@agrotools1/at-components 0.3.5 → 0.3.6

package/dist/IdentityManager-ece2841b.js

@@ -0,0 +1,899 @@
+import { e as p, y as f, fU as te, c as B, fV as pe, hO as _e, fW as x, hP as fe, bx as oe, dc as ae, bP as A, hQ as he, cT as F, dO as N, gU as j, W as U, gW as ge, dy as C, fK as D, U as R, eF as V, hR as J, f$ as H, eh as se, hS as me, c9 as W, cc as ve, hT as we, bU as L, dt as re, cJ as Ie, hU as Se } from "./index-4ead5b97.js";
+import { s as ye } from "./substitute-011c53db.js";
+import "vue";
+const G = "esri-identity-modal", K = { base: G, info: `${G}__info`, notice: `${G}__notice` }, ke = "ArcGIS Online";
+let O = class extends pe {
+  constructor(c, e) {
+    super(c, e), this.container = document.createElement("div"), this.error = null, this.oAuthPrompt = !1, this.open = !1, this.signingIn = !1, this.server = null, this.resource = null, this._usernameInputNode = null, this._passwordInputNode = null, document.body.appendChild(this.container);
+  }
+  loadDependencies() {
+    return _e({ button: () => import("./calcite-button-38c49d10.js"), input: () => import("./calcite-input-d890b898.js"), label: () => import("./calcite-label-e7ddaa7b.js"), modal: () => import("./calcite-modal-c3c4c180.js"), notice: () => import("./calcite-notice-3c41230b.js") });
+  }
+  get title() {
+    var c;
+    return (c = this.commonMessages) == null ? void 0 : c.auth.signIn;
+  }
+  render() {
+    var b;
+    const { open: c, title: e, messages: t, signingIn: s, oAuthPrompt: i, server: r, resource: n, error: h } = this, { info: u, oAuthInfo: o, lblItem: l, invalidUser: d, noAuthService: a, lblUser: _, lblPwd: I, lblCancel: g, lblSigning: w, lblOk: m } = t;
+    return x("div", { class: this.classes(K.base, fe()) }, x("form", { bind: this, onsubmit: this._submit }, x("calcite-modal", { bind: this, open: c, outsideCloseDisabled: !0, scale: "s", widthScale: "s", onCalciteModalClose: this._cancel, onCalciteModalOpen: this._focusUsernameInput }, x("div", { slot: "header" }, e), x("div", { slot: "content" }, x("div", { class: K.info }, ye(i ? o : u, { server: r && /\.arcgis\.com/i.test(r) ? ke : r, resource: `(${n || l})` })), h ? x("calcite-notice", { class: K.notice, icon: "exclamation-mark-triangle", kind: "danger", open: !0 }, x("div", { slot: "message" }, (b = h.details) != null && b.httpStatus ? d : a)) : null, i ? null : [x("calcite-label", null, _, x("calcite-input", { afterCreate: (q) => this._usernameInputNode = q, autocomplete: "off", bind: this, name: "username", required: !0, spellcheck: !1, type: "text", value: "" })), x("calcite-label", null, I, x("calcite-input", { afterCreate: (q) => this._passwordInputNode = q, bind: this, name: "password", required: !0, type: "password", value: "" }))]), x("calcite-button", { appearance: "outline", bind: this, onclick: this._cancel, slot: "secondary", type: "button", width: "full" }, g), x("calcite-button", { loading: !!s, slot: "primary", type: "submit", width: "full" }, s ? w : m))));
+  }
+  _focusUsernameInput() {
+    requestAnimationFrame(() => {
+      var c;
+      (c = this._usernameInputNode) == null || c.setFocus();
+    });
+  }
+  _cancel() {
+    this._set("signingIn", !1), this.open = !1, this._usernameInputNode && (this._usernameInputNode.value = ""), this._passwordInputNode && (this._passwordInputNode.value = ""), this.emit("cancel");
+  }
+  _submit(c) {
+    var t, s;
+    c.preventDefault(), this._set("signingIn", !0);
+    const e = this.oAuthPrompt ? {} : { username: (t = this._usernameInputNode) == null ? void 0 : t.value, password: (s = this._passwordInputNode) == null ? void 0 : s.value };
+    this.emit("submit", e);
+  }
+};
+p([f({ readOnly: !0 })], O.prototype, "container", void 0), p([f(), te("esri/t9n/common")], O.prototype, "commonMessages", void 0), p([f()], O.prototype, "error", void 0), p([f(), te("esri/identity/t9n/identity")], O.prototype, "messages", void 0), p([f()], O.prototype, "oAuthPrompt", void 0), p([f()], O.prototype, "open", void 0), p([f()], O.prototype, "signingIn", void 0), p([f()], O.prototype, "server", void 0), p([f({ readOnly: !0 })], O.prototype, "title", null), p([f()], O.prototype, "resource", void 0), O = p([B("esri.identity.IdentityModal")], O);
+const ie = O, Q = "esriJSAPIOAuth";
+class Y {
+  constructor(e, t) {
+    this.oAuthInfo = null, this.storage = null, this.appId = null, this.codeVerifier = null, this.expires = null, this.refreshToken = null, this.ssl = null, this.stateUID = null, this.token = null, this.userId = null, this.oAuthInfo = e, this.storage = t, this._init();
+  }
+  isValid() {
+    let e = !1;
+    if (this.oAuthInfo && this.userId && (this.refreshToken || this.token)) {
+      if (this.expires == null && this.refreshToken)
+        e = !0;
+      else if (this.expires) {
+        const t = Date.now();
+        this.expires > t && (this.expires - t) / 1e3 > 60 * this.oAuthInfo.minTimeUntilExpiration && (e = !0);
+      }
+    }
+    return e;
+  }
+  save() {
+    if (!this.storage)
+      return !1;
+    const e = this._load(), t = this.oAuthInfo;
+    if (t && t.authNamespace && t.portalUrl) {
+      let s = e[t.authNamespace];
+      s || (s = e[t.authNamespace] = {}), this.appId || (this.appId = t.appId), s[t.portalUrl] = { appId: this.appId, codeVerifier: this.codeVerifier, expires: this.expires, refreshToken: this.refreshToken, ssl: this.ssl, stateUID: this.stateUID, token: this.token, userId: this.userId };
+      try {
+        this.storage.setItem(Q, JSON.stringify(e));
+      } catch (i) {
+        return console.warn(i), !1;
+      }
+      return !0;
+    }
+    return !1;
+  }
+  destroy() {
+    const e = this._load(), t = this.oAuthInfo;
+    if (t != null && t.appId && (t != null && t.portalUrl) && (this.expires == null || this.expires > Date.now()) && (this.refreshToken || this.token)) {
+      const s = t.portalUrl.replace(/^http:/i, "https:") + "/sharing/rest/oauth2/revokeToken", i = new FormData();
+      if (i.append("f", "json"), i.append("auth_token", this.refreshToken || this.token), i.append("client_id", t.appId), i.append("token_type_hint", this.refreshToken ? "refresh_token" : "access_token"), typeof navigator.sendBeacon == "function")
+        navigator.sendBeacon(s, i);
+      else {
+        const r = new XMLHttpRequest();
+        r.open("POST", s), r.send(i);
+      }
+    }
+    if (t && t.authNamespace && t.portalUrl && this.storage) {
+      const s = e[t.authNamespace];
+      if (s) {
+        delete s[t.portalUrl];
+        try {
+          this.storage.setItem(Q, JSON.stringify(e));
+        } catch (i) {
+          console.log(i);
+        }
+      }
+    }
+    t && (t._oAuthCred = null, this.oAuthInfo = null);
+  }
+  _init() {
+    const e = this._load(), t = this.oAuthInfo;
+    if (t && t.authNamespace && t.portalUrl) {
+      let s = e[t.authNamespace];
+      s && (s = s[t.portalUrl], s && (this.appId = s.appId, this.codeVerifier = s.codeVerifier, this.expires = s.expires, this.refreshToken = s.refreshToken, this.ssl = s.ssl, this.stateUID = s.stateUID, this.token = s.token, this.userId = s.userId));
+    }
+  }
+  _load() {
+    let e = {};
+    if (this.storage) {
+      const t = this.storage.getItem(Q);
+      if (t)
+        try {
+          e = JSON.parse(t);
+        } catch (s) {
+          console.warn(s);
+        }
+    }
+    return e;
+  }
+}
+Y.prototype.declaredClass = "esri.identity.OAuthCredential";
+var Z;
+let T = Z = class extends oe {
+  constructor(c) {
+    super(c), this._oAuthCred = null, this.appId = null, this.authNamespace = "/", this.expiration = 20160, this.flowType = "auto", this.forceLogin = !1, this.forceUserId = !1, this.locale = null, this.minTimeUntilExpiration = 30, this.popup = !1, this.popupCallbackUrl = "oauth-callback.html", this.popupWindowFeatures = "height=490,width=800,resizable,scrollbars,status", this.portalUrl = "https://www.arcgis.com", this.preserveUrlHash = !1, this.userId = null;
+  }
+  clone() {
+    return Z.fromJSON(this.toJSON());
+  }
+};
+p([f({ json: { write: !0 } })], T.prototype, "appId", void 0), p([f({ json: { write: !0 } })], T.prototype, "authNamespace", void 0), p([f({ json: { write: !0 } })], T.prototype, "expiration", void 0), p([f({ json: { write: !0 } })], T.prototype, "flowType", void 0), p([f({ json: { write: !0 } })], T.prototype, "forceLogin", void 0), p([f({ json: { write: !0 } })], T.prototype, "forceUserId", void 0), p([f({ json: { write: !0 } })], T.prototype, "locale", void 0), p([f({ json: { write: !0 } })], T.prototype, "minTimeUntilExpiration", void 0), p([f({ json: { write: !0 } })], T.prototype, "popup", void 0), p([f({ json: { write: !0 } })], T.prototype, "popupCallbackUrl", void 0), p([f({ json: { write: !0 } })], T.prototype, "popupWindowFeatures", void 0), p([f({ json: { write: !0 } })], T.prototype, "portalUrl", void 0), p([f({ json: { write: !0 } })], T.prototype, "preserveUrlHash", void 0), p([f({ json: { write: !0 } })], T.prototype, "userId", void 0), T = Z = p([B("esri.identity.OAuthInfo")], T);
+const ne = T;
+let P = class extends oe {
+  constructor(c) {
+    super(c), this.adminTokenServiceUrl = null, this.currentVersion = null, this.hasPortal = null, this.hasServer = null, this.owningSystemUrl = null, this.owningTenant = null, this.server = null, this.shortLivedTokenValidity = null, this.tokenServiceUrl = null, this.webTierAuth = null;
+  }
+};
+p([f({ json: { write: !0 } })], P.prototype, "adminTokenServiceUrl", void 0), p([f({ json: { write: !0 } })], P.prototype, "currentVersion", void 0), p([f({ json: { write: !0 } })], P.prototype, "hasPortal", void 0), p([f({ json: { write: !0 } })], P.prototype, "hasServer", void 0), p([f({ json: { write: !0 } })], P.prototype, "owningSystemUrl", void 0), p([f({ json: { write: !0 } })], P.prototype, "owningTenant", void 0), p([f({ json: { write: !0 } })], P.prototype, "server", void 0), p([f({ json: { write: !0 } })], P.prototype, "shortLivedTokenValidity", void 0), p([f({ json: { write: !0 } })], P.prototype, "tokenServiceUrl", void 0), p([f({ json: { write: !0 } })], P.prototype, "webTierAuth", void 0), P = p([B("esri.identity.ServerInfo")], P);
+const X = P, E = {}, le = (c) => {
+  const e = new D(c.owningSystemUrl).host, t = new D(c.server).host, s = /.+\.arcgis\.com$/i;
+  return s.test(e) && s.test(t);
+}, $ = (c, e) => !!(le(c) && e && e.some((t) => t.test(c.server)));
+let M = null, z = null;
+try {
+  M = window.localStorage, z = window.sessionStorage;
+} catch {
+}
+class ce extends ae {
+  constructor() {
+    super(), this._portalConfig = globalThis.esriGeowConfig, this.serverInfos = [], this.oAuthInfos = [], this.credentials = [], this._soReqs = [], this._xoReqs = [], this._portals = [], this._defaultOAuthInfo = null, this._defaultTokenValidity = 60, this.dialog = null, this.tokenValidity = null, this.normalizeWebTierAuth = !1, this._appOrigin = window.origin !== "null" ? window.origin : window.location.origin, this._appUrlObj = F(window.location.href), this._busy = null, this._rejectOnPersistedPageShow = !1, this._oAuthLocationParams = null, this._gwTokenUrl = "/sharing/rest/generateToken", this._agsRest = "/rest/services", this._agsPortal = /\/sharing(\/|$)/i, this._agsAdmin = /(https?:\/\/[^\/]+\/[^\/]+)\/admin\/?(\/.*)?$/i, this._adminSvcs = /\/rest\/admin\/services(\/|$)/i, this._gwDomains = [{ regex: /^https?:\/\/www\.arcgis\.com/i, customBaseUrl: "maps.arcgis.com", tokenServiceUrl: "https://www.arcgis.com/sharing/rest/generateToken" }, { regex: /^https?:\/\/(?:dev|[a-z\d-]+\.mapsdev)\.arcgis\.com/i, customBaseUrl: "mapsdev.arcgis.com", tokenServiceUrl: "https://dev.arcgis.com/sharing/rest/generateToken" }, { regex: /^https?:\/\/(?:devext|[a-z\d-]+\.mapsdevext)\.arcgis\.com/i, customBaseUrl: "mapsdevext.arcgis.com", tokenServiceUrl: "https://devext.arcgis.com/sharing/rest/generateToken" }, { regex: /^https?:\/\/(?:qaext|[a-z\d-]+\.mapsqa)\.arcgis\.com/i, customBaseUrl: "mapsqa.arcgis.com", tokenServiceUrl: "https://qaext.arcgis.com/sharing/rest/generateToken" }, { regex: /^https?:\/\/[a-z\d-]+\.maps\.arcgis\.com/i, customBaseUrl: "maps.arcgis.com", tokenServiceUrl: "https://www.arcgis.com/sharing/rest/generateToken" }], this._legacyFed = [], this._regexSDirUrl = /http.+\/rest\/services\/?/gi, this._regexServerType = /(\/(FeatureServer|GPServer|GeoDataServer|GeocodeServer|GeoenrichmentServer|GeometryServer|GlobeServer|ImageServer|KnowledgeGraphServer|MapServer|MissionServer|MobileServer|NAServer|NetworkDiagramServer|OGCFeatureServer|ParcelFabricServer|RelationalCatalogServer|SceneServer|StreamServer|UtilityNetworkServer|ValidationServer|VectorTileServer|VersionManagementServer|VideoServer)).*/gi, this._gwUser = /http.+\/users\/([^\/]+)\/?.*/i, this._gwItem = /http.+\/items\/([^\/]+)\/?.*/i, this._gwGroup = /http.+\/groups\/([^\/]+)\/?.*/i, this._rePortalTokenSvc = /\/sharing(\/rest)?\/generatetoken/i, this._createDefaultOAuthInfo = !0, this._hasTestedIfAppIsOnPortal = !1, this._getOAuthLocationParams(), window.addEventListener("pageshow", (e) => {
+      this._pageShowHandler(e);
+    });
+  }
+  registerServers(e) {
+    const t = this.serverInfos;
+    t ? (e = e.filter((s) => !this.findServerInfo(s.server)), this.serverInfos = t.concat(e)) : this.serverInfos = e, e.forEach((s) => {
+      s.owningSystemUrl && this._portals.push(s.owningSystemUrl), s.hasPortal && this._portals.push(s.server);
+    });
+  }
+  registerOAuthInfos(e) {
+    const t = this.oAuthInfos;
+    if (t) {
+      for (const s of e) {
+        const i = this.findOAuthInfo(s.portalUrl);
+        i && t.splice(t.indexOf(i), 1);
+      }
+      this.oAuthInfos = t.concat(e);
+    } else
+      this.oAuthInfos = e;
+  }
+  registerToken(e) {
+    e = { ...e };
+    const t = this._sanitizeUrl(e.server), s = this._isServerRsrc(t);
+    let i, r = this.findServerInfo(t), n = !0;
+    r || (r = new X(), r.server = this._getServerInstanceRoot(t), s ? r.hasServer = !0 : (r.tokenServiceUrl = this._getTokenSvcUrl(t), r.hasPortal = !0), this.registerServers([r])), i = this._findCredential(t), i ? (delete e.server, Object.assign(i, e), n = !1) : (i = new S({ userId: e.userId, server: r.server, token: e.token, expires: e.expires, ssl: e.ssl, scope: s ? "server" : "portal" }), i.resources = [t], this.credentials.push(i)), i.emitTokenChange(!1), n || i.refreshServerTokens();
+  }
+  toJSON() {
+    return he({ serverInfos: this.serverInfos.map((e) => e.toJSON()), oAuthInfos: this.oAuthInfos.map((e) => e.toJSON()), credentials: this.credentials.map((e) => e.toJSON()) });
+  }
+  initialize(e) {
+    if (!e)
+      return;
+    typeof e == "string" && (e = JSON.parse(e));
+    const t = e.serverInfos, s = e.oAuthInfos, i = e.credentials;
+    if (t) {
+      const r = [];
+      t.forEach((n) => {
+        n.server && n.tokenServiceUrl && r.push(n.declaredClass ? n : new X(n));
+      }), r.length && this.registerServers(r);
+    }
+    if (s) {
+      const r = [];
+      s.forEach((n) => {
+        n.appId && r.push(n.declaredClass ? n : new ne(n));
+      }), r.length && this.registerOAuthInfos(r);
+    }
+    i && i.forEach((r) => {
+      r.server && r.token && r.expires && r.expires > Date.now() && ((r = r.declaredClass ? r : new S(r)).emitTokenChange(), this.credentials.push(r));
+    });
+  }
+  findServerInfo(e) {
+    let t;
+    e = this._sanitizeUrl(e);
+    for (const s of this.serverInfos)
+      if (this._hasSameServerInstance(s.server, e)) {
+        t = s;
+        break;
+      }
+    return t;
+  }
+  findOAuthInfo(e) {
+    let t;
+    e = this._sanitizeUrl(e);
+    for (const s of this.oAuthInfos)
+      if (this._hasSameServerInstance(s.portalUrl, e)) {
+        t = s;
+        break;
+      }
+    return t;
+  }
+  findCredential(e, t) {
+    if (!e)
+      return;
+    let s;
+    e = this._sanitizeUrl(e);
+    const i = this._isServerRsrc(e) ? "server" : "portal";
+    if (t) {
+      for (const r of this.credentials)
+        if (this._hasSameServerInstance(r.server, e) && t === r.userId && r.scope === i) {
+          s = r;
+          break;
+        }
+    } else
+      for (const r of this.credentials)
+        if (this._hasSameServerInstance(r.server, e) && this._getIdenticalSvcIdx(e, r) !== -1 && r.scope === i) {
+          s = r;
+          break;
+        }
+    return s;
+  }
+  getCredential(e, t) {
+    let s, i, r = !0;
+    t && (s = !!t.token, i = t.error, r = t.prompt !== !1), t = { ...t }, e = this._sanitizeUrl(e);
+    const n = new AbortController(), h = N();
+    if (t.signal && j(t.signal, () => {
+      n.abort();
+    }), j(n, () => {
+      h.reject(new U("identity-manager:user-aborted", "ABORTED"));
+    }), ge(n))
+      return h.promise;
+    t.signal = n.signal;
+    const u = this._isAdminResource(e), o = s ? this.findCredential(e) : null;
+    let l;
+    if (o && i && i.details && i.details.httpStatus === 498)
+      o.destroy();
+    else if (o)
+      return l = new U("identity-manager:not-authorized", "You are currently signed in as: '" + o.userId + "'. You do not have access to this resource: " + e, { error: i }), h.reject(l), h.promise;
+    const d = this._findCredential(e, t);
+    if (d)
+      return h.resolve(d), h.promise;
+    let a = this.findServerInfo(e);
+    if (a)
+      !a.hasPortal && a.server && a.owningSystemUrl && this._hasSameServerInstance(a.server, a.owningSystemUrl) && (a.hasPortal = !0), !a.hasServer && this._isServerRsrc(e) && (a._restInfoPms = this._getTokenSvcUrl(e), a.hasServer = !0);
+    else {
+      const _ = this._getTokenSvcUrl(e);
+      if (!_)
+        return l = new U("identity-manager:unknown-resource", "Unknown resource - could not find token service endpoint."), h.reject(l), h.promise;
+      a = new X(), a.server = this._getServerInstanceRoot(e), typeof _ == "string" ? (a.tokenServiceUrl = _, a.hasPortal = !0) : (a._restInfoPms = _, a.hasServer = !0), this.registerServers([a]);
+    }
+    return a.hasPortal && a._selfReq === void 0 && (r || C(a.tokenServiceUrl, this._appOrigin) || this._gwDomains.some((_) => _.tokenServiceUrl === a.tokenServiceUrl)) && (a._selfReq = { owningTenant: t == null ? void 0 : t.owningTenant, selfDfd: this._getPortalSelf(a.tokenServiceUrl.replace(this._rePortalTokenSvc, "/sharing/rest/portals/self"), e) }), this._enqueue(e, a, t, h, u);
+  }
+  getResourceName(e) {
+    return this._isRESTService(e) ? e.replace(this._regexSDirUrl, "").replace(this._regexServerType, "") || "" : this._gwUser.test(e) && e.replace(this._gwUser, "$1") || this._gwItem.test(e) && e.replace(this._gwItem, "$1") || this._gwGroup.test(e) && e.replace(this._gwGroup, "$1") || "";
+  }
+  generateToken(e, t, s) {
+    const i = this._rePortalTokenSvc.test(e.tokenServiceUrl), r = new D(this._appOrigin), n = e.shortLivedTokenValidity;
+    let h, u, o, l, d, a, _, I;
+    t && (I = this.tokenValidity || n || this._defaultTokenValidity, I > n && n > 0 && (I = n)), s && (h = s.isAdmin, u = s.serverUrl, o = s.token, a = s.signal, _ = s.ssl, e.customParameters = s.customParameters), h ? l = e.adminTokenServiceUrl : (l = e.tokenServiceUrl, d = new D(l.toLowerCase()), e.webTierAuth && (s != null && s.serverUrl) && !_ && r.scheme === "http" && (C(r.uri, l, !0) || d.scheme === "https" && r.host === d.host && r.port === "7080" && d.port === "7443") && (l = l.replace(/^https:/i, "http:").replace(/:7443/i, ":7080")));
+    const g = { query: { request: "getToken", username: t == null ? void 0 : t.username, password: t == null ? void 0 : t.password, serverUrl: u, token: o, expiration: I, referer: h || i ? this._appOrigin : null, client: h ? "referer" : null, f: "json", ...e.customParameters }, method: "post", authMode: "anonymous", useProxy: this._useProxy(e, s), signal: a, ...s == null ? void 0 : s.ioArgs };
+    return i || (g.withCredentials = !1), R(l, g).then((w) => {
+      const m = w.data;
+      if (!(m != null && m.token))
+        return new U("identity-manager:authentication-failed", "Unable to generate token");
+      const b = e.server;
+      return E[b] || (E[b] = {}), t && (E[b][t.username] = t.password), m.validity = I, m;
+    });
+  }
+  isBusy() {
+    return !!this._busy;
+  }
+  checkSignInStatus(e) {
+    return this.checkAppAccess(e, "").then((t) => t.credential);
+  }
+  checkAppAccess(e, t, s) {
+    let i = !1;
+    return this.getCredential(e, { prompt: !1 }).then((r) => {
+      let n;
+      const h = { f: "json" };
+      if (r.scope === "portal")
+        if (t && (this._doPortalSignIn(e) || s != null && s.force))
+          n = r.server + "/sharing/rest/oauth2/validateAppAccess", h.client_id = t;
+        else {
+          if (!r.token)
+            return { credential: r };
+          n = r.server + "/sharing/rest";
+        }
+      else {
+        if (!r.token)
+          return { credential: r };
+        n = r.server + "/rest/services";
+      }
+      return r.token && (h.token = r.token), R(n, { query: h, authMode: "anonymous" }).then((u) => {
+        if (u.data.valid === !1)
+          throw new U("identity-manager:not-authorized", `You are currently signed in as: '${r.userId}'.`, u.data);
+        return i = !!u.data.viewOnlyUserTypeApp, { credential: r };
+      }).catch((u) => {
+        var l;
+        if (u.name === "identity-manager:not-authorized")
+          throw u;
+        const o = (l = u.details) == null ? void 0 : l.httpStatus;
+        if (o === 498)
+          throw r.destroy(), new U("identity-manager:not-authenticated", "User is not signed in.");
+        if (o === 400)
+          throw new U("identity-manager:invalid-request");
+        return { credential: r };
+      });
+    }).then((r) => ({ credential: r.credential, viewOnly: i }));
+  }
+  setOAuthResponseHash(e) {
+    e && (e.charAt(0) === "#" && (e = e.substring(1)), this._processOAuthPopupParams(V(e)));
+  }
+  setOAuthRedirectionHandler(e) {
+    this._oAuthRedirectFunc = e;
+  }
+  setProtocolErrorHandler(e) {
+    this._protocolFunc = e;
+  }
+  signIn(e, t, s = {}) {
+    const i = N(), r = () => {
+      var l;
+      u == null || u.remove(), o == null || o.remove(), (l = this.dialog) == null || l.destroy(), this.dialog = u = o = null;
+    }, n = () => {
+      r(), this._oAuthDfd = null, i.reject(new U("identity-manager:user-aborted", "ABORTED"));
+    };
+    s.signal && j(s.signal, () => {
+      n();
+    });
+    const h = new ie({ open: !0, resource: this.getResourceName(e), server: t.server });
+    this.dialog = h, this.emit("dialog-create");
+    let u = h.on("cancel", n), o = h.on("submit", (l) => {
+      this.generateToken(t, l, { isAdmin: s.isAdmin, signal: s.signal }).then((d) => {
+        r();
+        const a = new S({ userId: l.username, server: t.server, token: d.token, expires: d.expires != null ? Number(d.expires) : null, ssl: !!d.ssl, isAdmin: s.isAdmin, validity: d.validity });
+        i.resolve(a);
+      }).catch((d) => {
+        h.error = d, h.signingIn = !1;
+      });
+    });
+    return i.promise;
+  }
+  oAuthSignIn(e, t, s, i) {
+    this._oAuthDfd = N();
+    const r = this._oAuthDfd;
+    let n;
+    i != null && i.signal && j(i.signal, () => {
+      const a = this._oAuthDfd && this._oAuthDfd.oAuthWin_;
+      a && !a.closed ? a.close() : this.dialog && l();
+    }), r.resUrl_ = e, r.sinfo_ = t, r.oinfo_ = s;
+    const h = s._oAuthCred;
+    if (h.storage && (s.flowType === "authorization-code" || s.flowType === "auto" && t.currentVersion >= 8.4)) {
+      let a = crypto.getRandomValues(new Uint8Array(32));
+      n = J(a), h.codeVerifier = n, a = crypto.getRandomValues(new Uint8Array(32)), h.stateUID = J(a), h.save() || (h.codeVerifier = n = null);
+    } else
+      h.codeVerifier = null;
+    let u, o;
+    this._getCodeChallenge(n).then((a) => {
+      const _ = !i || i.oAuthPopupConfirmation !== !1;
+      if (!s.popup || !_)
+        return void this._doOAuthSignIn(e, t, s, a);
+      const I = new ie({ oAuthPrompt: !0, server: t.server, open: !0 });
+      this.dialog = I, this.emit("dialog-create"), u = I.on("cancel", l), o = I.on("submit", () => {
+        d(), this._doOAuthSignIn(e, t, s, a);
+      });
+    });
+    const l = () => {
+      d(), this._oAuthDfd = null, r.reject(new U("identity-manager:user-aborted", "ABORTED"));
+    }, d = () => {
+      var a;
+      u == null || u.remove(), o == null || o.remove(), (a = this.dialog) == null || a.destroy(), this.dialog = null;
+    };
+    return r.promise;
+  }
+  destroyCredentials() {
+    this.credentials && this.credentials.slice().forEach((e) => {
+      e.destroy();
+    }), this.emit("credentials-destroy");
+  }
+  enablePostMessageAuth(e = "https://www.arcgis.com/sharing/rest") {
+    this._postMessageAuthHandle && this._postMessageAuthHandle.remove(), this._postMessageAuthHandle = H(window, "message", (t) => {
+      var s;
+      if ((t.origin === this._appOrigin || t.origin.endsWith(".arcgis.com")) && ((s = t.data) == null ? void 0 : s.type) === "arcgis:auth:requestCredential") {
+        const i = t.source;
+        this.getCredential(e).then((r) => {
+          i.postMessage({ type: "arcgis:auth:credential", credential: { expires: r.expires, server: r.server, ssl: r.ssl, token: r.token, userId: r.userId } }, t.origin);
+        }).catch((r) => {
+          i.postMessage({ type: "arcgis:auth:error", error: { name: r.name, message: r.message } }, t.origin);
+        });
+      }
+    });
+  }
+  disablePostMessageAuth() {
+    this._postMessageAuthHandle && (this._postMessageAuthHandle.remove(), this._postMessageAuthHandle = null);
+  }
+  _getOAuthLocationParams() {
+    var s, i;
+    let e = window.location.hash;
+    if (e) {
+      e.charAt(0) === "#" && (e = e.substring(1));
+      const r = V(e);
+      let n = !1;
+      if (r.access_token && r.expires_in && r.state && r.hasOwnProperty("username"))
+        try {
+          r.state = JSON.parse(r.state), r.state.portalUrl && (this._oAuthLocationParams = r, n = !0);
+        } catch {
+        }
+      else if (r.error && r.error_description && (console.log("IdentityManager OAuth Error: ", r.error, " - ", r.error_description), r.error === "access_denied" && (n = !0, r.state)))
+        try {
+          r.state = JSON.parse(r.state);
+        } catch {
+        }
+      n && (window.location.hash = ((s = r.state) == null ? void 0 : s.hash) || "");
+    }
+    let t = window.location.search;
+    if (t) {
+      t.charAt(0) === "?" && (t = t.substring(1));
+      const r = V(t);
+      let n = !1;
+      if (r.code && r.state)
+        try {
+          r.state = JSON.parse(r.state), r.state.portalUrl && r.state.uid && (this._oAuthLocationParams = r, n = !0);
+        } catch {
+        }
+      else if (r.error && r.error_description && (console.log("IdentityManager OAuth Error: ", r.error, " - ", r.error_description), r.error === "access_denied" && (n = !0, r.state)))
+        try {
+          r.state = JSON.parse(r.state);
+        } catch {
+        }
+      if (n) {
+        const h = { ...r };
+        ["code", "error", "error_description", "message_code", "persist", "state"].forEach((l) => {
+          delete h[l];
+        });
+        const u = se(h), o = window.location.pathname + (u ? `?${u}` : "") + (((i = r.state) == null ? void 0 : i.hash) || "");
+        window.history.replaceState(window.history.state, "", o);
+      }
+    }
+  }
+  _getOAuthToken(e, t, s, i, r) {
+    return e = e.replace(/^http:/i, "https:"), R(`${e}/sharing/rest/oauth2/token`, { authMode: "anonymous", method: "post", query: i && r ? { grant_type: "authorization_code", code: t, redirect_uri: i, client_id: s, code_verifier: r } : { grant_type: "refresh_token", refresh_token: t, client_id: s } }).then((n) => n.data);
+  }
+  _getCodeChallenge(e) {
+    if (e && globalThis.isSecureContext) {
+      const t = new TextEncoder().encode(e);
+      return crypto.subtle.digest("SHA-256", t).then((s) => J(new Uint8Array(s)));
+    }
+    return Promise.resolve(null);
+  }
+  _pageShowHandler(e) {
+    if (e.persisted && this.isBusy() && this._rejectOnPersistedPageShow) {
+      const t = new U("identity-manager:user-aborted", "ABORTED");
+      this._errbackFunc(t);
+    }
+  }
+  _findCredential(e, t) {
+    let s, i, r, n, h = -1;
+    const u = t == null ? void 0 : t.token, o = t == null ? void 0 : t.resource, l = this._isServerRsrc(e) ? "server" : "portal", d = this.credentials.filter((a) => this._hasSameServerInstance(a.server, e) && a.scope === l);
+    if (e = o || e, d.length)
+      if (d.length === 1) {
+        if (s = d[0], r = this.findServerInfo(s.server), i = r == null ? void 0 : r.owningSystemUrl, n = i ? this.findCredential(i, s.userId) : void 0, h = this._getIdenticalSvcIdx(e, s), !u)
+          return h === -1 && s.resources.push(e), this._addResource(e, n), s;
+        h !== -1 && (s.resources.splice(h, 1), this._removeResource(e, n));
+      } else {
+        let a, _;
+        if (d.some((I) => (_ = this._getIdenticalSvcIdx(e, I), _ !== -1 && (a = I, r = this.findServerInfo(a.server), i = r == null ? void 0 : r.owningSystemUrl, n = i ? this.findCredential(i, a.userId) : void 0, h = _, !0))), u)
+          a && (a.resources.splice(h, 1), this._removeResource(e, n));
+        else if (a)
+          return this._addResource(e, n), a;
+      }
+  }
+  _findOAuthInfo(e) {
+    let t = this.findOAuthInfo(e);
+    if (!t) {
+      for (const s of this.oAuthInfos)
+        if (this._isIdProvider(s.portalUrl, e)) {
+          t = s;
+          break;
+        }
+    }
+    return t;
+  }
+  _addResource(e, t) {
+    t && this._getIdenticalSvcIdx(e, t) === -1 && t.resources.push(e);
+  }
+  _removeResource(e, t) {
+    let s = -1;
+    t && (s = this._getIdenticalSvcIdx(e, t), s > -1 && t.resources.splice(s, 1));
+  }
+  _useProxy(e, t) {
+    return (t == null ? void 0 : t.isAdmin) && !C(e.adminTokenServiceUrl, this._appOrigin) || !this._isPortalDomain(e.tokenServiceUrl) && String(e.currentVersion) === "10.1" && !C(e.tokenServiceUrl, this._appOrigin);
+  }
+  _getOrigin(e) {
+    const t = new D(e);
+    return t.scheme + "://" + t.host + (t.port != null ? ":" + t.port : "");
+  }
+  _getServerInstanceRoot(e) {
+    const t = e.toLowerCase();
+    let s = t.indexOf(this._agsRest);
+    return s === -1 && this._isAdminResource(e) && (s = this._agsAdmin.test(e) ? e.replace(this._agsAdmin, "$1").length : e.search(this._adminSvcs)), s !== -1 || me(t) || (s = t.indexOf("/sharing")), s === -1 && t.substr(-1) === "/" && (s = t.length - 1), s > -1 ? e.substring(0, s) : e;
+  }
+  _hasSameServerInstance(e, t) {
+    return e.substr(-1) === "/" && (e = e.slice(0, -1)), e = e.toLowerCase(), t = this._getServerInstanceRoot(t).toLowerCase(), e = this._normalizeAGOLorgDomain(e), t = this._normalizeAGOLorgDomain(t), (e = e.substr(e.indexOf(":"))) === (t = t.substr(t.indexOf(":")));
+  }
+  _normalizeAGOLorgDomain(e) {
+    const t = /^https?:\/\/(?:cdn|[a-z\d-]+\.maps)\.arcgis\.com/i, s = /^https?:\/\/(?:cdndev|[a-z\d-]+\.mapsdevext)\.arcgis\.com/i, i = /^https?:\/\/(?:cdnqa|[a-z\d-]+\.mapsqa)\.arcgis\.com/i;
+    return t.test(e) ? e = e.replace(t, "https://www.arcgis.com") : s.test(e) ? e = e.replace(s, "https://devext.arcgis.com") : i.test(e) && (e = e.replace(i, "https://qaext.arcgis.com")), e;
+  }
+  _sanitizeUrl(e) {
+    const t = (W.request.proxyUrl || "").toLowerCase(), s = t ? e.toLowerCase().indexOf(t + "?") : -1;
+    return s !== -1 && (e = e.substring(s + t.length + 1)), e = ve(e), F(e).path;
+  }
+  _isRESTService(e) {
+    return e.includes(this._agsRest);
+  }
+  _isAdminResource(e) {
+    return this._agsAdmin.test(e) || this._adminSvcs.test(e);
+  }
+  _isServerRsrc(e) {
+    return this._isRESTService(e) || this._isAdminResource(e);
+  }
+  _isIdenticalService(e, t) {
+    let s = !1;
+    if (this._isRESTService(e) && this._isRESTService(t)) {
+      const i = this._getSuffix(e).toLowerCase(), r = this._getSuffix(t).toLowerCase();
+      if (s = i === r, !s) {
+        const n = /(.*)\/(MapServer|FeatureServer|UtilityNetworkServer).*/gi;
+        s = i.replaceAll(n, "$1") === r.replaceAll(n, "$1");
+      }
+    } else
+      this._isAdminResource(e) && this._isAdminResource(t) ? s = !0 : this._isServerRsrc(e) || this._isServerRsrc(t) || !this._isPortalDomain(e) || (s = !0);
+    return s;
+  }
+  _isPortalDomain(e) {
+    const t = new D(e.toLowerCase()), s = this._portalConfig;
+    let i = this._gwDomains.some((r) => r.regex.test(t.uri));
+    return !i && s && (i = this._hasSameServerInstance(this._getServerInstanceRoot(s.restBaseUrl), t.uri)), i || W.portalUrl && (i = C(t, W.portalUrl, !0)), i || (i = this._portals.some((r) => this._hasSameServerInstance(r, t.uri))), i = i || this._agsPortal.test(t.path), i;
+  }
+  _isIdProvider(e, t) {
+    let s = -1, i = -1;
+    this._gwDomains.forEach((n, h) => {
+      s === -1 && n.regex.test(e) && (s = h), i === -1 && n.regex.test(t) && (i = h);
+    });
+    let r = !1;
+    if (s > -1 && i > -1 && (s === 0 || s === 4 ? i !== 0 && i !== 4 || (r = !0) : s === 1 ? i !== 1 && i !== 2 || (r = !0) : s === 2 ? i === 2 && (r = !0) : s === 3 && i === 3 && (r = !0)), !r) {
+      const n = this.findServerInfo(t), h = n == null ? void 0 : n.owningSystemUrl;
+      h && le(n) && this._isPortalDomain(h) && this._isIdProvider(e, h) && (r = !0);
+    }
+    return r;
+  }
+  _getIdenticalSvcIdx(e, t) {
+    let s = -1;
+    for (let i = 0; i < t.resources.length; i++) {
+      const r = t.resources[i];
+      if (this._isIdenticalService(e, r)) {
+        s = i;
+        break;
+      }
+    }
+    return s;
+  }
+  _getSuffix(e) {
+    return e.replace(this._regexSDirUrl, "").replace(this._regexServerType, "$1");
+  }
+  _getTokenSvcUrl(e) {
+    let t, s, i;
+    if (this._isRESTService(e) || this._isAdminResource(e)) {
+      const r = this._getServerInstanceRoot(e);
+      return t = r + "/admin/generateToken", s = R(e = r + "/rest/info", { query: { f: "json" } }).then((n) => n.data), { adminUrl: t, promise: s };
+    }
+    if (this._isPortalDomain(e)) {
+      let r = "";
+      if (this._gwDomains.some((n) => (n.regex.test(e) && (r = n.tokenServiceUrl), !!r)), r || this._portals.some((n) => (this._hasSameServerInstance(n, e) && (r = n + this._gwTokenUrl), !!r)), r || (i = e.toLowerCase().indexOf("/sharing"), i !== -1 && (r = e.substring(0, i) + this._gwTokenUrl)), r || (r = this._getOrigin(e) + this._gwTokenUrl), r) {
+        const n = new D(e).port;
+        /^http:\/\//i.test(e) && n === "7080" && (r = r.replace(/:7080/i, ":7443")), r = r.replace(/http:/i, "https:");
+      }
+      return r;
+    }
+    if (e.toLowerCase().includes("premium.arcgisonline.com"))
+      return "https://premium.arcgisonline.com/server/tokens";
+  }
+  _processOAuthResponseParams(e, t, s) {
+    const i = t._oAuthCred;
+    if (e.code) {
+      const n = i.codeVerifier;
+      return i.codeVerifier = null, i.stateUID = null, i.save(), this._getOAuthToken(s.server, e.code, t.appId, this._getRedirectURI(t, !0), n).then((h) => {
+        const u = new S({ userId: h.username, server: s.server, token: h.access_token, expires: Date.now() + 1e3 * h.expires_in, ssl: h.ssl, oAuthState: e.state, _oAuthCred: i });
+        return t.userId = u.userId, i.storage = h.persist ? M : z, i.refreshToken = h.refresh_token, i.token = null, i.expires = h.refresh_token_expires_in ? Date.now() + 1e3 * h.refresh_token_expires_in : null, i.userId = u.userId, i.ssl = u.ssl, i.save(), u;
+      });
+    }
+    const r = new S({ userId: e.username, server: s.server, token: e.access_token, expires: Date.now() + 1e3 * Number(e.expires_in), ssl: e.ssl === "true", oAuthState: e.state, _oAuthCred: i });
+    return t.userId = r.userId, i.storage = e.persist ? M : z, i.refreshToken = null, i.token = r.token, i.expires = r.expires, i.userId = r.userId, i.ssl = r.ssl, i.save(), Promise.resolve(r);
+  }
+  _processOAuthPopupParams(e) {
+    var s;
+    const t = this._oAuthDfd;
+    if (this._oAuthDfd = null, t)
+      if (clearInterval(this._oAuthIntervalId), (s = this._oAuthOnPopupHandle) == null || s.remove(), e.error) {
+        const i = e.error === "access_denied", r = new U(i ? "identity-manager:user-aborted" : "identity-manager:authentication-failed", i ? "ABORTED" : "OAuth: " + e.error + " - " + e.error_description);
+        t.reject(r);
+      } else
+        this._processOAuthResponseParams(e, t.oinfo_, t.sinfo_).then((i) => {
+          t.resolve(i);
+        }).catch((i) => {
+          t.reject(i);
+        });
+  }
+  _setOAuthResponseQueryString(e) {
+    e && (e.charAt(0) === "?" && (e = e.substring(1)), this._processOAuthPopupParams(V(e)));
+  }
+  _exchangeToken(e, t, s) {
+    return R(`${e}/sharing/rest/oauth2/exchangeToken`, { authMode: "anonymous", method: "post", query: { f: "json", client_id: t, token: s } }).then((i) => i.data.token);
+  }
+  _getPlatformSelf(e, t) {
+    return e = e.replace(/^http:/i, "https:"), R(`${e}/sharing/rest/oauth2/platformSelf`, { authMode: "anonymous", headers: { "X-Esri-Auth-Client-Id": t, "X-Esri-Auth-Redirect-Uri": window.location.href.replace(/#.*$/, "") }, method: "post", query: { f: "json", expiration: 30 }, withCredentials: !0 }).then((s) => s.data);
+  }
+  _getPortalSelf(e, t) {
+    let s;
+    return this._gwDomains.some((i) => (i.regex.test(e) && (s = i.customBaseUrl), !!s)), s ? Promise.resolve({ allSSL: !0, currentVersion: "8.4", customBaseUrl: s, portalMode: "multitenant", supportsOAuth: !0 }) : (this._appOrigin.startsWith("https:") ? e = e.replace(/^http:/i, "https:").replace(/:7080/i, ":7443") : /^http:/i.test(t) && (e = e.replace(/^https:/i, "http:").replace(/:7443/i, ":7080")), R(e, { query: { f: "json" }, authMode: "anonymous", withCredentials: !0 }).then((i) => i.data));
+  }
+  _doPortalSignIn(e) {
+    const t = this._portalConfig, s = window.location.href, i = this.findServerInfo(e);
+    return !(!t && !this._isPortalDomain(s) || !(i ? i.hasPortal || i.owningSystemUrl && this._isPortalDomain(i.owningSystemUrl) : this._isPortalDomain(e)) || !(this._isIdProvider(s, e) || t && (this._hasSameServerInstance(this._getServerInstanceRoot(t.restBaseUrl), e) || this._isIdProvider(t.restBaseUrl, e)) || C(s, e, !0)));
+  }
+  _checkProtocol(e, t, s, i) {
+    let r = !0;
+    const n = i ? t.adminTokenServiceUrl : t.tokenServiceUrl;
+    return n.trim().toLowerCase().startsWith("https:") && !this._appOrigin.startsWith("https:") && we(n) && (r = !!this._protocolFunc && !!this._protocolFunc({ resourceUrl: e, serverInfo: t }), !r) && s(new U("identity-manager:aborted", "Aborted the Sign-In process to avoid sending password over insecure connection.")), r;
+  }
+  _enqueue(e, t, s, i, r, n) {
+    return i || (i = N()), i.resUrl_ = e, i.sinfo_ = t, i.options_ = s, i.admin_ = r, i.refresh_ = n, this._busy ? this._hasSameServerInstance(this._getServerInstanceRoot(e), this._busy.resUrl_) ? (this._oAuthDfd && this._oAuthDfd.oAuthWin_ && this._oAuthDfd.oAuthWin_.focus(), this._soReqs.push(i)) : this._xoReqs.push(i) : this._doSignIn(i), i.promise;
+  }
+  _doSignIn(e) {
+    this._busy = e, this._rejectOnPersistedPageShow = !1;
+    const t = (o) => {
+      var w;
+      const l = (w = e.options_) == null ? void 0 : w.resource, d = e.resUrl_, a = e.refresh_;
+      let _ = !1;
+      this.credentials.includes(o) || (a && this.credentials.includes(a) ? (a.userId = o.userId, a.token = o.token, a.expires = o.expires, a.validity = o.validity, a.ssl = o.ssl, a.creationTime = o.creationTime, _ = !0, o = a) : this.credentials.push(o)), o.resources || (o.resources = []), o.resources.includes(l || d) || o.resources.push(l || d), o.scope = this._isServerRsrc(d) ? "server" : "portal", o.emitTokenChange();
+      const I = this._soReqs, g = {};
+      this._soReqs = [], I.forEach((m) => {
+        if (!this._isIdenticalService(d, m.resUrl_)) {
+          const b = this._getSuffix(m.resUrl_);
+          g[b] || (g[b] = !0, o.resources.push(m.resUrl_));
+        }
+      }), e.resolve(o), I.forEach((m) => {
+        this._hasSameServerInstance(this._getServerInstanceRoot(d), m.resUrl_) ? m.resolve(o) : this._soReqs.push(m);
+      }), this._busy = e.resUrl_ = e.sinfo_ = e.refresh_ = null, _ || this.emit("credential-create", { credential: o }), this._soReqs.length ? this._doSignIn(this._soReqs.shift()) : this._xoReqs.length && this._doSignIn(this._xoReqs.shift());
+    }, s = (o) => {
+      e.reject(o), this._busy = e.resUrl_ = e.sinfo_ = e.refresh_ = null, this._soReqs.length ? this._doSignIn(this._soReqs.shift()) : this._xoReqs.length && this._doSignIn(this._xoReqs.shift());
+    }, i = (o, l, d, a) => {
+      var b, q, ee;
+      const _ = e.sinfo_, I = !e.options_ || e.options_.prompt !== !1, g = _.hasPortal && this._findOAuthInfo(e.resUrl_);
+      let w, m;
+      if (o)
+        t(new S({ userId: o, server: _.server, token: d || null, expires: a != null ? Number(a) : null, ssl: !!l }));
+      else if (window !== window.parent && ((b = this._appUrlObj.query) != null && b["arcgis-auth-origin"]) && ((q = this._appUrlObj.query) != null && q["arcgis-auth-portal"]) && this._hasSameServerInstance(this._getServerInstanceRoot(this._appUrlObj.query["arcgis-auth-portal"]), e.resUrl_)) {
+        window.parent.postMessage({ type: "arcgis:auth:requestCredential" }, this._appUrlObj.query["arcgis-auth-origin"]);
+        const v = H(window, "message", (y) => {
+          y.source === window.parent && y.data && (y.data.type === "arcgis:auth:credential" ? (v.remove(), y.data.credential.expires < Date.now() ? s(new U("identity-manager:credential-request-failed", "Parent application's token has expired.")) : t(new S(y.data.credential))) : y.data.type === "arcgis:auth:error" && (v.remove(), y.data.error.name === "tokenExpiredError" ? s(new U("identity-manager:credential-request-failed", "Parent application's token has expired.")) : s(U.fromJSON(y.data.error))));
+        });
+        j((ee = e.options_) == null ? void 0 : ee.signal, () => {
+          v.remove();
+        });
+      } else if (g) {
+        let v = g._oAuthCred;
+        if (!v) {
+          const y = new Y(g, M), k = new Y(g, z);
+          y.isValid() && k.isValid() ? y.expires > k.expires ? (v = y, k.destroy()) : (v = k, y.destroy()) : v = y.isValid() ? y : k, g._oAuthCred = v;
+        }
+        if (v.isValid()) {
+          w = new S({ userId: v.userId, server: _.server, token: v.token, expires: v.expires, ssl: v.ssl, _oAuthCred: v });
+          const y = g.appId !== v.appId && this._doPortalSignIn(e.resUrl_);
+          y || v.refreshToken ? (e._pendingDfd = v.refreshToken ? this._getOAuthToken(_.server, v.refreshToken, v.appId).then((k) => (w.expires = Date.now() + 1e3 * k.expires_in, w.token = k.access_token, w)) : Promise.resolve(w), e._pendingDfd.then((k) => y ? this._exchangeToken(k.server, g.appId, k.token).then((ue) => (k.token = ue, k)).catch(() => k) : k).then((k) => {
+            t(k);
+          }).catch(() => {
+            v == null || v.destroy(), i();
+          })) : t(w);
+        } else if (this._oAuthLocationParams && this._hasSameServerInstance(g.portalUrl, this._oAuthLocationParams.state.portalUrl) && (this._oAuthLocationParams.access_token || this._oAuthLocationParams.code && this._oAuthLocationParams.state.uid === v.stateUID && v.codeVerifier)) {
+          const y = this._oAuthLocationParams;
+          this._oAuthLocationParams = null, e._pendingDfd = this._processOAuthResponseParams(y, g, _).then((k) => {
+            t(k);
+          }).catch(s);
+        } else {
+          const y = () => {
+            I ? e._pendingDfd = this.oAuthSignIn(e.resUrl_, _, g, e.options_).then(t, s) : (m = new U("identity-manager:not-authenticated", "User is not signed in."), s(m));
+          };
+          this._doPortalSignIn(e.resUrl_) ? e._pendingDfd = this._getPlatformSelf(_.server, g.appId).then((k) => {
+            C(k.portalUrl, this._appOrigin, !0) ? (w = new S({ userId: k.username, server: _.server, expires: Date.now() + 1e3 * k.expires_in, token: k.token }), t(w)) : y();
+          }).catch(y) : y();
+        }
+      } else if (I) {
+        if (this._checkProtocol(e.resUrl_, _, s, e.admin_)) {
+          let v = e.options_;
+          e.admin_ && (v = v || {}, v.isAdmin = !0), e._pendingDfd = this.signIn(e.resUrl_, _, v).then(t, s);
+        }
+      } else
+        m = new U("identity-manager:not-authenticated", "User is not signed in."), s(m);
+    }, r = () => {
+      const o = e.sinfo_, l = o.owningSystemUrl, d = e.options_;
+      let a, _, I, g;
+      if (d && (a = d.token, _ = d.error, I = d.prompt), g = this._findCredential(l, { token: a, resource: e.resUrl_ }), !g) {
+        for (const w of this.credentials)
+          if (this._isIdProvider(l, w.server)) {
+            g = w;
+            break;
+          }
+      }
+      if (g) {
+        const w = this.findCredential(e.resUrl_, g.userId);
+        if (w)
+          t(w);
+        else if ($(o, this._legacyFed)) {
+          const m = g.toJSON();
+          m.server = o.server, m.resources = null, t(new S(m));
+        } else
+          (e._pendingDfd = this.generateToken(this.findServerInfo(g.server), null, { serverUrl: e.resUrl_, token: g.token, signal: e.options_.signal, ssl: g.ssl })).then((m) => {
+            t(new S({ userId: g == null ? void 0 : g.userId, server: o.server, token: m.token, expires: m.expires != null ? Number(m.expires) : null, ssl: !!m.ssl, isAdmin: e.admin_, validity: m.validity }));
+          }, s);
+      } else
+        this._busy = null, a && (e.options_.token = null), (e._pendingDfd = this.getCredential(l.replace(/\/?$/, "/sharing"), { resource: e.resUrl_, owningTenant: o.owningTenant, signal: e.options_.signal, token: a, error: _, prompt: I })).then(() => {
+          this._enqueue(e.resUrl_, e.sinfo_, e.options_, e, e.admin_);
+        }, (w) => {
+          e.resUrl_ = e.sinfo_ = e.refresh_ = null, e.reject(w);
+        });
+    };
+    this._errbackFunc = s;
+    const n = e.sinfo_.owningSystemUrl, h = this._isServerRsrc(e.resUrl_), u = e.sinfo_._restInfoPms;
+    u ? u.promise.then((o) => {
+      const l = e.sinfo_;
+      if (l._restInfoPms) {
+        l.adminTokenServiceUrl = l._restInfoPms.adminUrl, l._restInfoPms = null, l.tokenServiceUrl = (L("authInfo.tokenServicesUrl", o) || L("authInfo.tokenServiceUrl", o) || L("tokenServiceUrl", o)) ?? null, l.shortLivedTokenValidity = L("authInfo.shortLivedTokenValidity", o) ?? null, l.currentVersion = o.currentVersion, l.owningTenant = o.owningTenant;
+        const d = l.owningSystemUrl = o.owningSystemUrl;
+        d && this._portals.push(d);
+      }
+      h && l.owningSystemUrl ? r() : i();
+    }, () => {
+      e.sinfo_._restInfoPms = null;
+      const o = new U("identity-manager:server-identification-failed", "Unknown resource - could not find token service endpoint.");
+      s(o);
+    }) : h && n ? r() : e.sinfo_._selfReq ? e.sinfo_._selfReq.selfDfd.then((o) => {
+      var g;
+      const l = {};
+      let d, a, _, I;
+      return o && (d = (g = o.user) == null ? void 0 : g.username, l.username = d, l.allSSL = o.allSSL, a = o.supportsOAuth, I = parseFloat(o.currentVersion), o.portalMode === "multitenant" && (_ = o.customBaseUrl), e.sinfo_.currentVersion = I), e.sinfo_.webTierAuth = !!d, d && this.normalizeWebTierAuth ? this.generateToken(e.sinfo_, null, { ssl: l.allSSL }).catch(() => null).then((w) => (l.portalToken = w && w.token, l.tokenExpiration = w && w.expires, l)) : !d && a && I >= 4.4 && !this._findOAuthInfo(e.resUrl_) ? this._generateOAuthInfo({ portalUrl: e.sinfo_.server, customBaseUrl: _, owningTenant: e.sinfo_._selfReq.owningTenant }).catch(() => null).then(() => l) : l;
+    }).catch(() => null).then((o) => {
+      e.sinfo_._selfReq = null, o ? i(o.username, o.allSSL, o.portalToken, o.tokenExpiration) : i();
+    }) : i();
+  }
+  _generateOAuthInfo(e) {
+    let t, s = null, i = e.portalUrl;
+    const r = e.customBaseUrl, n = e.owningTenant, h = !this._defaultOAuthInfo && this._createDefaultOAuthInfo && !this._hasTestedIfAppIsOnPortal;
+    if (h) {
+      s = window.location.href;
+      let u = s.indexOf("?");
+      u > -1 && (s = s.slice(0, u)), u = s.search(/\/(apps|home)\//), s = u > -1 ? s.slice(0, u) : null;
+    }
+    return h && s ? (this._hasTestedIfAppIsOnPortal = !0, t = R(s + "/sharing/rest", { query: { f: "json" } }).then(() => {
+      this._defaultOAuthInfo = new ne({ appId: "arcgisonline", popupCallbackUrl: s + "/home/oauth-callback.html" });
+    })) : t = Promise.resolve(), t.then(() => {
+      if (this._defaultOAuthInfo)
+        return i = i.replace(/^http:/i, "https:"), R(i + "/sharing/rest/oauth2/validateRedirectUri", { query: { accountId: n, client_id: this._defaultOAuthInfo.appId, redirect_uri: re(this._defaultOAuthInfo.popupCallbackUrl), f: "json" } }).then((u) => {
+          if (u.data.valid) {
+            const o = this._defaultOAuthInfo.clone();
+            u.data.urlKey && r ? o.portalUrl = "https://" + u.data.urlKey.toLowerCase() + "." + r : o.portalUrl = i, o.popup = window !== window.top || !(C(i, this._appOrigin) || this._gwDomains.some((l) => l.regex.test(i) && l.regex.test(this._appOrigin))), this.oAuthInfos.push(o);
+          }
+        });
+    });
+  }
+  _doOAuthSignIn(e, t, s, i) {
+    const r = s._oAuthCred, n = { portalUrl: s.portalUrl };
+    !s.popup && s.preserveUrlHash && window.location.hash && (n.hash = window.location.hash), r.stateUID && (n.uid = r.stateUID);
+    const h = { client_id: s.appId, response_type: r.codeVerifier ? "code" : "token", state: JSON.stringify(n), expiration: s.expiration, locale: s.locale, redirect_uri: this._getRedirectURI(s, !!r.codeVerifier) };
+    s.forceLogin && (h.force_login = !0), s.forceUserId && s.userId && (h.prepopulatedusername = s.userId), !s.popup && this._doPortalSignIn(e) && (h.redirectToUserOrgUrl = !0), r.codeVerifier && (h.code_challenge = i || r.codeVerifier, h.code_challenge_method = i ? "S256" : "plain");
+    const u = s.portalUrl.replace(/^http:/i, "https:") + "/sharing/oauth2/authorize", o = u + "?" + se(h);
+    if (s.popup) {
+      const l = window.open(o, "esriJSAPIOAuth", s.popupWindowFeatures);
+      if (l)
+        l.focus(), this._oAuthDfd.oAuthWin_ = l, this._oAuthIntervalId = setInterval(() => {
+          if (l.closed) {
+            clearInterval(this._oAuthIntervalId), this._oAuthOnPopupHandle.remove();
+            const d = this._oAuthDfd;
+            if (d) {
+              const a = new U("identity-manager:user-aborted", "ABORTED");
+              d.reject(a);
+            }
+          }
+        }, 500), this._oAuthOnPopupHandle = H(window, ["arcgis:auth:hash", "arcgis:auth:location:search"], (d) => {
+          d.type === "arcgis:auth:hash" ? this.setOAuthResponseHash(d.detail) : this._setOAuthResponseQueryString(d.detail);
+        });
+      else {
+        const d = new U("identity-manager:popup-blocked", "ABORTED");
+        this._oAuthDfd.reject(d);
+      }
+    } else
+      this._rejectOnPersistedPageShow = !0, this._oAuthRedirectFunc ? this._oAuthRedirectFunc({ authorizeParams: h, authorizeUrl: u, resourceUrl: e, serverInfo: t, oAuthInfo: s }) : window.location.href = o;
+  }
+  _getRedirectURI(e, t) {
+    const s = window.location.href.replace(/#.*$/, "");
+    if (e.popup)
+      return re(e.popupCallbackUrl);
+    if (t) {
+      const i = F(s);
+      return i.query && ["code", "error", "error_description", "message_code", "persist", "state"].forEach((r) => {
+        delete i.query[r];
+      }), Ie(i.path, i.query);
+    }
+    return s;
+  }
+}
+ce.prototype.declaredClass = "esri.identity.IdentityManagerBase";
+let S = class extends ae.EventedAccessor {
+  constructor(c) {
+    super(c), this._oAuthCred = null, this.tokenRefreshBuffer = 2, c != null && c._oAuthCred && (this._oAuthCred = c._oAuthCred);
+  }
+  initialize() {
+    this.resources = this.resources || [], this.creationTime == null && (this.creationTime = Date.now());
+  }
+  refreshToken() {
+    const c = A.findServerInfo(this.server), e = c == null ? void 0 : c.owningSystemUrl, t = !!e && this.scope === "server", s = t && $(c, A._legacyFed), i = c.webTierAuth, r = i && A.normalizeWebTierAuth, n = E[this.server], h = n == null ? void 0 : n[this.userId];
+    let u, o = this.resources && this.resources[0], l = t ? A.findServerInfo(e) : null, d = { username: this.userId, password: h };
+    if (i && !r)
+      return;
+    t && !l && A.serverInfos.some((_) => (A._isIdProvider(e, _.server) && (l = _), !!l));
+    const a = l ? A.findCredential(l.server, this.userId) : null;
+    if (!t || a) {
+      if (!s) {
+        if (t)
+          u = { serverUrl: o, token: a == null ? void 0 : a.token, ssl: a && a.ssl };
+        else if (r)
+          d = null, u = { ssl: this.ssl };
+        else {
+          if (!h) {
+            let _;
+            return o && (o = A._sanitizeUrl(o), this._enqueued = 1, _ = A._enqueue(o, c, null, null, this.isAdmin, this), _.then(() => {
+              this._enqueued = 0, this.refreshServerTokens();
+            }).catch(() => {
+              this._enqueued = 0;
+            })), _;
+          }
+          this.isAdmin && (u = { isAdmin: !0 });
+        }
+        return A.generateToken(t ? l : c, t ? null : d, u).then((_) => {
+          this.token = _.token, this.expires = _.expires != null ? Number(_.expires) : null, this.creationTime = Date.now(), this.validity = _.validity, this.emitTokenChange(), this.refreshServerTokens();
+        }).catch(() => {
+        });
+      }
+      a == null || a.refreshToken();
+    }
+  }
+  refreshServerTokens() {
+    this.scope === "portal" && A.credentials.forEach((c) => {
+      const e = A.findServerInfo(c.server), t = e == null ? void 0 : e.owningSystemUrl;
+      c !== this && c.userId === this.userId && t && c.scope === "server" && (A._hasSameServerInstance(this.server, t) || A._isIdProvider(t, this.server)) && ($(e, A._legacyFed) ? (c.token = this.token, c.expires = this.expires, c.creationTime = this.creationTime, c.validity = this.validity, c.emitTokenChange()) : c.refreshToken());
+    });
+  }
+  emitTokenChange(c) {
+    clearTimeout(this._refreshTimer);
+    const e = this.server ? A.findServerInfo(this.server) : null, t = e == null ? void 0 : e.owningSystemUrl, s = t ? A.findServerInfo(t) : null;
+    c === !1 || t && this.scope !== "portal" && (!(s != null && s.webTierAuth) || A.normalizeWebTierAuth) || this.expires == null && this.validity == null || this._startRefreshTimer(), this.emit("token-change");
+  }
+  destroy() {
+    this.userId = this.server = this.token = this.expires = this.validity = this.resources = this.creationTime = null, this._oAuthCred && (this._oAuthCred.destroy(), this._oAuthCred = null);
+    const c = A.credentials.indexOf(this);
+    c > -1 && A.credentials.splice(c, 1), this.emitTokenChange(), this.emit("destroy");
+  }
+  toJSON() {
+    const c = he({ userId: this.userId, server: this.server, token: this.token, expires: this.expires, validity: this.validity, ssl: this.ssl, isAdmin: this.isAdmin, creationTime: this.creationTime, scope: this.scope }), e = this.resources;
+    return e && e.length > 0 && (c.resources = e.slice()), c;
+  }
+  _startRefreshTimer() {
+    clearTimeout(this._refreshTimer);
+    const c = 6e4 * this.tokenRefreshBuffer, e = 2 ** 31 - 1;
+    let t = (this.validity ? this.creationTime + 6e4 * this.validity : this.expires) - Date.now();
+    t < 0 ? t = 0 : t > e && (t = e), this._refreshTimer = setTimeout(this.refreshToken.bind(this), t > c ? t - c : t);
+  }
+};
+p([f()], S.prototype, "creationTime", void 0), p([f()], S.prototype, "expires", void 0), p([f()], S.prototype, "isAdmin", void 0), p([f()], S.prototype, "oAuthState", void 0), p([f()], S.prototype, "resources", void 0), p([f()], S.prototype, "scope", void 0), p([f()], S.prototype, "server", void 0), p([f()], S.prototype, "ssl", void 0), p([f()], S.prototype, "token", void 0), p([f()], S.prototype, "tokenRefreshBuffer", void 0), p([f()], S.prototype, "userId", void 0), p([f()], S.prototype, "validity", void 0), S = p([B("esri.identity.Credential")], S);
+class de extends ce {
+}
+de.prototype.declaredClass = "esri.identity.IdentityManager";
+const Ae = new de();
+Se(Ae);
+export {
+  Ae as default
+};