UNPKG

@azure/msal-browser

Version:
2 lines 266 kB
/*! @azure/msal-browser v5.16.0 2026-06-30 */ "use strict";!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).msal={})}(this,(function(e){const t="https://login.microsoftonline.com/common/",r="common",o=`${t}discovery/instance?api-version=1.1&authorization_endpoint=`,n=".ciamlogin.com",i=".onmicrosoft.com",s="openid",a="profile",c="offline_access",l="S256",h="N/A",d="Not Available",u="http://169.254.169.254/metadata/instance/compute",g=["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"],p="GET",m="POST",f=[s,a,c],y=[...f,"email"],I="Content-Type",w="Content-Length",C="Retry-After",v="X-AnchorMailbox",k="WWW-Authenticate",T="Authentication-Info",b="x-ms-request-id",A="x-ms-httpver",S="active-account-filters",_="common",E="organizations",P="consumers",R="access_token",O="xms_cc",M="id_token",x="signin_state",q="login_hint",N={LOGIN:"login",SELECT_ACCOUNT:"select_account",CONSENT:"consent",NONE:"none",CREATE:"create",NO_SESSION:"no_session"},U="code",L="id_token token refresh_token",F={QUERY:"query",FRAGMENT:"fragment",FORM_POST:"form_post"},H="authorization_code",D="refresh_token",$="Generic",K={ID_TOKEN:"IdToken",ACCESS_TOKEN:"AccessToken",ACCESS_TOKEN_WITH_AUTH_SCHEME:"AccessToken_With_AuthScheme",REFRESH_TOKEN:"RefreshToken"},B="appmetadata",z="1",j="authority-metadata",J="config",W="cache",G="network",Q="hardcoded_values",V=5,Y="server-telemetry",Z=",",X={BEARER:"Bearer",POP:"pop",SSH:"ssh-cert"},ee="throttling",te="1",re="3",oe="4",ne="2",ie="4",se="5",ae="0",ce="1",le="2",he="3",de="4",ue={Jwt:"JWT",Jwk:"JWK",Pop:"pop"},ge="client_id",pe="redirect_uri",me="token_type",fe="req_cnf",ye="return_spa_code",Ie="x-client-xtra-sku",we="brk_client_id",Ce="brk_redirect_uri",ve="instance_aware";function ke(e){return`See https://aka.ms/msal.js.errors#${e} for details`}class Te extends Error{constructor(e,t,r,o){const n=r||(e?ke(e):"");super(n?`${e}: ${n}`:e),Object.setPrototypeOf(this,Te.prototype),this.errorCode=e||"",this.errorMessage=n||"",this.subError=o||"",this.correlationId=t,this.name="AuthError"}}function be(e,t,r){return new Te(e,t,r||ke(e))}class Ae extends Te{constructor(e,t){super(e,t),this.name="ClientConfigurationError",Object.setPrototypeOf(this,Ae.prototype)}}function Se(e,t){return new Ae(e,t)}class _e{static isEmptyObj(e){if(e)try{const t=JSON.parse(e);return 0===Object.keys(t).length}catch(e){}return!0}static startsWith(e,t){return 0===e.indexOf(t)}static endsWith(e,t){return e.length>=t.length&&e.lastIndexOf(t)===e.length-t.length}static queryStringToObject(e){const t={},r=e.split("&"),o=e=>decodeURIComponent(e.replace(/\+/g," "));return r.forEach((e=>{if(e.trim()){const[r,n]=e.split(/=(.+)/g,2);r&&n&&(t[o(r)]=o(n))}})),t}static trimArrayEntries(e){return e.map((e=>e.trim()))}static removeEmptyStringsFromArray(e){return e.filter((e=>!!e))}static jsonParseHelper(e){try{return JSON.parse(e)}catch(e){return null}}}class Ee extends Te{constructor(e,t,r){super(e,t,r),this.name="ClientAuthError",Object.setPrototypeOf(this,Ee.prototype)}}function Pe(e,t,r){return new Ee(e,t,r)}const Re="redirect_uri_empty",Oe="authority_uri_insecure",Me="url_parse_error",xe="empty_url_error",qe="empty_input_scopes_error",Ne="invalid_claims",Ue="token_request_empty",Le="logout_request_empty",Fe="pkce_params_missing",He="invalid_cloud_discovery_metadata",De="invalid_authority_metadata",$e="untrusted_authority",Ke="missing_ssh_jwk",Be="missing_ssh_kid",ze="missing_nonce_authentication_header",je="invalid_authentication_header",Je="cannot_set_OIDCOptions",We="cannot_allow_platform_broker",Ge="authority_mismatch",Qe="invalid_request_method_for_EAR",Ve="invalid_platform_broker_configuration",Ye="issuer_validation_failed";var Ze=Object.freeze({__proto__:null,authorityMismatch:Ge,authorityUriInsecure:Oe,cannotAllowPlatformBroker:We,cannotSetOIDCOptions:Je,claimsRequestParsingError:"claims_request_parsing_error",emptyInputScopesError:qe,invalidAuthenticationHeader:je,invalidAuthorityMetadata:De,invalidClaims:Ne,invalidCloudDiscoveryMetadata:He,invalidCodeChallengeMethod:"invalid_code_challenge_method",invalidPlatformBrokerConfiguration:Ve,invalidRequestMethodForEAR:Qe,issuerValidationFailed:Ye,logoutRequestEmpty:Le,missingNonceAuthenticationHeader:ze,missingSshJwk:Ke,missingSshKid:Be,pkceParamsMissing:Fe,redirectUriEmpty:Re,tokenRequestEmpty:Ue,untrustedAuthority:$e,urlEmptyError:xe,urlParseError:Me});const Xe="client_info_decoding_error",et="client_info_empty_error",tt="token_parsing_error",rt="null_or_empty_token",ot="endpoints_resolution_error",nt="network_error",it="openid_config_error",st="hash_not_deserialized",at="invalid_state",ct="state_mismatch",lt="state_not_found",ht="nonce_mismatch",dt="multiple_matching_appMetadata",ut="request_cannot_be_made",gt="cannot_remove_empty_scope",pt="cannot_append_scopeset",mt="empty_input_scopeset",ft="no_account_in_silent_request",yt="invalid_cache_record",It="invalid_cache_environment",wt="no_account_found",Ct="no_crypto_object",vt="token_refresh_required",kt="token_claims_cnf_required_for_signedjwt",Tt="authorization_code_missing_from_server_response",bt="binding_key_not_removed",At="end_session_endpoint_not_supported",St="key_id_missing",_t="no_network_connectivity",Et="user_canceled",Pt="method_not_implemented",Rt="nested_app_auth_bridge_disabled",Ot="resource_parameter_required",Mt="misplaced_resource_parameter";var xt=Object.freeze({__proto__:null,authorizationCodeMissingFromServerResponse:Tt,bindingKeyNotRemoved:bt,cannotAppendScopeSet:pt,cannotRemoveEmptyScope:gt,clientInfoDecodingError:Xe,clientInfoEmptyError:et,emptyInputScopeSet:mt,endSessionEndpointNotSupported:At,endpointResolutionError:ot,hashNotDeserialized:st,invalidCacheEnvironment:It,invalidCacheRecord:yt,invalidState:at,keyIdMissing:St,methodNotImplemented:Pt,misplacedResourceParam:Mt,multipleMatchingAppMetadata:dt,multipleMatchingTokens:"multiple_matching_tokens",nestedAppAuthBridgeDisabled:Rt,networkError:nt,noAccountFound:wt,noAccountInSilentRequest:ft,noCryptoObject:Ct,noNetworkConnectivity:_t,nonceMismatch:ht,nullOrEmptyToken:rt,openIdConfigError:it,platformBrokerError:"platform_broker_error",requestCannotBeMade:ut,resourceParameterRequired:Ot,stateMismatch:ct,stateNotFound:lt,tokenClaimsCnfRequiredForSignedJwt:kt,tokenParsingError:tt,tokenRefreshRequired:vt,unexpectedCredentialType:"unexpected_credential_type",userCanceled:Et});class qt{constructor(e,t){this.correlationId=t;const r=e?_e.trimArrayEntries([...e]):[],o=r?_e.removeEmptyStringsFromArray(r):[];if(!o||!o.length)throw Se(qe,t);this.scopes=new Set,o.forEach((e=>this.scopes.add(e)))}static fromString(e,t){const r=(e||"").split(" ");return new qt(r,t)}static createSearchScopes(e,t){const r=e&&e.length>0?e:[...f],o=new qt(r,t);return o.containsOnlyOIDCScopes()?o.removeScope(c):o.removeOIDCScopes(),o}containsScope(e){const t=this.printScopesLowerCase().split(" "),r=new qt(t,this.correlationId);return!!e&&r.scopes.has(e.toLowerCase())}containsScopeSet(e){return!(!e||e.scopes.size<=0)&&(this.scopes.size>=e.scopes.size&&e.asArray().every((e=>this.containsScope(e))))}containsOnlyOIDCScopes(){let e=0;return y.forEach((t=>{this.containsScope(t)&&(e+=1)})),this.scopes.size===e}appendScope(e){e&&this.scopes.add(e.trim())}appendScopes(e){try{e.forEach((e=>this.appendScope(e)))}catch(e){throw Pe(pt,this.correlationId)}}removeScope(e){if(!e)throw Pe(gt,this.correlationId);this.scopes.delete(e.trim())}removeOIDCScopes(){y.forEach((e=>{this.scopes.delete(e)}))}unionScopeSets(e){if(!e)throw Pe(mt,this.correlationId);const t=new Set;return e.scopes.forEach((e=>t.add(e.toLowerCase()))),this.scopes.forEach((e=>t.add(e.toLowerCase()))),t}intersectingScopeSets(e){if(!e)throw Pe(mt,this.correlationId);e.containsOnlyOIDCScopes()||e.removeOIDCScopes();const t=this.unionScopeSets(e),r=e.getScopeCount(),o=this.getScopeCount();return t.size<o+r}getScopeCount(){return this.scopes.size}asArray(){const e=[];return this.scopes.forEach((t=>e.push(t))),e}printScopes(){if(this.scopes){return this.asArray().join(" ")}return""}printScopesLowerCase(){return this.printScopes().toLowerCase()}}function Nt(e,t,r){if(!t)return;const o=e.get(ge);o&&e.has(we)&&r?.addFields({embeddedClientId:o,embeddedRedirectUri:e.get(pe)},t)}function Ut(e,t){e.set("response_type",t)}function Lt(e,t,r,o=!0,n=f){!o||n.includes("openid")||t.includes("openid")||n.push("openid");const i=o?[...t||[],...n]:t||[],s=new qt(i,r);e.set("scope",s.printScopes())}function Ft(e,t){e.set(ge,t)}function Ht(e,t){e.set(pe,t)}function Dt(e,t){e.set("login_hint",t)}function $t(e,t){e.set(v,`UPN:${t}`)}function Kt(e,t){e.set(v,`Oid:${t.uid}@${t.utid}`)}function Bt(e,t){e.set("sid",t)}function zt(e,t,r,o,n){const i=nr(r,n&&e.has(we)?void 0:o,t);e.set("claims",i)}function jt(e,t){e.set("client-request-id",t)}function Jt(e,t){e.set("x-client-SKU",t.sku),e.set("x-client-VER",t.version),t.os&&e.set("x-client-OS",t.os),t.cpu&&e.set("x-client-CPU",t.cpu)}function Wt(e,t){t?.appName&&e.set("x-app-name",t.appName),t?.appVersion&&e.set("x-app-ver",t.appVersion)}function Gt(e,t){t&&e.set("state",t)}function Qt(e,t,r){if(!t||!r)throw Se(Fe,"");e.set("code_challenge",t),e.set("code_challenge_method",r)}function Vt(e,t){e.set("client_secret",t)}function Yt(e,t){t&&e.set("client_assertion",t)}function Zt(e,t){t&&e.set("client_assertion_type",t)}function Xt(e,t){e.set("grant_type",t)}function er(e){e.set("client_info","1")}function tr(e){e.has(ve)||e.set(ve,"true")}function rr(e,t){Object.entries(t).forEach((([t,r])=>{!e.has(t)&&r&&e.set(t,r)}))}const or={[x]:{essential:!1},[q]:{essential:!1}};function nr(e,t,r=""){let o;if(e)try{const t=JSON.parse(e);if("object"!=typeof t||null===t||Array.isArray(t))throw new Error("Claims must be a JSON object");o=t}catch(e){throw Se(Ne,r)}else o={};Object.prototype.hasOwnProperty.call(o,M)||(o[M]={});const n=o[M];for(const[e,t]of Object.entries(or))e in n||(n[e]=t);return t&&t.length>0&&(Object.prototype.hasOwnProperty.call(o,R)||(o[R]={}),o[R][O]={values:t}),JSON.stringify(o)}function ir(e,t){t&&(e.set(me,X.POP),e.set(fe,t))}function sr(e,t){t&&(e.set(me,X.SSH),e.set(fe,t))}function ar(e,t){e.set("x-client-current-telemetry",t.generateCurrentRequestHeaderValue()),e.set("x-client-last-telemetry",t.generateLastRequestHeaderValue())}function cr(e){e.set("x-ms-lib-capability","retry-after, h429")}function lr(e,t,r){e.has(we)||e.set(we,t),e.has(Ce)||e.set(Ce,r)}function hr(e,t){t&&e.set("resource",t)}function dr(e){return e.startsWith("#/")?e.substring(2):e.startsWith("#")||e.startsWith("?")?e.substring(1):e}function ur(e){if(!e||e.indexOf("=")<0)return null;try{const t=dr(e),r=Object.fromEntries(new URLSearchParams(t));if(r.code||r.ear_jwe||r.error||r.error_description||r.state)return r}catch(e){throw Pe(st,"")}return null}function gr(e){const t=new Array;return e.forEach(((e,r)=>{t.push(`${r}=${encodeURIComponent(e)}`)})),t.join("&")}function pr(e,t,r){if(!e)return e;const o=e.split("#")[0];if(!o)return o;try{const e=new URL(o);let t;e.search||(e.search="");try{t=decodeURIComponent(e.pathname)}catch(r){t=e.pathname}return t.endsWith("/")||(t+="/"),e.pathname=t,e.href}catch(e){throw t?.error(`15apdm ${e}`,r||""),Se(Me,r||"")}}const mr={createNewGuid:()=>{throw Pe(Pt,"")},base64Decode:()=>{throw Pe(Pt,"")},base64Encode:()=>{throw Pe(Pt,"")},base64UrlEncode:()=>{throw Pe(Pt,"")},encodeKid:()=>{throw Pe(Pt,"")},async getPublicKeyThumbprint(){throw Pe(Pt,"")},async removeTokenBindingKey(){throw Pe(Pt,"")},async clearKeystore(){throw Pe(Pt,"")},async signJwt(){throw Pe(Pt,"")},async hashString(){throw Pe(Pt,"")}};var fr;e.LogLevel=void 0,(fr=e.LogLevel||(e.LogLevel={}))[fr.Error=0]="Error",fr[fr.Warning=1]="Warning",fr[fr.Info=2]="Info",fr[fr.Verbose=3]="Verbose",fr[fr.Trace=4]="Trace";const yr=new Map;function Ir(e,t){const r=Date.now();let o=yr.get(e);if(o)!function(e,t){yr.delete(e),yr.set(e,t)}(e,o);else if(o={logs:[],firstEventTime:r},yr.set(e,o),yr.size>50){const e=yr.keys().next().value;void 0!==e&&yr.delete(e)}o.logs.push({...t,milliseconds:r-o.firstEventTime}),o.logs.length>500&&o.logs.shift()}class wr{constructor(t,r,o){this.level=e.LogLevel.Info;const n=t||wr.createDefaultLoggerOptions();this.localCallback=n.loggerCallback||(()=>{}),this.piiLoggingEnabled=n.piiLoggingEnabled||!1,this.level="number"==typeof n.logLevel?n.logLevel:e.LogLevel.Info,this.packageName=r||"",this.packageVersion=o||""}static createDefaultLoggerOptions(){return{loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:e.LogLevel.Info}}clone(e,t){return new wr({loggerCallback:this.localCallback,piiLoggingEnabled:this.piiLoggingEnabled,logLevel:this.level},e,t)}logMessage(t,r){const o=r.correlationId,n=function(e){if(e.length<6)return null;if(e.length>6&&" "!==e[6])return null;for(let t=0;t<6;t++){const r=e[t];if(!(r>="a"&&r<="z"||r>="A"&&r<="Z"||r>="0"&&r<="9"))return null}return e.substring(0,6)}(t);if(n){Ir(o,{hash:n,level:r.logLevel,containsPii:r.containsPii||!1,milliseconds:0})}if(r.logLevel>this.level||!this.piiLoggingEnabled&&r.containsPii)return;const i=`${`[${(new Date).toUTCString()}] : [${o}]`} : ${this.packageName}@${this.packageVersion} : ${e.LogLevel[r.logLevel]} - ${t}`;this.executeCallback(r.logLevel,i,r.containsPii||!1)}executeCallback(e,t,r){this.localCallback&&this.localCallback(e,t,r)}error(t,r){this.logMessage(t,{logLevel:e.LogLevel.Error,containsPii:!1,correlationId:r})}errorPii(t,r){this.logMessage(t,{logLevel:e.LogLevel.Error,containsPii:!0,correlationId:r})}warning(t,r){this.logMessage(t,{logLevel:e.LogLevel.Warning,containsPii:!1,correlationId:r})}warningPii(t,r){this.logMessage(t,{logLevel:e.LogLevel.Warning,containsPii:!0,correlationId:r})}info(t,r){this.logMessage(t,{logLevel:e.LogLevel.Info,containsPii:!1,correlationId:r})}infoPii(t,r){this.logMessage(t,{logLevel:e.LogLevel.Info,containsPii:!0,correlationId:r})}verbose(t,r){this.logMessage(t,{logLevel:e.LogLevel.Verbose,containsPii:!1,correlationId:r})}verbosePii(t,r){this.logMessage(t,{logLevel:e.LogLevel.Verbose,containsPii:!0,correlationId:r})}trace(t,r){this.logMessage(t,{logLevel:e.LogLevel.Trace,containsPii:!1,correlationId:r})}tracePii(t,r){this.logMessage(t,{logLevel:e.LogLevel.Trace,containsPii:!0,correlationId:r})}isPiiLoggingEnabled(){return this.piiLoggingEnabled||!1}}const Cr="@azure/msal-common",vr="16.11.0",kr={None:"none",AzurePublic:"https://login.microsoftonline.com",AzurePpe:"https://login.windows-ppe.net",AzureChina:"https://login.chinacloudapi.cn",AzureGermany:"https://login.microsoftonline.de",AzureUsGovernment:"https://login.microsoftonline.us"};function Tr(e,t,r){const o=function(e,t){if(!e)throw Pe(rt,t);const r=/^([^\.\s]*)\.([^\.\s]+)\.([^\.\s]*)$/.exec(e);if(!r||r.length<4)throw Pe(tt,t);return r[2]}(e,r);try{const e=t(o);return JSON.parse(e)}catch(e){throw Pe(tt,r)}}function br(e){if(!e.signin_state)return!1;const t=["kmsi","dvc_dmjd"];return e.signin_state.some((e=>t.includes(e.trim().toLowerCase())))}function Ar(e,t){return!!e&&!!t&&e===t.split(".")[1]}function Sr(e,t,r,o,n){if(n){const{oid:t,sub:r,tid:i,name:s,tfp:a,acr:c,preferred_username:l,upn:h,login_hint:d}=n,u=i||a||c||"";return{tenantId:u,localAccountId:t||r||"",name:s,username:l||h||"",loginHint:d,isHomeTenant:Ar(u,e),upn:h,...o&&{nativeAccountId:o}}}return{tenantId:r,localAccountId:t,username:"",isHomeTenant:Ar(r,e),...o&&{nativeAccountId:o}}}function _r(e,t,r,o){let n=e;if(t){const{isHomeTenant:r,...o}=t;n={...e,...o}}if(r){const{isHomeTenant:t,...i}=Sr(e.homeAccountId,e.localAccountId,e.tenantId,n.nativeAccountId,r);return n={...n,...i,idTokenClaims:r,idToken:o,kmsi:br(r)},n}return n}class Er{get urlString(){return this._urlString}constructor(e,t){if(this._urlString=e,this.correlationId=t,!this._urlString)throw Se(xe,t);e.includes("#")||(this._urlString=Er.canonicalizeUri(e))}static canonicalizeUri(e){if(e){let t=e.toLowerCase();return _e.endsWith(t,"?")?t=t.slice(0,-1):_e.endsWith(t,"?/")&&(t=t.slice(0,-2)),_e.endsWith(t,"/")||(t+="/"),t}return e}validateAsUri(){let e;try{e=this.getUrlComponents()}catch(e){throw Se(Me,this.correlationId)}if(!e.HostNameAndPort||!e.PathSegments)throw Se(Me,this.correlationId);if(!e.Protocol||"https:"!==e.Protocol.toLowerCase())throw Se(Oe,this.correlationId)}static appendQueryString(e,t){return t?e.indexOf("?")<0?`${e}?${t}`:`${e}&${t}`:e}static removeHashFromUrl(e){return Er.canonicalizeUri(e.split("#")[0])}replaceTenantPath(e){const t=this.getUrlComponents(),r=t.PathSegments;return!e||0===r.length||r[0]!==_&&r[0]!==E||(r[0]=e),Er.constructAuthorityUriFromObject(t,this.correlationId)}getUrlComponents(){const e=RegExp("^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?"),t=this.urlString.match(e);if(!t)throw Se(Me,this.correlationId);const r={Protocol:t[1],HostNameAndPort:t[4],AbsolutePath:t[5],QueryString:t[7]};let o=r.AbsolutePath.split("/");return o=o.filter((e=>e&&e.length>0)),r.PathSegments=o,r.QueryString&&r.QueryString.endsWith("/")&&(r.QueryString=r.QueryString.substring(0,r.QueryString.length-1)),r}static getDomainFromUrl(e,t){const r=RegExp("^([^:/?#]+://)?([^/?#]*)"),o=e.match(r);if(!o)throw Se(Me,t);return o[2]}static getAbsoluteUrl(e,t,r){if("/"===e[0]){const o=new Er(t,r).getUrlComponents();return o.Protocol+"//"+o.HostNameAndPort+e}return e}static constructAuthorityUriFromObject(e,t){return new Er(e.Protocol+"//"+e.HostNameAndPort+"/"+e.PathSegments.join("/"),t)}}const Pr={endpointMetadata:[{host:"login.microsoftonline.com"},{host:"login.chinacloudapi.cn",issuerHost:"login.partner.microsoftonline.cn"},{host:"login.microsoftonline.us"},{host:"login.sovcloud-identity.fr"},{host:"login.sovcloud-identity.de"},{host:"login.sovcloud-identity.sg"}].reduce(((e,{host:t,issuerHost:r})=>(e[t]=function(e,t){return{token_endpoint:`https://${e}/{tenantid}/oauth2/v2.0/token`,jwks_uri:`https://${e}/{tenantid}/discovery/v2.0/keys`,issuer:`https://${t}/{tenantid}/v2.0`,authorization_endpoint:`https://${e}/{tenantid}/oauth2/v2.0/authorize`,end_session_endpoint:`https://${e}/{tenantid}/oauth2/v2.0/logout`}}(t,r||t),e)),{}),instanceDiscoveryMetadata:{metadata:[{preferred_network:"login.microsoftonline.com",preferred_cache:"login.windows.net",aliases:["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"]},{preferred_network:"login.partner.microsoftonline.cn",preferred_cache:"login.partner.microsoftonline.cn",aliases:["login.partner.microsoftonline.cn","login.chinacloudapi.cn"]},{preferred_network:"login.microsoftonline.de",preferred_cache:"login.microsoftonline.de",aliases:["login.microsoftonline.de"]},{preferred_network:"login.microsoftonline.us",preferred_cache:"login.microsoftonline.us",aliases:["login.microsoftonline.us","login.usgovcloudapi.net"]},{preferred_network:"login-us.microsoftonline.com",preferred_cache:"login-us.microsoftonline.com",aliases:["login-us.microsoftonline.com"]},{preferred_network:"login.sovcloud-identity.fr",preferred_cache:"login.sovcloud-identity.fr",aliases:["login.sovcloud-identity.fr"]},{preferred_network:"login.sovcloud-identity.de",preferred_cache:"login.sovcloud-identity.de",aliases:["login.sovcloud-identity.de"]},{preferred_network:"login.sovcloud-identity.sg",preferred_cache:"login.sovcloud-identity.sg",aliases:["login.sovcloud-identity.sg"]},{preferred_network:"login.windows-ppe.net",preferred_cache:"login.windows-ppe.net",aliases:["login.windows-ppe.net","sts.windows-ppe.net","login.microsoft-ppe.com"]}]}},Rr=Pr.endpointMetadata,Or=Pr.instanceDiscoveryMetadata,Mr=new Set;function xr(e,t,r,o,n){if(e.trace(`1bmquz ${n}`,t),r&&o){const i=qr(o,r);if(i)return e.trace(`1fotbt ${n}`,t),i.aliases;e.trace(`14avvj ${n}`,t)}return null}function qr(e,t){for(let r=0;r<e.length;r++){const o=e[r];if(o.aliases.includes(t))return o}return null}Or.metadata.forEach((e=>{e.aliases.forEach((e=>{Mr.add(e)}))}));const Nr="cache_quota_exceeded";class Ur extends Error{constructor(e,t){const r=t||ke(e);super(r),Object.setPrototypeOf(this,Ur.prototype),this.name="CacheError",this.errorCode=e,this.errorMessage=r}}function Lr(e){return e instanceof Error?"QuotaExceededError"===e.name||"NS_ERROR_DOM_QUOTA_REACHED"===e.name||e.message.includes("exceeded the quota")?new Ur(Nr):new Ur(e.name,e.message):new Ur("cache_error_unknown")}function Fr(e,t){if(!e)throw Pe(et,"");try{const r=t(e);return JSON.parse(r)}catch(e){throw Pe(Xe,"")}}function Hr(e){if(!e)throw Pe(Xe,"");const t=e.split(".",2);return{uid:t[0],utid:t.length<2?"":t[1]}}const Dr=0,$r=1,Kr=2,Br=3;function zr(e){if(e){return e.tid||e.tfp||e.acr||null}return null}const jr={AAD:"AAD",OIDC:"OIDC",EAR:"EAR"};function Jr(e){const t=e.tenantProfiles||[];0===t.length&&e.realm&&e.localAccountId&&t.push(Sr(e.homeAccountId,e.localAccountId,e.realm,e.nativeAccountId));const r=t.find((t=>t.tenantId===e.realm)),o=r?.nativeAccountId||e.nativeAccountId;return{homeAccountId:e.homeAccountId,environment:e.environment,tenantId:e.realm,username:e.username,localAccountId:e.localAccountId,loginHint:e.loginHint,name:e.name,nativeAccountId:o,authorityType:e.authorityType,tenantProfiles:new Map(t.map((e=>[e.tenantId,e]))),dataBoundary:e.dataBoundary}}function Wr(e,t,r){const o=Array.from(e.tenantProfiles?.values()||[]);if(0===o.length&&e.tenantId&&e.localAccountId)o.push(Sr(e.homeAccountId,e.localAccountId,e.tenantId,e.nativeAccountId,e.idTokenClaims));else if(e.nativeAccountId){const t=o.find((t=>t.tenantId===e.tenantId));t&&!t.nativeAccountId&&(t.nativeAccountId=e.nativeAccountId)}return{authorityType:e.authorityType||$,homeAccountId:e.homeAccountId,localAccountId:e.localAccountId,nativeAccountId:e.nativeAccountId,realm:e.tenantId,environment:e.environment,username:e.username,loginHint:e.loginHint,name:e.name,cloudGraphHostName:t,msGraphHost:r,tenantProfiles:o,dataBoundary:e.dataBoundary}}function Gr(e,t,r,o,n,i){if(t!==$r&&t!==Kr){if(e)try{const t=Fr(e,o.base64Decode);if(t.uid&&t.utid)return`${t.uid}.${t.utid}`}catch(e){}r.warning("1ub6wv",n)}return i?.sub||""}class Qr{constructor(e,t,r,o,n){this.clientId=e,this.cryptoImpl=t,this.commonLogger=r.clone(Cr,vr),this.staticAuthorityOptions=n,this.performanceClient=o}getAllAccounts(e={},t){return this.buildTenantProfiles(this.getAccountsFilteredBy(e,t),t,e)}getAccountInfoFilteredBy(e,t){if(0===Object.keys(e).length||Object.values(e).every((e=>null==e||""===e)))return this.commonLogger.warning("1skb02",t),null;const r=this.getAllAccounts(e,t);if(r.length>1){return r.sort(((e,t)=>{const r=e.idTokenClaims?1:0;return(t.idTokenClaims?1:0)-r}))[0]}return 1===r.length?r[0]:null}getBaseAccountInfo(e,t){const r=this.getAccountsFilteredBy(e,t);return r.length>0?Jr(r[0]):null}buildTenantProfiles(e,t,r){return e.flatMap((e=>this.getTenantProfilesFromAccountEntity(e,t,r?.tenantId,r)))}getTenantedAccountInfoByFilter(e,t,r,o,n){let i,s=null;if(n&&!this.tenantProfileMatchesFilter(r,n))return null;const a=this.getIdToken(e,o,t,r.tenantId);return a&&(i=Tr(a.secret,this.cryptoImpl.base64Decode,o),!this.idTokenClaimsMatchTenantProfileFilter(i,n))?null:(s=_r(e,r,i,a?.secret),s)}getTenantProfilesFromAccountEntity(e,t,r,o){const n=Jr(e);let i=n.tenantProfiles||new Map;const s=this.getTokenKeys();if(r){const e=i.get(r);if(!e)return[];i=new Map([[r,e]])}const a=[];return i.forEach((e=>{const r=this.getTenantedAccountInfoByFilter(n,s,e,t,o);r&&a.push(r)})),a}tenantProfileMatchesFilter(e,t){return!(t.localAccountId&&!this.matchLocalAccountIdFromTenantProfile(e,t.localAccountId))&&((!t.name||e.name===t.name)&&((void 0===t.isHomeTenant||e.isHomeTenant===t.isHomeTenant)&&(!(t.username&&!this.matchUsername(e.username,t.username)&&!this.matchUsername(e.upn,t.username))&&(!(t.loginHint&&!this.matchLoginHintWithTenantProfile(e,t.loginHint))&&((!t.upn||e.upn===t.upn)&&(!t.nativeAccountId||e.nativeAccountId===t.nativeAccountId))))))}idTokenClaimsMatchTenantProfileFilter(e,t){if(t){if(t.localAccountId&&!this.matchLocalAccountIdFromTokenClaims(e,t.localAccountId))return!1;if(t.loginHint&&!this.matchLoginHintFromTokenClaims(e,t.loginHint))return!1;if(t.username&&!this.matchUsername(e.preferred_username,t.username)&&!this.matchUsername(e.upn,t.username))return!1;if(t.name&&!this.matchName(e,t.name))return!1;if(t.sid&&!this.matchSid(e,t.sid))return!1}return!0}async saveCacheRecord(e,t,r,o,n){if(!e)throw Pe(yt,t);try{e.account&&await this.setAccount(e.account,t,r,o),e.idToken&&!1!==n?.idToken&&await this.setIdTokenCredential(e.idToken,t,r),e.accessToken&&!1!==n?.accessToken&&await this.saveAccessToken(e.accessToken,t,r),e.refreshToken&&!1!==n?.refreshToken&&await this.setRefreshTokenCredential(e.refreshToken,t,r),e.appMetadata&&this.setAppMetadata(e.appMetadata,t)}catch(e){throw this.commonLogger?.error("0j476p",t),e instanceof Te?e:Lr(e)}}async saveAccessToken(e,t,r){const o={clientId:e.clientId,credentialType:e.credentialType,environment:e.environment,homeAccountId:e.homeAccountId,realm:e.realm,tokenType:e.tokenType},n=this.getTokenKeys(),i=qt.fromString(e.target,t);n.accessToken.forEach((e=>{if(!this.accessTokenKeyMatchesFilter(e,o,!1))return;const r=this.getAccessTokenCredential(e,t);if(r&&this.credentialMatchesFilter(r,o,t)){qt.fromString(r.target,t).intersectingScopeSets(i)&&this.removeAccessToken(e,t)}})),await this.setAccessTokenCredential(e,t,r)}getAccountsFilteredBy(e,t){const r=this.getAccountKeys(),o=[];return r.forEach((r=>{const n=this.getAccount(r,t);if(!n)return;if(e.homeAccountId&&!this.matchHomeAccountId(n,e.homeAccountId))return;if(e.environment&&!this.matchEnvironment(n,e.environment,t))return;if(e.realm&&!this.matchRealm(n,e.realm))return;if(e.authorityType&&!this.matchAuthorityType(n,e.authorityType))return;const i={localAccountId:e?.localAccountId,name:e?.name,username:e?.username,loginHint:e?.loginHint,upn:e?.upn,nativeAccountId:e?.nativeAccountId},s=n.tenantProfiles?.filter((e=>this.tenantProfileMatchesFilter(e,i)));s&&0===s.length||o.push(n)})),o}credentialMatchesFilter(e,t,r){if(t.clientId&&!this.matchClientId(e,t.clientId))return!1;if(t.userAssertionHash&&!this.matchUserAssertionHash(e,t.userAssertionHash))return!1;if("string"==typeof t.homeAccountId&&!this.matchHomeAccountId(e,t.homeAccountId))return!1;if(t.environment&&!this.matchEnvironment(e,t.environment,r))return!1;if(t.realm&&!this.matchRealm(e,t.realm))return!1;if(t.credentialType&&!this.matchCredentialType(e,t.credentialType))return!1;if(t.familyId&&!this.matchFamilyId(e,t.familyId))return!1;if(t.target&&!this.matchTarget(e,t.target,r))return!1;if(e.credentialType===K.ACCESS_TOKEN_WITH_AUTH_SCHEME){if(t.tokenType&&!this.matchTokenType(e,t.tokenType))return!1;if(t.tokenType===X.SSH&&t.keyId&&!this.matchKeyId(e,t.keyId))return!1}const o=e.additionalCacheKeyComponents,n=t.additionalCacheKeyComponents,i=!!o&&Object.keys(o).length>0,s=!!n&&Object.keys(n).length>0;if(i!==s)return!1;if(i&&s){const e=Object.keys(o).sort(),t=Object.keys(n).sort();if(e.length!==t.length)return!1;for(let r=0;r<e.length;r++)if(e[r]!==t[r]||o[e[r]]!==n[t[r]])return!1}return!0}getAppMetadataFilteredBy(e,t){const r=this.getKeys(),o={};return r.forEach((r=>{if(!this.isAppMetadata(r))return;const n=this.getAppMetadata(r,t);n&&(e.environment&&!this.matchEnvironment(n,e.environment,t)||e.clientId&&!this.matchClientId(n,e.clientId)||(o[r]=n))})),o}getAuthorityMetadataByAlias(e,t){const r=this.getAuthorityMetadataKeys();let o=null;return r.forEach((r=>{if(!this.isAuthorityMetadata(r)||-1===r.indexOf(this.clientId))return;const n=this.getAuthorityMetadata(r,t);n&&-1!==n.aliases.indexOf(e)&&(o=n)})),o}removeAllAccounts(e){this.getAllAccounts({},e).forEach((t=>{this.removeAccount(t,e)}))}removeAccount(e,t){this.removeAccountContext(e,t);this.getAccountKeys().filter((t=>t.includes(e.homeAccountId)&&t.includes(e.environment))).forEach((e=>{this.removeItem(e,t),this.performanceClient.incrementFields({accountsRemoved:1},t)}))}removeAccountContext(e,t){const r=this.getTokenKeys(),o=t=>t.includes(e.homeAccountId)&&t.includes(e.environment);r.idToken.filter(o).forEach((e=>{this.removeIdToken(e,t)})),r.accessToken.filter(o).forEach((e=>{this.removeAccessToken(e,t)})),r.refreshToken.filter(o).forEach((e=>{this.removeRefreshToken(e,t)}))}removeAccessToken(e,t){const r=this.getAccessTokenCredential(e,t);if(r&&(this.removeItem(e,t),this.performanceClient.incrementFields({accessTokensRemoved:1},t),r.credentialType.toLowerCase()===K.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()&&r.tokenType===X.POP)){const e=r.keyId;e&&this.cryptoImpl.removeTokenBindingKey(e,t).catch((()=>{this.commonLogger.error(`0cx291 ${e}`,t),this.performanceClient?.incrementFields({removeTokenBindingKeyFailure:1},t)}))}}removeAppMetadata(e){return this.getKeys().forEach((t=>{this.isAppMetadata(t)&&this.removeItem(t,e)})),!0}getIdToken(e,t,r,o){this.commonLogger.trace("1drz22",t);const n={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:K.ID_TOKEN,clientId:this.clientId,realm:o},i=this.getIdTokensByFilter(n,t,r),s=i.size;if(s<1)return this.commonLogger.info("1atvtd",t),null;if(s>1){let r=i;if(!o){const o=new Map;i.forEach(((t,r)=>{t.realm===e.tenantId&&o.set(r,t)}));const n=o.size;if(n<1)return this.commonLogger.info("0ooalx",t),i.values().next().value??null;if(1===n)return this.commonLogger.info("1eq2vc",t),o.values().next().value??null;r=o}return this.commonLogger.info("1ws328",t),r.forEach(((e,r)=>{this.removeIdToken(r,t)})),this.performanceClient.addFields({multiMatchedID:i.size},t),null}return this.commonLogger.info("1sm769",t),i.values().next().value??null}getIdTokensByFilter(e,t,r){const o=r&&r.idToken||this.getTokenKeys().idToken,n=new Map;return o.forEach((r=>{if(!this.idTokenKeyMatchesFilter(r,{clientId:this.clientId,...e}))return;const o=this.getIdTokenCredential(r,t);o&&this.credentialMatchesFilter(o,e,t)&&n.set(r,o)})),n}idTokenKeyMatchesFilter(e,t){const r=e.toLowerCase();return(!t.clientId||-1!==r.indexOf(t.clientId.toLowerCase()))&&(!t.homeAccountId||-1!==r.indexOf(t.homeAccountId.toLowerCase()))}removeIdToken(e,t){this.removeItem(e,t)}removeRefreshToken(e,t){this.removeItem(e,t)}getAccessToken(e,t,r,o){const n=t.correlationId;this.commonLogger.trace("1t7hz1",n);const i=qt.createSearchScopes(t.scopes,n),s=t.authenticationScheme||X.BEARER,a=s&&s.toLowerCase()!==X.BEARER.toLowerCase()?K.ACCESS_TOKEN_WITH_AUTH_SCHEME:K.ACCESS_TOKEN,c={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:a,clientId:this.clientId,realm:o||e.tenantId,target:i,tokenType:s,keyId:t.sshKid},l=r&&r.accessToken||this.getTokenKeys().accessToken,h=[];l.forEach((e=>{if(this.accessTokenKeyMatchesFilter(e,c,!0)){const t=this.getAccessTokenCredential(e,n);t&&this.credentialMatchesFilter(t,c,n)&&h.push(t)}}));const d=h.length;return d<1?(this.commonLogger.info("1nckna",n),null):d>1?(this.commonLogger.info("1wkfwp",n),h.forEach((e=>{this.removeAccessToken(this.generateCredentialKey(e),n)})),this.performanceClient.addFields({multiMatchedAT:h.length},n),null):(this.commonLogger.info("06yt98",n),h[0])}accessTokenKeyMatchesFilter(e,t,r){const o=e.toLowerCase();if(t.clientId&&-1===o.indexOf(t.clientId.toLowerCase()))return!1;if(t.homeAccountId&&-1===o.indexOf(t.homeAccountId.toLowerCase()))return!1;if(t.realm&&-1===o.indexOf(t.realm.toLowerCase()))return!1;if(t.target){const e=t.target.asArray();for(let t=0;t<e.length;t++){if(r&&!o.includes(e[t].toLowerCase()))return!1;if(!r&&o.includes(e[t].toLowerCase()))return!0}}return!0}getAccessTokensByFilter(e,t){const r=this.getTokenKeys(),o=[];return r.accessToken.forEach((r=>{if(!this.accessTokenKeyMatchesFilter(r,e,!0))return;const n=this.getAccessTokenCredential(r,t);n&&this.credentialMatchesFilter(n,e,t)&&o.push(n)})),o}getRefreshToken(e,t,r,o){this.commonLogger.trace("0x53vi",r);const n=t?z:void 0,i={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:K.REFRESH_TOKEN,clientId:this.clientId,familyId:n},s=o&&o.refreshToken||this.getTokenKeys().refreshToken,a=[];s.forEach((e=>{if(this.refreshTokenKeyMatchesFilter(e,i)){const t=this.getRefreshTokenCredential(e,r);t&&this.credentialMatchesFilter(t,i,r)&&a.push(t)}}));const c=a.length;return c<1?(this.commonLogger.info("0dlw11",r),null):(c>1&&this.performanceClient.addFields({multiMatchedRT:c},r),this.commonLogger.info("0wcnep",r),a[0])}refreshTokenKeyMatchesFilter(e,t){const r=e.toLowerCase();return(!t.familyId||-1!==r.indexOf(t.familyId.toLowerCase()))&&(!(!t.familyId&&t.clientId&&-1===r.indexOf(t.clientId.toLowerCase()))&&(!t.homeAccountId||-1!==r.indexOf(t.homeAccountId.toLowerCase())))}readAppMetadataFromCache(e,t){const r={environment:e,clientId:this.clientId},o=this.getAppMetadataFilteredBy(r,t),n=Object.keys(o).map((e=>o[e])),i=n.length;if(i<1)return null;if(i>1)throw Pe(dt,t);return n[0]}isAppMetadataFOCI(e,t){const r=this.readAppMetadataFromCache(e,t);return!(!r||r.familyId!==z)}matchHomeAccountId(e,t){return!("string"!=typeof e.homeAccountId||t!==e.homeAccountId)}matchLocalAccountIdFromTokenClaims(e,t){return t===(e.oid||e.sub)}matchLocalAccountIdFromTenantProfile(e,t){return e.localAccountId===t}matchName(e,t){return!(t.toLowerCase()!==e.name?.toLowerCase())}matchUsername(e,t){return!(!e||"string"!=typeof e||t?.toLowerCase()!==e.toLowerCase())}matchLoginHintWithTenantProfile(e,t){return e.loginHint===t||e.username===t||e.upn===t}matchUserAssertionHash(e,t){return!(!e.userAssertionHash||t!==e.userAssertionHash)}matchEnvironment(e,t,r){if(this.staticAuthorityOptions){const o=function(e,t,r){let o;const n=e.canonicalAuthority;if(n){const i=new Er(n,r).getUrlComponents().HostNameAndPort;o=xr(t,r,i,e.cloudDiscoveryMetadata?.metadata,J)||xr(t,r,i,Or.metadata,Q)||e.knownAuthorities}return o||[]}(this.staticAuthorityOptions,this.commonLogger,r);if(o.includes(t)&&o.includes(e.environment))return!0}const o=this.getAuthorityMetadataByAlias(t,r);return!!(o&&o.aliases.indexOf(e.environment)>-1)}matchCredentialType(e,t){return e.credentialType&&t.toLowerCase()===e.credentialType.toLowerCase()}matchClientId(e,t){return!(!e.clientId||t!==e.clientId)}matchFamilyId(e,t){return!(!e.familyId||t!==e.familyId)}matchRealm(e,t){return!(e.realm?.toLowerCase()!==t.toLowerCase())}matchLoginHintFromTokenClaims(e,t){return e.login_hint===t||(e.preferred_username===t||(e.upn===t||!(!e.emails||!e.emails.includes(t))))}matchSid(e,t){return e.sid===t}matchAuthorityType(e,t){return!(!e.authorityType||t.toLowerCase()!==e.authorityType.toLowerCase())}matchTarget(e,t,r){if(e.credentialType!==K.ACCESS_TOKEN&&e.credentialType!==K.ACCESS_TOKEN_WITH_AUTH_SCHEME||!e.target)return!1;return qt.fromString(e.target,r).containsScopeSet(t)}matchTokenType(e,t){return!(!e.tokenType||e.tokenType!==t)}matchKeyId(e,t){return!(!e.keyId||e.keyId!==t)}isAppMetadata(e){return-1!==e.indexOf(B)}isAuthorityMetadata(e){return-1!==e.indexOf(j)}generateAuthorityMetadataCacheKey(e){return`${j}-${this.clientId}-${e}`}static toObject(e,t){for(const r in t)e[r]=t[r];return e}}class Vr extends Qr{async setAccount(){throw Pe(Pt,"")}getAccount(){throw Pe(Pt,"")}async setIdTokenCredential(){throw Pe(Pt,"")}getIdTokenCredential(){throw Pe(Pt,"")}async setAccessTokenCredential(){throw Pe(Pt,"")}getAccessTokenCredential(){throw Pe(Pt,"")}async setRefreshTokenCredential(){throw Pe(Pt,"")}getRefreshTokenCredential(){throw Pe(Pt,"")}setAppMetadata(){throw Pe(Pt,"")}getAppMetadata(){throw Pe(Pt,"")}setServerTelemetry(){throw Pe(Pt,"")}getServerTelemetry(){throw Pe(Pt,"")}setAuthorityMetadata(){throw Pe(Pt,"")}getAuthorityMetadata(){throw Pe(Pt,"")}getAuthorityMetadataKeys(){throw Pe(Pt,"")}setThrottlingCache(){throw Pe(Pt,"")}getThrottlingCache(){throw Pe(Pt,"")}removeItem(){throw Pe(Pt,"")}getKeys(){throw Pe(Pt,"")}getAccountKeys(){throw Pe(Pt,"")}getTokenKeys(){throw Pe(Pt,"")}generateCredentialKey(){throw Pe(Pt,"")}generateAccountKey(){throw Pe(Pt,"")}}const Yr=1,Zr=2,Xr="ext.",eo=new Set(["accessTokenSize","durationMs","idTokenSize","matsSilentStatus","matsHttpStatus","refreshTokenSize","startTimeMs","status","multiMatchedAT","multiMatchedID","multiMatchedRT","unencryptedCacheCount","encryptedCacheExpiredCount","oldAccountCount","oldAccessCount","oldIdCount","oldRefreshCount","currAccountCount","currAccessCount","currIdCount","currRefreshCount","ttlExpiredAcntCount","ttlExpiredITCount","ttlExpiredATCount","ttlExpiredRTCount","decryptFailedAcntCount","decryptFailedITCount","decryptFailedATCount","decryptFailedRTCount","invalidAcntCount","invalidITCount","invalidATCount","invalidRTCount","expiredATCount","expiredRTCount","upgradedCacheCount","cacheMatchedAccounts","networkRtt","redirectBridgeTimeoutMs","redirectBridgeMessageVersion"]);class to{generateId(){return"callback-id"}startMeasurement(e,t){return{end:()=>null,discard:()=>{},add:()=>{},increment:()=>{},event:{eventId:this.generateId(),status:Yr,authority:"",libraryName:"",libraryVersion:"",clientId:"",name:e,startTimeMs:Date.now(),correlationId:t||""}}}endMeasurement(){return null}discardMeasurements(){}removePerformanceCallback(){return!0}addPerformanceCallback(){return""}emitEvents(){}addFields(){}addGlobalFields(){}incrementFields(){}cacheEventByCorrelationId(){}}const ro={tokenRenewalOffsetSeconds:300,preventCorsPreflight:!1},oo={loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:e.LogLevel.Info,correlationId:""},no={async sendGetRequestAsync(){throw Pe(Pt,"")},async sendPostRequestAsync(){throw Pe(Pt,"")}},io={sku:"msal.js.common",version:vr,cpu:"",os:""},so={clientSecret:"",clientAssertion:void 0},ao={azureCloudInstance:kr.None,tenant:`${r}`},co={application:{appName:"",appVersion:""}};function lo({authOptions:e,systemOptions:t,loggerOptions:r,storageInterface:o,networkInterface:n,cryptoInterface:i,clientCredentials:s,libraryInfo:a,telemetry:c,serverTelemetryManager:l,persistencePlugin:h,serializableCache:d}){const u={...oo,...r};return{authOptions:(g=e,{clientCapabilities:[],azureCloudOptions:ao,instanceAware:!1,isMcp:!1,...g}),systemOptions:{...ro,...t},loggerOptions:u,storageInterface:o||new Vr(e.clientId,mr,new wr(u,Cr,vr),new to),networkInterface:n||no,cryptoInterface:i||mr,clientCredentials:s||so,libraryInfo:{...io,...a},telemetry:{...co,...c},serverTelemetryManager:l||null,persistencePlugin:h||null,serializableCache:d||null};var g}function ho(e){return e.authOptions.authority.options.protocolMode===jr.OIDC}class uo{constructor(e,t){this.cache=e,this.hasChanged=t}get cacheHasChanged(){return this.hasChanged}get tokenCache(){return this.cache}}function go(){return Math.round((new Date).getTime()/1e3)}function po(e){return e.getTime()/1e3}function mo(e){return e?new Date(1e3*Number(e)):new Date}function fo(e,t){const r=Number(e)||0;return go()+t>r}function yo(e,t){const r=Number(e)+24*t*60*60*1e3;return Date.now()>r}function Io(e){return Number(e)>go()}function wo(e,t,r,o,n){return{credentialType:K.ID_TOKEN,homeAccountId:e,environment:t,clientId:o,secret:r,realm:n,lastUpdatedAt:Date.now().toString()}}function Co(e,t,r,o,n,i,s,a,c,l,h,d,u,g,p){const m={homeAccountId:e,credentialType:K.ACCESS_TOKEN,secret:r,cachedAt:go().toString(),expiresOn:s.toString(),extendedExpiresOn:a.toString(),environment:t,clientId:o,realm:n,target:i,tokenType:d||X.BEARER,lastUpdatedAt:Date.now().toString()};if(u&&(m.userAssertionHash=u),h&&(m.refreshOn=h.toString()),m.tokenType?.toLowerCase()!==X.BEARER.toLowerCase())switch(m.credentialType=K.ACCESS_TOKEN_WITH_AUTH_SCHEME,m.tokenType){case X.POP:const e=Tr(r,c,l);if(!e?.cnf?.kid)throw Pe(kt,l);m.keyId=e.cnf.kid;break;case X.SSH:m.keyId=g}return p&&Object.keys(p).length>0&&(m.additionalCacheKeyComponents=p),m}function vo(e,t,r,o,n,i,s){const a={credentialType:K.REFRESH_TOKEN,homeAccountId:e,environment:t,clientId:o,secret:r,lastUpdatedAt:Date.now().toString()};return i&&(a.userAssertionHash=i),n&&(a.familyId=n),s&&(a.expiresOn=s.toString()),a}function ko(e){return e.hasOwnProperty("homeAccountId")&&e.hasOwnProperty("environment")&&e.hasOwnProperty("credentialType")&&e.hasOwnProperty("clientId")&&e.hasOwnProperty("secret")}function To(e){return!!e&&(ko(e)&&e.hasOwnProperty("realm")&&e.hasOwnProperty("target")&&(e.credentialType===K.ACCESS_TOKEN||e.credentialType===K.ACCESS_TOKEN_WITH_AUTH_SCHEME))}function bo(e){return!!e&&(ko(e)&&e.credentialType===K.REFRESH_TOKEN)}function Ao(){return go()+86400}function So(e,t,r){e.authorization_endpoint=t.authorization_endpoint,e.token_endpoint=t.token_endpoint,e.end_session_endpoint=t.end_session_endpoint,e.issuer=t.issuer,e.endpointsFromNetwork=r,e.jwks_uri=t.jwks_uri}function _o(e,t,r){e.aliases=t.aliases,e.preferred_cache=t.preferred_cache,e.preferred_network=t.preferred_network,e.aliasesFromNetwork=r}function Eo(e){return e.expiresAt<=go()}const Po="networkClientSendPostRequestAsync",Ro="refreshTokenClientAcquireTokenWithCachedRefreshToken",Oo="getAuthCodeUrl",Mo="handleCodeResponseFromServer",xo="popTokenGenerateCnf",qo="handleServerTokenResponse",No="authorityUpdateMetadataWithRegionalInformation",Uo="regionDiscoveryGetRegionFromIMDS",Lo=(e,t,r,o,n)=>(...i)=>{r.trace(`1plfzx ${t}`,n);const s=o.startMeasurement(t,n);n&&o.incrementFields({[`ext.${t}CallCount`]:1},n);try{const o=e(...i);return s.end({success:!0}),r.trace(`1g8n6a ${t}`,n),o}catch(e){r.trace(`0cfd8i ${t}`,n);try{r.trace(JSON.stringify(e),n)}catch(e){r.trace("00dty7",n)}throw s.end({success:!1},e),e}},Fo=(e,t,r,o,n)=>(...i)=>{r.trace(`1plfzx ${t}`,n);const s=o.startMeasurement(t,n);return n&&o.incrementFields({[`ext.${t}CallCount`]:1},n),e(...i).then((e=>(r.trace(`1g8n6a ${t}`,n),s.end({success:!0}),e))).catch((e=>{r.trace(`0cfd8i ${t}`,n);try{r.trace(JSON.stringify(e),n)}catch(e){r.trace("00dty7",n)}throw s.end({success:!1},e),e}))},Ho="sw";class Do{constructor(e,t){this.cryptoUtils=e,this.performanceClient=t}async generateCnf(e,t){const r=await Fo(this.generateKid.bind(this),xo,t,this.performanceClient,e.correlationId)(e),o=this.cryptoUtils.base64UrlEncode(JSON.stringify(r));return{kid:r.kid,reqCnfString:o}}async generateKid(e){return{kid:await this.cryptoUtils.getPublicKeyThumbprint(e),xms_ksl:Ho}}async signPopToken(e,t,r){return this.signPayload(e,t,r)}async signPayload(e,t,r,o){const{resourceRequestMethod:n,resourceRequestUri:i,shrClaims:s,shrNonce:a,shrOptions:c}=r,l=i?new Er(i,r.correlationId):void 0,h=l?.getUrlComponents();return this.cryptoUtils.signJwt({at:e,ts:go(),m:n?.toUpperCase(),u:h?.HostNameAndPort,nonce:a||this.cryptoUtils.createNewGuid(),p:h?.AbsolutePath,q:h?.QueryString?[[],h.QueryString]:void 0,client_claims:s||void 0,...o},t,c,r.correlationId)}}const $o="no_tokens_found",Ko="native_account_unavailable",Bo="refresh_token_expired",zo="ui_not_allowed",jo="interaction_required",Jo="consent_required",Wo="login_required",Go="bad_token",Qo="interrupted_user";var Vo=Object.freeze({__proto__:null,badToken:Go,consentRequired:Jo,interactionRequired:jo,interruptedUser:Qo,loginRequired:Wo,nativeAccountUnavailable:Ko,noTokensFound:$o,refreshTokenExpired:Bo,uiNotAllowed:zo});const Yo=[jo,Jo,Wo,Go,zo,Qo],Zo=["message_only","additional_action","basic_action","user_password_expired","consent_required","bad_token","ui_not_allowed","interrupted_user"];class Xo extends Te{constructor(e,t,r,o,n,i,s,a){super(e,t,r,o),Object.setPrototypeOf(this,Xo.prototype),this.timestamp=n||"",this.traceId=i||"",this.claims=s||"",this.name="InteractionRequiredAuthError",this.errorNo=a}}function en(e,t,r){const o=!!e&&Yo.indexOf(e)>-1,n=!!r&&Zo.indexOf(r)>-1,i=!!t&&Yo.some((e=>t.indexOf(e)>-1));return o||i||n}function tn(e,t,r){return new Xo(e,t,r)}class rn extends Te{constructor(e,t,r,o,n,i){super(e,t,r,o),this.name="ServerError",this.errorNo=n,this.status=i,Object.setPrototypeOf(this,rn.prototype)}}function on(e,t,r,o){const n=function(e,t,r){if(!e)throw Pe(Ct,t);const o={id:e.createNewGuid()};r&&(o.meta=r);const n=JSON.stringify(o);return e.base64Encode(n)}(e,o,r);return t?`${n}|${t}`:n}function nn(e,t,r){if(!e)throw Pe(Ct,r);if(!t)throw Pe(at,r);try{const r=t.split("|"),o=r[0],n=r.length>1?r.slice(1).join("|"):"",i=e(o);return{userRequestState:n||"",libraryState:JSON.parse(i)}}catch(e){throw Pe(at,r)}}class sn{constructor(e,t,r,o,n,i,s){this.clientId=e,this.cacheStorage=t,this.cryptoObj=r,this.logger=o,this.performanceClient=n,this.serializableCache=i,this.persistencePlugin=s}validateTokenResponse(e,t,r){if(e.error||e.error_description||e.suberror){const o=`Error(s): ${e.error_codes||d} - Timestamp: ${e.timestamp||d} - Description: ${e.error_description||d} - Correlation ID: ${e.correlation_id||d} - Trace ID: ${e.trace_id||d}`,n=e.error_codes?.length?e.error_codes[0]:void 0,i=new rn(e.error||"",e.correlation_id||"",o,e.suberror,n,e.status);if(r&&e.status&&e.status>=500&&e.status<=599)return void this.logger.warning(`16ks7j ${i}`,t);if(r&&e.status&&e.status>=400&&e.status<=499)return void this.logger.warning(`0g61x3 ${i}`,t);if(en(e.error,e.error_description,e.suberror))throw new Xo(e.error||"",e.correlation_id||"",e.error_description,e.suberror,e.timestamp||"",e.trace_id||"",e.claims||"",n);throw i}}async handleServerTokenResponse(e,t,r,o,n,i,s,a,c,l,h){let d,u;if(e.id_token&&(d=Tr(e.id_token||"",this.cryptoObj.base64Decode,o.correlationId),i&&i.nonce&&d.nonce!==i.nonce))throw Pe(ht,o.correlationId);this.homeAccountIdentifier=Gr(e.client_info||"",t.authorityType,this.logger,this.cryptoObj,o.correlationId,d),i&&i.state&&(u=nn(this.cryptoObj.base64Decode,i.state,o.correlationId)),e.key_id=e.key_id||o.sshKid||void 0;const g=this.generateCacheRecord(e,t,r,o,d,s,i,h);let p;try{if(this.persistencePlugin&&this.serializableCache&&(this.logger.verbose("0jbz5k",o.correlationId),p=new uo(this.serializableCache,!0),await this.persistencePlugin.beforeCacheAccess(p)),a&&!c&&g.account){if(this.cacheStorage.getAllAccounts({homeAccountId:g.account.homeAccountId,environment:g.account.environment},o.correlationId).length<1)return this.logger.warning("1gmt66",o.correlationId),this.performanceClient?.addFields({acntLoggedOut:!0},o.correlationId),await sn.generateAuthenticationResult(this.cryptoObj,t,g,!1,o,this.performanceClient,d,u,void 0,l)}await this.cacheStorage.saveCacheRecord(g,o.correlationId,br(d||{}),n,o.storeInCache)}finally{this.persistencePlugin&&this.serializableCache&&p&&(this.logger.verbose("1bh17u",o.correlationId),await this.persistencePlugin.afterCacheAccess(p))}return sn.generateAuthenticationResult(this.cryptoObj,t,g,!1,o,this.performanceClient,d,u,e,l)}generateCacheRecord(e,t,r,o,n,i,s,a){const c=t.getPreferredCache();if(!c)throw Pe(It,o.correlationId);const l=zr(n);let h,d;e.id_token&&n&&(h=wo(this.homeAccountIdentifier,c,e.id_token,this.clientId,l||""),d=an(this.cacheStorage,t,this.homeAccountIdentifier,this.cryptoObj.base64Decode,o.correlationId,n,e.client_info,c,l,s,void 0,this.logger,this.performanceClient));let u=null;if(e.access_token){const n=e.scope?qt.fromString(e.scope,o.correlationId):new qt(o.scopes||[],o.correlationId),s=("string"==typeof e.expires_in?parseInt(e.expires_in,10):e.expires_in)||0,h=("string"==typeof e.ext_expires_in?parseInt(e.ext_expires_in,10):e.ext_expires_in)||0,d=("string"==typeof e.refresh_in?parseInt(e.refresh_in,10):e.refresh_in)||void 0,g=r+s,p=g+h,m=d&&d>0?r+d:void 0;u=Co(this.homeAccountIdentifier,c,e.access_token,this.clientId,l||t.tenant||"",n.printScopes(),g,p,this.cryptoObj.base64Decode,o.correlationId,m,e.token_type,i,e.key_id,a);const f=o.resource||null;f&&(u.resource=f)}let g=null;if(e.refresh_token){let t;if(e.refresh_token_expires_in){t=r+("string"==typeof e.refresh_token_expires_in?parseInt(e.refresh_token_expires_in,10):e.refresh_token_expires_in),this.performanceClient?.addFields({ntwkRtExpiresOnSeconds:t},o.correlationId)}g=vo(this.homeAccountIdentifier,c,e.refresh_token,this.clientId,e.foci,i,t)}let p=null;return e.foci&&(p={clientId:this.clientId,environment:c,familyId:e.foci}),{account:d,idToken:h,accessToken:u,refreshToken:g,appMetadata:p}}static async generateAuthenticationResult(e,t,r,o,n,i,s,a,c,l){let h,d,u="",g=[],p=null,m="";if(r.accessToken){if(r.accessToken.tokenType!==X.POP||n.popKid)u=r.accessToken.secret;else{const t=new Do(e,i),{secret:o,keyId:s}=r.accessToken;if(!s)throw Pe(St,n.correlationId);u=await t.signPopToken(o,s,n)}g=qt.fromString(r.accessToken.target,n.correlationId).asArray(),p=mo(r.accessToken.expiresOn),h=mo(r.accessToken.extendedExpiresOn),r.accessToken.refreshOn&&(d=mo(r.accessToken.refreshOn))}r.appMetadata&&(m=r.appMetadata.familyId===z?z:"");const f=s?.oid||s?.sub||"",y=s?.tid||"";if(c?.spa_accountid&&r.account){r.account.nativeAccountId=c?.spa_accountid;const e=y||r.account.realm;if(r.account.tenantProfiles){const t=r.account.tenantProfiles.find((t=>t.tenantId===e));t&&(t.nativeAccountId=c.spa_accountid)}}const I=r.account?_r(Jr(r.account),void 0,s,r.idToken?.secret):null;return{authority:t.canonicalAuthority,uniqueId:f,tenantId:y,scopes:g,account:I,idToken:r?.idToken?.secret||"",idTokenClaims:s||{},accessToken:u,fromCache:o,expiresOn:p,extExpiresOn:h,refreshOn:d,correlationId:n.correlationId,requestId:l||"",familyId:m,tokenType:r.accessToken?.tokenType||"",state:a?a.userRequestState:"",cloudGraphHostName:r.account?.cloudGraphHostName||"",msGraphHost:r.account?.msGraphHost||"",code:c?.spa_code,fromPlatformBroker:!1}}}function an(e,t,r,o,n,i,s,a,c,l,h,d,u){d?.verbose("09jz0t",n);const g=a||t.getPreferredCache(),p=e.getAccountsFilteredBy({homeAccountId:r,environment:g},n);u?.addFields({cacheMatchedAccounts:p.length},n),p.length>1&&d?.warning("0x7ad1",n);const m=(1===p.length?p[0]:null)||function(e,t,r,o){let n,i,s;n=t.authorityType===$r?"ADFS":t.protocolMode===jr.OIDC?$:"MSSTS",e.clientInfo&&o&&(i=Fr(e.clientInfo,o),i.xms_tdbr&&(s="EU"===i.xms_tdbr?"EU":"None"));const a=e.environment||t&&t.getPreferredCache();if(!a)throw Pe(It,r);const c=e.idTokenClaims?.preferred_username||e.idTokenClaims?.upn,l=e.idTokenClaims?.emails?e.idTokenClaims.emails[0]:null,h=c||l||"",d=e.idTokenClaims?.login_hint,u=i?.utid||zr(e.idTokenClaims)||"",g=i?.uid||e.idTokenClaims?.oid||e.idTokenClaims?.sub||"";let p;p=e.tenantProfiles?e.tenantProfiles:[Sr(e.homeAccountId,g,u,e.nativeAccountId,e.idTokenClaims)];return{homeAccountId:e.homeAccountId,environment:a,realm:u,localAccountId:g,username:h,aut