@agent-link/server 0.1.192 → 0.1.193

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/dist/http.js +51 -2
  2. package/dist/http.js.map +1 -1
  3. package/dist/session-manager.d.ts +1 -0
  4. package/dist/session-manager.js.map +1 -1
  5. package/dist/ws-agent.js +2 -0
  6. package/dist/ws-agent.js.map +1 -1
  7. package/package.json +1 -1
  8. package/web/dist/assets/index-DRhfV4kf.css +1 -0
  9. package/web/dist/assets/{index-D4gKehvk.js → index-E_1g9cLS.js} +38 -38
  10. package/web/dist/assets/index-E_1g9cLS.js.map +1 -0
  11. package/web/dist/assets/msalAuth-WkFcBdsE.js +8 -0
  12. package/web/dist/assets/msalAuth-WkFcBdsE.js.map +1 -0
  13. package/web/dist/index.html +2 -2
  14. package/web/dist/assets/index-D4gKehvk.js.map +0 -1
  15. package/web/dist/assets/index-M_TTf7pv.css +0 -1
package/web/dist/assets/msalAuth-WkFcBdsE.js ADDED
@@ -0,0 +1,8 @@
1
+ /*! @azure/msal-common v14.16.1 2025-08-05 */const u={LIBRARY_NAME:"MSAL.JS",SKU:"msal.js.common",CACHE_PREFIX:"msal",DEFAULT_AUTHORITY:"https://login.microsoftonline.com/common/",DEFAULT_AUTHORITY_HOST:"login.microsoftonline.com",DEFAULT_COMMON_TENANT:"common",ADFS:"adfs",DSTS:"dstsv2",AAD_INSTANCE_DISCOVERY_ENDPT:"https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=",CIAM_AUTH_URL:".ciamlogin.com",AAD_TENANT_DOMAIN_SUFFIX:".onmicrosoft.com",RESOURCE_DELIM:"|",NO_ACCOUNT:"NO_ACCOUNT",CLAIMS:"claims",CONSUMER_UTID:"9188040d-6c67-4c5b-b112-36a304b66dad",OPENID_SCOPE:"openid",PROFILE_SCOPE:"profile",OFFLINE_ACCESS_SCOPE:"offline_access",EMAIL_SCOPE:"email",CODE_RESPONSE_TYPE:"code",CODE_GRANT_TYPE:"authorization_code",RT_GRANT_TYPE:"refresh_token",FRAGMENT_RESPONSE_MODE:"fragment",S256_CODE_CHALLENGE_METHOD:"S256",URL_FORM_CONTENT_TYPE:"application/x-www-form-urlencoded;charset=utf-8",AUTHORIZATION_PENDING:"authorization_pending",NOT_DEFINED:"not_defined",EMPTY_STRING:"",NOT_APPLICABLE:"N/A",NOT_AVAILABLE:"Not Available",FORWARD_SLASH:"/",IMDS_ENDPOINT:"http://169.254.169.254/metadata/instance/compute/location",IMDS_VERSION:"2020-06-01",IMDS_TIMEOUT:2e3,AZURE_REGION_AUTO_DISCOVER_FLAG:"TryAutoDetect",REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX:"login.microsoft.com",KNOWN_PUBLIC_CLOUDS:["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"],TOKEN_RESPONSE_TYPE:"token",ID_TOKEN_RESPONSE_TYPE:"id_token",SHR_NONCE_VALIDITY:240,INVALID_INSTANCE:"invalid_instance"},Je={CLIENT_ERROR_RANGE_START:400,CLIENT_ERROR_RANGE_END:499,SERVER_ERROR_RANGE_START:500,SERVER_ERROR_RANGE_END:599},xe=[u.OPENID_SCOPE,u.PROFILE_SCOPE,u.OFFLINE_ACCESS_SCOPE],Bn=[...xe,u.EMAIL_SCOPE],F={CONTENT_TYPE:"Content-Type",CONTENT_LENGTH:"Content-Length",RETRY_AFTER:"Retry-After",CCS_HEADER:"X-AnchorMailbox",WWWAuthenticate:"WWW-Authenticate",AuthenticationInfo:"Authentication-Info",X_MS_REQUEST_ID:"x-ms-request-id",X_MS_HTTP_VERSION:"x-ms-httpver"},H={ID_TOKEN:"idtoken",CLIENT_INFO:"client.info",ADAL_ID_TOKEN:"adal.idtoken",ERROR:"error",ERROR_DESC:"error.description",ACTIVE_ACCOUNT:"active-account",ACTIVE_ACCOUNT_FILTERS:"active-account-filters"},me={COMMON:"common",ORGANIZATIONS:"organizations",CONSUMERS:"consumers"},Xe={ACCESS_TOKEN:"access_token",XMS_CC:"xms_cc"},D={LOGIN:"login",SELECT_ACCOUNT:"select_account",CONSENT:"consent",NONE:"none",CREATE:"create",NO_SESSION:"no_session"},Fn={PLAIN:"plain",S256:"S256"},Ve={QUERY:"query",FRAGMENT:"fragment"},ci={...Ve},To={AUTHORIZATION_CODE_GRANT:"authorization_code",REFRESH_TOKEN_GRANT:"refresh_token"},Ze={MSSTS_ACCOUNT_TYPE:"MSSTS",ADFS_ACCOUNT_TYPE:"ADFS",GENERIC_ACCOUNT_TYPE:"Generic"},B={CACHE_KEY_SEPARATOR:"-",CLIENT_INFO_SEPARATOR:"."},A={ID_TOKEN:"IdToken",ACCESS_TOKEN:"AccessToken",ACCESS_TOKEN_WITH_AUTH_SCHEME:"AccessToken_With_AuthScheme",REFRESH_TOKEN:"RefreshToken"},Yt="appmetadata",hi="client_info",Ge="1",it={CACHE_KEY:"authority-metadata",REFRESH_TIME_SECONDS:3600*24},$={CONFIG:"config",CACHE:"cache",NETWORK:"network",HARDCODED_VALUES:"hardcoded_values"},K={SCHEMA_VERSION:5,MAX_LAST_HEADER_BYTES:330,MAX_CACHED_ERRORS:50,CACHE_KEY:"server-telemetry",CATEGORY_SEPARATOR:"|",VALUE_SEPARATOR:",",OVERFLOW_TRUE:"1",OVERFLOW_FALSE:"0",UNKNOWN_ERROR:"unknown_error"},k={BEARER:"Bearer",POP:"pop",SSH:"ssh-cert"},qe={DEFAULT_THROTTLE_TIME_SECONDS:60,DEFAULT_MAX_THROTTLE_TIME_SECONDS:3600,THROTTLING_PREFIX:"throttling",X_MS_LIB_CAPABILITY_VALUE:"retry-after, h429"},Gn={INVALID_GRANT_ERROR:"invalid_grant",CLIENT_MISMATCH_ERROR:"client_mismatch"},qn={username:"username",password:"password"},et={httpSuccess:200,httpBadRequest:400},ve={FAILED_AUTO_DETECTION:"1",INTERNAL_CACHE:"2",ENVIRONMENT_VARIABLE:"3",IMDS:"4"},kt={CONFIGURED_NO_AUTO_DETECTION:"2",AUTO_DETECTION_REQUESTED_SUCCESSFUL:"4",AUTO_DETECTION_REQUESTED_FAILED:"5"},ge={NOT_APPLICABLE:"0",FORCE_REFRESH_OR_CLAIMS:"1",NO_CACHED_ACCESS_TOKEN:"2",CACHED_ACCESS_TOKEN_EXPIRED:"3",PROACTIVELY_REFRESHED:"4"},li={Pop:"pop"},di=300;/*! @azure/msal-common v14.16.1 2025-08-05 */const Wt="unexpected_error",ui="post_request_failed";/*! @azure/msal-common v14.16.1 2025-08-05 */const $n={[Wt]:"Unexpected error in authentication.",[ui]:"Post request failed from the network, could be a 4xx/5xx or a network unavailability. Please check the exact error code for details."};class O extends Error{constructor(e,t,n){const o=t?`${e}: ${t}`:e;super(o),Object.setPrototypeOf(this,O.prototype),this.errorCode=e||u.EMPTY_STRING,this.errorMessage=t||u.EMPTY_STRING,this.subError=n||u.EMPTY_STRING,this.name="AuthError"}setCorrelationId(e){this.correlationId=e}}function Io(a,e){return new O(a,e?`${$n[a]} ${e}`:$n[a])}/*! @azure/msal-common v14.16.1 2025-08-05 */const jt="client_info_decoding_error",Ao="client_info_empty_error",Jt="token_parsing_error",Eo="null_or_empty_token",ce="endpoints_resolution_error",So="network_error",vo="openid_config_error",wo="hash_not_deserialized",Ue="invalid_state",_o="state_mismatch",at="state_not_found",ko="nonce_mismatch",Xt="auth_time_not_found",Ro="max_age_transpired",gi="multiple_matching_tokens",mi="multiple_matching_accounts",bo="multiple_matching_appMetadata",Oo="request_cannot_be_made",No="cannot_remove_empty_scope",Po="cannot_append_scopeset",Pt="empty_input_scopeset",pi="device_code_polling_cancelled",fi="device_code_expired",Ci="device_code_unknown_error",Zt="no_account_in_silent_request",Mo="invalid_cache_record",en="invalid_cache_environment",Mt="no_account_found",Ut="no_crypto_object",Lt="unexpected_credential_type",yi="invalid_assertion",Ti="invalid_client_credential",he="token_refresh_required",Ii="user_timeout_reached",Uo="token_claims_cnf_required_for_signedjwt",Lo="authorization_code_missing_from_server_response",Ai="binding_key_not_removed",Ho="end_session_endpoint_not_supported",tn="key_id_missing",Ei="no_network_connectivity",Si="user_canceled",vi="missing_tenant_id_error",S="method_not_implemented",wi="nested_app_auth_bridge_disabled";/*! @azure/msal-common v14.16.1 2025-08-05 */const zn={[jt]:"The client info could not be parsed/decoded correctly",[Ao]:"The client info was empty",[Jt]:"Token cannot be parsed",[Eo]:"The token is null or empty",[ce]:"Endpoints cannot be resolved",[So]:"Network request failed",[vo]:"Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints.",[wo]:"The hash parameters could not be deserialized",[Ue]:"State was not the expected format",[_o]:"State mismatch error",[at]:"State not found",[ko]:"Nonce mismatch error",[Xt]:"Max Age was requested and the ID token is missing the auth_time variable. auth_time is an optional claim and is not enabled by default - it must be enabled. See https://aka.ms/msaljs/optional-claims for more information.",[Ro]:"Max Age is set to 0, or too much time has elapsed since the last end-user authentication.",[gi]:"The cache contains multiple tokens satisfying the requirements. Call AcquireToken again providing more requirements such as authority or account.",[mi]:"The cache contains multiple accounts satisfying the given parameters. Please pass more info to obtain the correct account",[bo]:"The cache contains multiple appMetadata satisfying the given parameters. Please pass more info to obtain the correct appMetadata",[Oo]:"Token request cannot be made without authorization code or refresh token.",[No]:"Cannot remove null or empty scope from ScopeSet",[Po]:"Cannot append ScopeSet",[Pt]:"Empty input ScopeSet cannot be processed",[pi]:"Caller has cancelled token endpoint polling during device code flow by setting DeviceCodeRequest.cancel = true.",[fi]:"Device code is expired.",[Ci]:"Device code stopped polling for unknown reasons.",[Zt]:"Please pass an account object, silent flow is not supported without account information",[Mo]:"Cache record object was null or undefined.",[en]:"Invalid environment when attempting to create cache entry",[Mt]:"No account found in cache for given key.",[Ut]:"No crypto object detected.",[Lt]:"Unexpected credential type.",[yi]:"Client assertion must meet requirements described in https://tools.ietf.org/html/rfc7515",[Ti]:"Client credential (secret, certificate, or assertion) must not be empty when creating a confidential client. An application should at most have one credential",[he]:"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.",[Ii]:"User defined timeout for device code polling reached",[Uo]:"Cannot generate a POP jwt if the token_claims are not populated",[Lo]:"Server response does not contain an authorization code to proceed",[Ai]:"Could not remove the credential's binding key from storage.",[Ho]:"The provided authority does not support logout",[tn]:"A keyId value is missing from the requested bound token's cache record and is required to match the token to it's stored binding key.",[Ei]:"No network connectivity. Check your internet connection.",[Si]:"User cancelled the flow.",[vi]:"A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.",[S]:"This method has not been implemented",[wi]:"The nested app auth bridge is disabled"};class pt extends O{constructor(e,t){super(e,t?`${zn[e]}: ${t}`:zn[e]),this.name="ClientAuthError",Object.setPrototypeOf(this,pt.prototype)}}function m(a,e){return new pt(a,e)}/*! @azure/msal-common v14.16.1 2025-08-05 */const st={createNewGuid:()=>{throw m(S)},base64Decode:()=>{throw m(S)},base64Encode:()=>{throw m(S)},base64UrlEncode:()=>{throw m(S)},encodeKid:()=>{throw m(S)},async getPublicKeyThumbprint(){throw m(S)},async removeTokenBindingKey(){throw m(S)},async clearKeystore(){throw m(S)},async signJwt(){throw m(S)},async hashString(){throw m(S)}};/*! @azure/msal-common v14.16.1 2025-08-05 */var N;(function(a){a[a.Error=0]="Error",a[a.Warning=1]="Warning",a[a.Info=2]="Info",a[a.Verbose=3]="Verbose",a[a.Trace=4]="Trace"})(N||(N={}));class pe{constructor(e,t,n){this.level=N.Info;const o=()=>{},r=e||pe.createDefaultLoggerOptions();this.localCallback=r.loggerCallback||o,this.piiLoggingEnabled=r.piiLoggingEnabled||!1,this.level=typeof r.logLevel=="number"?r.logLevel:N.Info,this.correlationId=r.correlationId||u.EMPTY_STRING,this.packageName=t||u.EMPTY_STRING,this.packageVersion=n||u.EMPTY_STRING}static createDefaultLoggerOptions(){return{loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:N.Info}}clone(e,t,n){return new pe({loggerCallback:this.localCallback,piiLoggingEnabled:this.piiLoggingEnabled,logLevel:this.level,correlationId:n||this.correlationId},e,t)}logMessage(e,t){if(t.logLevel>this.level||!this.piiLoggingEnabled&&t.containsPii)return;const r=`${`[${new Date().toUTCString()}] : [${t.correlationId||this.correlationId||""}]`} : ${this.packageName}@${this.packageVersion} : ${N[t.logLevel]} - ${e}`;this.executeCallback(t.logLevel,r,t.containsPii||!1)}executeCallback(e,t,n){this.localCallback&&this.localCallback(e,t,n)}error(e,t){this.logMessage(e,{logLevel:N.Error,containsPii:!1,correlationId:t||u.EMPTY_STRING})}errorPii(e,t){this.logMessage(e,{logLevel:N.Error,containsPii:!0,correlationId:t||u.EMPTY_STRING})}warning(e,t){this.logMessage(e,{logLevel:N.Warning,containsPii:!1,correlationId:t||u.EMPTY_STRING})}warningPii(e,t){this.logMessage(e,{logLevel:N.Warning,containsPii:!0,correlationId:t||u.EMPTY_STRING})}info(e,t){this.logMessage(e,{logLevel:N.Info,containsPii:!1,correlationId:t||u.EMPTY_STRING})}infoPii(e,t){this.logMessage(e,{logLevel:N.Info,containsPii:!0,correlationId:t||u.EMPTY_STRING})}verbose(e,t){this.logMessage(e,{logLevel:N.Verbose,containsPii:!1,correlationId:t||u.EMPTY_STRING})}verbosePii(e,t){this.logMessage(e,{logLevel:N.Verbose,containsPii:!0,correlationId:t||u.EMPTY_STRING})}trace(e,t){this.logMessage(e,{logLevel:N.Trace,containsPii:!1,correlationId:t||u.EMPTY_STRING})}tracePii(e,t){this.logMessage(e,{logLevel:N.Trace,containsPii:!0,correlationId:t||u.EMPTY_STRING})}isPiiLoggingEnabled(){return this.piiLoggingEnabled||!1}}/*! @azure/msal-common v14.16.1 2025-08-05 */const Do="@azure/msal-common",nn="14.16.1";/*! @azure/msal-common v14.16.1 2025-08-05 */const on={None:"none"};/*! @azure/msal-common v14.16.1 2025-08-05 */function Ee(a,e){const t=_i(a);try{const n=e(t);return JSON.parse(n)}catch{throw m(Jt)}}function _i(a){if(!a)throw m(Eo);const t=/^([^\.\s]*)\.([^\.\s]+)\.([^\.\s]*)$/.exec(a);if(!t||t.length<4)throw m(Jt);return t[2]}function Ko(a,e){if(e===0||Date.now()-3e5>a+e)throw m(Ro)}/*! @azure/msal-common v14.16.1 2025-08-05 */function ie(){return Math.round(new Date().getTime()/1e3)}function Ht(a,e){const t=Number(a)||0;return ie()+e>t}function ki(a){return Number(a)>ie()}/*! @azure/msal-common v14.16.1 2025-08-05 */function be(a){return[Ri(a),bi(a),Oi(a),Ni(a),Pi(a)].join(B.CACHE_KEY_SEPARATOR).toLowerCase()}function ft(a,e,t,n,o){return{credentialType:A.ID_TOKEN,homeAccountId:a,environment:e,clientId:n,secret:t,realm:o}}function Ct(a,e,t,n,o,r,i,s,c,h,d,g,f,T,E){var M,G;const v={homeAccountId:a,credentialType:A.ACCESS_TOKEN,secret:t,cachedAt:ie().toString(),expiresOn:i.toString(),extendedExpiresOn:s.toString(),environment:e,clientId:n,realm:o,target:r,tokenType:d||k.BEARER};if(g&&(v.userAssertionHash=g),h&&(v.refreshOn=h.toString()),T&&(v.requestedClaims=T,v.requestedClaimsHash=E),((M=v.tokenType)==null?void 0:M.toLowerCase())!==k.BEARER.toLowerCase())switch(v.credentialType=A.ACCESS_TOKEN_WITH_AUTH_SCHEME,v.tokenType){case k.POP:const L=Ee(t,c);if(!((G=L==null?void 0:L.cnf)!=null&&G.kid))throw m(Uo);v.keyId=L.cnf.kid;break;case k.SSH:v.keyId=f}return v}function xo(a,e,t,n,o,r,i){const s={credentialType:A.REFRESH_TOKEN,homeAccountId:a,environment:e,clientId:n,secret:t};return r&&(s.userAssertionHash=r),o&&(s.familyId=o),i&&(s.expiresOn=i.toString()),s}function rn(a){return a.hasOwnProperty("homeAccountId")&&a.hasOwnProperty("environment")&&a.hasOwnProperty("credentialType")&&a.hasOwnProperty("clientId")&&a.hasOwnProperty("secret")}function Vn(a){return a?rn(a)&&a.hasOwnProperty("realm")&&a.hasOwnProperty("target")&&(a.credentialType===A.ACCESS_TOKEN||a.credentialType===A.ACCESS_TOKEN_WITH_AUTH_SCHEME):!1}function Qn(a){return a?rn(a)&&a.hasOwnProperty("realm")&&a.credentialType===A.ID_TOKEN:!1}function Yn(a){return a?rn(a)&&a.credentialType===A.REFRESH_TOKEN:!1}function Ri(a){return[a.homeAccountId,a.environment].join(B.CACHE_KEY_SEPARATOR).toLowerCase()}function bi(a){const e=a.credentialType===A.REFRESH_TOKEN&&a.familyId||a.clientId;return[a.credentialType,e,a.realm||""].join(B.CACHE_KEY_SEPARATOR).toLowerCase()}function Oi(a){return(a.target||"").toLowerCase()}function Ni(a){return(a.requestedClaimsHash||"").toLowerCase()}function Pi(a){return a.tokenType&&a.tokenType.toLowerCase()!==k.BEARER.toLowerCase()?a.tokenType.toLowerCase():""}function Mi(a,e){const t=a.indexOf(K.CACHE_KEY)===0;let n=!0;return e&&(n=e.hasOwnProperty("failedRequests")&&e.hasOwnProperty("errors")&&e.hasOwnProperty("cacheHits")),t&&n}function Ui(a,e){let t=!1;a&&(t=a.indexOf(qe.THROTTLING_PREFIX)===0);let n=!0;return e&&(n=e.hasOwnProperty("throttleTime")),t&&n}function Li({environment:a,clientId:e}){return[Yt,a,e].join(B.CACHE_KEY_SEPARATOR).toLowerCase()}function Hi(a,e){return e?a.indexOf(Yt)===0&&e.hasOwnProperty("clientId")&&e.hasOwnProperty("environment"):!1}function Di(a,e){return e?a.indexOf(it.CACHE_KEY)===0&&e.hasOwnProperty("aliases")&&e.hasOwnProperty("preferred_cache")&&e.hasOwnProperty("preferred_network")&&e.hasOwnProperty("canonical_authority")&&e.hasOwnProperty("authorization_endpoint")&&e.hasOwnProperty("token_endpoint")&&e.hasOwnProperty("issuer")&&e.hasOwnProperty("aliasesFromNetwork")&&e.hasOwnProperty("endpointsFromNetwork")&&e.hasOwnProperty("expiresAt")&&e.hasOwnProperty("jwks_uri"):!1}function Wn(){return ie()+it.REFRESH_TIME_SECONDS}function tt(a,e,t){a.authorization_endpoint=e.authorization_endpoint,a.token_endpoint=e.token_endpoint,a.end_session_endpoint=e.end_session_endpoint,a.issuer=e.issuer,a.endpointsFromNetwork=t,a.jwks_uri=e.jwks_uri}function Rt(a,e,t){a.aliases=e.aliases,a.preferred_cache=e.preferred_cache,a.preferred_network=e.preferred_network,a.aliasesFromNetwork=t}function jn(a){return a.expiresAt<=ie()}/*! @azure/msal-common v14.16.1 2025-08-05 */const Bo="redirect_uri_empty",Ki="claims_request_parsing_error",Fo="authority_uri_insecure",Fe="url_parse_error",Go="empty_url_error",qo="empty_input_scopes_error",$o="invalid_prompt_value",an="invalid_claims",zo="token_request_empty",Vo="logout_request_empty",Qo="invalid_code_challenge_method",sn="pkce_params_missing",cn="invalid_cloud_discovery_metadata",Yo="invalid_authority_metadata",Wo="untrusted_authority",yt="missing_ssh_jwk",jo="missing_ssh_kid",xi="missing_nonce_authentication_header",Bi="invalid_authentication_header",Jo="cannot_set_OIDCOptions",Xo="cannot_allow_native_broker",Zo="authority_mismatch";/*! @azure/msal-common v14.16.1 2025-08-05 */const Fi={[Bo]:"A redirect URI is required for all calls, and none has been set.",[Ki]:"Could not parse the given claims request object.",[Fo]:"Authority URIs must use https. Please see here for valid authority configuration options: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-initializing-client-applications#configuration-options",[Fe]:"URL could not be parsed into appropriate segments.",[Go]:"URL was empty or null.",[qo]:"Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token.",[$o]:"Please see here for valid configuration options: https://azuread.github.io/microsoft-authentication-library-for-js/ref/modules/_azure_msal_common.html#commonauthorizationurlrequest",[an]:"Given claims parameter must be a stringified JSON object.",[zo]:"Token request was empty and not found in cache.",[Vo]:"The logout request was null or undefined.",[Qo]:'code_challenge_method passed is invalid. Valid values are "plain" and "S256".',[sn]:"Both params: code_challenge and code_challenge_method are to be passed if to be sent in the request",[cn]:"Invalid cloudDiscoveryMetadata provided. Must be a stringified JSON object containing tenant_discovery_endpoint and metadata fields",[Yo]:"Invalid authorityMetadata provided. Must by a stringified JSON object containing authorization_endpoint, token_endpoint, issuer fields.",[Wo]:"The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter.",[yt]:"Missing sshJwk in SSH certificate request. A stringified JSON Web Key is required when using the SSH authentication scheme.",[jo]:"Missing sshKid in SSH certificate request. A string that uniquely identifies the public SSH key is required when using the SSH authentication scheme.",[xi]:"Unable to find an authentication header containing server nonce. Either the Authentication-Info or WWW-Authenticate headers must be present in order to obtain a server nonce.",[Bi]:"Invalid authentication header provided",[Jo]:"Cannot set OIDCOptions parameter. Please change the protocol mode to OIDC or use a non-Microsoft authority.",[Xo]:"Cannot set allowNativeBroker parameter to true when not in AAD protocol mode.",[Zo]:"Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority."};class hn extends O{constructor(e){super(e,Fi[e]),this.name="ClientConfigurationError",Object.setPrototypeOf(this,hn.prototype)}}function R(a){return new hn(a)}/*! @azure/msal-common v14.16.1 2025-08-05 */class J{static isEmptyObj(e){if(e)try{const t=JSON.parse(e);return Object.keys(t).length===0}catch{}return!0}static startsWith(e,t){return e.indexOf(t)===0}static endsWith(e,t){return e.length>=t.length&&e.lastIndexOf(t)===e.length-t.length}static queryStringToObject(e){const t={},n=e.split("&"),o=r=>decodeURIComponent(r.replace(/\+/g," "));return n.forEach(r=>{if(r.trim()){const[i,s]=r.split(/=(.+)/g,2);i&&s&&(t[o(i)]=o(s))}}),t}static trimArrayEntries(e){return e.map(t=>t.trim())}static removeEmptyStringsFromArray(e){return e.filter(t=>!!t)}static jsonParseHelper(e){try{return JSON.parse(e)}catch{return null}}static matchPattern(e,t){return new RegExp(e.replace(/\\/g,"\\\\").replace(/\*/g,"[^ ]*").replace(/\?/g,"\\?")).test(t)}}/*! @azure/msal-common v14.16.1 2025-08-05 */class P{constructor(e){const t=e?J.trimArrayEntries([...e]):[],n=t?J.removeEmptyStringsFromArray(t):[];this.validateInputScopes(n),this.scopes=new Set,n.forEach(o=>this.scopes.add(o))}static fromString(e){const n=(e||u.EMPTY_STRING).split(" ");return new P(n)}static createSearchScopes(e){const t=new P(e);return t.containsOnlyOIDCScopes()?t.removeScope(u.OFFLINE_ACCESS_SCOPE):t.removeOIDCScopes(),t}validateInputScopes(e){if(!e||e.length<1)throw R(qo)}containsScope(e){const t=this.printScopesLowerCase().split(" "),n=new P(t);return e?n.scopes.has(e.toLowerCase()):!1}containsScopeSet(e){return!e||e.scopes.size<=0?!1:this.scopes.size>=e.scopes.size&&e.asArray().every(t=>this.containsScope(t))}containsOnlyOIDCScopes(){let e=0;return Bn.forEach(t=>{this.containsScope(t)&&(e+=1)}),this.scopes.size===e}appendScope(e){e&&this.scopes.add(e.trim())}appendScopes(e){try{e.forEach(t=>this.appendScope(t))}catch{throw m(Po)}}removeScope(e){if(!e)throw m(No);this.scopes.delete(e.trim())}removeOIDCScopes(){Bn.forEach(e=>{this.scopes.delete(e)})}unionScopeSets(e){if(!e)throw m(Pt);const t=new Set;return e.scopes.forEach(n=>t.add(n.toLowerCase())),this.scopes.forEach(n=>t.add(n.toLowerCase())),t}intersectingScopeSets(e){if(!e)throw m(Pt);e.containsOnlyOIDCScopes()||e.removeOIDCScopes();const t=this.unionScopeSets(e),n=e.getScopeCount(),o=this.getScopeCount();return t.size<o+n}getScopeCount(){return this.scopes.size}asArray(){const e=[];return this.scopes.forEach(t=>e.push(t)),e}printScopes(){return this.scopes?this.asArray().join(" "):u.EMPTY_STRING}printScopesLowerCase(){return this.printScopes().toLowerCase()}}/*! @azure/msal-common v14.16.1 2025-08-05 */function ct(a,e){if(!a)throw m(Ao);try{const t=e(a);return JSON.parse(t)}catch{throw m(jt)}}function Oe(a){if(!a)throw m(jt);const e=a.split(B.CLIENT_INFO_SEPARATOR,2);return{uid:e[0],utid:e.length<2?u.EMPTY_STRING:e[1]}}/*! @azure/msal-common v14.16.1 2025-08-05 */function ht(a,e){return!!a&&!!e&&a===e.split(".")[1]}function ln(a,e,t,n){if(n){const{oid:o,sub:r,tid:i,name:s,tfp:c,acr:h}=n,d=i||c||h||"";return{tenantId:d,localAccountId:o||r||"",name:s,isHomeTenant:ht(d,a)}}else return{tenantId:t,localAccountId:e,isHomeTenant:ht(t,a)}}function dn(a,e,t,n){let o=a;if(e){const{isHomeTenant:r,...i}=e;o={...a,...i}}if(t){const{isHomeTenant:r,...i}=ln(a.homeAccountId,a.localAccountId,a.tenantId,t);return o={...o,...i,idTokenClaims:t,idToken:n},o}return o}/*! @azure/msal-common v14.16.1 2025-08-05 */const j={Default:0,Adfs:1,Dsts:2,Ciam:3};/*! @azure/msal-common v14.16.1 2025-08-05 */function er(a){return a&&(a.tid||a.tfp||a.acr)||null}/*! @azure/msal-common v14.16.1 2025-08-05 */const de={AAD:"AAD",OIDC:"OIDC"};/*! @azure/msal-common v14.16.1 2025-08-05 */class U{generateAccountId(){return[this.homeAccountId,this.environment].join(B.CACHE_KEY_SEPARATOR).toLowerCase()}generateAccountKey(){return U.generateAccountCacheKey({homeAccountId:this.homeAccountId,environment:this.environment,tenantId:this.realm,username:this.username,localAccountId:this.localAccountId})}getAccountInfo(){return{homeAccountId:this.homeAccountId,environment:this.environment,tenantId:this.realm,username:this.username,localAccountId:this.localAccountId,name:this.name,nativeAccountId:this.nativeAccountId,authorityType:this.authorityType,tenantProfiles:new Map((this.tenantProfiles||[]).map(e=>[e.tenantId,e]))}}isSingleTenant(){return!this.tenantProfiles}static generateAccountCacheKey(e){const t=e.homeAccountId.split(".")[1];return[e.homeAccountId,e.environment||"",t||e.tenantId||""].join(B.CACHE_KEY_SEPARATOR).toLowerCase()}static createAccount(e,t,n){var h,d,g,f,T,E;const o=new U;t.authorityType===j.Adfs?o.authorityType=Ze.ADFS_ACCOUNT_TYPE:t.protocolMode===de.AAD?o.authorityType=Ze.MSSTS_ACCOUNT_TYPE:o.authorityType=Ze.GENERIC_ACCOUNT_TYPE;let r;e.clientInfo&&n&&(r=ct(e.clientInfo,n)),o.clientInfo=e.clientInfo,o.homeAccountId=e.homeAccountId,o.nativeAccountId=e.nativeAccountId;const i=e.environment||t&&t.getPreferredCache();if(!i)throw m(en);o.environment=i,o.realm=(r==null?void 0:r.utid)||er(e.idTokenClaims)||"",o.localAccountId=(r==null?void 0:r.uid)||((h=e.idTokenClaims)==null?void 0:h.oid)||((d=e.idTokenClaims)==null?void 0:d.sub)||"";const s=((g=e.idTokenClaims)==null?void 0:g.preferred_username)||((f=e.idTokenClaims)==null?void 0:f.upn),c=(T=e.idTokenClaims)!=null&&T.emails?e.idTokenClaims.emails[0]:null;if(o.username=s||c||"",o.name=((E=e.idTokenClaims)==null?void 0:E.name)||"",o.cloudGraphHostName=e.cloudGraphHostName,o.msGraphHost=e.msGraphHost,e.tenantProfiles)o.tenantProfiles=e.tenantProfiles;else{const v=ln(e.homeAccountId,o.localAccountId,o.realm,e.idTokenClaims);o.tenantProfiles=[v]}return o}static createFromAccountInfo(e,t,n){var r;const o=new U;return o.authorityType=e.authorityType||Ze.GENERIC_ACCOUNT_TYPE,o.homeAccountId=e.homeAccountId,o.localAccountId=e.localAccountId,o.nativeAccountId=e.nativeAccountId,o.realm=e.tenantId,o.environment=e.environment,o.username=e.username,o.name=e.name,o.cloudGraphHostName=t,o.msGraphHost=n,o.tenantProfiles=Array.from(((r=e.tenantProfiles)==null?void 0:r.values())||[]),o}static generateHomeAccountId(e,t,n,o,r){if(!(t===j.Adfs||t===j.Dsts)){if(e)try{const i=ct(e,o.base64Decode);if(i.uid&&i.utid)return`${i.uid}.${i.utid}`}catch{}n.warning("No client info in response")}return(r==null?void 0:r.sub)||""}static isAccountEntity(e){return e?e.hasOwnProperty("homeAccountId")&&e.hasOwnProperty("environment")&&e.hasOwnProperty("realm")&&e.hasOwnProperty("localAccountId")&&e.hasOwnProperty("username")&&e.hasOwnProperty("authorityType"):!1}static accountInfoIsEqual(e,t,n){if(!e||!t)return!1;let o=!0;if(n){const r=e.idTokenClaims||{},i=t.idTokenClaims||{};o=r.iat===i.iat&&r.nonce===i.nonce}return e.homeAccountId===t.homeAccountId&&e.localAccountId===t.localAccountId&&e.username===t.username&&e.tenantId===t.tenantId&&e.environment===t.environment&&e.nativeAccountId===t.nativeAccountId&&o}}/*! @azure/msal-common v14.16.1 2025-08-05 */function tr(a){return a.startsWith("#/")?a.substring(2):a.startsWith("#")||a.startsWith("?")?a.substring(1):a}function lt(a){if(!a||a.indexOf("=")<0)return null;try{const e=tr(a),t=Object.fromEntries(new URLSearchParams(e));if(t.code||t.error||t.error_description||t.state)return t}catch{throw m(wo)}return null}/*! @azure/msal-common v14.16.1 2025-08-05 */class w{get urlString(){return this._urlString}constructor(e){if(this._urlString=e,!this._urlString)throw R(Go);e.includes("#")||(this._urlString=w.canonicalizeUri(e))}static canonicalizeUri(e){if(e){let t=e.toLowerCase();return J.endsWith(t,"?")?t=t.slice(0,-1):J.endsWith(t,"?/")&&(t=t.slice(0,-2)),J.endsWith(t,"/")||(t+="/"),t}return e}validateAsUri(){let e;try{e=this.getUrlComponents()}catch{throw R(Fe)}if(!e.HostNameAndPort||!e.PathSegments)throw R(Fe);if(!e.Protocol||e.Protocol.toLowerCase()!=="https:")throw R(Fo)}static appendQueryString(e,t){return t?e.indexOf("?")<0?`${e}?${t}`:`${e}&${t}`:e}static removeHashFromUrl(e){return w.canonicalizeUri(e.split("#")[0])}replaceTenantPath(e){const t=this.getUrlComponents(),n=t.PathSegments;return e&&n.length!==0&&(n[0]===me.COMMON||n[0]===me.ORGANIZATIONS)&&(n[0]=e),w.constructAuthorityUriFromObject(t)}getUrlComponents(){const e=RegExp("^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?"),t=this.urlString.match(e);if(!t)throw R(Fe);const n={Protocol:t[1],HostNameAndPort:t[4],AbsolutePath:t[5],QueryString:t[7]};let o=n.AbsolutePath.split("/");return o=o.filter(r=>r&&r.length>0),n.PathSegments=o,n.QueryString&&n.QueryString.endsWith("/")&&(n.QueryString=n.QueryString.substring(0,n.QueryString.length-1)),n}static getDomainFromUrl(e){const t=RegExp("^([^:/?#]+://)?([^/?#]*)"),n=e.match(t);if(!n)throw R(Fe);return n[2]}static getAbsoluteUrl(e,t){if(e[0]===u.FORWARD_SLASH){const o=new w(t).getUrlComponents();return o.Protocol+"//"+o.HostNameAndPort+e}return e}static constructAuthorityUriFromObject(e){return new w(e.Protocol+"//"+e.HostNameAndPort+"/"+e.PathSegments.join("/"))}static hashContainsKnownProperties(e){return!!lt(e)}}/*! @azure/msal-common v14.16.1 2025-08-05 */const nr={endpointMetadata:{"login.microsoftonline.com":{token_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.microsoftonline.com/{tenantid}/discovery/v2.0/keys",issuer:"https://login.microsoftonline.com/{tenantid}/v2.0",authorization_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/logout"},"login.chinacloudapi.cn":{token_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.chinacloudapi.cn/{tenantid}/discovery/v2.0/keys",issuer:"https://login.partner.microsoftonline.cn/{tenantid}/v2.0",authorization_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/logout"},"login.microsoftonline.us":{token_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.microsoftonline.us/{tenantid}/discovery/v2.0/keys",issuer:"https://login.microsoftonline.us/{tenantid}/v2.0",authorization_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/logout"}},instanceDiscoveryMetadata:{metadata:[{preferred_network:"login.microsoftonline.com",preferred_cache:"login.windows.net",aliases:["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"]},{preferred_network:"login.partner.microsoftonline.cn",preferred_cache:"login.partner.microsoftonline.cn",aliases:["login.partner.microsoftonline.cn","login.chinacloudapi.cn"]},{preferred_network:"login.microsoftonline.de",preferred_cache:"login.microsoftonline.de",aliases:["login.microsoftonline.de"]},{preferred_network:"login.microsoftonline.us",preferred_cache:"login.microsoftonline.us",aliases:["login.microsoftonline.us","login.usgovcloudapi.net"]},{preferred_network:"login-us.microsoftonline.com",preferred_cache:"login-us.microsoftonline.com",aliases:["login-us.microsoftonline.com"]}]}},Jn=nr.endpointMetadata,un=nr.instanceDiscoveryMetadata,or=new Set;un.metadata.forEach(a=>{a.aliases.forEach(e=>{or.add(e)})});function Gi(a,e){var o;let t;const n=a.canonicalAuthority;if(n){const r=new w(n).getUrlComponents().HostNameAndPort;t=Xn(r,(o=a.cloudDiscoveryMetadata)==null?void 0:o.metadata,$.CONFIG,e)||Xn(r,un.metadata,$.HARDCODED_VALUES,e)||a.knownAuthorities}return t||[]}function Xn(a,e,t,n){if(n==null||n.trace(`getAliasesFromMetadata called with source: ${t}`),a&&e){const o=dt(e,a);if(o)return n==null||n.trace(`getAliasesFromMetadata: found cloud discovery metadata in ${t}, returning aliases`),o.aliases;n==null||n.trace(`getAliasesFromMetadata: did not find cloud discovery metadata in ${t}`)}return null}function qi(a){return dt(un.metadata,a)}function dt(a,e){for(let t=0;t<a.length;t++){const n=a[t];if(n.aliases.includes(e))return n}return null}/*! @azure/msal-common v14.16.1 2025-08-05 */const gn="cache_quota_exceeded",mn="cache_error_unknown";/*! @azure/msal-common v14.16.1 2025-08-05 */const bt={[gn]:"Exceeded cache storage capacity.",[mn]:"Unexpected error occurred when using cache storage."};class Pe extends Error{constructor(e,t){const n=t||(bt[e]?bt[e]:bt[mn]);super(`${e}: ${n}`),Object.setPrototypeOf(this,Pe.prototype),this.name="CacheError",this.errorCode=e,this.errorMessage=n}}function rr(a){return a instanceof Error?a.name==="QuotaExceededError"||a.name==="NS_ERROR_DOM_QUOTA_REACHED"||a.message.includes("exceeded the quota")?new Pe(gn):new Pe(a.name,a.message):new Pe(mn)}/*! @azure/msal-common v14.16.1 2025-08-05 */class Le{constructor(e,t,n,o){this.clientId=e,this.cryptoImpl=t,this.commonLogger=n.clone(Do,nn),this.staticAuthorityOptions=o}getAllAccounts(e,t){return this.buildTenantProfiles(this.getAccountsFilteredBy(t||{},e),e,t)}getAccountInfoFilteredBy(e,t){const n=this.getAllAccounts(t,e);return n.length>1?n.sort(r=>r.idTokenClaims?-1:1)[0]:n.length===1?n[0]:null}getBaseAccountInfo(e,t){const n=this.getAccountsFilteredBy(e,t);return n.length>0?n[0].getAccountInfo():null}buildTenantProfiles(e,t,n){return e.flatMap(o=>this.getTenantProfilesFromAccountEntity(o,t,n==null?void 0:n.tenantId,n))}getTenantedAccountInfoByFilter(e,t,n,o,r){let i=null,s;if(r&&!this.tenantProfileMatchesFilter(n,r))return null;const c=this.getIdToken(e,o,t,n.tenantId);return c&&(s=Ee(c.secret,this.cryptoImpl.base64Decode),!this.idTokenClaimsMatchTenantProfileFilter(s,r))?null:(i=dn(e,n,s,c==null?void 0:c.secret),i)}getTenantProfilesFromAccountEntity(e,t,n,o){const r=e.getAccountInfo();let i=r.tenantProfiles||new Map;const s=this.getTokenKeys();if(n){const h=i.get(n);if(h)i=new Map([[n,h]]);else return[]}const c=[];return i.forEach(h=>{const d=this.getTenantedAccountInfoByFilter(r,s,h,t,o);d&&c.push(d)}),c}tenantProfileMatchesFilter(e,t){return!(t.localAccountId&&!this.matchLocalAccountIdFromTenantProfile(e,t.localAccountId)||t.name&&e.name!==t.name||t.isHomeTenant!==void 0&&e.isHomeTenant!==t.isHomeTenant)}idTokenClaimsMatchTenantProfileFilter(e,t){return!(t&&(t.localAccountId&&!this.matchLocalAccountIdFromTokenClaims(e,t.localAccountId)||t.loginHint&&!this.matchLoginHintFromTokenClaims(e,t.loginHint)||t.username&&!this.matchUsername(e.preferred_username,t.username)||t.name&&!this.matchName(e,t.name)||t.sid&&!this.matchSid(e,t.sid)))}async saveCacheRecord(e,t,n){var o;if(!e)throw m(Mo);try{e.account&&this.setAccount(e.account,t),e.idToken&&(n==null?void 0:n.idToken)!==!1&&this.setIdTokenCredential(e.idToken,t),e.accessToken&&(n==null?void 0:n.accessToken)!==!1&&await this.saveAccessToken(e.accessToken,t),e.refreshToken&&(n==null?void 0:n.refreshToken)!==!1&&this.setRefreshTokenCredential(e.refreshToken,t),e.appMetadata&&this.setAppMetadata(e.appMetadata,t)}catch(r){throw(o=this.commonLogger)==null||o.error("CacheManager.saveCacheRecord: failed"),r instanceof O?r:rr(r)}}async saveAccessToken(e,t){const n={clientId:e.clientId,credentialType:e.credentialType,environment:e.environment,homeAccountId:e.homeAccountId,realm:e.realm,tokenType:e.tokenType,requestedClaimsHash:e.requestedClaimsHash},o=this.getTokenKeys(),r=P.fromString(e.target);o.accessToken.forEach(i=>{if(!this.accessTokenKeyMatchesFilter(i,n,!1))return;const s=this.getAccessTokenCredential(i,t);s&&this.credentialMatchesFilter(s,n)&&P.fromString(s.target).intersectingScopeSets(r)&&this.removeAccessToken(i,t)}),this.setAccessTokenCredential(e,t)}getAccountsFilteredBy(e,t){const n=this.getAccountKeys(),o=[];return n.forEach(r=>{var h;if(!this.isAccountKey(r,e.homeAccountId))return;const i=this.getAccount(r,t,this.commonLogger);if(!i||e.homeAccountId&&!this.matchHomeAccountId(i,e.homeAccountId)||e.username&&!this.matchUsername(i.username,e.username)||e.environment&&!this.matchEnvironment(i,e.environment)||e.realm&&!this.matchRealm(i,e.realm)||e.nativeAccountId&&!this.matchNativeAccountId(i,e.nativeAccountId)||e.authorityType&&!this.matchAuthorityType(i,e.authorityType))return;const s={localAccountId:e==null?void 0:e.localAccountId,name:e==null?void 0:e.name},c=(h=i.tenantProfiles)==null?void 0:h.filter(d=>this.tenantProfileMatchesFilter(d,s));c&&c.length===0||o.push(i)}),o}isAccountKey(e,t,n){return!(e.split(B.CACHE_KEY_SEPARATOR).length<3||t&&!e.toLowerCase().includes(t.toLowerCase())||n&&!e.toLowerCase().includes(n.toLowerCase()))}isCredentialKey(e){if(e.split(B.CACHE_KEY_SEPARATOR).length<6)return!1;const t=e.toLowerCase();if(t.indexOf(A.ID_TOKEN.toLowerCase())===-1&&t.indexOf(A.ACCESS_TOKEN.toLowerCase())===-1&&t.indexOf(A.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase())===-1&&t.indexOf(A.REFRESH_TOKEN.toLowerCase())===-1)return!1;if(t.indexOf(A.REFRESH_TOKEN.toLowerCase())>-1){const n=`${A.REFRESH_TOKEN}${B.CACHE_KEY_SEPARATOR}${this.clientId}${B.CACHE_KEY_SEPARATOR}`,o=`${A.REFRESH_TOKEN}${B.CACHE_KEY_SEPARATOR}${Ge}${B.CACHE_KEY_SEPARATOR}`;if(t.indexOf(n.toLowerCase())===-1&&t.indexOf(o.toLowerCase())===-1)return!1}else if(t.indexOf(this.clientId.toLowerCase())===-1)return!1;return!0}credentialMatchesFilter(e,t){return!(t.clientId&&!this.matchClientId(e,t.clientId)||t.userAssertionHash&&!this.matchUserAssertionHash(e,t.userAssertionHash)||typeof t.homeAccountId=="string"&&!this.matchHomeAccountId(e,t.homeAccountId)||t.environment&&!this.matchEnvironment(e,t.environment)||t.realm&&!this.matchRealm(e,t.realm)||t.credentialType&&!this.matchCredentialType(e,t.credentialType)||t.familyId&&!this.matchFamilyId(e,t.familyId)||t.target&&!this.matchTarget(e,t.target)||(t.requestedClaimsHash||e.requestedClaimsHash)&&e.requestedClaimsHash!==t.requestedClaimsHash||e.credentialType===A.ACCESS_TOKEN_WITH_AUTH_SCHEME&&(t.tokenType&&!this.matchTokenType(e,t.tokenType)||t.tokenType===k.SSH&&t.keyId&&!this.matchKeyId(e,t.keyId)))}getAppMetadataFilteredBy(e){const t=this.getKeys(),n={};return t.forEach(o=>{if(!this.isAppMetadata(o))return;const r=this.getAppMetadata(o);r&&(e.environment&&!this.matchEnvironment(r,e.environment)||e.clientId&&!this.matchClientId(r,e.clientId)||(n[o]=r))}),n}getAuthorityMetadataByAlias(e){const t=this.getAuthorityMetadataKeys();let n=null;return t.forEach(o=>{if(!this.isAuthorityMetadata(o)||o.indexOf(this.clientId)===-1)return;const r=this.getAuthorityMetadata(o);r&&r.aliases.indexOf(e)!==-1&&(n=r)}),n}async removeAllAccounts(e){const t=this.getAccountKeys(),n=[];t.forEach(o=>{n.push(this.removeAccount(o,e))}),await Promise.all(n)}async removeAccount(e,t){const n=this.getAccount(e,t,this.commonLogger);n&&(await this.removeAccountContext(n,t),this.removeItem(e,t))}async removeAccountContext(e,t){const n=this.getTokenKeys(),o=e.generateAccountId();n.idToken.forEach(r=>{r.indexOf(o)===0&&this.removeIdToken(r,t)}),n.accessToken.forEach(r=>{r.indexOf(o)===0&&this.removeAccessToken(r,t)}),n.refreshToken.forEach(r=>{r.indexOf(o)===0&&this.removeRefreshToken(r,t)}),this.getKeys().forEach(r=>{r.includes(o)&&this.removeItem(r,t)})}updateOutdatedCachedAccount(e,t,n,o){var r;if(t&&t.isSingleTenant()){(r=this.commonLogger)==null||r.verbose("updateOutdatedCachedAccount: Found a single-tenant (outdated) account entity in the cache, migrating to multi-tenant account entity");const i=this.getAccountKeys().filter(g=>g.startsWith(t.homeAccountId)),s=[];i.forEach(g=>{const f=this.getCachedAccountEntity(g,n);f&&s.push(f)});const c=s.find(g=>ht(g.realm,g.homeAccountId))||s[0];c.tenantProfiles=s.map(g=>({tenantId:g.realm,localAccountId:g.localAccountId,name:g.name,isHomeTenant:ht(g.realm,g.homeAccountId)}));const h=Le.toObject(new U,{...c}),d=h.generateAccountKey();return i.forEach(g=>{g!==d&&this.removeOutdatedAccount(e,n)}),this.setAccount(h,n),o==null||o.verbose("Updated an outdated account entity in the cache"),h}return t}removeAccessToken(e,t){const n=this.getAccessTokenCredential(e,t);if(this.removeItem(e,t),!n||n.credentialType.toLowerCase()!==A.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()||n.tokenType!==k.POP)return;const o=n.keyId;o&&this.cryptoImpl.removeTokenBindingKey(o).catch(()=>{this.commonLogger.error("Binding key could not be removed")})}removeAppMetadata(e){return this.getKeys().forEach(n=>{this.isAppMetadata(n)&&this.removeItem(n,e)}),!0}readAccountFromCache(e,t){const n=U.generateAccountCacheKey(e);return this.getAccount(n,t,this.commonLogger)}getIdToken(e,t,n,o,r){this.commonLogger.trace("CacheManager - getIdToken called");const i={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:A.ID_TOKEN,clientId:this.clientId,realm:o},s=this.getIdTokensByFilter(i,t,n),c=s.size;if(c<1)return this.commonLogger.info("CacheManager:getIdToken - No token found"),null;if(c>1){let h=s;if(!o){const d=new Map;s.forEach((f,T)=>{f.realm===e.tenantId&&d.set(T,f)});const g=d.size;if(g<1)return this.commonLogger.info("CacheManager:getIdToken - Multiple ID tokens found for account but none match account entity tenant id, returning first result"),s.values().next().value;if(g===1)return this.commonLogger.info("CacheManager:getIdToken - Multiple ID tokens found for account, defaulting to home tenant profile"),d.values().next().value;h=d}return this.commonLogger.info("CacheManager:getIdToken - Multiple matching ID tokens found, clearing them"),h.forEach((d,g)=>{this.removeIdToken(g,t)}),r&&t&&r.addFields({multiMatchedID:s.size},t),null}return this.commonLogger.info("CacheManager:getIdToken - Returning ID token"),s.values().next().value}getIdTokensByFilter(e,t,n){const o=n&&n.idToken||this.getTokenKeys().idToken,r=new Map;return o.forEach(i=>{if(!this.idTokenKeyMatchesFilter(i,{clientId:this.clientId,...e}))return;const s=this.getIdTokenCredential(i,t);s&&this.credentialMatchesFilter(s,e)&&r.set(i,s)}),r}idTokenKeyMatchesFilter(e,t){const n=e.toLowerCase();return!(t.clientId&&n.indexOf(t.clientId.toLowerCase())===-1||t.homeAccountId&&n.indexOf(t.homeAccountId.toLowerCase())===-1)}removeIdToken(e,t){this.removeItem(e,t)}removeRefreshToken(e,t){this.removeItem(e,t)}getAccessToken(e,t,n,o,r){this.commonLogger.trace("CacheManager - getAccessToken called");const i=P.createSearchScopes(t.scopes),s=t.authenticationScheme||k.BEARER,c=s.toLowerCase()!==k.BEARER.toLowerCase()?A.ACCESS_TOKEN_WITH_AUTH_SCHEME:A.ACCESS_TOKEN,h={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:c,clientId:this.clientId,realm:o||e.tenantId,target:i,tokenType:s,keyId:t.sshKid,requestedClaimsHash:t.requestedClaimsHash},d=n&&n.accessToken||this.getTokenKeys().accessToken,g=[];d.forEach(T=>{if(this.accessTokenKeyMatchesFilter(T,h,!0)){const E=this.getAccessTokenCredential(T,t.correlationId);E&&this.credentialMatchesFilter(E,h)&&g.push(E)}});const f=g.length;return f<1?(this.commonLogger.info("CacheManager:getAccessToken - No token found"),null):f>1?(this.commonLogger.info("CacheManager:getAccessToken - Multiple access tokens found, clearing them"),g.forEach(T=>{this.removeAccessToken(be(T),t.correlationId)}),r&&t.correlationId&&r.addFields({multiMatchedAT:g.length},t.correlationId),null):(this.commonLogger.info("CacheManager:getAccessToken - Returning access token"),g[0])}accessTokenKeyMatchesFilter(e,t,n){const o=e.toLowerCase();if(t.clientId&&o.indexOf(t.clientId.toLowerCase())===-1||t.homeAccountId&&o.indexOf(t.homeAccountId.toLowerCase())===-1||t.realm&&o.indexOf(t.realm.toLowerCase())===-1||t.requestedClaimsHash&&o.indexOf(t.requestedClaimsHash.toLowerCase())===-1)return!1;if(t.target){const r=t.target.asArray();for(let i=0;i<r.length;i++){if(n&&!o.includes(r[i].toLowerCase()))return!1;if(!n&&o.includes(r[i].toLowerCase()))return!0}}return!0}getAccessTokensByFilter(e,t){const n=this.getTokenKeys(),o=[];return n.accessToken.forEach(r=>{if(!this.accessTokenKeyMatchesFilter(r,e,!0))return;const i=this.getAccessTokenCredential(r,t);i&&this.credentialMatchesFilter(i,e)&&o.push(i)}),o}getRefreshToken(e,t,n,o,r){this.commonLogger.trace("CacheManager - getRefreshToken called");const i=t?Ge:void 0,s={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:A.REFRESH_TOKEN,clientId:this.clientId,familyId:i},c=o&&o.refreshToken||this.getTokenKeys().refreshToken,h=[];c.forEach(g=>{if(this.refreshTokenKeyMatchesFilter(g,s)){const f=this.getRefreshTokenCredential(g,n);f&&this.credentialMatchesFilter(f,s)&&h.push(f)}});const d=h.length;return d<1?(this.commonLogger.info("CacheManager:getRefreshToken - No refresh token found."),null):(d>1&&r&&n&&r.addFields({multiMatchedRT:d},n),this.commonLogger.info("CacheManager:getRefreshToken - returning refresh token"),h[0])}refreshTokenKeyMatchesFilter(e,t){const n=e.toLowerCase();return!(t.familyId&&n.indexOf(t.familyId.toLowerCase())===-1||!t.familyId&&t.clientId&&n.indexOf(t.clientId.toLowerCase())===-1||t.homeAccountId&&n.indexOf(t.homeAccountId.toLowerCase())===-1)}readAppMetadataFromCache(e){const t={environment:e,clientId:this.clientId},n=this.getAppMetadataFilteredBy(t),o=Object.keys(n).map(i=>n[i]),r=o.length;if(r<1)return null;if(r>1)throw m(bo);return o[0]}isAppMetadataFOCI(e){const t=this.readAppMetadataFromCache(e);return!!(t&&t.familyId===Ge)}matchHomeAccountId(e,t){return typeof e.homeAccountId=="string"&&t===e.homeAccountId}matchLocalAccountIdFromTokenClaims(e,t){const n=e.oid||e.sub;return t===n}matchLocalAccountIdFromTenantProfile(e,t){return e.localAccountId===t}matchName(e,t){var n;return t.toLowerCase()===((n=e.name)==null?void 0:n.toLowerCase())}matchUsername(e,t){return!!(e&&typeof e=="string"&&(t==null?void 0:t.toLowerCase())===e.toLowerCase())}matchUserAssertionHash(e,t){return!!(e.userAssertionHash&&t===e.userAssertionHash)}matchEnvironment(e,t){if(this.staticAuthorityOptions){const o=Gi(this.staticAuthorityOptions,this.commonLogger);if(o.includes(t)&&o.includes(e.environment))return!0}const n=this.getAuthorityMetadataByAlias(t);return!!(n&&n.aliases.indexOf(e.environment)>-1)}matchCredentialType(e,t){return e.credentialType&&t.toLowerCase()===e.credentialType.toLowerCase()}matchClientId(e,t){return!!(e.clientId&&t===e.clientId)}matchFamilyId(e,t){return!!(e.familyId&&t===e.familyId)}matchRealm(e,t){var n;return((n=e.realm)==null?void 0:n.toLowerCase())===t.toLowerCase()}matchNativeAccountId(e,t){return!!(e.nativeAccountId&&t===e.nativeAccountId)}matchLoginHintFromTokenClaims(e,t){return e.login_hint===t||e.preferred_username===t||e.upn===t}matchSid(e,t){return e.sid===t}matchAuthorityType(e,t){return!!(e.authorityType&&t.toLowerCase()===e.authorityType.toLowerCase())}matchTarget(e,t){return e.credentialType!==A.ACCESS_TOKEN&&e.credentialType!==A.ACCESS_TOKEN_WITH_AUTH_SCHEME||!e.target?!1:P.fromString(e.target).containsScopeSet(t)}matchTokenType(e,t){return!!(e.tokenType&&e.tokenType===t)}matchKeyId(e,t){return!!(e.keyId&&e.keyId===t)}isAppMetadata(e){return e.indexOf(Yt)!==-1}isAuthorityMetadata(e){return e.indexOf(it.CACHE_KEY)!==-1}generateAuthorityMetadataCacheKey(e){return`${it.CACHE_KEY}-${this.clientId}-${e}`}static toObject(e,t){for(const n in t)e[n]=t[n];return e}}class $i extends Le{setAccount(){throw m(S)}getAccount(){throw m(S)}getCachedAccountEntity(){throw m(S)}setIdTokenCredential(){throw m(S)}getIdTokenCredential(){throw m(S)}setAccessTokenCredential(){throw m(S)}getAccessTokenCredential(){throw m(S)}setRefreshTokenCredential(){throw m(S)}getRefreshTokenCredential(){throw m(S)}setAppMetadata(){throw m(S)}getAppMetadata(){throw m(S)}setServerTelemetry(){throw m(S)}getServerTelemetry(){throw m(S)}setAuthorityMetadata(){throw m(S)}getAuthorityMetadata(){throw m(S)}getAuthorityMetadataKeys(){throw m(S)}setThrottlingCache(){throw m(S)}getThrottlingCache(){throw m(S)}removeItem(){throw m(S)}getKeys(){throw m(S)}getAccountKeys(){throw m(S)}getTokenKeys(){throw m(S)}updateCredentialCacheKey(){throw m(S)}removeOutdatedAccount(){throw m(S)}}/*! @azure/msal-common v14.16.1 2025-08-05 */const ir={tokenRenewalOffsetSeconds:di,preventCorsPreflight:!1},zi={loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:N.Info,correlationId:u.EMPTY_STRING},Vi={claimsBasedCachingEnabled:!1},Qi={async sendGetRequestAsync(){throw m(S)},async sendPostRequestAsync(){throw m(S)}},Yi={sku:u.SKU,version:nn,cpu:u.EMPTY_STRING,os:u.EMPTY_STRING},Wi={clientSecret:u.EMPTY_STRING,clientAssertion:void 0},ji={azureCloudInstance:on.None,tenant:`${u.DEFAULT_COMMON_TENANT}`},Ji={application:{appName:"",appVersion:""}};function Xi({authOptions:a,systemOptions:e,loggerOptions:t,cacheOptions:n,storageInterface:o,networkInterface:r,cryptoInterface:i,clientCredentials:s,libraryInfo:c,telemetry:h,serverTelemetryManager:d,persistencePlugin:g,serializableCache:f}){const T={...zi,...t};return{authOptions:Zi(a),systemOptions:{...ir,...e},loggerOptions:T,cacheOptions:{...Vi,...n},storageInterface:o||new $i(a.clientId,st,new pe(T)),networkInterface:r||Qi,cryptoInterface:i||st,clientCredentials:s||Wi,libraryInfo:{...Yi,...c},telemetry:{...Ji,...h},serverTelemetryManager:d||null,persistencePlugin:g||null,serializableCache:f||null}}function Zi(a){return{clientCapabilities:[],azureCloudOptions:ji,skipAuthorityMetadataCache:!1,instanceAware:!1,...a}}function Dt(a){return a.authOptions.authority.options.protocolMode===de.OIDC}/*! @azure/msal-common v14.16.1 2025-08-05 */const Q={HOME_ACCOUNT_ID:"home_account_id",UPN:"UPN"};/*! @azure/msal-common v14.16.1 2025-08-05 */const ye="client_id",ar="redirect_uri",Zn="response_type",ea="response_mode",ta="grant_type",na="claims",oa="scope",ra="refresh_token",ia="state",aa="nonce",sa="prompt",ca="code",ha="code_challenge",la="code_challenge_method",da="code_verifier",ua="client-request-id",ga="x-client-SKU",ma="x-client-VER",pa="x-client-OS",fa="x-client-CPU",Ca="x-client-current-telemetry",ya="x-client-last-telemetry",Ta="x-ms-lib-capability",Ia="x-app-name",Aa="x-app-ver",Ea="post_logout_redirect_uri",Sa="id_token_hint",va="device_code",wa="client_secret",_a="client_assertion",ka="client_assertion_type",eo="token_type",to="req_cnf",Ra="assertion",ba="requested_token_use",no="return_spa_code",Oa="nativebroker",Na="logout_hint",Pa="sid",Ma="login_hint",Ua="domain_hint",La="x-client-xtra-sku",pn="brk_client_id",Kt="brk_redirect_uri";/*! @azure/msal-common v14.16.1 2025-08-05 */class _e{static validateRedirectUri(e){if(!e)throw R(Bo)}static validatePrompt(e){const t=[];for(const n in D)t.push(D[n]);if(t.indexOf(e)<0)throw R($o)}static validateClaims(e){try{JSON.parse(e)}catch{throw R(an)}}static validateCodeChallengeParams(e,t){if(!e||!t)throw R(sn);this.validateCodeChallengeMethod(t)}static validateCodeChallengeMethod(e){if([Fn.PLAIN,Fn.S256].indexOf(e)<0)throw R(Qo)}}/*! @azure/msal-common v14.16.1 2025-08-05 */function Ha(a,e,t){if(!e)return;const n=a.get(ye);n&&a.has(pn)&&(t==null||t.addFields({embeddedClientId:n,embeddedRedirectUri:a.get(ar)},e))}class $e{constructor(e,t){this.parameters=new Map,this.performanceClient=t,this.correlationId=e}addResponseTypeCode(){this.parameters.set(Zn,encodeURIComponent(u.CODE_RESPONSE_TYPE))}addResponseTypeForTokenAndIdToken(){this.parameters.set(Zn,encodeURIComponent(`${u.TOKEN_RESPONSE_TYPE} ${u.ID_TOKEN_RESPONSE_TYPE}`))}addResponseMode(e){this.parameters.set(ea,encodeURIComponent(e||ci.QUERY))}addNativeBroker(){this.parameters.set(Oa,encodeURIComponent("1"))}addScopes(e,t=!0,n=xe){t&&!n.includes("openid")&&!e.includes("openid")&&n.push("openid");const o=t?[...e||[],...n]:e||[],r=new P(o);this.parameters.set(oa,encodeURIComponent(r.printScopes()))}addClientId(e){this.parameters.set(ye,encodeURIComponent(e))}addRedirectUri(e){_e.validateRedirectUri(e),this.parameters.set(ar,encodeURIComponent(e))}addPostLogoutRedirectUri(e){_e.validateRedirectUri(e),this.parameters.set(Ea,encodeURIComponent(e))}addIdTokenHint(e){this.parameters.set(Sa,encodeURIComponent(e))}addDomainHint(e){this.parameters.set(Ua,encodeURIComponent(e))}addLoginHint(e){this.parameters.set(Ma,encodeURIComponent(e))}addCcsUpn(e){this.parameters.set(F.CCS_HEADER,encodeURIComponent(`UPN:${e}`))}addCcsOid(e){this.parameters.set(F.CCS_HEADER,encodeURIComponent(`Oid:${e.uid}@${e.utid}`))}addSid(e){this.parameters.set(Pa,encodeURIComponent(e))}addClaims(e,t){const n=this.addClientCapabilitiesToClaims(e,t);_e.validateClaims(n),this.parameters.set(na,encodeURIComponent(n))}addCorrelationId(e){this.parameters.set(ua,encodeURIComponent(e))}addLibraryInfo(e){this.parameters.set(ga,e.sku),this.parameters.set(ma,e.version),e.os&&this.parameters.set(pa,e.os),e.cpu&&this.parameters.set(fa,e.cpu)}addApplicationTelemetry(e){e!=null&&e.appName&&this.parameters.set(Ia,e.appName),e!=null&&e.appVersion&&this.parameters.set(Aa,e.appVersion)}addPrompt(e){_e.validatePrompt(e),this.parameters.set(`${sa}`,encodeURIComponent(e))}addState(e){e&&this.parameters.set(ia,encodeURIComponent(e))}addNonce(e){this.parameters.set(aa,encodeURIComponent(e))}addCodeChallengeParams(e,t){if(_e.validateCodeChallengeParams(e,t),e&&t)this.parameters.set(ha,encodeURIComponent(e)),this.parameters.set(la,encodeURIComponent(t));else throw R(sn)}addAuthorizationCode(e){this.parameters.set(ca,encodeURIComponent(e))}addDeviceCode(e){this.parameters.set(va,encodeURIComponent(e))}addRefreshToken(e){this.parameters.set(ra,encodeURIComponent(e))}addCodeVerifier(e){this.parameters.set(da,encodeURIComponent(e))}addClientSecret(e){this.parameters.set(wa,encodeURIComponent(e))}addClientAssertion(e){e&&this.parameters.set(_a,encodeURIComponent(e))}addClientAssertionType(e){e&&this.parameters.set(ka,encodeURIComponent(e))}addOboAssertion(e){this.parameters.set(Ra,encodeURIComponent(e))}addRequestTokenUse(e){this.parameters.set(ba,encodeURIComponent(e))}addGrantType(e){this.parameters.set(ta,encodeURIComponent(e))}addClientInfo(){this.parameters.set(hi,"1")}addExtraQueryParameters(e){Object.entries(e).forEach(([t,n])=>{!this.parameters.has(t)&&n&&this.parameters.set(t,n)})}addClientCapabilitiesToClaims(e,t){let n;if(!e)n={};else try{n=JSON.parse(e)}catch{throw R(an)}return t&&t.length>0&&(n.hasOwnProperty(Xe.ACCESS_TOKEN)||(n[Xe.ACCESS_TOKEN]={}),n[Xe.ACCESS_TOKEN][Xe.XMS_CC]={values:t}),JSON.stringify(n)}addUsername(e){this.parameters.set(qn.username,encodeURIComponent(e))}addPassword(e){this.parameters.set(qn.password,encodeURIComponent(e))}addPopToken(e){e&&(this.parameters.set(eo,k.POP),this.parameters.set(to,encodeURIComponent(e)))}addSshJwk(e){e&&(this.parameters.set(eo,k.SSH),this.parameters.set(to,encodeURIComponent(e)))}addServerTelemetry(e){this.parameters.set(Ca,e.generateCurrentRequestHeaderValue()),this.parameters.set(ya,e.generateLastRequestHeaderValue())}addThrottling(){this.parameters.set(Ta,qe.X_MS_LIB_CAPABILITY_VALUE)}addLogoutHint(e){this.parameters.set(Na,encodeURIComponent(e))}addBrokerParameters(e){const t={};t[pn]=e.brokerClientId,t[Kt]=e.brokerRedirectUri,this.addExtraQueryParameters(t)}createQueryString(){const e=new Array;return this.parameters.forEach((t,n)=>{e.push(`${n}=${t}`)}),Ha(this.parameters,this.correlationId,this.performanceClient),e.join("&")}}/*! @azure/msal-common v14.16.1 2025-08-05 */function Da(a){return a.hasOwnProperty("authorization_endpoint")&&a.hasOwnProperty("token_endpoint")&&a.hasOwnProperty("issuer")&&a.hasOwnProperty("jwks_uri")}/*! @azure/msal-common v14.16.1 2025-08-05 */function Ka(a){return a.hasOwnProperty("tenant_discovery_endpoint")&&a.hasOwnProperty("metadata")}/*! @azure/msal-common v14.16.1 2025-08-05 */function xa(a){return a.hasOwnProperty("error")&&a.hasOwnProperty("error_description")}/*! @azure/msal-common v14.16.1 2025-08-05 */const l={AcquireTokenByCode:"acquireTokenByCode",AcquireTokenByRefreshToken:"acquireTokenByRefreshToken",AcquireTokenSilent:"acquireTokenSilent",AcquireTokenSilentAsync:"acquireTokenSilentAsync",AcquireTokenPopup:"acquireTokenPopup",AcquireTokenPreRedirect:"acquireTokenPreRedirect",AcquireTokenRedirect:"acquireTokenRedirect",CryptoOptsGetPublicKeyThumbprint:"cryptoOptsGetPublicKeyThumbprint",CryptoOptsSignJwt:"cryptoOptsSignJwt",SilentCacheClientAcquireToken:"silentCacheClientAcquireToken",SilentIframeClientAcquireToken:"silentIframeClientAcquireToken",AwaitConcurrentIframe:"awaitConcurrentIframe",SilentRefreshClientAcquireToken:"silentRefreshClientAcquireToken",SsoSilent:"ssoSilent",StandardInteractionClientGetDiscoveredAuthority:"standardInteractionClientGetDiscoveredAuthority",FetchAccountIdWithNativeBroker:"fetchAccountIdWithNativeBroker",NativeInteractionClientAcquireToken:"nativeInteractionClientAcquireToken",BaseClientCreateTokenRequestHeaders:"baseClientCreateTokenRequestHeaders",NetworkClientSendPostRequestAsync:"networkClientSendPostRequestAsync",RefreshTokenClientExecutePostToTokenEndpoint:"refreshTokenClientExecutePostToTokenEndpoint",AuthorizationCodeClientExecutePostToTokenEndpoint:"authorizationCodeClientExecutePostToTokenEndpoint",BrokerHandhshake:"brokerHandshake",AcquireTokenByRefreshTokenInBroker:"acquireTokenByRefreshTokenInBroker",AcquireTokenByBroker:"acquireTokenByBroker",RefreshTokenClientExecuteTokenRequest:"refreshTokenClientExecuteTokenRequest",RefreshTokenClientAcquireToken:"refreshTokenClientAcquireToken",RefreshTokenClientAcquireTokenWithCachedRefreshToken:"refreshTokenClientAcquireTokenWithCachedRefreshToken",RefreshTokenClientAcquireTokenByRefreshToken:"refreshTokenClientAcquireTokenByRefreshToken",RefreshTokenClientCreateTokenRequestBody:"refreshTokenClientCreateTokenRequestBody",AcquireTokenFromCache:"acquireTokenFromCache",SilentFlowClientAcquireCachedToken:"silentFlowClientAcquireCachedToken",SilentFlowClientGenerateResultFromCacheRecord:"silentFlowClientGenerateResultFromCacheRecord",AcquireTokenBySilentIframe:"acquireTokenBySilentIframe",InitializeBaseRequest:"initializeBaseRequest",InitializeSilentRequest:"initializeSilentRequest",InitializeClientApplication:"initializeClientApplication",SilentIframeClientTokenHelper:"silentIframeClientTokenHelper",SilentHandlerInitiateAuthRequest:"silentHandlerInitiateAuthRequest",SilentHandlerMonitorIframeForHash:"silentHandlerMonitorIframeForHash",SilentHandlerLoadFrame:"silentHandlerLoadFrame",SilentHandlerLoadFrameSync:"silentHandlerLoadFrameSync",StandardInteractionClientCreateAuthCodeClient:"standardInteractionClientCreateAuthCodeClient",StandardInteractionClientGetClientConfiguration:"standardInteractionClientGetClientConfiguration",StandardInteractionClientInitializeAuthorizationRequest:"standardInteractionClientInitializeAuthorizationRequest",StandardInteractionClientInitializeAuthorizationCodeRequest:"standardInteractionClientInitializeAuthorizationCodeRequest",GetAuthCodeUrl:"getAuthCodeUrl",HandleCodeResponseFromServer:"handleCodeResponseFromServer",HandleCodeResponse:"handleCodeResponse",UpdateTokenEndpointAuthority:"updateTokenEndpointAuthority",AuthClientAcquireToken:"authClientAcquireToken",AuthClientExecuteTokenRequest:"authClientExecuteTokenRequest",AuthClientCreateTokenRequestBody:"authClientCreateTokenRequestBody",AuthClientCreateQueryString:"authClientCreateQueryString",PopTokenGenerateCnf:"popTokenGenerateCnf",PopTokenGenerateKid:"popTokenGenerateKid",HandleServerTokenResponse:"handleServerTokenResponse",DeserializeResponse:"deserializeResponse",AuthorityFactoryCreateDiscoveredInstance:"authorityFactoryCreateDiscoveredInstance",AuthorityResolveEndpointsAsync:"authorityResolveEndpointsAsync",AuthorityResolveEndpointsFromLocalSources:"authorityResolveEndpointsFromLocalSources",AuthorityGetCloudDiscoveryMetadataFromNetwork:"authorityGetCloudDiscoveryMetadataFromNetwork",AuthorityUpdateCloudDiscoveryMetadata:"authorityUpdateCloudDiscoveryMetadata",AuthorityGetEndpointMetadataFromNetwork:"authorityGetEndpointMetadataFromNetwork",AuthorityUpdateEndpointMetadata:"authorityUpdateEndpointMetadata",AuthorityUpdateMetadataWithRegionalInformation:"authorityUpdateMetadataWithRegionalInformation",RegionDiscoveryDetectRegion:"regionDiscoveryDetectRegion",RegionDiscoveryGetRegionFromIMDS:"regionDiscoveryGetRegionFromIMDS",RegionDiscoveryGetCurrentVersion:"regionDiscoveryGetCurrentVersion",AcquireTokenByCodeAsync:"acquireTokenByCodeAsync",GetEndpointMetadataFromNetwork:"getEndpointMetadataFromNetwork",GetCloudDiscoveryMetadataFromNetworkMeasurement:"getCloudDiscoveryMetadataFromNetworkMeasurement",HandleRedirectPromiseMeasurement:"handleRedirectPromise",HandleNativeRedirectPromiseMeasurement:"handleNativeRedirectPromise",UpdateCloudDiscoveryMetadataMeasurement:"updateCloudDiscoveryMetadataMeasurement",UsernamePasswordClientAcquireToken:"usernamePasswordClientAcquireToken",NativeMessageHandlerHandshake:"nativeMessageHandlerHandshake",NativeGenerateAuthResult:"nativeGenerateAuthResult",RemoveHiddenIframe:"removeHiddenIframe",ClearTokensAndKeysWithClaims:"clearTokensAndKeysWithClaims",CacheManagerGetRefreshToken:"cacheManagerGetRefreshToken",GeneratePkceCodes:"generatePkceCodes",GenerateCodeVerifier:"generateCodeVerifier",GenerateCodeChallengeFromVerifier:"generateCodeChallengeFromVerifier",Sha256Digest:"sha256Digest",GetRandomValues:"getRandomValues"},Ba={InProgress:1};/*! @azure/msal-common v14.16.1 2025-08-05 */const Se=(a,e,t,n,o)=>(...r)=>{t.trace(`Executing function ${e}`);const i=n==null?void 0:n.startMeasurement(e,o);if(o){const s=e+"CallCount";n==null||n.incrementFields({[s]:1},o)}try{const s=a(...r);return i==null||i.end({success:!0}),t.trace(`Returning result from ${e}`),s}catch(s){t.trace(`Error occurred in ${e}`);try{t.trace(JSON.stringify(s))}catch{t.trace("Unable to print error message.")}throw i==null||i.end({success:!1},s),s}},p=(a,e,t,n,o)=>(...r)=>{t.trace(`Executing function ${e}`);const i=n==null?void 0:n.startMeasurement(e,o);if(o){const s=e+"CallCount";n==null||n.incrementFields({[s]:1},o)}return n==null||n.setPreQueueTime(e,o),a(...r).then(s=>(t.trace(`Returning result from ${e}`),i==null||i.end({success:!0}),s)).catch(s=>{t.trace(`Error occurred in ${e}`);try{t.trace(JSON.stringify(s))}catch{t.trace("Unable to print error message.")}throw i==null||i.end({success:!1},s),s})};/*! @azure/msal-common v14.16.1 2025-08-05 */class Tt{constructor(e,t,n,o){this.networkInterface=e,this.logger=t,this.performanceClient=n,this.correlationId=o}async detectRegion(e,t){var o;(o=this.performanceClient)==null||o.addQueueMeasurement(l.RegionDiscoveryDetectRegion,this.correlationId);let n=e;if(n)t.region_source=ve.ENVIRONMENT_VARIABLE;else{const r=Tt.IMDS_OPTIONS;try{const i=await p(this.getRegionFromIMDS.bind(this),l.RegionDiscoveryGetRegionFromIMDS,this.logger,this.performanceClient,this.correlationId)(u.IMDS_VERSION,r);if(i.status===et.httpSuccess&&(n=i.body,t.region_source=ve.IMDS),i.status===et.httpBadRequest){const s=await p(this.getCurrentVersion.bind(this),l.RegionDiscoveryGetCurrentVersion,this.logger,this.performanceClient,this.correlationId)(r);if(!s)return t.region_source=ve.FAILED_AUTO_DETECTION,null;const c=await p(this.getRegionFromIMDS.bind(this),l.RegionDiscoveryGetRegionFromIMDS,this.logger,this.performanceClient,this.correlationId)(s,r);c.status===et.httpSuccess&&(n=c.body,t.region_source=ve.IMDS)}}catch{return t.region_source=ve.FAILED_AUTO_DETECTION,null}}return n||(t.region_source=ve.FAILED_AUTO_DETECTION),n||null}async getRegionFromIMDS(e,t){var n;return(n=this.performanceClient)==null||n.addQueueMeasurement(l.RegionDiscoveryGetRegionFromIMDS,this.correlationId),this.networkInterface.sendGetRequestAsync(`${u.IMDS_ENDPOINT}?api-version=${e}&format=text`,t,u.IMDS_TIMEOUT)}async getCurrentVersion(e){var t;(t=this.performanceClient)==null||t.addQueueMeasurement(l.RegionDiscoveryGetCurrentVersion,this.correlationId);try{const n=await this.networkInterface.sendGetRequestAsync(`${u.IMDS_ENDPOINT}?format=json`,e);return n.status===et.httpBadRequest&&n.body&&n.body["newest-versions"]&&n.body["newest-versions"].length>0?n.body["newest-versions"][0]:null}catch{return null}}}Tt.IMDS_OPTIONS={headers:{Metadata:"true"}};/*! @azure/msal-common v14.16.1 2025-08-05 */class x{constructor(e,t,n,o,r,i,s,c){this.canonicalAuthority=e,this._canonicalAuthority.validateAsUri(),this.networkInterface=t,this.cacheManager=n,this.authorityOptions=o,this.regionDiscoveryMetadata={region_used:void 0,region_source:void 0,region_outcome:void 0},this.logger=r,this.performanceClient=s,this.correlationId=i,this.managedIdentity=c||!1,this.regionDiscovery=new Tt(t,this.logger,this.performanceClient,this.correlationId)}getAuthorityType(e){if(e.HostNameAndPort.endsWith(u.CIAM_AUTH_URL))return j.Ciam;const t=e.PathSegments;if(t.length)switch(t[0].toLowerCase()){case u.ADFS:return j.Adfs;case u.DSTS:return j.Dsts}return j.Default}get authorityType(){return this.getAuthorityType(this.canonicalAuthorityUrlComponents)}get protocolMode(){return this.authorityOptions.protocolMode}get options(){return this.authorityOptions}get canonicalAuthority(){return this._canonicalAuthority.urlString}set canonicalAuthority(e){this._canonicalAuthority=new w(e),this._canonicalAuthority.validateAsUri(),this._canonicalAuthorityUrlComponents=null}get canonicalAuthorityUrlComponents(){return this._canonicalAuthorityUrlComponents||(this._canonicalAuthorityUrlComponents=this._canonicalAuthority.getUrlComponents()),this._canonicalAuthorityUrlComponents}get hostnameAndPort(){return this.canonicalAuthorityUrlComponents.HostNameAndPort.toLowerCase()}get tenant(){return this.canonicalAuthorityUrlComponents.PathSegments[0]}get authorizationEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.authorization_endpoint);throw m(ce)}get tokenEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.token_endpoint);throw m(ce)}get deviceCodeEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.token_endpoint.replace("/token","/devicecode"));throw m(ce)}get endSessionEndpoint(){if(this.discoveryComplete()){if(!this.metadata.end_session_endpoint)throw m(Ho);return this.replacePath(this.metadata.end_session_endpoint)}else throw m(ce)}get selfSignedJwtAudience(){if(this.discoveryComplete())return this.replacePath(this.metadata.issuer);throw m(ce)}get jwksUri(){if(this.discoveryComplete())return this.replacePath(this.metadata.jwks_uri);throw m(ce)}canReplaceTenant(e){return e.PathSegments.length===1&&!x.reservedTenantDomains.has(e.PathSegments[0])&&this.getAuthorityType(e)===j.Default&&this.protocolMode===de.AAD}replaceTenant(e){return e.replace(/{tenant}|{tenantid}/g,this.tenant)}replacePath(e){let t=e;const o=new w(this.metadata.canonical_authority).getUrlComponents(),r=o.PathSegments;return this.canonicalAuthorityUrlComponents.PathSegments.forEach((s,c)=>{let h=r[c];if(c===0&&this.canReplaceTenant(o)){const d=new w(this.metadata.authorization_endpoint).getUrlComponents().PathSegments[0];h!==d&&(this.logger.verbose(`Replacing tenant domain name ${h} with id ${d}`),h=d)}s!==h&&(t=t.replace(`/${h}/`,`/${s}/`))}),this.replaceTenant(t)}get defaultOpenIdConfigurationEndpoint(){const e=this.hostnameAndPort;return this.canonicalAuthority.endsWith("v2.0/")||this.authorityType===j.Adfs||this.protocolMode!==de.AAD&&!this.isAliasOfKnownMicrosoftAuthority(e)?`${this.canonicalAuthority}.well-known/openid-configuration`:`${this.canonicalAuthority}v2.0/.well-known/openid-configuration`}discoveryComplete(){return!!this.metadata}async resolveEndpointsAsync(){var o,r;(o=this.performanceClient)==null||o.addQueueMeasurement(l.AuthorityResolveEndpointsAsync,this.correlationId);const e=this.getCurrentMetadataEntity(),t=await p(this.updateCloudDiscoveryMetadata.bind(this),l.AuthorityUpdateCloudDiscoveryMetadata,this.logger,this.performanceClient,this.correlationId)(e);this.canonicalAuthority=this.canonicalAuthority.replace(this.hostnameAndPort,e.preferred_network);const n=await p(this.updateEndpointMetadata.bind(this),l.AuthorityUpdateEndpointMetadata,this.logger,this.performanceClient,this.correlationId)(e);this.updateCachedMetadata(e,t,{source:n}),(r=this.performanceClient)==null||r.addFields({cloudDiscoverySource:t,authorityEndpointSource:n},this.correlationId)}getCurrentMetadataEntity(){let e=this.cacheManager.getAuthorityMetadataByAlias(this.hostnameAndPort);return e||(e={aliases:[],preferred_cache:this.hostnameAndPort,preferred_network:this.hostnameAndPort,canonical_authority:this.canonicalAuthority,authorization_endpoint:"",token_endpoint:"",end_session_endpoint:"",issuer:"",aliasesFromNetwork:!1,endpointsFromNetwork:!1,expiresAt:Wn(),jwks_uri:""}),e}updateCachedMetadata(e,t,n){t!==$.CACHE&&(n==null?void 0:n.source)!==$.CACHE&&(e.expiresAt=Wn(),e.canonical_authority=this.canonicalAuthority);const o=this.cacheManager.generateAuthorityMetadataCacheKey(e.preferred_cache);this.cacheManager.setAuthorityMetadata(o,e),this.metadata=e}async updateEndpointMetadata(e){var o,r,i;(o=this.performanceClient)==null||o.addQueueMeasurement(l.AuthorityUpdateEndpointMetadata,this.correlationId);const t=this.updateEndpointMetadataFromLocalSources(e);if(t){if(t.source===$.HARDCODED_VALUES&&(r=this.authorityOptions.azureRegionConfiguration)!=null&&r.azureRegion&&t.metadata){const s=await p(this.updateMetadataWithRegionalInformation.bind(this),l.AuthorityUpdateMetadataWithRegionalInformation,this.logger,this.performanceClient,this.correlationId)(t.metadata);tt(e,s,!1),e.canonical_authority=this.canonicalAuthority}return t.source}let n=await p(this.getEndpointMetadataFromNetwork.bind(this),l.AuthorityGetEndpointMetadataFromNetwork,this.logger,this.performanceClient,this.correlationId)();if(n)return(i=this.authorityOptions.azureRegionConfiguration)!=null&&i.azureRegion&&(n=await p(this.updateMetadataWithRegionalInformation.bind(this),l.AuthorityUpdateMetadataWithRegionalInformation,this.logger,this.performanceClient,this.correlationId)(n)),tt(e,n,!0),$.NETWORK;throw m(vo,this.defaultOpenIdConfigurationEndpoint)}updateEndpointMetadataFromLocalSources(e){this.logger.verbose("Attempting to get endpoint metadata from authority configuration");const t=this.getEndpointMetadataFromConfig();if(t)return this.logger.verbose("Found endpoint metadata in authority configuration"),tt(e,t,!1),{source:$.CONFIG};if(this.logger.verbose("Did not find endpoint metadata in the config... Attempting to get endpoint metadata from the hardcoded values."),this.authorityOptions.skipAuthorityMetadataCache)this.logger.verbose("Skipping hardcoded metadata cache since skipAuthorityMetadataCache is set to true. Attempting to get endpoint metadata from the network metadata cache.");else{const o=this.getEndpointMetadataFromHardcodedValues();if(o)return tt(e,o,!1),{source:$.HARDCODED_VALUES,metadata:o};this.logger.verbose("Did not find endpoint metadata in hardcoded values... Attempting to get endpoint metadata from the network metadata cache.")}const n=jn(e);return this.isAuthoritySameType(e)&&e.endpointsFromNetwork&&!n?(this.logger.verbose("Found endpoint metadata in the cache."),{source:$.CACHE}):(n&&this.logger.verbose("The metadata entity is expired."),null)}isAuthoritySameType(e){return new w(e.canonical_authority).getUrlComponents().PathSegments.length===this.canonicalAuthorityUrlComponents.PathSegments.length}getEndpointMetadataFromConfig(){if(this.authorityOptions.authorityMetadata)try{return JSON.parse(this.authorityOptions.authorityMetadata)}catch{throw R(Yo)}return null}async getEndpointMetadataFromNetwork(){var n;(n=this.performanceClient)==null||n.addQueueMeasurement(l.AuthorityGetEndpointMetadataFromNetwork,this.correlationId);const e={},t=this.defaultOpenIdConfigurationEndpoint;this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: attempting to retrieve OAuth endpoints from ${t}`);try{const o=await this.networkInterface.sendGetRequestAsync(t,e);return Da(o.body)?o.body:(this.logger.verbose("Authority.getEndpointMetadataFromNetwork: could not parse response as OpenID configuration"),null)}catch(o){return this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: ${o}`),null}}getEndpointMetadataFromHardcodedValues(){return this.hostnameAndPort in Jn?Jn[this.hostnameAndPort]:null}async updateMetadataWithRegionalInformation(e){var n,o,r;(n=this.performanceClient)==null||n.addQueueMeasurement(l.AuthorityUpdateMetadataWithRegionalInformation,this.correlationId);const t=(o=this.authorityOptions.azureRegionConfiguration)==null?void 0:o.azureRegion;if(t){if(t!==u.AZURE_REGION_AUTO_DISCOVER_FLAG)return this.regionDiscoveryMetadata.region_outcome=kt.CONFIGURED_NO_AUTO_DETECTION,this.regionDiscoveryMetadata.region_used=t,x.replaceWithRegionalInformation(e,t);const i=await p(this.regionDiscovery.detectRegion.bind(this.regionDiscovery),l.RegionDiscoveryDetectRegion,this.logger,this.performanceClient,this.correlationId)((r=this.authorityOptions.azureRegionConfiguration)==null?void 0:r.environmentRegion,this.regionDiscoveryMetadata);if(i)return this.regionDiscoveryMetadata.region_outcome=kt.AUTO_DETECTION_REQUESTED_SUCCESSFUL,this.regionDiscoveryMetadata.region_used=i,x.replaceWithRegionalInformation(e,i);this.regionDiscoveryMetadata.region_outcome=kt.AUTO_DETECTION_REQUESTED_FAILED}return e}async updateCloudDiscoveryMetadata(e){var o;(o=this.performanceClient)==null||o.addQueueMeasurement(l.AuthorityUpdateCloudDiscoveryMetadata,this.correlationId);const t=this.updateCloudDiscoveryMetadataFromLocalSources(e);if(t)return t;const n=await p(this.getCloudDiscoveryMetadataFromNetwork.bind(this),l.AuthorityGetCloudDiscoveryMetadataFromNetwork,this.logger,this.performanceClient,this.correlationId)();if(n)return Rt(e,n,!0),$.NETWORK;throw R(Wo)}updateCloudDiscoveryMetadataFromLocalSources(e){this.logger.verbose("Attempting to get cloud discovery metadata from authority configuration"),this.logger.verbosePii(`Known Authorities: ${this.authorityOptions.knownAuthorities||u.NOT_APPLICABLE}`),this.logger.verbosePii(`Authority Metadata: ${this.authorityOptions.authorityMetadata||u.NOT_APPLICABLE}`),this.logger.verbosePii(`Canonical Authority: ${e.canonical_authority||u.NOT_APPLICABLE}`);const t=this.getCloudDiscoveryMetadataFromConfig();if(t)return this.logger.verbose("Found cloud discovery metadata in authority configuration"),Rt(e,t,!1),$.CONFIG;if(this.logger.verbose("Did not find cloud discovery metadata in the config... Attempting to get cloud discovery metadata from the hardcoded values."),this.options.skipAuthorityMetadataCache)this.logger.verbose("Skipping hardcoded cloud discovery metadata cache since skipAuthorityMetadataCache is set to true. Attempting to get cloud discovery metadata from the network metadata cache.");else{const o=qi(this.hostnameAndPort);if(o)return this.logger.verbose("Found cloud discovery metadata from hardcoded values."),Rt(e,o,!1),$.HARDCODED_VALUES;this.logger.verbose("Did not find cloud discovery metadata in hardcoded values... Attempting to get cloud discovery metadata from the network metadata cache.")}const n=jn(e);return this.isAuthoritySameType(e)&&e.aliasesFromNetwork&&!n?(this.logger.verbose("Found cloud discovery metadata in the cache."),$.CACHE):(n&&this.logger.verbose("The metadata entity is expired."),null)}getCloudDiscoveryMetadataFromConfig(){if(this.authorityType===j.Ciam)return this.logger.verbose("CIAM authorities do not support cloud discovery metadata, generate the aliases from authority host."),x.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);if(this.authorityOptions.cloudDiscoveryMetadata){this.logger.verbose("The cloud discovery metadata has been provided as a network response, in the config.");try{this.logger.verbose("Attempting to parse the cloud discovery metadata.");const e=JSON.parse(this.authorityOptions.cloudDiscoveryMetadata),t=dt(e.metadata,this.hostnameAndPort);if(this.logger.verbose("Parsed the cloud discovery metadata."),t)return this.logger.verbose("There is returnable metadata attached to the parsed cloud discovery metadata."),t;this.logger.verbose("There is no metadata attached to the parsed cloud discovery metadata.")}catch{throw this.logger.verbose("Unable to parse the cloud discovery metadata. Throwing Invalid Cloud Discovery Metadata Error."),R(cn)}}return this.isInKnownAuthorities()?(this.logger.verbose("The host is included in knownAuthorities. Creating new cloud discovery metadata from the host."),x.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort)):null}async getCloudDiscoveryMetadataFromNetwork(){var o;(o=this.performanceClient)==null||o.addQueueMeasurement(l.AuthorityGetCloudDiscoveryMetadataFromNetwork,this.correlationId);const e=`${u.AAD_INSTANCE_DISCOVERY_ENDPT}${this.canonicalAuthority}oauth2/v2.0/authorize`,t={};let n=null;try{const r=await this.networkInterface.sendGetRequestAsync(e,t);let i,s;if(Ka(r.body))i=r.body,s=i.metadata,this.logger.verbosePii(`tenant_discovery_endpoint is: ${i.tenant_discovery_endpoint}`);else if(xa(r.body)){if(this.logger.warning(`A CloudInstanceDiscoveryErrorResponse was returned. The cloud instance discovery network request's status code is: ${r.status}`),i=r.body,i.error===u.INVALID_INSTANCE)return this.logger.error("The CloudInstanceDiscoveryErrorResponse error is invalid_instance."),null;this.logger.warning(`The CloudInstanceDiscoveryErrorResponse error is ${i.error}`),this.logger.warning(`The CloudInstanceDiscoveryErrorResponse error description is ${i.error_description}`),this.logger.warning("Setting the value of the CloudInstanceDiscoveryMetadata (returned from the network) to []"),s=[]}else return this.logger.error("AAD did not return a CloudInstanceDiscoveryResponse or CloudInstanceDiscoveryErrorResponse"),null;this.logger.verbose("Attempting to find a match between the developer's authority and the CloudInstanceDiscoveryMetadata returned from the network request."),n=dt(s,this.hostnameAndPort)}catch(r){if(r instanceof O)this.logger.error(`There was a network error while attempting to get the cloud discovery instance metadata.
2
+ Error: ${r.errorCode}
3
+ Error Description: ${r.errorMessage}`);else{const i=r;this.logger.error(`A non-MSALJS error was thrown while attempting to get the cloud instance discovery metadata.
4
+ Error: ${i.name}
5
+ Error Description: ${i.message}`)}return null}return n||(this.logger.warning("The developer's authority was not found within the CloudInstanceDiscoveryMetadata returned from the network request."),this.logger.verbose("Creating custom Authority for custom domain scenario."),n=x.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort)),n}isInKnownAuthorities(){return this.authorityOptions.knownAuthorities.filter(t=>t&&w.getDomainFromUrl(t).toLowerCase()===this.hostnameAndPort).length>0}static generateAuthority(e,t){let n;if(t&&t.azureCloudInstance!==on.None){const o=t.tenant?t.tenant:u.DEFAULT_COMMON_TENANT;n=`${t.azureCloudInstance}/${o}/`}return n||e}static createCloudDiscoveryMetadataFromHost(e){return{preferred_network:e,preferred_cache:e,aliases:[e]}}getPreferredCache(){if(this.managedIdentity)return u.DEFAULT_AUTHORITY_HOST;if(this.discoveryComplete())return this.metadata.preferred_cache;throw m(ce)}isAlias(e){return this.metadata.aliases.indexOf(e)>-1}isAliasOfKnownMicrosoftAuthority(e){return or.has(e)}static isPublicCloudAuthority(e){return u.KNOWN_PUBLIC_CLOUDS.indexOf(e)>=0}static buildRegionalAuthorityString(e,t,n){const o=new w(e);o.validateAsUri();const r=o.getUrlComponents();let i=`${t}.${r.HostNameAndPort}`;this.isPublicCloudAuthority(r.HostNameAndPort)&&(i=`${t}.${u.REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX}`);const s=w.constructAuthorityUriFromObject({...o.getUrlComponents(),HostNameAndPort:i}).urlString;return n?`${s}?${n}`:s}static replaceWithRegionalInformation(e,t){const n={...e};return n.authorization_endpoint=x.buildRegionalAuthorityString(n.authorization_endpoint,t),n.token_endpoint=x.buildRegionalAuthorityString(n.token_endpoint,t),n.end_session_endpoint&&(n.end_session_endpoint=x.buildRegionalAuthorityString(n.end_session_endpoint,t)),n}static transformCIAMAuthority(e){let t=e;const o=new w(e).getUrlComponents();if(o.PathSegments.length===0&&o.HostNameAndPort.endsWith(u.CIAM_AUTH_URL)){const r=o.HostNameAndPort.split(".")[0];t=`${t}${r}${u.AAD_TENANT_DOMAIN_SUFFIX}`}return t}}x.reservedTenantDomains=new Set(["{tenant}","{tenantid}",me.COMMON,me.CONSUMERS,me.ORGANIZATIONS]);function Fa(a){var o;const n=(o=new w(a).getUrlComponents().PathSegments.slice(-1)[0])==null?void 0:o.toLowerCase();switch(n){case me.COMMON:case me.ORGANIZATIONS:case me.CONSUMERS:return;default:return n}}function sr(a){return a.endsWith(u.FORWARD_SLASH)?a:`${a}${u.FORWARD_SLASH}`}function Ga(a){const e=a.cloudDiscoveryMetadata;let t;if(e)try{t=JSON.parse(e)}catch{throw R(cn)}return{canonicalAuthority:a.authority?sr(a.authority):void 0,knownAuthorities:a.knownAuthorities,cloudDiscoveryMetadata:t}}/*! @azure/msal-common v14.16.1 2025-08-05 */async function cr(a,e,t,n,o,r,i){i==null||i.addQueueMeasurement(l.AuthorityFactoryCreateDiscoveredInstance,r);const s=x.transformCIAMAuthority(sr(a)),c=new x(s,e,t,n,o,r,i);try{return await p(c.resolveEndpointsAsync.bind(c),l.AuthorityResolveEndpointsAsync,o,i,r)(),c}catch{throw m(ce)}}/*! @azure/msal-common v14.16.1 2025-08-05 */class fe extends O{constructor(e,t,n,o,r){super(e,t,n),this.name="ServerError",this.errorNo=o,this.status=r,Object.setPrototypeOf(this,fe.prototype)}}/*! @azure/msal-common v14.16.1 2025-08-05 */class te{static generateThrottlingStorageKey(e){return`${qe.THROTTLING_PREFIX}.${JSON.stringify(e)}`}static preProcess(e,t,n){var i;const o=te.generateThrottlingStorageKey(t),r=e.getThrottlingCache(o);if(r){if(r.throttleTime<Date.now()){e.removeItem(o,n);return}throw new fe(((i=r.errorCodes)==null?void 0:i.join(" "))||u.EMPTY_STRING,r.errorMessage,r.subError)}}static postProcess(e,t,n,o){if(te.checkResponseStatus(n)||te.checkResponseForRetryAfter(n)){const r={throttleTime:te.calculateThrottleTime(parseInt(n.headers[F.RETRY_AFTER])),error:n.body.error,errorCodes:n.body.error_codes,errorMessage:n.body.error_description,subError:n.body.suberror};e.setThrottlingCache(te.generateThrottlingStorageKey(t),r,o)}}static checkResponseStatus(e){return e.status===429||e.status>=500&&e.status<600}static checkResponseForRetryAfter(e){return e.headers?e.headers.hasOwnProperty(F.RETRY_AFTER)&&(e.status<200||e.status>=300):!1}static calculateThrottleTime(e){const t=e<=0?0:e,n=Date.now()/1e3;return Math.floor(Math.min(n+(t||qe.DEFAULT_THROTTLE_TIME_SECONDS),n+qe.DEFAULT_MAX_THROTTLE_TIME_SECONDS)*1e3)}static removeThrottle(e,t,n,o){const r={clientId:t,authority:n.authority,scopes:n.scopes,homeAccountIdentifier:o,claims:n.claims,authenticationScheme:n.authenticationScheme,resourceRequestMethod:n.resourceRequestMethod,resourceRequestUri:n.resourceRequestUri,shrClaims:n.shrClaims,sshKid:n.sshKid},i=this.generateThrottlingStorageKey(r);e.removeItem(i,n.correlationId)}}/*! @azure/msal-common v14.16.1 2025-08-05 */class It extends O{constructor(e,t,n){super(e.errorCode,e.errorMessage,e.subError),Object.setPrototypeOf(this,It.prototype),this.name="NetworkError",this.error=e,this.httpStatus=t,this.responseHeaders=n}}function oo(a,e,t){return new It(a,e,t)}/*! @azure/msal-common v14.16.1 2025-08-05 */class fn{constructor(e,t){this.config=Xi(e),this.logger=new pe(this.config.loggerOptions,Do,nn),this.cryptoUtils=this.config.cryptoInterface,this.cacheManager=this.config.storageInterface,this.networkClient=this.config.networkInterface,this.serverTelemetryManager=this.config.serverTelemetryManager,this.authority=this.config.authOptions.authority,this.performanceClient=t}createTokenRequestHeaders(e){const t={};if(t[F.CONTENT_TYPE]=u.URL_FORM_CONTENT_TYPE,!this.config.systemOptions.preventCorsPreflight&&e)switch(e.type){case Q.HOME_ACCOUNT_ID:try{const n=Oe(e.credential);t[F.CCS_HEADER]=`Oid:${n.uid}@${n.utid}`}catch(n){this.logger.verbose("Could not parse home account ID for CCS Header: "+n)}break;case Q.UPN:t[F.CCS_HEADER]=`UPN: ${e.credential}`;break}return t}async executePostToTokenEndpoint(e,t,n,o,r,i){var c;i&&((c=this.performanceClient)==null||c.addQueueMeasurement(i,r));const s=await this.sendPostRequest(o,e,{body:t,headers:n},r);return this.config.serverTelemetryManager&&s.status<500&&s.status!==429&&this.config.serverTelemetryManager.clearTelemetryCache(),s}async sendPostRequest(e,t,n,o){var i,s,c;te.preProcess(this.cacheManager,e,o);let r;try{r=await p(this.networkClient.sendPostRequestAsync.bind(this.networkClient),l.NetworkClientSendPostRequestAsync,this.logger,this.performanceClient,o)(t,n);const h=r.headers||{};(s=this.performanceClient)==null||s.addFields({refreshTokenSize:((i=r.body.refresh_token)==null?void 0:i.length)||0,httpVerToken:h[F.X_MS_HTTP_VERSION]||"",requestId:h[F.X_MS_REQUEST_ID]||""},o)}catch(h){if(h instanceof It){const d=h.responseHeaders;throw d&&((c=this.performanceClient)==null||c.addFields({httpVerToken:d[F.X_MS_HTTP_VERSION]||"",requestId:d[F.X_MS_REQUEST_ID]||"",contentTypeHeader:d[F.CONTENT_TYPE]||void 0,contentLengthHeader:d[F.CONTENT_LENGTH]||void 0,httpStatus:h.httpStatus},o)),h.error}throw h instanceof O?h:m(So)}return te.postProcess(this.cacheManager,e,r,o),r}async updateAuthority(e,t){var r;(r=this.performanceClient)==null||r.addQueueMeasurement(l.UpdateTokenEndpointAuthority,t);const n=`https://${e}/${this.authority.tenant}/`,o=await cr(n,this.networkClient,this.cacheManager,this.authority.options,this.logger,t,this.performanceClient);this.authority=o}createTokenQueryParameters(e){const t=new $e(e.correlationId,this.performanceClient);return e.embeddedClientId&&t.addBrokerParameters({brokerClientId:this.config.authOptions.clientId,brokerRedirectUri:this.config.authOptions.redirectUri}),e.tokenQueryParameters&&t.addExtraQueryParameters(e.tokenQueryParameters),t.addCorrelationId(e.correlationId),t.createQueryString()}}/*! @azure/msal-common v14.16.1 2025-08-05 */const ut="no_tokens_found",hr="native_account_unavailable",Cn="refresh_token_expired",qa="interaction_required",$a="consent_required",za="login_required",At="bad_token";/*! @azure/msal-common v14.16.1 2025-08-05 */const ro=[qa,$a,za,At],Va=["message_only","additional_action","basic_action","user_password_expired","consent_required","bad_token"],Qa={[ut]:"No refresh token found in the cache. Please sign-in.",[hr]:"The requested account is not available in the native broker. It may have been deleted or logged out. Please sign-in again using an interactive API.",[Cn]:"Refresh token has expired.",[At]:"Identity provider returned bad_token due to an expired or invalid refresh token. Please invoke an interactive API to resolve."};class Z extends O{constructor(e,t,n,o,r,i,s,c){super(e,t,n),Object.setPrototypeOf(this,Z.prototype),this.timestamp=o||u.EMPTY_STRING,this.traceId=r||u.EMPTY_STRING,this.correlationId=i||u.EMPTY_STRING,this.claims=s||u.EMPTY_STRING,this.name="InteractionRequiredAuthError",this.errorNo=c}}function io(a,e,t){const n=!!a&&ro.indexOf(a)>-1,o=!!t&&Va.indexOf(t)>-1,r=!!e&&ro.some(i=>e.indexOf(i)>-1);return n||r||o}function xt(a){return new Z(a,Qa[a])}/*! @azure/msal-common v14.16.1 2025-08-05 */class X{static setRequestState(e,t,n){const o=X.generateLibraryState(e,n);return t?`${o}${u.RESOURCE_DELIM}${t}`:o}static generateLibraryState(e,t){if(!e)throw m(Ut);const n={id:e.createNewGuid()};t&&(n.meta=t);const o=JSON.stringify(n);return e.base64Encode(o)}static parseRequestState(e,t){if(!e)throw m(Ut);if(!t)throw m(Ue);try{const n=t.split(u.RESOURCE_DELIM),o=n[0],r=n.length>1?n.slice(1).join(u.RESOURCE_DELIM):u.EMPTY_STRING,i=e.base64Decode(o),s=JSON.parse(i);return{userRequestState:r||u.EMPTY_STRING,libraryState:s}}catch{throw m(Ue)}}}/*! @azure/msal-common v14.16.1 2025-08-05 */const Ya={SW:"sw"};class He{constructor(e,t){this.cryptoUtils=e,this.performanceClient=t}async generateCnf(e,t){var r;(r=this.performanceClient)==null||r.addQueueMeasurement(l.PopTokenGenerateCnf,e.correlationId);const n=await p(this.generateKid.bind(this),l.PopTokenGenerateCnf,t,this.performanceClient,e.correlationId)(e),o=this.cryptoUtils.base64UrlEncode(JSON.stringify(n));return{kid:n.kid,reqCnfString:o}}async generateKid(e){var n;return(n=this.performanceClient)==null||n.addQueueMeasurement(l.PopTokenGenerateKid,e.correlationId),{kid:await this.cryptoUtils.getPublicKeyThumbprint(e),xms_ksl:Ya.SW}}async signPopToken(e,t,n){return this.signPayload(e,t,n)}async signPayload(e,t,n,o){const{resourceRequestMethod:r,resourceRequestUri:i,shrClaims:s,shrNonce:c,shrOptions:h}=n,d=i?new w(i):void 0,g=d==null?void 0:d.getUrlComponents();return this.cryptoUtils.signJwt({at:e,ts:ie(),m:r==null?void 0:r.toUpperCase(),u:g==null?void 0:g.HostNameAndPort,nonce:c||this.cryptoUtils.createNewGuid(),p:g==null?void 0:g.AbsolutePath,q:g!=null&&g.QueryString?[[],g.QueryString]:void 0,client_claims:s||void 0,...o},t,h,n.correlationId)}}/*! @azure/msal-common v14.16.1 2025-08-05 */class Wa{constructor(e,t){this.cache=e,this.hasChanged=t}get cacheHasChanged(){return this.hasChanged}get tokenCache(){return this.cache}}/*! @azure/msal-common v14.16.1 2025-08-05 */function ja(a){var n,o;const e="code=",t=(n=a.error_uri)==null?void 0:n.lastIndexOf(e);return t&&t>=0?(o=a.error_uri)==null?void 0:o.substring(t+e.length):void 0}class Te{constructor(e,t,n,o,r,i,s){this.clientId=e,this.cacheStorage=t,this.cryptoObj=n,this.logger=o,this.serializableCache=r,this.persistencePlugin=i,this.performanceClient=s}validateServerAuthorizationCodeResponse(e,t){if(!e.state||!t)throw e.state?m(at,"Cached State"):m(at,"Server State");let n,o;try{n=decodeURIComponent(e.state)}catch{throw m(Ue,e.state)}try{o=decodeURIComponent(t)}catch{throw m(Ue,e.state)}if(n!==o)throw m(_o);if(e.error||e.error_description||e.suberror){const r=ja(e);throw io(e.error,e.error_description,e.suberror)?new Z(e.error||"",e.error_description,e.suberror,e.timestamp||"",e.trace_id||"",e.correlation_id||"",e.claims||"",r):new fe(e.error||"",e.error_description,e.suberror,r)}}validateTokenResponse(e,t){var n;if(e.error||e.error_description||e.suberror){const o=`Error(s): ${e.error_codes||u.NOT_AVAILABLE} - Timestamp: ${e.timestamp||u.NOT_AVAILABLE} - Description: ${e.error_description||u.NOT_AVAILABLE} - Correlation ID: ${e.correlation_id||u.NOT_AVAILABLE} - Trace ID: ${e.trace_id||u.NOT_AVAILABLE}`,r=(n=e.error_codes)!=null&&n.length?e.error_codes[0]:void 0,i=new fe(e.error,o,e.suberror,r,e.status);if(t&&e.status&&e.status>=Je.SERVER_ERROR_RANGE_START&&e.status<=Je.SERVER_ERROR_RANGE_END){this.logger.warning(`executeTokenRequest:validateTokenResponse - AAD is currently unavailable and the access token is unable to be refreshed.
6
+ ${i}`);return}else if(t&&e.status&&e.status>=Je.CLIENT_ERROR_RANGE_START&&e.status<=Je.CLIENT_ERROR_RANGE_END){this.logger.warning(`executeTokenRequest:validateTokenResponse - AAD is currently available but is unable to refresh the access token.
7
+ ${i}`);return}throw io(e.error,e.error_description,e.suberror)?new Z(e.error,e.error_description,e.suberror,e.timestamp||u.EMPTY_STRING,e.trace_id||u.EMPTY_STRING,e.correlation_id||u.EMPTY_STRING,e.claims||u.EMPTY_STRING,r):i}}async handleServerTokenResponse(e,t,n,o,r,i,s,c,h){var E;(E=this.performanceClient)==null||E.addQueueMeasurement(l.HandleServerTokenResponse,e.correlation_id);let d;if(e.id_token){if(d=Ee(e.id_token||u.EMPTY_STRING,this.cryptoObj.base64Decode),r&&r.nonce&&d.nonce!==r.nonce)throw m(ko);if(o.maxAge||o.maxAge===0){const v=d.auth_time;if(!v)throw m(Xt);Ko(v,o.maxAge)}}this.homeAccountIdentifier=U.generateHomeAccountId(e.client_info||u.EMPTY_STRING,t.authorityType,this.logger,this.cryptoObj,d);let g;r&&r.state&&(g=X.parseRequestState(this.cryptoObj,r.state)),e.key_id=e.key_id||o.sshKid||void 0;const f=this.generateCacheRecord(e,t,n,o,d,i,r);let T;try{if(this.persistencePlugin&&this.serializableCache&&(this.logger.verbose("Persistence enabled, calling beforeCacheAccess"),T=new Wa(this.serializableCache,!0),await this.persistencePlugin.beforeCacheAccess(T)),s&&!c&&f.account){const v=f.account.generateAccountKey();if(!this.cacheStorage.getAccount(v,o.correlationId,this.logger))return this.logger.warning("Account used to refresh tokens not in persistence, refreshed tokens will not be stored in the cache"),await Te.generateAuthenticationResult(this.cryptoObj,t,f,!1,o,d,g,void 0,h)}await this.cacheStorage.saveCacheRecord(f,o.correlationId,o.storeInCache)}finally{this.persistencePlugin&&this.serializableCache&&T&&(this.logger.verbose("Persistence enabled, calling afterCacheAccess"),await this.persistencePlugin.afterCacheAccess(T))}return Te.generateAuthenticationResult(this.cryptoObj,t,f,!1,o,d,g,e,h)}generateCacheRecord(e,t,n,o,r,i,s){const c=t.getPreferredCache();if(!c)throw m(en);const h=er(r);let d,g;e.id_token&&r&&(d=ft(this.homeAccountIdentifier,c,e.id_token,this.clientId,h||""),g=yn(this.cacheStorage,t,this.homeAccountIdentifier,this.cryptoObj.base64Decode,o.correlationId,r,e.client_info,c,h,s,void 0,this.logger));let f=null;if(e.access_token){const v=e.scope?P.fromString(e.scope):new P(o.scopes||[]),M=(typeof e.expires_in=="string"?parseInt(e.expires_in,10):e.expires_in)||0,G=(typeof e.ext_expires_in=="string"?parseInt(e.ext_expires_in,10):e.ext_expires_in)||0,L=(typeof e.refresh_in=="string"?parseInt(e.refresh_in,10):e.refresh_in)||void 0,ue=n+M,We=ue+G,je=L&&L>0?n+L:void 0;f=Ct(this.homeAccountIdentifier,c,e.access_token,this.clientId,h||t.tenant||"",v.printScopes(),ue,We,this.cryptoObj.base64Decode,je,e.token_type,i,e.key_id,o.claims,o.requestedClaimsHash)}let T=null;if(e.refresh_token){let v;if(e.refresh_token_expires_in){const M=typeof e.refresh_token_expires_in=="string"?parseInt(e.refresh_token_expires_in,10):e.refresh_token_expires_in;v=n+M}T=xo(this.homeAccountIdentifier,c,e.refresh_token,this.clientId,e.foci,i,v)}let E=null;return e.foci&&(E={clientId:this.clientId,environment:c,familyId:e.foci}),{account:g,idToken:d,accessToken:f,refreshToken:T,appMetadata:E}}static async generateAuthenticationResult(e,t,n,o,r,i,s,c,h){var ue,We,je,Dn,Kn;let d=u.EMPTY_STRING,g=[],f=null,T,E,v=u.EMPTY_STRING;if(n.accessToken){if(n.accessToken.tokenType===k.POP&&!r.popKid){const ai=new He(e),{secret:si,keyId:xn}=n.accessToken;if(!xn)throw m(tn);d=await ai.signPopToken(si,xn,r)}else d=n.accessToken.secret;g=P.fromString(n.accessToken.target).asArray(),f=new Date(Number(n.accessToken.expiresOn)*1e3),T=new Date(Number(n.accessToken.extendedExpiresOn)*1e3),n.accessToken.refreshOn&&(E=new Date(Number(n.accessToken.refreshOn)*1e3))}n.appMetadata&&(v=n.appMetadata.familyId===Ge?Ge:"");const M=(i==null?void 0:i.oid)||(i==null?void 0:i.sub)||"",G=(i==null?void 0:i.tid)||"";c!=null&&c.spa_accountid&&n.account&&(n.account.nativeAccountId=c==null?void 0:c.spa_accountid);const L=n.account?dn(n.account.getAccountInfo(),void 0,i,(ue=n.idToken)==null?void 0:ue.secret):null;return{authority:t.canonicalAuthority,uniqueId:M,tenantId:G,scopes:g,account:L,idToken:((We=n==null?void 0:n.idToken)==null?void 0:We.secret)||"",idTokenClaims:i||{},accessToken:d,fromCache:o,expiresOn:f,extExpiresOn:T,refreshOn:E,correlationId:r.correlationId,requestId:h||u.EMPTY_STRING,familyId:v,tokenType:((je=n.accessToken)==null?void 0:je.tokenType)||u.EMPTY_STRING,state:s?s.userRequestState:u.EMPTY_STRING,cloudGraphHostName:((Dn=n.account)==null?void 0:Dn.cloudGraphHostName)||u.EMPTY_STRING,msGraphHost:((Kn=n.account)==null?void 0:Kn.msGraphHost)||u.EMPTY_STRING,code:c==null?void 0:c.spa_code,fromNativeBroker:!1}}}function yn(a,e,t,n,o,r,i,s,c,h,d,g){g==null||g.verbose("setCachedAccount called");const T=a.getAccountKeys().find(L=>L.startsWith(t));let E=null;T&&(E=a.getAccount(T,o,g));const v=E||U.createAccount({homeAccountId:t,idTokenClaims:r,clientInfo:i,environment:s,cloudGraphHostName:h==null?void 0:h.cloud_graph_host_name,msGraphHost:h==null?void 0:h.msgraph_host,nativeAccountId:d},e,n),M=v.tenantProfiles||[],G=c||v.realm;if(G&&!M.find(L=>L.tenantId===G)){const L=ln(t,v.localAccountId,G,r);M.push(L)}return v.tenantProfiles=M,v}/*! @azure/msal-common v14.16.1 2025-08-05 */async function lr(a,e,t){return typeof a=="string"?a:a({clientId:e,tokenEndpoint:t})}/*! @azure/msal-common v14.16.1 2025-08-05 */class dr extends fn{constructor(e,t){var n;super(e,t),this.includeRedirectUri=!0,this.oidcDefaultScopes=(n=this.config.authOptions.authority.options.OIDCOptions)==null?void 0:n.defaultScopes}async getAuthCodeUrl(e){var n;(n=this.performanceClient)==null||n.addQueueMeasurement(l.GetAuthCodeUrl,e.correlationId);const t=await p(this.createAuthCodeUrlQueryString.bind(this),l.AuthClientCreateQueryString,this.logger,this.performanceClient,e.correlationId)(e);return w.appendQueryString(this.authority.authorizationEndpoint,t)}async acquireToken(e,t){var s,c;if((s=this.performanceClient)==null||s.addQueueMeasurement(l.AuthClientAcquireToken,e.correlationId),!e.code)throw m(Oo);const n=ie(),o=await p(this.executeTokenRequest.bind(this),l.AuthClientExecuteTokenRequest,this.logger,this.performanceClient,e.correlationId)(this.authority,e),r=(c=o.headers)==null?void 0:c[F.X_MS_REQUEST_ID],i=new Te(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.config.serializableCache,this.config.persistencePlugin,this.performanceClient);return i.validateTokenResponse(o.body),p(i.handleServerTokenResponse.bind(i),l.HandleServerTokenResponse,this.logger,this.performanceClient,e.correlationId)(o.body,this.authority,n,e,t,void 0,void 0,void 0,r)}handleFragmentResponse(e,t){if(new Te(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,null,null).validateServerAuthorizationCodeResponse(e,t),!e.code)throw m(Lo);return e}getLogoutUri(e){if(!e)throw R(Vo);const t=this.createLogoutUrlQueryString(e);return w.appendQueryString(this.authority.endSessionEndpoint,t)}async executeTokenRequest(e,t){var h,d;(h=this.performanceClient)==null||h.addQueueMeasurement(l.AuthClientExecuteTokenRequest,t.correlationId);const n=this.createTokenQueryParameters(t),o=w.appendQueryString(e.tokenEndpoint,n),r=await p(this.createTokenRequestBody.bind(this),l.AuthClientCreateTokenRequestBody,this.logger,this.performanceClient,t.correlationId)(t);let i;if(t.clientInfo)try{const g=ct(t.clientInfo,this.cryptoUtils.base64Decode);i={credential:`${g.uid}${B.CLIENT_INFO_SEPARATOR}${g.utid}`,type:Q.HOME_ACCOUNT_ID}}catch(g){this.logger.verbose("Could not parse client info for CCS Header: "+g)}const s=this.createTokenRequestHeaders(i||t.ccsCredential),c={clientId:((d=t.tokenBodyParameters)==null?void 0:d.clientId)||this.config.authOptions.clientId,authority:e.canonicalAuthority,scopes:t.scopes,claims:t.claims,authenticationScheme:t.authenticationScheme,resourceRequestMethod:t.resourceRequestMethod,resourceRequestUri:t.resourceRequestUri,shrClaims:t.shrClaims,sshKid:t.sshKid};return p(this.executePostToTokenEndpoint.bind(this),l.AuthorizationCodeClientExecutePostToTokenEndpoint,this.logger,this.performanceClient,t.correlationId)(o,r,s,c,t.correlationId,l.AuthorizationCodeClientExecutePostToTokenEndpoint)}async createTokenRequestBody(e){var o,r;(o=this.performanceClient)==null||o.addQueueMeasurement(l.AuthClientCreateTokenRequestBody,e.correlationId);const t=new $e(e.correlationId,this.performanceClient);if(t.addClientId(e.embeddedClientId||((r=e.tokenBodyParameters)==null?void 0:r[ye])||this.config.authOptions.clientId),this.includeRedirectUri?t.addRedirectUri(e.redirectUri):_e.validateRedirectUri(e.redirectUri),t.addScopes(e.scopes,!0,this.oidcDefaultScopes),t.addAuthorizationCode(e.code),t.addLibraryInfo(this.config.libraryInfo),t.addApplicationTelemetry(this.config.telemetry.application),t.addThrottling(),this.serverTelemetryManager&&!Dt(this.config)&&t.addServerTelemetry(this.serverTelemetryManager),e.codeVerifier&&t.addCodeVerifier(e.codeVerifier),this.config.clientCredentials.clientSecret&&t.addClientSecret(this.config.clientCredentials.clientSecret),this.config.clientCredentials.clientAssertion){const i=this.config.clientCredentials.clientAssertion;t.addClientAssertion(await lr(i.assertion,this.config.authOptions.clientId,e.resourceRequestUri)),t.addClientAssertionType(i.assertionType)}if(t.addGrantType(To.AUTHORIZATION_CODE_GRANT),t.addClientInfo(),e.authenticationScheme===k.POP){const i=new He(this.cryptoUtils,this.performanceClient);let s;e.popKid?s=this.cryptoUtils.encodeKid(e.popKid):s=(await p(i.generateCnf.bind(i),l.PopTokenGenerateCnf,this.logger,this.performanceClient,e.correlationId)(e,this.logger)).reqCnfString,t.addPopToken(s)}else if(e.authenticationScheme===k.SSH)if(e.sshJwk)t.addSshJwk(e.sshJwk);else throw R(yt);(!J.isEmptyObj(e.claims)||this.config.authOptions.clientCapabilities&&this.config.authOptions.clientCapabilities.length>0)&&t.addClaims(e.claims,this.config.authOptions.clientCapabilities);let n;if(e.clientInfo)try{const i=ct(e.clientInfo,this.cryptoUtils.base64Decode);n={credential:`${i.uid}${B.CLIENT_INFO_SEPARATOR}${i.utid}`,type:Q.HOME_ACCOUNT_ID}}catch(i){this.logger.verbose("Could not parse client info for CCS Header: "+i)}else n=e.ccsCredential;if(this.config.systemOptions.preventCorsPreflight&&n)switch(n.type){case Q.HOME_ACCOUNT_ID:try{const i=Oe(n.credential);t.addCcsOid(i)}catch(i){this.logger.verbose("Could not parse home account ID for CCS Header: "+i)}break;case Q.UPN:t.addCcsUpn(n.credential);break}return e.embeddedClientId&&t.addBrokerParameters({brokerClientId:this.config.authOptions.clientId,brokerRedirectUri:this.config.authOptions.redirectUri}),e.tokenBodyParameters&&t.addExtraQueryParameters(e.tokenBodyParameters),e.enableSpaAuthorizationCode&&(!e.tokenBodyParameters||!e.tokenBodyParameters[no])&&t.addExtraQueryParameters({[no]:"1"}),t.createQueryString()}async createAuthCodeUrlQueryString(e){var r,i;const t=e.correlationId||this.config.cryptoInterface.createNewGuid();(r=this.performanceClient)==null||r.addQueueMeasurement(l.AuthClientCreateQueryString,t);const n=new $e(t,this.performanceClient);n.addClientId(e.embeddedClientId||((i=e.extraQueryParameters)==null?void 0:i[ye])||this.config.authOptions.clientId);const o=[...e.scopes||[],...e.extraScopesToConsent||[]];if(n.addScopes(o,!0,this.oidcDefaultScopes),n.addRedirectUri(e.redirectUri),n.addCorrelationId(t),n.addResponseMode(e.responseMode),n.addResponseTypeCode(),n.addLibraryInfo(this.config.libraryInfo),Dt(this.config)||n.addApplicationTelemetry(this.config.telemetry.application),n.addClientInfo(),e.codeChallenge&&e.codeChallengeMethod&&n.addCodeChallengeParams(e.codeChallenge,e.codeChallengeMethod),e.prompt&&n.addPrompt(e.prompt),e.domainHint&&n.addDomainHint(e.domainHint),e.prompt!==D.SELECT_ACCOUNT)if(e.sid&&e.prompt===D.NONE)this.logger.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from request"),n.addSid(e.sid);else if(e.account){const s=this.extractAccountSid(e.account);let c=this.extractLoginHint(e.account);if(c&&e.domainHint&&(this.logger.warning('AuthorizationCodeClient.createAuthCodeUrlQueryString: "domainHint" param is set, skipping opaque "login_hint" claim. Please consider not passing domainHint'),c=null),c){this.logger.verbose("createAuthCodeUrlQueryString: login_hint claim present on account"),n.addLoginHint(c);try{const h=Oe(e.account.homeAccountId);n.addCcsOid(h)}catch{this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header")}}else if(s&&e.prompt===D.NONE){this.logger.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from account"),n.addSid(s);try{const h=Oe(e.account.homeAccountId);n.addCcsOid(h)}catch{this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header")}}else if(e.loginHint)this.logger.verbose("createAuthCodeUrlQueryString: Adding login_hint from request"),n.addLoginHint(e.loginHint),n.addCcsUpn(e.loginHint);else if(e.account.username){this.logger.verbose("createAuthCodeUrlQueryString: Adding login_hint from account"),n.addLoginHint(e.account.username);try{const h=Oe(e.account.homeAccountId);n.addCcsOid(h)}catch{this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header")}}}else e.loginHint&&(this.logger.verbose("createAuthCodeUrlQueryString: No account, adding login_hint from request"),n.addLoginHint(e.loginHint),n.addCcsUpn(e.loginHint));else this.logger.verbose("createAuthCodeUrlQueryString: Prompt is select_account, ignoring account hints");if(e.nonce&&n.addNonce(e.nonce),e.state&&n.addState(e.state),(e.claims||this.config.authOptions.clientCapabilities&&this.config.authOptions.clientCapabilities.length>0)&&n.addClaims(e.claims,this.config.authOptions.clientCapabilities),e.embeddedClientId&&n.addBrokerParameters({brokerClientId:this.config.authOptions.clientId,brokerRedirectUri:this.config.authOptions.redirectUri}),this.addExtraQueryParams(e,n),e.nativeBroker&&(n.addNativeBroker(),e.authenticationScheme===k.POP)){const s=new He(this.cryptoUtils);let c;e.popKid?c=this.cryptoUtils.encodeKid(e.popKid):c=(await p(s.generateCnf.bind(s),l.PopTokenGenerateCnf,this.logger,this.performanceClient,e.correlationId)(e,this.logger)).reqCnfString,n.addPopToken(c)}return n.createQueryString()}createLogoutUrlQueryString(e){const t=new $e(e.correlationId,this.performanceClient);return e.postLogoutRedirectUri&&t.addPostLogoutRedirectUri(e.postLogoutRedirectUri),e.correlationId&&t.addCorrelationId(e.correlationId),e.idTokenHint&&t.addIdTokenHint(e.idTokenHint),e.state&&t.addState(e.state),e.logoutHint&&t.addLogoutHint(e.logoutHint),this.addExtraQueryParams(e,t),t.createQueryString()}addExtraQueryParams(e,t){!(e.extraQueryParameters&&e.extraQueryParameters.hasOwnProperty("instance_aware"))&&this.config.authOptions.instanceAware&&(e.extraQueryParameters=e.extraQueryParameters||{},e.extraQueryParameters.instance_aware="true"),e.extraQueryParameters&&t.addExtraQueryParameters(e.extraQueryParameters)}extractAccountSid(e){var t;return((t=e.idTokenClaims)==null?void 0:t.sid)||null}extractLoginHint(e){var t;return((t=e.idTokenClaims)==null?void 0:t.login_hint)||null}}/*! @azure/msal-common v14.16.1 2025-08-05 */const Ja=300;class Bt extends fn{constructor(e,t){super(e,t)}async acquireToken(e){var i,s;(i=this.performanceClient)==null||i.addQueueMeasurement(l.RefreshTokenClientAcquireToken,e.correlationId);const t=ie(),n=await p(this.executeTokenRequest.bind(this),l.RefreshTokenClientExecuteTokenRequest,this.logger,this.performanceClient,e.correlationId)(e,this.authority),o=(s=n.headers)==null?void 0:s[F.X_MS_REQUEST_ID],r=new Te(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.config.serializableCache,this.config.persistencePlugin);return r.validateTokenResponse(n.body),p(r.handleServerTokenResponse.bind(r),l.HandleServerTokenResponse,this.logger,this.performanceClient,e.correlationId)(n.body,this.authority,t,e,void 0,void 0,!0,e.forceCache,o)}async acquireTokenByRefreshToken(e){var n;if(!e)throw R(zo);if((n=this.performanceClient)==null||n.addQueueMeasurement(l.RefreshTokenClientAcquireTokenByRefreshToken,e.correlationId),!e.account)throw m(Zt);if(this.cacheManager.isAppMetadataFOCI(e.account.environment))try{return await p(this.acquireTokenWithCachedRefreshToken.bind(this),l.RefreshTokenClientAcquireTokenWithCachedRefreshToken,this.logger,this.performanceClient,e.correlationId)(e,!0)}catch(o){const r=o instanceof Z&&o.errorCode===ut,i=o instanceof fe&&o.errorCode===Gn.INVALID_GRANT_ERROR&&o.subError===Gn.CLIENT_MISMATCH_ERROR;if(r||i)return p(this.acquireTokenWithCachedRefreshToken.bind(this),l.RefreshTokenClientAcquireTokenWithCachedRefreshToken,this.logger,this.performanceClient,e.correlationId)(e,!1);throw o}return p(this.acquireTokenWithCachedRefreshToken.bind(this),l.RefreshTokenClientAcquireTokenWithCachedRefreshToken,this.logger,this.performanceClient,e.correlationId)(e,!1)}async acquireTokenWithCachedRefreshToken(e,t){var r;(r=this.performanceClient)==null||r.addQueueMeasurement(l.RefreshTokenClientAcquireTokenWithCachedRefreshToken,e.correlationId);const n=Se(this.cacheManager.getRefreshToken.bind(this.cacheManager),l.CacheManagerGetRefreshToken,this.logger,this.performanceClient,e.correlationId)(e.account,t,e.correlationId,void 0,this.performanceClient);if(!n)throw xt(ut);if(n.expiresOn&&Ht(n.expiresOn,e.refreshTokenExpirationOffsetSeconds||Ja))throw xt(Cn);const o={...e,refreshToken:n.secret,authenticationScheme:e.authenticationScheme||k.BEARER,ccsCredential:{credential:e.account.homeAccountId,type:Q.HOME_ACCOUNT_ID}};try{return await p(this.acquireToken.bind(this),l.RefreshTokenClientAcquireToken,this.logger,this.performanceClient,e.correlationId)(o)}catch(i){if(i instanceof Z&&i.subError===At){this.logger.verbose("acquireTokenWithRefreshToken: bad refresh token, removing from cache");const s=be(n);this.cacheManager.removeRefreshToken(s,e.correlationId)}throw i}}async executeTokenRequest(e,t){var c,h;(c=this.performanceClient)==null||c.addQueueMeasurement(l.RefreshTokenClientExecuteTokenRequest,e.correlationId);const n=this.createTokenQueryParameters(e),o=w.appendQueryString(t.tokenEndpoint,n),r=await p(this.createTokenRequestBody.bind(this),l.RefreshTokenClientCreateTokenRequestBody,this.logger,this.performanceClient,e.correlationId)(e),i=this.createTokenRequestHeaders(e.ccsCredential),s={clientId:((h=e.tokenBodyParameters)==null?void 0:h.clientId)||this.config.authOptions.clientId,authority:t.canonicalAuthority,scopes:e.scopes,claims:e.claims,authenticationScheme:e.authenticationScheme,resourceRequestMethod:e.resourceRequestMethod,resourceRequestUri:e.resourceRequestUri,shrClaims:e.shrClaims,sshKid:e.sshKid};return p(this.executePostToTokenEndpoint.bind(this),l.RefreshTokenClientExecutePostToTokenEndpoint,this.logger,this.performanceClient,e.correlationId)(o,r,i,s,e.correlationId,l.RefreshTokenClientExecutePostToTokenEndpoint)}async createTokenRequestBody(e){var o,r,i;(o=this.performanceClient)==null||o.addQueueMeasurement(l.RefreshTokenClientCreateTokenRequestBody,e.correlationId);const t=e.correlationId,n=new $e(t,this.performanceClient);if(n.addClientId(e.embeddedClientId||((r=e.tokenBodyParameters)==null?void 0:r[ye])||this.config.authOptions.clientId),e.redirectUri&&n.addRedirectUri(e.redirectUri),n.addScopes(e.scopes,!0,(i=this.config.authOptions.authority.options.OIDCOptions)==null?void 0:i.defaultScopes),n.addGrantType(To.REFRESH_TOKEN_GRANT),n.addClientInfo(),n.addLibraryInfo(this.config.libraryInfo),n.addApplicationTelemetry(this.config.telemetry.application),n.addThrottling(),this.serverTelemetryManager&&!Dt(this.config)&&n.addServerTelemetry(this.serverTelemetryManager),n.addRefreshToken(e.refreshToken),this.config.clientCredentials.clientSecret&&n.addClientSecret(this.config.clientCredentials.clientSecret),this.config.clientCredentials.clientAssertion){const s=this.config.clientCredentials.clientAssertion;n.addClientAssertion(await lr(s.assertion,this.config.authOptions.clientId,e.resourceRequestUri)),n.addClientAssertionType(s.assertionType)}if(e.authenticationScheme===k.POP){const s=new He(this.cryptoUtils,this.performanceClient);let c;e.popKid?c=this.cryptoUtils.encodeKid(e.popKid):c=(await p(s.generateCnf.bind(s),l.PopTokenGenerateCnf,this.logger,this.performanceClient,e.correlationId)(e,this.logger)).reqCnfString,n.addPopToken(c)}else if(e.authenticationScheme===k.SSH)if(e.sshJwk)n.addSshJwk(e.sshJwk);else throw R(yt);if((!J.isEmptyObj(e.claims)||this.config.authOptions.clientCapabilities&&this.config.authOptions.clientCapabilities.length>0)&&n.addClaims(e.claims,this.config.authOptions.clientCapabilities),this.config.systemOptions.preventCorsPreflight&&e.ccsCredential)switch(e.ccsCredential.type){case Q.HOME_ACCOUNT_ID:try{const s=Oe(e.ccsCredential.credential);n.addCcsOid(s)}catch(s){this.logger.verbose("Could not parse home account ID for CCS Header: "+s)}break;case Q.UPN:n.addCcsUpn(e.ccsCredential.credential);break}return e.embeddedClientId&&n.addBrokerParameters({brokerClientId:this.config.authOptions.clientId,brokerRedirectUri:this.config.authOptions.redirectUri}),e.tokenBodyParameters&&n.addExtraQueryParameters(e.tokenBodyParameters),n.createQueryString()}}/*! @azure/msal-common v14.16.1 2025-08-05 */class Xa extends fn{constructor(e,t){super(e,t)}async acquireToken(e){var t;try{const[n,o]=await this.acquireCachedToken({...e,scopes:(t=e.scopes)!=null&&t.length?e.scopes:[...xe]});return o===ge.PROACTIVELY_REFRESHED&&(this.logger.info("SilentFlowClient:acquireCachedToken - Cached access token's refreshOn property has been exceeded'. It's not expired, but must be refreshed."),new Bt(this.config,this.performanceClient).acquireTokenByRefreshToken(e).catch(()=>{})),n}catch(n){if(n instanceof pt&&n.errorCode===he)return new Bt(this.config,this.performanceClient).acquireTokenByRefreshToken(e);throw n}}async acquireCachedToken(e){var c;(c=this.performanceClient)==null||c.addQueueMeasurement(l.SilentFlowClientAcquireCachedToken,e.correlationId);let t=ge.NOT_APPLICABLE;if(e.forceRefresh||!this.config.cacheOptions.claimsBasedCachingEnabled&&!J.isEmptyObj(e.claims))throw this.setCacheOutcome(ge.FORCE_REFRESH_OR_CLAIMS,e.correlationId),m(he);if(!e.account)throw m(Zt);const n=e.account.tenantId||Fa(e.authority),o=this.cacheManager.getTokenKeys(),r=this.cacheManager.getAccessToken(e.account,e,o,n,this.performanceClient);if(r){if(ki(r.cachedAt)||Ht(r.expiresOn,this.config.systemOptions.tokenRenewalOffsetSeconds))throw this.setCacheOutcome(ge.CACHED_ACCESS_TOKEN_EXPIRED,e.correlationId),m(he);r.refreshOn&&Ht(r.refreshOn,0)&&(t=ge.PROACTIVELY_REFRESHED)}else throw this.setCacheOutcome(ge.NO_CACHED_ACCESS_TOKEN,e.correlationId),m(he);const i=e.authority||this.authority.getPreferredCache(),s={account:this.cacheManager.readAccountFromCache(e.account,e.correlationId),accessToken:r,idToken:this.cacheManager.getIdToken(e.account,e.correlationId,o,n,this.performanceClient),refreshToken:null,appMetadata:this.cacheManager.readAppMetadataFromCache(i)};return this.setCacheOutcome(t,e.correlationId),this.config.serverTelemetryManager&&this.config.serverTelemetryManager.incrementCacheHits(),[await p(this.generateResultFromCacheRecord.bind(this),l.SilentFlowClientGenerateResultFromCacheRecord,this.logger,this.performanceClient,e.correlationId)(s,e),t]}setCacheOutcome(e,t){var n,o;(n=this.serverTelemetryManager)==null||n.setCacheOutcome(e),(o=this.performanceClient)==null||o.addFields({cacheOutcome:e},t),e!==ge.NOT_APPLICABLE&&this.logger.info(`Token refresh is required due to cache outcome: ${e}`)}async generateResultFromCacheRecord(e,t){var o;(o=this.performanceClient)==null||o.addQueueMeasurement(l.SilentFlowClientGenerateResultFromCacheRecord,t.correlationId);let n;if(e.idToken&&(n=Ee(e.idToken.secret,this.config.cryptoInterface.base64Decode)),t.maxAge||t.maxAge===0){const r=n==null?void 0:n.auth_time;if(!r)throw m(Xt);Ko(r,t.maxAge)}return Te.generateAuthenticationResult(this.cryptoUtils,this.authority,e,!0,t,n)}}/*! @azure/msal-common v14.16.1 2025-08-05 */const Za={sendGetRequestAsync:()=>Promise.reject(m(S)),sendPostRequestAsync:()=>Promise.reject(m(S))};/*! @azure/msal-common v14.16.1 2025-08-05 */const ao=",",ur="|";function es(a){const{skus:e,libraryName:t,libraryVersion:n,extensionName:o,extensionVersion:r}=a,i=new Map([[0,[t,n]],[2,[o,r]]]);let s=[];if(e!=null&&e.length){if(s=e.split(ao),s.length<4)return e}else s=Array.from({length:4},()=>ur);return i.forEach((c,h)=>{var d,g;c.length===2&&((d=c[0])!=null&&d.length)&&((g=c[1])!=null&&g.length)&&ts({skuArr:s,index:h,skuName:c[0],skuVersion:c[1]})}),s.join(ao)}function ts(a){const{skuArr:e,index:t,skuName:n,skuVersion:o}=a;t>=e.length||(e[t]=[n,o].join(ur))}class ze{constructor(e,t){this.cacheOutcome=ge.NOT_APPLICABLE,this.cacheManager=t,this.apiId=e.apiId,this.correlationId=e.correlationId,this.wrapperSKU=e.wrapperSKU||u.EMPTY_STRING,this.wrapperVer=e.wrapperVer||u.EMPTY_STRING,this.telemetryCacheKey=K.CACHE_KEY+B.CACHE_KEY_SEPARATOR+e.clientId}generateCurrentRequestHeaderValue(){const e=`${this.apiId}${K.VALUE_SEPARATOR}${this.cacheOutcome}`,t=[this.wrapperSKU,this.wrapperVer],n=this.getNativeBrokerErrorCode();n!=null&&n.length&&t.push(`broker_error=${n}`);const o=t.join(K.VALUE_SEPARATOR),r=this.getRegionDiscoveryFields(),i=[e,r].join(K.VALUE_SEPARATOR);return[K.SCHEMA_VERSION,i,o].join(K.CATEGORY_SEPARATOR)}generateLastRequestHeaderValue(){const e=this.getLastRequests(),t=ze.maxErrorsToSend(e),n=e.failedRequests.slice(0,2*t).join(K.VALUE_SEPARATOR),o=e.errors.slice(0,t).join(K.VALUE_SEPARATOR),r=e.errors.length,i=t<r?K.OVERFLOW_TRUE:K.OVERFLOW_FALSE,s=[r,i].join(K.VALUE_SEPARATOR);return[K.SCHEMA_VERSION,e.cacheHits,n,o,s].join(K.CATEGORY_SEPARATOR)}cacheFailedRequest(e){const t=this.getLastRequests();t.errors.length>=K.MAX_CACHED_ERRORS&&(t.failedRequests.shift(),t.failedRequests.shift(),t.errors.shift()),t.failedRequests.push(this.apiId,this.correlationId),e instanceof Error&&e&&e.toString()?e instanceof O?e.subError?t.errors.push(e.subError):e.errorCode?t.errors.push(e.errorCode):t.errors.push(e.toString()):t.errors.push(e.toString()):t.errors.push(K.UNKNOWN_ERROR),this.cacheManager.setServerTelemetry(this.telemetryCacheKey,t,this.correlationId)}incrementCacheHits(){const e=this.getLastRequests();return e.cacheHits+=1,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,e,this.correlationId),e.cacheHits}getLastRequests(){const e={failedRequests:[],errors:[],cacheHits:0};return this.cacheManager.getServerTelemetry(this.telemetryCacheKey)||e}clearTelemetryCache(){const e=this.getLastRequests(),t=ze.maxErrorsToSend(e),n=e.errors.length;if(t===n)this.cacheManager.removeItem(this.telemetryCacheKey,this.correlationId);else{const o={failedRequests:e.failedRequests.slice(t*2),errors:e.errors.slice(t),cacheHits:0};this.cacheManager.setServerTelemetry(this.telemetryCacheKey,o,this.correlationId)}}static maxErrorsToSend(e){let t,n=0,o=0;const r=e.errors.length;for(t=0;t<r;t++){const i=e.failedRequests[2*t]||u.EMPTY_STRING,s=e.failedRequests[2*t+1]||u.EMPTY_STRING,c=e.errors[t]||u.EMPTY_STRING;if(o+=i.toString().length+s.toString().length+c.length+3,o<K.MAX_LAST_HEADER_BYTES)n+=1;else break}return n}getRegionDiscoveryFields(){const e=[];return e.push(this.regionUsed||u.EMPTY_STRING),e.push(this.regionSource||u.EMPTY_STRING),e.push(this.regionOutcome||u.EMPTY_STRING),e.join(",")}updateRegionDiscoveryMetadata(e){this.regionUsed=e.region_used,this.regionSource=e.region_source,this.regionOutcome=e.region_outcome}setCacheOutcome(e){this.cacheOutcome=e}setNativeBrokerErrorCode(e){const t=this.getLastRequests();t.nativeBrokerErrorCode=e,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,t,this.correlationId)}getNativeBrokerErrorCode(){return this.getLastRequests().nativeBrokerErrorCode}clearNativeBrokerErrorCode(){const e=this.getLastRequests();delete e.nativeBrokerErrorCode,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,e,this.correlationId)}static makeExtraSkuString(e){return es(e)}}/*! @azure/msal-common v14.16.1 2025-08-05 */const gr="missing_kid_error",mr="missing_alg_error";/*! @azure/msal-common v14.16.1 2025-08-05 */const ns={[gr]:"The JOSE Header for the requested JWT, JWS or JWK object requires a keyId to be configured as the 'kid' header claim. No 'kid' value was provided.",[mr]:"The JOSE Header for the requested JWT, JWS or JWK object requires an algorithm to be specified as the 'alg' header claim. No 'alg' value was provided."};class Tn extends O{constructor(e,t){super(e,t),this.name="JoseHeaderError",Object.setPrototypeOf(this,Tn.prototype)}}function so(a){return new Tn(a,ns[a])}/*! @azure/msal-common v14.16.1 2025-08-05 */class In{constructor(e){this.typ=e.typ,this.alg=e.alg,this.kid=e.kid}static getShrHeaderString(e){if(!e.kid)throw so(gr);if(!e.alg)throw so(mr);const t=new In({typ:e.typ||li.Pop,kid:e.kid,alg:e.alg});return JSON.stringify(t)}}/*! @azure/msal-common v14.16.1 2025-08-05 */class co{startMeasurement(){}endMeasurement(){}flushMeasurement(){return null}}class os{generateId(){return"callback-id"}startMeasurement(e,t){return{end:()=>null,discard:()=>{},add:()=>{},increment:()=>{},event:{eventId:this.generateId(),status:Ba.InProgress,authority:"",libraryName:"",libraryVersion:"",clientId:"",name:e,startTimeMs:Date.now(),correlationId:t||""},measurement:new co}}startPerformanceMeasurement(){return new co}calculateQueuedTime(){return 0}addQueueMeasurement(){}setPreQueueTime(){}endMeasurement(){return null}discardMeasurements(){}removePerformanceCallback(){return!0}addPerformanceCallback(){return""}emitEvents(){}addFields(){}incrementFields(){}cacheEventByCorrelationId(){}}/*! @azure/msal-browser v3.30.0 2025-08-05 */const An="pkce_not_created",Ft="crypto_nonexistent",Et="empty_navigate_uri",pr="hash_empty_error",En="no_state_in_hash",fr="hash_does_not_contain_known_properties",Cr="unable_to_parse_state",yr="state_interaction_type_mismatch",Tr="interaction_in_progress",Ir="popup_window_error",Ar="empty_window_error",Ie="user_cancelled",rs="monitor_popup_timeout",Er="monitor_window_timeout",Sr="redirect_in_iframe",vr="block_iframe_reload",wr="block_nested_popups",is="iframe_closed_prematurely",St="silent_logout_unsupported",_r="no_account_error",as="silent_prompt_value_error",kr="no_token_request_cache_error",Rr="unable_to_parse_token_request_cache_error",Sn="no_cached_authority_error",ss="auth_request_not_set_error",cs="invalid_cache_type",vt="non_browser_environment",ke="database_not_open",gt="no_network_connectivity",br="post_request_failed",Or="get_request_failed",Gt="failed_to_parse_response",Nr="unable_to_load_token",vn="crypto_key_not_found",Pr="auth_code_required",Mr="auth_code_or_nativeAccountId_required",Ur="spa_code_and_nativeAccountId_present",wn="database_unavailable",Lr="unable_to_acquire_token_from_native_platform",Hr="native_handshake_timeout",Dr="native_extension_not_installed",Qe="native_connection_not_established",Kr="uninitialized_public_client_application",xr="native_prompt_not_supported",Br="invalid_base64_string",Fr="invalid_pop_token_request",Gr="failed_to_build_headers",qr="failed_to_parse_headers";/*! @azure/msal-browser v3.30.0 2025-08-05 */const se="For more visit: aka.ms/msaljs/browser-errors",hs={[An]:"The PKCE code challenge and verifier could not be generated.",[Ft]:"The crypto object or function is not available.",[Et]:"Navigation URI is empty. Please check stack trace for more info.",[pr]:`Hash value cannot be processed because it is empty. Please verify that your redirectUri is not clearing the hash. ${se}`,[En]:"Hash does not contain state. Please verify that the request originated from msal.",[fr]:`Hash does not contain known properites. Please verify that your redirectUri is not changing the hash. ${se}`,[Cr]:"Unable to parse state. Please verify that the request originated from msal.",[yr]:"Hash contains state but the interaction type does not match the caller.",[Tr]:`Interaction is currently in progress. Please ensure that this interaction has been completed before calling an interactive API. ${se}`,[Ir]:"Error opening popup window. This can happen if you are using IE or if popups are blocked in the browser.",[Ar]:"window.open returned null or undefined window object.",[Ie]:"User cancelled the flow.",[rs]:`Token acquisition in popup failed due to timeout. ${se}`,[Er]:`Token acquisition in iframe failed due to timeout. ${se}`,[Sr]:"Redirects are not supported for iframed or brokered applications. Please ensure you are using MSAL.js in a top frame of the window if using the redirect APIs, or use the popup APIs.",[vr]:`Request was blocked inside an iframe because MSAL detected an authentication response. ${se}`,[wr]:"Request was blocked inside a popup because MSAL detected it was running in a popup.",[is]:"The iframe being monitored was closed prematurely.",[St]:"Silent logout not supported. Please call logoutRedirect or logoutPopup instead.",[_r]:"No account object provided to acquireTokenSilent and no active account has been set. Please call setActiveAccount or provide an account on the request.",[as]:"The value given for the prompt value is not valid for silent requests - must be set to 'none' or 'no_session'.",[kr]:"No token request found in cache.",[Rr]:"The cached token request could not be parsed.",[Sn]:"No cached authority found.",[ss]:"Auth Request not set. Please ensure initiateAuthRequest was called from the InteractionHandler",[cs]:"Invalid cache type",[vt]:"Login and token requests are not supported in non-browser environments.",[ke]:"Database is not open!",[gt]:"No network connectivity. Check your internet connection.",[br]:"Network request failed: If the browser threw a CORS error, check that the redirectUri is registered in the Azure App Portal as type 'SPA'",[Or]:"Network request failed. Please check the network trace to determine root cause.",[Gt]:"Failed to parse network response. Check network trace.",[Nr]:"Error loading token to cache.",[vn]:"Cryptographic Key or Keypair not found in browser storage.",[Pr]:"An authorization code must be provided (as the `code` property on the request) to this flow.",[Mr]:"An authorization code or nativeAccountId must be provided to this flow.",[Ur]:"Request cannot contain both spa code and native account id.",[wn]:"IndexedDB, which is required for persistent cryptographic key storage, is unavailable. This may be caused by browser privacy features which block persistent storage in third-party contexts.",[Lr]:`Unable to acquire token from native platform. ${se}`,[Hr]:"Timed out while attempting to establish connection to browser extension",[Dr]:"Native extension is not installed. If you think this is a mistake call the initialize function.",[Qe]:`Connection to native platform has not been established. Please install a compatible browser extension and run initialize(). ${se}`,[Kr]:`You must call and await the initialize function before attempting to call any other MSAL API. ${se}`,[xr]:"The provided prompt is not supported by the native platform. This request should be routed to the web based flow.",[Br]:"Invalid base64 encoded string.",[Fr]:"Invalid PoP token request. The request should not have both a popKid value and signPopToken set to true.",[Gr]:"Failed to build request headers object.",[qr]:"Failed to parse response headers"};class Ye extends O{constructor(e,t){super(e,hs[e],t),Object.setPrototypeOf(this,Ye.prototype),this.name="BrowserAuthError"}}function C(a,e){return new Ye(a,e)}/*! @azure/msal-browser v3.30.0 2025-08-05 */const V={INVALID_GRANT_ERROR:"invalid_grant",POPUP_WIDTH:483,POPUP_HEIGHT:600,POPUP_NAME_PREFIX:"msal",DEFAULT_POLL_INTERVAL_MS:30,MSAL_SKU:"msal.js.browser"},Ne={CHANNEL_ID:"53ee284d-920a-4b59-9d30-a60315b26836",PREFERRED_EXTENSION_ID:"ppnbnpeolgkicgegkbkbjmhlideopiji",MATS_TELEMETRY:"MATS"},Ce={HandshakeRequest:"Handshake",HandshakeResponse:"HandshakeResponse",GetToken:"GetToken",Response:"Response"},q={LocalStorage:"localStorage",SessionStorage:"sessionStorage",MemoryStorage:"memoryStorage"},ho={GET:"GET",POST:"POST"},_={AUTHORITY:"authority",ACQUIRE_TOKEN_ACCOUNT:"acquireToken.account",SESSION_STATE:"session.state",REQUEST_STATE:"request.state",NONCE_IDTOKEN:"nonce.id_token",ORIGIN_URI:"request.origin",RENEW_STATUS:"token.renew.status",URL_HASH:"urlHash",REQUEST_PARAMS:"request.params",SCOPES:"scopes",INTERACTION_STATUS_KEY:"interaction.status",CCS_CREDENTIAL:"ccs.credential",CORRELATION_ID:"request.correlationId",NATIVE_REQUEST:"request.native",REDIRECT_CONTEXT:"request.redirect.context"},Y={ACCOUNT_KEYS:"msal.account.keys",TOKEN_KEYS:"msal.token.keys",VERSION:"msal.version"},nt={WRAPPER_SKU:"wrapper.sku",WRAPPER_VER:"wrapper.version"},b={acquireTokenRedirect:861,acquireTokenPopup:862,ssoSilent:863,acquireTokenSilent_authCode:864,handleRedirectPromise:865,acquireTokenByCode:866,acquireTokenSilent_silentFlow:61,logout:961,logoutPopup:962};var y;(function(a){a.Redirect="redirect",a.Popup="popup",a.Silent="silent",a.None="none"})(y||(y={}));const lo={scopes:xe},$r="jwk",qt="msal.db",ls=1,ds=`${qt}.keys`,z={Default:0,AccessToken:1,AccessTokenAndRefreshToken:2,RefreshToken:3,RefreshTokenAndNetwork:4,Skip:5},us=[z.Default,z.Skip,z.RefreshTokenAndNetwork],gs="msal.browser.log.level",ms="msal.browser.log.pii";/*! @azure/msal-browser v3.30.0 2025-08-05 */function ot(a){return encodeURIComponent(_n(a).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_"))}function wt(a){return zr(a).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")}function _n(a){return zr(new TextEncoder().encode(a))}function zr(a){const e=Array.from(a,t=>String.fromCodePoint(t)).join("");return btoa(e)}/*! @azure/msal-browser v3.30.0 2025-08-05 */const ps="RSASSA-PKCS1-v1_5",Vr="SHA-256",fs=2048,Cs=new Uint8Array([1,0,1]),uo="0123456789abcdef",go=new Uint32Array(1),ys="crypto_subtle_undefined",kn={name:ps,hash:Vr,modulusLength:fs,publicExponent:Cs};function Ts(a){if(!window)throw C(vt);if(!window.crypto)throw C(Ft);if(!a&&!window.crypto.subtle)throw C(Ft,ys)}async function Qr(a,e,t){e==null||e.addQueueMeasurement(l.Sha256Digest,t);const o=new TextEncoder().encode(a);return window.crypto.subtle.digest(Vr,o)}function Is(a){return window.crypto.getRandomValues(a)}function Ot(){return window.crypto.getRandomValues(go),go[0]}function ae(){const a=Date.now(),e=Ot()*1024+(Ot()&1023),t=new Uint8Array(16),n=Math.trunc(e/2**30),o=e&2**30-1,r=Ot();t[0]=a/2**40,t[1]=a/2**32,t[2]=a/2**24,t[3]=a/2**16,t[4]=a/2**8,t[5]=a,t[6]=112|n>>>8,t[7]=n,t[8]=128|o>>>24,t[9]=o>>>16,t[10]=o>>>8,t[11]=o,t[12]=r>>>24,t[13]=r>>>16,t[14]=r>>>8,t[15]=r;let i="";for(let s=0;s<t.length;s++)i+=uo.charAt(t[s]>>>4),i+=uo.charAt(t[s]&15),(s===3||s===5||s===7||s===9)&&(i+="-");return i}async function As(a,e){return window.crypto.subtle.generateKey(kn,a,e)}async function Nt(a){return window.crypto.subtle.exportKey($r,a)}async function Es(a,e,t){return window.crypto.subtle.importKey($r,a,kn,e,t)}async function Ss(a,e){return window.crypto.subtle.sign(kn,a,e)}async function Yr(a){const e=await Qr(a),t=new Uint8Array(e);return wt(t)}/*! @azure/msal-browser v3.30.0 2025-08-05 */const Rn="storage_not_supported",vs="stubbed_public_client_application_called",Wr="in_mem_redirect_unavailable";/*! @azure/msal-browser v3.30.0 2025-08-05 */const ws={[Rn]:"Given storage configuration option was not supported.",[vs]:"Stub instance of Public Client Application was called. If using msal-react, please ensure context is not used without a provider. For more visit: aka.ms/msaljs/browser-errors",[Wr]:"Redirect cannot be supported. In-memory storage was selected and storeAuthStateInCookie=false, which would cause the library to be unable to handle the incoming hash. If you would like to use the redirect API, please use session/localStorage or set storeAuthStateInCookie=true."};class bn extends O{constructor(e,t){super(e,t),this.name="BrowserConfigurationAuthError",Object.setPrototypeOf(this,bn.prototype)}}function On(a){return new bn(a,ws[a])}/*! @azure/msal-browser v3.30.0 2025-08-05 */function _s(a){a.location.hash="",typeof a.history.replaceState=="function"&&a.history.replaceState(null,"",`${a.location.origin}${a.location.pathname}${a.location.search}`)}function ks(a){const e=a.split("#");e.shift(),window.location.hash=e.length>0?e.join("#"):""}function Nn(){return window.parent!==window}function Rs(){return typeof window<"u"&&!!window.opener&&window.opener!==window&&typeof window.name=="string"&&window.name.indexOf(`${V.POPUP_NAME_PREFIX}.`)===0}function le(){return typeof window<"u"&&window.location?window.location.href.split("?")[0].split("#")[0]:""}function bs(){const e=new w(window.location.href).getUrlComponents();return`${e.Protocol}//${e.HostNameAndPort}/`}function Os(){if(w.hashContainsKnownProperties(window.location.hash)&&Nn())throw C(vr)}function Ns(a){if(Nn()&&!a)throw C(Sr)}function Ps(){if(Rs())throw C(wr)}function jr(){if(typeof window>"u")throw C(vt)}function Jr(a){if(!a)throw C(Kr)}function Pn(a){jr(),Os(),Ps(),Jr(a)}function mo(a,e){if(Pn(a),Ns(e.system.allowRedirectInIframe),e.cache.cacheLocation===q.MemoryStorage&&!e.cache.storeAuthStateInCookie)throw On(Wr)}function Xr(a){const e=document.createElement("link");e.rel="preconnect",e.href=new URL(a).origin,e.crossOrigin="anonymous",document.head.appendChild(e),window.setTimeout(()=>{try{document.head.removeChild(e)}catch{}},1e4)}function Ms(){return ae()}/*! @azure/msal-browser v3.30.0 2025-08-05 */class mt{navigateInternal(e,t){return mt.defaultNavigateWindow(e,t)}navigateExternal(e,t){return mt.defaultNavigateWindow(e,t)}static defaultNavigateWindow(e,t){return t.noHistory?window.location.replace(e):window.location.assign(e),new Promise(n=>{setTimeout(()=>{n(!0)},t.timeout)})}}/*! @azure/msal-browser v3.30.0 2025-08-05 */class Us{async sendGetRequestAsync(e,t){let n,o={},r=0;const i=po(t);try{n=await fetch(e,{method:ho.GET,headers:i})}catch{throw C(window.navigator.onLine?Or:gt)}o=fo(n.headers);try{return r=n.status,{headers:o,body:await n.json(),status:r}}catch{throw oo(C(Gt),r,o)}}async sendPostRequestAsync(e,t){const n=t&&t.body||"",o=po(t);let r,i=0,s={};try{r=await fetch(e,{method:ho.POST,headers:o,body:n})}catch{throw C(window.navigator.onLine?br:gt)}s=fo(r.headers);try{return i=r.status,{headers:s,body:await r.json(),status:i}}catch{throw oo(C(Gt),i,s)}}}function po(a){try{const e=new Headers;if(!(a&&a.headers))return e;const t=a.headers;return Object.entries(t).forEach(([n,o])=>{e.append(n,o)}),e}catch{throw C(Gr)}}function fo(a){try{const e={};return a.forEach((t,n)=>{e[n]=t}),e}catch{throw C(qr)}}/*! @azure/msal-browser v3.30.0 2025-08-05 */const Ls=6e4,$t=1e4,Hs=3e4,Ds=2e3;function Ks({auth:a,cache:e,system:t,telemetry:n},o){const r={clientId:u.EMPTY_STRING,authority:`${u.DEFAULT_AUTHORITY}`,knownAuthorities:[],cloudDiscoveryMetadata:u.EMPTY_STRING,authorityMetadata:u.EMPTY_STRING,redirectUri:typeof window<"u"?le():"",postLogoutRedirectUri:u.EMPTY_STRING,navigateToLoginRequestUrl:!0,clientCapabilities:[],protocolMode:de.AAD,OIDCOptions:{serverResponseType:Ve.FRAGMENT,defaultScopes:[u.OPENID_SCOPE,u.PROFILE_SCOPE,u.OFFLINE_ACCESS_SCOPE]},azureCloudOptions:{azureCloudInstance:on.None,tenant:u.EMPTY_STRING},skipAuthorityMetadataCache:!1,supportsNestedAppAuth:!1,instanceAware:!1},i={cacheLocation:q.SessionStorage,temporaryCacheLocation:q.SessionStorage,storeAuthStateInCookie:!1,secureCookies:!1,cacheMigrationEnabled:!!(e&&e.cacheLocation===q.LocalStorage),claimsBasedCachingEnabled:!1},s={loggerCallback:()=>{},logLevel:N.Info,piiLoggingEnabled:!1},h={...{...ir,loggerOptions:s,networkClient:o?new Us:Za,navigationClient:new mt,loadFrameTimeout:0,windowHashTimeout:(t==null?void 0:t.loadFrameTimeout)||Ls,iframeHashTimeout:(t==null?void 0:t.loadFrameTimeout)||$t,navigateFrameWait:0,redirectNavigationTimeout:Hs,asyncPopups:!1,allowRedirectInIframe:!1,allowNativeBroker:!1,nativeBrokerHandshakeTimeout:(t==null?void 0:t.nativeBrokerHandshakeTimeout)||Ds,pollIntervalMilliseconds:V.DEFAULT_POLL_INTERVAL_MS},...t,loggerOptions:(t==null?void 0:t.loggerOptions)||s},d={application:{appName:u.EMPTY_STRING,appVersion:u.EMPTY_STRING},client:new os};if((a==null?void 0:a.protocolMode)!==de.OIDC&&(a!=null&&a.OIDCOptions)&&new pe(h.loggerOptions).warning(JSON.stringify(R(Jo))),a!=null&&a.protocolMode&&a.protocolMode!==de.AAD&&(h!=null&&h.allowNativeBroker))throw R(Xo);return{auth:{...r,...a,OIDCOptions:{...r.OIDCOptions,...a==null?void 0:a.OIDCOptions}},cache:{...i,...e},system:h,telemetry:{...d,...n}}}/*! @azure/msal-browser v3.30.0 2025-08-05 */const xs="@azure/msal-browser",De="3.30.0";/*! @azure/msal-browser v3.30.0 2025-08-05 */class Mn{static loggerCallback(e,t){switch(e){case N.Error:console.error(t);return;case N.Info:console.info(t);return;case N.Verbose:console.debug(t);return;case N.Warning:console.warn(t);return;default:console.log(t);return}}constructor(e){var c;this.browserEnvironment=typeof window<"u",this.config=Ks(e,this.browserEnvironment);let t;try{t=window[q.SessionStorage]}catch{}const n=t==null?void 0:t.getItem(gs),o=(c=t==null?void 0:t.getItem(ms))==null?void 0:c.toLowerCase(),r=o==="true"?!0:o==="false"?!1:void 0,i={...this.config.system.loggerOptions},s=n&&Object.keys(N).includes(n)?N[n]:void 0;s&&(i.loggerCallback=Mn.loggerCallback,i.logLevel=s),r!==void 0&&(i.piiLoggingEnabled=r),this.logger=new pe(i,xs,De),this.available=!1}getConfig(){return this.config}getLogger(){return this.logger}isAvailable(){return this.available}isBrowserEnvironment(){return this.browserEnvironment}}/*! @azure/msal-browser v3.30.0 2025-08-05 */class Ae extends Mn{getModuleName(){return Ae.MODULE_NAME}getId(){return Ae.ID}async initialize(){return this.available=typeof window<"u",this.available}}Ae.MODULE_NAME="";Ae.ID="StandardOperatingContext";/*! @azure/msal-browser v3.30.0 2025-08-05 */function re(a){return new TextDecoder().decode(Bs(a))}function Bs(a){let e=a.replace(/-/g,"+").replace(/_/g,"/");switch(e.length%4){case 0:break;case 2:e+="==";break;case 3:e+="=";break;default:throw C(Br)}const t=atob(e);return Uint8Array.from(t,n=>n.codePointAt(0)||0)}/*! @azure/msal-browser v3.30.0 2025-08-05 */class Fs{constructor(){this.dbName=qt,this.version=ls,this.tableName=ds,this.dbOpen=!1}async open(){return new Promise((e,t)=>{const n=window.indexedDB.open(this.dbName,this.version);n.addEventListener("upgradeneeded",o=>{o.target.result.createObjectStore(this.tableName)}),n.addEventListener("success",o=>{const r=o;this.db=r.target.result,this.dbOpen=!0,e()}),n.addEventListener("error",()=>t(C(wn)))})}closeConnection(){const e=this.db;e&&this.dbOpen&&(e.close(),this.dbOpen=!1)}async validateDbIsOpen(){if(!this.dbOpen)return this.open()}async getItem(e){return await this.validateDbIsOpen(),new Promise((t,n)=>{if(!this.db)return n(C(ke));const i=this.db.transaction([this.tableName],"readonly").objectStore(this.tableName).get(e);i.addEventListener("success",s=>{const c=s;this.closeConnection(),t(c.target.result)}),i.addEventListener("error",s=>{this.closeConnection(),n(s)})})}async setItem(e,t){return await this.validateDbIsOpen(),new Promise((n,o)=>{if(!this.db)return o(C(ke));const s=this.db.transaction([this.tableName],"readwrite").objectStore(this.tableName).put(t,e);s.addEventListener("success",()=>{this.closeConnection(),n()}),s.addEventListener("error",c=>{this.closeConnection(),o(c)})})}async removeItem(e){return await this.validateDbIsOpen(),new Promise((t,n)=>{if(!this.db)return n(C(ke));const i=this.db.transaction([this.tableName],"readwrite").objectStore(this.tableName).delete(e);i.addEventListener("success",()=>{this.closeConnection(),t()}),i.addEventListener("error",s=>{this.closeConnection(),n(s)})})}async getKeys(){return await this.validateDbIsOpen(),new Promise((e,t)=>{if(!this.db)return t(C(ke));const r=this.db.transaction([this.tableName],"readonly").objectStore(this.tableName).getAllKeys();r.addEventListener("success",i=>{const s=i;this.closeConnection(),e(s.target.result)}),r.addEventListener("error",i=>{this.closeConnection(),t(i)})})}async containsKey(e){return await this.validateDbIsOpen(),new Promise((t,n)=>{if(!this.db)return n(C(ke));const i=this.db.transaction([this.tableName],"readonly").objectStore(this.tableName).count(e);i.addEventListener("success",s=>{const c=s;this.closeConnection(),t(c.target.result===1)}),i.addEventListener("error",s=>{this.closeConnection(),n(s)})})}async deleteDatabase(){return this.db&&this.dbOpen&&this.closeConnection(),new Promise((e,t)=>{const n=window.indexedDB.deleteDatabase(qt),o=setTimeout(()=>t(!1),200);n.addEventListener("success",()=>(clearTimeout(o),e(!0))),n.addEventListener("blocked",()=>(clearTimeout(o),e(!0))),n.addEventListener("error",()=>(clearTimeout(o),t(!1)))})}}/*! @azure/msal-browser v3.30.0 2025-08-05 */class zt{constructor(){this.cache=new Map}getItem(e){return this.cache.get(e)||null}setItem(e,t){this.cache.set(e,t)}removeItem(e){this.cache.delete(e)}getKeys(){const e=[];return this.cache.forEach((t,n)=>{e.push(n)}),e}containsKey(e){return this.cache.has(e)}clear(){this.cache.clear()}}/*! @azure/msal-browser v3.30.0 2025-08-05 */class Gs{constructor(e){this.inMemoryCache=new zt,this.indexedDBCache=new Fs,this.logger=e}handleDatabaseAccessError(e){if(e instanceof Ye&&e.errorCode===wn)this.logger.error("Could not access persistent storage. This may be caused by browser privacy features which block persistent storage in third-party contexts.");else throw e}async getItem(e){const t=this.inMemoryCache.getItem(e);if(!t)try{return this.logger.verbose("Queried item not found in in-memory cache, now querying persistent storage."),await this.indexedDBCache.getItem(e)}catch(n){this.handleDatabaseAccessError(n)}return t}async setItem(e,t){this.inMemoryCache.setItem(e,t);try{await this.indexedDBCache.setItem(e,t)}catch(n){this.handleDatabaseAccessError(n)}}async removeItem(e){this.inMemoryCache.removeItem(e);try{await this.indexedDBCache.removeItem(e)}catch(t){this.handleDatabaseAccessError(t)}}async getKeys(){const e=this.inMemoryCache.getKeys();if(e.length===0)try{return this.logger.verbose("In-memory cache is empty, now querying persistent storage."),await this.indexedDBCache.getKeys()}catch(t){this.handleDatabaseAccessError(t)}return e}async containsKey(e){const t=this.inMemoryCache.containsKey(e);if(!t)try{return this.logger.verbose("Key not found in in-memory cache, now querying persistent storage."),await this.indexedDBCache.containsKey(e)}catch(n){this.handleDatabaseAccessError(n)}return t}clearInMemory(){this.logger.verbose("Deleting in-memory keystore"),this.inMemoryCache.clear(),this.logger.verbose("In-memory keystore deleted")}async clearPersistent(){try{this.logger.verbose("Deleting persistent keystore");const e=await this.indexedDBCache.deleteDatabase();return e&&this.logger.verbose("Persistent keystore deleted"),e}catch(e){return this.handleDatabaseAccessError(e),!1}}}/*! @azure/msal-browser v3.30.0 2025-08-05 */class Ke{constructor(e,t,n){this.logger=e,Ts(n??!1),this.cache=new Gs(this.logger),this.performanceClient=t}createNewGuid(){return ae()}base64Encode(e){return _n(e)}base64Decode(e){return re(e)}base64UrlEncode(e){return ot(e)}encodeKid(e){return this.base64UrlEncode(JSON.stringify({kid:e}))}async getPublicKeyThumbprint(e){var d;const t=(d=this.performanceClient)==null?void 0:d.startMeasurement(l.CryptoOptsGetPublicKeyThumbprint,e.correlationId),n=await As(Ke.EXTRACTABLE,Ke.POP_KEY_USAGES),o=await Nt(n.publicKey),r={e:o.e,kty:o.kty,n:o.n},i=Co(r),s=await this.hashString(i),c=await Nt(n.privateKey),h=await Es(c,!1,["sign"]);return await this.cache.setItem(s,{privateKey:h,publicKey:n.publicKey,requestMethod:e.resourceRequestMethod,requestUri:e.resourceRequestUri}),t&&t.end({success:!0}),s}async removeTokenBindingKey(e){return await this.cache.removeItem(e),!await this.cache.containsKey(e)}async clearKeystore(){this.cache.clearInMemory();try{return await this.cache.clearPersistent(),!0}catch(e){return e instanceof Error?this.logger.error(`Clearing keystore failed with error: ${e.message}`):this.logger.error("Clearing keystore failed with unknown error"),!1}}async signJwt(e,t,n,o){var ue;const r=(ue=this.performanceClient)==null?void 0:ue.startMeasurement(l.CryptoOptsSignJwt,o),i=await this.cache.getItem(t);if(!i)throw C(vn);const s=await Nt(i.publicKey),c=Co(s),h=ot(JSON.stringify({kid:t})),d=In.getShrHeaderString({...n==null?void 0:n.header,alg:s.alg,kid:h}),g=ot(d);e.cnf={jwk:JSON.parse(c)};const f=ot(JSON.stringify(e)),T=`${g}.${f}`,v=new TextEncoder().encode(T),M=await Ss(i.privateKey,v),G=wt(new Uint8Array(M)),L=`${T}.${G}`;return r&&r.end({success:!0}),L}async hashString(e){return Yr(e)}}Ke.POP_KEY_USAGES=["sign","verify"];Ke.EXTRACTABLE=!0;function Co(a){return JSON.stringify(a,Object.keys(a).sort())}/*! @azure/msal-browser v3.30.0 2025-08-05 */class qs{constructor(){if(!window.localStorage)throw On(Rn)}getItem(e){return window.localStorage.getItem(e)}setItem(e,t){window.localStorage.setItem(e,t)}removeItem(e){window.localStorage.removeItem(e)}getKeys(){return Object.keys(window.localStorage)}containsKey(e){return window.localStorage.hasOwnProperty(e)}}/*! @azure/msal-browser v3.30.0 2025-08-05 */class $s{constructor(){if(!window.sessionStorage)throw On(Rn)}getItem(e){return window.sessionStorage.getItem(e)}setItem(e,t){window.sessionStorage.setItem(e,t)}removeItem(e){window.sessionStorage.removeItem(e)}getKeys(){return Object.keys(window.sessionStorage)}containsKey(e){return window.sessionStorage.hasOwnProperty(e)}}/*! @azure/msal-browser v3.30.0 2025-08-05 */function Zr(a,e){if(!e)return null;try{return X.parseRequestState(a,e).libraryState.meta}catch{throw m(Ue)}}/*! @azure/msal-browser v3.30.0 2025-08-05 */const zs=1440*60*1e3;class Vs{getItem(e){const t=`${encodeURIComponent(e)}`,n=document.cookie.split(";");for(let o=0;o<n.length;o++){const r=n[o],[i,...s]=decodeURIComponent(r).trim().split("="),c=s.join("=");if(i===t)return c}return""}setItem(e,t,n,o=!0){let r=`${encodeURIComponent(e)}=${encodeURIComponent(t)};path=/;SameSite=Lax;`;if(n){const i=Qs(n);r+=`expires=${i};`}o&&(r+="Secure;"),document.cookie=r}removeItem(e){this.setItem(e,"",-1)}getKeys(){const e=document.cookie.split(";"),t=[];return e.forEach(n=>{const o=decodeURIComponent(n).trim().split("=");t.push(o[0])}),t}containsKey(e){return this.getKeys().includes(e)}}function Qs(a){const e=new Date;return new Date(e.getTime()+a*zs).toUTCString()}/*! @azure/msal-browser v3.30.0 2025-08-05 */class Vt extends Le{constructor(e,t,n,o,r,i){super(e,n,o,r),this.cacheConfig=t,this.logger=o,this.internalStorage=new zt,this.browserStorage=this.setupBrowserStorage(this.cacheConfig.cacheLocation),this.temporaryCacheStorage=this.setupBrowserStorage(this.cacheConfig.temporaryCacheLocation),this.cookieStorage=new Vs,t.cacheMigrationEnabled&&(this.migrateCacheEntries(),this.createKeyMaps()),this.performanceClient=i}setupBrowserStorage(e){try{switch(e){case q.LocalStorage:return new qs;case q.SessionStorage:return new $s;case q.MemoryStorage:default:break}}catch(t){this.logger.error(t)}return this.cacheConfig.cacheLocation=q.MemoryStorage,new zt}migrateCacheEntries(){const e=this.browserStorage.getItem(Y.VERSION);e&&this.logger.info(`MSAL.js was last initialized with version ${e}`),e!==De&&this.browserStorage.setItem(Y.VERSION,De);const t=`${u.CACHE_PREFIX}.${H.ID_TOKEN}`,n=`${u.CACHE_PREFIX}.${H.CLIENT_INFO}`,o=`${u.CACHE_PREFIX}.${H.ERROR}`,r=`${u.CACHE_PREFIX}.${H.ERROR_DESC}`,i=this.browserStorage.getItem(t),s=this.browserStorage.getItem(n),c=this.browserStorage.getItem(o),h=this.browserStorage.getItem(r),d=[i,s,c,h];[H.ID_TOKEN,H.CLIENT_INFO,H.ERROR,H.ERROR_DESC].forEach((f,T)=>{const E=d[T];E&&this.setTemporaryCache(f,E,!0)})}createKeyMaps(){this.logger.trace("BrowserCacheManager - createKeyMaps called.");const e=this.cryptoImpl.createNewGuid(),t=this.getItem(Y.ACCOUNT_KEYS),n=this.getItem(`${Y.TOKEN_KEYS}.${this.clientId}`);if(t&&n){this.logger.verbose("BrowserCacheManager:createKeyMaps - account and token key maps already exist, skipping migration.");return}this.browserStorage.getKeys().forEach(r=>{if(this.isCredentialKey(r)){const i=this.getItem(r);if(i){const s=this.validateAndParseJson(i);if(s&&s.hasOwnProperty("credentialType"))switch(s.credentialType){case A.ID_TOKEN:if(Qn(s)){this.logger.trace("BrowserCacheManager:createKeyMaps - idToken found, saving key to token key map"),this.logger.tracePii(`BrowserCacheManager:createKeyMaps - idToken with key: ${r} found, saving key to token key map`);const c=s,h=this.updateCredentialCacheKey(r,c,e);this.addTokenKey(h,A.ID_TOKEN,e);return}else this.logger.trace("BrowserCacheManager:createKeyMaps - key found matching idToken schema with value containing idToken credentialType field but value failed IdTokenEntity validation, skipping."),this.logger.tracePii(`BrowserCacheManager:createKeyMaps - failed idToken validation on key: ${r}`);break;case A.ACCESS_TOKEN:case A.ACCESS_TOKEN_WITH_AUTH_SCHEME:if(Vn(s)){this.logger.trace("BrowserCacheManager:createKeyMaps - accessToken found, saving key to token key map"),this.logger.tracePii(`BrowserCacheManager:createKeyMaps - accessToken with key: ${r} found, saving key to token key map`);const c=s,h=this.updateCredentialCacheKey(r,c,e);this.addTokenKey(h,A.ACCESS_TOKEN,e);return}else this.logger.trace("BrowserCacheManager:createKeyMaps - key found matching accessToken schema with value containing accessToken credentialType field but value failed AccessTokenEntity validation, skipping."),this.logger.tracePii(`BrowserCacheManager:createKeyMaps - failed accessToken validation on key: ${r}`);break;case A.REFRESH_TOKEN:if(Yn(s)){this.logger.trace("BrowserCacheManager:createKeyMaps - refreshToken found, saving key to token key map"),this.logger.tracePii(`BrowserCacheManager:createKeyMaps - refreshToken with key: ${r} found, saving key to token key map`);const c=s,h=this.updateCredentialCacheKey(r,c,e);this.addTokenKey(h,A.REFRESH_TOKEN,e);return}else this.logger.trace("BrowserCacheManager:createKeyMaps - key found matching refreshToken schema with value containing refreshToken credentialType field but value failed RefreshTokenEntity validation, skipping."),this.logger.tracePii(`BrowserCacheManager:createKeyMaps - failed refreshToken validation on key: ${r}`);break}}}if(this.isAccountKey(r)){const i=this.getItem(r);if(i){const s=this.validateAndParseJson(i);s&&U.isAccountEntity(s)&&(this.logger.trace("BrowserCacheManager:createKeyMaps - account found, saving key to account key map"),this.logger.tracePii(`BrowserCacheManager:createKeyMaps - account with key: ${r} found, saving key to account key map`),this.addAccountKeyToMap(r,e))}}})}validateAndParseJson(e){try{const t=JSON.parse(e);return t&&typeof t=="object"?t:null}catch{return null}}getItem(e){return this.browserStorage.getItem(e)}setItem(e,t,n){let o=[];for(let i=0;i<=20;i++)try{this.browserStorage.setItem(e,t),i>0&&this.removeAccessTokenKeys(o.slice(0,i),n);break}catch(s){const c=rr(s);if(c.errorCode===gn&&i<20){if(o.length||(e===`${Y.TOKEN_KEYS}.${this.clientId}`?o=JSON.parse(t).accessToken:o=this.getTokenKeys().accessToken),o.length<=i)throw c;this.removeAccessToken(o[i],n,!1)}else throw c}}getAccount(e,t,n){this.logger.trace("BrowserCacheManager.getAccount called");const o=this.getCachedAccountEntity(e,t);return this.updateOutdatedCachedAccount(e,o,t,n)}getCachedAccountEntity(e,t){const n=this.getItem(e);if(!n)return this.removeAccountKeyFromMap(e,t),null;const o=this.validateAndParseJson(n);return!o||!U.isAccountEntity(o)?null:Le.toObject(new U,o)}setAccount(e,t){this.logger.trace("BrowserCacheManager.setAccount called");const n=e.generateAccountKey();e.lastUpdatedAt=Date.now().toString(),this.setItem(n,JSON.stringify(e),t),this.addAccountKeyToMap(n,t)}getAccountKeys(){this.logger.trace("BrowserCacheManager.getAccountKeys called");const e=this.getItem(Y.ACCOUNT_KEYS);return e?JSON.parse(e):(this.logger.verbose("BrowserCacheManager.getAccountKeys - No account keys found"),[])}addAccountKeyToMap(e,t){this.logger.trace("BrowserCacheManager.addAccountKeyToMap called"),this.logger.tracePii(`BrowserCacheManager.addAccountKeyToMap called with key: ${e}`);const n=this.getAccountKeys();n.indexOf(e)===-1?(n.push(e),this.setItem(Y.ACCOUNT_KEYS,JSON.stringify(n),t),this.logger.verbose("BrowserCacheManager.addAccountKeyToMap account key added")):this.logger.verbose("BrowserCacheManager.addAccountKeyToMap account key already exists in map")}removeAccountKeyFromMap(e,t){this.logger.trace("BrowserCacheManager.removeAccountKeyFromMap called"),this.logger.tracePii(`BrowserCacheManager.removeAccountKeyFromMap called with key: ${e}`);const n=this.getAccountKeys(),o=n.indexOf(e);if(o>-1){if(n.splice(o,1),n.length===0){this.removeItem(Y.ACCOUNT_KEYS);return}else this.setItem(Y.ACCOUNT_KEYS,JSON.stringify(n),t);this.logger.trace("BrowserCacheManager.removeAccountKeyFromMap account key removed")}else this.logger.trace("BrowserCacheManager.removeAccountKeyFromMap key not found in existing map")}async removeAccount(e,t){super.removeAccount(e,t),this.removeAccountKeyFromMap(e,t)}removeOutdatedAccount(e,t){this.removeItem(e),this.removeAccountKeyFromMap(e,t)}removeIdToken(e,t){super.removeIdToken(e,t),this.removeTokenKey(e,A.ID_TOKEN,t)}removeAccessToken(e,t,n=!0){var o;super.removeAccessToken(e,t),(o=this.performanceClient)==null||o.incrementFields({accessTokensRemoved:1},t),n&&this.removeTokenKey(e,A.ACCESS_TOKEN,t)}removeAccessTokenKeys(e,t){this.logger.trace("removeAccessTokenKey called");const n=this.getTokenKeys();let o=0;if(e.forEach(r=>{const i=n.accessToken.indexOf(r);i>-1&&(n.accessToken.splice(i,1),o++)}),o>0){this.logger.info(`removed ${o} accessToken keys from tokenKeys map`),this.setTokenKeys(n,t);return}}removeRefreshToken(e,t){super.removeRefreshToken(e,t),this.removeTokenKey(e,A.REFRESH_TOKEN,t)}getTokenKeys(){this.logger.trace("BrowserCacheManager.getTokenKeys called");const e=this.getItem(`${Y.TOKEN_KEYS}.${this.clientId}`);if(e){const t=this.validateAndParseJson(e);if(t&&t.hasOwnProperty("idToken")&&t.hasOwnProperty("accessToken")&&t.hasOwnProperty("refreshToken"))return t;this.logger.error("BrowserCacheManager.getTokenKeys - Token keys found but in an unknown format. Returning empty key map.")}else this.logger.verbose("BrowserCacheManager.getTokenKeys - No token keys found");return{idToken:[],accessToken:[],refreshToken:[]}}setTokenKeys(e,t){if(e.idToken.length===0&&e.accessToken.length===0&&e.refreshToken.length===0){this.removeItem(`${Y.TOKEN_KEYS}.${this.clientId}`);return}else this.setItem(`${Y.TOKEN_KEYS}.${this.clientId}`,JSON.stringify(e),t)}addTokenKey(e,t,n){this.logger.trace("BrowserCacheManager addTokenKey called");const o=this.getTokenKeys();switch(t){case A.ID_TOKEN:o.idToken.indexOf(e)===-1&&(this.logger.info("BrowserCacheManager: addTokenKey - idToken added to map"),o.idToken.push(e));break;case A.ACCESS_TOKEN:const r=o.accessToken.indexOf(e);r!==-1&&o.accessToken.splice(r,1),this.logger.trace(`access token ${r===-1?"added to":"updated in"} map`),o.accessToken.push(e);break;case A.REFRESH_TOKEN:o.refreshToken.indexOf(e)===-1&&(this.logger.info("BrowserCacheManager: addTokenKey - refreshToken added to map"),o.refreshToken.push(e));break;default:throw this.logger.error(`BrowserCacheManager:addTokenKey - CredentialType provided invalid. CredentialType: ${t}`),m(Lt)}this.setTokenKeys(o,n)}removeTokenKey(e,t,n,o=this.getTokenKeys()){switch(this.logger.trace("BrowserCacheManager removeTokenKey called"),t){case A.ID_TOKEN:this.logger.infoPii(`BrowserCacheManager: removeTokenKey - attempting to remove idToken with key: ${e} from map`);const r=o.idToken.indexOf(e);r>-1?(this.logger.info("BrowserCacheManager: removeTokenKey - idToken removed from map"),o.idToken.splice(r,1)):this.logger.info("BrowserCacheManager: removeTokenKey - idToken does not exist in map. Either it was previously removed or it was never added.");break;case A.ACCESS_TOKEN:this.logger.infoPii(`BrowserCacheManager: removeTokenKey - attempting to remove accessToken with key: ${e} from map`);const i=o.accessToken.indexOf(e);i>-1?(this.logger.info("BrowserCacheManager: removeTokenKey - accessToken removed from map"),o.accessToken.splice(i,1)):this.logger.info("BrowserCacheManager: removeTokenKey - accessToken does not exist in map. Either it was previously removed or it was never added.");break;case A.REFRESH_TOKEN:this.logger.infoPii(`BrowserCacheManager: removeTokenKey - attempting to remove refreshToken with key: ${e} from map`);const s=o.refreshToken.indexOf(e);s>-1?(this.logger.info("BrowserCacheManager: removeTokenKey - refreshToken removed from map"),o.refreshToken.splice(s,1)):this.logger.info("BrowserCacheManager: removeTokenKey - refreshToken does not exist in map. Either it was previously removed or it was never added.");break;default:throw this.logger.error(`BrowserCacheManager:removeTokenKey - CredentialType provided invalid. CredentialType: ${t}`),m(Lt)}this.setTokenKeys(o,n)}getIdTokenCredential(e,t){const n=this.getItem(e);if(!n)return this.logger.trace("BrowserCacheManager.getIdTokenCredential: called, no cache hit"),this.removeIdToken(e,t),null;const o=this.validateAndParseJson(n);return!o||!Qn(o)?(this.logger.trace("BrowserCacheManager.getIdTokenCredential: called, no cache hit"),null):(this.logger.trace("BrowserCacheManager.getIdTokenCredential: cache hit"),o)}setIdTokenCredential(e,t){this.logger.trace("BrowserCacheManager.setIdTokenCredential called");const n=be(e);e.lastUpdatedAt=Date.now().toString(),this.setItem(n,JSON.stringify(e),t),this.addTokenKey(n,A.ID_TOKEN,t)}getAccessTokenCredential(e,t){const n=this.getItem(e);if(!n)return this.logger.trace("BrowserCacheManager.getAccessTokenCredential: called, no cache hit"),this.removeTokenKey(e,A.ACCESS_TOKEN,t),null;const o=this.validateAndParseJson(n);return!o||!Vn(o)?(this.logger.trace("BrowserCacheManager.getAccessTokenCredential: called, no cache hit"),null):(this.logger.trace("BrowserCacheManager.getAccessTokenCredential: cache hit"),o)}setAccessTokenCredential(e,t){this.logger.trace("BrowserCacheManager.setAccessTokenCredential called");const n=be(e);e.lastUpdatedAt=Date.now().toString(),this.setItem(n,JSON.stringify(e),t),this.addTokenKey(n,A.ACCESS_TOKEN,t)}getRefreshTokenCredential(e,t){const n=this.getItem(e);if(!n)return this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: called, no cache hit"),this.removeTokenKey(e,A.REFRESH_TOKEN,t),null;const o=this.validateAndParseJson(n);return!o||!Yn(o)?(this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: called, no cache hit"),null):(this.logger.trace("BrowserCacheManager.getRefreshTokenCredential: cache hit"),o)}setRefreshTokenCredential(e,t){this.logger.trace("BrowserCacheManager.setRefreshTokenCredential called");const n=be(e);e.lastUpdatedAt=Date.now().toString(),this.setItem(n,JSON.stringify(e),t),this.addTokenKey(n,A.REFRESH_TOKEN,t)}getAppMetadata(e){const t=this.getItem(e);if(!t)return this.logger.trace("BrowserCacheManager.getAppMetadata: called, no cache hit"),null;const n=this.validateAndParseJson(t);return!n||!Hi(e,n)?(this.logger.trace("BrowserCacheManager.getAppMetadata: called, no cache hit"),null):(this.logger.trace("BrowserCacheManager.getAppMetadata: cache hit"),n)}setAppMetadata(e,t){this.logger.trace("BrowserCacheManager.setAppMetadata called");const n=Li(e);this.setItem(n,JSON.stringify(e),t)}getServerTelemetry(e){const t=this.getItem(e);if(!t)return this.logger.trace("BrowserCacheManager.getServerTelemetry: called, no cache hit"),null;const n=this.validateAndParseJson(t);return!n||!Mi(e,n)?(this.logger.trace("BrowserCacheManager.getServerTelemetry: called, no cache hit"),null):(this.logger.trace("BrowserCacheManager.getServerTelemetry: cache hit"),n)}setServerTelemetry(e,t,n){this.logger.trace("BrowserCacheManager.setServerTelemetry called"),this.setItem(e,JSON.stringify(t),n)}getAuthorityMetadata(e){const t=this.internalStorage.getItem(e);if(!t)return this.logger.trace("BrowserCacheManager.getAuthorityMetadata: called, no cache hit"),null;const n=this.validateAndParseJson(t);return n&&Di(e,n)?(this.logger.trace("BrowserCacheManager.getAuthorityMetadata: cache hit"),n):null}getAuthorityMetadataKeys(){return this.internalStorage.getKeys().filter(t=>this.isAuthorityMetadata(t))}setWrapperMetadata(e,t){this.internalStorage.setItem(nt.WRAPPER_SKU,e),this.internalStorage.setItem(nt.WRAPPER_VER,t)}getWrapperMetadata(){const e=this.internalStorage.getItem(nt.WRAPPER_SKU)||u.EMPTY_STRING,t=this.internalStorage.getItem(nt.WRAPPER_VER)||u.EMPTY_STRING;return[e,t]}setAuthorityMetadata(e,t){this.logger.trace("BrowserCacheManager.setAuthorityMetadata called"),this.internalStorage.setItem(e,JSON.stringify(t))}getActiveAccount(e){const t=this.generateCacheKey(H.ACTIVE_ACCOUNT_FILTERS),n=this.getItem(t);if(!n){this.logger.trace("BrowserCacheManager.getActiveAccount: No active account filters cache schema found, looking for legacy schema");const r=this.generateCacheKey(H.ACTIVE_ACCOUNT),i=this.getItem(r);if(!i)return this.logger.trace("BrowserCacheManager.getActiveAccount: No active account found"),null;const s=this.getAccountInfoFilteredBy({localAccountId:i},e);return s?(this.logger.trace("BrowserCacheManager.getActiveAccount: Legacy active account cache schema found"),this.logger.trace("BrowserCacheManager.getActiveAccount: Adding active account filters cache schema"),this.setActiveAccount(s,e),s):null}const o=this.validateAndParseJson(n);return o?(this.logger.trace("BrowserCacheManager.getActiveAccount: Active account filters schema found"),this.getAccountInfoFilteredBy({homeAccountId:o.homeAccountId,localAccountId:o.localAccountId,tenantId:o.tenantId},e)):(this.logger.trace("BrowserCacheManager.getActiveAccount: No active account found"),null)}setActiveAccount(e,t){const n=this.generateCacheKey(H.ACTIVE_ACCOUNT_FILTERS),o=this.generateCacheKey(H.ACTIVE_ACCOUNT);if(e){this.logger.verbose("setActiveAccount: Active account set");const r={homeAccountId:e.homeAccountId,localAccountId:e.localAccountId,tenantId:e.tenantId,lastUpdatedAt:Date.now().toString()};this.setItem(n,JSON.stringify(r),t),this.setItem(o,e.localAccountId,t)}else this.logger.verbose("setActiveAccount: No account passed, active account not set"),this.browserStorage.removeItem(n),this.browserStorage.removeItem(o)}getThrottlingCache(e){const t=this.getItem(e);if(!t)return this.logger.trace("BrowserCacheManager.getThrottlingCache: called, no cache hit"),null;const n=this.validateAndParseJson(t);return!n||!Ui(e,n)?(this.logger.trace("BrowserCacheManager.getThrottlingCache: called, no cache hit"),null):(this.logger.trace("BrowserCacheManager.getThrottlingCache: cache hit"),n)}setThrottlingCache(e,t,n){this.logger.trace("BrowserCacheManager.setThrottlingCache called"),this.setItem(e,JSON.stringify(t),n)}getTemporaryCache(e,t){const n=t?this.generateCacheKey(e):e;if(this.cacheConfig.storeAuthStateInCookie){const r=this.cookieStorage.getItem(n);if(r)return this.logger.trace("BrowserCacheManager.getTemporaryCache: storeAuthStateInCookies set to true, retrieving from cookies"),r}const o=this.temporaryCacheStorage.getItem(n);if(!o){if(this.cacheConfig.cacheLocation===q.LocalStorage){const r=this.browserStorage.getItem(n);if(r)return this.logger.trace("BrowserCacheManager.getTemporaryCache: Temporary cache item found in local storage"),r}return this.logger.trace("BrowserCacheManager.getTemporaryCache: No cache item found in local storage"),null}return this.logger.trace("BrowserCacheManager.getTemporaryCache: Temporary cache item returned"),o}setTemporaryCache(e,t,n){const o=n?this.generateCacheKey(e):e;this.temporaryCacheStorage.setItem(o,t),this.cacheConfig.storeAuthStateInCookie&&(this.logger.trace("BrowserCacheManager.setTemporaryCache: storeAuthStateInCookie set to true, setting item cookie"),this.cookieStorage.setItem(o,t,void 0,this.cacheConfig.secureCookies))}removeItem(e){this.browserStorage.removeItem(e)}removeTemporaryItem(e){this.temporaryCacheStorage.removeItem(e),this.cacheConfig.storeAuthStateInCookie&&(this.logger.trace("BrowserCacheManager.removeItem: storeAuthStateInCookie is true, clearing item cookie"),this.cookieStorage.removeItem(e))}getKeys(){return this.browserStorage.getKeys()}async clear(e){await this.removeAllAccounts(e),this.removeAppMetadata(e),this.temporaryCacheStorage.getKeys().forEach(t=>{(t.indexOf(u.CACHE_PREFIX)!==-1||t.indexOf(this.clientId)!==-1)&&this.removeTemporaryItem(t)}),this.browserStorage.getKeys().forEach(t=>{(t.indexOf(u.CACHE_PREFIX)!==-1||t.indexOf(this.clientId)!==-1)&&this.browserStorage.removeItem(t)}),this.internalStorage.clear()}async clearTokensAndKeysWithClaims(e,t){e.addQueueMeasurement(l.ClearTokensAndKeysWithClaims,t);const n=this.getTokenKeys();let o=0;n.accessToken.forEach(r=>{const i=this.getAccessTokenCredential(r,t);i!=null&&i.requestedClaimsHash&&r.includes(i.requestedClaimsHash.toLowerCase())&&(this.removeAccessToken(r,t),o++)}),o>0&&this.logger.warning(`${o} access tokens with claims in the cache keys have been removed from the cache.`)}generateCacheKey(e){return this.validateAndParseJson(e)?JSON.stringify(e):J.startsWith(e,u.CACHE_PREFIX)||J.startsWith(e,H.ADAL_ID_TOKEN)?e:`${u.CACHE_PREFIX}.${this.clientId}.${e}`}generateAuthorityKey(e){const{libraryState:{id:t}}=X.parseRequestState(this.cryptoImpl,e);return this.generateCacheKey(`${_.AUTHORITY}.${t}`)}generateNonceKey(e){const{libraryState:{id:t}}=X.parseRequestState(this.cryptoImpl,e);return this.generateCacheKey(`${_.NONCE_IDTOKEN}.${t}`)}generateStateKey(e){const{libraryState:{id:t}}=X.parseRequestState(this.cryptoImpl,e);return this.generateCacheKey(`${_.REQUEST_STATE}.${t}`)}getCachedAuthority(e){const t=this.generateStateKey(e),n=this.getTemporaryCache(t);if(!n)return null;const o=this.generateAuthorityKey(n);return this.getTemporaryCache(o)}updateCacheEntries(e,t,n,o,r){this.logger.trace("BrowserCacheManager.updateCacheEntries called");const i=this.generateStateKey(e);this.setTemporaryCache(i,e,!1);const s=this.generateNonceKey(e);this.setTemporaryCache(s,t,!1);const c=this.generateAuthorityKey(e);if(this.setTemporaryCache(c,n,!1),r){const h={credential:r.homeAccountId,type:Q.HOME_ACCOUNT_ID};this.setTemporaryCache(_.CCS_CREDENTIAL,JSON.stringify(h),!0)}else if(o){const h={credential:o,type:Q.UPN};this.setTemporaryCache(_.CCS_CREDENTIAL,JSON.stringify(h),!0)}}resetRequestCache(e){this.logger.trace("BrowserCacheManager.resetRequestCache called"),e&&(this.temporaryCacheStorage.getKeys().forEach(t=>{t.indexOf(e)!==-1&&this.removeTemporaryItem(t)}),this.removeTemporaryItem(this.generateStateKey(e)),this.removeTemporaryItem(this.generateNonceKey(e)),this.removeTemporaryItem(this.generateAuthorityKey(e))),this.removeTemporaryItem(this.generateCacheKey(_.REQUEST_PARAMS)),this.removeTemporaryItem(this.generateCacheKey(_.ORIGIN_URI)),this.removeTemporaryItem(this.generateCacheKey(_.URL_HASH)),this.removeTemporaryItem(this.generateCacheKey(_.CORRELATION_ID)),this.removeTemporaryItem(this.generateCacheKey(_.CCS_CREDENTIAL)),this.removeTemporaryItem(this.generateCacheKey(_.NATIVE_REQUEST)),this.setInteractionInProgress(!1)}cleanRequestByState(e){if(this.logger.trace("BrowserCacheManager.cleanRequestByState called"),e){const t=this.generateStateKey(e),n=this.temporaryCacheStorage.getItem(t);this.logger.infoPii(`BrowserCacheManager.cleanRequestByState: Removing temporary cache items for state: ${n}`),this.resetRequestCache(n||u.EMPTY_STRING)}}cleanRequestByInteractionType(e){this.logger.trace("BrowserCacheManager.cleanRequestByInteractionType called"),this.temporaryCacheStorage.getKeys().forEach(t=>{if(t.indexOf(_.REQUEST_STATE)===-1)return;const n=this.temporaryCacheStorage.getItem(t);if(!n)return;const o=Zr(this.cryptoImpl,n);o&&o.interactionType===e&&(this.logger.infoPii(`BrowserCacheManager.cleanRequestByInteractionType: Removing temporary cache items for state: ${n}`),this.resetRequestCache(n))}),this.setInteractionInProgress(!1)}cacheCodeRequest(e){this.logger.trace("BrowserCacheManager.cacheCodeRequest called");const t=_n(JSON.stringify(e));this.setTemporaryCache(_.REQUEST_PARAMS,t,!0)}getCachedRequest(e){this.logger.trace("BrowserCacheManager.getCachedRequest called");const t=this.getTemporaryCache(_.REQUEST_PARAMS,!0);if(!t)throw C(kr);let n;try{n=JSON.parse(re(t))}catch(o){throw this.logger.errorPii(`Attempted to parse: ${t}`),this.logger.error(`Parsing cached token request threw with error: ${o}`),C(Rr)}if(this.removeTemporaryItem(this.generateCacheKey(_.REQUEST_PARAMS)),!n.authority){const o=this.generateAuthorityKey(e),r=this.getTemporaryCache(o);if(!r)throw C(Sn);n.authority=r}return n}getCachedNativeRequest(){this.logger.trace("BrowserCacheManager.getCachedNativeRequest called");const e=this.getTemporaryCache(_.NATIVE_REQUEST,!0);if(!e)return this.logger.trace("BrowserCacheManager.getCachedNativeRequest: No cached native request found"),null;const t=this.validateAndParseJson(e);return t||(this.logger.error("BrowserCacheManager.getCachedNativeRequest: Unable to parse native request"),null)}isInteractionInProgress(e){const t=this.getInteractionInProgress();return e?t===this.clientId:!!t}getInteractionInProgress(){const e=`${u.CACHE_PREFIX}.${_.INTERACTION_STATUS_KEY}`;return this.getTemporaryCache(e,!1)}setInteractionInProgress(e){const t=`${u.CACHE_PREFIX}.${_.INTERACTION_STATUS_KEY}`;if(e){if(this.getInteractionInProgress())throw C(Tr);this.setTemporaryCache(t,this.clientId,!1)}else!e&&this.getInteractionInProgress()===this.clientId&&this.removeTemporaryItem(t)}getLegacyLoginHint(){const e=this.getTemporaryCache(H.ADAL_ID_TOKEN);e&&(this.browserStorage.removeItem(H.ADAL_ID_TOKEN),this.logger.verbose("Cached ADAL id token retrieved."));const t=this.getTemporaryCache(H.ID_TOKEN,!0);t&&(this.browserStorage.removeItem(this.generateCacheKey(H.ID_TOKEN)),this.logger.verbose("Cached MSAL.js v1 id token retrieved"));const n=t||e;if(n){const o=Ee(n,re);if(o.preferred_username)return this.logger.verbose("No SSO params used and ADAL/MSAL v1 token retrieved, setting ADAL/MSAL v1 preferred_username as loginHint"),o.preferred_username;if(o.upn)return this.logger.verbose("No SSO params used and ADAL/MSAL v1 token retrieved, setting ADAL/MSAL v1 upn as loginHint"),o.upn;this.logger.verbose("No SSO params used and ADAL/MSAL v1 token retrieved, however, no account hint claim found. Enable preferred_username or upn id token claim to get SSO.")}return null}updateCredentialCacheKey(e,t,n){const o=be(t);if(e!==o){const r=this.getItem(e);if(r)return this.browserStorage.removeItem(e),this.setItem(o,r,n),this.logger.verbose(`Updated an outdated ${t.credentialType} cache key`),o;this.logger.error(`Attempted to update an outdated ${t.credentialType} cache key but no item matching the outdated key was found in storage`)}return e}async hydrateCache(e,t){var s,c,h;const n=ft((s=e.account)==null?void 0:s.homeAccountId,(c=e.account)==null?void 0:c.environment,e.idToken,this.clientId,e.tenantId);let o;t.claims&&(o=await this.cryptoImpl.hashString(t.claims));const r=Ct((h=e.account)==null?void 0:h.homeAccountId,e.account.environment,e.accessToken,this.clientId,e.tenantId,e.scopes.join(" "),e.expiresOn?e.expiresOn.getTime()/1e3:0,e.extExpiresOn?e.extExpiresOn.getTime()/1e3:0,re,void 0,e.tokenType,void 0,t.sshKid,t.claims,o),i={idToken:n,accessToken:r};return this.saveCacheRecord(i,e.correlationId)}async saveCacheRecord(e,t,n){try{await super.saveCacheRecord(e,t,n)}catch(o){if(o instanceof Pe&&this.performanceClient&&t)try{const r=this.getTokenKeys();this.performanceClient.addFields({cacheRtCount:r.refreshToken.length,cacheIdCount:r.idToken.length,cacheAtCount:r.accessToken.length},t)}catch{}throw o}}}const Ys=(a,e)=>{const t={cacheLocation:q.MemoryStorage,temporaryCacheLocation:q.MemoryStorage,storeAuthStateInCookie:!1,secureCookies:!1,cacheMigrationEnabled:!1,claimsBasedCachingEnabled:!1};return new Vt(a,t,st,e)};/*! @azure/msal-browser v3.30.0 2025-08-05 */function Ws(a,e,t,n,o){return a.verbose("getAllAccounts called"),t?e.getAllAccounts(n,o):[]}function js(a,e,t,n){if(e.trace("getAccount called"),Object.keys(a).length===0)return e.warning("getAccount: No accountFilter provided"),null;const o=t.getAccountInfoFilteredBy(a,n);return o?(e.verbose("getAccount: Account matching provided filter found, returning"),o):(e.verbose("getAccount: No matching account found, returning null"),null)}function Js(a,e,t,n){if(e.trace("getAccountByUsername called"),!a)return e.warning("getAccountByUsername: No username provided"),null;const o=t.getAccountInfoFilteredBy({username:a},n);return o?(e.verbose("getAccountByUsername: Account matching username found, returning"),e.verbosePii(`getAccountByUsername: Returning signed-in accounts matching username: ${a}`),o):(e.verbose("getAccountByUsername: No matching account found, returning null"),null)}function Xs(a,e,t,n){if(e.trace("getAccountByHomeId called"),!a)return e.warning("getAccountByHomeId: No homeAccountId provided"),null;const o=t.getAccountInfoFilteredBy({homeAccountId:a},n);return o?(e.verbose("getAccountByHomeId: Account matching homeAccountId found, returning"),e.verbosePii(`getAccountByHomeId: Returning signed-in accounts matching homeAccountId: ${a}`),o):(e.verbose("getAccountByHomeId: No matching account found, returning null"),null)}function Zs(a,e,t,n){if(e.trace("getAccountByLocalId called"),!a)return e.warning("getAccountByLocalId: No localAccountId provided"),null;const o=t.getAccountInfoFilteredBy({localAccountId:a},n);return o?(e.verbose("getAccountByLocalId: Account matching localAccountId found, returning"),e.verbosePii(`getAccountByLocalId: Returning signed-in accounts matching localAccountId: ${a}`),o):(e.verbose("getAccountByLocalId: No matching account found, returning null"),null)}function ec(a,e,t){e.setActiveAccount(a,t)}function tc(a,e){return a.getActiveAccount(e)}/*! @azure/msal-browser v3.30.0 2025-08-05 */const I={INITIALIZE_START:"msal:initializeStart",INITIALIZE_END:"msal:initializeEnd",ACCOUNT_ADDED:"msal:accountAdded",ACCOUNT_REMOVED:"msal:accountRemoved",ACTIVE_ACCOUNT_CHANGED:"msal:activeAccountChanged",LOGIN_START:"msal:loginStart",LOGIN_SUCCESS:"msal:loginSuccess",LOGIN_FAILURE:"msal:loginFailure",ACQUIRE_TOKEN_START:"msal:acquireTokenStart",ACQUIRE_TOKEN_SUCCESS:"msal:acquireTokenSuccess",ACQUIRE_TOKEN_FAILURE:"msal:acquireTokenFailure",ACQUIRE_TOKEN_NETWORK_START:"msal:acquireTokenFromNetworkStart",SSO_SILENT_START:"msal:ssoSilentStart",SSO_SILENT_SUCCESS:"msal:ssoSilentSuccess",SSO_SILENT_FAILURE:"msal:ssoSilentFailure",ACQUIRE_TOKEN_BY_CODE_START:"msal:acquireTokenByCodeStart",ACQUIRE_TOKEN_BY_CODE_SUCCESS:"msal:acquireTokenByCodeSuccess",ACQUIRE_TOKEN_BY_CODE_FAILURE:"msal:acquireTokenByCodeFailure",HANDLE_REDIRECT_START:"msal:handleRedirectStart",HANDLE_REDIRECT_END:"msal:handleRedirectEnd",POPUP_OPENED:"msal:popupOpened",LOGOUT_START:"msal:logoutStart",LOGOUT_SUCCESS:"msal:logoutSuccess",LOGOUT_FAILURE:"msal:logoutFailure",LOGOUT_END:"msal:logoutEnd",RESTORE_FROM_BFCACHE:"msal:restoreFromBFCache"};/*! @azure/msal-browser v3.30.0 2025-08-05 */class nc{constructor(e){this.eventCallbacks=new Map,this.logger=e||new pe({})}addEventCallback(e,t,n){if(typeof window<"u"){const o=n||Ms();return this.eventCallbacks.has(o)?(this.logger.error(`Event callback with id: ${o} is already registered. Please provide a unique id or remove the existing callback and try again.`),null):(this.eventCallbacks.set(o,[e,t||[]]),this.logger.verbose(`Event callback registered with id: ${o}`),o)}return null}removeEventCallback(e){this.eventCallbacks.delete(e),this.logger.verbose(`Event callback ${e} removed.`)}emitEvent(e,t,n,o){if(typeof window<"u"){const r={eventType:e,interactionType:t||null,payload:n||null,error:o||null,timestamp:Date.now()};this.eventCallbacks.forEach(([i,s],c)=>{(s.length===0||s.includes(e))&&(this.logger.verbose(`Emitting event to callback ${c}: ${e}`),i.apply(null,[r]))})}}}/*! @azure/msal-browser v3.30.0 2025-08-05 */class ei{constructor(e,t,n,o,r,i,s,c,h){this.config=e,this.browserStorage=t,this.browserCrypto=n,this.networkClient=this.config.system.networkClient,this.eventHandler=r,this.navigationClient=i,this.nativeMessageHandler=c,this.correlationId=h||ae(),this.logger=o.clone(V.MSAL_SKU,De,this.correlationId),this.performanceClient=s}async clearCacheOnLogout(e){if(e){U.accountInfoIsEqual(e,this.browserStorage.getActiveAccount(this.correlationId),!1)&&(this.logger.verbose("Setting active account to null"),this.browserStorage.setActiveAccount(null,this.correlationId));try{await this.browserStorage.removeAccount(U.generateAccountCacheKey(e),this.correlationId),this.logger.verbose("Cleared cache items belonging to the account provided in the logout request.")}catch{this.logger.error("Account provided in logout request was not found. Local cache unchanged.")}}else try{this.logger.verbose("No account provided in logout request, clearing all cache items.",this.correlationId),await this.browserStorage.clear(this.correlationId),await this.browserCrypto.clearKeystore()}catch{this.logger.error("Attempted to clear all MSAL cache items and failed. Local cache unchanged.")}}getRedirectUri(e){this.logger.verbose("getRedirectUri called");const t=e||this.config.auth.redirectUri;return w.getAbsoluteUrl(t,le())}initializeServerTelemetryManager(e,t){this.logger.verbose("initializeServerTelemetryManager called");const n={clientId:this.config.auth.clientId,correlationId:this.correlationId,apiId:e,forceRefresh:t||!1,wrapperSKU:this.browserStorage.getWrapperMetadata()[0],wrapperVer:this.browserStorage.getWrapperMetadata()[1]};return new ze(n,this.browserStorage)}async getDiscoveredAuthority(e){const{account:t}=e,n=e.requestExtraQueryParameters&&e.requestExtraQueryParameters.hasOwnProperty("instance_aware")?e.requestExtraQueryParameters.instance_aware:void 0;this.performanceClient.addQueueMeasurement(l.StandardInteractionClientGetDiscoveredAuthority,this.correlationId);const o={protocolMode:this.config.auth.protocolMode,OIDCOptions:this.config.auth.OIDCOptions,knownAuthorities:this.config.auth.knownAuthorities,cloudDiscoveryMetadata:this.config.auth.cloudDiscoveryMetadata,authorityMetadata:this.config.auth.authorityMetadata,skipAuthorityMetadataCache:this.config.auth.skipAuthorityMetadataCache},r=e.requestAuthority||this.config.auth.authority,i=n!=null&&n.length?n==="true":this.config.auth.instanceAware,s=t&&i?this.config.auth.authority.replace(w.getDomainFromUrl(r),t.environment):r,c=x.generateAuthority(s,e.requestAzureCloudOptions||this.config.auth.azureCloudOptions),h=await p(cr,l.AuthorityFactoryCreateDiscoveredInstance,this.logger,this.performanceClient,this.correlationId)(c,this.config.system.networkClient,this.browserStorage,o,this.logger,this.correlationId,this.performanceClient);if(t&&!h.isAlias(t.environment))throw R(Zo);return h}}/*! @azure/msal-browser v3.30.0 2025-08-05 */const oc=32;async function rc(a,e,t){a.addQueueMeasurement(l.GeneratePkceCodes,t);const n=Se(ic,l.GenerateCodeVerifier,e,a,t)(a,e,t),o=await p(ac,l.GenerateCodeChallengeFromVerifier,e,a,t)(n,a,e,t);return{verifier:n,challenge:o}}function ic(a,e,t){try{const n=new Uint8Array(oc);return Se(Is,l.GetRandomValues,e,a,t)(n),wt(n)}catch{throw C(An)}}async function ac(a,e,t,n){e.addQueueMeasurement(l.GenerateCodeChallengeFromVerifier,n);try{const o=await p(Qr,l.Sha256Digest,t,e,n)(a,e,n);return wt(new Uint8Array(o))}catch{throw C(An)}}/*! @azure/msal-browser v3.30.0 2025-08-05 */async function Un(a,e,t,n){t.addQueueMeasurement(l.InitializeBaseRequest,a.correlationId);const o=a.authority||e.auth.authority,r=[...a&&a.scopes||[]],i={...a,correlationId:a.correlationId,authority:o,scopes:r};if(!i.authenticationScheme)i.authenticationScheme=k.BEARER,n.verbose(`Authentication Scheme wasn't explicitly set in request, defaulting to "Bearer" request`);else{if(i.authenticationScheme===k.SSH){if(!a.sshJwk)throw R(yt);if(!a.sshKid)throw R(jo)}n.verbose(`Authentication Scheme set to "${i.authenticationScheme}" as configured in Auth request`)}return e.cache.claimsBasedCachingEnabled&&a.claims&&!J.isEmptyObj(a.claims)&&(i.requestedClaimsHash=await Yr(a.claims)),i}async function sc(a,e,t,n,o){n.addQueueMeasurement(l.InitializeSilentRequest,a.correlationId);const r=await p(Un,l.InitializeBaseRequest,o,n,a.correlationId)(a,t,n,o);return{...a,...r,account:e,forceRefresh:a.forceRefresh||!1}}/*! @azure/msal-browser v3.30.0 2025-08-05 */class Be extends ei{async initializeAuthorizationCodeRequest(e){this.performanceClient.addQueueMeasurement(l.StandardInteractionClientInitializeAuthorizationCodeRequest,this.correlationId);const t=await p(rc,l.GeneratePkceCodes,this.logger,this.performanceClient,this.correlationId)(this.performanceClient,this.logger,this.correlationId),n={...e,redirectUri:e.redirectUri,code:u.EMPTY_STRING,codeVerifier:t.verifier};return e.codeChallenge=t.challenge,e.codeChallengeMethod=u.S256_CODE_CHALLENGE_METHOD,n}initializeLogoutRequest(e){this.logger.verbose("initializeLogoutRequest called",e==null?void 0:e.correlationId);const t={correlationId:this.correlationId||ae(),...e};if(e)if(e.logoutHint)this.logger.verbose("logoutHint has already been set in logoutRequest");else if(e.account){const n=this.getLogoutHintFromIdTokenClaims(e.account);n&&(this.logger.verbose("Setting logoutHint to login_hint ID Token Claim value for the account provided"),t.logoutHint=n)}else this.logger.verbose("logoutHint was not set and account was not passed into logout request, logoutHint will not be set");else this.logger.verbose("logoutHint will not be set since no logout request was configured");return!e||e.postLogoutRedirectUri!==null?e&&e.postLogoutRedirectUri?(this.logger.verbose("Setting postLogoutRedirectUri to uri set on logout request",t.correlationId),t.postLogoutRedirectUri=w.getAbsoluteUrl(e.postLogoutRedirectUri,le())):this.config.auth.postLogoutRedirectUri===null?this.logger.verbose("postLogoutRedirectUri configured as null and no uri set on request, not passing post logout redirect",t.correlationId):this.config.auth.postLogoutRedirectUri?(this.logger.verbose("Setting postLogoutRedirectUri to configured uri",t.correlationId),t.postLogoutRedirectUri=w.getAbsoluteUrl(this.config.auth.postLogoutRedirectUri,le())):(this.logger.verbose("Setting postLogoutRedirectUri to current page",t.correlationId),t.postLogoutRedirectUri=w.getAbsoluteUrl(le(),le())):this.logger.verbose("postLogoutRedirectUri passed as null, not setting post logout redirect uri",t.correlationId),t}getLogoutHintFromIdTokenClaims(e){const t=e.idTokenClaims;if(t){if(t.login_hint)return t.login_hint;this.logger.verbose("The ID Token Claims tied to the provided account do not contain a login_hint claim, logoutHint will not be added to logout request")}else this.logger.verbose("The provided account does not contain ID Token Claims, logoutHint will not be added to logout request");return null}async createAuthCodeClient(e){this.performanceClient.addQueueMeasurement(l.StandardInteractionClientCreateAuthCodeClient,this.correlationId);const t=await p(this.getClientConfiguration.bind(this),l.StandardInteractionClientGetClientConfiguration,this.logger,this.performanceClient,this.correlationId)(e);return new dr(t,this.performanceClient)}async getClientConfiguration(e){const{serverTelemetryManager:t,requestAuthority:n,requestAzureCloudOptions:o,requestExtraQueryParameters:r,account:i}=e;this.performanceClient.addQueueMeasurement(l.StandardInteractionClientGetClientConfiguration,this.correlationId);const s=await p(this.getDiscoveredAuthority.bind(this),l.StandardInteractionClientGetDiscoveredAuthority,this.logger,this.performanceClient,this.correlationId)({requestAuthority:n,requestAzureCloudOptions:o,requestExtraQueryParameters:r,account:i}),c=this.config.system.loggerOptions;return{authOptions:{clientId:this.config.auth.clientId,authority:s,clientCapabilities:this.config.auth.clientCapabilities,redirectUri:this.config.auth.redirectUri},systemOptions:{tokenRenewalOffsetSeconds:this.config.system.tokenRenewalOffsetSeconds,preventCorsPreflight:!0},loggerOptions:{loggerCallback:c.loggerCallback,piiLoggingEnabled:c.piiLoggingEnabled,logLevel:c.logLevel,correlationId:this.correlationId},cacheOptions:{claimsBasedCachingEnabled:this.config.cache.claimsBasedCachingEnabled},cryptoInterface:this.browserCrypto,networkInterface:this.networkClient,storageInterface:this.browserStorage,serverTelemetryManager:t,libraryInfo:{sku:V.MSAL_SKU,version:De,cpu:u.EMPTY_STRING,os:u.EMPTY_STRING},telemetry:this.config.telemetry}}async initializeAuthorizationRequest(e,t){this.performanceClient.addQueueMeasurement(l.StandardInteractionClientInitializeAuthorizationRequest,this.correlationId);const n=this.getRedirectUri(e.redirectUri),o={interactionType:t},r=X.setRequestState(this.browserCrypto,e&&e.state||u.EMPTY_STRING,o),s={...await p(Un,l.InitializeBaseRequest,this.logger,this.performanceClient,this.correlationId)({...e,correlationId:this.correlationId},this.config,this.performanceClient,this.logger),redirectUri:n,state:r,nonce:e.nonce||ae(),responseMode:this.config.auth.OIDCOptions.serverResponseType};if(e.loginHint||e.sid)return s;const c=e.account||this.browserStorage.getActiveAccount(this.correlationId);if(c&&(this.logger.verbose("Setting validated request account",this.correlationId),this.logger.verbosePii(`Setting validated request account: ${c.homeAccountId}`,this.correlationId),s.account=c),!s.loginHint&&!c){const h=this.browserStorage.getLegacyLoginHint();h&&(s.loginHint=h)}return s}}/*! @azure/msal-browser v3.30.0 2025-08-05 */const cc="ContentError",ti="user_switch";/*! @azure/msal-browser v3.30.0 2025-08-05 */const hc="USER_INTERACTION_REQUIRED",lc="USER_CANCEL",dc="NO_NETWORK",uc="PERSISTENT_ERROR",gc="DISABLED",mc="ACCOUNT_UNAVAILABLE";/*! @azure/msal-browser v3.30.0 2025-08-05 */const pc=-2147186943,fc={[ti]:"User attempted to switch accounts in the native broker, which is not allowed. All new accounts must sign-in through the standard web flow first, please try again."};class ne extends O{constructor(e,t,n){super(e,t),Object.setPrototypeOf(this,ne.prototype),this.name="NativeAuthError",this.ext=n}}function Re(a){if(a.ext&&a.ext.status&&(a.ext.status===uc||a.ext.status===gc)||a.ext&&a.ext.error&&a.ext.error===pc)return!0;switch(a.errorCode){case cc:return!0;default:return!1}}function Qt(a,e,t){if(t&&t.status)switch(t.status){case mc:return xt(hr);case hc:return new Z(a,e);case lc:return C(Ie);case dc:return C(gt)}return new ne(a,fc[a]||e,t)}/*! @azure/msal-browser v3.30.0 2025-08-05 */class ni extends Be{async acquireToken(e){this.performanceClient.addQueueMeasurement(l.SilentCacheClientAcquireToken,e.correlationId);const t=this.initializeServerTelemetryManager(b.acquireTokenSilent_silentFlow),n=await p(this.getClientConfiguration.bind(this),l.StandardInteractionClientGetClientConfiguration,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:t,requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,account:e.account}),o=new Xa(n,this.performanceClient);this.logger.verbose("Silent auth client created");try{const i=(await p(o.acquireCachedToken.bind(o),l.SilentFlowClientAcquireCachedToken,this.logger,this.performanceClient,e.correlationId)(e))[0];return this.performanceClient.addFields({fromCache:!0},e.correlationId),i}catch(r){throw r instanceof Ye&&r.errorCode===vn&&this.logger.verbose("Signing keypair for bound access token not found. Refreshing bound access token and generating a new crypto keypair."),r}}logout(e){this.logger.verbose("logoutRedirect called");const t=this.initializeLogoutRequest(e);return this.clearCacheOnLogout(t==null?void 0:t.account)}}/*! @azure/msal-browser v3.30.0 2025-08-05 */class Me extends ei{constructor(e,t,n,o,r,i,s,c,h,d,g,f){var E;super(e,t,n,o,r,i,c,h,f),this.apiId=s,this.accountId=d,this.nativeMessageHandler=h,this.nativeStorageManager=g,this.silentCacheClient=new ni(e,this.nativeStorageManager,n,o,r,i,c,h,f),this.serverTelemetryManager=this.initializeServerTelemetryManager(this.apiId);const T=this.nativeMessageHandler.getExtensionId()===Ne.PREFERRED_EXTENSION_ID?"chrome":(E=this.nativeMessageHandler.getExtensionId())!=null&&E.length?"unknown":void 0;this.skus=ze.makeExtraSkuString({libraryName:V.MSAL_SKU,libraryVersion:De,extensionName:T,extensionVersion:this.nativeMessageHandler.getExtensionVersion()})}addRequestSKUs(e){e.extraParameters={...e.extraParameters,[La]:this.skus}}async acquireToken(e){this.performanceClient.addQueueMeasurement(l.NativeInteractionClientAcquireToken,e.correlationId),this.logger.trace("NativeInteractionClient - acquireToken called.");const t=this.performanceClient.startMeasurement(l.NativeInteractionClientAcquireToken,e.correlationId),n=ie();try{const o=await this.initializeNativeRequest(e);try{const h=await this.acquireTokensFromCache(this.accountId,o);return t.end({success:!0,isNativeBroker:!1,fromCache:!0}),h}catch{this.logger.info("MSAL internal Cache does not contain tokens, proceed to make a native call")}const{...r}=o,i={method:Ce.GetToken,request:r},s=await this.nativeMessageHandler.sendMessage(i),c=this.validateNativeResponse(s);return await this.handleNativeResponse(c,o,n).then(h=>(t.end({success:!0,isNativeBroker:!0,requestId:h.requestId}),this.serverTelemetryManager.clearNativeBrokerErrorCode(),h)).catch(h=>{throw t.end({success:!1,errorCode:h.errorCode,subErrorCode:h.subError,isNativeBroker:!0}),h})}catch(o){throw o instanceof ne&&this.serverTelemetryManager.setNativeBrokerErrorCode(o.errorCode),o}}createSilentCacheRequest(e,t){return{authority:e.authority,correlationId:this.correlationId,scopes:P.fromString(e.scope).asArray(),account:t,forceRefresh:!1}}async acquireTokensFromCache(e,t){if(!e)throw this.logger.warning("NativeInteractionClient:acquireTokensFromCache - No nativeAccountId provided"),m(Mt);const n=this.browserStorage.getBaseAccountInfo({nativeAccountId:e},t.correlationId);if(!n)throw m(Mt);try{const o=this.createSilentCacheRequest(t,n),r=await this.silentCacheClient.acquireToken(o),i={...n,idTokenClaims:r==null?void 0:r.idTokenClaims,idToken:r==null?void 0:r.idToken};return{...r,account:i}}catch(o){throw o}}async acquireTokenRedirect(e,t){this.logger.trace("NativeInteractionClient - acquireTokenRedirect called.");const{...n}=e;delete n.onRedirectNavigate;const o=await this.initializeNativeRequest(n),r={method:Ce.GetToken,request:o};try{const c=await this.nativeMessageHandler.sendMessage(r);this.validateNativeResponse(c)}catch(c){if(c instanceof ne&&(this.serverTelemetryManager.setNativeBrokerErrorCode(c.errorCode),Re(c)))throw c}this.browserStorage.setTemporaryCache(_.NATIVE_REQUEST,JSON.stringify(o),!0);const i={apiId:b.acquireTokenRedirect,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},s=this.config.auth.navigateToLoginRequestUrl?window.location.href:this.getRedirectUri(e.redirectUri);t.end({success:!0}),await this.navigationClient.navigateExternal(s,i)}async handleRedirectPromise(e,t){if(this.logger.trace("NativeInteractionClient - handleRedirectPromise called."),!this.browserStorage.isInteractionInProgress(!0))return this.logger.info("handleRedirectPromise called but there is no interaction in progress, returning null."),null;const n=this.browserStorage.getCachedNativeRequest();if(!n)return this.logger.verbose("NativeInteractionClient - handleRedirectPromise called but there is no cached request, returning null."),e&&t&&(e==null||e.addFields({errorCode:"no_cached_request"},t)),null;const{prompt:o,...r}=n;o&&this.logger.verbose("NativeInteractionClient - handleRedirectPromise called and prompt was included in the original request, removing prompt from cached request to prevent second interaction with native broker window."),this.browserStorage.removeItem(this.browserStorage.generateCacheKey(_.NATIVE_REQUEST));const i={method:Ce.GetToken,request:r},s=ie();try{this.logger.verbose("NativeInteractionClient - handleRedirectPromise sending message to native broker.");const c=await this.nativeMessageHandler.sendMessage(i);this.validateNativeResponse(c);const h=this.handleNativeResponse(c,r,s);this.browserStorage.setInteractionInProgress(!1);const d=await h;return this.serverTelemetryManager.clearNativeBrokerErrorCode(),d}catch(c){throw this.browserStorage.setInteractionInProgress(!1),c}}logout(){return this.logger.trace("NativeInteractionClient - logout called."),Promise.reject("Logout not implemented yet")}async handleNativeResponse(e,t,n){var d;this.logger.trace("NativeInteractionClient - handleNativeResponse called.");const o=Ee(e.id_token,re),r=this.createHomeAccountIdentifier(e,o),i=(d=this.browserStorage.getAccountInfoFilteredBy({nativeAccountId:t.accountId},this.correlationId))==null?void 0:d.homeAccountId;if(r!==i&&e.account.id!==t.accountId)throw Qt(ti);const s=await this.getDiscoveredAuthority({requestAuthority:t.authority}),c=yn(this.browserStorage,s,r,re,this.correlationId,o,e.client_info,void 0,o.tid,void 0,e.account.id,this.logger),h=await this.generateAuthenticationResult(e,t,o,c,s.canonicalAuthority,n);return this.cacheAccount(c),this.cacheNativeTokens(e,t,r,o,e.access_token,h.tenantId,n),h}createHomeAccountIdentifier(e,t){return U.generateHomeAccountId(e.client_info||u.EMPTY_STRING,j.Default,this.logger,this.browserCrypto,t)}generateScopes(e,t){return e.scope?P.fromString(e.scope):P.fromString(t.scope)}async generatePopAccessToken(e,t){if(t.tokenType===k.POP&&t.signPopToken){if(e.shr)return this.logger.trace("handleNativeServerResponse: SHR is enabled in native layer"),e.shr;const n=new He(this.browserCrypto),o={resourceRequestMethod:t.resourceRequestMethod,resourceRequestUri:t.resourceRequestUri,shrClaims:t.shrClaims,shrNonce:t.shrNonce};if(!t.keyId)throw m(tn);return n.signPopToken(e.access_token,t.keyId,o)}else return e.access_token}async generateAuthenticationResult(e,t,n,o,r,i){const s=this.addTelemetryFromNativeResponse(e),c=e.scope?P.fromString(e.scope):P.fromString(t.scope),h=e.account.properties||{},d=h.UID||n.oid||n.sub||u.EMPTY_STRING,g=h.TenantId||n.tid||u.EMPTY_STRING,f=dn(o.getAccountInfo(),void 0,n,e.id_token);f.nativeAccountId!==e.account.id&&(f.nativeAccountId=e.account.id);const T=await this.generatePopAccessToken(e,t),E=t.tokenType===k.POP?k.POP:k.BEARER;return{authority:r,uniqueId:d,tenantId:g,scopes:c.asArray(),account:f,idToken:e.id_token,idTokenClaims:n,accessToken:T,fromCache:s?this.isResponseFromCache(s):!1,expiresOn:new Date(Number(i+e.expires_in)*1e3),tokenType:E,correlationId:this.correlationId,state:e.state,fromNativeBroker:!0}}cacheAccount(e){this.browserStorage.setAccount(e,this.correlationId),this.browserStorage.removeAccountContext(e,this.correlationId).catch(t=>{this.logger.error(`Error occurred while removing account context from browser storage. ${t}`)})}cacheNativeTokens(e,t,n,o,r,i,s){const c=ft(n,t.authority,e.id_token||"",t.clientId,o.tid||""),h=t.tokenType===k.POP?u.SHR_NONCE_VALIDITY:(typeof e.expires_in=="string"?parseInt(e.expires_in,10):e.expires_in)||0,d=s+h,g=this.generateScopes(e,t),f=Ct(n,t.authority,r,t.clientId,o.tid||i,g.printScopes(),d,0,re,void 0,t.tokenType,void 0,t.keyId),T={idToken:c,accessToken:f};this.nativeStorageManager.saveCacheRecord(T,t.correlationId,t.storeInCache)}addTelemetryFromNativeResponse(e){const t=this.getMATSFromResponse(e);return t?(this.performanceClient.addFields({extensionId:this.nativeMessageHandler.getExtensionId(),extensionVersion:this.nativeMessageHandler.getExtensionVersion(),matsBrokerVersion:t.broker_version,matsAccountJoinOnStart:t.account_join_on_start,matsAccountJoinOnEnd:t.account_join_on_end,matsDeviceJoin:t.device_join,matsPromptBehavior:t.prompt_behavior,matsApiErrorCode:t.api_error_code,matsUiVisible:t.ui_visible,matsSilentCode:t.silent_code,matsSilentBiSubCode:t.silent_bi_sub_code,matsSilentMessage:t.silent_message,matsSilentStatus:t.silent_status,matsHttpStatus:t.http_status,matsHttpEventCount:t.http_event_count},this.correlationId),t):null}validateNativeResponse(e){if(e.hasOwnProperty("access_token")&&e.hasOwnProperty("id_token")&&e.hasOwnProperty("client_info")&&e.hasOwnProperty("account")&&e.hasOwnProperty("scope")&&e.hasOwnProperty("expires_in"))return e;throw Io(Wt,"Response missing expected properties.")}getMATSFromResponse(e){if(e.properties.MATS)try{return JSON.parse(e.properties.MATS)}catch{this.logger.error("NativeInteractionClient - Error parsing MATS telemetry, returning null instead")}return null}isResponseFromCache(e){return typeof e.is_cached>"u"?(this.logger.verbose("NativeInteractionClient - MATS telemetry does not contain field indicating if response was served from cache. Returning false."),!1):!!e.is_cached}async initializeNativeRequest(e){this.logger.trace("NativeInteractionClient - initializeNativeRequest called");const t=e.authority||this.config.auth.authority;e.account&&await this.getDiscoveredAuthority({requestAuthority:t,requestAzureCloudOptions:e.azureCloudOptions,account:e.account});const n=new w(t);n.validateAsUri();const{scopes:o,...r}=e,i=new P(o||[]);i.appendScopes(xe);const s=()=>{switch(this.apiId){case b.ssoSilent:case b.acquireTokenSilent_silentFlow:return this.logger.trace("initializeNativeRequest: silent request sets prompt to none"),D.NONE}if(!e.prompt){this.logger.trace("initializeNativeRequest: prompt was not provided");return}switch(e.prompt){case D.NONE:case D.CONSENT:case D.LOGIN:return this.logger.trace("initializeNativeRequest: prompt is compatible with native flow"),e.prompt;default:throw this.logger.trace(`initializeNativeRequest: prompt = ${e.prompt} is not compatible with native flow`),C(xr)}},c={...r,accountId:this.accountId,clientId:this.config.auth.clientId,authority:n.urlString,scope:i.printScopes(),redirectUri:this.getRedirectUri(e.redirectUri),prompt:s(),correlationId:this.correlationId,tokenType:e.authenticationScheme,windowTitleSubstring:document.title,extraParameters:{...e.extraQueryParameters,...e.tokenQueryParameters},extendedExpiryToken:!1,keyId:e.popKid};if(c.signPopToken&&e.popKid)throw C(Fr);if(this.handleExtraBrokerParams(c),c.extraParameters=c.extraParameters||{},c.extraParameters.telemetry=Ne.MATS_TELEMETRY,e.authenticationScheme===k.POP){const h={resourceRequestUri:e.resourceRequestUri,resourceRequestMethod:e.resourceRequestMethod,shrClaims:e.shrClaims,shrNonce:e.shrNonce},d=new He(this.browserCrypto);let g;if(c.keyId)g=this.browserCrypto.base64UrlEncode(JSON.stringify({kid:c.keyId})),c.signPopToken=!1;else{const f=await p(d.generateCnf.bind(d),l.PopTokenGenerateCnf,this.logger,this.performanceClient,e.correlationId)(h,this.logger);g=f.reqCnfString,c.keyId=f.kid,c.signPopToken=!0}c.reqCnf=g}return this.addRequestSKUs(c),c}handleExtraBrokerParams(e){var r;const t=e.extraParameters&&e.extraParameters.hasOwnProperty(pn)&&e.extraParameters.hasOwnProperty(Kt)&&e.extraParameters.hasOwnProperty(ye);if(!e.embeddedClientId&&!t)return;let n="";const o=e.redirectUri;e.embeddedClientId?(e.redirectUri=this.config.auth.redirectUri,n=e.embeddedClientId):e.extraParameters&&(e.redirectUri=e.extraParameters[Kt],n=e.extraParameters[ye]),e.extraParameters={child_client_id:n,child_redirect_uri:o},(r=this.performanceClient)==null||r.addFields({embeddedClientId:n,embeddedRedirectUri:o},e.correlationId)}}/*! @azure/msal-browser v3.30.0 2025-08-05 */class oe{constructor(e,t,n,o){this.logger=e,this.handshakeTimeoutMs=t,this.extensionId=o,this.resolvers=new Map,this.handshakeResolvers=new Map,this.messageChannel=new MessageChannel,this.windowListener=this.onWindowMessage.bind(this),this.performanceClient=n,this.handshakeEvent=n.startMeasurement(l.NativeMessageHandlerHandshake)}async sendMessage(e){this.logger.trace("NativeMessageHandler - sendMessage called.");const t={channel:Ne.CHANNEL_ID,extensionId:this.extensionId,responseId:ae(),body:e};return this.logger.trace("NativeMessageHandler - Sending request to browser extension"),this.logger.tracePii(`NativeMessageHandler - Sending request to browser extension: ${JSON.stringify(t)}`),this.messageChannel.port1.postMessage(t),new Promise((n,o)=>{this.resolvers.set(t.responseId,{resolve:n,reject:o})})}static async createProvider(e,t,n){e.trace("NativeMessageHandler - createProvider called.");try{const o=new oe(e,t,n,Ne.PREFERRED_EXTENSION_ID);return await o.sendHandshakeRequest(),o}catch{const r=new oe(e,t,n);return await r.sendHandshakeRequest(),r}}async sendHandshakeRequest(){this.logger.trace("NativeMessageHandler - sendHandshakeRequest called."),window.addEventListener("message",this.windowListener,!1);const e={channel:Ne.CHANNEL_ID,extensionId:this.extensionId,responseId:ae(),body:{method:Ce.HandshakeRequest}};return this.handshakeEvent.add({extensionId:this.extensionId,extensionHandshakeTimeoutMs:this.handshakeTimeoutMs}),this.messageChannel.port1.onmessage=t=>{this.onChannelMessage(t)},window.postMessage(e,window.origin,[this.messageChannel.port2]),new Promise((t,n)=>{this.handshakeResolvers.set(e.responseId,{resolve:t,reject:n}),this.timeoutId=window.setTimeout(()=>{window.removeEventListener("message",this.windowListener,!1),this.messageChannel.port1.close(),this.messageChannel.port2.close(),this.handshakeEvent.end({extensionHandshakeTimedOut:!0,success:!1}),n(C(Hr)),this.handshakeResolvers.delete(e.responseId)},this.handshakeTimeoutMs)})}onWindowMessage(e){if(this.logger.trace("NativeMessageHandler - onWindowMessage called"),e.source!==window)return;const t=e.data;if(!(!t.channel||t.channel!==Ne.CHANNEL_ID)&&!(t.extensionId&&t.extensionId!==this.extensionId)&&t.body.method===Ce.HandshakeRequest){const n=this.handshakeResolvers.get(t.responseId);if(!n){this.logger.trace(`NativeMessageHandler.onWindowMessage - resolver can't be found for request ${t.responseId}`);return}this.logger.verbose(t.extensionId?`Extension with id: ${t.extensionId} not installed`:"No extension installed"),clearTimeout(this.timeoutId),this.messageChannel.port1.close(),this.messageChannel.port2.close(),window.removeEventListener("message",this.windowListener,!1),this.handshakeEvent.end({success:!1,extensionInstalled:!1}),n.reject(C(Dr))}}onChannelMessage(e){this.logger.trace("NativeMessageHandler - onChannelMessage called.");const t=e.data,n=this.resolvers.get(t.responseId),o=this.handshakeResolvers.get(t.responseId);try{const r=t.body.method;if(r===Ce.Response){if(!n)return;const i=t.body.response;if(this.logger.trace("NativeMessageHandler - Received response from browser extension"),this.logger.tracePii(`NativeMessageHandler - Received response from browser extension: ${JSON.stringify(i)}`),i.status!=="Success")n.reject(Qt(i.code,i.description,i.ext));else if(i.result)i.result.code&&i.result.description?n.reject(Qt(i.result.code,i.result.description,i.result.ext)):n.resolve(i.result);else throw Io(Wt,"Event does not contain result.");this.resolvers.delete(t.responseId)}else if(r===Ce.HandshakeResponse){if(!o){this.logger.trace(`NativeMessageHandler.onChannelMessage - resolver can't be found for request ${t.responseId}`);return}clearTimeout(this.timeoutId),window.removeEventListener("message",this.windowListener,!1),this.extensionId=t.extensionId,this.extensionVersion=t.body.version,this.logger.verbose(`NativeMessageHandler - Received HandshakeResponse from extension: ${this.extensionId}`),this.handshakeEvent.end({extensionInstalled:!0,success:!0}),o.resolve(),this.handshakeResolvers.delete(t.responseId)}}catch(r){this.logger.error("Error parsing response from WAM Extension"),this.logger.errorPii(`Error parsing response from WAM Extension: ${r}`),this.logger.errorPii(`Unable to parse ${e}`),n?n.reject(r):o&&o.reject(r)}}getExtensionId(){return this.extensionId}getExtensionVersion(){return this.extensionVersion}static isNativeAvailable(e,t,n,o){if(t.trace("isNativeAvailable called"),!e.system.allowNativeBroker)return t.trace("isNativeAvailable: allowNativeBroker is not enabled, returning false"),!1;if(!n)return t.trace("isNativeAvailable: WAM extension provider is not initialized, returning false"),!1;if(o)switch(o){case k.BEARER:case k.POP:return t.trace("isNativeAvailable: authenticationScheme is supported, returning true"),!0;default:return t.trace("isNativeAvailable: authenticationScheme is not supported, returning false"),!1}return!0}}/*! @azure/msal-browser v3.30.0 2025-08-05 */class Ln{constructor(e,t,n,o,r){this.authModule=e,this.browserStorage=t,this.authCodeRequest=n,this.logger=o,this.performanceClient=r}async handleCodeResponse(e,t){this.performanceClient.addQueueMeasurement(l.HandleCodeResponse,t.correlationId);let n;try{n=this.authModule.handleFragmentResponse(e,t.state)}catch(o){throw o instanceof fe&&o.subError===Ie?C(Ie):o}return p(this.handleCodeResponseFromServer.bind(this),l.HandleCodeResponseFromServer,this.logger,this.performanceClient,t.correlationId)(n,t)}async handleCodeResponseFromServer(e,t,n=!0){if(this.performanceClient.addQueueMeasurement(l.HandleCodeResponseFromServer,t.correlationId),this.logger.trace("InteractionHandler.handleCodeResponseFromServer called"),this.authCodeRequest.code=e.code,e.cloud_instance_host_name&&await p(this.authModule.updateAuthority.bind(this.authModule),l.UpdateTokenEndpointAuthority,this.logger,this.performanceClient,t.correlationId)(e.cloud_instance_host_name,t.correlationId),n&&(e.nonce=t.nonce||void 0),e.state=t.state,e.client_info)this.authCodeRequest.clientInfo=e.client_info;else{const r=this.createCcsCredentials(t);r&&(this.authCodeRequest.ccsCredential=r)}return await p(this.authModule.acquireToken.bind(this.authModule),l.AuthClientAcquireToken,this.logger,this.performanceClient,t.correlationId)(this.authCodeRequest,e)}createCcsCredentials(e){return e.account?{credential:e.account.homeAccountId,type:Q.HOME_ACCOUNT_ID}:e.loginHint?{credential:e.loginHint,type:Q.UPN}:null}}/*! @azure/msal-browser v3.30.0 2025-08-05 */function oi(a,e,t){const n=lt(a);if(!n)throw tr(a)?(t.error(`A ${e} is present in the iframe but it does not contain known properties. It's likely that the ${e} has been replaced by code running on the redirectUri page.`),t.errorPii(`The ${e} detected is: ${a}`),C(fr)):(t.error(`The request has returned to the redirectUri but a ${e} is not present. It's likely that the ${e} has been removed or the page has been redirected by code running on the redirectUri page.`),C(pr));return n}function Cc(a,e,t){if(!a.state)throw C(En);const n=Zr(e,a.state);if(!n)throw C(Cr);if(n.interactionType!==t)throw C(yr)}/*! @azure/msal-browser v3.30.0 2025-08-05 */class yc extends Be{constructor(e,t,n,o,r,i,s,c,h,d){super(e,t,n,o,r,i,s,h,d),this.unloadWindow=this.unloadWindow.bind(this),this.nativeStorage=c}acquireToken(e){try{const n={popupName:this.generatePopupName(e.scopes||xe,e.authority||this.config.auth.authority),popupWindowAttributes:e.popupWindowAttributes||{},popupWindowParent:e.popupWindowParent??window};return this.config.system.asyncPopups?(this.logger.verbose("asyncPopups set to true, acquiring token"),this.acquireTokenPopupAsync(e,n)):(this.logger.verbose("asyncPopup set to false, opening popup before acquiring token"),n.popup=this.openSizedPopup("about:blank",n),this.acquireTokenPopupAsync(e,n))}catch(t){return Promise.reject(t)}}logout(e){try{this.logger.verbose("logoutPopup called");const t=this.initializeLogoutRequest(e),n={popupName:this.generateLogoutPopupName(t),popupWindowAttributes:(e==null?void 0:e.popupWindowAttributes)||{},popupWindowParent:(e==null?void 0:e.popupWindowParent)??window},o=e&&e.authority,r=e&&e.mainWindowRedirectUri;return this.config.system.asyncPopups?(this.logger.verbose("asyncPopups set to true"),this.logoutPopupAsync(t,n,o,r)):(this.logger.verbose("asyncPopup set to false, opening popup"),n.popup=this.openSizedPopup("about:blank",n),this.logoutPopupAsync(t,n,o,r))}catch(t){return Promise.reject(t)}}async acquireTokenPopupAsync(e,t){var r;this.logger.verbose("acquireTokenPopupAsync called");const n=this.initializeServerTelemetryManager(b.acquireTokenPopup),o=await p(this.initializeAuthorizationRequest.bind(this),l.StandardInteractionClientInitializeAuthorizationRequest,this.logger,this.performanceClient,this.correlationId)(e,y.Popup);Xr(o.authority);try{const i=await p(this.initializeAuthorizationCodeRequest.bind(this),l.StandardInteractionClientInitializeAuthorizationCodeRequest,this.logger,this.performanceClient,this.correlationId)(o),s=await p(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:n,requestAuthority:o.authority,requestAzureCloudOptions:o.azureCloudOptions,requestExtraQueryParameters:o.extraQueryParameters,account:o.account}),c=oe.isNativeAvailable(this.config,this.logger,this.nativeMessageHandler,e.authenticationScheme);let h;c&&(h=this.performanceClient.startMeasurement(l.FetchAccountIdWithNativeBroker,e.correlationId));const d=await s.getAuthCodeUrl({...o,nativeBroker:c}),g=new Ln(s,this.browserStorage,i,this.logger,this.performanceClient),f=this.initiateAuthRequest(d,t);this.eventHandler.emitEvent(I.POPUP_OPENED,y.Popup,{popupWindow:f},null);const T=await this.monitorPopupForHash(f,t.popupWindowParent),E=Se(oi,l.DeserializeResponse,this.logger,this.performanceClient,this.correlationId)(T,this.config.auth.OIDCOptions.serverResponseType,this.logger);if(te.removeThrottle(this.browserStorage,this.config.auth.clientId,i),E.accountId){if(this.logger.verbose("Account id found in hash, calling WAM for token"),h&&h.end({success:!0,isNativeBroker:!0}),!this.nativeMessageHandler)throw C(Qe);const M=new Me(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,b.acquireTokenPopup,this.performanceClient,this.nativeMessageHandler,E.accountId,this.nativeStorage,o.correlationId),{userRequestState:G}=X.parseRequestState(this.browserCrypto,o.state);return await M.acquireToken({...o,state:G,prompt:void 0})}return await g.handleCodeResponse(E,o)}catch(i){throw(r=t.popup)==null||r.close(),i instanceof O&&(i.setCorrelationId(this.correlationId),n.cacheFailedRequest(i)),i}}async logoutPopupAsync(e,t,n,o){var i,s,c,h;this.logger.verbose("logoutPopupAsync called"),this.eventHandler.emitEvent(I.LOGOUT_START,y.Popup,e);const r=this.initializeServerTelemetryManager(b.logoutPopup);try{await this.clearCacheOnLogout(e.account);const d=await p(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:r,requestAuthority:n,account:e.account||void 0});try{d.authority.endSessionEndpoint}catch{if((i=e.account)!=null&&i.homeAccountId&&e.postLogoutRedirectUri&&d.authority.protocolMode===de.OIDC){if(this.browserStorage.removeAccount((s=e.account)==null?void 0:s.homeAccountId,this.correlationId),this.eventHandler.emitEvent(I.LOGOUT_SUCCESS,y.Popup,e),o){const T={apiId:b.logoutPopup,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},E=w.getAbsoluteUrl(o,le());await this.navigationClient.navigateInternal(E,T)}(c=t.popup)==null||c.close();return}}const g=d.getLogoutUri(e);this.eventHandler.emitEvent(I.LOGOUT_SUCCESS,y.Popup,e);const f=this.openPopup(g,t);if(this.eventHandler.emitEvent(I.POPUP_OPENED,y.Popup,{popupWindow:f},null),await this.monitorPopupForHash(f,t.popupWindowParent).catch(()=>{}),o){const T={apiId:b.logoutPopup,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},E=w.getAbsoluteUrl(o,le());this.logger.verbose("Redirecting main window to url specified in the request"),this.logger.verbosePii(`Redirecting main window to: ${E}`),await this.navigationClient.navigateInternal(E,T)}else this.logger.verbose("No main window navigation requested")}catch(d){throw(h=t.popup)==null||h.close(),d instanceof O&&(d.setCorrelationId(this.correlationId),r.cacheFailedRequest(d)),this.browserStorage.setInteractionInProgress(!1),this.eventHandler.emitEvent(I.LOGOUT_FAILURE,y.Popup,null,d),this.eventHandler.emitEvent(I.LOGOUT_END,y.Popup),d}this.eventHandler.emitEvent(I.LOGOUT_END,y.Popup)}initiateAuthRequest(e,t){if(e)return this.logger.infoPii(`Navigate to: ${e}`),this.openPopup(e,t);throw this.logger.error("Navigate url is empty"),C(Et)}monitorPopupForHash(e,t){return new Promise((n,o)=>{this.logger.verbose("PopupHandler.monitorPopupForHash - polling started");const r=setInterval(()=>{if(e.closed){this.logger.error("PopupHandler.monitorPopupForHash - window closed"),clearInterval(r),o(C(Ie));return}let i="";try{i=e.location.href}catch{}if(!i||i==="about:blank")return;clearInterval(r);let s="";const c=this.config.auth.OIDCOptions.serverResponseType;e&&(c===Ve.QUERY?s=e.location.search:s=e.location.hash),this.logger.verbose("PopupHandler.monitorPopupForHash - popup window is on same origin as caller"),n(s)},this.config.system.pollIntervalMilliseconds)}).finally(()=>{this.cleanPopup(e,t)})}openPopup(e,t){try{let n;if(t.popup?(n=t.popup,this.logger.verbosePii(`Navigating popup window to: ${e}`),n.location.assign(e)):typeof t.popup>"u"&&(this.logger.verbosePii(`Opening popup window to: ${e}`),n=this.openSizedPopup(e,t)),!n)throw C(Ar);return n.focus&&n.focus(),this.currentWindow=n,t.popupWindowParent.addEventListener("beforeunload",this.unloadWindow),n}catch(n){throw this.logger.error("error opening popup "+n.message),this.browserStorage.setInteractionInProgress(!1),C(Ir)}}openSizedPopup(e,{popupName:t,popupWindowAttributes:n,popupWindowParent:o}){var T,E,v,M;const r=o.screenLeft?o.screenLeft:o.screenX,i=o.screenTop?o.screenTop:o.screenY,s=o.innerWidth||document.documentElement.clientWidth||document.body.clientWidth,c=o.innerHeight||document.documentElement.clientHeight||document.body.clientHeight;let h=(T=n.popupSize)==null?void 0:T.width,d=(E=n.popupSize)==null?void 0:E.height,g=(v=n.popupPosition)==null?void 0:v.top,f=(M=n.popupPosition)==null?void 0:M.left;return(!h||h<0||h>s)&&(this.logger.verbose("Default popup window width used. Window width not configured or invalid."),h=V.POPUP_WIDTH),(!d||d<0||d>c)&&(this.logger.verbose("Default popup window height used. Window height not configured or invalid."),d=V.POPUP_HEIGHT),(!g||g<0||g>c)&&(this.logger.verbose("Default popup window top position used. Window top not configured or invalid."),g=Math.max(0,c/2-V.POPUP_HEIGHT/2+i)),(!f||f<0||f>s)&&(this.logger.verbose("Default popup window left position used. Window left not configured or invalid."),f=Math.max(0,s/2-V.POPUP_WIDTH/2+r)),o.open(e,t,`width=${h}, height=${d}, top=${g}, left=${f}, scrollbars=yes`)}unloadWindow(e){this.browserStorage.cleanRequestByInteractionType(y.Popup),this.currentWindow&&this.currentWindow.close(),e.preventDefault()}cleanPopup(e,t){e.close(),t.removeEventListener("beforeunload",this.unloadWindow),this.browserStorage.setInteractionInProgress(!1)}generatePopupName(e,t){return`${V.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${e.join("-")}.${t}.${this.correlationId}`}generateLogoutPopupName(e){const t=e.account&&e.account.homeAccountId;return`${V.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${t}.${this.correlationId}`}}/*! @azure/msal-browser v3.30.0 2025-08-05 */class yo{constructor(e,t,n,o,r){this.authModule=e,this.browserStorage=t,this.authCodeRequest=n,this.logger=o,this.performanceClient=r}async initiateAuthRequest(e,t){if(this.logger.verbose("RedirectHandler.initiateAuthRequest called"),e){t.redirectStartPage&&(this.logger.verbose("RedirectHandler.initiateAuthRequest: redirectStartPage set, caching start page"),this.browserStorage.setTemporaryCache(_.ORIGIN_URI,t.redirectStartPage,!0)),this.browserStorage.setTemporaryCache(_.CORRELATION_ID,this.authCodeRequest.correlationId,!0),this.browserStorage.cacheCodeRequest(this.authCodeRequest),this.logger.infoPii(`RedirectHandler.initiateAuthRequest: Navigate to: ${e}`);const n={apiId:b.acquireTokenRedirect,timeout:t.redirectTimeout,noHistory:!1};if(typeof t.onRedirectNavigate=="function")if(this.logger.verbose("RedirectHandler.initiateAuthRequest: Invoking onRedirectNavigate callback"),t.onRedirectNavigate(e)!==!1){this.logger.verbose("RedirectHandler.initiateAuthRequest: onRedirectNavigate did not return false, navigating"),await t.navigationClient.navigateExternal(e,n);return}else{this.logger.verbose("RedirectHandler.initiateAuthRequest: onRedirectNavigate returned false, stopping navigation");return}else{this.logger.verbose("RedirectHandler.initiateAuthRequest: Navigating window to navigate url"),await t.navigationClient.navigateExternal(e,n);return}}else throw this.logger.info("RedirectHandler.initiateAuthRequest: Navigate url is empty"),C(Et)}async handleCodeResponse(e,t){this.logger.verbose("RedirectHandler.handleCodeResponse called"),this.browserStorage.setInteractionInProgress(!1);const n=this.browserStorage.generateStateKey(t),o=this.browserStorage.getTemporaryCache(n);if(!o)throw m(at,"Cached State");let r;try{r=this.authModule.handleFragmentResponse(e,o)}catch(h){throw h instanceof fe&&h.subError===Ie?C(Ie):h}const i=this.browserStorage.generateNonceKey(o),s=this.browserStorage.getTemporaryCache(i);if(this.authCodeRequest.code=r.code,r.cloud_instance_host_name&&await p(this.authModule.updateAuthority.bind(this.authModule),l.UpdateTokenEndpointAuthority,this.logger,this.performanceClient,this.authCodeRequest.correlationId)(r.cloud_instance_host_name,this.authCodeRequest.correlationId),r.nonce=s||void 0,r.state=o,r.client_info)this.authCodeRequest.clientInfo=r.client_info;else{const h=this.checkCcsCredentials();h&&(this.authCodeRequest.ccsCredential=h)}const c=await this.authModule.acquireToken(this.authCodeRequest,r);return this.browserStorage.cleanRequestByState(t),c}checkCcsCredentials(){const e=this.browserStorage.getTemporaryCache(_.CCS_CREDENTIAL,!0);if(e)try{return JSON.parse(e)}catch{this.authModule.logger.error("Cache credential could not be parsed"),this.authModule.logger.errorPii(`Cache credential could not be parsed: ${e}`)}return null}}/*! @azure/msal-browser v3.30.0 2025-08-05 */function Tc(){if(typeof window>"u"||typeof window.performance>"u"||typeof window.performance.getEntriesByType!="function")return;const a=window.performance.getEntriesByType("navigation"),e=a.length?a[0]:void 0;return e==null?void 0:e.type}class Ic extends Be{constructor(e,t,n,o,r,i,s,c,h,d){super(e,t,n,o,r,i,s,h,d),this.nativeStorage=c}async acquireToken(e){const t=await p(this.initializeAuthorizationRequest.bind(this),l.StandardInteractionClientInitializeAuthorizationRequest,this.logger,this.performanceClient,this.correlationId)(e,y.Redirect);this.browserStorage.updateCacheEntries(t.state,t.nonce,t.authority,t.loginHint||"",t.account||null);const n=this.initializeServerTelemetryManager(b.acquireTokenRedirect),o=r=>{r.persisted&&(this.logger.verbose("Page was restored from back/forward cache. Clearing temporary cache."),this.browserStorage.cleanRequestByState(t.state),this.eventHandler.emitEvent(I.RESTORE_FROM_BFCACHE,y.Redirect))};try{const r=await p(this.initializeAuthorizationCodeRequest.bind(this),l.StandardInteractionClientInitializeAuthorizationCodeRequest,this.logger,this.performanceClient,this.correlationId)(t),i=await p(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:n,requestAuthority:t.authority,requestAzureCloudOptions:t.azureCloudOptions,requestExtraQueryParameters:t.extraQueryParameters,account:t.account}),s=new yo(i,this.browserStorage,r,this.logger,this.performanceClient),c=await i.getAuthCodeUrl({...t,nativeBroker:oe.isNativeAvailable(this.config,this.logger,this.nativeMessageHandler,e.authenticationScheme)}),h=this.getRedirectStartPage(e.redirectStartPage);return this.logger.verbosePii(`Redirect start page: ${h}`),window.addEventListener("pageshow",o),await s.initiateAuthRequest(c,{navigationClient:this.navigationClient,redirectTimeout:this.config.system.redirectNavigationTimeout,redirectStartPage:h,onRedirectNavigate:e.onRedirectNavigate||this.config.auth.onRedirectNavigate})}catch(r){throw r instanceof O&&(r.setCorrelationId(this.correlationId),n.cacheFailedRequest(r)),window.removeEventListener("pageshow",o),this.browserStorage.cleanRequestByState(t.state),r}}async handleRedirectPromise(e="",t){const n=this.initializeServerTelemetryManager(b.handleRedirectPromise);try{if(!this.browserStorage.isInteractionInProgress(!0))return this.logger.info("handleRedirectPromise called but there is no interaction in progress, returning null."),null;const[o,r]=this.getRedirectResponse(e||"");if(!o)return this.logger.info("handleRedirectPromise did not detect a response as a result of a redirect. Cleaning temporary cache."),this.browserStorage.cleanRequestByInteractionType(y.Redirect),Tc()!=="back_forward"?t.event.errorCode="no_server_response":this.logger.verbose("Back navigation event detected. Muting no_server_response error"),null;const i=this.browserStorage.getTemporaryCache(_.ORIGIN_URI,!0)||u.EMPTY_STRING,s=w.removeHashFromUrl(i),c=w.removeHashFromUrl(window.location.href);if(s===c&&this.config.auth.navigateToLoginRequestUrl)return this.logger.verbose("Current page is loginRequestUrl, handling response"),i.indexOf("#")>-1&&ks(i),await this.handleResponse(o,n);if(this.config.auth.navigateToLoginRequestUrl){if(!Nn()||this.config.system.allowRedirectInIframe){this.browserStorage.setTemporaryCache(_.URL_HASH,r,!0);const h={apiId:b.handleRedirectPromise,timeout:this.config.system.redirectNavigationTimeout,noHistory:!0};let d=!0;if(!i||i==="null"){const g=bs();this.browserStorage.setTemporaryCache(_.ORIGIN_URI,g,!0),this.logger.warning("Unable to get valid login request url from cache, redirecting to home page"),d=await this.navigationClient.navigateInternal(g,h)}else this.logger.verbose(`Navigating to loginRequestUrl: ${i}`),d=await this.navigationClient.navigateInternal(i,h);if(!d)return await this.handleResponse(o,n)}}else return this.logger.verbose("NavigateToLoginRequestUrl set to false, handling response"),await this.handleResponse(o,n);return null}catch(o){throw o instanceof O&&(o.setCorrelationId(this.correlationId),n.cacheFailedRequest(o)),this.browserStorage.cleanRequestByInteractionType(y.Redirect),o}}getRedirectResponse(e){this.logger.verbose("getRedirectResponseHash called");let t=e;t||(this.config.auth.OIDCOptions.serverResponseType===Ve.QUERY?t=window.location.search:t=window.location.hash);let n=lt(t);if(n){try{Cc(n,this.browserCrypto,y.Redirect)}catch(r){return r instanceof O&&this.logger.error(`Interaction type validation failed due to ${r.errorCode}: ${r.errorMessage}`),[null,""]}return _s(window),this.logger.verbose("Hash contains known properties, returning response hash"),[n,t]}const o=this.browserStorage.getTemporaryCache(_.URL_HASH,!0);return this.browserStorage.removeItem(this.browserStorage.generateCacheKey(_.URL_HASH)),o&&(n=lt(o),n)?(this.logger.verbose("Hash does not contain known properties, returning cached hash"),[n,o]):[null,""]}async handleResponse(e,t){const n=e.state;if(!n)throw C(En);const o=this.browserStorage.getCachedRequest(n);if(this.logger.verbose("handleResponse called, retrieved cached request"),e.accountId){if(this.logger.verbose("Account id found in hash, calling WAM for token"),!this.nativeMessageHandler)throw C(Qe);const c=new Me(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,b.acquireTokenPopup,this.performanceClient,this.nativeMessageHandler,e.accountId,this.nativeStorage,o.correlationId),{userRequestState:h}=X.parseRequestState(this.browserCrypto,n);return c.acquireToken({...o,state:h,prompt:void 0}).finally(()=>{this.browserStorage.cleanRequestByState(n)})}const r=this.browserStorage.getCachedAuthority(n);if(!r)throw C(Sn);const i=await p(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:t,requestAuthority:r});return te.removeThrottle(this.browserStorage,this.config.auth.clientId,o),new yo(i,this.browserStorage,o,this.logger,this.performanceClient).handleCodeResponse(e,n)}async logout(e){var o,r;this.logger.verbose("logoutRedirect called");const t=this.initializeLogoutRequest(e),n=this.initializeServerTelemetryManager(b.logout);try{this.eventHandler.emitEvent(I.LOGOUT_START,y.Redirect,e),await this.clearCacheOnLogout(t.account);const i={apiId:b.logout,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},s=await p(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:n,requestAuthority:e&&e.authority,requestExtraQueryParameters:e==null?void 0:e.extraQueryParameters,account:e&&e.account||void 0});if(s.authority.protocolMode===de.OIDC)try{s.authority.endSessionEndpoint}catch{if((o=t.account)!=null&&o.homeAccountId){this.browserStorage.removeAccount((r=t.account)==null?void 0:r.homeAccountId,this.correlationId),this.eventHandler.emitEvent(I.LOGOUT_SUCCESS,y.Redirect,t);return}}const c=s.getLogoutUri(t);if(this.eventHandler.emitEvent(I.LOGOUT_SUCCESS,y.Redirect,t),e&&typeof e.onRedirectNavigate=="function")if(e.onRedirectNavigate(c)!==!1){this.logger.verbose("Logout onRedirectNavigate did not return false, navigating"),this.browserStorage.getInteractionInProgress()||this.browserStorage.setInteractionInProgress(!0),await this.navigationClient.navigateExternal(c,i);return}else this.browserStorage.setInteractionInProgress(!1),this.logger.verbose("Logout onRedirectNavigate returned false, stopping navigation");else{this.browserStorage.getInteractionInProgress()||this.browserStorage.setInteractionInProgress(!0),await this.navigationClient.navigateExternal(c,i);return}}catch(i){throw i instanceof O&&(i.setCorrelationId(this.correlationId),n.cacheFailedRequest(i)),this.eventHandler.emitEvent(I.LOGOUT_FAILURE,y.Redirect,null,i),this.eventHandler.emitEvent(I.LOGOUT_END,y.Redirect),i}this.eventHandler.emitEvent(I.LOGOUT_END,y.Redirect)}getRedirectStartPage(e){const t=e||window.location.href;return w.getAbsoluteUrl(t,le())}}/*! @azure/msal-browser v3.30.0 2025-08-05 */async function Ac(a,e,t,n,o){if(e.addQueueMeasurement(l.SilentHandlerInitiateAuthRequest,n),!a)throw t.info("Navigate url is empty"),C(Et);return o?p(Sc,l.SilentHandlerLoadFrame,t,e,n)(a,o,e,n):Se(vc,l.SilentHandlerLoadFrameSync,t,e,n)(a)}async function Ec(a,e,t,n,o,r,i){return n.addQueueMeasurement(l.SilentHandlerMonitorIframeForHash,r),new Promise((s,c)=>{e<$t&&o.warning(`system.loadFrameTimeout or system.iframeHashTimeout set to lower (${e}ms) than the default (${$t}ms). This may result in timeouts.`);const h=window.setTimeout(()=>{window.clearInterval(d),c(C(Er))},e),d=window.setInterval(()=>{let g="";const f=a.contentWindow;try{g=f?f.location.href:""}catch{}if(!g||g==="about:blank")return;let T="";f&&(i===Ve.QUERY?T=f.location.search:T=f.location.hash),window.clearTimeout(h),window.clearInterval(d),s(T)},t)}).finally(()=>{Se(wc,l.RemoveHiddenIframe,o,n,r)(a)})}function Sc(a,e,t,n){return t.addQueueMeasurement(l.SilentHandlerLoadFrame,n),new Promise((o,r)=>{const i=ri();window.setTimeout(()=>{if(!i){r("Unable to load iframe");return}i.src=a,o(i)},e)})}function vc(a){const e=ri();return e.src=a,e}function ri(){const a=document.createElement("iframe");return a.className="msalSilentIframe",a.style.visibility="hidden",a.style.position="absolute",a.style.width=a.style.height="0",a.style.border="0",a.setAttribute("sandbox","allow-scripts allow-same-origin allow-forms"),document.body.appendChild(a),a}function wc(a){document.body===a.parentNode&&document.body.removeChild(a)}/*! @azure/msal-browser v3.30.0 2025-08-05 */class _c extends Be{constructor(e,t,n,o,r,i,s,c,h,d,g){super(e,t,n,o,r,i,c,d,g),this.apiId=s,this.nativeStorage=h}async acquireToken(e){this.performanceClient.addQueueMeasurement(l.SilentIframeClientAcquireToken,e.correlationId),!e.loginHint&&!e.sid&&(!e.account||!e.account.username)&&this.logger.warning("No user hint provided. The authorization server may need more information to complete this request.");const t={...e};t.prompt?t.prompt!==D.NONE&&t.prompt!==D.NO_SESSION&&(this.logger.warning(`SilentIframeClient. Replacing invalid prompt ${t.prompt} with ${D.NONE}`),t.prompt=D.NONE):t.prompt=D.NONE;const n=await p(this.initializeAuthorizationRequest.bind(this),l.StandardInteractionClientInitializeAuthorizationRequest,this.logger,this.performanceClient,e.correlationId)(t,y.Silent);Xr(n.authority);const o=this.initializeServerTelemetryManager(this.apiId);let r;try{return r=await p(this.createAuthCodeClient.bind(this),l.StandardInteractionClientCreateAuthCodeClient,this.logger,this.performanceClient,e.correlationId)({serverTelemetryManager:o,requestAuthority:n.authority,requestAzureCloudOptions:n.azureCloudOptions,requestExtraQueryParameters:n.extraQueryParameters,account:n.account}),await p(this.silentTokenHelper.bind(this),l.SilentIframeClientTokenHelper,this.logger,this.performanceClient,e.correlationId)(r,n)}catch(i){if(i instanceof O&&(i.setCorrelationId(this.correlationId),o.cacheFailedRequest(i)),!r||!(i instanceof O)||i.errorCode!==V.INVALID_GRANT_ERROR)throw i;this.performanceClient.addFields({retryError:i.errorCode},this.correlationId);const s=await p(this.initializeAuthorizationRequest.bind(this),l.StandardInteractionClientInitializeAuthorizationRequest,this.logger,this.performanceClient,e.correlationId)(t,y.Silent);return await p(this.silentTokenHelper.bind(this),l.SilentIframeClientTokenHelper,this.logger,this.performanceClient,this.correlationId)(r,s)}}logout(){return Promise.reject(C(St))}async silentTokenHelper(e,t){const n=t.correlationId;this.performanceClient.addQueueMeasurement(l.SilentIframeClientTokenHelper,n);const o=await p(this.initializeAuthorizationCodeRequest.bind(this),l.StandardInteractionClientInitializeAuthorizationCodeRequest,this.logger,this.performanceClient,n)(t),r=await p(e.getAuthCodeUrl.bind(e),l.GetAuthCodeUrl,this.logger,this.performanceClient,n)({...t,nativeBroker:oe.isNativeAvailable(this.config,this.logger,this.nativeMessageHandler,t.authenticationScheme)}),i=new Ln(e,this.browserStorage,o,this.logger,this.performanceClient),s=await p(Ac,l.SilentHandlerInitiateAuthRequest,this.logger,this.performanceClient,n)(r,this.performanceClient,this.logger,n,this.config.system.navigateFrameWait),c=this.config.auth.OIDCOptions.serverResponseType,h=await p(Ec,l.SilentHandlerMonitorIframeForHash,this.logger,this.performanceClient,n)(s,this.config.system.iframeHashTimeout,this.config.system.pollIntervalMilliseconds,this.performanceClient,this.logger,n,c),d=Se(oi,l.DeserializeResponse,this.logger,this.performanceClient,this.correlationId)(h,c,this.logger);if(d.accountId){if(this.logger.verbose("Account id found in hash, calling WAM for token"),!this.nativeMessageHandler)throw C(Qe);const g=new Me(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.apiId,this.performanceClient,this.nativeMessageHandler,d.accountId,this.browserStorage,n),{userRequestState:f}=X.parseRequestState(this.browserCrypto,t.state);return p(g.acquireToken.bind(g),l.NativeInteractionClientAcquireToken,this.logger,this.performanceClient,n)({...t,state:f,prompt:t.prompt||D.NONE})}return p(i.handleCodeResponse.bind(i),l.HandleCodeResponse,this.logger,this.performanceClient,n)(d,t)}}/*! @azure/msal-browser v3.30.0 2025-08-05 */class kc extends Be{async acquireToken(e){this.performanceClient.addQueueMeasurement(l.SilentRefreshClientAcquireToken,e.correlationId);const t=await p(Un,l.InitializeBaseRequest,this.logger,this.performanceClient,e.correlationId)(e,this.config,this.performanceClient,this.logger),n={...e,...t};e.redirectUri&&(n.redirectUri=this.getRedirectUri(e.redirectUri));const o=this.initializeServerTelemetryManager(b.acquireTokenSilent_silentFlow),r=await this.createRefreshTokenClient({serverTelemetryManager:o,authorityUrl:n.authority,azureCloudOptions:n.azureCloudOptions,account:n.account});return p(r.acquireTokenByRefreshToken.bind(r),l.RefreshTokenClientAcquireTokenByRefreshToken,this.logger,this.performanceClient,e.correlationId)(n).catch(i=>{throw i.setCorrelationId(this.correlationId),o.cacheFailedRequest(i),i})}logout(){return Promise.reject(C(St))}async createRefreshTokenClient(e){const t=await p(this.getClientConfiguration.bind(this),l.StandardInteractionClientGetClientConfiguration,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:e.serverTelemetryManager,requestAuthority:e.authorityUrl,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account});return new Bt(t,this.performanceClient)}}/*! @azure/msal-browser v3.30.0 2025-08-05 */class Rc{constructor(e,t,n,o){this.isBrowserEnvironment=typeof window<"u",this.config=e,this.storage=t,this.logger=n,this.cryptoObj=o}loadExternalTokens(e,t,n){if(!this.isBrowserEnvironment)throw C(vt);const o=e.correlationId||ae(),r=t.id_token?Ee(t.id_token,re):void 0,i={protocolMode:this.config.auth.protocolMode,knownAuthorities:this.config.auth.knownAuthorities,cloudDiscoveryMetadata:this.config.auth.cloudDiscoveryMetadata,authorityMetadata:this.config.auth.authorityMetadata,skipAuthorityMetadataCache:this.config.auth.skipAuthorityMetadataCache},s=e.authority?new x(x.generateAuthority(e.authority,e.azureCloudOptions),this.config.system.networkClient,this.storage,i,this.logger,e.correlationId||ae()):void 0,c=this.loadAccount(e,n.clientInfo||t.client_info||"",o,r,s),h=this.loadIdToken(t,c.homeAccountId,c.environment,c.realm,o),d=this.loadAccessToken(e,t,c.homeAccountId,c.environment,c.realm,n,o),g=this.loadRefreshToken(t,c.homeAccountId,c.environment,o);return this.generateAuthenticationResult(e,{account:c,idToken:h,accessToken:d,refreshToken:g},r,s)}loadAccount(e,t,n,o,r){if(this.logger.verbose("TokenCache - loading account"),e.account){const h=U.createFromAccountInfo(e.account);return this.storage.setAccount(h,n),h}else if(!r||!t&&!o)throw this.logger.error("TokenCache - if an account is not provided on the request, authority and either clientInfo or idToken must be provided instead."),C(Nr);const i=U.generateHomeAccountId(t,r.authorityType,this.logger,this.cryptoObj,o),s=o==null?void 0:o.tid,c=yn(this.storage,r,i,re,n,o,t,r.hostnameAndPort,s,void 0,void 0,this.logger);return this.storage.setAccount(c,n),c}loadIdToken(e,t,n,o,r){if(!e.id_token)return this.logger.verbose("TokenCache - no id token found in response"),null;this.logger.verbose("TokenCache - loading id token");const i=ft(t,n,e.id_token,this.config.auth.clientId,o);return this.storage.setIdTokenCredential(i,r),i}loadAccessToken(e,t,n,o,r,i,s){if(t.access_token)if(t.expires_in){if(!t.scope&&(!e.scopes||!e.scopes.length))return this.logger.error("TokenCache - scopes not specified in the request or response. Cannot add token to the cache."),null}else return this.logger.error("TokenCache - no expiration set on the access token. Cannot add it to the cache."),null;else return this.logger.verbose("TokenCache - no access token found in response"),null;this.logger.verbose("TokenCache - loading access token");const c=t.scope?P.fromString(t.scope):new P(e.scopes),h=i.expiresOn||t.expires_in+new Date().getTime()/1e3,d=i.extendedExpiresOn||(t.ext_expires_in||t.expires_in)+new Date().getTime()/1e3,g=Ct(n,o,t.access_token,this.config.auth.clientId,r,c.printScopes(),h,d,re);return this.storage.setAccessTokenCredential(g,s),g}loadRefreshToken(e,t,n,o){if(!e.refresh_token)return this.logger.verbose("TokenCache - no refresh token found in response"),null;this.logger.verbose("TokenCache - loading refresh token");const r=xo(t,n,e.refresh_token,this.config.auth.clientId,e.foci,void 0,e.refresh_token_expires_in);return this.storage.setRefreshTokenCredential(r,o),r}generateAuthenticationResult(e,t,n,o){var d,g,f;let r="",i=[],s=null,c;t!=null&&t.accessToken&&(r=t.accessToken.secret,i=P.fromString(t.accessToken.target).asArray(),s=new Date(Number(t.accessToken.expiresOn)*1e3),c=new Date(Number(t.accessToken.extendedExpiresOn)*1e3));const h=t.account;return{authority:o?o.canonicalAuthority:"",uniqueId:t.account.localAccountId,tenantId:t.account.realm,scopes:i,account:h.getAccountInfo(),idToken:((d=t.idToken)==null?void 0:d.secret)||"",idTokenClaims:n||{},accessToken:r,fromCache:!0,expiresOn:s,correlationId:e.correlationId||"",requestId:"",extExpiresOn:c,familyId:((g=t.refreshToken)==null?void 0:g.familyId)||"",tokenType:((f=t==null?void 0:t.accessToken)==null?void 0:f.tokenType)||"",state:e.state||"",cloudGraphHostName:h.cloudGraphHostName||"",msGraphHost:h.msGraphHost||"",fromNativeBroker:!1}}}/*! @azure/msal-browser v3.30.0 2025-08-05 */class bc extends dr{constructor(e){super(e),this.includeRedirectUri=!1}}/*! @azure/msal-browser v3.30.0 2025-08-05 */class Oc extends Be{constructor(e,t,n,o,r,i,s,c,h,d){super(e,t,n,o,r,i,c,h,d),this.apiId=s}async acquireToken(e){if(!e.code)throw C(Pr);const t=await p(this.initializeAuthorizationRequest.bind(this),l.StandardInteractionClientInitializeAuthorizationRequest,this.logger,this.performanceClient,e.correlationId)(e,y.Silent),n=this.initializeServerTelemetryManager(this.apiId);try{const o={...t,code:e.code},r=await p(this.getClientConfiguration.bind(this),l.StandardInteractionClientGetClientConfiguration,this.logger,this.performanceClient,e.correlationId)({serverTelemetryManager:n,requestAuthority:t.authority,requestAzureCloudOptions:t.azureCloudOptions,requestExtraQueryParameters:t.extraQueryParameters,account:t.account}),i=new bc(r);this.logger.verbose("Auth code client created");const s=new Ln(i,this.browserStorage,o,this.logger,this.performanceClient);return await p(s.handleCodeResponseFromServer.bind(s),l.HandleCodeResponseFromServer,this.logger,this.performanceClient,e.correlationId)({code:e.code,msgraph_host:e.msGraphHost,cloud_graph_host_name:e.cloudGraphHostName,cloud_instance_host_name:e.cloudInstanceHostName},t,!1)}catch(o){throw o instanceof O&&(o.setCorrelationId(this.correlationId),n.cacheFailedRequest(o)),o}}logout(){return Promise.reject(C(St))}}/*! @azure/msal-browser v3.30.0 2025-08-05 */function ee(a){const e=a==null?void 0:a.idTokenClaims;if(e!=null&&e.tfp||e!=null&&e.acr)return"B2C";if(e!=null&&e.tid){if((e==null?void 0:e.tid)==="9188040d-6c67-4c5b-b112-36a304b66dad")return"MSA"}else return;return"AAD"}function rt(a,e){try{Pn(a)}catch(t){throw e.end({success:!1},t),t}}class _t{constructor(e){this.operatingContext=e,this.isBrowserEnvironment=this.operatingContext.isBrowserEnvironment(),this.config=e.getConfig(),this.initialized=!1,this.logger=this.operatingContext.getLogger(),this.networkClient=this.config.system.networkClient,this.navigationClient=this.config.system.navigationClient,this.redirectResponse=new Map,this.hybridAuthCodeResponses=new Map,this.performanceClient=this.config.telemetry.client,this.browserCrypto=this.isBrowserEnvironment?new Ke(this.logger,this.performanceClient):st,this.eventHandler=new nc(this.logger),this.browserStorage=this.isBrowserEnvironment?new Vt(this.config.auth.clientId,this.config.cache,this.browserCrypto,this.logger,Ga(this.config.auth),this.performanceClient):Ys(this.config.auth.clientId,this.logger);const t={cacheLocation:q.MemoryStorage,temporaryCacheLocation:q.MemoryStorage,storeAuthStateInCookie:!1,secureCookies:!1,cacheMigrationEnabled:!1,claimsBasedCachingEnabled:!1};this.nativeInternalStorage=new Vt(this.config.auth.clientId,t,this.browserCrypto,this.logger,void 0,this.performanceClient),this.tokenCache=new Rc(this.config,this.browserStorage,this.logger,this.browserCrypto),this.activeSilentTokenRequests=new Map,this.trackPageVisibility=this.trackPageVisibility.bind(this),this.trackPageVisibilityWithMeasurement=this.trackPageVisibilityWithMeasurement.bind(this),this.listeningToStorageEvents=!1,this.handleAccountCacheChange=this.handleAccountCacheChange.bind(this)}static async createController(e,t){const n=new _t(e);return await n.initialize(t),n}trackPageVisibility(e){e&&(this.logger.info("Perf: Visibility change detected"),this.performanceClient.incrementFields({visibilityChangeCount:1},e))}async initialize(e){if(this.logger.trace("initialize called"),this.initialized){this.logger.info("initialize has already been called, exiting early.");return}if(!this.isBrowserEnvironment){this.logger.info("in non-browser environment, exiting early."),this.initialized=!0,this.eventHandler.emitEvent(I.INITIALIZE_END);return}const t=(e==null?void 0:e.correlationId)||this.getRequestCorrelationId(),n=this.config.system.allowNativeBroker,o=this.performanceClient.startMeasurement(l.InitializeClientApplication,t);if(this.eventHandler.emitEvent(I.INITIALIZE_START),n)try{this.nativeExtensionProvider=await oe.createProvider(this.logger,this.config.system.nativeBrokerHandshakeTimeout,this.performanceClient)}catch(r){this.logger.verbose(r)}this.config.cache.claimsBasedCachingEnabled||(this.logger.verbose("Claims-based caching is disabled. Clearing the previous cache with claims"),await p(this.browserStorage.clearTokensAndKeysWithClaims.bind(this.browserStorage),l.ClearTokensAndKeysWithClaims,this.logger,this.performanceClient,t)(this.performanceClient,t)),this.initialized=!0,this.eventHandler.emitEvent(I.INITIALIZE_END),o.end({allowNativeBroker:n,success:!0})}async handleRedirectPromise(e){if(this.logger.verbose("handleRedirectPromise called"),Jr(this.initialized),this.isBrowserEnvironment){const t=e||"";let n=this.redirectResponse.get(t);return typeof n>"u"?(n=this.handleRedirectPromiseInternal(e),this.redirectResponse.set(t,n),this.logger.verbose("handleRedirectPromise has been called for the first time, storing the promise")):this.logger.verbose("handleRedirectPromise has been called previously, returning the result from the first call"),n}return this.logger.verbose("handleRedirectPromise returns null, not browser environment"),null}async handleRedirectPromiseInternal(e){const t=this.getAllAccounts(),n=this.browserStorage.getCachedNativeRequest(),o=n&&oe.isNativeAvailable(this.config,this.logger,this.nativeExtensionProvider)&&this.nativeExtensionProvider&&!e,r=o?n==null?void 0:n.correlationId:this.browserStorage.getTemporaryCache(_.CORRELATION_ID,!0)||"",i=this.performanceClient.startMeasurement(l.AcquireTokenRedirect,r);this.eventHandler.emitEvent(I.HANDLE_REDIRECT_START,y.Redirect);let s;if(o&&this.nativeExtensionProvider){this.logger.trace("handleRedirectPromise - acquiring token from native platform");const c=new Me(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,b.handleRedirectPromise,this.performanceClient,this.nativeExtensionProvider,n.accountId,this.nativeInternalStorage,n.correlationId);s=p(c.handleRedirectPromise.bind(c),l.HandleNativeRedirectPromiseMeasurement,this.logger,this.performanceClient,i.event.correlationId)(this.performanceClient,i.event.correlationId)}else{this.logger.trace("handleRedirectPromise - acquiring token from web flow");const c=this.createRedirectClient(r);s=p(c.handleRedirectPromise.bind(c),l.HandleRedirectPromiseMeasurement,this.logger,this.performanceClient,i.event.correlationId)(e,i)}return s.then(c=>(c?(t.length<this.getAllAccounts().length?(this.eventHandler.emitEvent(I.LOGIN_SUCCESS,y.Redirect,c),this.logger.verbose("handleRedirectResponse returned result, login success")):(this.eventHandler.emitEvent(I.ACQUIRE_TOKEN_SUCCESS,y.Redirect,c),this.logger.verbose("handleRedirectResponse returned result, acquire token success")),i.end({success:!0,accountType:ee(c.account)})):i.event.errorCode?i.end({success:!1}):i.discard(),this.eventHandler.emitEvent(I.HANDLE_REDIRECT_END,y.Redirect),c)).catch(c=>{const h=c;throw t.length>0?this.eventHandler.emitEvent(I.ACQUIRE_TOKEN_FAILURE,y.Redirect,null,h):this.eventHandler.emitEvent(I.LOGIN_FAILURE,y.Redirect,null,h),this.eventHandler.emitEvent(I.HANDLE_REDIRECT_END,y.Redirect),i.end({success:!1},h),c})}async acquireTokenRedirect(e){const t=this.getRequestCorrelationId(e);this.logger.verbose("acquireTokenRedirect called",t);const n=this.performanceClient.startMeasurement(l.AcquireTokenPreRedirect,t);n.add({accountType:ee(e.account),scenarioId:e.scenarioId});const o=e.onRedirectNavigate;if(o)e.onRedirectNavigate=i=>{const s=typeof o=="function"?o(i):void 0;return s!==!1?n.end({success:!0}):n.discard(),s};else{const i=this.config.auth.onRedirectNavigate;this.config.auth.onRedirectNavigate=s=>{const c=typeof i=="function"?i(s):void 0;return c!==!1?n.end({success:!0}):n.discard(),c}}const r=this.getAllAccounts().length>0;try{mo(this.initialized,this.config),this.browserStorage.setInteractionInProgress(!0),r?this.eventHandler.emitEvent(I.ACQUIRE_TOKEN_START,y.Redirect,e):this.eventHandler.emitEvent(I.LOGIN_START,y.Redirect,e);let i;return this.nativeExtensionProvider&&this.canUseNative(e)?i=new Me(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,b.acquireTokenRedirect,this.performanceClient,this.nativeExtensionProvider,this.getNativeAccountId(e),this.nativeInternalStorage,t).acquireTokenRedirect(e,n).catch(c=>{if(c instanceof ne&&Re(c))return this.nativeExtensionProvider=void 0,this.createRedirectClient(t).acquireToken(e);if(c instanceof Z)return this.logger.verbose("acquireTokenRedirect - Resolving interaction required error thrown by native broker by falling back to web flow"),this.createRedirectClient(t).acquireToken(e);throw this.browserStorage.setInteractionInProgress(!1),c}):i=this.createRedirectClient(t).acquireToken(e),await i}catch(i){throw n.end({success:!1},i),r?this.eventHandler.emitEvent(I.ACQUIRE_TOKEN_FAILURE,y.Redirect,null,i):this.eventHandler.emitEvent(I.LOGIN_FAILURE,y.Redirect,null,i),i}}acquireTokenPopup(e){const t=this.getRequestCorrelationId(e),n=this.performanceClient.startMeasurement(l.AcquireTokenPopup,t);n.add({scenarioId:e.scenarioId,accountType:ee(e.account)});try{this.logger.verbose("acquireTokenPopup called",t),rt(this.initialized,n),this.browserStorage.setInteractionInProgress(!0)}catch(i){return Promise.reject(i)}const o=this.getAllAccounts();o.length>0?this.eventHandler.emitEvent(I.ACQUIRE_TOKEN_START,y.Popup,e):this.eventHandler.emitEvent(I.LOGIN_START,y.Popup,e);let r;return this.canUseNative(e)?r=this.acquireTokenNative({...e,correlationId:t},b.acquireTokenPopup).then(i=>(this.browserStorage.setInteractionInProgress(!1),n.end({success:!0,isNativeBroker:!0,accountType:ee(i.account)}),i)).catch(i=>{if(i instanceof ne&&Re(i))return this.nativeExtensionProvider=void 0,this.createPopupClient(t).acquireToken(e);if(i instanceof Z)return this.logger.verbose("acquireTokenPopup - Resolving interaction required error thrown by native broker by falling back to web flow"),this.createPopupClient(t).acquireToken(e);throw this.browserStorage.setInteractionInProgress(!1),i}):r=this.createPopupClient(t).acquireToken(e),r.then(i=>(o.length<this.getAllAccounts().length?this.eventHandler.emitEvent(I.LOGIN_SUCCESS,y.Popup,i):this.eventHandler.emitEvent(I.ACQUIRE_TOKEN_SUCCESS,y.Popup,i),n.end({success:!0,accessTokenSize:i.accessToken.length,idTokenSize:i.idToken.length,accountType:ee(i.account)}),i)).catch(i=>(o.length>0?this.eventHandler.emitEvent(I.ACQUIRE_TOKEN_FAILURE,y.Popup,null,i):this.eventHandler.emitEvent(I.LOGIN_FAILURE,y.Popup,null,i),n.end({success:!1},i),Promise.reject(i)))}trackPageVisibilityWithMeasurement(){const e=this.ssoSilentMeasurement||this.acquireTokenByCodeAsyncMeasurement;e&&(this.logger.info("Perf: Visibility change detected in ",e.event.name),e.increment({visibilityChangeCount:1}))}async ssoSilent(e){var r,i;const t=this.getRequestCorrelationId(e),n={...e,prompt:e.prompt,correlationId:t};this.ssoSilentMeasurement=this.performanceClient.startMeasurement(l.SsoSilent,t),(r=this.ssoSilentMeasurement)==null||r.add({scenarioId:e.scenarioId,accountType:ee(e.account)}),rt(this.initialized,this.ssoSilentMeasurement),(i=this.ssoSilentMeasurement)==null||i.increment({visibilityChangeCount:0}),document.addEventListener("visibilitychange",this.trackPageVisibilityWithMeasurement),this.logger.verbose("ssoSilent called",t),this.eventHandler.emitEvent(I.SSO_SILENT_START,y.Silent,n);let o;return this.canUseNative(n)?o=this.acquireTokenNative(n,b.ssoSilent).catch(s=>{if(s instanceof ne&&Re(s))return this.nativeExtensionProvider=void 0,this.createSilentIframeClient(n.correlationId).acquireToken(n);throw s}):o=this.createSilentIframeClient(n.correlationId).acquireToken(n),o.then(s=>{var c;return this.eventHandler.emitEvent(I.SSO_SILENT_SUCCESS,y.Silent,s),(c=this.ssoSilentMeasurement)==null||c.end({success:!0,isNativeBroker:s.fromNativeBroker,accessTokenSize:s.accessToken.length,idTokenSize:s.idToken.length,accountType:ee(s.account)}),s}).catch(s=>{var c;throw this.eventHandler.emitEvent(I.SSO_SILENT_FAILURE,y.Silent,null,s),(c=this.ssoSilentMeasurement)==null||c.end({success:!1},s),s}).finally(()=>{document.removeEventListener("visibilitychange",this.trackPageVisibilityWithMeasurement)})}async acquireTokenByCode(e){const t=this.getRequestCorrelationId(e);this.logger.trace("acquireTokenByCode called",t);const n=this.performanceClient.startMeasurement(l.AcquireTokenByCode,t);rt(this.initialized,n),this.eventHandler.emitEvent(I.ACQUIRE_TOKEN_BY_CODE_START,y.Silent,e),n.add({scenarioId:e.scenarioId});try{if(e.code&&e.nativeAccountId)throw C(Ur);if(e.code){const o=e.code;let r=this.hybridAuthCodeResponses.get(o);return r?(this.logger.verbose("Existing acquireTokenByCode request found",t),n.discard()):(this.logger.verbose("Initiating new acquireTokenByCode request",t),r=this.acquireTokenByCodeAsync({...e,correlationId:t}).then(i=>(this.eventHandler.emitEvent(I.ACQUIRE_TOKEN_BY_CODE_SUCCESS,y.Silent,i),this.hybridAuthCodeResponses.delete(o),n.end({success:!0,isNativeBroker:i.fromNativeBroker,accessTokenSize:i.accessToken.length,idTokenSize:i.idToken.length,accountType:ee(i.account)}),i)).catch(i=>{throw this.hybridAuthCodeResponses.delete(o),this.eventHandler.emitEvent(I.ACQUIRE_TOKEN_BY_CODE_FAILURE,y.Silent,null,i),n.end({success:!1},i),i}),this.hybridAuthCodeResponses.set(o,r)),await r}else if(e.nativeAccountId)if(this.canUseNative(e,e.nativeAccountId)){const o=await this.acquireTokenNative({...e,correlationId:t},b.acquireTokenByCode,e.nativeAccountId).catch(r=>{throw r instanceof ne&&Re(r)&&(this.nativeExtensionProvider=void 0),r});return n.end({accountType:ee(o.account),success:!0}),o}else throw C(Lr);else throw C(Mr)}catch(o){throw this.eventHandler.emitEvent(I.ACQUIRE_TOKEN_BY_CODE_FAILURE,y.Silent,null,o),n.end({success:!1},o),o}}async acquireTokenByCodeAsync(e){var o;return this.logger.trace("acquireTokenByCodeAsync called",e.correlationId),this.acquireTokenByCodeAsyncMeasurement=this.performanceClient.startMeasurement(l.AcquireTokenByCodeAsync,e.correlationId),(o=this.acquireTokenByCodeAsyncMeasurement)==null||o.increment({visibilityChangeCount:0}),document.addEventListener("visibilitychange",this.trackPageVisibilityWithMeasurement),await this.createSilentAuthCodeClient(e.correlationId).acquireToken(e).then(r=>{var i;return(i=this.acquireTokenByCodeAsyncMeasurement)==null||i.end({success:!0,fromCache:r.fromCache,isNativeBroker:r.fromNativeBroker}),r}).catch(r=>{var i;throw(i=this.acquireTokenByCodeAsyncMeasurement)==null||i.end({success:!1},r),r}).finally(()=>{document.removeEventListener("visibilitychange",this.trackPageVisibilityWithMeasurement)})}async acquireTokenFromCache(e,t){switch(this.performanceClient.addQueueMeasurement(l.AcquireTokenFromCache,e.correlationId),t){case z.Default:case z.AccessToken:case z.AccessTokenAndRefreshToken:const n=this.createSilentCacheClient(e.correlationId);return p(n.acquireToken.bind(n),l.SilentCacheClientAcquireToken,this.logger,this.performanceClient,e.correlationId)(e);default:throw m(he)}}async acquireTokenByRefreshToken(e,t){switch(this.performanceClient.addQueueMeasurement(l.AcquireTokenByRefreshToken,e.correlationId),t){case z.Default:case z.AccessTokenAndRefreshToken:case z.RefreshToken:case z.RefreshTokenAndNetwork:const n=this.createSilentRefreshClient(e.correlationId);return p(n.acquireToken.bind(n),l.SilentRefreshClientAcquireToken,this.logger,this.performanceClient,e.correlationId)(e);default:throw m(he)}}async acquireTokenBySilentIframe(e){this.performanceClient.addQueueMeasurement(l.AcquireTokenBySilentIframe,e.correlationId);const t=this.createSilentIframeClient(e.correlationId);return p(t.acquireToken.bind(t),l.SilentIframeClientAcquireToken,this.logger,this.performanceClient,e.correlationId)(e)}async logout(e){const t=this.getRequestCorrelationId(e);return this.logger.warning("logout API is deprecated and will be removed in msal-browser v3.0.0. Use logoutRedirect instead.",t),this.logoutRedirect({correlationId:t,...e})}async logoutRedirect(e){const t=this.getRequestCorrelationId(e);return mo(this.initialized,this.config),this.browserStorage.setInteractionInProgress(!0),this.createRedirectClient(t).logout(e)}logoutPopup(e){try{const t=this.getRequestCorrelationId(e);return Pn(this.initialized),this.browserStorage.setInteractionInProgress(!0),this.createPopupClient(t).logout(e)}catch(t){return Promise.reject(t)}}async clearCache(e){if(!this.isBrowserEnvironment){this.logger.info("in non-browser environment, returning early.");return}const t=this.getRequestCorrelationId(e);return this.createSilentCacheClient(t).logout(e)}getAllAccounts(e){const t=this.getRequestCorrelationId();return Ws(this.logger,this.browserStorage,this.isBrowserEnvironment,t,e)}getAccount(e){const t=this.getRequestCorrelationId();return js(e,this.logger,this.browserStorage,t)}getAccountByUsername(e){const t=this.getRequestCorrelationId();return Js(e,this.logger,this.browserStorage,t)}getAccountByHomeId(e){const t=this.getRequestCorrelationId();return Xs(e,this.logger,this.browserStorage,t)}getAccountByLocalId(e){const t=this.getRequestCorrelationId();return Zs(e,this.logger,this.browserStorage,t)}setActiveAccount(e){const t=this.getRequestCorrelationId();ec(e,this.browserStorage,t)}getActiveAccount(){const e=this.getRequestCorrelationId();return tc(this.browserStorage,e)}async hydrateCache(e,t){this.logger.verbose("hydrateCache called");const n=U.createFromAccountInfo(e.account,e.cloudGraphHostName,e.msGraphHost);return this.browserStorage.setAccount(n,e.correlationId),e.fromNativeBroker?(this.logger.verbose("Response was from native broker, storing in-memory"),this.nativeInternalStorage.hydrateCache(e,t)):this.browserStorage.hydrateCache(e,t)}async acquireTokenNative(e,t,n){if(this.logger.trace("acquireTokenNative called"),!this.nativeExtensionProvider)throw C(Qe);return new Me(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,t,this.performanceClient,this.nativeExtensionProvider,n||this.getNativeAccountId(e),this.nativeInternalStorage,e.correlationId).acquireToken(e)}canUseNative(e,t){if(this.logger.trace("canUseNative called"),!oe.isNativeAvailable(this.config,this.logger,this.nativeExtensionProvider,e.authenticationScheme))return this.logger.trace("canUseNative: isNativeAvailable returned false, returning false"),!1;if(e.prompt)switch(e.prompt){case D.NONE:case D.CONSENT:case D.LOGIN:this.logger.trace("canUseNative: prompt is compatible with native flow");break;default:return this.logger.trace(`canUseNative: prompt = ${e.prompt} is not compatible with native flow, returning false`),!1}return!t&&!this.getNativeAccountId(e)?(this.logger.trace("canUseNative: nativeAccountId is not available, returning false"),!1):!0}getNativeAccountId(e){const t=e.account||this.getAccount({loginHint:e.loginHint,sid:e.sid})||this.getActiveAccount();return t&&t.nativeAccountId||""}createPopupClient(e){return new yc(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeInternalStorage,this.nativeExtensionProvider,e)}createRedirectClient(e){return new Ic(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeInternalStorage,this.nativeExtensionProvider,e)}createSilentIframeClient(e){return new _c(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,b.ssoSilent,this.performanceClient,this.nativeInternalStorage,this.nativeExtensionProvider,e)}createSilentCacheClient(e){return new ni(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeExtensionProvider,e)}createSilentRefreshClient(e){return new kc(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeExtensionProvider,e)}createSilentAuthCodeClient(e){return new Oc(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,b.acquireTokenByCode,this.performanceClient,this.nativeExtensionProvider,e)}addEventCallback(e,t){return this.eventHandler.addEventCallback(e,t)}removeEventCallback(e){this.eventHandler.removeEventCallback(e)}addPerformanceCallback(e){return jr(),this.performanceClient.addPerformanceCallback(e)}removePerformanceCallback(e){return this.performanceClient.removePerformanceCallback(e)}enableAccountStorageEvents(){typeof window>"u"||(this.listeningToStorageEvents?this.logger.verbose("Account storage listener already registered."):(this.logger.verbose("Adding account storage listener."),this.listeningToStorageEvents=!0,window.addEventListener("storage",this.handleAccountCacheChange)))}disableAccountStorageEvents(){typeof window>"u"||(this.listeningToStorageEvents?(this.logger.verbose("Removing account storage listener."),window.removeEventListener("storage",this.handleAccountCacheChange),this.listeningToStorageEvents=!1):this.logger.verbose("No account storage listener registered."))}handleAccountCacheChange(e){var t;try{(t=e.key)!=null&&t.includes(H.ACTIVE_ACCOUNT_FILTERS)&&this.eventHandler.emitEvent(I.ACTIVE_ACCOUNT_CHANGED);const n=e.newValue||e.oldValue;if(!n)return;const o=JSON.parse(n);if(typeof o!="object"||!U.isAccountEntity(o))return;const i=Le.toObject(new U,o).getAccountInfo();!e.oldValue&&e.newValue?(this.logger.info("Account was added to cache in a different window"),this.eventHandler.emitEvent(I.ACCOUNT_ADDED,void 0,i)):!e.newValue&&e.oldValue&&(this.logger.info("Account was removed from cache in a different window"),this.eventHandler.emitEvent(I.ACCOUNT_REMOVED,void 0,i))}catch{return}}getTokenCache(){return this.tokenCache}getLogger(){return this.logger}setLogger(e){this.logger=e}initializeWrapperLibrary(e,t){this.browserStorage.setWrapperMetadata(e,t)}setNavigationClient(e){this.navigationClient=e}getConfiguration(){return this.config}getPerformanceClient(){return this.performanceClient}isBrowserEnv(){return this.isBrowserEnvironment}getRequestCorrelationId(e){return e!=null&&e.correlationId?e.correlationId:this.isBrowserEnvironment?ae():u.EMPTY_STRING}async loginRedirect(e){const t=this.getRequestCorrelationId(e);return this.logger.verbose("loginRedirect called",t),this.acquireTokenRedirect({correlationId:t,...e||lo})}loginPopup(e){const t=this.getRequestCorrelationId(e);return this.logger.verbose("loginPopup called",t),this.acquireTokenPopup({correlationId:t,...e||lo})}async acquireTokenSilent(e){const t=this.getRequestCorrelationId(e),n=this.performanceClient.startMeasurement(l.AcquireTokenSilent,t);n.add({cacheLookupPolicy:e.cacheLookupPolicy,scenarioId:e.scenarioId}),rt(this.initialized,n),this.logger.verbose("acquireTokenSilent called",t);const o=e.account||this.getActiveAccount();if(!o)throw C(_r);n.add({accountType:ee(o)});const r={clientId:this.config.auth.clientId,authority:e.authority||u.EMPTY_STRING,scopes:e.scopes,homeAccountIdentifier:o.homeAccountId,claims:e.claims,authenticationScheme:e.authenticationScheme,resourceRequestMethod:e.resourceRequestMethod,resourceRequestUri:e.resourceRequestUri,shrClaims:e.shrClaims,sshKid:e.sshKid,shrOptions:e.shrOptions},i=JSON.stringify(r),s=this.activeSilentTokenRequests.get(i);if(typeof s>"u"){this.logger.verbose("acquireTokenSilent called for the first time, storing active request",t);const c=p(this.acquireTokenSilentAsync.bind(this),l.AcquireTokenSilentAsync,this.logger,this.performanceClient,t)({...e,correlationId:t},o).then(h=>(this.activeSilentTokenRequests.delete(i),n.end({success:!0,fromCache:h.fromCache,isNativeBroker:h.fromNativeBroker,cacheLookupPolicy:e.cacheLookupPolicy,accessTokenSize:h.accessToken.length,idTokenSize:h.idToken.length}),h)).catch(h=>{throw this.activeSilentTokenRequests.delete(i),n.end({success:!1},h),h});return this.activeSilentTokenRequests.set(i,c),{...await c,state:e.state}}else return this.logger.verbose("acquireTokenSilent has been called previously, returning the result from the first call",t),n.discard(),{...await s,state:e.state}}async acquireTokenSilentAsync(e,t){const n=()=>this.trackPageVisibility(e.correlationId);this.performanceClient.addQueueMeasurement(l.AcquireTokenSilentAsync,e.correlationId),this.eventHandler.emitEvent(I.ACQUIRE_TOKEN_START,y.Silent,e),e.correlationId&&this.performanceClient.incrementFields({visibilityChangeCount:0},e.correlationId),document.addEventListener("visibilitychange",n);const o=await p(sc,l.InitializeSilentRequest,this.logger,this.performanceClient,e.correlationId)(e,t,this.config,this.performanceClient,this.logger),r=e.cacheLookupPolicy||z.Default;return this.acquireTokenSilentNoIframe(o,r).catch(async s=>{if(Nc(s,r))if(this.activeIframeRequest)if(r!==z.Skip){const[h,d]=this.activeIframeRequest;this.logger.verbose(`Iframe request is already in progress, awaiting resolution for request with correlationId: ${d}`,o.correlationId);const g=this.performanceClient.startMeasurement(l.AwaitConcurrentIframe,o.correlationId);g.add({awaitIframeCorrelationId:d});const f=await h;if(g.end({success:f}),f)return this.logger.verbose(`Parallel iframe request with correlationId: ${d} succeeded. Retrying cache and/or RT redemption`,o.correlationId),this.acquireTokenSilentNoIframe(o,r);throw this.logger.info(`Iframe request with correlationId: ${d} failed. Interaction is required.`),s}else return this.logger.warning("Another iframe request is currently in progress and CacheLookupPolicy is set to Skip. This may result in degraded performance and/or reliability for both calls. Please consider changing the CacheLookupPolicy to take advantage of request queuing and token cache.",o.correlationId),p(this.acquireTokenBySilentIframe.bind(this),l.AcquireTokenBySilentIframe,this.logger,this.performanceClient,o.correlationId)(o);else{let h;return this.activeIframeRequest=[new Promise(d=>{h=d}),o.correlationId],this.logger.verbose("Refresh token expired/invalid or CacheLookupPolicy is set to Skip, attempting acquire token by iframe.",o.correlationId),p(this.acquireTokenBySilentIframe.bind(this),l.AcquireTokenBySilentIframe,this.logger,this.performanceClient,o.correlationId)(o).then(d=>(h(!0),d)).catch(d=>{throw h(!1),d}).finally(()=>{this.activeIframeRequest=void 0})}else throw s}).then(s=>(this.eventHandler.emitEvent(I.ACQUIRE_TOKEN_SUCCESS,y.Silent,s),e.correlationId&&this.performanceClient.addFields({fromCache:s.fromCache,isNativeBroker:s.fromNativeBroker},e.correlationId),s)).catch(s=>{throw this.eventHandler.emitEvent(I.ACQUIRE_TOKEN_FAILURE,y.Silent,null,s),s}).finally(()=>{document.removeEventListener("visibilitychange",n)})}async acquireTokenSilentNoIframe(e,t){return oe.isNativeAvailable(this.config,this.logger,this.nativeExtensionProvider,e.authenticationScheme)&&e.account.nativeAccountId?(this.logger.verbose("acquireTokenSilent - attempting to acquire token from native platform"),this.acquireTokenNative(e,b.acquireTokenSilent_silentFlow).catch(async n=>{throw n instanceof ne&&Re(n)?(this.logger.verbose("acquireTokenSilent - native platform unavailable, falling back to web flow"),this.nativeExtensionProvider=void 0,m(he)):n})):(this.logger.verbose("acquireTokenSilent - attempting to acquire token from web flow"),p(this.acquireTokenFromCache.bind(this),l.AcquireTokenFromCache,this.logger,this.performanceClient,e.correlationId)(e,t).catch(n=>{if(t===z.AccessToken)throw n;return this.eventHandler.emitEvent(I.ACQUIRE_TOKEN_NETWORK_START,y.Silent,e),p(this.acquireTokenByRefreshToken.bind(this),l.AcquireTokenByRefreshToken,this.logger,this.performanceClient,e.correlationId)(e,t)}))}}function Nc(a,e){const t=!(a instanceof Z&&a.subError!==At),n=a.errorCode===V.INVALID_GRANT_ERROR||a.errorCode===he,o=t&&n||a.errorCode===ut||a.errorCode===Cn,r=us.includes(e);return o&&r}/*! @azure/msal-browser v3.30.0 2025-08-05 */async function Pc(a,e){const t=new Ae(a);return await t.initialize(),_t.createController(t,e)}/*! @azure/msal-browser v3.30.0 2025-08-05 */class Hn{static async createPublicClientApplication(e){const t=await Pc(e);return new Hn(e,t)}constructor(e,t){this.controller=t||new _t(new Ae(e))}async initialize(e){return this.controller.initialize(e)}async acquireTokenPopup(e){return this.controller.acquireTokenPopup(e)}acquireTokenRedirect(e){return this.controller.acquireTokenRedirect(e)}acquireTokenSilent(e){return this.controller.acquireTokenSilent(e)}acquireTokenByCode(e){return this.controller.acquireTokenByCode(e)}addEventCallback(e,t){return this.controller.addEventCallback(e,t)}removeEventCallback(e){return this.controller.removeEventCallback(e)}addPerformanceCallback(e){return this.controller.addPerformanceCallback(e)}removePerformanceCallback(e){return this.controller.removePerformanceCallback(e)}enableAccountStorageEvents(){this.controller.enableAccountStorageEvents()}disableAccountStorageEvents(){this.controller.disableAccountStorageEvents()}getAccount(e){return this.controller.getAccount(e)}getAccountByHomeId(e){return this.controller.getAccountByHomeId(e)}getAccountByLocalId(e){return this.controller.getAccountByLocalId(e)}getAccountByUsername(e){return this.controller.getAccountByUsername(e)}getAllAccounts(e){return this.controller.getAllAccounts(e)}handleRedirectPromise(e){return this.controller.handleRedirectPromise(e)}loginPopup(e){return this.controller.loginPopup(e)}loginRedirect(e){return this.controller.loginRedirect(e)}logout(e){return this.controller.logout(e)}logoutRedirect(e){return this.controller.logoutRedirect(e)}logoutPopup(e){return this.controller.logoutPopup(e)}ssoSilent(e){return this.controller.ssoSilent(e)}getTokenCache(){return this.controller.getTokenCache()}getLogger(){return this.controller.getLogger()}setLogger(e){this.controller.setLogger(e)}setActiveAccount(e){this.controller.setActiveAccount(e)}getActiveAccount(){return this.controller.getActiveAccount()}initializeWrapperLibrary(e,t){return this.controller.initializeWrapperLibrary(e,t)}setNavigationClient(e){this.controller.setNavigationClient(e)}getConfiguration(){return this.controller.getConfiguration()}async hydrateCache(e,t){return this.controller.hydrateCache(e,t)}clearCache(e){return this.controller.clearCache(e)}}function Mc(){const a=document.querySelector('meta[name="entra-config"]');if(!(a!=null&&a.content))return null;try{return JSON.parse(atob(a.content))}catch{return null}}const we=Mc(),Uc={auth:{clientId:(we==null?void 0:we.clientId)||"",authority:`https://login.microsoftonline.com/${(we==null?void 0:we.tenantId)||"common"}`,redirectUri:`${window.location.origin}/auth/callback`},cache:{cacheLocation:"localStorage"}},ii={scopes:["openid","profile","email","User.Read"]};let W=null;async function Lc(){W=new Hn(Uc),await W.initialize();const a=await W.handleRedirectPromise();if(a){if(W.setActiveAccount(a.account),window.location.pathname==="/auth/callback"){const t=sessionStorage.getItem("entra_return_url");if(sessionStorage.removeItem("entra_return_url"),t)return window.location.replace(t),a.account}return a.account}const e=W.getAllAccounts();if(e.length>0){W.setActiveAccount(e[0]);try{return await W.acquireTokenSilent({...ii,account:e[0]}),e[0]}catch{return null}}return null}async function Hc(){W&&(sessionStorage.setItem("entra_return_url",window.location.href),await W.loginRedirect(ii))}function Dc(a){return!a||!a.username?!1:a.username.toLowerCase().endsWith("@microsoft.com")}async function Kc(){if(!W)return null;const a=W.getActiveAccount();if(!a)return null;try{const e=await W.acquireTokenSilent({scopes:["User.Read"],account:a}),t=await fetch("https://graph.microsoft.com/v1.0/me/photo/$value",{headers:{Authorization:`Bearer ${e.accessToken}`}});if(!t.ok)return null;const n=await t.blob();return URL.createObjectURL(n)}catch{return null}}export{Kc as getUserPhoto,Lc as initAuth,Dc as isAllowedDomain,Hc as requireLogin};
8
+ //# sourceMappingURL=msalAuth-WkFcBdsE.js.map