UNPKG

@azure/msal-browser

Version:

Microsoft Authentication Library for js

github.com/AzureAD/microsoft-authentication-library-for-js

AzureAD/microsoft-authentication-library-for-js

34 lines 304 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
/*! @azure/msal-browser v4.12.0 2025-05-06 */ "use strict";!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).msal={})}(this,(function(e){ /*! @azure/msal-common v15.6.0 2025-05-06 */ const t={LIBRARY_NAME:"MSAL.JS",SKU:"msal.js.common",CACHE_PREFIX:"msal",DEFAULT_AUTHORITY:"https://login.microsoftonline.com/common/",DEFAULT_AUTHORITY_HOST:"login.microsoftonline.com",DEFAULT_COMMON_TENANT:"common",ADFS:"adfs",DSTS:"dstsv2",AAD_INSTANCE_DISCOVERY_ENDPT:"https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=",CIAM_AUTH_URL:".ciamlogin.com",AAD_TENANT_DOMAIN_SUFFIX:".onmicrosoft.com",RESOURCE_DELIM:"|",NO_ACCOUNT:"NO_ACCOUNT",CLAIMS:"claims",CONSUMER_UTID:"9188040d-6c67-4c5b-b112-36a304b66dad",OPENID_SCOPE:"openid",PROFILE_SCOPE:"profile",OFFLINE_ACCESS_SCOPE:"offline_access",EMAIL_SCOPE:"email",CODE_GRANT_TYPE:"authorization_code",RT_GRANT_TYPE:"refresh_token",S256_CODE_CHALLENGE_METHOD:"S256",URL_FORM_CONTENT_TYPE:"application/x-www-form-urlencoded;charset=utf-8",AUTHORIZATION_PENDING:"authorization_pending",NOT_DEFINED:"not_defined",EMPTY_STRING:"",NOT_APPLICABLE:"N/A",NOT_AVAILABLE:"Not Available",FORWARD_SLASH:"/",IMDS_ENDPOINT:"http://169.254.169.254/metadata/instance/compute/location",IMDS_VERSION:"2020-06-01",IMDS_TIMEOUT:2e3,AZURE_REGION_AUTO_DISCOVER_FLAG:"TryAutoDetect",REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX:"login.microsoft.com",KNOWN_PUBLIC_CLOUDS:["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"],SHR_NONCE_VALIDITY:240,INVALID_INSTANCE:"invalid_instance"},r=400,n=499,o=500,i=599,a=[t.OPENID_SCOPE,t.PROFILE_SCOPE,t.OFFLINE_ACCESS_SCOPE],s=[...a,t.EMAIL_SCOPE],c="Content-Type",l="Content-Length",h="Retry-After",d="X-AnchorMailbox",u="WWW-Authenticate",g="Authentication-Info",p="x-ms-request-id",m="x-ms-httpver",f="active-account-filters",y="common",C="organizations",v="consumers",w="access_token",I="xms_cc",T={LOGIN:"login",SELECT_ACCOUNT:"select_account",CONSENT:"consent",NONE:"none",CREATE:"create",NO_SESSION:"no_session"},k={PLAIN:"plain",S256:"S256"},A="code",S="id_token token refresh_token",b={QUERY:"query",FRAGMENT:"fragment"},E="query",R="authorization_code",_="refresh_token",P="MSSTS",M="ADFS",O="Generic",N="-",q=".",L={ID_TOKEN:"IdToken",ACCESS_TOKEN:"AccessToken",ACCESS_TOKEN_WITH_AUTH_SCHEME:"AccessToken_With_AuthScheme",REFRESH_TOKEN:"RefreshToken"},H="appmetadata",U="1",x="authority-metadata",B=86400,D="config",F="cache",K="network",z="hardcoded_values",G={SCHEMA_VERSION:5,MAX_CUR_HEADER_BYTES:80,MAX_LAST_HEADER_BYTES:330,MAX_CACHED_ERRORS:50,CACHE_KEY:"server-telemetry",CATEGORY_SEPARATOR:"|",VALUE_SEPARATOR:",",OVERFLOW_TRUE:"1",OVERFLOW_FALSE:"0",UNKNOWN_ERROR:"unknown_error"},$={BEARER:"Bearer",POP:"pop",SSH:"ssh-cert"},Q=60,j=3600,W="throttling",V="retry-after, h429",J="invalid_grant",Y="client_mismatch",X=200,Z=400,ee="1",te="3",re="4",ne="2",oe="4",ie="5",ae="0",se="1",ce="2",le="3",he="4",de={Jwt:"JWT",Jwk:"JWK",Pop:"pop"},ue="unexpected_error",ge="post_request_failed";var pe=Object.freeze({__proto__:null,postRequestFailed:ge,unexpectedError:ue}); /*! @azure/msal-common v15.6.0 2025-05-06 */const me={[ue]:"Unexpected error in authentication.",[ge]:"Post request failed from the network, could be a 4xx/5xx or a network unavailability. Please check the exact error code for details."},fe={unexpectedError:{code:ue,desc:me[ue]},postRequestFailed:{code:ge,desc:me[ge]}};class ye extends Error{constructor(e,r,n){super(r?`${e}: ${r}`:e),Object.setPrototypeOf(this,ye.prototype),this.errorCode=e||t.EMPTY_STRING,this.errorMessage=r||t.EMPTY_STRING,this.subError=n||t.EMPTY_STRING,this.name="AuthError"}setCorrelationId(e){this.correlationId=e}}function Ce(e,t){return new ye(e,t?`${me[e]} ${t}`:me[e])} /*! @azure/msal-common v15.6.0 2025-05-06 */const ve="client_info_decoding_error",we="client_info_empty_error",Ie="token_parsing_error",Te="null_or_empty_token",ke="endpoints_resolution_error",Ae="network_error",Se="openid_config_error",be="hash_not_deserialized",Ee="invalid_state",Re="state_mismatch",_e="state_not_found",Pe="nonce_mismatch",Me="auth_time_not_found",Oe="max_age_transpired",Ne="multiple_matching_tokens",qe="multiple_matching_accounts",Le="multiple_matching_appMetadata",He="request_cannot_be_made",Ue="cannot_remove_empty_scope",xe="cannot_append_scopeset",Be="empty_input_scopeset",De="device_code_polling_cancelled",Fe="device_code_expired",Ke="device_code_unknown_error",ze="no_account_in_silent_request",Ge="invalid_cache_record",$e="invalid_cache_environment",Qe="no_account_found",je="no_crypto_object",We="unexpected_credential_type",Ve="invalid_assertion",Je="invalid_client_credential",Ye="token_refresh_required",Xe="user_timeout_reached",Ze="token_claims_cnf_required_for_signedjwt",et="authorization_code_missing_from_server_response",tt="binding_key_not_removed",rt="end_session_endpoint_not_supported",nt="key_id_missing",ot="no_network_connectivity",it="user_canceled",at="missing_tenant_id_error",st="method_not_implemented",ct="nested_app_auth_bridge_disabled";var lt=Object.freeze({__proto__:null,authTimeNotFound:Me,authorizationCodeMissingFromServerResponse:et,bindingKeyNotRemoved:tt,cannotAppendScopeSet:xe,cannotRemoveEmptyScope:Ue,clientInfoDecodingError:ve,clientInfoEmptyError:we,deviceCodeExpired:Fe,deviceCodePollingCancelled:De,deviceCodeUnknownError:Ke,emptyInputScopeSet:Be,endSessionEndpointNotSupported:rt,endpointResolutionError:ke,hashNotDeserialized:be,invalidAssertion:Ve,invalidCacheEnvironment:$e,invalidCacheRecord:Ge,invalidClientCredential:Je,invalidState:Ee,keyIdMissing:nt,maxAgeTranspired:Oe,methodNotImplemented:st,missingTenantIdError:at,multipleMatchingAccounts:qe,multipleMatchingAppMetadata:Le,multipleMatchingTokens:Ne,nestedAppAuthBridgeDisabled:ct,networkError:Ae,noAccountFound:Qe,noAccountInSilentRequest:ze,noCryptoObject:je,noNetworkConnectivity:ot,nonceMismatch:Pe,nullOrEmptyToken:Te,openIdConfigError:Se,requestCannotBeMade:He,stateMismatch:Re,stateNotFound:_e,tokenClaimsCnfRequiredForSignedJwt:Ze,tokenParsingError:Ie,tokenRefreshRequired:Ye,unexpectedCredentialType:We,userCanceled:it,userTimeoutReached:Xe}); /*! @azure/msal-common v15.6.0 2025-05-06 */const ht={[ve]:"The client info could not be parsed/decoded correctly",[we]:"The client info was empty",[Ie]:"Token cannot be parsed",[Te]:"The token is null or empty",[ke]:"Endpoints cannot be resolved",[Ae]:"Network request failed",[Se]:"Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints.",[be]:"The hash parameters could not be deserialized",[Ee]:"State was not the expected format",[Re]:"State mismatch error",[_e]:"State not found",[Pe]:"Nonce mismatch error",[Me]:"Max Age was requested and the ID token is missing the auth_time variable. auth_time is an optional claim and is not enabled by default - it must be enabled. See https://aka.ms/msaljs/optional-claims for more information.",[Oe]:"Max Age is set to 0, or too much time has elapsed since the last end-user authentication.",[Ne]:"The cache contains multiple tokens satisfying the requirements. Call AcquireToken again providing more requirements such as authority or account.",[qe]:"The cache contains multiple accounts satisfying the given parameters. Please pass more info to obtain the correct account",[Le]:"The cache contains multiple appMetadata satisfying the given parameters. Please pass more info to obtain the correct appMetadata",[He]:"Token request cannot be made without authorization code or refresh token.",[Ue]:"Cannot remove null or empty scope from ScopeSet",[xe]:"Cannot append ScopeSet",[Be]:"Empty input ScopeSet cannot be processed",[De]:"Caller has cancelled token endpoint polling during device code flow by setting DeviceCodeRequest.cancel = true.",[Fe]:"Device code is expired.",[Ke]:"Device code stopped polling for unknown reasons.",[ze]:"Please pass an account object, silent flow is not supported without account information",[Ge]:"Cache record object was null or undefined.",[$e]:"Invalid environment when attempting to create cache entry",[Qe]:"No account found in cache for given key.",[je]:"No crypto object detected.",[We]:"Unexpected credential type.",[Ve]:"Client assertion must meet requirements described in https://tools.ietf.org/html/rfc7515",[Je]:"Client credential (secret, certificate, or assertion) must not be empty when creating a confidential client. An application should at most have one credential",[Ye]:"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.",[Xe]:"User defined timeout for device code polling reached",[Ze]:"Cannot generate a POP jwt if the token_claims are not populated",[et]:"Server response does not contain an authorization code to proceed",[tt]:"Could not remove the credential's binding key from storage.",[rt]:"The provided authority does not support logout",[nt]:"A keyId value is missing from the requested bound token's cache record and is required to match the token to it's stored binding key.",[ot]:"No network connectivity. Check your internet connection.",[it]:"User cancelled the flow.",[at]:"A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.",[st]:"This method has not been implemented",[ct]:"The nested app auth bridge is disabled"},dt={clientInfoDecodingError:{code:ve,desc:ht[ve]},clientInfoEmptyError:{code:we,desc:ht[we]},tokenParsingError:{code:Ie,desc:ht[Ie]},nullOrEmptyToken:{code:Te,desc:ht[Te]},endpointResolutionError:{code:ke,desc:ht[ke]},networkError:{code:Ae,desc:ht[Ae]},unableToGetOpenidConfigError:{code:Se,desc:ht[Se]},hashNotDeserialized:{code:be,desc:ht[be]},invalidStateError:{code:Ee,desc:ht[Ee]},stateMismatchError:{code:Re,desc:ht[Re]},stateNotFoundError:{code:_e,desc:ht[_e]},nonceMismatchError:{code:Pe,desc:ht[Pe]},authTimeNotFoundError:{code:Me,desc:ht[Me]},maxAgeTranspired:{code:Oe,desc:ht[Oe]},multipleMatchingTokens:{code:Ne,desc:ht[Ne]},multipleMatchingAccounts:{code:qe,desc:ht[qe]},multipleMatchingAppMetadata:{code:Le,desc:ht[Le]},tokenRequestCannotBeMade:{code:He,desc:ht[He]},removeEmptyScopeError:{code:Ue,desc:ht[Ue]},appendScopeSetError:{code:xe,desc:ht[xe]},emptyInputScopeSetError:{code:Be,desc:ht[Be]},DeviceCodePollingCancelled:{code:De,desc:ht[De]},DeviceCodeExpired:{code:Fe,desc:ht[Fe]},DeviceCodeUnknownError:{code:Ke,desc:ht[Ke]},NoAccountInSilentRequest:{code:ze,desc:ht[ze]},invalidCacheRecord:{code:Ge,desc:ht[Ge]},invalidCacheEnvironment:{code:$e,desc:ht[$e]},noAccountFound:{code:Qe,desc:ht[Qe]},noCryptoObj:{code:je,desc:ht[je]},unexpectedCredentialType:{code:We,desc:ht[We]},invalidAssertion:{code:Ve,desc:ht[Ve]},invalidClientCredential:{code:Je,desc:ht[Je]},tokenRefreshRequired:{code:Ye,desc:ht[Ye]},userTimeoutReached:{code:Xe,desc:ht[Xe]},tokenClaimsRequired:{code:Ze,desc:ht[Ze]},noAuthorizationCodeFromServer:{code:et,desc:ht[et]},bindingKeyNotRemovedError:{code:tt,desc:ht[tt]},logoutNotSupported:{code:rt,desc:ht[rt]},keyIdMissing:{code:nt,desc:ht[nt]},noNetworkConnectivity:{code:ot,desc:ht[ot]},userCanceledError:{code:it,desc:ht[it]},missingTenantIdError:{code:at,desc:ht[at]},nestedAppAuthBridgeDisabled:{code:ct,desc:ht[ct]}};class ut extends ye{constructor(e,t){super(e,t?`${ht[e]}: ${t}`:ht[e]),this.name="ClientAuthError",Object.setPrototypeOf(this,ut.prototype)}}function gt(e,t){return new ut(e,t)} /*! @azure/msal-common v15.6.0 2025-05-06 */const pt={createNewGuid:()=>{throw gt(st)},base64Decode:()=>{throw gt(st)},base64Encode:()=>{throw gt(st)},base64UrlEncode:()=>{throw gt(st)},encodeKid:()=>{throw gt(st)},async getPublicKeyThumbprint(){throw gt(st)},async removeTokenBindingKey(){throw gt(st)},async clearKeystore(){throw gt(st)},async signJwt(){throw gt(st)},async hashString(){throw gt(st)}}; /*! @azure/msal-common v15.6.0 2025-05-06 */var mt;e.LogLevel=void 0,(mt=e.LogLevel||(e.LogLevel={}))[mt.Error=0]="Error",mt[mt.Warning=1]="Warning",mt[mt.Info=2]="Info",mt[mt.Verbose=3]="Verbose",mt[mt.Trace=4]="Trace";class ft{constructor(r,n,o){this.level=e.LogLevel.Info;const i=r||ft.createDefaultLoggerOptions();this.localCallback=i.loggerCallback||(()=>{}),this.piiLoggingEnabled=i.piiLoggingEnabled||!1,this.level="number"==typeof i.logLevel?i.logLevel:e.LogLevel.Info,this.correlationId=i.correlationId||t.EMPTY_STRING,this.packageName=n||t.EMPTY_STRING,this.packageVersion=o||t.EMPTY_STRING}static createDefaultLoggerOptions(){return{loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:e.LogLevel.Info}}clone(e,t,r){return new ft({loggerCallback:this.localCallback,piiLoggingEnabled:this.piiLoggingEnabled,logLevel:this.level,correlationId:r||this.correlationId},e,t)}logMessage(t,r){if(r.logLevel>this.level||!this.piiLoggingEnabled&&r.containsPii)return;const n=`${`[${(new Date).toUTCString()}] : [${r.correlationId||this.correlationId||""}]`} : ${this.packageName}@${this.packageVersion} : ${e.LogLevel[r.logLevel]} - ${t}`;this.executeCallback(r.logLevel,n,r.containsPii||!1)}executeCallback(e,t,r){this.localCallback&&this.localCallback(e,t,r)}error(r,n){this.logMessage(r,{logLevel:e.LogLevel.Error,containsPii:!1,correlationId:n||t.EMPTY_STRING})}errorPii(r,n){this.logMessage(r,{logLevel:e.LogLevel.Error,containsPii:!0,correlationId:n||t.EMPTY_STRING})}warning(r,n){this.logMessage(r,{logLevel:e.LogLevel.Warning,containsPii:!1,correlationId:n||t.EMPTY_STRING})}warningPii(r,n){this.logMessage(r,{logLevel:e.LogLevel.Warning,containsPii:!0,correlationId:n||t.EMPTY_STRING})}info(r,n){this.logMessage(r,{logLevel:e.LogLevel.Info,containsPii:!1,correlationId:n||t.EMPTY_STRING})}infoPii(r,n){this.logMessage(r,{logLevel:e.LogLevel.Info,containsPii:!0,correlationId:n||t.EMPTY_STRING})}verbose(r,n){this.logMessage(r,{logLevel:e.LogLevel.Verbose,containsPii:!1,correlationId:n||t.EMPTY_STRING})}verbosePii(r,n){this.logMessage(r,{logLevel:e.LogLevel.Verbose,containsPii:!0,correlationId:n||t.EMPTY_STRING})}trace(r,n){this.logMessage(r,{logLevel:e.LogLevel.Trace,containsPii:!1,correlationId:n||t.EMPTY_STRING})}tracePii(r,n){this.logMessage(r,{logLevel:e.LogLevel.Trace,containsPii:!0,correlationId:n||t.EMPTY_STRING})}isPiiLoggingEnabled(){return this.piiLoggingEnabled||!1}} /*! @azure/msal-common v15.6.0 2025-05-06 */const yt="@azure/msal-common",Ct="15.6.0",vt={None:"none",AzurePublic:"https://login.microsoftonline.com",AzurePpe:"https://login.windows-ppe.net",AzureChina:"https://login.chinacloudapi.cn",AzureGermany:"https://login.microsoftonline.de",AzureUsGovernment:"https://login.microsoftonline.us"}; /*! @azure/msal-common v15.6.0 2025-05-06 */ function wt(e,t){const r=function(e){if(!e)throw gt(Te);const t=/^([^\.\s]*)\.([^\.\s]+)\.([^\.\s]*)$/.exec(e);if(!t||t.length<4)throw gt(Ie);return t[2]}(e);try{const e=t(r);return JSON.parse(e)}catch(e){throw gt(Ie)}}function It(e,t){if(0===t||Date.now()-3e5>e+t)throw gt(Oe)} /*! @azure/msal-common v15.6.0 2025-05-06 */function Tt(){return Math.round((new Date).getTime()/1e3)}function kt(e){return e.getTime()/1e3}function At(e){return e?new Date(1e3*Number(e)):new Date}function St(e,t){const r=Number(e)||0;return Tt()+t>r}function bt(e){return Number(e)>Tt()} /*! @azure/msal-common v15.6.0 2025-05-06 */function Et(e){return[Ot(e),Nt(e),qt(e),Lt(e),Ht(e)].join(N).toLowerCase()}function Rt(e,t,r,n,o){return{credentialType:L.ID_TOKEN,homeAccountId:e,environment:t,clientId:n,secret:r,realm:o}}function _t(e,t,r,n,o,i,a,s,c,l,h,d,u,g,p){const m={homeAccountId:e,credentialType:L.ACCESS_TOKEN,secret:r,cachedAt:Tt().toString(),expiresOn:a.toString(),extendedExpiresOn:s.toString(),environment:t,clientId:n,realm:o,target:i,tokenType:h||$.BEARER};if(d&&(m.userAssertionHash=d),l&&(m.refreshOn=l.toString()),g&&(m.requestedClaims=g,m.requestedClaimsHash=p),m.tokenType?.toLowerCase()!==$.BEARER.toLowerCase())switch(m.credentialType=L.ACCESS_TOKEN_WITH_AUTH_SCHEME,m.tokenType){case $.POP:const e=wt(r,c);if(!e?.cnf?.kid)throw gt(Ze);m.keyId=e.cnf.kid;break;case $.SSH:m.keyId=u}return m}function Pt(e,t,r,n,o,i,a){const s={credentialType:L.REFRESH_TOKEN,homeAccountId:e,environment:t,clientId:n,secret:r};return i&&(s.userAssertionHash=i),o&&(s.familyId=o),a&&(s.expiresOn=a.toString()),s}function Mt(e){return e.hasOwnProperty("homeAccountId")&&e.hasOwnProperty("environment")&&e.hasOwnProperty("credentialType")&&e.hasOwnProperty("clientId")&&e.hasOwnProperty("secret")}function Ot(e){return[e.homeAccountId,e.environment].join(N).toLowerCase()}function Nt(e){const t=e.credentialType===L.REFRESH_TOKEN&&e.familyId||e.clientId;return[e.credentialType,t,e.realm||""].join(N).toLowerCase()}function qt(e){return(e.target||"").toLowerCase()}function Lt(e){return(e.requestedClaimsHash||"").toLowerCase()}function Ht(e){return e.tokenType&&e.tokenType.toLowerCase()!==$.BEARER.toLowerCase()?e.tokenType.toLowerCase():""}function Ut(){return Tt()+B}function xt(e,t,r){e.authorization_endpoint=t.authorization_endpoint,e.token_endpoint=t.token_endpoint,e.end_session_endpoint=t.end_session_endpoint,e.issuer=t.issuer,e.endpointsFromNetwork=r,e.jwks_uri=t.jwks_uri}function Bt(e,t,r){e.aliases=t.aliases,e.preferred_cache=t.preferred_cache,e.preferred_network=t.preferred_network,e.aliasesFromNetwork=r}function Dt(e){return e.expiresAt<=Tt()} /*! @azure/msal-common v15.6.0 2025-05-06 */const Ft="redirect_uri_empty",Kt="claims_request_parsing_error",zt="authority_uri_insecure",Gt="url_parse_error",$t="empty_url_error",Qt="empty_input_scopes_error",jt="invalid_prompt_value",Wt="invalid_claims",Vt="token_request_empty",Jt="logout_request_empty",Yt="invalid_code_challenge_method",Xt="pkce_params_missing",Zt="invalid_cloud_discovery_metadata",er="invalid_authority_metadata",tr="untrusted_authority",rr="missing_ssh_jwk",nr="missing_ssh_kid",or="missing_nonce_authentication_header",ir="invalid_authentication_header",ar="cannot_set_OIDCOptions",sr="cannot_allow_platform_broker",cr="authority_mismatch";var lr=Object.freeze({__proto__:null,authorityMismatch:cr,authorityUriInsecure:zt,cannotAllowPlatformBroker:sr,cannotSetOIDCOptions:ar,claimsRequestParsingError:Kt,emptyInputScopesError:Qt,invalidAuthenticationHeader:ir,invalidAuthorityMetadata:er,invalidClaims:Wt,invalidCloudDiscoveryMetadata:Zt,invalidCodeChallengeMethod:Yt,invalidPromptValue:jt,logoutRequestEmpty:Jt,missingNonceAuthenticationHeader:or,missingSshJwk:rr,missingSshKid:nr,pkceParamsMissing:Xt,redirectUriEmpty:Ft,tokenRequestEmpty:Vt,untrustedAuthority:tr,urlEmptyError:$t,urlParseError:Gt}); /*! @azure/msal-common v15.6.0 2025-05-06 */const hr={[Ft]:"A redirect URI is required for all calls, and none has been set.",[Kt]:"Could not parse the given claims request object.",[zt]:"Authority URIs must use https. Please see here for valid authority configuration options: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-initializing-client-applications#configuration-options",[Gt]:"URL could not be parsed into appropriate segments.",[$t]:"URL was empty or null.",[Qt]:"Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token.",[jt]:"Please see here for valid configuration options: https://azuread.github.io/microsoft-authentication-library-for-js/ref/modules/_azure_msal_common.html#commonauthorizationurlrequest",[Wt]:"Given claims parameter must be a stringified JSON object.",[Vt]:"Token request was empty and not found in cache.",[Jt]:"The logout request was null or undefined.",[Yt]:'code_challenge_method passed is invalid. Valid values are "plain" and "S256".',[Xt]:"Both params: code_challenge and code_challenge_method are to be passed if to be sent in the request",[Zt]:"Invalid cloudDiscoveryMetadata provided. Must be a stringified JSON object containing tenant_discovery_endpoint and metadata fields",[er]:"Invalid authorityMetadata provided. Must by a stringified JSON object containing authorization_endpoint, token_endpoint, issuer fields.",[tr]:"The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter.",[rr]:"Missing sshJwk in SSH certificate request. A stringified JSON Web Key is required when using the SSH authentication scheme.",[nr]:"Missing sshKid in SSH certificate request. A string that uniquely identifies the public SSH key is required when using the SSH authentication scheme.",[or]:"Unable to find an authentication header containing server nonce. Either the Authentication-Info or WWW-Authenticate headers must be present in order to obtain a server nonce.",[ir]:"Invalid authentication header provided",[ar]:"Cannot set OIDCOptions parameter. Please change the protocol mode to OIDC or use a non-Microsoft authority.",[sr]:"Cannot set allowPlatformBroker parameter to true when not in AAD protocol mode.",[cr]:"Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority."},dr={redirectUriNotSet:{code:Ft,desc:hr[Ft]},claimsRequestParsingError:{code:Kt,desc:hr[Kt]},authorityUriInsecure:{code:zt,desc:hr[zt]},urlParseError:{code:Gt,desc:hr[Gt]},urlEmptyError:{code:$t,desc:hr[$t]},emptyScopesError:{code:Qt,desc:hr[Qt]},invalidPrompt:{code:jt,desc:hr[jt]},invalidClaimsRequest:{code:Wt,desc:hr[Wt]},tokenRequestEmptyError:{code:Vt,desc:hr[Vt]},logoutRequestEmptyError:{code:Jt,desc:hr[Jt]},invalidCodeChallengeMethod:{code:Yt,desc:hr[Yt]},invalidCodeChallengeParams:{code:Xt,desc:hr[Xt]},invalidCloudDiscoveryMetadata:{code:Zt,desc:hr[Zt]},invalidAuthorityMetadata:{code:er,desc:hr[er]},untrustedAuthority:{code:tr,desc:hr[tr]},missingSshJwk:{code:rr,desc:hr[rr]},missingSshKid:{code:nr,desc:hr[nr]},missingNonceAuthenticationHeader:{code:or,desc:hr[or]},invalidAuthenticationHeader:{code:ir,desc:hr[ir]},cannotSetOIDCOptions:{code:ar,desc:hr[ar]},cannotAllowPlatformBroker:{code:sr,desc:hr[sr]},authorityMismatch:{code:cr,desc:hr[cr]}};class ur extends ye{constructor(e){super(e,hr[e]),this.name="ClientConfigurationError",Object.setPrototypeOf(this,ur.prototype)}}function gr(e){return new ur(e)} /*! @azure/msal-common v15.6.0 2025-05-06 */class pr{static isEmptyObj(e){if(e)try{const t=JSON.parse(e);return 0===Object.keys(t).length}catch(e){}return!0}static startsWith(e,t){return 0===e.indexOf(t)}static endsWith(e,t){return e.length>=t.length&&e.lastIndexOf(t)===e.length-t.length}static queryStringToObject(e){const t={},r=e.split("&"),n=e=>decodeURIComponent(e.replace(/\+/g," "));return r.forEach((e=>{if(e.trim()){const[r,o]=e.split(/=(.+)/g,2);r&&o&&(t[n(r)]=n(o))}})),t}static trimArrayEntries(e){return e.map((e=>e.trim()))}static removeEmptyStringsFromArray(e){return e.filter((e=>!!e))}static jsonParseHelper(e){try{return JSON.parse(e)}catch(e){return null}}static matchPattern(e,t){return new RegExp(e.replace(/\\/g,"\\\\").replace(/\*/g,"[^ ]*").replace(/\?/g,"\\?")).test(t)}} /*! @azure/msal-common v15.6.0 2025-05-06 */class mr{constructor(e){const t=e?pr.trimArrayEntries([...e]):[],r=t?pr.removeEmptyStringsFromArray(t):[];if(!r||!r.length)throw gr(Qt);this.scopes=new Set,r.forEach((e=>this.scopes.add(e)))}static fromString(e){const r=(e||t.EMPTY_STRING).split(" ");return new mr(r)}static createSearchScopes(e){const r=new mr(e);return r.containsOnlyOIDCScopes()?r.removeScope(t.OFFLINE_ACCESS_SCOPE):r.removeOIDCScopes(),r}containsScope(e){const t=this.printScopesLowerCase().split(" "),r=new mr(t);return!!e&&r.scopes.has(e.toLowerCase())}containsScopeSet(e){return!(!e||e.scopes.size<=0)&&(this.scopes.size>=e.scopes.size&&e.asArray().every((e=>this.containsScope(e))))}containsOnlyOIDCScopes(){let e=0;return s.forEach((t=>{this.containsScope(t)&&(e+=1)})),this.scopes.size===e}appendScope(e){e&&this.scopes.add(e.trim())}appendScopes(e){try{e.forEach((e=>this.appendScope(e)))}catch(e){throw gt(xe)}}removeScope(e){if(!e)throw gt(Ue);this.scopes.delete(e.trim())}removeOIDCScopes(){s.forEach((e=>{this.scopes.delete(e)}))}unionScopeSets(e){if(!e)throw gt(Be);const t=new Set;return e.scopes.forEach((e=>t.add(e.toLowerCase()))),this.scopes.forEach((e=>t.add(e.toLowerCase()))),t}intersectingScopeSets(e){if(!e)throw gt(Be);e.containsOnlyOIDCScopes()||e.removeOIDCScopes();const t=this.unionScopeSets(e),r=e.getScopeCount(),n=this.getScopeCount();return t.size<n+r}getScopeCount(){return this.scopes.size}asArray(){const e=[];return this.scopes.forEach((t=>e.push(t))),e}printScopes(){if(this.scopes){return this.asArray().join(" ")}return t.EMPTY_STRING}printScopesLowerCase(){return this.printScopes().toLowerCase()}} /*! @azure/msal-common v15.6.0 2025-05-06 */function fr(e,t){if(!e)throw gt(we);try{const r=t(e);return JSON.parse(r)}catch(e){throw gt(ve)}}function yr(e){if(!e)throw gt(ve);const r=e.split(q,2);return{uid:r[0],utid:r.length<2?t.EMPTY_STRING:r[1]}} /*! @azure/msal-common v15.6.0 2025-05-06 */function Cr(e,t){return!!e&&!!t&&e===t.split(".")[1]}function vr(e,t,r,n){if(n){const{oid:t,sub:r,tid:o,name:i,tfp:a,acr:s}=n,c=o||a||s||"";return{tenantId:c,localAccountId:t||r||"",name:i,isHomeTenant:Cr(c,e)}}return{tenantId:r,localAccountId:t,isHomeTenant:Cr(r,e)}}function wr(e,t,r,n){let o=e;if(t){const{isHomeTenant:r,...n}=t;o={...e,...n}}if(r){const{isHomeTenant:t,...i}=vr(e.homeAccountId,e.localAccountId,e.tenantId,r);return o={...o,...i,idTokenClaims:r,idToken:n},o}return o} /*! @azure/msal-common v15.6.0 2025-05-06 */const Ir=0,Tr=1,kr=2,Ar=3; /*! @azure/msal-common v15.6.0 2025-05-06 */function Sr(e){if(e){return e.tid||e.tfp||e.acr||null}return null} /*! @azure/msal-common v15.6.0 2025-05-06 */const br={AAD:"AAD",OIDC:"OIDC",EAR:"EAR"}; /*! @azure/msal-common v15.6.0 2025-05-06 */class Er{generateAccountId(){return[this.homeAccountId,this.environment].join(N).toLowerCase()}generateAccountKey(){return Er.generateAccountCacheKey({homeAccountId:this.homeAccountId,environment:this.environment,tenantId:this.realm,username:this.username,localAccountId:this.localAccountId})}getAccountInfo(){return{homeAccountId:this.homeAccountId,environment:this.environment,tenantId:this.realm,username:this.username,localAccountId:this.localAccountId,name:this.name,nativeAccountId:this.nativeAccountId,authorityType:this.authorityType,tenantProfiles:new Map((this.tenantProfiles||[]).map((e=>[e.tenantId,e])))}}isSingleTenant(){return!this.tenantProfiles}static generateAccountCacheKey(e){const t=e.homeAccountId.split(".")[1];return[e.homeAccountId,e.environment||"",t||e.tenantId||""].join(N).toLowerCase()}static createAccount(e,t,r){const n=new Er;let o;t.authorityType===Tr?n.authorityType=M:t.protocolMode===br.OIDC?n.authorityType=O:n.authorityType=P,e.clientInfo&&r&&(o=fr(e.clientInfo,r)),n.clientInfo=e.clientInfo,n.homeAccountId=e.homeAccountId,n.nativeAccountId=e.nativeAccountId;const i=e.environment||t&&t.getPreferredCache();if(!i)throw gt($e);n.environment=i,n.realm=o?.utid||Sr(e.idTokenClaims)||"",n.localAccountId=o?.uid||e.idTokenClaims?.oid||e.idTokenClaims?.sub||"";const a=e.idTokenClaims?.preferred_username||e.idTokenClaims?.upn,s=e.idTokenClaims?.emails?e.idTokenClaims.emails[0]:null;if(n.username=a||s||"",n.name=e.idTokenClaims?.name||"",n.cloudGraphHostName=e.cloudGraphHostName,n.msGraphHost=e.msGraphHost,e.tenantProfiles)n.tenantProfiles=e.tenantProfiles;else{const t=vr(e.homeAccountId,n.localAccountId,n.realm,e.idTokenClaims);n.tenantProfiles=[t]}return n}static createFromAccountInfo(e,t,r){const n=new Er;return n.authorityType=e.authorityType||O,n.homeAccountId=e.homeAccountId,n.localAccountId=e.localAccountId,n.nativeAccountId=e.nativeAccountId,n.realm=e.tenantId,n.environment=e.environment,n.username=e.username,n.name=e.name,n.cloudGraphHostName=t,n.msGraphHost=r,n.tenantProfiles=Array.from(e.tenantProfiles?.values()||[]),n}static generateHomeAccountId(e,t,r,n,o){if(t!==Tr&&t!==kr){if(e)try{const t=fr(e,n.base64Decode);if(t.uid&&t.utid)return`${t.uid}.${t.utid}`}catch(e){}r.warning("No client info in response")}return o?.sub||""}static isAccountEntity(e){return!!e&&(e.hasOwnProperty("homeAccountId")&&e.hasOwnProperty("environment")&&e.hasOwnProperty("realm")&&e.hasOwnProperty("localAccountId")&&e.hasOwnProperty("username")&&e.hasOwnProperty("authorityType"))}static accountInfoIsEqual(e,t,r){if(!e||!t)return!1;let n=!0;if(r){const r=e.idTokenClaims||{},o=t.idTokenClaims||{};n=r.iat===o.iat&&r.nonce===o.nonce}return e.homeAccountId===t.homeAccountId&&e.localAccountId===t.localAccountId&&e.username===t.username&&e.tenantId===t.tenantId&&e.environment===t.environment&&e.nativeAccountId===t.nativeAccountId&&n}} /*! @azure/msal-common v15.6.0 2025-05-06 */function Rr(e){return e.startsWith("#/")?e.substring(2):e.startsWith("#")||e.startsWith("?")?e.substring(1):e}function _r(e){if(!e||e.indexOf("=")<0)return null;try{const t=Rr(e),r=Object.fromEntries(new URLSearchParams(t));if(r.code||r.ear_jwe||r.error||r.error_description||r.state)return r}catch(e){throw gt(be)}return null}function Pr(e,t=!0,r){const n=new Array;return e.forEach(((e,o)=>{!t&&r&&o in r?n.push(`${o}=${e}`):n.push(`${o}=${encodeURIComponent(e)}`)})),n.join("&")} /*! @azure/msal-common v15.6.0 2025-05-06 */class Mr{get urlString(){return this._urlString}constructor(e){if(this._urlString=e,!this._urlString)throw gr($t);e.includes("#")||(this._urlString=Mr.canonicalizeUri(e))}static canonicalizeUri(e){if(e){let t=e.toLowerCase();return pr.endsWith(t,"?")?t=t.slice(0,-1):pr.endsWith(t,"?/")&&(t=t.slice(0,-2)),pr.endsWith(t,"/")||(t+="/"),t}return e}validateAsUri(){let e;try{e=this.getUrlComponents()}catch(e){throw gr(Gt)}if(!e.HostNameAndPort||!e.PathSegments)throw gr(Gt);if(!e.Protocol||"https:"!==e.Protocol.toLowerCase())throw gr(zt)}static appendQueryString(e,t){return t?e.indexOf("?")<0?`${e}?${t}`:`${e}&${t}`:e}static removeHashFromUrl(e){return Mr.canonicalizeUri(e.split("#")[0])}replaceTenantPath(e){const t=this.getUrlComponents(),r=t.PathSegments;return!e||0===r.length||r[0]!==y&&r[0]!==C||(r[0]=e),Mr.constructAuthorityUriFromObject(t)}getUrlComponents(){const e=RegExp("^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?"),t=this.urlString.match(e);if(!t)throw gr(Gt);const r={Protocol:t[1],HostNameAndPort:t[4],AbsolutePath:t[5],QueryString:t[7]};let n=r.AbsolutePath.split("/");return n=n.filter((e=>e&&e.length>0)),r.PathSegments=n,r.QueryString&&r.QueryString.endsWith("/")&&(r.QueryString=r.QueryString.substring(0,r.QueryString.length-1)),r}static getDomainFromUrl(e){const t=RegExp("^([^:/?#]+://)?([^/?#]*)"),r=e.match(t);if(!r)throw gr(Gt);return r[2]}static getAbsoluteUrl(e,r){if(e[0]===t.FORWARD_SLASH){const t=new Mr(r).getUrlComponents();return t.Protocol+"//"+t.HostNameAndPort+e}return e}static constructAuthorityUriFromObject(e){return new Mr(e.Protocol+"//"+e.HostNameAndPort+"/"+e.PathSegments.join("/"))}static hashContainsKnownProperties(e){return!!_r(e)}} /*! @azure/msal-common v15.6.0 2025-05-06 */const Or={"login.microsoftonline.com":{token_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.microsoftonline.com/{tenantid}/discovery/v2.0/keys",issuer:"https://login.microsoftonline.com/{tenantid}/v2.0",authorization_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/logout"},"login.chinacloudapi.cn":{token_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.chinacloudapi.cn/{tenantid}/discovery/v2.0/keys",issuer:"https://login.partner.microsoftonline.cn/{tenantid}/v2.0",authorization_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/logout"},"login.microsoftonline.us":{token_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.microsoftonline.us/{tenantid}/discovery/v2.0/keys",issuer:"https://login.microsoftonline.us/{tenantid}/v2.0",authorization_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/logout"}},Nr={tenant_discovery_endpoint:"https://{canonicalAuthority}/v2.0/.well-known/openid-configuration",metadata:[{preferred_network:"login.microsoftonline.com",preferred_cache:"login.windows.net",aliases:["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"]},{preferred_network:"login.partner.microsoftonline.cn",preferred_cache:"login.partner.microsoftonline.cn",aliases:["login.partner.microsoftonline.cn","login.chinacloudapi.cn"]},{preferred_network:"login.microsoftonline.de",preferred_cache:"login.microsoftonline.de",aliases:["login.microsoftonline.de"]},{preferred_network:"login.microsoftonline.us",preferred_cache:"login.microsoftonline.us",aliases:["login.microsoftonline.us","login.usgovcloudapi.net"]},{preferred_network:"login-us.microsoftonline.com",preferred_cache:"login-us.microsoftonline.com",aliases:["login-us.microsoftonline.com"]}]},qr=new Set;function Lr(e,t,r,n){if(n?.trace(`getAliasesFromMetadata called with source: ${r}`),e&&t){const o=Hr(t,e);if(o)return n?.trace(`getAliasesFromMetadata: found cloud discovery metadata in ${r}, returning aliases`),o.aliases;n?.trace(`getAliasesFromMetadata: did not find cloud discovery metadata in ${r}`)}return null}function Hr(e,t){for(let r=0;r<e.length;r++){const n=e[r];if(n.aliases.includes(t))return n}return null} /*! @azure/msal-common v15.6.0 2025-05-06 */Nr.metadata.forEach((e=>{e.aliases.forEach((e=>{qr.add(e)}))}));const Ur="cache_quota_exceeded",xr="cache_error_unknown",Br={[Ur]:"Exceeded cache storage capacity.",[xr]:"Unexpected error occurred when using cache storage."};class Dr extends Error{constructor(e,t){const r=t||(Br[e]?Br[e]:Br[xr]);super(`${e}: ${r}`),Object.setPrototypeOf(this,Dr.prototype),this.name="CacheError",this.errorCode=e,this.errorMessage=r}} /*! @azure/msal-common v15.6.0 2025-05-06 */class Fr{constructor(e,t,r,n){this.clientId=e,this.cryptoImpl=t,this.commonLogger=r.clone(yt,Ct),this.staticAuthorityOptions=n}getAllAccounts(e){return this.buildTenantProfiles(this.getAccountsFilteredBy(e||{}),e)}getAccountInfoFilteredBy(e){const t=this.getAllAccounts(e);if(t.length>1){return t.sort((e=>e.idTokenClaims?-1:1))[0]}return 1===t.length?t[0]:null}getBaseAccountInfo(e){const t=this.getAccountsFilteredBy(e);return t.length>0?t[0].getAccountInfo():null}buildTenantProfiles(e,t){return e.flatMap((e=>this.getTenantProfilesFromAccountEntity(e,t?.tenantId,t)))}getTenantedAccountInfoByFilter(e,t,r,n){let o,i=null;if(n&&!this.tenantProfileMatchesFilter(r,n))return null;const a=this.getIdToken(e,t,r.tenantId);return a&&(o=wt(a.secret,this.cryptoImpl.base64Decode),!this.idTokenClaimsMatchTenantProfileFilter(o,n))?null:(i=wr(e,r,o,a?.secret),i)}getTenantProfilesFromAccountEntity(e,t,r){const n=e.getAccountInfo();let o=n.tenantProfiles||new Map;const i=this.getTokenKeys();if(t){const e=o.get(t);if(!e)return[];o=new Map([[t,e]])}const a=[];return o.forEach((e=>{const t=this.getTenantedAccountInfoByFilter(n,i,e,r);t&&a.push(t)})),a}tenantProfileMatchesFilter(e,t){return!(t.localAccountId&&!this.matchLocalAccountIdFromTenantProfile(e,t.localAccountId))&&((!t.name||e.name===t.name)&&(void 0===t.isHomeTenant||e.isHomeTenant===t.isHomeTenant))}idTokenClaimsMatchTenantProfileFilter(e,t){if(t){if(t.localAccountId&&!this.matchLocalAccountIdFromTokenClaims(e,t.localAccountId))return!1;if(t.loginHint&&!this.matchLoginHintFromTokenClaims(e,t.loginHint))return!1;if(t.username&&!this.matchUsername(e.preferred_username,t.username))return!1;if(t.name&&!this.matchName(e,t.name))return!1;if(t.sid&&!this.matchSid(e,t.sid))return!1}return!0}async saveCacheRecord(e,t,r){if(!e)throw gt(Ge);try{e.account&&await this.setAccount(e.account,t),e.idToken&&!1!==r?.idToken&&await this.setIdTokenCredential(e.idToken,t),e.accessToken&&!1!==r?.accessToken&&await this.saveAccessToken(e.accessToken,t),e.refreshToken&&!1!==r?.refreshToken&&await this.setRefreshTokenCredential(e.refreshToken,t),e.appMetadata&&this.setAppMetadata(e.appMetadata)}catch(e){throw this.commonLogger?.error("CacheManager.saveCacheRecord: failed"),e instanceof Error?(this.commonLogger?.errorPii(`CacheManager.saveCacheRecord: ${e.message}`,t),"QuotaExceededError"===e.name||"NS_ERROR_DOM_QUOTA_REACHED"===e.name||e.message.includes("exceeded the quota")?(this.commonLogger?.error("CacheManager.saveCacheRecord: exceeded storage quota",t),new Dr(Ur)):new Dr(e.name,e.message)):(this.commonLogger?.errorPii(`CacheManager.saveCacheRecord: ${e}`,t),new Dr(xr))}}async saveAccessToken(e,t){const r={clientId:e.clientId,credentialType:e.credentialType,environment:e.environment,homeAccountId:e.homeAccountId,realm:e.realm,tokenType:e.tokenType,requestedClaimsHash:e.requestedClaimsHash},n=this.getTokenKeys(),o=mr.fromString(e.target),i=[];n.accessToken.forEach((e=>{if(!this.accessTokenKeyMatchesFilter(e,r,!1))return;const t=this.getAccessTokenCredential(e);if(t&&this.credentialMatchesFilter(t,r)){mr.fromString(t.target).intersectingScopeSets(o)&&i.push(this.removeAccessToken(e))}})),await Promise.all(i),await this.setAccessTokenCredential(e,t)}getAccountsFilteredBy(e){const t=this.getAccountKeys(),r=[];return t.forEach((t=>{if(!this.isAccountKey(t,e.homeAccountId))return;const n=this.getAccount(t,this.commonLogger);if(!n)return;if(e.homeAccountId&&!this.matchHomeAccountId(n,e.homeAccountId))return;if(e.username&&!this.matchUsername(n.username,e.username))return;if(e.environment&&!this.matchEnvironment(n,e.environment))return;if(e.realm&&!this.matchRealm(n,e.realm))return;if(e.nativeAccountId&&!this.matchNativeAccountId(n,e.nativeAccountId))return;if(e.authorityType&&!this.matchAuthorityType(n,e.authorityType))return;const o={localAccountId:e?.localAccountId,name:e?.name},i=n.tenantProfiles?.filter((e=>this.tenantProfileMatchesFilter(e,o)));i&&0===i.length||r.push(n)})),r}isAccountKey(e,t,r){return!(e.split(N).length<3)&&(!(t&&!e.toLowerCase().includes(t.toLowerCase()))&&!(r&&!e.toLowerCase().includes(r.toLowerCase())))}isCredentialKey(e){if(e.split(N).length<6)return!1;const t=e.toLowerCase();if(-1===t.indexOf(L.ID_TOKEN.toLowerCase())&&-1===t.indexOf(L.ACCESS_TOKEN.toLowerCase())&&-1===t.indexOf(L.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase())&&-1===t.indexOf(L.REFRESH_TOKEN.toLowerCase()))return!1;if(t.indexOf(L.REFRESH_TOKEN.toLowerCase())>-1){const e=`${L.REFRESH_TOKEN}${N}${this.clientId}${N}`,r=`${L.REFRESH_TOKEN}${N}${U}${N}`;if(-1===t.indexOf(e.toLowerCase())&&-1===t.indexOf(r.toLowerCase()))return!1}else if(-1===t.indexOf(this.clientId.toLowerCase()))return!1;return!0}credentialMatchesFilter(e,t){if(t.clientId&&!this.matchClientId(e,t.clientId))return!1;if(t.userAssertionHash&&!this.matchUserAssertionHash(e,t.userAssertionHash))return!1;if("string"==typeof t.homeAccountId&&!this.matchHomeAccountId(e,t.homeAccountId))return!1;if(t.environment&&!this.matchEnvironment(e,t.environment))return!1;if(t.realm&&!this.matchRealm(e,t.realm))return!1;if(t.credentialType&&!this.matchCredentialType(e,t.credentialType))return!1;if(t.familyId&&!this.matchFamilyId(e,t.familyId))return!1;if(t.target&&!this.matchTarget(e,t.target))return!1;if((t.requestedClaimsHash||e.requestedClaimsHash)&&e.requestedClaimsHash!==t.requestedClaimsHash)return!1;if(e.credentialType===L.ACCESS_TOKEN_WITH_AUTH_SCHEME){if(t.tokenType&&!this.matchTokenType(e,t.tokenType))return!1;if(t.tokenType===$.SSH&&t.keyId&&!this.matchKeyId(e,t.keyId))return!1}return!0}getAppMetadataFilteredBy(e){const t=this.getKeys(),r={};return t.forEach((t=>{if(!this.isAppMetadata(t))return;const n=this.getAppMetadata(t);n&&(e.environment&&!this.matchEnvironment(n,e.environment)||e.clientId&&!this.matchClientId(n,e.clientId)||(r[t]=n))})),r}getAuthorityMetadataByAlias(e){const t=this.getAuthorityMetadataKeys();let r=null;return t.forEach((t=>{if(!this.isAuthorityMetadata(t)||-1===t.indexOf(this.clientId))return;const n=this.getAuthorityMetadata(t);n&&-1!==n.aliases.indexOf(e)&&(r=n)})),r}async removeAllAccounts(){const e=this.getAccountKeys(),t=[];e.forEach((e=>{t.push(this.removeAccount(e))})),await Promise.all(t)}async removeAccount(e){const t=this.getAccount(e,this.commonLogger);t&&(await this.removeAccountContext(t),this.removeItem(e))}async removeAccountContext(e){const t=this.getTokenKeys(),r=e.generateAccountId(),n=[];t.idToken.forEach((e=>{0===e.indexOf(r)&&this.removeIdToken(e)})),t.accessToken.forEach((e=>{0===e.indexOf(r)&&n.push(this.removeAccessToken(e))})),t.refreshToken.forEach((e=>{0===e.indexOf(r)&&this.removeRefreshToken(e)})),await Promise.all(n)}async removeAccessToken(e){const t=this.getAccessTokenCredential(e);if(t){if(t.credentialType.toLowerCase()===L.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()&&t.tokenType===$.POP){const e=t.keyId;if(e)try{await this.cryptoImpl.removeTokenBindingKey(e)}catch(e){throw gt(tt)}}return this.removeItem(e)}}removeAppMetadata(){return this.getKeys().forEach((e=>{this.isAppMetadata(e)&&this.removeItem(e)})),!0}readAccountFromCache(e){const t=Er.generateAccountCacheKey(e);return this.getAccount(t,this.commonLogger)}getIdToken(e,t,r,n,o){this.commonLogger.trace("CacheManager - getIdToken called");const i={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:L.ID_TOKEN,clientId:this.clientId,realm:r},a=this.getIdTokensByFilter(i,t),s=a.size;if(s<1)return this.commonLogger.info("CacheManager:getIdToken - No token found"),null;if(s>1){let t=a;if(!r){const r=new Map;a.forEach(((t,n)=>{t.realm===e.tenantId&&r.set(n,t)}));const n=r.size;if(n<1)return this.commonLogger.info("CacheManager:getIdToken - Multiple ID tokens found for account but none match account entity tenant id, returning first result"),a.values().next().value;if(1===n)return this.commonLogger.info("CacheManager:getIdToken - Multiple ID tokens found for account, defaulting to home tenant profile"),r.values().next().value;t=r}return this.commonLogger.info("CacheManager:getIdToken - Multiple matching ID tokens found, clearing them"),t.forEach(((e,t)=>{this.removeIdToken(t)})),n&&o&&n.addFields({multiMatchedID:a.size},o),null}return this.commonLogger.info("CacheManager:getIdToken - Returning ID token"),a.values().next().value}getIdTokensByFilter(e,t){const r=t&&t.idToken||this.getTokenKeys().idToken,n=new Map;return r.forEach((t=>{if(!this.idTokenKeyMatchesFilter(t,{clientId:this.clientId,...e}))return;const r=this.getIdTokenCredential(t);r&&this.credentialMatchesFilter(r,e)&&n.set(t,r)})),n}idTokenKeyMatchesFilter(e,t){const r=e.toLowerCase();return(!t.clientId||-1!==r.indexOf(t.clientId.toLowerCase()))&&(!t.homeAccountId||-1!==r.indexOf(t.homeAccountId.toLowerCase()))}removeIdToken(e){this.removeItem(e)}removeRefreshToken(e){this.removeItem(e)}getAccessToken(e,t,r,n,o,i){this.commonLogger.trace("CacheManager - getAccessToken called");const a=mr.createSearchScopes(t.scopes),s=t.authenticationScheme||$.BEARER,c=s&&s.toLowerCase()!==$.BEARER.toLowerCase()?L.ACCESS_TOKEN_WITH_AUTH_SCHEME:L.ACCESS_TOKEN,l={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:c,clientId:this.clientId,realm:n||e.tenantId,target:a,tokenType:s,keyId:t.sshKid,requestedClaimsHash:t.requestedClaimsHash},h=r&&r.accessToken||this.getTokenKeys().accessToken,d=[];h.forEach((e=>{if(this.accessTokenKeyMatchesFilter(e,l,!0)){const t=this.getAccessTokenCredential(e);t&&this.credentialMatchesFilter(t,l)&&d.push(t)}}));const u=d.length;return u<1?(this.commonLogger.info("CacheManager:getAccessToken - No token found"),null):u>1?(this.commonLogger.info("CacheManager:getAccessToken - Multiple access tokens found, clearing them"),d.forEach((e=>{this.removeAccessToken(Et(e))})),o&&i&&o.addFields({multiMatchedAT:d.length},i),null):(this.commonLogger.info("CacheManager:getAccessToken - Returning access token"),d[0])}accessTokenKeyMatchesFilter(e,t,r){const n=e.toLowerCase();if(t.clientId&&-1===n.indexOf(t.clientId.toLowerCase()))return!1;if(t.homeAccountId&&-1===n.indexOf(t.homeAccountId.toLowerCase()))return!1;if(t.realm&&-1===n.indexOf(t.realm.toLowerCase()))return!1;if(t.requestedClaimsHash&&-1===n.indexOf(t.requestedClaimsHash.toLowerCase()))return!1;if(t.target){const e=t.target.asArray();for(let t=0;t<e.length;t++){if(r&&!n.includes(e[t].toLowerCase()))return!1;if(!r&&n.includes(e[t].toLowerCase()))return!0}}return!0}getAccessTokensByFilter(e){const t=this.getTokenKeys(),r=[];return t.accessToken.forEach((t=>{if(!this.accessTokenKeyMatchesFilter(t,e,!0))return;const n=this.getAccessTokenCredential(t);n&&this.credentialMatchesFilter(n,e)&&r.push(n)})),r}getRefreshToken(e,t,r,n,o){this.commonLogger.trace("CacheManager - getRefreshToken called");const i=t?U:void 0,a={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:L.REFRESH_TOKEN,clientId:this.clientId,familyId:i},s=r&&r.refreshToken||this.getTokenKeys().refreshToken,c=[];s.forEach((e=>{if(this.refreshTokenKeyMatchesFilter(e,a)){const t=this.getRefreshTokenCredential(e);t&&this.credentialMatchesFilter(t,a)&&c.push(t)}}));const l=c.length;return l<1?(this.commonLogger.info("CacheManager:getRefreshToken - No refresh token found."),null):(l>1&&n&&o&&n.addFields({multiMatchedRT:l},o),this.commonLogger.info("CacheManager:getRefreshToken - returning refresh token"),c[0])}refreshTokenKeyMatchesFilter(e,t){const r=e.toLowerCase();return(!t.familyId||-1!==r.indexOf(t.familyId.toLowerCase()))&&(!(!t.familyId&&t.clientId&&-1===r.indexOf(t.clientId.toLowerCase()))&&(!t.homeAccountId||-1!==r.indexOf(t.homeAccountId.toLowerCase())))}readAppMetadataFromCache(e){const t={environment:e,clientId:this.clientId},r=this.getAppMetadataFilteredBy(t),n=Object.keys(r).map((e=>r[e])),o=n.length;if(o<1)return null;if(o>1)throw gt(Le);return n[0]}isAppMetadataFOCI(e){const t=this.readAppMetadataFromCache(e);return!(!t||t.familyId!==U)}matchHomeAccountId(e,t){return!("string"!=typeof e.homeAccountId||t!==e.homeAccountId)}matchLocalAccountIdFromTokenClaims(e,t){return t===(e.oid||e.sub)}matchLocalAccountIdFromTenantProfile(e,t){return e.localAccountId===t}matchName(e,t){return!(t.toLowerCase()!==e.name?.toLowerCase())}matchUsername(e,t){return!(!e||"string"!=typeof e||t?.toLowerCase()!==e.toLowerCase())}matchUserAssertionHash(e,t){return!(!e.userAssertionHash||t!==e.userAssertionHash)}matchEnvironment(e,t){if(this.staticAuthorityOptions){const r=function(e,t){let r;const n=e.canonicalAuthority;if(n){const o=new Mr(n).getUrlComponents().HostNameAndPort;r=Lr(o,e.cloudDiscoveryMetadata?.metadata,D,t)||Lr(o,Nr.metadata,z,t)||e.knownAuthorities}return r||[]}(this.staticAuthorityOptions,this.commonLogger);if(r.includes(t)&&r.includes(e.environment))return!0}const r=this.getAuthorityMetadataByAlias(t);return!!(r&&r.aliases.indexOf(e.environment)>-1)}matchCredentialType(e,t){return e.credentialType&&t.toLowerCase()===e.credentialType.toLowerCase()}matchClientId(e,t){return!(!e.clientId||t!==e.clientId)}matchFamilyId(e,t){return!(!e.familyId||t!==e.familyId)}matchRealm(e,t){return!(e.realm?.toLowerCase()!==t.toLowerCase())}matchNativeAccountId(e,t){return!(!e.nativeAccountId||t!==e.nativeAccountId)}matchLoginHintFromTokenClaims(e,t){return e.login_hint===t||(e.preferred_username===t||e.upn===t)}matchSid(e,t){return e.sid===t}matchAuthorityType(e,t){return!(!e.authorityType||t.toLowerCase()!==e.authorityType.toLowerCase())}matchTarget(e,t){if(e.credentialType!==L.ACCESS_TOKEN&&e.credentialType!==L.ACCESS_TOKEN_WITH_AUTH_SCHEME||!e.target)return!1;return mr.fromString(e.target).containsScopeSet(t)}matchTokenType(e,t){return!(!e.tokenType||e.tokenType!==t)}matchKeyId(e,t){return!(!e.keyId||e.keyId!==t)}isAppMetadata(e){return-1!==e.indexOf(H)}isAuthorityMetadata(e){return-1!==e.indexOf(x)}generateAuthorityMetadataCacheKey(e){return`${x}-${this.clientId}-${e}`}static toObject(e,t){for(const r in t)e[r]=t[r];return e}}class Kr extends Fr{async setAccount(){throw gt(st)}getAccount(){throw gt(st)}async setIdTokenCredential(){throw gt(st)}getIdTokenCredential(){throw gt(st)}async setAccessTokenCredential(){throw gt(st)}getAccessTokenCredential(){throw gt(st)}async setRefreshTokenCredential(){throw gt(st)}getRefreshTokenCredential(){throw gt(st)}setAppMetadata(){throw gt(st)}getAppMetadata(){throw gt(st)}setServerTelemetry(){throw gt(st)}getServerTelemetry(){throw gt(st)}setAuthorityMetadata(){throw gt(st)}getAuthorityMetadata(){throw gt(st)}getAuthorityMetadataKeys(){throw gt(st)}setThrottlingCache(){throw gt(st)}getThrottlingCache(){throw gt(st)}removeItem(){throw gt(st)}getKeys(){throw gt(st)}getAccountKeys(){throw gt(st)}getTokenKeys(){throw gt(st)}} /*! @azure/msal-common v15.6.0 2025-05-06 */const zr={tokenRenewalOffsetSeconds:300,preventCorsPreflight:!1},Gr={loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:e.LogLevel.Info,correlationId:t.EMPTY_STRING},$r={claimsBasedCachingEnabled:!1},Qr={async sendGetRequestAsync(){throw gt(st)},async sendPostRequestAsync(){throw gt(st)}},jr={sku:t.SKU,version:Ct,cpu:t.EMPTY_STRING,os:t.EMPTY_STRING},Wr={clientSecret:t.EMPTY_STRING,clientAssertion:void 0},Vr={azureCloudInstance:vt.None,tenant:`${t.DEFAULT_COMMON_TENANT}`},Jr={application:{appName:"",appVersion:""}};function Yr(e){return e.authOptions.authority.options.protocolMode===br.OIDC} /*! @azure/msal-common v15.6.0 2025-05-06 */const Xr="home_account_id",Zr="UPN",en="client_id",tn="redirect_uri",rn="token_type",nn="req_cnf",on="return_spa_code",an="x-client-xtra-sku",sn="brk_client_id",cn="brk_redirect_uri",ln="instance_aware"; /*! @azure/msal-common v15.6.0 2025-05-06 */ /*! @azure/msal-common v15.6.0 2025-05-06 */ function hn(e,t,r){if(!t)return;const n=e.get(en);n&&e.has(sn)&&r?.addFields({embeddedClientId:n,embeddedRedirectUri:e.get(tn)},t)}functio