. Attempting to get endpoint metadata from the network metadata cache.");else{const t=this.getEndpointMetadataFromHardcodedValues();if(t)return Or(e,t,!1),{source:$,metadata:t};this.logger.verbose("Did not find endpoint metadata in hardcoded values... Attempting to get endpoint metadata from the network metadata cache.")}const r=Lr(e);return this.isAuthoritySameType(e)&&e.endpointsFromNetwork&&!r?(this.logger.verbose("Found endpoint metadata in the cache."),{source:z}):(r&&this.logger.verbose("The metadata entity is expired."),null)}isAuthoritySameType(e){return new er(e.canonical_authority).getUrlComponents().PathSegments.length===this.canonicalAuthorityUrlComponents.PathSegments.length}getEndpointMetadataFromConfig(){if(this.authorityOptions.authorityMetadata)try{return JSON.parse(this.authorityOptions.authorityMetadata)}catch(e){throw Vt(Ht)}return null}async getEndpointMetadataFromNetwork(){this.performanceClient?.addQueueMeasurement(cr.AuthorityGetEndpointMetadataFromNetwork,this.correlationId);const e={},t=this.defaultOpenIdConfigurationEndpoint;this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: attempting to retrieve OAuth endpoints from ${t}`);try{const r=await this.networkInterface.sendGetRequestAsync(t,e),n=function(e){return e.hasOwnProperty("authorization_endpoint")&&e.hasOwnProperty("token_endpoint")&&e.hasOwnProperty("issuer")&&e.hasOwnProperty("jwks_uri")}(r.body);return n?r.body:(this.logger.verbose("Authority.getEndpointMetadataFromNetwork: could not parse response as OpenID configuration"),null)}catch(e){return this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: ${e}`),null}}getEndpointMetadataFromHardcodedValues(){return this.hostnameAndPort in tr?tr[this.hostnameAndPort]:null}async updateMetadataWithRegionalInformation(e){this.performanceClient?.addQueueMeasurement(cr.AuthorityUpdateMetadataWithRegionalInformation,this.correlationId);const r=this.authorityOptions.azureRegionConfiguration?.azureRegion;if(r){if(r!==t.AZURE_REGION_AUTO_DISCOVER_FLAG)return this.regionDiscoveryMetadata.region_outcome=se,this.regionDiscoveryMetadata.region_used=r,Ur.replaceWithRegionalInformation(e,r);const n=await pr(this.regionDiscovery.detectRegion.bind(this.regionDiscovery),cr.RegionDiscoveryDetectRegion,this.logger,this.performanceClient,this.correlationId)(this.authorityOptions.azureRegionConfiguration?.environmentRegion,this.regionDiscoveryMetadata);if(n)return this.regionDiscoveryMetadata.region_outcome=ce,this.regionDiscoveryMetadata.region_used=n,Ur.replaceWithRegionalInformation(e,n);this.regionDiscoveryMetadata.region_outcome=le}return e}async updateCloudDiscoveryMetadata(e){this.performanceClient?.addQueueMeasurement(cr.AuthorityUpdateCloudDiscoveryMetadata,this.correlationId);const t=this.updateCloudDiscoveryMetadataFromLocalSources(e);if(t)return t;const r=await pr(this.getCloudDiscoveryMetadataFromNetwork.bind(this),cr.AuthorityGetCloudDiscoveryMetadataFromNetwork,this.logger,this.performanceClient,this.correlationId)();if(r)return qr(e,r,!0),G;throw Vt(Bt)}updateCloudDiscoveryMetadataFromLocalSources(e){this.logger.verbose("Attempting to get cloud discovery metadata from authority configuration"),this.logger.verbosePii(`Known Authorities: ${this.authorityOptions.knownAuthorities||t.NOT_APPLICABLE}`),this.logger.verbosePii(`Authority Metadata: ${this.authorityOptions.authorityMetadata||t.NOT_APPLICABLE}`),this.logger.verbosePii(`Canonical Authority: ${e.canonical_authority||t.NOT_APPLICABLE}`);const r=this.getCloudDiscoveryMetadataFromConfig();if(r)return this.logger.verbose("Found cloud discovery metadata in authority configuration"),qr(e,r,!1),K;if(this.logger.verbose("Did not find cloud discovery metadata in the config... Attempting to get cloud discovery metadata from the hardcoded values."),this.options.skipAuthorityMetadataCache)this.logger.verbose("Skipping hardcoded cloud discovery metadata cache since skipAuthorityMetadataCache is set to true. Attempting to get cloud discovery metadata from the network metadata cache.");else{const t=(n=this.hostnameAndPort,ir(rr.metadata,n));if(t)return this.logger.verbose("Found cloud discovery metadata from hardcoded values."),qr(e,t,!1),$;this.logger.verbose("Did not find cloud discovery metadata in hardcoded values... Attempting to get cloud discovery metadata from the network metadata cache.")}var n;const o=Lr(e);return this.isAuthoritySameType(e)&&e.aliasesFromNetwork&&!o?(this.logger.verbose("Found cloud discovery metadata in the cache."),z):(o&&this.logger.verbose("The metadata entity is expired."),null)}getCloudDiscoveryMetadataFromConfig(){if(this.authorityType===At)return this.logger.verbose("CIAM authorities do not support cloud discovery metadata, generate the aliases from authority host."),Ur.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);if(this.authorityOptions.cloudDiscoveryMetadata){this.logger.verbose("The cloud discovery metadata has been provided as a network response, in the config.");try{this.logger.verbose("Attempting to parse the cloud discovery metadata.");const e=ir(JSON.parse(t