UNPKG

@azure/msal-browser

Version:

Microsoft Authentication Library for js

github.com/AzureAD/microsoft-authentication-library-for-js

AzureAD/microsoft-authentication-library-for-js

2 lines 256 kB
1
2
/*! @azure/msal-browser v5.11.0 2026-05-19 */ "use strict";!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).msal={})}(this,(function(e){const t="https://login.microsoftonline.com/common/",r="common",n=`${t}discovery/instance?api-version=1.1&authorization_endpoint=`,o=".ciamlogin.com",i=".onmicrosoft.com",s="openid",a="profile",c="offline_access",h="S256",l="Not Available",d="http://169.254.169.254/metadata/instance/compute/location",u=["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"],g="GET",p="POST",m=[s,a,c],f=[...m,"email"],y="Content-Type",w="Content-Length",I="Retry-After",C="X-AnchorMailbox",v="WWW-Authenticate",k="Authentication-Info",T="x-ms-request-id",b="x-ms-httpver",A="active-account-filters",S="common",_="organizations",E="consumers",P="access_token",R="xms_cc",O={LOGIN:"login",SELECT_ACCOUNT:"select_account",CONSENT:"consent",NONE:"none",CREATE:"create",NO_SESSION:"no_session"},M="code",x="id_token token refresh_token",q={QUERY:"query",FRAGMENT:"fragment",FORM_POST:"form_post"},N="authorization_code",U="refresh_token",L="Generic",H={ID_TOKEN:"IdToken",ACCESS_TOKEN:"AccessToken",ACCESS_TOKEN_WITH_AUTH_SCHEME:"AccessToken_With_AuthScheme",REFRESH_TOKEN:"RefreshToken"},D="appmetadata",F="1",K="authority-metadata",B="config",z="cache",j="network",$="hardcoded_values",J=5,W="server-telemetry",G=",",Q={BEARER:"Bearer",POP:"pop",SSH:"ssh-cert"},V="throttling",X="1",Y="3",Z="4",ee="2",te="4",re="5",ne="0",oe="1",ie="2",se="3",ae="4",ce={Jwt:"JWT",Jwk:"JWK",Pop:"pop"},he="client_id",le="redirect_uri",de="token_type",ue="req_cnf",ge="return_spa_code",pe="x-client-xtra-sku",me="brk_client_id",fe="brk_redirect_uri",ye="instance_aware";function we(e){return`See https://aka.ms/msal.js.errors#${e} for details`}class Ie extends Error{constructor(e,t,r){const n=t||(e?we(e):"");super(n?`${e}: ${n}`:e),Object.setPrototypeOf(this,Ie.prototype),this.errorCode=e||"",this.errorMessage=n||"",this.subError=r||"",this.name="AuthError"}setCorrelationId(e){this.correlationId=e}}function Ce(e,t){return new Ie(e,t||we(e))}class ve extends Ie{constructor(e){super(e),this.name="ClientConfigurationError",Object.setPrototypeOf(this,ve.prototype)}}function ke(e){return new ve(e)}class Te{static isEmptyObj(e){if(e)try{const t=JSON.parse(e);return 0===Object.keys(t).length}catch(e){}return!0}static startsWith(e,t){return 0===e.indexOf(t)}static endsWith(e,t){return e.length>=t.length&&e.lastIndexOf(t)===e.length-t.length}static queryStringToObject(e){const t={},r=e.split("&"),n=e=>decodeURIComponent(e.replace(/\+/g," "));return r.forEach((e=>{if(e.trim()){const[r,o]=e.split(/=(.+)/g,2);r&&o&&(t[n(r)]=n(o))}})),t}static trimArrayEntries(e){return e.map((e=>e.trim()))}static removeEmptyStringsFromArray(e){return e.filter((e=>!!e))}static jsonParseHelper(e){try{return JSON.parse(e)}catch(e){return null}}}class be extends Ie{constructor(e,t){super(e,t),this.name="ClientAuthError",Object.setPrototypeOf(this,be.prototype)}}function Ae(e,t){return new be(e,t)}const Se="redirect_uri_empty",_e="authority_uri_insecure",Ee="url_parse_error",Pe="empty_url_error",Re="empty_input_scopes_error",Oe="invalid_claims",Me="token_request_empty",xe="logout_request_empty",qe="pkce_params_missing",Ne="invalid_cloud_discovery_metadata",Ue="invalid_authority_metadata",Le="untrusted_authority",He="missing_ssh_jwk",De="missing_ssh_kid",Fe="missing_nonce_authentication_header",Ke="invalid_authentication_header",Be="cannot_set_OIDCOptions",ze="cannot_allow_platform_broker",je="authority_mismatch",$e="invalid_request_method_for_EAR",Je="invalid_platform_broker_configuration",We="issuer_validation_failed";var Ge=Object.freeze({__proto__:null,authorityMismatch:je,authorityUriInsecure:_e,cannotAllowPlatformBroker:ze,cannotSetOIDCOptions:Be,claimsRequestParsingError:"claims_request_parsing_error",emptyInputScopesError:Re,invalidAuthenticationHeader:Ke,invalidAuthorityMetadata:Ue,invalidClaims:Oe,invalidCloudDiscoveryMetadata:Ne,invalidCodeChallengeMethod:"invalid_code_challenge_method",invalidPlatformBrokerConfiguration:Je,invalidRequestMethodForEAR:$e,issuerValidationFailed:We,logoutRequestEmpty:xe,missingNonceAuthenticationHeader:Fe,missingSshJwk:He,missingSshKid:De,pkceParamsMissing:qe,redirectUriEmpty:Se,tokenRequestEmpty:Me,untrustedAuthority:Le,urlEmptyError:Pe,urlParseError:Ee});const Qe="client_info_decoding_error",Ve="client_info_empty_error",Xe="token_parsing_error",Ye="null_or_empty_token",Ze="endpoints_resolution_error",et="network_error",tt="openid_config_error",rt="hash_not_deserialized",nt="invalid_state",ot="state_mismatch",it="state_not_found",st="nonce_mismatch",at="auth_time_not_found",ct="max_age_transpired",ht="multiple_matching_appMetadata",lt="request_cannot_be_made",dt="cannot_remove_empty_scope",ut="cannot_append_scopeset",gt="empty_input_scopeset",pt="no_account_in_silent_request",mt="invalid_cache_record",ft="invalid_cache_environment",yt="no_account_found",wt="no_crypto_object",It="token_refresh_required",Ct="token_claims_cnf_required_for_signedjwt",vt="authorization_code_missing_from_server_response",kt="binding_key_not_removed",Tt="end_session_endpoint_not_supported",bt="key_id_missing",At="no_network_connectivity",St="user_canceled",_t="method_not_implemented",Et="nested_app_auth_bridge_disabled",Pt="resource_parameter_required",Rt="misplaced_resource_parameter";var Ot=Object.freeze({__proto__:null,authTimeNotFound:at,authorizationCodeMissingFromServerResponse:vt,bindingKeyNotRemoved:kt,cannotAppendScopeSet:ut,cannotRemoveEmptyScope:dt,clientInfoDecodingError:Qe,clientInfoEmptyError:Ve,emptyInputScopeSet:gt,endSessionEndpointNotSupported:Tt,endpointResolutionError:Ze,hashNotDeserialized:rt,invalidCacheEnvironment:ft,invalidCacheRecord:mt,invalidState:nt,keyIdMissing:bt,maxAgeTranspired:ct,methodNotImplemented:_t,misplacedResourceParam:Rt,multipleMatchingAppMetadata:ht,multipleMatchingTokens:"multiple_matching_tokens",nestedAppAuthBridgeDisabled:Et,networkError:et,noAccountFound:yt,noAccountInSilentRequest:pt,noCryptoObject:wt,noNetworkConnectivity:At,nonceMismatch:st,nullOrEmptyToken:Ye,openIdConfigError:tt,platformBrokerError:"platform_broker_error",requestCannotBeMade:lt,resourceParameterRequired:Pt,stateMismatch:ot,stateNotFound:it,tokenClaimsCnfRequiredForSignedJwt:Ct,tokenParsingError:Xe,tokenRefreshRequired:It,unexpectedCredentialType:"unexpected_credential_type",userCanceled:St});class Mt{constructor(e){const t=e?Te.trimArrayEntries([...e]):[],r=t?Te.removeEmptyStringsFromArray(t):[];if(!r||!r.length)throw ke(Re);this.scopes=new Set,r.forEach((e=>this.scopes.add(e)))}static fromString(e){const t=(e||"").split(" ");return new Mt(t)}static createSearchScopes(e){const t=e&&e.length>0?e:[...m],r=new Mt(t);return r.containsOnlyOIDCScopes()?r.removeScope(c):r.removeOIDCScopes(),r}containsScope(e){const t=this.printScopesLowerCase().split(" "),r=new Mt(t);return!!e&&r.scopes.has(e.toLowerCase())}containsScopeSet(e){return!(!e||e.scopes.size<=0)&&(this.scopes.size>=e.scopes.size&&e.asArray().every((e=>this.containsScope(e))))}containsOnlyOIDCScopes(){let e=0;return f.forEach((t=>{this.containsScope(t)&&(e+=1)})),this.scopes.size===e}appendScope(e){e&&this.scopes.add(e.trim())}appendScopes(e){try{e.forEach((e=>this.appendScope(e)))}catch(e){throw Ae(ut)}}removeScope(e){if(!e)throw Ae(dt);this.scopes.delete(e.trim())}removeOIDCScopes(){f.forEach((e=>{this.scopes.delete(e)}))}unionScopeSets(e){if(!e)throw Ae(gt);const t=new Set;return e.scopes.forEach((e=>t.add(e.toLowerCase()))),this.scopes.forEach((e=>t.add(e.toLowerCase()))),t}intersectingScopeSets(e){if(!e)throw Ae(gt);e.containsOnlyOIDCScopes()||e.removeOIDCScopes();const t=this.unionScopeSets(e),r=e.getScopeCount(),n=this.getScopeCount();return t.size<n+r}getScopeCount(){return this.scopes.size}asArray(){const e=[];return this.scopes.forEach((t=>e.push(t))),e}printScopes(){if(this.scopes){return this.asArray().join(" ")}return""}printScopesLowerCase(){return this.printScopes().toLowerCase()}}function xt(e,t,r){if(!t)return;const n=e.get(he);n&&e.has(me)&&r?.addFields({embeddedClientId:n,embeddedRedirectUri:e.get(le)},t)}function qt(e,t){e.set("response_type",t)}function Nt(e,t,r=!0,n=m){!r||n.includes("openid")||t.includes("openid")||n.push("openid");const o=r?[...t||[],...n]:t||[],i=new Mt(o);e.set("scope",i.printScopes())}function Ut(e,t){e.set(he,t)}function Lt(e,t){e.set(le,t)}function Ht(e,t){e.set("login_hint",t)}function Dt(e,t){e.set(C,`UPN:${t}`)}function Ft(e,t){e.set(C,`Oid:${t.uid}@${t.utid}`)}function Kt(e,t){e.set("sid",t)}function Bt(e,t,r,n){const o=n&&e.has(me)?void 0:r;if(!Te.isEmptyObj(t)||o&&o.length>0){const r=tr(t,o);try{JSON.parse(r)}catch(e){throw ke(Oe)}e.set("claims",r)}}function zt(e,t){e.set("client-request-id",t)}function jt(e,t){e.set("x-client-SKU",t.sku),e.set("x-client-VER",t.version),t.os&&e.set("x-client-OS",t.os),t.cpu&&e.set("x-client-CPU",t.cpu)}function $t(e,t){t?.appName&&e.set("x-app-name",t.appName),t?.appVersion&&e.set("x-app-ver",t.appVersion)}function Jt(e,t){t&&e.set("state",t)}function Wt(e,t,r){if(!t||!r)throw ke(qe);e.set("code_challenge",t),e.set("code_challenge_method",r)}function Gt(e,t){e.set("client_secret",t)}function Qt(e,t){t&&e.set("client_assertion",t)}function Vt(e,t){t&&e.set("client_assertion_type",t)}function Xt(e,t){e.set("grant_type",t)}function Yt(e){e.set("client_info","1")}function Zt(e){e.has(ye)||e.set(ye,"true")}function er(e,t){Object.entries(t).forEach((([t,r])=>{!e.has(t)&&r&&e.set(t,r)}))}function tr(e,t){let r;if(e)try{r=JSON.parse(e)}catch(e){throw ke(Oe)}else r={};return t&&t.length>0&&(r.hasOwnProperty(P)||(r[P]={}),r[P][R]={values:t}),JSON.stringify(r)}function rr(e,t){t&&(e.set(de,Q.POP),e.set(ue,t))}function nr(e,t){t&&(e.set(de,Q.SSH),e.set(ue,t))}function or(e,t){e.set("x-client-current-telemetry",t.generateCurrentRequestHeaderValue()),e.set("x-client-last-telemetry",t.generateLastRequestHeaderValue())}function ir(e){e.set("x-ms-lib-capability","retry-after, h429")}function sr(e,t,r){e.has(me)||e.set(me,t),e.has(fe)||e.set(fe,r)}function ar(e,t){t&&e.set("resource",t)}function cr(e){if(!e)return e;let t=e.toLowerCase();return Te.endsWith(t,"?")?t=t.slice(0,-1):Te.endsWith(t,"?/")&&(t=t.slice(0,-2)),Te.endsWith(t,"/")||(t+="/"),t}function hr(e){return e.startsWith("#/")?e.substring(2):e.startsWith("#")||e.startsWith("?")?e.substring(1):e}function lr(e){if(!e||e.indexOf("=")<0)return null;try{const t=hr(e),r=Object.fromEntries(new URLSearchParams(t));if(r.code||r.ear_jwe||r.error||r.error_description||r.state)return r}catch(e){throw Ae(rt)}return null}function dr(e){const t=new Array;return e.forEach(((e,r)=>{t.push(`${r}=${encodeURIComponent(e)}`)})),t.join("&")}function ur(e){if(!e)return e;const t=e.split("#")[0];try{const e=new URL(t);return cr(e.origin+e.pathname+e.search)}catch(e){return cr(t)}}const gr={createNewGuid:()=>{throw Ae(_t)},base64Decode:()=>{throw Ae(_t)},base64Encode:()=>{throw Ae(_t)},base64UrlEncode:()=>{throw Ae(_t)},encodeKid:()=>{throw Ae(_t)},async getPublicKeyThumbprint(){throw Ae(_t)},async removeTokenBindingKey(){throw Ae(_t)},async clearKeystore(){throw Ae(_t)},async signJwt(){throw Ae(_t)},async hashString(){throw Ae(_t)}};var pr;e.LogLevel=void 0,(pr=e.LogLevel||(e.LogLevel={}))[pr.Error=0]="Error",pr[pr.Warning=1]="Warning",pr[pr.Info=2]="Info",pr[pr.Verbose=3]="Verbose",pr[pr.Trace=4]="Trace";const mr=new Map;function fr(e,t){const r=Date.now();let n=mr.get(e);if(n)!function(e,t){mr.delete(e),mr.set(e,t)}(e,n);else if(n={logs:[],firstEventTime:r},mr.set(e,n),mr.size>50){const e=mr.keys().next().value;e&&mr.delete(e)}n.logs.push({...t,milliseconds:r-n.firstEventTime}),n.logs.length>500&&n.logs.shift()}class yr{constructor(t,r,n){this.level=e.LogLevel.Info;const o=t||yr.createDefaultLoggerOptions();this.localCallback=o.loggerCallback||(()=>{}),this.piiLoggingEnabled=o.piiLoggingEnabled||!1,this.level="number"==typeof o.logLevel?o.logLevel:e.LogLevel.Info,this.packageName=r||"",this.packageVersion=n||""}static createDefaultLoggerOptions(){return{loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:e.LogLevel.Info}}clone(e,t){return new yr({loggerCallback:this.localCallback,piiLoggingEnabled:this.piiLoggingEnabled,logLevel:this.level},e,t)}logMessage(t,r){const n=r.correlationId;if(function(e){if(6!==e.length)return!1;for(let t=0;t<e.length;t++){const r=e[t];if(!(r>="a"&&r<="z"||r>="A"&&r<="Z"||r>="0"&&r<="9"))return!1}return!0}(t)){fr(n,{hash:t,level:r.logLevel,containsPii:r.containsPii||!1,milliseconds:0})}if(r.logLevel>this.level||!this.piiLoggingEnabled&&r.containsPii)return;const o=`${`[${(new Date).toUTCString()}] : [${n}]`} : ${this.packageName}@${this.packageVersion} : ${e.LogLevel[r.logLevel]} - ${t}`;this.executeCallback(r.logLevel,o,r.containsPii||!1)}executeCallback(e,t,r){this.localCallback&&this.localCallback(e,t,r)}error(t,r){this.logMessage(t,{logLevel:e.LogLevel.Error,containsPii:!1,correlationId:r})}errorPii(t,r){this.logMessage(t,{logLevel:e.LogLevel.Error,containsPii:!0,correlationId:r})}warning(t,r){this.logMessage(t,{logLevel:e.LogLevel.Warning,containsPii:!1,correlationId:r})}warningPii(t,r){this.logMessage(t,{logLevel:e.LogLevel.Warning,containsPii:!0,correlationId:r})}info(t,r){this.logMessage(t,{logLevel:e.LogLevel.Info,containsPii:!1,correlationId:r})}infoPii(t,r){this.logMessage(t,{logLevel:e.LogLevel.Info,containsPii:!0,correlationId:r})}verbose(t,r){this.logMessage(t,{logLevel:e.LogLevel.Verbose,containsPii:!1,correlationId:r})}verbosePii(t,r){this.logMessage(t,{logLevel:e.LogLevel.Verbose,containsPii:!0,correlationId:r})}trace(t,r){this.logMessage(t,{logLevel:e.LogLevel.Trace,containsPii:!1,correlationId:r})}tracePii(t,r){this.logMessage(t,{logLevel:e.LogLevel.Trace,containsPii:!0,correlationId:r})}isPiiLoggingEnabled(){return this.piiLoggingEnabled||!1}}const wr="@azure/msal-common",Ir="16.6.2",Cr={None:"none",AzurePublic:"https://login.microsoftonline.com",AzurePpe:"https://login.windows-ppe.net",AzureChina:"https://login.chinacloudapi.cn",AzureGermany:"https://login.microsoftonline.de",AzureUsGovernment:"https://login.microsoftonline.us"};function vr(e,t){return!!e&&!!t&&e===t.split(".")[1]}function kr(e,t,r,n){if(n){const{oid:t,sub:r,tid:o,name:i,tfp:s,acr:a,preferred_username:c,upn:h,login_hint:l}=n,d=o||s||a||"";return{tenantId:d,localAccountId:t||r||"",name:i,username:c||h||"",loginHint:l,isHomeTenant:vr(d,e),upn:h}}return{tenantId:r,localAccountId:t,username:"",isHomeTenant:vr(r,e)}}function Tr(e,t,r,n){let o=e;if(t){const{isHomeTenant:r,...n}=t;o={...e,...n}}if(r){const{isHomeTenant:t,...i}=kr(e.homeAccountId,e.localAccountId,e.tenantId,r);return o={...o,...i,idTokenClaims:r,idToken:n},o}return o}function br(e,t){const r=function(e){if(!e)throw Ae(Ye);const t=/^([^\.\s]*)\.([^\.\s]+)\.([^\.\s]*)$/.exec(e);if(!t||t.length<4)throw Ae(Xe);return t[2]}(e);try{const e=t(r);return JSON.parse(e)}catch(e){throw Ae(Xe)}}function Ar(e){if(!e.signin_state)return!1;const t=["kmsi","dvc_dmjd"];return e.signin_state.some((e=>t.includes(e.trim().toLowerCase())))}function Sr(e,t){if(0===t||Date.now()-3e5>e+t)throw Ae(ct)}class _r{get urlString(){return this._urlString}constructor(e){if(this._urlString=e,!this._urlString)throw ke(Pe);e.includes("#")||(this._urlString=_r.canonicalizeUri(e))}static canonicalizeUri(e){if(e){let t=e.toLowerCase();return Te.endsWith(t,"?")?t=t.slice(0,-1):Te.endsWith(t,"?/")&&(t=t.slice(0,-2)),Te.endsWith(t,"/")||(t+="/"),t}return e}validateAsUri(){let e;try{e=this.getUrlComponents()}catch(e){throw ke(Ee)}if(!e.HostNameAndPort||!e.PathSegments)throw ke(Ee);if(!e.Protocol||"https:"!==e.Protocol.toLowerCase())throw ke(_e)}static appendQueryString(e,t){return t?e.indexOf("?")<0?`${e}?${t}`:`${e}&${t}`:e}static removeHashFromUrl(e){return _r.canonicalizeUri(e.split("#")[0])}replaceTenantPath(e){const t=this.getUrlComponents(),r=t.PathSegments;return!e||0===r.length||r[0]!==S&&r[0]!==_||(r[0]=e),_r.constructAuthorityUriFromObject(t)}getUrlComponents(){const e=RegExp("^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?"),t=this.urlString.match(e);if(!t)throw ke(Ee);const r={Protocol:t[1],HostNameAndPort:t[4],AbsolutePath:t[5],QueryString:t[7]};let n=r.AbsolutePath.split("/");return n=n.filter((e=>e&&e.length>0)),r.PathSegments=n,r.QueryString&&r.QueryString.endsWith("/")&&(r.QueryString=r.QueryString.substring(0,r.QueryString.length-1)),r}static getDomainFromUrl(e){const t=RegExp("^([^:/?#]+://)?([^/?#]*)"),r=e.match(t);if(!r)throw ke(Ee);return r[2]}static getAbsoluteUrl(e,t){if("/"===e[0]){const r=new _r(t).getUrlComponents();return r.Protocol+"//"+r.HostNameAndPort+e}return e}static constructAuthorityUriFromObject(e){return new _r(e.Protocol+"//"+e.HostNameAndPort+"/"+e.PathSegments.join("/"))}}const Er={endpointMetadata:[{host:"login.microsoftonline.com"},{host:"login.chinacloudapi.cn",issuerHost:"login.partner.microsoftonline.cn"},{host:"login.microsoftonline.us"},{host:"login.sovcloud-identity.fr"},{host:"login.sovcloud-identity.de"},{host:"login.sovcloud-identity.sg"}].reduce(((e,{host:t,issuerHost:r})=>(e[t]=function(e,t){return{token_endpoint:`https://${e}/{tenantid}/oauth2/v2.0/token`,jwks_uri:`https://${e}/{tenantid}/discovery/v2.0/keys`,issuer:`https://${t}/{tenantid}/v2.0`,authorization_endpoint:`https://${e}/{tenantid}/oauth2/v2.0/authorize`,end_session_endpoint:`https://${e}/{tenantid}/oauth2/v2.0/logout`}}(t,r||t),e)),{}),instanceDiscoveryMetadata:{metadata:[{preferred_network:"login.microsoftonline.com",preferred_cache:"login.windows.net",aliases:["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"]},{preferred_network:"login.partner.microsoftonline.cn",preferred_cache:"login.partner.microsoftonline.cn",aliases:["login.partner.microsoftonline.cn","login.chinacloudapi.cn"]},{preferred_network:"login.microsoftonline.de",preferred_cache:"login.microsoftonline.de",aliases:["login.microsoftonline.de"]},{preferred_network:"login.microsoftonline.us",preferred_cache:"login.microsoftonline.us",aliases:["login.microsoftonline.us","login.usgovcloudapi.net"]},{preferred_network:"login-us.microsoftonline.com",preferred_cache:"login-us.microsoftonline.com",aliases:["login-us.microsoftonline.com"]},{preferred_network:"login.sovcloud-identity.fr",preferred_cache:"login.sovcloud-identity.fr",aliases:["login.sovcloud-identity.fr"]},{preferred_network:"login.sovcloud-identity.de",preferred_cache:"login.sovcloud-identity.de",aliases:["login.sovcloud-identity.de"]},{preferred_network:"login.sovcloud-identity.sg",preferred_cache:"login.sovcloud-identity.sg",aliases:["login.sovcloud-identity.sg"]},{preferred_network:"login.windows-ppe.net",preferred_cache:"login.windows-ppe.net",aliases:["login.windows-ppe.net","sts.windows-ppe.net","login.microsoft-ppe.com"]}]}},Pr=Er.endpointMetadata,Rr=Er.instanceDiscoveryMetadata,Or=new Set;function Mr(e,t,r,n,o){if(e.trace("1bmquz",t),r&&n){const o=xr(n,r);if(o)return e.trace("1fotbt",t),o.aliases;e.trace("14avvj",t)}return null}function xr(e,t){for(let r=0;r<e.length;r++){const n=e[r];if(n.aliases.includes(t))return n}return null}Rr.metadata.forEach((e=>{e.aliases.forEach((e=>{Or.add(e)}))}));const qr="cache_quota_exceeded";class Nr extends Error{constructor(e,t){const r=t||we(e);super(r),Object.setPrototypeOf(this,Nr.prototype),this.name="CacheError",this.errorCode=e,this.errorMessage=r}}function Ur(e){return e instanceof Error?"QuotaExceededError"===e.name||"NS_ERROR_DOM_QUOTA_REACHED"===e.name||e.message.includes("exceeded the quota")?new Nr(qr):new Nr(e.name,e.message):new Nr("cache_error_unknown")}function Lr(e,t){if(!e)throw Ae(Ve);try{const r=t(e);return JSON.parse(r)}catch(e){throw Ae(Qe)}}function Hr(e){if(!e)throw Ae(Qe);const t=e.split(".",2);return{uid:t[0],utid:t.length<2?"":t[1]}}const Dr=0,Fr=1,Kr=2,Br=3;function zr(e){if(e){return e.tid||e.tfp||e.acr||null}return null}const jr={AAD:"AAD",OIDC:"OIDC",EAR:"EAR"};function $r(e){const t=e.tenantProfiles||[];return 0===t.length&&e.realm&&e.localAccountId&&t.push(kr(e.homeAccountId,e.localAccountId,e.realm)),{homeAccountId:e.homeAccountId,environment:e.environment,tenantId:e.realm,username:e.username,localAccountId:e.localAccountId,loginHint:e.loginHint,name:e.name,nativeAccountId:e.nativeAccountId,authorityType:e.authorityType,tenantProfiles:new Map(t.map((e=>[e.tenantId,e]))),dataBoundary:e.dataBoundary}}function Jr(e,t,r){const n=Array.from(e.tenantProfiles?.values()||[]);return 0===n.length&&e.tenantId&&e.localAccountId&&n.push(kr(e.homeAccountId,e.localAccountId,e.tenantId,e.idTokenClaims)),{authorityType:e.authorityType||L,homeAccountId:e.homeAccountId,localAccountId:e.localAccountId,nativeAccountId:e.nativeAccountId,realm:e.tenantId,environment:e.environment,username:e.username,loginHint:e.loginHint,name:e.name,cloudGraphHostName:t,msGraphHost:r,tenantProfiles:n,dataBoundary:e.dataBoundary}}function Wr(e,t,r,n,o,i){if(t!==Fr&&t!==Kr){if(e)try{const t=Lr(e,n.base64Decode);if(t.uid&&t.utid)return`${t.uid}.${t.utid}`}catch(e){}r.warning("1ub6wv",o)}return i?.sub||""}class Gr{constructor(e,t,r,n,o){this.clientId=e,this.cryptoImpl=t,this.commonLogger=r.clone(wr,Ir),this.staticAuthorityOptions=o,this.performanceClient=n}getAllAccounts(e={},t){return this.buildTenantProfiles(this.getAccountsFilteredBy(e,t),t,e)}getAccountInfoFilteredBy(e,t){if(0===Object.keys(e).length||Object.values(e).every((e=>null==e||""===e)))return this.commonLogger.warning("1skb02",t),null;const r=this.getAllAccounts(e,t);if(r.length>1){return r.sort(((e,t)=>{const r=e.idTokenClaims?1:0;return(t.idTokenClaims?1:0)-r}))[0]}return 1===r.length?r[0]:null}getBaseAccountInfo(e,t){const r=this.getAccountsFilteredBy(e,t);return r.length>0?$r(r[0]):null}buildTenantProfiles(e,t,r){return e.flatMap((e=>this.getTenantProfilesFromAccountEntity(e,t,r?.tenantId,r)))}getTenantedAccountInfoByFilter(e,t,r,n,o){let i,s=null;if(o&&!this.tenantProfileMatchesFilter(r,o))return null;const a=this.getIdToken(e,n,t,r.tenantId);return a&&(i=br(a.secret,this.cryptoImpl.base64Decode),!this.idTokenClaimsMatchTenantProfileFilter(i,o))?null:(s=Tr(e,r,i,a?.secret),s)}getTenantProfilesFromAccountEntity(e,t,r,n){const o=$r(e);let i=o.tenantProfiles||new Map;const s=this.getTokenKeys();if(r){const e=i.get(r);if(!e)return[];i=new Map([[r,e]])}const a=[];return i.forEach((e=>{const r=this.getTenantedAccountInfoByFilter(o,s,e,t,n);r&&a.push(r)})),a}tenantProfileMatchesFilter(e,t){return!(t.localAccountId&&!this.matchLocalAccountIdFromTenantProfile(e,t.localAccountId))&&((!t.name||e.name===t.name)&&((void 0===t.isHomeTenant||e.isHomeTenant===t.isHomeTenant)&&(!(t.username&&!this.matchUsername(e.username,t.username)&&this.matchUsername(e.upn,t.username))&&(!(t.loginHint&&!this.matchLoginHintWithTenantProfile(e,t.loginHint))&&(!t.upn||e.upn===t.upn)))))}idTokenClaimsMatchTenantProfileFilter(e,t){if(t){if(t.localAccountId&&!this.matchLocalAccountIdFromTokenClaims(e,t.localAccountId))return!1;if(t.loginHint&&!this.matchLoginHintFromTokenClaims(e,t.loginHint))return!1;if(t.username&&!this.matchUsername(e.preferred_username,t.username)&&!this.matchUsername(e.upn,t.username))return!1;if(t.name&&!this.matchName(e,t.name))return!1;if(t.sid&&!this.matchSid(e,t.sid))return!1}return!0}async saveCacheRecord(e,t,r,n,o){if(!e)throw Ae(mt);try{e.account&&await this.setAccount(e.account,t,r,n),e.idToken&&!1!==o?.idToken&&await this.setIdTokenCredential(e.idToken,t,r),e.accessToken&&!1!==o?.accessToken&&await this.saveAccessToken(e.accessToken,t,r),e.refreshToken&&!1!==o?.refreshToken&&await this.setRefreshTokenCredential(e.refreshToken,t,r),e.appMetadata&&this.setAppMetadata(e.appMetadata,t)}catch(e){throw this.commonLogger?.error("0j476p",t),e instanceof Ie?e:Ur(e)}}async saveAccessToken(e,t,r){const n={clientId:e.clientId,credentialType:e.credentialType,environment:e.environment,homeAccountId:e.homeAccountId,realm:e.realm,tokenType:e.tokenType},o=this.getTokenKeys(),i=Mt.fromString(e.target);o.accessToken.forEach((e=>{if(!this.accessTokenKeyMatchesFilter(e,n,!1))return;const r=this.getAccessTokenCredential(e,t);if(r&&this.credentialMatchesFilter(r,n,t)){Mt.fromString(r.target).intersectingScopeSets(i)&&this.removeAccessToken(e,t)}})),await this.setAccessTokenCredential(e,t,r)}getAccountsFilteredBy(e,t){const r=this.getAccountKeys(),n=[];return r.forEach((r=>{const o=this.getAccount(r,t);if(!o)return;if(e.homeAccountId&&!this.matchHomeAccountId(o,e.homeAccountId))return;if(e.environment&&!this.matchEnvironment(o,e.environment,t))return;if(e.realm&&!this.matchRealm(o,e.realm))return;if(e.nativeAccountId&&!this.matchNativeAccountId(o,e.nativeAccountId))return;if(e.authorityType&&!this.matchAuthorityType(o,e.authorityType))return;const i={localAccountId:e?.localAccountId,name:e?.name,username:e?.username,loginHint:e?.loginHint,upn:e?.upn},s=o.tenantProfiles?.filter((e=>this.tenantProfileMatchesFilter(e,i)));s&&0===s.length||n.push(o)})),n}credentialMatchesFilter(e,t,r){if(t.clientId&&!this.matchClientId(e,t.clientId))return!1;if(t.userAssertionHash&&!this.matchUserAssertionHash(e,t.userAssertionHash))return!1;if("string"==typeof t.homeAccountId&&!this.matchHomeAccountId(e,t.homeAccountId))return!1;if(t.environment&&!this.matchEnvironment(e,t.environment,r))return!1;if(t.realm&&!this.matchRealm(e,t.realm))return!1;if(t.credentialType&&!this.matchCredentialType(e,t.credentialType))return!1;if(t.familyId&&!this.matchFamilyId(e,t.familyId))return!1;if(t.target&&!this.matchTarget(e,t.target))return!1;if(e.credentialType===H.ACCESS_TOKEN_WITH_AUTH_SCHEME){if(t.tokenType&&!this.matchTokenType(e,t.tokenType))return!1;if(t.tokenType===Q.SSH&&t.keyId&&!this.matchKeyId(e,t.keyId))return!1}return!0}getAppMetadataFilteredBy(e,t){const r=this.getKeys(),n={};return r.forEach((r=>{if(!this.isAppMetadata(r))return;const o=this.getAppMetadata(r,t);o&&(e.environment&&!this.matchEnvironment(o,e.environment,t)||e.clientId&&!this.matchClientId(o,e.clientId)||(n[r]=o))})),n}getAuthorityMetadataByAlias(e,t){const r=this.getAuthorityMetadataKeys();let n=null;return r.forEach((r=>{if(!this.isAuthorityMetadata(r)||-1===r.indexOf(this.clientId))return;const o=this.getAuthorityMetadata(r,t);o&&-1!==o.aliases.indexOf(e)&&(n=o)})),n}removeAllAccounts(e){this.getAllAccounts({},e).forEach((t=>{this.removeAccount(t,e)}))}removeAccount(e,t){this.removeAccountContext(e,t);this.getAccountKeys().filter((t=>t.includes(e.homeAccountId)&&t.includes(e.environment))).forEach((e=>{this.removeItem(e,t),this.performanceClient.incrementFields({accountsRemoved:1},t)}))}removeAccountContext(e,t){const r=this.getTokenKeys(),n=t=>t.includes(e.homeAccountId)&&t.includes(e.environment);r.idToken.filter(n).forEach((e=>{this.removeIdToken(e,t)})),r.accessToken.filter(n).forEach((e=>{this.removeAccessToken(e,t)})),r.refreshToken.filter(n).forEach((e=>{this.removeRefreshToken(e,t)}))}removeAccessToken(e,t){const r=this.getAccessTokenCredential(e,t);if(r&&(this.removeItem(e,t),this.performanceClient.incrementFields({accessTokensRemoved:1},t),r.credentialType.toLowerCase()===H.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()&&r.tokenType===Q.POP)){const e=r.keyId;e&&this.cryptoImpl.removeTokenBindingKey(e,t).catch((()=>{this.commonLogger.error("0cx291",t),this.performanceClient?.incrementFields({removeTokenBindingKeyFailure:1},t)}))}}removeAppMetadata(e){return this.getKeys().forEach((t=>{this.isAppMetadata(t)&&this.removeItem(t,e)})),!0}getIdToken(e,t,r,n){this.commonLogger.trace("1drz22",t);const o={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:H.ID_TOKEN,clientId:this.clientId,realm:n},i=this.getIdTokensByFilter(o,t,r),s=i.size;if(s<1)return this.commonLogger.info("1atvtd",t),null;if(s>1){let r=i;if(!n){const n=new Map;i.forEach(((t,r)=>{t.realm===e.tenantId&&n.set(r,t)}));const o=n.size;if(o<1)return this.commonLogger.info("0ooalx",t),i.values().next().value??null;if(1===o)return this.commonLogger.info("1eq2vc",t),n.values().next().value??null;r=n}return this.commonLogger.info("1ws328",t),r.forEach(((e,r)=>{this.removeIdToken(r,t)})),this.performanceClient.addFields({multiMatchedID:i.size},t),null}return this.commonLogger.info("1sm769",t),i.values().next().value??null}getIdTokensByFilter(e,t,r){const n=r&&r.idToken||this.getTokenKeys().idToken,o=new Map;return n.forEach((r=>{if(!this.idTokenKeyMatchesFilter(r,{clientId:this.clientId,...e}))return;const n=this.getIdTokenCredential(r,t);n&&this.credentialMatchesFilter(n,e,t)&&o.set(r,n)})),o}idTokenKeyMatchesFilter(e,t){const r=e.toLowerCase();return(!t.clientId||-1!==r.indexOf(t.clientId.toLowerCase()))&&(!t.homeAccountId||-1!==r.indexOf(t.homeAccountId.toLowerCase()))}removeIdToken(e,t){this.removeItem(e,t)}removeRefreshToken(e,t){this.removeItem(e,t)}getAccessToken(e,t,r,n){const o=t.correlationId;this.commonLogger.trace("1t7hz1",o);const i=Mt.createSearchScopes(t.scopes),s=t.authenticationScheme||Q.BEARER,a=s&&s.toLowerCase()!==Q.BEARER.toLowerCase()?H.ACCESS_TOKEN_WITH_AUTH_SCHEME:H.ACCESS_TOKEN,c={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:a,clientId:this.clientId,realm:n||e.tenantId,target:i,tokenType:s,keyId:t.sshKid},h=r&&r.accessToken||this.getTokenKeys().accessToken,l=[];h.forEach((e=>{if(this.accessTokenKeyMatchesFilter(e,c,!0)){const t=this.getAccessTokenCredential(e,o);t&&this.credentialMatchesFilter(t,c,o)&&l.push(t)}}));const d=l.length;return d<1?(this.commonLogger.info("1nckna",o),null):d>1?(this.commonLogger.info("1wkfwp",o),l.forEach((e=>{this.removeAccessToken(this.generateCredentialKey(e),o)})),this.performanceClient.addFields({multiMatchedAT:l.length},o),null):(this.commonLogger.info("06yt98",o),l[0])}accessTokenKeyMatchesFilter(e,t,r){const n=e.toLowerCase();if(t.clientId&&-1===n.indexOf(t.clientId.toLowerCase()))return!1;if(t.homeAccountId&&-1===n.indexOf(t.homeAccountId.toLowerCase()))return!1;if(t.realm&&-1===n.indexOf(t.realm.toLowerCase()))return!1;if(t.target){const e=t.target.asArray();for(let t=0;t<e.length;t++){if(r&&!n.includes(e[t].toLowerCase()))return!1;if(!r&&n.includes(e[t].toLowerCase()))return!0}}return!0}getAccessTokensByFilter(e,t){const r=this.getTokenKeys(),n=[];return r.accessToken.forEach((r=>{if(!this.accessTokenKeyMatchesFilter(r,e,!0))return;const o=this.getAccessTokenCredential(r,t);o&&this.credentialMatchesFilter(o,e,t)&&n.push(o)})),n}getRefreshToken(e,t,r,n){this.commonLogger.trace("0x53vi",r);const o=t?F:void 0,i={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:H.REFRESH_TOKEN,clientId:this.clientId,familyId:o},s=n&&n.refreshToken||this.getTokenKeys().refreshToken,a=[];s.forEach((e=>{if(this.refreshTokenKeyMatchesFilter(e,i)){const t=this.getRefreshTokenCredential(e,r);t&&this.credentialMatchesFilter(t,i,r)&&a.push(t)}}));const c=a.length;return c<1?(this.commonLogger.info("0dlw11",r),null):(c>1&&this.performanceClient.addFields({multiMatchedRT:c},r),this.commonLogger.info("0wcnep",r),a[0])}refreshTokenKeyMatchesFilter(e,t){const r=e.toLowerCase();return(!t.familyId||-1!==r.indexOf(t.familyId.toLowerCase()))&&(!(!t.familyId&&t.clientId&&-1===r.indexOf(t.clientId.toLowerCase()))&&(!t.homeAccountId||-1!==r.indexOf(t.homeAccountId.toLowerCase())))}readAppMetadataFromCache(e,t){const r={environment:e,clientId:this.clientId},n=this.getAppMetadataFilteredBy(r,t),o=Object.keys(n).map((e=>n[e])),i=o.length;if(i<1)return null;if(i>1)throw Ae(ht);return o[0]}isAppMetadataFOCI(e,t){const r=this.readAppMetadataFromCache(e,t);return!(!r||r.familyId!==F)}matchHomeAccountId(e,t){return!("string"!=typeof e.homeAccountId||t!==e.homeAccountId)}matchLocalAccountIdFromTokenClaims(e,t){return t===(e.oid||e.sub)}matchLocalAccountIdFromTenantProfile(e,t){return e.localAccountId===t}matchName(e,t){return!(t.toLowerCase()!==e.name?.toLowerCase())}matchUsername(e,t){return!(!e||"string"!=typeof e||t?.toLowerCase()!==e.toLowerCase())}matchLoginHintWithTenantProfile(e,t){return e.loginHint===t||e.username===t||e.upn===t}matchUserAssertionHash(e,t){return!(!e.userAssertionHash||t!==e.userAssertionHash)}matchEnvironment(e,t,r){if(this.staticAuthorityOptions){const n=function(e,t,r){let n;const o=e.canonicalAuthority;if(o){const i=new _r(o).getUrlComponents().HostNameAndPort;n=Mr(t,r,i,e.cloudDiscoveryMetadata?.metadata)||Mr(t,r,i,Rr.metadata)||e.knownAuthorities}return n||[]}(this.staticAuthorityOptions,this.commonLogger,r);if(n.includes(t)&&n.includes(e.environment))return!0}const n=this.getAuthorityMetadataByAlias(t,r);return!!(n&&n.aliases.indexOf(e.environment)>-1)}matchCredentialType(e,t){return e.credentialType&&t.toLowerCase()===e.credentialType.toLowerCase()}matchClientId(e,t){return!(!e.clientId||t!==e.clientId)}matchFamilyId(e,t){return!(!e.familyId||t!==e.familyId)}matchRealm(e,t){return!(e.realm?.toLowerCase()!==t.toLowerCase())}matchNativeAccountId(e,t){return!(!e.nativeAccountId||t!==e.nativeAccountId)}matchLoginHintFromTokenClaims(e,t){return e.login_hint===t||(e.preferred_username===t||(e.upn===t||!(!e.emails||!e.emails.includes(t))))}matchSid(e,t){return e.sid===t}matchAuthorityType(e,t){return!(!e.authorityType||t.toLowerCase()!==e.authorityType.toLowerCase())}matchTarget(e,t){if(e.credentialType!==H.ACCESS_TOKEN&&e.credentialType!==H.ACCESS_TOKEN_WITH_AUTH_SCHEME||!e.target)return!1;return Mt.fromString(e.target).containsScopeSet(t)}matchTokenType(e,t){return!(!e.tokenType||e.tokenType!==t)}matchKeyId(e,t){return!(!e.keyId||e.keyId!==t)}isAppMetadata(e){return-1!==e.indexOf(D)}isAuthorityMetadata(e){return-1!==e.indexOf(K)}generateAuthorityMetadataCacheKey(e){return`${K}-${this.clientId}-${e}`}static toObject(e,t){for(const r in t)e[r]=t[r];return e}}class Qr extends Gr{async setAccount(){throw Ae(_t)}getAccount(){throw Ae(_t)}async setIdTokenCredential(){throw Ae(_t)}getIdTokenCredential(){throw Ae(_t)}async setAccessTokenCredential(){throw Ae(_t)}getAccessTokenCredential(){throw Ae(_t)}async setRefreshTokenCredential(){throw Ae(_t)}getRefreshTokenCredential(){throw Ae(_t)}setAppMetadata(){throw Ae(_t)}getAppMetadata(){throw Ae(_t)}setServerTelemetry(){throw Ae(_t)}getServerTelemetry(){throw Ae(_t)}setAuthorityMetadata(){throw Ae(_t)}getAuthorityMetadata(){throw Ae(_t)}getAuthorityMetadataKeys(){throw Ae(_t)}setThrottlingCache(){throw Ae(_t)}getThrottlingCache(){throw Ae(_t)}removeItem(){throw Ae(_t)}getKeys(){throw Ae(_t)}getAccountKeys(){throw Ae(_t)}getTokenKeys(){throw Ae(_t)}generateCredentialKey(){throw Ae(_t)}generateAccountKey(){throw Ae(_t)}}const Vr=1,Xr=2,Yr="ext.",Zr=new Set(["accessTokenSize","durationMs","idTokenSize","matsSilentStatus","matsHttpStatus","refreshTokenSize","startTimeMs","status","multiMatchedAT","multiMatchedID","multiMatchedRT","unencryptedCacheCount","encryptedCacheExpiredCount","oldAccountCount","oldAccessCount","oldIdCount","oldRefreshCount","currAccountCount","currAccessCount","currIdCount","currRefreshCount","expiredCacheRemovedCount","upgradedCacheCount","cacheMatchedAccounts","networkRtt","redirectBridgeTimeoutMs","redirectBridgeMessageVersion"]);class en{generateId(){return"callback-id"}startMeasurement(e,t){return{end:()=>null,discard:()=>{},add:()=>{},increment:()=>{},event:{eventId:this.generateId(),status:Vr,authority:"",libraryName:"",libraryVersion:"",clientId:"",name:e,startTimeMs:Date.now(),correlationId:t||""}}}endMeasurement(){return null}discardMeasurements(){}removePerformanceCallback(){return!0}addPerformanceCallback(){return""}emitEvents(){}addFields(){}incrementFields(){}cacheEventByCorrelationId(){}}const tn={tokenRenewalOffsetSeconds:300,preventCorsPreflight:!1},rn={loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:e.LogLevel.Info,correlationId:""},nn={async sendGetRequestAsync(){throw Ae(_t)},async sendPostRequestAsync(){throw Ae(_t)}},on={sku:"msal.js.common",version:Ir,cpu:"",os:""},sn={clientSecret:"",clientAssertion:void 0},an={azureCloudInstance:Cr.None,tenant:`${r}`},cn={application:{appName:"",appVersion:""}};function hn({authOptions:e,systemOptions:t,loggerOptions:r,storageInterface:n,networkInterface:o,cryptoInterface:i,clientCredentials:s,libraryInfo:a,telemetry:c,serverTelemetryManager:h,persistencePlugin:l,serializableCache:d}){const u={...rn,...r};return{authOptions:(g=e,{clientCapabilities:[],azureCloudOptions:an,instanceAware:!1,isMcp:!1,...g}),systemOptions:{...tn,...t},loggerOptions:u,storageInterface:n||new Qr(e.clientId,gr,new yr(u),new en),networkInterface:o||nn,cryptoInterface:i||gr,clientCredentials:s||sn,libraryInfo:{...on,...a},telemetry:{...cn,...c},serverTelemetryManager:h||null,persistencePlugin:l||null,serializableCache:d||null};var g}function ln(e){return e.authOptions.authority.options.protocolMode===jr.OIDC}class dn{constructor(e,t){this.cache=e,this.hasChanged=t}get cacheHasChanged(){return this.hasChanged}get tokenCache(){return this.cache}}function un(){return Math.round((new Date).getTime()/1e3)}function gn(e){return e.getTime()/1e3}function pn(e){return e?new Date(1e3*Number(e)):new Date}function mn(e,t){const r=Number(e)||0;return un()+t>r}function fn(e,t){const r=Number(e)+24*t*60*60*1e3;return Date.now()>r}function yn(e){return Number(e)>un()}function wn(e,t,r,n,o){return{credentialType:H.ID_TOKEN,homeAccountId:e,environment:t,clientId:n,secret:r,realm:o,lastUpdatedAt:Date.now().toString()}}function In(e,t,r,n,o,i,s,a,c,h,l,d,u){const g={homeAccountId:e,credentialType:H.ACCESS_TOKEN,secret:r,cachedAt:un().toString(),expiresOn:s.toString(),extendedExpiresOn:a.toString(),environment:t,clientId:n,realm:o,target:i,tokenType:l||Q.BEARER,lastUpdatedAt:Date.now().toString()};if(d&&(g.userAssertionHash=d),h&&(g.refreshOn=h.toString()),g.tokenType?.toLowerCase()!==Q.BEARER.toLowerCase())switch(g.credentialType=H.ACCESS_TOKEN_WITH_AUTH_SCHEME,g.tokenType){case Q.POP:const e=br(r,c);if(!e?.cnf?.kid)throw Ae(Ct);g.keyId=e.cnf.kid;break;case Q.SSH:g.keyId=u}return g}function Cn(e,t,r,n,o,i,s){const a={credentialType:H.REFRESH_TOKEN,homeAccountId:e,environment:t,clientId:n,secret:r,lastUpdatedAt:Date.now().toString()};return i&&(a.userAssertionHash=i),o&&(a.familyId=o),s&&(a.expiresOn=s.toString()),a}function vn(e){return e.hasOwnProperty("homeAccountId")&&e.hasOwnProperty("environment")&&e.hasOwnProperty("credentialType")&&e.hasOwnProperty("clientId")&&e.hasOwnProperty("secret")}function kn(e){return!!e&&(vn(e)&&e.hasOwnProperty("realm")&&e.hasOwnProperty("target")&&(e.credentialType===H.ACCESS_TOKEN||e.credentialType===H.ACCESS_TOKEN_WITH_AUTH_SCHEME))}function Tn(e){return!!e&&(vn(e)&&e.credentialType===H.REFRESH_TOKEN)}function bn(){return un()+86400}function An(e,t,r){e.authorization_endpoint=t.authorization_endpoint,e.token_endpoint=t.token_endpoint,e.end_session_endpoint=t.end_session_endpoint,e.issuer=t.issuer,e.endpointsFromNetwork=r,e.jwks_uri=t.jwks_uri}function Sn(e,t,r){e.aliases=t.aliases,e.preferred_cache=t.preferred_cache,e.preferred_network=t.preferred_network,e.aliasesFromNetwork=r}function _n(e){return e.expiresAt<=un()}const En="networkClientSendPostRequestAsync",Pn="refreshTokenClientAcquireTokenWithCachedRefreshToken",Rn="getAuthCodeUrl",On="handleCodeResponseFromServer",Mn="popTokenGenerateCnf",xn="handleServerTokenResponse",qn="authorityUpdateMetadataWithRegionalInformation",Nn="regionDiscoveryGetRegionFromIMDS",Un=(e,t,r,n,o)=>(...i)=>{r.trace("1plfzx",o);const s=n.startMeasurement(t,o);o&&n.incrementFields({[`ext.${t}CallCount`]:1},o);try{const t=e(...i);return s.end({success:!0}),r.trace("1g8n6a",o),t}catch(e){r.trace("0cfd8i",o);try{r.trace(JSON.stringify(e),o)}catch(e){r.trace("00dty7",o)}throw s.end({success:!1},e),e}},Ln=(e,t,r,n,o)=>(...i)=>{r.trace("1plfzx",o);const s=n.startMeasurement(t,o);return o&&n.incrementFields({[`ext.${t}CallCount`]:1},o),e(...i).then((e=>(r.trace("1g8n6a",o),s.end({success:!0}),e))).catch((e=>{r.trace("0cfd8i",o);try{r.trace(JSON.stringify(e),o)}catch(e){r.trace("00dty7",o)}throw s.end({success:!1},e),e}))},Hn="sw";class Dn{constructor(e,t){this.cryptoUtils=e,this.performanceClient=t}async generateCnf(e,t){const r=await Ln(this.generateKid.bind(this),Mn,t,this.performanceClient,e.correlationId)(e),n=this.cryptoUtils.base64UrlEncode(JSON.stringify(r));return{kid:r.kid,reqCnfString:n}}async generateKid(e){return{kid:await this.cryptoUtils.getPublicKeyThumbprint(e),xms_ksl:Hn}}async signPopToken(e,t,r){return this.signPayload(e,t,r)}async signPayload(e,t,r,n){const{resourceRequestMethod:o,resourceRequestUri:i,shrClaims:s,shrNonce:a,shrOptions:c}=r,h=i?new _r(i):void 0,l=h?.getUrlComponents();return this.cryptoUtils.signJwt({at:e,ts:un(),m:o?.toUpperCase(),u:l?.HostNameAndPort,nonce:a||this.cryptoUtils.createNewGuid(),p:l?.AbsolutePath,q:l?.QueryString?[[],l.QueryString]:void 0,client_claims:s||void 0,...n},t,c,r.correlationId)}}const Fn="no_tokens_found",Kn="native_account_unavailable",Bn="refresh_token_expired",zn="ux_not_allowed",jn="interaction_required",$n="consent_required",Jn="login_required",Wn="bad_token",Gn="interrupted_user";var Qn=Object.freeze({__proto__:null,badToken:Wn,consentRequired:$n,interactionRequired:jn,interruptedUser:Gn,loginRequired:Jn,nativeAccountUnavailable:Kn,noTokensFound:Fn,refreshTokenExpired:Bn,uxNotAllowed:zn});const Vn=[jn,$n,Jn,Wn,zn,Gn],Xn=["message_only","additional_action","basic_action","user_password_expired","consent_required","bad_token","ux_not_allowed","interrupted_user"];class Yn extends Ie{constructor(e,t,r,n,o,i,s,a){super(e,t,r),Object.setPrototypeOf(this,Yn.prototype),this.timestamp=n||"",this.traceId=o||"",this.correlationId=i||"",this.claims=s||"",this.name="InteractionRequiredAuthError",this.errorNo=a}}function Zn(e,t,r){const n=!!e&&Vn.indexOf(e)>-1,o=!!r&&Xn.indexOf(r)>-1,i=!!t&&Vn.some((e=>t.indexOf(e)>-1));return n||i||o}function eo(e,t){return new Yn(e,t)}class to extends Ie{constructor(e,t,r,n,o){super(e,t,r),this.name="ServerError",this.errorNo=n,this.status=o,Object.setPrototypeOf(this,to.prototype)}}function ro(e,t,r){const n=function(e,t){if(!e)throw Ae(wt);const r={id:e.createNewGuid()};t&&(r.meta=t);const n=JSON.stringify(r);return e.base64Encode(n)}(e,r);return t?`${n}|${t}`:n}function no(e,t){if(!e)throw Ae(wt);if(!t)throw Ae(nt);try{const r=t.split("|"),n=r[0],o=r.length>1?r.slice(1).join("|"):"",i=e(n);return{userRequestState:o||"",libraryState:JSON.parse(i)}}catch(e){throw Ae(nt)}}class oo{constructor(e,t,r,n,o,i,s){this.clientId=e,this.cacheStorage=t,this.cryptoObj=r,this.logger=n,this.performanceClient=o,this.serializableCache=i,this.persistencePlugin=s}validateTokenResponse(e,t,r){if(e.error||e.error_description||e.suberror){const n=`Error(s): ${e.error_codes||l} - Timestamp: ${e.timestamp||l} - Description: ${e.error_description||l} - Correlation ID: ${e.correlation_id||l} - Trace ID: ${e.trace_id||l}`,o=e.error_codes?.length?e.error_codes[0]:void 0,i=new to(e.error,n,e.suberror,o,e.status);if(r&&e.status&&e.status>=500&&e.status<=599)return void this.logger.warning("16ks7j",t);if(r&&e.status&&e.status>=400&&e.status<=499)return void this.logger.warning("0g61x3",t);if(Zn(e.error,e.error_description,e.suberror))throw new Yn(e.error,e.error_description,e.suberror,e.timestamp||"",e.trace_id||"",e.correlation_id||"",e.claims||"",o);throw i}}async handleServerTokenResponse(e,t,r,n,o,i,s,a,c,h){let l,d;if(e.id_token){if(l=br(e.id_token||"",this.cryptoObj.base64Decode),i&&i.nonce&&l.nonce!==i.nonce)throw Ae(st);if(n.maxAge||0===n.maxAge){const e=l.auth_time;if(!e)throw Ae(at);Sr(e,n.maxAge)}}this.homeAccountIdentifier=Wr(e.client_info||"",t.authorityType,this.logger,this.cryptoObj,n.correlationId,l),i&&i.state&&(d=no(this.cryptoObj.base64Decode,i.state)),e.key_id=e.key_id||n.sshKid||void 0;const u=this.generateCacheRecord(e,t,r,n,l,s,i);let g;try{if(this.persistencePlugin&&this.serializableCache&&(this.logger.verbose("0jbz5k",n.correlationId),g=new dn(this.serializableCache,!0),await this.persistencePlugin.beforeCacheAccess(g)),a&&!c&&u.account){if(this.cacheStorage.getAllAccounts({homeAccountId:u.account.homeAccountId,environment:u.account.environment},n.correlationId).length<1)return this.logger.warning("1gmt66",n.correlationId),this.performanceClient?.addFields({acntLoggedOut:!0},n.correlationId),await oo.generateAuthenticationResult(this.cryptoObj,t,u,!1,n,this.performanceClient,l,d,void 0,h)}await this.cacheStorage.saveCacheRecord(u,n.correlationId,Ar(l||{}),o,n.storeInCache)}finally{this.persistencePlugin&&this.serializableCache&&g&&(this.logger.verbose("1bh17u",n.correlationId),await this.persistencePlugin.afterCacheAccess(g))}return oo.generateAuthenticationResult(this.cryptoObj,t,u,!1,n,this.performanceClient,l,d,e,h)}generateCacheRecord(e,t,r,n,o,i,s){const a=t.getPreferredCache();if(!a)throw Ae(ft);const c=zr(o);let h,l;e.id_token&&o&&(h=wn(this.homeAccountIdentifier,a,e.id_token,this.clientId,c||""),l=io(this.cacheStorage,t,this.homeAccountIdentifier,this.cryptoObj.base64Decode,n.correlationId,o,e.client_info,a,c,s,void 0,this.logger,this.performanceClient));let d=null;if(e.access_token){const o=e.scope?Mt.fromString(e.scope):new Mt(n.scopes||[]),s=("string"==typeof e.expires_in?parseInt(e.expires_in,10):e.expires_in)||0,h=("string"==typeof e.ext_expires_in?parseInt(e.ext_expires_in,10):e.ext_expires_in)||0,l=("string"==typeof e.refresh_in?parseInt(e.refresh_in,10):e.refresh_in)||void 0,u=r+s,g=u+h,p=l&&l>0?r+l:void 0;d=In(this.homeAccountIdentifier,a,e.access_token,this.clientId,c||t.tenant||"",o.printScopes(),u,g,this.cryptoObj.base64Decode,p,e.token_type,i,e.key_id);const m=n.resource||null;m&&(d.resource=m)}let u=null;if(e.refresh_token){let t;if(e.refresh_token_expires_in){t=r+("string"==typeof e.refresh_token_expires_in?parseInt(e.refresh_token_expires_in,10):e.refresh_token_expires_in),this.performanceClient?.addFields({ntwkRtExpiresOnSeconds:t},n.correlationId)}u=Cn(this.homeAccountIdentifier,a,e.refresh_token,this.clientId,e.foci,i,t)}let g=null;return e.foci&&(g={clientId:this.clientId,environment:a,familyId:e.foci}),{account:l,idToken:h,accessToken:d,refreshToken:u,appMetadata:g}}static async generateAuthenticationResult(e,t,r,n,o,i,s,a,c,h){let l,d,u="",g=[],p=null,m="";if(r.accessToken){if(r.accessToken.tokenType!==Q.POP||o.popKid)u=r.accessToken.secret;else{const t=new Dn(e,i),{secret:n,keyId:s}=r.accessToken;if(!s)throw Ae(bt);u=await t.signPopToken(n,s,o)}g=Mt.fromString(r.accessToken.target).asArray(),p=pn(r.accessToken.expiresOn),l=pn(r.accessToken.extendedExpiresOn),r.accessToken.refreshOn&&(d=pn(r.accessToken.refreshOn))}r.appMetadata&&(m=r.appMetadata.familyId===F?F:"");const f=s?.oid||s?.sub||"",y=s?.tid||"";c?.spa_accountid&&r.account&&(r.account.nativeAccountId=c?.spa_accountid);const w=r.account?Tr($r(r.account),void 0,s,r.idToken?.secret):null;return{authority:t.canonicalAuthority,uniqueId:f,tenantId:y,scopes:g,account:w,idToken:r?.idToken?.secret||"",idTokenClaims:s||{},accessToken:u,fromCache:n,expiresOn:p,extExpiresOn:l,refreshOn:d,correlationId:o.correlationId,requestId:h||"",familyId:m,tokenType:r.accessToken?.tokenType||"",state:a?a.userRequestState:"",cloudGraphHostName:r.account?.cloudGraphHostName||"",msGraphHost:r.account?.msGraphHost||"",code:c?.spa_code,fromPlatformBroker:!1}}}function io(e,t,r,n,o,i,s,a,c,h,l,d,u){d?.verbose("09jz0t",o);const g=a||t.getPreferredCache(),p=e.getAccountsFilteredBy({homeAccountId:r,environment:g},o);u?.addFields({cacheMatchedAccounts:p.length},o),p.length>1&&d?.warning("0x7ad1",o);const m=(1===p.length?p[0]:null)||function(e,t,r){let n,o,i;n=t.authorityType===Fr?"ADFS":t.protocolMode===jr.OIDC?L:"MSSTS",e.clientInfo&&r&&(o=Lr(e.clientInfo,r),o.xms_tdbr&&(i="EU"===o.xms_tdbr?"EU":"None"));const s=e.environment||t&&t.getPreferredCache();if(!s)throw Ae(ft);const a=e.idTokenClaims?.preferred_username||e.idTokenClaims?.upn,c=e.idTokenClaims?.emails?e.idTokenClaims.emails[0]:null,h=a||c||"",l=e.idTokenClaims?.login_hint,d=o?.utid||zr(e.idTokenClaims)||"",u=o?.uid||e.idTokenClaims?.oid||e.idTokenClaims?.sub||"";let g;g=e.tenantProfiles?e.tenantProfiles:[kr(e.homeAccountId,u,d,e.idTokenClaims)];return{homeAccountId:e.homeAccountId,environment:s,realm:d,localAccountId:u,username:h,authorityType:n,loginHint:l,clientInfo:e.clientInfo,name:e.idTokenClaims?.name||"",lastModificationTime:void 0,lastModificationApp:void 0,cloudGraphHostName:e.cloudGraphHostName,msGraphHost:e.msGraphHost,nativeAccountId:e.nativeAccountId,tenantProfiles:g,dataBoundary:i}}({homeAccountId:r,idTokenClaims:i,clientInfo:s,environment:a,cloudGraphHostName:h?.cloud_graph_host_name,msGraphHost:h?.msgraph_host,nativeAccountId:l},t,n),f=m.tenantProfiles||[],y=c||m.realm;if(y&&!f.find((e=>e.tenantId===y))){const e=kr(r,m.localAccountId,y,i);f.push(e)}return m.tenantProfiles=f,m}const so="home_account_id",ao="UPN";async function co(e,t,r){if("string"==typeof e)return e;return e({clientId:t,tokenEndpoint:r})}function ho(e,t,r){return{clientId:e,authority:t.authority,scopes:t.scopes,homeAccountIdentifier:r,claims:t.claims,authenticationScheme:t.authenticationScheme,resourceRequestMethod:t.resourceRequestMethod,resourceRequestUri:t.resourceRequestUri,shrClaims:t.shrClaims,sshKid:t.sshKid,embeddedClientId:t.embeddedClientId||t.extraParameters?.clientId}}class lo{static generateThrottlingStorageKey(e){return`${V}.${JSON.stringify(e)}`}static preProcess(e,t,r){const n=lo.generateThrottlingStorageKey(t),o=e.getThrottlingCache(n,r);if(o){if(o.throttleTime<Date.now())return void e.removeItem(n,r);throw new to(o.errorCodes?.join(" ")||"",o.errorMessage,o.subError)}}static postProcess(e,t,r,n){if(lo.checkResponseStatus(r)||lo.checkResponseForRetryAfter(r)){const o={throttleTime:lo.calculateThrottleTime(parseInt(r.headers[I])),error:r.body.error,errorCodes:r.body.error_codes,errorMessage:r.body.error_description,subError:r.body.suberror};e.setThrottlingCache(lo.generateThrottlingStorageKey(t),o,n)}}static checkResponseStatus(e){return 429===e.status||e.status>=500&&e.status<600}static checkResponseForRetryAfter(e){return!!e.headers&&(e.headers.hasOwnProperty(I)&&(e.status<200||