@azure/identity 4.11.2 → 4.12.1-alpha.20251006.1

package/dist/commonjs/msal/browserFlows/msalBrowserCommon.js.map

@@ -1 +1 @@
-{"version":3,"file":"msalBrowserCommon.js","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserCommon.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AAmFlC,0DAyPC;;AA1UD,yEAAmD;AAGnD,0CASqB;AAIrB,+CAA0F;AAE1F,0CAA4C;AAC5C,sDAAsD;AACtD,kEAIqC;AACrC,qDAAqD;AAErD,uCAAuC;AACvC,gDAAgD;AAChD,MAAM,iBAAiB,GAAG,OAAO,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC;AAErF;;;GAGG;AACH,SAAS,gCAAgC,CACvC,OAA+B;IAE/B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,8BAAe,CAAC;IACrD,MAAM,SAAS,GAAG,IAAA,uBAAY,EAAC,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAChE,OAAO;QACL,IAAI,EAAE;YACJ,QAAQ,EAAE,OAAO,CAAC,QAAS;YAC3B,SAAS;YACT,gBAAgB,EAAE,IAAA,8BAAmB,EAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,wBAAwB,CAAC;YAC5F,qDAAqD;YACrD,yCAAyC;YACzC,kEAAkE;YAClE,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3F;QACD,KAAK,EAAE;YACL,aAAa,EAAE,gBAAgB;YAC/B,sBAAsB,EAAE,IAAI,EAAE,0DAA0D;SACzF;QACD,MAAM,EAAE;YACN,aAAa,EAAE;gBACb,cAAc,EAAE,IAAA,gCAAqB,EAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC;gBAChE,QAAQ,EAAE,IAAA,0BAAe,EAAC,IAAA,oBAAW,GAAE,CAAC;gBACxC,iBAAiB,EAAE,OAAO,CAAC,cAAc,EAAE,0BAA0B;aACtE;SACF;KACF,CAAC;AACJ,CAAC;AAWD,uCAAuC;AACvC,MAAM,YAAY,GAAG,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;AAExE;;;;GAIG;AACH,SAAgB,uBAAuB,CAAC,OAA+B;IACrE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QACtB,MAAM,IAAI,sCAA0B,CAAC,qCAAqC,CAAC,CAAC;IAC9E,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC9B,MAAM,QAAQ,GAAG,IAAA,kCAAe,EAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC7E,MAAM,4BAA4B,GAAa,IAAA,sDAAmC,EAChF,OAAO,EAAE,sBAAsB,EAAE,0BAA0B,CAC5D,CAAC;IACF,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;IAC5C,MAAM,UAAU,GAAG,gCAAgC,CAAC,OAAO,CAAC,CAAC;IAC7D,MAAM,8BAA8B,GAAG,OAAO,CAAC,8BAA8B,CAAC;IAC9E,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;IAEpC,IAAI,OAAyC,CAAC;IAC9C,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC;QACjC,OAAO,GAAG;YACR,GAAG,OAAO,CAAC,oBAAoB;YAC/B,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,IAAI,GAAyC,CAAC;IAC9C;;;OAGG;IACH,KAAK,UAAU,MAAM;QACnB,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,+BAA+B;YAC/B,GAAG,GAAG,MAAM,WAAW,CAAC,uBAAuB,CAAC,6BAA6B,CAAC,UAAU,CAAC,CAAC;YAE1F,sDAAsD;YACtD,IAAI,OAAO,EAAE,CAAC;gBACZ,GAAG,CAAC,gBAAgB,CAAC,IAAA,uBAAY,EAAC,OAAO,CAAC,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;OAIG;IACH,KAAK,UAAU,mBAAmB,CAChC,MAAyC;QAEzC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;YAC/B,IAAI,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBAC7B,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;gBAC1D,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBACzC,OAAO,IAAA,uBAAY,EAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QACpE,CAAC;QACD,OAAO;IACT,CAAC;IAED;;;;OAIG;IACH,SAAS,YAAY,CACnB,MAAyB,EACzB,MAAmB,EACnB,eAAiC;QAEjC,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;YACpB,OAAO,GAAG,IAAA,uBAAY,EAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QACnD,CAAC;QACD,IAAA,+BAAoB,EAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,0BAAa,EAAC,MAAM,CAAC,CAAC,CAAC;QAC5C,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,WAAW;YACzB,kBAAkB,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE;YAC9C,qBAAqB,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE;YAClD,SAAS,EAAE,QAAQ;SACpB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,cAAc;QAC3B,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,OAAO,mBAAmB,CAAC,CAAC,MAAM,OAAO,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC;IAC/F,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,gBAAgB;QAC7B,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,MAAM,aAAa,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;QACjD,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO;QACT,CAAC;QACD,OAAO,IAAA,uBAAY,EAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,KAAK,CAAC,SAA4B,EAAE;QACjD,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAgC;YAChD,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,SAAS;SACrB,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,UAAU,CAAC,CAAC,CAAC;gBAChB,MAAM,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACtC,OAAO;YACT,CAAC;YACD,KAAK,OAAO;gBACV,OAAO,mBAAmB,CAAC,MAAM,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,cAAc,CAC3B,MAAgB,EAChB,eAA+C;QAE/C,MAAM,aAAa,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,uCAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe;gBACf,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAA8B;YAC5C,SAAS,EAAE,eAAe,EAAE,SAAS,IAAI,UAAU,CAAC,IAAI,CAAC,SAAU;YACnE,aAAa,EAAE,eAAe,EAAE,aAAa;YAC7C,MAAM,EAAE,eAAe,EAAE,MAAM;YAC/B,OAAO,EAAE,IAAA,uBAAY,EAAC,aAAa,CAAC;YACpC,YAAY,EAAE,KAAK;YACnB,MAAM;SACP,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACpD,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;YAC/B,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YAC9D,OAAO,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,IAAA,0BAAe,EAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,mBAAmB,CAChC,MAAgB,EAChB,eAA+C;QAE/C,MAAM,aAAa,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,uCAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe;gBACf,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAgC;YAC9C,SAAS,EAAE,eAAe,EAAE,SAAS,IAAI,UAAU,CAAC,IAAI,CAAC,SAAU;YACnE,aAAa,EAAE,eAAe,EAAE,aAAa;YAC7C,MAAM,EAAE,eAAe,EAAE,MAAM;YAC/B,OAAO,EAAE,IAAA,uBAAY,EAAC,aAAa,CAAC;YACpC,SAAS,EAAE,SAAS;YACpB,MAAM;SACP,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,UAAU;gBACb,gCAAgC;gBAChC,8DAA8D;gBAC9D,kDAAkD;gBAElD,MAAM,OAAO,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;gBAC/C,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,kBAAkB,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;YACnE,KAAK,OAAO;gBACV,OAAO,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,UAAU,QAAQ,CACrB,MAAgB,EAChB,kBAAiD,EAAE;QAEnD,MAAM,gBAAgB,GACpB,IAAA,4CAAyB,EAAC,QAAQ,EAAE,eAAe,EAAE,4BAA4B,CAAC;YAClF,QAAQ,CAAC;QAEX,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,CAAC;YAC/B,eAAe,CAAC,SAAS,GAAG,IAAA,uBAAY,EAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;QAC5E,CAAC;QAED,uDAAuD;QACvD,MAAM,cAAc,EAAE,CAAC;QAEvB,IAAI,CAAC,CAAC,MAAM,gBAAgB,EAAE,CAAC,IAAI,CAAC,8BAA8B,EAAE,CAAC;YACnE,MAAM,KAAK,CAAC,MAAM,CAAC,CAAC;QACtB,CAAC;QAED,8EAA8E;QAC9E,IAAI,CAAC;YACH,OAAO,MAAM,cAAc,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC/C,MAAM,GAAG,CAAC;YACZ,CAAC;YACD,IAAI,eAAe,EAAE,8BAA8B,EAAE,CAAC;gBACpD,MAAM,IAAI,uCAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe;oBACf,OAAO,EACL,qFAAqF;iBACxF,CAAC,CAAC;YACL,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,oEAAoE,UAAU,EAAE,CAAC,CAAC;YAC9F,OAAO,mBAAmB,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IACD,OAAO;QACL,gBAAgB;QAChB,QAAQ;KACT,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport * as msalBrowser from \"@azure/msal-browser\";\n\nimport type { MsalBrowserFlowOptions } from \"./msalBrowserOptions.js\";\nimport {\n  defaultLoggerCallback,\n  ensureValidMsalToken,\n  getAuthority,\n  getKnownAuthorities,\n  getMSALLogLevel,\n  handleMsalError,\n  msalToPublic,\n  publicToMsal,\n} from \"../utils.js\";\n\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport type { AuthenticationRecord, MsalResult } from \"../types.js\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../../errors.js\";\nimport type { CredentialFlowGetTokenOptions } from \"../credentials.js\";\nimport { getLogLevel } from \"@azure/logger\";\nimport { formatSuccess } from \"../../util/logging.js\";\nimport {\n  processMultiTenantRequest,\n  resolveAdditionallyAllowedTenantIds,\n  resolveTenantId,\n} from \"../../util/tenantIdUtils.js\";\nimport { DefaultTenantId } from \"../../constants.js\";\n\n// We keep a copy of the redirect hash.\n// Check if self and location object is defined.\nconst isLocationDefined = typeof self !== \"undefined\" && self.location !== undefined;\n\n/**\n * Generates a MSAL configuration that generally works for browsers\n * @internal\n */\nfunction generateMsalBrowserConfiguration(\n  options: MsalBrowserFlowOptions,\n): msalBrowser.Configuration {\n  const tenantId = options.tenantId || DefaultTenantId;\n  const authority = getAuthority(tenantId, options.authorityHost);\n  return {\n    auth: {\n      clientId: options.clientId!,\n      authority,\n      knownAuthorities: getKnownAuthorities(tenantId, authority, options.disableInstanceDiscovery),\n      // If the users picked redirect as their login style,\n      // but they didn't provide a redirectUri,\n      // we can try to use the current page we're in as a default value.\n      redirectUri: options.redirectUri || (isLocationDefined ? self.location.origin : undefined),\n    },\n    cache: {\n      cacheLocation: \"sessionStorage\",\n      storeAuthStateInCookie: true, // Set to true to improve the experience on IE11 and Edge.\n    },\n    system: {\n      loggerOptions: {\n        loggerCallback: defaultLoggerCallback(options.logger, \"Browser\"),\n        logLevel: getMSALLogLevel(getLogLevel()),\n        piiLoggingEnabled: options.loggingOptions?.enableUnsafeSupportLogging,\n      },\n    },\n  };\n}\n\n/**\n * Methods that are used by InteractiveBrowserCredential\n * @internal\n */\nexport interface MsalBrowserClient {\n  getActiveAccount(): Promise<AuthenticationRecord | undefined>;\n  getToken(scopes: string[], options: CredentialFlowGetTokenOptions): Promise<AccessToken>;\n}\n\n// We keep a copy of the redirect hash.\nconst redirectHash = isLocationDefined ? self.location.hash : undefined;\n\n/**\n * Uses MSAL Browser 2.X for browser authentication,\n * which uses the [Auth Code Flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).\n * @internal\n */\nexport function createMsalBrowserClient(options: MsalBrowserFlowOptions): MsalBrowserClient {\n  const loginStyle = options.loginStyle;\n  if (!options.clientId) {\n    throw new CredentialUnavailableError(\"A client ID is required in browsers\");\n  }\n  const clientId = options.clientId;\n  const logger = options.logger;\n  const tenantId = resolveTenantId(logger, options.tenantId, options.clientId);\n  const additionallyAllowedTenantIds: string[] = resolveAdditionallyAllowedTenantIds(\n    options?.tokenCredentialOptions?.additionallyAllowedTenants,\n  );\n  const authorityHost = options.authorityHost;\n  const msalConfig = generateMsalBrowserConfiguration(options);\n  const disableAutomaticAuthentication = options.disableAutomaticAuthentication;\n  const loginHint = options.loginHint;\n\n  let account: AuthenticationRecord | undefined;\n  if (options.authenticationRecord) {\n    account = {\n      ...options.authenticationRecord,\n      tenantId,\n    };\n  }\n\n  // This variable should only be used through calling `getApp` function\n  let app: msalBrowser.IPublicClientApplication;\n  /**\n   * Return the MSAL account if not set yet\n   * @returns MSAL application\n   */\n  async function getApp(): Promise<msalBrowser.IPublicClientApplication> {\n    if (!app) {\n      // Prepare the MSAL application\n      app = await msalBrowser.PublicClientApplication.createPublicClientApplication(msalConfig);\n\n      // setting the account right after the app is created.\n      if (account) {\n        app.setActiveAccount(publicToMsal(account));\n      }\n    }\n\n    return app;\n  }\n\n  /**\n   * Loads the account based on the result of the authentication.\n   * If no result was received, tries to load the account from the cache.\n   * @param result - Result object received from MSAL.\n   */\n  async function handleBrowserResult(\n    result?: msalBrowser.AuthenticationResult,\n  ): Promise<AuthenticationRecord | undefined> {\n    try {\n      const msalApp = await getApp();\n      if (result && result.account) {\n        logger.info(`MSAL Browser V2 authentication successful.`);\n        msalApp.setActiveAccount(result.account);\n        return msalToPublic(clientId, result.account);\n      }\n    } catch (e: any) {\n      logger.info(`Failed to acquire token through MSAL. ${e.message}`);\n    }\n    return;\n  }\n\n  /**\n   * Handles the MSAL authentication result.\n   * If the result has an account, we update the local account reference.\n   * If the token received is invalid, an error will be thrown depending on what's missing.\n   */\n  function handleResult(\n    scopes: string | string[],\n    result?: MsalResult,\n    getTokenOptions?: GetTokenOptions,\n  ): AccessToken {\n    if (result?.account) {\n      account = msalToPublic(clientId, result.account);\n    }\n    ensureValidMsalToken(scopes, result, getTokenOptions);\n    logger.getToken.info(formatSuccess(scopes));\n    return {\n      token: result.accessToken,\n      expiresOnTimestamp: result.expiresOn.getTime(),\n      refreshAfterTimestamp: result.refreshOn?.getTime(),\n      tokenType: \"Bearer\",\n    };\n  }\n\n  /**\n   * Uses MSAL to handle the redirect.\n   */\n  async function handleRedirect(): Promise<AuthenticationRecord | undefined> {\n    const msalApp = await getApp();\n    return handleBrowserResult((await msalApp.handleRedirectPromise(redirectHash)) || undefined);\n  }\n\n  /**\n   * Uses MSAL to retrieve the active account.\n   */\n  async function getActiveAccount(): Promise<AuthenticationRecord | undefined> {\n    const msalApp = await getApp();\n    const activeAccount = msalApp.getActiveAccount();\n    if (!activeAccount) {\n      return;\n    }\n    return msalToPublic(clientId, activeAccount);\n  }\n\n  /**\n   * Uses MSAL to trigger a redirect or a popup login.\n   */\n  async function login(scopes: string | string[] = []): Promise<AuthenticationRecord | undefined> {\n    const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n    const loginRequest: msalBrowser.RedirectRequest = {\n      scopes: arrayScopes,\n      loginHint: loginHint,\n    };\n    const msalApp = await getApp();\n    switch (loginStyle) {\n      case \"redirect\": {\n        await app.loginRedirect(loginRequest);\n        return;\n      }\n      case \"popup\":\n        return handleBrowserResult(await msalApp.loginPopup(loginRequest));\n    }\n  }\n\n  /**\n   * Tries to retrieve the token silently using MSAL.\n   */\n  async function getTokenSilent(\n    scopes: string[],\n    getTokenOptions?: CredentialFlowGetTokenOptions,\n  ): Promise<AccessToken> {\n    const activeAccount = await getActiveAccount();\n    if (!activeAccount) {\n      throw new AuthenticationRequiredError({\n        scopes,\n        getTokenOptions,\n        message:\n          \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n      });\n    }\n\n    const parameters: msalBrowser.SilentRequest = {\n      authority: getTokenOptions?.authority || msalConfig.auth.authority!,\n      correlationId: getTokenOptions?.correlationId,\n      claims: getTokenOptions?.claims,\n      account: publicToMsal(activeAccount),\n      forceRefresh: false,\n      scopes,\n    };\n\n    try {\n      logger.info(\"Attempting to acquire token silently\");\n      const msalApp = await getApp();\n      const response = await msalApp.acquireTokenSilent(parameters);\n      return handleResult(scopes, response);\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  /**\n   * Attempts to retrieve the token in the browser through interactive methods.\n   */\n  async function getTokenInteractive(\n    scopes: string[],\n    getTokenOptions?: CredentialFlowGetTokenOptions,\n  ): Promise<AccessToken> {\n    const activeAccount = await getActiveAccount();\n    if (!activeAccount) {\n      throw new AuthenticationRequiredError({\n        scopes,\n        getTokenOptions,\n        message:\n          \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n      });\n    }\n\n    const parameters: msalBrowser.RedirectRequest = {\n      authority: getTokenOptions?.authority || msalConfig.auth.authority!,\n      correlationId: getTokenOptions?.correlationId,\n      claims: getTokenOptions?.claims,\n      account: publicToMsal(activeAccount),\n      loginHint: loginHint,\n      scopes,\n    };\n    const msalApp = await getApp();\n    switch (loginStyle) {\n      case \"redirect\":\n        // This will go out of the page.\n        // Once the InteractiveBrowserCredential is initialized again,\n        // we'll load the MSAL account in the constructor.\n\n        await msalApp.acquireTokenRedirect(parameters);\n        return { token: \"\", expiresOnTimestamp: 0, tokenType: \"Bearer\" };\n      case \"popup\":\n        return handleResult(scopes, await app.acquireTokenPopup(parameters));\n    }\n  }\n\n  /**\n   * Attempts to get token through the silent flow.\n   * If failed, get token through interactive method with `doGetToken` method.\n   */\n  async function getToken(\n    scopes: string[],\n    getTokenOptions: CredentialFlowGetTokenOptions = {},\n  ): Promise<AccessToken> {\n    const getTokenTenantId =\n      processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowedTenantIds) ||\n      tenantId;\n\n    if (!getTokenOptions.authority) {\n      getTokenOptions.authority = getAuthority(getTokenTenantId, authorityHost);\n    }\n\n    // We ensure that redirection is handled at this point.\n    await handleRedirect();\n\n    if (!(await getActiveAccount()) && !disableAutomaticAuthentication) {\n      await login(scopes);\n    }\n\n    // Attempts to get the token silently; else, falls back to interactive method.\n    try {\n      return await getTokenSilent(scopes, getTokenOptions);\n    } catch (err: any) {\n      if (err.name !== \"AuthenticationRequiredError\") {\n        throw err;\n      }\n      if (getTokenOptions?.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions,\n          message:\n            \"Automatic authentication has been disabled. You may call the authenticate() method.\",\n        });\n      }\n      logger.info(`Silent authentication failed, falling back to interactive method ${loginStyle}`);\n      return getTokenInteractive(scopes, getTokenOptions);\n    }\n  }\n  return {\n    getActiveAccount,\n    getToken,\n  };\n}\n"]}
+{"version":3,"file":"msalBrowserCommon.js","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserCommon.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AAkFlC,0DAyPC;;AAzUD,yEAAmD;AAGnD,0CASqB;AAIrB,+CAA0F;AAE1F,0CAA4C;AAC5C,sDAAsD;AACtD,kEAIqC;AACrC,qDAAqD;AAErD,uCAAuC;AACvC,gDAAgD;AAChD,MAAM,iBAAiB,GAAG,OAAO,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC;AAErF;;GAEG;AACH,SAAS,gCAAgC,CACvC,OAA+B;IAE/B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,8BAAe,CAAC;IACrD,MAAM,SAAS,GAAG,IAAA,uBAAY,EAAC,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAChE,OAAO;QACL,IAAI,EAAE;YACJ,QAAQ,EAAE,OAAO,CAAC,QAAS;YAC3B,SAAS;YACT,gBAAgB,EAAE,IAAA,8BAAmB,EAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,wBAAwB,CAAC;YAC5F,qDAAqD;YACrD,yCAAyC;YACzC,kEAAkE;YAClE,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3F;QACD,KAAK,EAAE;YACL,aAAa,EAAE,gBAAgB;YAC/B,sBAAsB,EAAE,IAAI,EAAE,0DAA0D;SACzF;QACD,MAAM,EAAE;YACN,aAAa,EAAE;gBACb,cAAc,EAAE,IAAA,gCAAqB,EAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC;gBAChE,QAAQ,EAAE,IAAA,0BAAe,EAAC,IAAA,oBAAW,GAAE,CAAC;gBACxC,iBAAiB,EAAE,OAAO,CAAC,cAAc,EAAE,0BAA0B;aACtE;SACF;KACF,CAAC;AACJ,CAAC;AAWD,uCAAuC;AACvC,MAAM,YAAY,GAAG,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;AAExE;;;;GAIG;AACH,SAAgB,uBAAuB,CAAC,OAA+B;IACrE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QACtB,MAAM,IAAI,sCAA0B,CAAC,qCAAqC,CAAC,CAAC;IAC9E,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC9B,MAAM,QAAQ,GAAG,IAAA,kCAAe,EAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC7E,MAAM,4BAA4B,GAAa,IAAA,sDAAmC,EAChF,OAAO,EAAE,sBAAsB,EAAE,0BAA0B,CAC5D,CAAC;IACF,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;IAC5C,MAAM,UAAU,GAAG,gCAAgC,CAAC,OAAO,CAAC,CAAC;IAC7D,MAAM,8BAA8B,GAAG,OAAO,CAAC,8BAA8B,CAAC;IAC9E,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;IAEpC,IAAI,OAAyC,CAAC;IAC9C,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC;QACjC,OAAO,GAAG;YACR,GAAG,OAAO,CAAC,oBAAoB;YAC/B,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,IAAI,GAAyC,CAAC;IAC9C;;;OAGG;IACH,KAAK,UAAU,MAAM;QACnB,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,+BAA+B;YAC/B,GAAG,GAAG,MAAM,WAAW,CAAC,uBAAuB,CAAC,6BAA6B,CAAC,UAAU,CAAC,CAAC;YAE1F,sDAAsD;YACtD,IAAI,OAAO,EAAE,CAAC;gBACZ,GAAG,CAAC,gBAAgB,CAAC,IAAA,uBAAY,EAAC,OAAO,CAAC,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;OAIG;IACH,KAAK,UAAU,mBAAmB,CAChC,MAAyC;QAEzC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;YAC/B,IAAI,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBAC7B,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;gBAC1D,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBACzC,OAAO,IAAA,uBAAY,EAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QACpE,CAAC;QACD,OAAO;IACT,CAAC;IAED;;;;OAIG;IACH,SAAS,YAAY,CACnB,MAAyB,EACzB,MAAmB,EACnB,eAAiC;QAEjC,IAAI,MAAM,EAAE,OAAO,EAAE,CAAC;YACpB,OAAO,GAAG,IAAA,uBAAY,EAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QACnD,CAAC;QACD,IAAA,+BAAoB,EAAC,MAAM,EAAE,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,0BAAa,EAAC,MAAM,CAAC,CAAC,CAAC;QAC5C,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,WAAW;YACzB,kBAAkB,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE;YAC9C,qBAAqB,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE;YAClD,SAAS,EAAE,QAAQ;SACpB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,cAAc;QAC3B,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,OAAO,mBAAmB,CAAC,CAAC,MAAM,OAAO,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC;IAC/F,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,gBAAgB;QAC7B,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,MAAM,aAAa,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC;QACjD,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO;QACT,CAAC;QACD,OAAO,IAAA,uBAAY,EAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,KAAK,CAAC,SAA4B,EAAE;QACjD,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAgC;YAChD,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,SAAS;SACrB,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,UAAU,CAAC,CAAC,CAAC;gBAChB,MAAM,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACtC,OAAO;YACT,CAAC;YACD,KAAK,OAAO;gBACV,OAAO,mBAAmB,CAAC,MAAM,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,cAAc,CAC3B,MAAgB,EAChB,eAA+C;QAE/C,MAAM,aAAa,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,uCAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe;gBACf,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAA8B;YAC5C,SAAS,EAAE,eAAe,EAAE,SAAS,IAAI,UAAU,CAAC,IAAI,CAAC,SAAU;YACnE,aAAa,EAAE,eAAe,EAAE,aAAa;YAC7C,MAAM,EAAE,eAAe,EAAE,MAAM;YAC/B,OAAO,EAAE,IAAA,uBAAY,EAAC,aAAa,CAAC;YACpC,YAAY,EAAE,KAAK;YACnB,MAAM;SACP,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACpD,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;YAC/B,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YAC9D,OAAO,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,IAAA,0BAAe,EAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,mBAAmB,CAChC,MAAgB,EAChB,eAA+C;QAE/C,MAAM,aAAa,GAAG,MAAM,gBAAgB,EAAE,CAAC;QAC/C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,uCAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe;gBACf,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAgC;YAC9C,SAAS,EAAE,eAAe,EAAE,SAAS,IAAI,UAAU,CAAC,IAAI,CAAC,SAAU;YACnE,aAAa,EAAE,eAAe,EAAE,aAAa;YAC7C,MAAM,EAAE,eAAe,EAAE,MAAM;YAC/B,OAAO,EAAE,IAAA,uBAAY,EAAC,aAAa,CAAC;YACpC,SAAS,EAAE,SAAS;YACpB,MAAM;SACP,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,MAAM,EAAE,CAAC;QAC/B,QAAQ,UAAU,EAAE,CAAC;YACnB,KAAK,UAAU;gBACb,gCAAgC;gBAChC,8DAA8D;gBAC9D,kDAAkD;gBAElD,MAAM,OAAO,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;gBAC/C,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,kBAAkB,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;YACnE,KAAK,OAAO;gBACV,OAAO,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,UAAU,QAAQ,CACrB,MAAgB,EAChB,kBAAiD,EAAE;QAEnD,MAAM,gBAAgB,GACpB,IAAA,4CAAyB,EAAC,QAAQ,EAAE,eAAe,EAAE,4BAA4B,CAAC;YAClF,QAAQ,CAAC;QAEX,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,CAAC;YAC/B,eAAe,CAAC,SAAS,GAAG,IAAA,uBAAY,EAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;QAC5E,CAAC;QAED,uDAAuD;QACvD,MAAM,cAAc,EAAE,CAAC;QAEvB,IAAI,CAAC,CAAC,MAAM,gBAAgB,EAAE,CAAC,IAAI,CAAC,8BAA8B,EAAE,CAAC;YACnE,MAAM,KAAK,CAAC,MAAM,CAAC,CAAC;QACtB,CAAC;QAED,8EAA8E;QAC9E,IAAI,CAAC;YACH,OAAO,MAAM,cAAc,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC/C,MAAM,GAAG,CAAC;YACZ,CAAC;YACD,IAAI,eAAe,EAAE,8BAA8B,EAAE,CAAC;gBACpD,MAAM,IAAI,uCAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe;oBACf,OAAO,EACL,qFAAqF;iBACxF,CAAC,CAAC;YACL,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,oEAAoE,UAAU,EAAE,CAAC,CAAC;YAC9F,OAAO,mBAAmB,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IACD,OAAO;QACL,gBAAgB;QAChB,QAAQ;KACT,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport * as msalBrowser from \"@azure/msal-browser\";\n\nimport type { MsalBrowserFlowOptions } from \"./msalBrowserOptions.js\";\nimport {\n  defaultLoggerCallback,\n  ensureValidMsalToken,\n  getAuthority,\n  getKnownAuthorities,\n  getMSALLogLevel,\n  handleMsalError,\n  msalToPublic,\n  publicToMsal,\n} from \"../utils.js\";\n\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport type { AuthenticationRecord, MsalResult } from \"../types.js\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../../errors.js\";\nimport type { CredentialFlowGetTokenOptions } from \"../credentials.js\";\nimport { getLogLevel } from \"@azure/logger\";\nimport { formatSuccess } from \"../../util/logging.js\";\nimport {\n  processMultiTenantRequest,\n  resolveAdditionallyAllowedTenantIds,\n  resolveTenantId,\n} from \"../../util/tenantIdUtils.js\";\nimport { DefaultTenantId } from \"../../constants.js\";\n\n// We keep a copy of the redirect hash.\n// Check if self and location object is defined.\nconst isLocationDefined = typeof self !== \"undefined\" && self.location !== undefined;\n\n/**\n * Generates a MSAL configuration that generally works for browsers\n */\nfunction generateMsalBrowserConfiguration(\n  options: MsalBrowserFlowOptions,\n): msalBrowser.Configuration {\n  const tenantId = options.tenantId || DefaultTenantId;\n  const authority = getAuthority(tenantId, options.authorityHost);\n  return {\n    auth: {\n      clientId: options.clientId!,\n      authority,\n      knownAuthorities: getKnownAuthorities(tenantId, authority, options.disableInstanceDiscovery),\n      // If the users picked redirect as their login style,\n      // but they didn't provide a redirectUri,\n      // we can try to use the current page we're in as a default value.\n      redirectUri: options.redirectUri || (isLocationDefined ? self.location.origin : undefined),\n    },\n    cache: {\n      cacheLocation: \"sessionStorage\",\n      storeAuthStateInCookie: true, // Set to true to improve the experience on IE11 and Edge.\n    },\n    system: {\n      loggerOptions: {\n        loggerCallback: defaultLoggerCallback(options.logger, \"Browser\"),\n        logLevel: getMSALLogLevel(getLogLevel()),\n        piiLoggingEnabled: options.loggingOptions?.enableUnsafeSupportLogging,\n      },\n    },\n  };\n}\n\n/**\n * Methods that are used by InteractiveBrowserCredential\n * @internal\n */\nexport interface MsalBrowserClient {\n  getActiveAccount(): Promise<AuthenticationRecord | undefined>;\n  getToken(scopes: string[], options: CredentialFlowGetTokenOptions): Promise<AccessToken>;\n}\n\n// We keep a copy of the redirect hash.\nconst redirectHash = isLocationDefined ? self.location.hash : undefined;\n\n/**\n * Uses MSAL Browser 2.X for browser authentication,\n * which uses the [Auth Code Flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).\n * @internal\n */\nexport function createMsalBrowserClient(options: MsalBrowserFlowOptions): MsalBrowserClient {\n  const loginStyle = options.loginStyle;\n  if (!options.clientId) {\n    throw new CredentialUnavailableError(\"A client ID is required in browsers\");\n  }\n  const clientId = options.clientId;\n  const logger = options.logger;\n  const tenantId = resolveTenantId(logger, options.tenantId, options.clientId);\n  const additionallyAllowedTenantIds: string[] = resolveAdditionallyAllowedTenantIds(\n    options?.tokenCredentialOptions?.additionallyAllowedTenants,\n  );\n  const authorityHost = options.authorityHost;\n  const msalConfig = generateMsalBrowserConfiguration(options);\n  const disableAutomaticAuthentication = options.disableAutomaticAuthentication;\n  const loginHint = options.loginHint;\n\n  let account: AuthenticationRecord | undefined;\n  if (options.authenticationRecord) {\n    account = {\n      ...options.authenticationRecord,\n      tenantId,\n    };\n  }\n\n  // This variable should only be used through calling `getApp` function\n  let app: msalBrowser.IPublicClientApplication;\n  /**\n   * Return the MSAL account if not set yet\n   * @returns MSAL application\n   */\n  async function getApp(): Promise<msalBrowser.IPublicClientApplication> {\n    if (!app) {\n      // Prepare the MSAL application\n      app = await msalBrowser.PublicClientApplication.createPublicClientApplication(msalConfig);\n\n      // setting the account right after the app is created.\n      if (account) {\n        app.setActiveAccount(publicToMsal(account));\n      }\n    }\n\n    return app;\n  }\n\n  /**\n   * Loads the account based on the result of the authentication.\n   * If no result was received, tries to load the account from the cache.\n   * @param result - Result object received from MSAL.\n   */\n  async function handleBrowserResult(\n    result?: msalBrowser.AuthenticationResult,\n  ): Promise<AuthenticationRecord | undefined> {\n    try {\n      const msalApp = await getApp();\n      if (result && result.account) {\n        logger.info(`MSAL Browser V2 authentication successful.`);\n        msalApp.setActiveAccount(result.account);\n        return msalToPublic(clientId, result.account);\n      }\n    } catch (e: any) {\n      logger.info(`Failed to acquire token through MSAL. ${e.message}`);\n    }\n    return;\n  }\n\n  /**\n   * Handles the MSAL authentication result.\n   * If the result has an account, we update the local account reference.\n   * If the token received is invalid, an error will be thrown depending on what's missing.\n   */\n  function handleResult(\n    scopes: string | string[],\n    result?: MsalResult,\n    getTokenOptions?: GetTokenOptions,\n  ): AccessToken {\n    if (result?.account) {\n      account = msalToPublic(clientId, result.account);\n    }\n    ensureValidMsalToken(scopes, result, getTokenOptions);\n    logger.getToken.info(formatSuccess(scopes));\n    return {\n      token: result.accessToken,\n      expiresOnTimestamp: result.expiresOn.getTime(),\n      refreshAfterTimestamp: result.refreshOn?.getTime(),\n      tokenType: \"Bearer\",\n    };\n  }\n\n  /**\n   * Uses MSAL to handle the redirect.\n   */\n  async function handleRedirect(): Promise<AuthenticationRecord | undefined> {\n    const msalApp = await getApp();\n    return handleBrowserResult((await msalApp.handleRedirectPromise(redirectHash)) || undefined);\n  }\n\n  /**\n   * Uses MSAL to retrieve the active account.\n   */\n  async function getActiveAccount(): Promise<AuthenticationRecord | undefined> {\n    const msalApp = await getApp();\n    const activeAccount = msalApp.getActiveAccount();\n    if (!activeAccount) {\n      return;\n    }\n    return msalToPublic(clientId, activeAccount);\n  }\n\n  /**\n   * Uses MSAL to trigger a redirect or a popup login.\n   */\n  async function login(scopes: string | string[] = []): Promise<AuthenticationRecord | undefined> {\n    const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n    const loginRequest: msalBrowser.RedirectRequest = {\n      scopes: arrayScopes,\n      loginHint: loginHint,\n    };\n    const msalApp = await getApp();\n    switch (loginStyle) {\n      case \"redirect\": {\n        await app.loginRedirect(loginRequest);\n        return;\n      }\n      case \"popup\":\n        return handleBrowserResult(await msalApp.loginPopup(loginRequest));\n    }\n  }\n\n  /**\n   * Tries to retrieve the token silently using MSAL.\n   */\n  async function getTokenSilent(\n    scopes: string[],\n    getTokenOptions?: CredentialFlowGetTokenOptions,\n  ): Promise<AccessToken> {\n    const activeAccount = await getActiveAccount();\n    if (!activeAccount) {\n      throw new AuthenticationRequiredError({\n        scopes,\n        getTokenOptions,\n        message:\n          \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n      });\n    }\n\n    const parameters: msalBrowser.SilentRequest = {\n      authority: getTokenOptions?.authority || msalConfig.auth.authority!,\n      correlationId: getTokenOptions?.correlationId,\n      claims: getTokenOptions?.claims,\n      account: publicToMsal(activeAccount),\n      forceRefresh: false,\n      scopes,\n    };\n\n    try {\n      logger.info(\"Attempting to acquire token silently\");\n      const msalApp = await getApp();\n      const response = await msalApp.acquireTokenSilent(parameters);\n      return handleResult(scopes, response);\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  /**\n   * Attempts to retrieve the token in the browser through interactive methods.\n   */\n  async function getTokenInteractive(\n    scopes: string[],\n    getTokenOptions?: CredentialFlowGetTokenOptions,\n  ): Promise<AccessToken> {\n    const activeAccount = await getActiveAccount();\n    if (!activeAccount) {\n      throw new AuthenticationRequiredError({\n        scopes,\n        getTokenOptions,\n        message:\n          \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n      });\n    }\n\n    const parameters: msalBrowser.RedirectRequest = {\n      authority: getTokenOptions?.authority || msalConfig.auth.authority!,\n      correlationId: getTokenOptions?.correlationId,\n      claims: getTokenOptions?.claims,\n      account: publicToMsal(activeAccount),\n      loginHint: loginHint,\n      scopes,\n    };\n    const msalApp = await getApp();\n    switch (loginStyle) {\n      case \"redirect\":\n        // This will go out of the page.\n        // Once the InteractiveBrowserCredential is initialized again,\n        // we'll load the MSAL account in the constructor.\n\n        await msalApp.acquireTokenRedirect(parameters);\n        return { token: \"\", expiresOnTimestamp: 0, tokenType: \"Bearer\" };\n      case \"popup\":\n        return handleResult(scopes, await app.acquireTokenPopup(parameters));\n    }\n  }\n\n  /**\n   * Attempts to get token through the silent flow.\n   * If failed, get token through interactive method with `doGetToken` method.\n   */\n  async function getToken(\n    scopes: string[],\n    getTokenOptions: CredentialFlowGetTokenOptions = {},\n  ): Promise<AccessToken> {\n    const getTokenTenantId =\n      processMultiTenantRequest(tenantId, getTokenOptions, additionallyAllowedTenantIds) ||\n      tenantId;\n\n    if (!getTokenOptions.authority) {\n      getTokenOptions.authority = getAuthority(getTokenTenantId, authorityHost);\n    }\n\n    // We ensure that redirection is handled at this point.\n    await handleRedirect();\n\n    if (!(await getActiveAccount()) && !disableAutomaticAuthentication) {\n      await login(scopes);\n    }\n\n    // Attempts to get the token silently; else, falls back to interactive method.\n    try {\n      return await getTokenSilent(scopes, getTokenOptions);\n    } catch (err: any) {\n      if (err.name !== \"AuthenticationRequiredError\") {\n        throw err;\n      }\n      if (getTokenOptions?.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions,\n          message:\n            \"Automatic authentication has been disabled. You may call the authenticate() method.\",\n        });\n      }\n      logger.info(`Silent authentication failed, falling back to interactive method ${loginStyle}`);\n      return getTokenInteractive(scopes, getTokenOptions);\n    }\n  }\n  return {\n    getActiveAccount,\n    getToken,\n  };\n}\n"]}

package/dist/commonjs/msal/nodeFlows/msalClient.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"msalClient.d.ts","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClient.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AAEzC,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,KAAK,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC1E,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAiB9D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,kDAAkD,CAAC;AACjG,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAChE,OAAO,KAAK,EAAE,uCAAuC,EAAE,MAAM,0DAA0D,CAAC;AACxH,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AAUtF;;GAEG;AACH,MAAM,WAAW,6BAA8B,SAAQ,eAAe;IACpE;;;;;;OAMG;IACH,8BAA8B,CAAC,EAAE,OAAO,CAAC;CAC1C;AAED;;GAEG;AACH,MAAM,WAAW,0BAA2B,SAAQ,6BAA6B;IAC/E;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;OAEG;IACH,2BAA2B,CAAC,EAAE,uCAAuC,CAAC,6BAA6B,CAAC,CAAC;IACrG;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB;;;;;;;;;OASG;IACH,kBAAkB,CAChB,MAAM,EAAE,MAAM,EAAE,EAChB,kBAAkB,EAAE,MAAM,EAC1B,iBAAiB,EAAE,MAAM,GAAG,gBAAgB,GAAG,CAAC,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC,EACtE,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;OAKG;IACH,4BAA4B,CAC1B,MAAM,EAAE,MAAM,EAAE,EAChB,OAAO,EAAE,0BAA0B,GAClC,OAAO,CAAC,WAAW,CAAC,CAAC;IACxB;;;;;;;;OAQG;IACH,0BAA0B,CACxB,MAAM,EAAE,MAAM,EAAE,EAChB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IACxB;;;;;;;OAOG;IACH,oBAAoB,CAClB,MAAM,EAAE,MAAM,EAAE,EAChB,kBAAkB,EAAE,wBAAwB,EAC5C,OAAO,CAAC,EAAE,6BAA6B,GACtC,OAAO,CAAC,WAAW,CAAC,CAAC;IACxB;;;;;;;OAOG;IACH,2BAA2B,CACzB,MAAM,EAAE,MAAM,EAAE,EAChB,WAAW,EAAE,gBAAgB,EAC7B,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;;;OAOG;IACH,yBAAyB,CACvB,MAAM,EAAE,MAAM,EAAE,EAChB,eAAe,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,EACtC,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;;;OAOG;IACH,sBAAsB,CACpB,MAAM,EAAE,MAAM,EAAE,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;;;;;;;OAWG;IACH,2BAA2B,CACzB,MAAM,EAAE,MAAM,EAAE,EAChB,WAAW,EAAE,MAAM,EACnB,iBAAiB,EAAE,MAAM,EACzB,YAAY,CAAC,EAAE,MAAM,EACrB,OAAO,CAAC,EAAE,6BAA6B,GACtC,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;OAIG;IACH,gBAAgB,IAAI,oBAAoB,GAAG,SAAS,CAAC;IAErD;;;;;;;OAOG;IACH,gBAAgB,CACd,MAAM,EAAE,MAAM,EAAE,EAChB,uBAAuB,EAAE,OAAO,EAChC,OAAO,CAAC,EAAE,0BAA0B,GACnC,OAAO,CAAC,WAAW,CAAC,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC;;OAEG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC;IAE9B;;OAEG;IACH,4BAA4B,CAAC,EAAE,4BAA4B,CAAC;IAE5D;;OAEG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAE7B;;OAEG;IACH,aAAa,CAAC,EAAE,cAAc,CAAC,wBAAwB,CAAC,CAAC,eAAe,CAAC,CAAC;IAE1E;;OAEG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC,wBAAwB,CAAC,CAAC,gBAAgB,CAAC,CAAC;IAE5E;;OAEG;IACH,sBAAsB,CAAC,EAAE,cAAc,CAAC,wBAAwB,CAAC,CAAC;IAElE;;OAEG;IACH,wBAAwB,CAAC,EAAE,OAAO,CAAC;IAEnC;;OAEG;IACH,MAAM,CAAC,EAAE,gBAAgB,CAAC;IAE1B;;OAEG;IACH,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;CAC7C;AAED;;;;;;;GAOG;AACH,wBAAgB,yBAAyB,CACvC,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,iBAAiB,GAAE,iBAAsB,GACxC,IAAI,CAAC,aAAa,CAoCpB;AAyBD;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,uBAAuB,GAAE,iBAAsB,GAC9C,UAAU,CA4jBZ"}
+{"version":3,"file":"msalClient.d.ts","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClient.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,IAAI,MAAM,kBAAkB,CAAC;AAEzC,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,KAAK,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC1E,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAiB9D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,kDAAkD,CAAC;AACjG,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAChE,OAAO,KAAK,EAAE,uCAAuC,EAAE,MAAM,0DAA0D,CAAC;AACxH,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AAUtF;;GAEG;AACH,MAAM,WAAW,6BAA8B,SAAQ,eAAe;IACpE;;;;;;OAMG;IACH,8BAA8B,CAAC,EAAE,OAAO,CAAC;CAC1C;AAED;;GAEG;AACH,MAAM,WAAW,0BAA2B,SAAQ,6BAA6B;IAC/E;;OAEG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;OAEG;IACH,2BAA2B,CAAC,EAAE,uCAAuC,CAAC,6BAA6B,CAAC,CAAC;IACrG;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB;;;;;;;;;OASG;IACH,kBAAkB,CAChB,MAAM,EAAE,MAAM,EAAE,EAChB,kBAAkB,EAAE,MAAM,EAC1B,iBAAiB,EAAE,MAAM,GAAG,gBAAgB,GAAG,CAAC,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC,EACtE,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;OAKG;IACH,4BAA4B,CAC1B,MAAM,EAAE,MAAM,EAAE,EAChB,OAAO,EAAE,0BAA0B,GAClC,OAAO,CAAC,WAAW,CAAC,CAAC;IACxB;;;;;;;;OAQG;IACH,0BAA0B,CACxB,MAAM,EAAE,MAAM,EAAE,EAChB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IACxB;;;;;;;OAOG;IACH,oBAAoB,CAClB,MAAM,EAAE,MAAM,EAAE,EAChB,kBAAkB,EAAE,wBAAwB,EAC5C,OAAO,CAAC,EAAE,6BAA6B,GACtC,OAAO,CAAC,WAAW,CAAC,CAAC;IACxB;;;;;;;OAOG;IACH,2BAA2B,CACzB,MAAM,EAAE,MAAM,EAAE,EAChB,WAAW,EAAE,gBAAgB,EAC7B,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;;;OAOG;IACH,yBAAyB,CACvB,MAAM,EAAE,MAAM,EAAE,EAChB,eAAe,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,EACtC,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;;;OAOG;IACH,sBAAsB,CACpB,MAAM,EAAE,MAAM,EAAE,EAChB,YAAY,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;;;;;;;;OAWG;IACH,2BAA2B,CACzB,MAAM,EAAE,MAAM,EAAE,EAChB,WAAW,EAAE,MAAM,EACnB,iBAAiB,EAAE,MAAM,EACzB,YAAY,CAAC,EAAE,MAAM,EACrB,OAAO,CAAC,EAAE,6BAA6B,GACtC,OAAO,CAAC,WAAW,CAAC,CAAC;IAExB;;;;OAIG;IACH,gBAAgB,IAAI,oBAAoB,GAAG,SAAS,CAAC;IAErD;;;;;;;OAOG;IACH,gBAAgB,CACd,MAAM,EAAE,MAAM,EAAE,EAChB,uBAAuB,EAAE,OAAO,EAChC,OAAO,CAAC,EAAE,0BAA0B,GACnC,OAAO,CAAC,WAAW,CAAC,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC;;OAEG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC;IAE9B;;OAEG;IACH,4BAA4B,CAAC,EAAE,4BAA4B,CAAC;IAE5D;;OAEG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAE7B;;OAEG;IACH,aAAa,CAAC,EAAE,cAAc,CAAC,wBAAwB,CAAC,CAAC,eAAe,CAAC,CAAC;IAE1E;;OAEG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC,wBAAwB,CAAC,CAAC,gBAAgB,CAAC,CAAC;IAE5E;;OAEG;IACH,sBAAsB,CAAC,EAAE,cAAc,CAAC,wBAAwB,CAAC,CAAC;IAElE;;OAEG;IACH,wBAAwB,CAAC,EAAE,OAAO,CAAC;IAEnC;;OAEG;IACH,MAAM,CAAC,EAAE,gBAAgB,CAAC;IAE1B;;OAEG;IACH,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;CAC7C;AAED;;;;;;;GAOG;AACH,wBAAgB,yBAAyB,CACvC,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,iBAAiB,GAAE,iBAAsB,GACxC,IAAI,CAAC,aAAa,CAoCpB;AAuBD;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,uBAAuB,GAAE,iBAAsB,GAC9C,UAAU,CA0jBZ"}

package/dist/commonjs/msal/nodeFlows/msalClient.js

@@ -382,8 +382,6 @@ function createMsalClient(clientId, tenantId, createMsalClientOptions = {}) {
     /**
      * Creates a base interactive request configuration for MSAL interactive authentication.
      * This is shared between interactive and brokered authentication flows.
-     *
-     * @internal
      */
     function createBaseInteractiveRequest(scopes, options) {
         return {

package/dist/commonjs/msal/nodeFlows/msalClient.js.map

@@ -1 +1 @@
-{"version":3,"file":"msalClient.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClient.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AA+QlC,8DAwCC;AAmCD,4CAgkBC;;AAx5BD,+DAAyC;AAKzC,sDAAwE;AAExE,qDAA+C;AAC/C,0CAUqB;AAErB,+CAA8D;AAG9D,sEAAgE;AAGhE,qEAAwE;AACxE,0CAA4C;AAC5C,kEAA8D;AAE9D;;GAEG;AACH,MAAM,UAAU,GAAG,IAAA,6BAAgB,EAAC,YAAY,CAAC,CAAC;AAoOlD;;;;;;;GAOG;AACH,SAAgB,yBAAyB,CACvC,QAAgB,EAChB,QAAgB,EAChB,oBAAuC,EAAE;IAEzC,MAAM,cAAc,GAAG,IAAA,kCAAe,EACpC,iBAAiB,CAAC,MAAM,IAAI,UAAU,EACtC,QAAQ,EACR,QAAQ,CACT,CAAC;IAEF,sDAAsD;IACtD,MAAM,SAAS,GAAG,IAAA,uBAAY,EAAC,cAAc,EAAE,IAAA,2BAAgB,EAAC,iBAAiB,CAAC,CAAC,CAAC;IAEpF,MAAM,UAAU,GAAG,IAAI,kCAAc,CAAC;QACpC,GAAG,iBAAiB,CAAC,sBAAsB;QAC3C,aAAa,EAAE,SAAS;QACxB,cAAc,EAAE,iBAAiB,CAAC,cAAc;KACjD,CAAC,CAAC;IAEH,MAAM,UAAU,GAAuB;QACrC,IAAI,EAAE;YACJ,QAAQ;YACR,SAAS;YACT,gBAAgB,EAAE,IAAA,8BAAmB,EACnC,cAAc,EACd,SAAS,EACT,iBAAiB,CAAC,wBAAwB,CAC3C;SACF;QACD,MAAM,EAAE;YACN,aAAa,EAAE,UAAU;YACzB,aAAa,EAAE;gBACb,cAAc,EAAE,IAAA,gCAAqB,EAAC,iBAAiB,CAAC,MAAM,IAAI,UAAU,CAAC;gBAC7E,QAAQ,EAAE,IAAA,0BAAe,EAAC,IAAA,oBAAW,GAAE,CAAC;gBACxC,iBAAiB,EAAE,iBAAiB,CAAC,cAAc,EAAE,0BAA0B;aAChF;SACF;KACF,CAAC;IACF,OAAO,UAAU,CAAC;AACpB,CAAC;AAyBD;;;;;;;;;GASG;AACH,SAAgB,gBAAgB,CAC9B,QAAgB,EAChB,QAAgB,EAChB,0BAA6C,EAAE;IAE/C,MAAM,KAAK,GAAoB;QAC7B,UAAU,EAAE,yBAAyB,CAAC,QAAQ,EAAE,QAAQ,EAAE,uBAAuB,CAAC;QAClF,aAAa,EAAE,uBAAuB,CAAC,oBAAoB;YACzD,CAAC,CAAC,IAAA,uBAAY,EAAC,uBAAuB,CAAC,oBAAoB,CAAC;YAC5D,CAAC,CAAC,IAAI;QACR,mBAAmB,EAAE,4BAAW,CAAC,2BAA2B,CAAC,uBAAuB,CAAC;QACrF,MAAM,EAAE,uBAAuB,CAAC,MAAM,IAAI,UAAU;KACrD,CAAC;IAEF,MAAM,UAAU,GAA8C,IAAI,GAAG,EAAE,CAAC;IACxE,KAAK,UAAU,YAAY,CACzB,UAA2B,EAAE;QAE7B,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAErD,IAAI,eAAe,GAAG,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,eAAe,EAAE,CAAC;YACpB,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC;YAC7F,OAAO,eAAe,CAAC;QACzB,CAAC;QAED,oCAAoC;QACpC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CACxB,iDAAiD,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,GAAG,CAC/F,CAAC;QAEF,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS;YACnC,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,cAAc;YAChD,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,WAAW,CAAC;QAEhD,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAEnF,eAAe,GAAG,IAAI,IAAI,CAAC,uBAAuB,CAAC;YACjD,GAAG,KAAK,CAAC,UAAU;YACnB,MAAM,EAAE,EAAE,kBAAkB,EAAE,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,kBAAkB,EAAE;YACnF,KAAK,EAAE,EAAE,WAAW,EAAE,MAAM,WAAW,EAAE;SAC1C,CAAC,CAAC;QAEH,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QAExC,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,MAAM,gBAAgB,GAAoD,IAAI,GAAG,EAAE,CAAC;IACpF,KAAK,UAAU,kBAAkB,CAC/B,UAA2B,EAAE;QAE7B,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAErD,IAAI,qBAAqB,GAAG,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACzD,IAAI,qBAAqB,EAAE,CAAC;YAC1B,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CACxB,sEAAsE,CACvE,CAAC;YACF,OAAO,qBAAqB,CAAC;QAC/B,CAAC;QAED,oCAAoC;QACpC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CACxB,uDACE,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAClC,GAAG,CACJ,CAAC;QAEF,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS;YACnC,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,cAAc;YAChD,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,WAAW,CAAC;QAEhD,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAEnF,qBAAqB,GAAG,IAAI,IAAI,CAAC,6BAA6B,CAAC;YAC7D,GAAG,KAAK,CAAC,UAAU;YACnB,MAAM,EAAE,EAAE,kBAAkB,EAAE,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,kBAAkB,EAAE;YACnF,KAAK,EAAE,EAAE,WAAW,EAAE,MAAM,WAAW,EAAE;SAC1C,CAAC,CAAC;QAEH,gBAAgB,CAAC,GAAG,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;QAEpD,OAAO,qBAAqB,CAAC;IAC/B,CAAC;IAED,KAAK,UAAU,cAAc,CAC3B,GAAsE,EACtE,MAAgB,EAChB,UAA2B,EAAE;QAE7B,IAAI,KAAK,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;YACjC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;YACtE,MAAM,IAAI,uCAA2B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QACpD,CAAC;QAED,gEAAgE;QAChE,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,KAAK,CAAC,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC;QACtC,CAAC;QAED,MAAM,aAAa,GAA2B;YAC5C,OAAO,EAAE,KAAK,CAAC,aAAa;YAC5B,MAAM;YACN,MAAM,EAAE,KAAK,CAAC,YAAY;SAC3B,CAAC;QAEF,IAAI,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YAC/C,aAAa,CAAC,oBAAoB,KAAK,EAAE,CAAC;YAC1C,IAAI,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC;gBAC1D,aAAa,CAAC,oBAAoB,CAAC,mBAAmB,CAAC,GAAG,sBAAsB,CAAC;YACnF,CAAC;QACH,CAAC;QAED,IAAI,OAAO,CAAC,wBAAwB,EAAE,CAAC;YACrC,aAAa,CAAC,QAAQ,GAAG,OAAO,CAAC,wBAAwB,CAAC,KAAK,CAAC;YAChE,aAAa,CAAC,oBAAoB,GAAG,KAAK,CAAC;YAC3C,aAAa,CAAC,qBAAqB,GAAG,OAAO,CAAC,wBAAwB,CAAC,qBAAqB,CAAC;YAC7F,aAAa,CAAC,kBAAkB,GAAG,OAAO,CAAC,wBAAwB,CAAC,kBAAkB,CAAC;QACzF,CAAC;QACD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACnE,IAAI,CAAC;YACH,OAAO,MAAM,GAAG,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;QACrD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,IAAA,0BAAe,EAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,SAAS,yBAAyB,CAAC,OAAyB;QAC1D,IAAI,OAAO,EAAE,QAAQ,EAAE,CAAC;YACtB,OAAO,IAAA,uBAAY,EAAC,OAAO,CAAC,QAAQ,EAAE,IAAA,2BAAgB,EAAC,uBAAuB,CAAC,CAAC,CAAC;QACnF,CAAC;QACD,OAAO,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;IACzC,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,UAAU,wBAAwB,CACrC,OAA0E,EAC1E,MAAqB,EACrB,OAAsC,EACtC,wBAAyE;QAEzE,IAAI,QAAQ,GAAqC,IAAI,CAAC;QACtD,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAC5D,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,IAAI,CAAC,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC7C,MAAM,CAAC,CAAC;YACV,CAAC;YACD,IAAI,OAAO,CAAC,8BAA8B,EAAE,CAAC;gBAC3C,MAAM,IAAI,uCAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EACL,uFAAuF;iBAC1F,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YACtB,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAM,wBAAwB,EAAE,CAAC;YAC9C,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,IAAA,0BAAe,EAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,mDAAmD;QACnD,IAAA,+BAAoB,EAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QAChD,KAAK,CAAC,aAAa,GAAG,QAAQ,EAAE,OAAO,IAAI,IAAI,CAAC;QAEhD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,0BAAa,EAAC,MAAM,CAAC,CAAC,CAAC;QAClD,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,WAAW;YAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;YAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;YACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;SACf,CAAC;IACnB,CAAC;IAED,KAAK,UAAU,sBAAsB,CACnC,MAAgB,EAChB,YAAoB,EACpB,UAA2B,EAAE;QAE7B,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;QAE9E,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QAElD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAElD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,8BAA8B,CAAC;gBAC5D,MAAM;gBACN,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,WAAW,EAAE,IAAA,iDAA0B,GAAE;gBACzC,MAAM,EAAE,OAAO,EAAE,MAAM;aACxB,CAAC,CAAC;YACH,IAAA,+BAAoB,EAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAChD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,0BAAa,EAAC,MAAM,CAAC,CAAC,CAAC;YAClD,OAAO;gBACL,KAAK,EAAE,QAAQ,CAAC,WAAW;gBAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;gBAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;gBACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;aACf,CAAC;QACnB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,IAAA,0BAAe,EAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,KAAK,UAAU,yBAAyB,CACtC,MAAgB,EAChB,eAAsC,EACtC,UAA2B,EAAE;QAE7B,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QAEjF,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QAExD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAElD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,8BAA8B,CAAC;gBAC5D,MAAM;gBACN,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,WAAW,EAAE,IAAA,iDAA0B,GAAE;gBACzC,MAAM,EAAE,OAAO,EAAE,MAAM;gBACvB,eAAe;aAChB,CAAC,CAAC;YACH,IAAA,+BAAoB,EAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAEhD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,0BAAa,EAAC,MAAM,CAAC,CAAC,CAAC;YAClD,OAAO;gBACL,KAAK,EAAE,QAAQ,CAAC,WAAW;gBAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;gBAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;gBACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;aACf,CAAC;QACnB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,IAAA,0BAAe,EAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,KAAK,UAAU,2BAA2B,CACxC,MAAgB,EAChB,WAA6B,EAC7B,UAA2B,EAAE;QAE7B,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;QAEnF,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,GAAG,WAAW,CAAC;QAEtD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,8BAA8B,CAAC;gBAC5D,MAAM;gBACN,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,WAAW,EAAE,IAAA,iDAA0B,GAAE;gBACzC,MAAM,EAAE,OAAO,EAAE,MAAM;aACxB,CAAC,CAAC;YACH,IAAA,+BAAoB,EAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAEhD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,0BAAa,EAAC,MAAM,CAAC,CAAC,CAAC;YAClD,OAAO;gBACL,KAAK,EAAE,QAAQ,CAAC,WAAW;gBAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;gBAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;gBACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;aACf,CAAC;QACnB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,IAAA,0BAAe,EAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,KAAK,UAAU,oBAAoB,CACjC,MAAgB,EAChB,kBAA4C,EAC5C,UAAyC,EAAE;QAE3C,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;QAE5E,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAE5C,OAAO,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE;YAC7D,MAAM,cAAc,GAA2B;gBAC7C,MAAM;gBACN,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,IAAI,KAAK;gBAC9C,kBAAkB;gBAClB,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,MAAM,EAAE,OAAO,EAAE,MAAM;aACxB,CAAC;YACF,MAAM,iBAAiB,GAAG,OAAO,CAAC,wBAAwB,CAAC,cAAc,CAAC,CAAC;YAC3E,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBACxB,OAAO,CAAC,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;oBACjD,cAAc,CAAC,MAAM,GAAG,IAAI,CAAC;gBAC/B,CAAC,CAAC,CAAC;YACL,CAAC;YAED,OAAO,iBAAiB,CAAC;QAC3B,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,UAAU,0BAA0B,CACvC,MAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,UAA2B,EAAE;QAE7B,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC;QAEtF,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAE5C,OAAO,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE;YAC7D,MAAM,cAAc,GAAiC;gBACnD,MAAM;gBACN,QAAQ;gBACR,QAAQ;gBACR,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,MAAM,EAAE,OAAO,EAAE,MAAM;aACxB,CAAC;YAEF,OAAO,OAAO,CAAC,8BAA8B,CAAC,cAAc,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,SAAS,gBAAgB;QACvB,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;YACzB,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO,IAAA,uBAAY,EAAC,QAAQ,EAAE,KAAK,CAAC,aAAa,CAAC,CAAC;IACrD,CAAC;IAED,KAAK,UAAU,2BAA2B,CACxC,MAAgB,EAChB,WAAmB,EACnB,iBAAyB,EACzB,YAAqB,EACrB,UAAyC,EAAE;QAE3C,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;QAEnF,IAAI,OAA0E,CAAC;QAC/E,IAAI,YAAY,EAAE,CAAC;YACjB,mFAAmF;YACnF,gIAAgI;YAChI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;YAClD,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC;QAED,OAAO,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE;YAC7D,OAAO,OAAO,CAAC,kBAAkB,CAAC;gBAChC,MAAM;gBACN,WAAW;gBACX,IAAI,EAAE,iBAAiB;gBACvB,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,MAAM,EAAE,OAAO,EAAE,MAAM;aACxB,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,UAAU,kBAAkB,CAC/B,MAAgB,EAChB,kBAA0B,EAC1B,iBAAsE,EACtE,UAA2B,EAAE;QAE7B,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QAElF,IAAI,OAAO,iBAAiB,KAAK,QAAQ,EAAE,CAAC;YAC1C,gBAAgB;YAChB,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;YACtE,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,iBAAiB,CAAC;QACzD,CAAC;aAAM,IAAI,OAAO,iBAAiB,KAAK,UAAU,EAAE,CAAC;YACnD,mBAAmB;YACnB,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;YAClF,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,GAAG,iBAAiB,CAAC;QAC5D,CAAC;aAAM,CAAC;YACN,qBAAqB;YACrB,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;YAC3E,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;QAC9D,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,sBAAsB,CAAC;gBACpD,MAAM;gBACN,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,YAAY,EAAE,kBAAkB;aACjC,CAAC,CAAC;YACH,IAAA,+BAAoB,EAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAEhD,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,0BAAa,EAAC,MAAM,CAAC,CAAC,CAAC;YAChD,OAAO;gBACL,KAAK,EAAE,QAAQ,CAAC,WAAW;gBAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;gBAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;gBACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;aACf,CAAC;QACnB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,IAAA,0BAAe,EAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,SAAS,4BAA4B,CACnC,MAAgB,EAChB,OAAmC;QAEnC,OAAO;YACL,WAAW,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;gBACzB,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;gBAClC,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;YACjD,CAAC;YACD,MAAM;YACN,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;YAC7C,MAAM,EAAE,OAAO,EAAE,MAAM;YACvB,SAAS,EAAE,OAAO,EAAE,SAAS;YAC7B,aAAa,EAAE,OAAO,EAAE,2BAA2B,EAAE,YAAY;YACjE,eAAe,EAAE,OAAO,EAAE,2BAA2B,EAAE,cAAc;YACrE,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,gBAAgB;SACxD,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,wBAAwB,CACrC,MAAgB,EAChB,uBAAgC,EAChC,UAAsC,EAAE;QAExC,UAAU,CAAC,OAAO,CAAC,+CAA+C,CAAC,CAAC;QAEpE,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAExC,MAAM,kBAAkB,GAAG,4BAA4B,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACzE,IAAI,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;YACxD,kBAAkB,CAAC,YAAY,GAAG,MAAM,CAAC,IAAI,CAC3C,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,kBAAkB,CACpD,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,+EAA+E;YAC/E,UAAU,CAAC,OAAO,CAChB,kIAAkI,CACnI,CAAC;QACJ,CAAC;QAED,IAAI,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC;YAC1D,CAAC,kBAAkB,CAAC,oBAAoB,KAAK,EAAE,CAAC,CAAC,mBAAmB,CAAC;gBACnE,sBAAsB,CAAC;QAC3B,CAAC;QACD,IAAI,uBAAuB,EAAE,CAAC;YAC5B,kBAAkB,CAAC,MAAM,GAAG,MAAM,CAAC;YACnC,UAAU,CAAC,OAAO,CAAC,mEAAmE,CAAC,CAAC;QAC1F,CAAC;aAAM,CAAC;YACN,UAAU,CAAC,OAAO,CAAC,qEAAqE,CAAC,CAAC;QAC5F,CAAC;QAED,IAAI,OAAO,CAAC,wBAAwB,EAAE,CAAC;YACrC,kBAAkB,CAAC,QAAQ,GAAG,OAAO,CAAC,wBAAwB,CAAC,KAAK,CAAC;YACrE,kBAAkB,CAAC,oBAAoB,GAAG,KAAK,CAAC;YAChD,kBAAkB,CAAC,qBAAqB;gBACtC,OAAO,CAAC,wBAAwB,CAAC,qBAAqB,CAAC;YACzD,kBAAkB,CAAC,kBAAkB,GAAG,OAAO,CAAC,wBAAwB,CAAC,kBAAkB,CAAC;QAC9F,CAAC;QACD,IAAI,CAAC;YACH,OAAO,MAAM,GAAG,CAAC,uBAAuB,CAAC,kBAAkB,CAAC,CAAC;QAC/D,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,UAAU,CAAC,OAAO,CAAC,8CAA8C,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YAC9E,IAAI,OAAO,CAAC,8BAA8B,EAAE,CAAC;gBAC3C,MAAM,IAAI,uCAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EAAE,2DAA2D;iBACrE,CAAC,CAAC;YACL,CAAC;YACD,oGAAoG;YACpG,IAAI,uBAAuB,EAAE,CAAC;gBAC5B,OAAO,wBAAwB,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;YAC1D,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,CAAC;YACV,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,UAAU,gBAAgB,CAC7B,MAAgB,EAChB,uBAAgC,EAChC,UAAsC,EAAE;QAExC,UAAU,CAAC,QAAQ,CAAC,IAAI,CACtB,2FAA2F,uBAAuB,EAAE,CACrH,CAAC;QACF,MAAM,QAAQ,GAAG,MAAM,wBAAwB,CAAC,MAAM,EAAE,uBAAuB,EAAE,OAAO,CAAC,CAAC;QAC1F,IAAA,+BAAoB,EAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QAChD,KAAK,CAAC,aAAa,GAAG,QAAQ,EAAE,OAAO,IAAI,IAAI,CAAC;QAEhD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,0BAAa,EAAC,MAAM,CAAC,CAAC,CAAC;QAClD,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,WAAW;YAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;YAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;YACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;SACf,CAAC;IACnB,CAAC;IAED,KAAK,UAAU,4BAA4B,CACzC,MAAgB,EAChB,UAAsC,EAAE;QAExC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;QAEtE,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAExC,OAAO,wBAAwB,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,IAAI,EAAE;YAC/D,MAAM,kBAAkB,GAAG,4BAA4B,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAEzE,IAAI,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC/C,OAAO,wBAAwB,CAC7B,MAAM,EACN,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,uBAAuB,IAAI,KAAK,EACjE,OAAO,CACR,CAAC;YACJ,CAAC;YACD,IAAI,OAAO,CAAC,wBAAwB,EAAE,CAAC;gBACrC,kBAAkB,CAAC,QAAQ,GAAG,OAAO,CAAC,wBAAwB,CAAC,KAAK,CAAC;gBACrE,kBAAkB,CAAC,oBAAoB,GAAG,KAAK,CAAC;gBAChD,kBAAkB,CAAC,qBAAqB;oBACtC,OAAO,CAAC,wBAAwB,CAAC,qBAAqB,CAAC;gBACzD,kBAAkB,CAAC,kBAAkB,GAAG,OAAO,CAAC,wBAAwB,CAAC,kBAAkB,CAAC;YAC9F,CAAC;YACD,OAAO,GAAG,CAAC,uBAAuB,CAAC,kBAAkB,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,gBAAgB;QAChB,gBAAgB;QAChB,sBAAsB;QACtB,yBAAyB;QACzB,2BAA2B;QAC3B,oBAAoB;QACpB,0BAA0B;QAC1B,2BAA2B;QAC3B,kBAAkB;QAClB,4BAA4B;KAC7B,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport * as msal from \"@azure/msal-node\";\n\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport type { AuthenticationRecord, CertificateParts } from \"../types.js\";\nimport type { CredentialLogger } from \"../../util/logging.js\";\nimport { credentialLogger, formatSuccess } from \"../../util/logging.js\";\nimport type { PluginConfiguration } from \"./msalPlugins.js\";\nimport { msalPlugins } from \"./msalPlugins.js\";\nimport {\n  defaultLoggerCallback,\n  ensureValidMsalToken,\n  getAuthority,\n  getAuthorityHost,\n  getKnownAuthorities,\n  getMSALLogLevel,\n  handleMsalError,\n  msalToPublic,\n  publicToMsal,\n} from \"../utils.js\";\n\nimport { AuthenticationRequiredError } from \"../../errors.js\";\nimport type { BrokerOptions } from \"./brokerOptions.js\";\nimport type { DeviceCodePromptCallback } from \"../../credentials/deviceCodeCredentialOptions.js\";\nimport { IdentityClient } from \"../../client/identityClient.js\";\nimport type { InteractiveBrowserCredentialNodeOptions } from \"../../credentials/interactiveBrowserCredentialOptions.js\";\nimport type { TokenCachePersistenceOptions } from \"./tokenCachePersistenceOptions.js\";\nimport { calculateRegionalAuthority } from \"../../regionalAuthority.js\";\nimport { getLogLevel } from \"@azure/logger\";\nimport { resolveTenantId } from \"../../util/tenantIdUtils.js\";\n\n/**\n * The default logger used if no logger was passed in by the credential.\n */\nconst msalLogger = credentialLogger(\"MsalClient\");\n\n/**\n * Represents the options for acquiring a token using flows that support silent authentication.\n */\nexport interface GetTokenWithSilentAuthOptions extends GetTokenOptions {\n  /**\n   * Disables automatic authentication. If set to true, the method will throw an error if the user needs to authenticate.\n   *\n   * @remarks\n   *\n   * This option will be set to `false` when the user calls `authenticate` directly on a credential that supports it.\n   */\n  disableAutomaticAuthentication?: boolean;\n}\n\n/**\n * Represents the options for acquiring a token interactively.\n */\nexport interface GetTokenInteractiveOptions extends GetTokenWithSilentAuthOptions {\n  /**\n   * Window handle for parent window, required for WAM authentication.\n   */\n  parentWindowHandle?: Buffer;\n  /**\n   * Shared configuration options for browser customization\n   */\n  browserCustomizationOptions?: InteractiveBrowserCredentialNodeOptions[\"browserCustomizationOptions\"];\n  /**\n   * loginHint allows a user name to be pre-selected for interactive logins.\n   * Setting this option skips the account selection prompt and immediately attempts to login with the specified account.\n   */\n  loginHint?: string;\n}\n\n/**\n * Represents a client for interacting with the Microsoft Authentication Library (MSAL).\n */\nexport interface MsalClient {\n  /**\n   *\n   * Retrieves an access token by using the on-behalf-of flow and a client assertion callback of the calling service.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param userAssertionToken - The access token that was sent to the middle-tier API. This token must have an audience of the app making this OBO request.\n   * @param clientCredentials - The client secret OR client certificate OR client `getAssertion` callback.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenOnBehalfOf(\n    scopes: string[],\n    userAssertionToken: string,\n    clientCredentials: string | CertificateParts | (() => Promise<string>),\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves an access token by using an interactive prompt (InteractiveBrowserCredential).\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByInteractiveRequest(\n    scopes: string[],\n    options: GetTokenInteractiveOptions,\n  ): Promise<AccessToken>;\n  /**\n   * Retrieves an access token by using a user's username and password.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param username - The username provided by the developer.\n   * @param password - The user's password provided by the developer.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByUsernamePassword(\n    scopes: string[],\n    username: string,\n    password: string,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n  /**\n   * Retrieves an access token by prompting the user to authenticate using a device code.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param userPromptCallback - The callback function that allows developers to customize the prompt message.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByDeviceCode(\n    scopes: string[],\n    userPromptCallback: DeviceCodePromptCallback,\n    options?: GetTokenWithSilentAuthOptions,\n  ): Promise<AccessToken>;\n  /**\n   * Retrieves an access token by using a client certificate.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param certificate - The client certificate used for authentication.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByClientCertificate(\n    scopes: string[],\n    certificate: CertificateParts,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves an access token by using a client assertion.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param clientAssertion - The client `getAssertion` callback used for authentication.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByClientAssertion(\n    scopes: string[],\n    clientAssertion: () => Promise<string>,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves an access token by using a client secret.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param clientSecret - The client secret of the application. This is a credential that the application can use to authenticate itself.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByClientSecret(\n    scopes: string[],\n    clientSecret: string,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves an access token by using an authorization code flow.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param authorizationCode - An authorization code that was received from following the\n                              authorization code flow.  This authorization code must not\n                              have already been used to obtain an access token.\n   * @param redirectUri - The redirect URI that was used to request the authorization code.\n                        Must be the same URI that is configured for the App Registration.\n   * @param clientSecret - An optional client secret that was generated for the App Registration.\n   * @param options - Additional options that may be provided to the method.\n   */\n  getTokenByAuthorizationCode(\n    scopes: string[],\n    redirectUri: string,\n    authorizationCode: string,\n    clientSecret?: string,\n    options?: GetTokenWithSilentAuthOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves the last authenticated account. This method expects an authentication record to have been previously loaded.\n   *\n   * An authentication record could be loaded by calling the `getToken` method, or by providing an `authenticationRecord` when creating a credential.\n   */\n  getActiveAccount(): AuthenticationRecord | undefined;\n\n  /**\n   * Retrieves an access token using brokered authentication.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param useDefaultBrokerAccount - Whether to use the default broker account for authentication.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getBrokeredToken(\n    scopes: string[],\n    useDefaultBrokerAccount: boolean,\n    options?: GetTokenInteractiveOptions,\n  ): Promise<AccessToken>;\n}\n\n/**\n * Represents the options for configuring the MsalClient.\n */\nexport interface MsalClientOptions {\n  /**\n   * Parameters that enable WAM broker authentication in the InteractiveBrowserCredential.\n   */\n  brokerOptions?: BrokerOptions;\n\n  /**\n   * Parameters that enable token cache persistence in the Identity credentials.\n   */\n  tokenCachePersistenceOptions?: TokenCachePersistenceOptions;\n\n  /**\n   * Indicates if this is being used by VSCode credential.\n   */\n  isVSCodeCredential?: boolean;\n\n  /**\n   * A custom authority host.\n   */\n  authorityHost?: IdentityClient[\"tokenCredentialOptions\"][\"authorityHost\"];\n\n  /**\n   * Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.\n   */\n  loggingOptions?: IdentityClient[\"tokenCredentialOptions\"][\"loggingOptions\"];\n\n  /**\n   * The token credential options for the MsalClient.\n   */\n  tokenCredentialOptions?: IdentityClient[\"tokenCredentialOptions\"];\n\n  /**\n   * Determines whether instance discovery is disabled.\n   */\n  disableInstanceDiscovery?: boolean;\n\n  /**\n   * The logger for the MsalClient.\n   */\n  logger?: CredentialLogger;\n\n  /**\n   * The authentication record for the MsalClient.\n   */\n  authenticationRecord?: AuthenticationRecord;\n}\n\n/**\n * Generates the configuration for MSAL (Microsoft Authentication Library).\n *\n * @param clientId - The client ID of the application.\n * @param  tenantId - The tenant ID of the Azure Active Directory.\n * @param  msalClientOptions - Optional. Additional options for creating the MSAL client.\n * @returns  The MSAL configuration object.\n */\nexport function generateMsalConfiguration(\n  clientId: string,\n  tenantId: string,\n  msalClientOptions: MsalClientOptions = {},\n): msal.Configuration {\n  const resolvedTenant = resolveTenantId(\n    msalClientOptions.logger ?? msalLogger,\n    tenantId,\n    clientId,\n  );\n\n  // TODO: move and reuse getIdentityClientAuthorityHost\n  const authority = getAuthority(resolvedTenant, getAuthorityHost(msalClientOptions));\n\n  const httpClient = new IdentityClient({\n    ...msalClientOptions.tokenCredentialOptions,\n    authorityHost: authority,\n    loggingOptions: msalClientOptions.loggingOptions,\n  });\n\n  const msalConfig: msal.Configuration = {\n    auth: {\n      clientId,\n      authority,\n      knownAuthorities: getKnownAuthorities(\n        resolvedTenant,\n        authority,\n        msalClientOptions.disableInstanceDiscovery,\n      ),\n    },\n    system: {\n      networkClient: httpClient,\n      loggerOptions: {\n        loggerCallback: defaultLoggerCallback(msalClientOptions.logger ?? msalLogger),\n        logLevel: getMSALLogLevel(getLogLevel()),\n        piiLoggingEnabled: msalClientOptions.loggingOptions?.enableUnsafeSupportLogging,\n      },\n    },\n  };\n  return msalConfig;\n}\n\n/**\n * Represents the state necessary for the MSAL (Microsoft Authentication Library) client to operate.\n * This includes the MSAL configuration, cached account information, Azure region, and a flag to disable automatic authentication.\n *\n * @internal\n */\ninterface MsalClientState {\n  /** The configuration for the MSAL client. */\n  msalConfig: msal.Configuration;\n\n  /** The cached account information, or null if no account information is cached. */\n  cachedAccount: msal.AccountInfo | null;\n\n  /** Configured plugins */\n  pluginConfiguration: PluginConfiguration;\n\n  /** Claims received from challenges, cached for the next request */\n  cachedClaims?: string;\n\n  /** The logger instance */\n  logger: CredentialLogger;\n}\n\n/**\n * Creates an instance of the MSAL (Microsoft Authentication Library) client.\n *\n * @param clientId - The client ID of the application.\n * @param tenantId - The tenant ID of the Azure Active Directory.\n * @param createMsalClientOptions - Optional. Additional options for creating the MSAL client.\n * @returns An instance of the MSAL client.\n *\n * @public\n */\nexport function createMsalClient(\n  clientId: string,\n  tenantId: string,\n  createMsalClientOptions: MsalClientOptions = {},\n): MsalClient {\n  const state: MsalClientState = {\n    msalConfig: generateMsalConfiguration(clientId, tenantId, createMsalClientOptions),\n    cachedAccount: createMsalClientOptions.authenticationRecord\n      ? publicToMsal(createMsalClientOptions.authenticationRecord)\n      : null,\n    pluginConfiguration: msalPlugins.generatePluginConfiguration(createMsalClientOptions),\n    logger: createMsalClientOptions.logger ?? msalLogger,\n  };\n\n  const publicApps: Map<string, msal.PublicClientApplication> = new Map();\n  async function getPublicApp(\n    options: GetTokenOptions = {},\n  ): Promise<msal.PublicClientApplication> {\n    const appKey = options.enableCae ? \"CAE\" : \"default\";\n\n    let publicClientApp = publicApps.get(appKey);\n    if (publicClientApp) {\n      state.logger.getToken.info(\"Existing PublicClientApplication found in cache, returning it.\");\n      return publicClientApp;\n    }\n\n    // Initialize a new app and cache it\n    state.logger.getToken.info(\n      `Creating new PublicClientApplication with CAE ${options.enableCae ? \"enabled\" : \"disabled\"}.`,\n    );\n\n    const cachePlugin = options.enableCae\n      ? state.pluginConfiguration.cache.cachePluginCae\n      : state.pluginConfiguration.cache.cachePlugin;\n\n    state.msalConfig.auth.clientCapabilities = options.enableCae ? [\"cp1\"] : undefined;\n\n    publicClientApp = new msal.PublicClientApplication({\n      ...state.msalConfig,\n      broker: { nativeBrokerPlugin: state.pluginConfiguration.broker.nativeBrokerPlugin },\n      cache: { cachePlugin: await cachePlugin },\n    });\n\n    publicApps.set(appKey, publicClientApp);\n\n    return publicClientApp;\n  }\n\n  const confidentialApps: Map<string, msal.ConfidentialClientApplication> = new Map();\n  async function getConfidentialApp(\n    options: GetTokenOptions = {},\n  ): Promise<msal.ConfidentialClientApplication> {\n    const appKey = options.enableCae ? \"CAE\" : \"default\";\n\n    let confidentialClientApp = confidentialApps.get(appKey);\n    if (confidentialClientApp) {\n      state.logger.getToken.info(\n        \"Existing ConfidentialClientApplication found in cache, returning it.\",\n      );\n      return confidentialClientApp;\n    }\n\n    // Initialize a new app and cache it\n    state.logger.getToken.info(\n      `Creating new ConfidentialClientApplication with CAE ${\n        options.enableCae ? \"enabled\" : \"disabled\"\n      }.`,\n    );\n\n    const cachePlugin = options.enableCae\n      ? state.pluginConfiguration.cache.cachePluginCae\n      : state.pluginConfiguration.cache.cachePlugin;\n\n    state.msalConfig.auth.clientCapabilities = options.enableCae ? [\"cp1\"] : undefined;\n\n    confidentialClientApp = new msal.ConfidentialClientApplication({\n      ...state.msalConfig,\n      broker: { nativeBrokerPlugin: state.pluginConfiguration.broker.nativeBrokerPlugin },\n      cache: { cachePlugin: await cachePlugin },\n    });\n\n    confidentialApps.set(appKey, confidentialClientApp);\n\n    return confidentialClientApp;\n  }\n\n  async function getTokenSilent(\n    app: msal.ConfidentialClientApplication | msal.PublicClientApplication,\n    scopes: string[],\n    options: GetTokenOptions = {},\n  ): Promise<msal.AuthenticationResult> {\n    if (state.cachedAccount === null) {\n      state.logger.getToken.info(\"No cached account found in local state.\");\n      throw new AuthenticationRequiredError({ scopes });\n    }\n\n    // Keep track and reuse the claims we received across challenges\n    if (options.claims) {\n      state.cachedClaims = options.claims;\n    }\n\n    const silentRequest: msal.SilentFlowRequest = {\n      account: state.cachedAccount,\n      scopes,\n      claims: state.cachedClaims,\n    };\n\n    if (state.pluginConfiguration.broker.isEnabled) {\n      silentRequest.tokenQueryParameters ||= {};\n      if (state.pluginConfiguration.broker.enableMsaPassthrough) {\n        silentRequest.tokenQueryParameters[\"msal_request_type\"] = \"consumer_passthrough\";\n      }\n    }\n\n    if (options.proofOfPossessionOptions) {\n      silentRequest.shrNonce = options.proofOfPossessionOptions.nonce;\n      silentRequest.authenticationScheme = \"pop\";\n      silentRequest.resourceRequestMethod = options.proofOfPossessionOptions.resourceRequestMethod;\n      silentRequest.resourceRequestUri = options.proofOfPossessionOptions.resourceRequestUrl;\n    }\n    state.logger.getToken.info(\"Attempting to acquire token silently\");\n    try {\n      return await app.acquireTokenSilent(silentRequest);\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  /**\n   * Builds an authority URL for the given request. The authority may be different than the one used when creating the MSAL client\n   * if the user is creating cross-tenant requests\n   */\n  function calculateRequestAuthority(options?: GetTokenOptions): string | undefined {\n    if (options?.tenantId) {\n      return getAuthority(options.tenantId, getAuthorityHost(createMsalClientOptions));\n    }\n    return state.msalConfig.auth.authority;\n  }\n\n  /**\n   * Performs silent authentication using MSAL to acquire an access token.\n   * If silent authentication fails, falls back to interactive authentication.\n   *\n   * @param msalApp - The MSAL application instance.\n   * @param scopes - The scopes for which to acquire the access token.\n   * @param options - The options for acquiring the access token.\n   * @param onAuthenticationRequired - A callback function to handle interactive authentication when silent authentication fails.\n   * @returns A promise that resolves to an AccessToken object containing the access token and its expiration timestamp.\n   */\n  async function withSilentAuthentication(\n    msalApp: msal.ConfidentialClientApplication | msal.PublicClientApplication,\n    scopes: Array<string>,\n    options: GetTokenWithSilentAuthOptions,\n    onAuthenticationRequired: () => Promise<msal.AuthenticationResult | null>,\n  ): Promise<AccessToken> {\n    let response: msal.AuthenticationResult | null = null;\n    try {\n      response = await getTokenSilent(msalApp, scopes, options);\n    } catch (e: any) {\n      if (e.name !== \"AuthenticationRequiredError\") {\n        throw e;\n      }\n      if (options.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions: options,\n          message:\n            \"Automatic authentication has been disabled. You may call the authentication() method.\",\n        });\n      }\n    }\n\n    // Silent authentication failed\n    if (response === null) {\n      try {\n        response = await onAuthenticationRequired();\n      } catch (err: any) {\n        throw handleMsalError(scopes, err, options);\n      }\n    }\n\n    // At this point we should have a token, process it\n    ensureValidMsalToken(scopes, response, options);\n    state.cachedAccount = response?.account ?? null;\n\n    state.logger.getToken.info(formatSuccess(scopes));\n    return {\n      token: response.accessToken,\n      expiresOnTimestamp: response.expiresOn.getTime(),\n      refreshAfterTimestamp: response.refreshOn?.getTime(),\n      tokenType: response.tokenType,\n    } as AccessToken;\n  }\n\n  async function getTokenByClientSecret(\n    scopes: string[],\n    clientSecret: string,\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using client secret`);\n\n    state.msalConfig.auth.clientSecret = clientSecret;\n\n    const msalApp = await getConfidentialApp(options);\n\n    try {\n      const response = await msalApp.acquireTokenByClientCredential({\n        scopes,\n        authority: calculateRequestAuthority(options),\n        azureRegion: calculateRegionalAuthority(),\n        claims: options?.claims,\n      });\n      ensureValidMsalToken(scopes, response, options);\n      state.logger.getToken.info(formatSuccess(scopes));\n      return {\n        token: response.accessToken,\n        expiresOnTimestamp: response.expiresOn.getTime(),\n        refreshAfterTimestamp: response.refreshOn?.getTime(),\n        tokenType: response.tokenType,\n      } as AccessToken;\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  async function getTokenByClientAssertion(\n    scopes: string[],\n    clientAssertion: () => Promise<string>,\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using client assertion`);\n\n    state.msalConfig.auth.clientAssertion = clientAssertion;\n\n    const msalApp = await getConfidentialApp(options);\n\n    try {\n      const response = await msalApp.acquireTokenByClientCredential({\n        scopes,\n        authority: calculateRequestAuthority(options),\n        azureRegion: calculateRegionalAuthority(),\n        claims: options?.claims,\n        clientAssertion,\n      });\n      ensureValidMsalToken(scopes, response, options);\n\n      state.logger.getToken.info(formatSuccess(scopes));\n      return {\n        token: response.accessToken,\n        expiresOnTimestamp: response.expiresOn.getTime(),\n        refreshAfterTimestamp: response.refreshOn?.getTime(),\n        tokenType: response.tokenType,\n      } as AccessToken;\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  async function getTokenByClientCertificate(\n    scopes: string[],\n    certificate: CertificateParts,\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using client certificate`);\n\n    state.msalConfig.auth.clientCertificate = certificate;\n\n    const msalApp = await getConfidentialApp(options);\n    try {\n      const response = await msalApp.acquireTokenByClientCredential({\n        scopes,\n        authority: calculateRequestAuthority(options),\n        azureRegion: calculateRegionalAuthority(),\n        claims: options?.claims,\n      });\n      ensureValidMsalToken(scopes, response, options);\n\n      state.logger.getToken.info(formatSuccess(scopes));\n      return {\n        token: response.accessToken,\n        expiresOnTimestamp: response.expiresOn.getTime(),\n        refreshAfterTimestamp: response.refreshOn?.getTime(),\n        tokenType: response.tokenType,\n      } as AccessToken;\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  async function getTokenByDeviceCode(\n    scopes: string[],\n    deviceCodeCallback: DeviceCodePromptCallback,\n    options: GetTokenWithSilentAuthOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using device code`);\n\n    const msalApp = await getPublicApp(options);\n\n    return withSilentAuthentication(msalApp, scopes, options, () => {\n      const requestOptions: msal.DeviceCodeRequest = {\n        scopes,\n        cancel: options?.abortSignal?.aborted ?? false,\n        deviceCodeCallback,\n        authority: calculateRequestAuthority(options),\n        claims: options?.claims,\n      };\n      const deviceCodeRequest = msalApp.acquireTokenByDeviceCode(requestOptions);\n      if (options.abortSignal) {\n        options.abortSignal.addEventListener(\"abort\", () => {\n          requestOptions.cancel = true;\n        });\n      }\n\n      return deviceCodeRequest;\n    });\n  }\n\n  async function getTokenByUsernamePassword(\n    scopes: string[],\n    username: string,\n    password: string,\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using username and password`);\n\n    const msalApp = await getPublicApp(options);\n\n    return withSilentAuthentication(msalApp, scopes, options, () => {\n      const requestOptions: msal.UsernamePasswordRequest = {\n        scopes,\n        username,\n        password,\n        authority: calculateRequestAuthority(options),\n        claims: options?.claims,\n      };\n\n      return msalApp.acquireTokenByUsernamePassword(requestOptions);\n    });\n  }\n\n  function getActiveAccount(): AuthenticationRecord | undefined {\n    if (!state.cachedAccount) {\n      return undefined;\n    }\n    return msalToPublic(clientId, state.cachedAccount);\n  }\n\n  async function getTokenByAuthorizationCode(\n    scopes: string[],\n    redirectUri: string,\n    authorizationCode: string,\n    clientSecret?: string,\n    options: GetTokenWithSilentAuthOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using authorization code`);\n\n    let msalApp: msal.ConfidentialClientApplication | msal.PublicClientApplication;\n    if (clientSecret) {\n      // If a client secret is provided, we need to use a confidential client application\n      // See https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow#request-an-access-token-with-a-client_secret\n      state.msalConfig.auth.clientSecret = clientSecret;\n      msalApp = await getConfidentialApp(options);\n    } else {\n      msalApp = await getPublicApp(options);\n    }\n\n    return withSilentAuthentication(msalApp, scopes, options, () => {\n      return msalApp.acquireTokenByCode({\n        scopes,\n        redirectUri,\n        code: authorizationCode,\n        authority: calculateRequestAuthority(options),\n        claims: options?.claims,\n      });\n    });\n  }\n\n  async function getTokenOnBehalfOf(\n    scopes: string[],\n    userAssertionToken: string,\n    clientCredentials: string | CertificateParts | (() => Promise<string>),\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    msalLogger.getToken.info(`Attempting to acquire token on behalf of another user`);\n\n    if (typeof clientCredentials === \"string\") {\n      // Client secret\n      msalLogger.getToken.info(`Using client secret for on behalf of flow`);\n      state.msalConfig.auth.clientSecret = clientCredentials;\n    } else if (typeof clientCredentials === \"function\") {\n      // Client Assertion\n      msalLogger.getToken.info(`Using client assertion callback for on behalf of flow`);\n      state.msalConfig.auth.clientAssertion = clientCredentials;\n    } else {\n      // Client certificate\n      msalLogger.getToken.info(`Using client certificate for on behalf of flow`);\n      state.msalConfig.auth.clientCertificate = clientCredentials;\n    }\n\n    const msalApp = await getConfidentialApp(options);\n    try {\n      const response = await msalApp.acquireTokenOnBehalfOf({\n        scopes,\n        authority: calculateRequestAuthority(options),\n        claims: options.claims,\n        oboAssertion: userAssertionToken,\n      });\n      ensureValidMsalToken(scopes, response, options);\n\n      msalLogger.getToken.info(formatSuccess(scopes));\n      return {\n        token: response.accessToken,\n        expiresOnTimestamp: response.expiresOn.getTime(),\n        refreshAfterTimestamp: response.refreshOn?.getTime(),\n        tokenType: response.tokenType,\n      } as AccessToken;\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  /**\n   * Creates a base interactive request configuration for MSAL interactive authentication.\n   * This is shared between interactive and brokered authentication flows.\n   *\n   * @internal\n   */\n  function createBaseInteractiveRequest(\n    scopes: string[],\n    options: GetTokenInteractiveOptions,\n  ): msal.InteractiveRequest {\n    return {\n      openBrowser: async (url) => {\n        const open = await import(\"open\");\n        await open.default(url, { newInstance: true });\n      },\n      scopes,\n      authority: calculateRequestAuthority(options),\n      claims: options?.claims,\n      loginHint: options?.loginHint,\n      errorTemplate: options?.browserCustomizationOptions?.errorMessage,\n      successTemplate: options?.browserCustomizationOptions?.successMessage,\n      prompt: options?.loginHint ? \"login\" : \"select_account\",\n    };\n  }\n\n  /**\n   * @internal\n   */\n  async function getBrokeredTokenInternal(\n    scopes: string[],\n    useDefaultBrokerAccount: boolean,\n    options: GetTokenInteractiveOptions = {},\n  ): Promise<msal.AuthenticationResult> {\n    msalLogger.verbose(\"Authentication will resume through the broker\");\n\n    const app = await getPublicApp(options);\n\n    const interactiveRequest = createBaseInteractiveRequest(scopes, options);\n    if (state.pluginConfiguration.broker.parentWindowHandle) {\n      interactiveRequest.windowHandle = Buffer.from(\n        state.pluginConfiguration.broker.parentWindowHandle,\n      );\n    } else {\n      // this is a bug, as the pluginConfiguration handler should validate this case.\n      msalLogger.warning(\n        \"Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.\",\n      );\n    }\n\n    if (state.pluginConfiguration.broker.enableMsaPassthrough) {\n      (interactiveRequest.tokenQueryParameters ??= {})[\"msal_request_type\"] =\n        \"consumer_passthrough\";\n    }\n    if (useDefaultBrokerAccount) {\n      interactiveRequest.prompt = \"none\";\n      msalLogger.verbose(\"Attempting broker authentication using the default broker account\");\n    } else {\n      msalLogger.verbose(\"Attempting broker authentication without the default broker account\");\n    }\n\n    if (options.proofOfPossessionOptions) {\n      interactiveRequest.shrNonce = options.proofOfPossessionOptions.nonce;\n      interactiveRequest.authenticationScheme = \"pop\";\n      interactiveRequest.resourceRequestMethod =\n        options.proofOfPossessionOptions.resourceRequestMethod;\n      interactiveRequest.resourceRequestUri = options.proofOfPossessionOptions.resourceRequestUrl;\n    }\n    try {\n      return await app.acquireTokenInteractive(interactiveRequest);\n    } catch (e: any) {\n      msalLogger.verbose(`Failed to authenticate through the broker: ${e.message}`);\n      if (options.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions: options,\n          message: \"Cannot silently authenticate with default broker account.\",\n        });\n      }\n      // If we tried to use the default broker account and failed, fall back to interactive authentication\n      if (useDefaultBrokerAccount) {\n        return getBrokeredTokenInternal(scopes, false, options);\n      } else {\n        throw e;\n      }\n    }\n  }\n\n  /**\n   * A helper function that supports brokered authentication through the MSAL's public application.\n   *\n   * When useDefaultBrokerAccount is true, the method will attempt to authenticate using the default broker account.\n   * If the default broker account is not available, the method will fall back to interactive authentication.\n   */\n  async function getBrokeredToken(\n    scopes: string[],\n    useDefaultBrokerAccount: boolean,\n    options: GetTokenInteractiveOptions = {},\n  ): Promise<AccessToken> {\n    msalLogger.getToken.info(\n      `Attempting to acquire token using brokered authentication with useDefaultBrokerAccount: ${useDefaultBrokerAccount}`,\n    );\n    const response = await getBrokeredTokenInternal(scopes, useDefaultBrokerAccount, options);\n    ensureValidMsalToken(scopes, response, options);\n    state.cachedAccount = response?.account ?? null;\n\n    state.logger.getToken.info(formatSuccess(scopes));\n    return {\n      token: response.accessToken,\n      expiresOnTimestamp: response.expiresOn.getTime(),\n      refreshAfterTimestamp: response.refreshOn?.getTime(),\n      tokenType: response.tokenType,\n    } as AccessToken;\n  }\n\n  async function getTokenByInteractiveRequest(\n    scopes: string[],\n    options: GetTokenInteractiveOptions = {},\n  ): Promise<AccessToken> {\n    msalLogger.getToken.info(`Attempting to acquire token interactively`);\n\n    const app = await getPublicApp(options);\n\n    return withSilentAuthentication(app, scopes, options, async () => {\n      const interactiveRequest = createBaseInteractiveRequest(scopes, options);\n\n      if (state.pluginConfiguration.broker.isEnabled) {\n        return getBrokeredTokenInternal(\n          scopes,\n          state.pluginConfiguration.broker.useDefaultBrokerAccount ?? false,\n          options,\n        );\n      }\n      if (options.proofOfPossessionOptions) {\n        interactiveRequest.shrNonce = options.proofOfPossessionOptions.nonce;\n        interactiveRequest.authenticationScheme = \"pop\";\n        interactiveRequest.resourceRequestMethod =\n          options.proofOfPossessionOptions.resourceRequestMethod;\n        interactiveRequest.resourceRequestUri = options.proofOfPossessionOptions.resourceRequestUrl;\n      }\n      return app.acquireTokenInteractive(interactiveRequest);\n    });\n  }\n\n  return {\n    getActiveAccount,\n    getBrokeredToken,\n    getTokenByClientSecret,\n    getTokenByClientAssertion,\n    getTokenByClientCertificate,\n    getTokenByDeviceCode,\n    getTokenByUsernamePassword,\n    getTokenByAuthorizationCode,\n    getTokenOnBehalfOf,\n    getTokenByInteractiveRequest,\n  };\n}\n"]}
+{"version":3,"file":"msalClient.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalClient.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;AA+QlC,8DAwCC;AAiCD,4CA8jBC;;AAp5BD,+DAAyC;AAKzC,sDAAwE;AAExE,qDAA+C;AAC/C,0CAUqB;AAErB,+CAA8D;AAG9D,sEAAgE;AAGhE,qEAAwE;AACxE,0CAA4C;AAC5C,kEAA8D;AAE9D;;GAEG;AACH,MAAM,UAAU,GAAG,IAAA,6BAAgB,EAAC,YAAY,CAAC,CAAC;AAoOlD;;;;;;;GAOG;AACH,SAAgB,yBAAyB,CACvC,QAAgB,EAChB,QAAgB,EAChB,oBAAuC,EAAE;IAEzC,MAAM,cAAc,GAAG,IAAA,kCAAe,EACpC,iBAAiB,CAAC,MAAM,IAAI,UAAU,EACtC,QAAQ,EACR,QAAQ,CACT,CAAC;IAEF,sDAAsD;IACtD,MAAM,SAAS,GAAG,IAAA,uBAAY,EAAC,cAAc,EAAE,IAAA,2BAAgB,EAAC,iBAAiB,CAAC,CAAC,CAAC;IAEpF,MAAM,UAAU,GAAG,IAAI,kCAAc,CAAC;QACpC,GAAG,iBAAiB,CAAC,sBAAsB;QAC3C,aAAa,EAAE,SAAS;QACxB,cAAc,EAAE,iBAAiB,CAAC,cAAc;KACjD,CAAC,CAAC;IAEH,MAAM,UAAU,GAAuB;QACrC,IAAI,EAAE;YACJ,QAAQ;YACR,SAAS;YACT,gBAAgB,EAAE,IAAA,8BAAmB,EACnC,cAAc,EACd,SAAS,EACT,iBAAiB,CAAC,wBAAwB,CAC3C;SACF;QACD,MAAM,EAAE;YACN,aAAa,EAAE,UAAU;YACzB,aAAa,EAAE;gBACb,cAAc,EAAE,IAAA,gCAAqB,EAAC,iBAAiB,CAAC,MAAM,IAAI,UAAU,CAAC;gBAC7E,QAAQ,EAAE,IAAA,0BAAe,EAAC,IAAA,oBAAW,GAAE,CAAC;gBACxC,iBAAiB,EAAE,iBAAiB,CAAC,cAAc,EAAE,0BAA0B;aAChF;SACF;KACF,CAAC;IACF,OAAO,UAAU,CAAC;AACpB,CAAC;AAuBD;;;;;;;;;GASG;AACH,SAAgB,gBAAgB,CAC9B,QAAgB,EAChB,QAAgB,EAChB,0BAA6C,EAAE;IAE/C,MAAM,KAAK,GAAoB;QAC7B,UAAU,EAAE,yBAAyB,CAAC,QAAQ,EAAE,QAAQ,EAAE,uBAAuB,CAAC;QAClF,aAAa,EAAE,uBAAuB,CAAC,oBAAoB;YACzD,CAAC,CAAC,IAAA,uBAAY,EAAC,uBAAuB,CAAC,oBAAoB,CAAC;YAC5D,CAAC,CAAC,IAAI;QACR,mBAAmB,EAAE,4BAAW,CAAC,2BAA2B,CAAC,uBAAuB,CAAC;QACrF,MAAM,EAAE,uBAAuB,CAAC,MAAM,IAAI,UAAU;KACrD,CAAC;IAEF,MAAM,UAAU,GAA8C,IAAI,GAAG,EAAE,CAAC;IACxE,KAAK,UAAU,YAAY,CACzB,UAA2B,EAAE;QAE7B,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAErD,IAAI,eAAe,GAAG,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,eAAe,EAAE,CAAC;YACpB,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC;YAC7F,OAAO,eAAe,CAAC;QACzB,CAAC;QAED,oCAAoC;QACpC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CACxB,iDAAiD,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,GAAG,CAC/F,CAAC;QAEF,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS;YACnC,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,cAAc;YAChD,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,WAAW,CAAC;QAEhD,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAEnF,eAAe,GAAG,IAAI,IAAI,CAAC,uBAAuB,CAAC;YACjD,GAAG,KAAK,CAAC,UAAU;YACnB,MAAM,EAAE,EAAE,kBAAkB,EAAE,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,kBAAkB,EAAE;YACnF,KAAK,EAAE,EAAE,WAAW,EAAE,MAAM,WAAW,EAAE;SAC1C,CAAC,CAAC;QAEH,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QAExC,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,MAAM,gBAAgB,GAAoD,IAAI,GAAG,EAAE,CAAC;IACpF,KAAK,UAAU,kBAAkB,CAC/B,UAA2B,EAAE;QAE7B,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAErD,IAAI,qBAAqB,GAAG,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACzD,IAAI,qBAAqB,EAAE,CAAC;YAC1B,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CACxB,sEAAsE,CACvE,CAAC;YACF,OAAO,qBAAqB,CAAC;QAC/B,CAAC;QAED,oCAAoC;QACpC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CACxB,uDACE,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAClC,GAAG,CACJ,CAAC;QAEF,MAAM,WAAW,GAAG,OAAO,CAAC,SAAS;YACnC,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,cAAc;YAChD,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,WAAW,CAAC;QAEhD,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAEnF,qBAAqB,GAAG,IAAI,IAAI,CAAC,6BAA6B,CAAC;YAC7D,GAAG,KAAK,CAAC,UAAU;YACnB,MAAM,EAAE,EAAE,kBAAkB,EAAE,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,kBAAkB,EAAE;YACnF,KAAK,EAAE,EAAE,WAAW,EAAE,MAAM,WAAW,EAAE;SAC1C,CAAC,CAAC;QAEH,gBAAgB,CAAC,GAAG,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;QAEpD,OAAO,qBAAqB,CAAC;IAC/B,CAAC;IAED,KAAK,UAAU,cAAc,CAC3B,GAAsE,EACtE,MAAgB,EAChB,UAA2B,EAAE;QAE7B,IAAI,KAAK,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;YACjC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;YACtE,MAAM,IAAI,uCAA2B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QACpD,CAAC;QAED,gEAAgE;QAChE,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,KAAK,CAAC,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC;QACtC,CAAC;QAED,MAAM,aAAa,GAA2B;YAC5C,OAAO,EAAE,KAAK,CAAC,aAAa;YAC5B,MAAM;YACN,MAAM,EAAE,KAAK,CAAC,YAAY;SAC3B,CAAC;QAEF,IAAI,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YAC/C,aAAa,CAAC,oBAAoB,KAAK,EAAE,CAAC;YAC1C,IAAI,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC;gBAC1D,aAAa,CAAC,oBAAoB,CAAC,mBAAmB,CAAC,GAAG,sBAAsB,CAAC;YACnF,CAAC;QACH,CAAC;QAED,IAAI,OAAO,CAAC,wBAAwB,EAAE,CAAC;YACrC,aAAa,CAAC,QAAQ,GAAG,OAAO,CAAC,wBAAwB,CAAC,KAAK,CAAC;YAChE,aAAa,CAAC,oBAAoB,GAAG,KAAK,CAAC;YAC3C,aAAa,CAAC,qBAAqB,GAAG,OAAO,CAAC,wBAAwB,CAAC,qBAAqB,CAAC;YAC7F,aAAa,CAAC,kBAAkB,GAAG,OAAO,CAAC,wBAAwB,CAAC,kBAAkB,CAAC;QACzF,CAAC;QACD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACnE,IAAI,CAAC;YACH,OAAO,MAAM,GAAG,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;QACrD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,IAAA,0BAAe,EAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,SAAS,yBAAyB,CAAC,OAAyB;QAC1D,IAAI,OAAO,EAAE,QAAQ,EAAE,CAAC;YACtB,OAAO,IAAA,uBAAY,EAAC,OAAO,CAAC,QAAQ,EAAE,IAAA,2BAAgB,EAAC,uBAAuB,CAAC,CAAC,CAAC;QACnF,CAAC;QACD,OAAO,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;IACzC,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,UAAU,wBAAwB,CACrC,OAA0E,EAC1E,MAAqB,EACrB,OAAsC,EACtC,wBAAyE;QAEzE,IAAI,QAAQ,GAAqC,IAAI,CAAC;QACtD,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAC5D,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,IAAI,CAAC,CAAC,IAAI,KAAK,6BAA6B,EAAE,CAAC;gBAC7C,MAAM,CAAC,CAAC;YACV,CAAC;YACD,IAAI,OAAO,CAAC,8BAA8B,EAAE,CAAC;gBAC3C,MAAM,IAAI,uCAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EACL,uFAAuF;iBAC1F,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;YACtB,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAM,wBAAwB,EAAE,CAAC;YAC9C,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,IAAA,0BAAe,EAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,mDAAmD;QACnD,IAAA,+BAAoB,EAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QAChD,KAAK,CAAC,aAAa,GAAG,QAAQ,EAAE,OAAO,IAAI,IAAI,CAAC;QAEhD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,0BAAa,EAAC,MAAM,CAAC,CAAC,CAAC;QAClD,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,WAAW;YAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;YAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;YACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;SACf,CAAC;IACnB,CAAC;IAED,KAAK,UAAU,sBAAsB,CACnC,MAAgB,EAChB,YAAoB,EACpB,UAA2B,EAAE;QAE7B,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;QAE9E,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QAElD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAElD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,8BAA8B,CAAC;gBAC5D,MAAM;gBACN,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,WAAW,EAAE,IAAA,iDAA0B,GAAE;gBACzC,MAAM,EAAE,OAAO,EAAE,MAAM;aACxB,CAAC,CAAC;YACH,IAAA,+BAAoB,EAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAChD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,0BAAa,EAAC,MAAM,CAAC,CAAC,CAAC;YAClD,OAAO;gBACL,KAAK,EAAE,QAAQ,CAAC,WAAW;gBAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;gBAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;gBACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;aACf,CAAC;QACnB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,IAAA,0BAAe,EAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,KAAK,UAAU,yBAAyB,CACtC,MAAgB,EAChB,eAAsC,EACtC,UAA2B,EAAE;QAE7B,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QAEjF,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QAExD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAElD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,8BAA8B,CAAC;gBAC5D,MAAM;gBACN,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,WAAW,EAAE,IAAA,iDAA0B,GAAE;gBACzC,MAAM,EAAE,OAAO,EAAE,MAAM;gBACvB,eAAe;aAChB,CAAC,CAAC;YACH,IAAA,+BAAoB,EAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAEhD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,0BAAa,EAAC,MAAM,CAAC,CAAC,CAAC;YAClD,OAAO;gBACL,KAAK,EAAE,QAAQ,CAAC,WAAW;gBAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;gBAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;gBACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;aACf,CAAC;QACnB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,IAAA,0BAAe,EAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,KAAK,UAAU,2BAA2B,CACxC,MAAgB,EAChB,WAA6B,EAC7B,UAA2B,EAAE;QAE7B,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;QAEnF,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,GAAG,WAAW,CAAC;QAEtD,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,8BAA8B,CAAC;gBAC5D,MAAM;gBACN,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,WAAW,EAAE,IAAA,iDAA0B,GAAE;gBACzC,MAAM,EAAE,OAAO,EAAE,MAAM;aACxB,CAAC,CAAC;YACH,IAAA,+BAAoB,EAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAEhD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,0BAAa,EAAC,MAAM,CAAC,CAAC,CAAC;YAClD,OAAO;gBACL,KAAK,EAAE,QAAQ,CAAC,WAAW;gBAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;gBAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;gBACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;aACf,CAAC;QACnB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,IAAA,0BAAe,EAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,KAAK,UAAU,oBAAoB,CACjC,MAAgB,EAChB,kBAA4C,EAC5C,UAAyC,EAAE;QAE3C,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;QAE5E,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAE5C,OAAO,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE;YAC7D,MAAM,cAAc,GAA2B;gBAC7C,MAAM;gBACN,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,IAAI,KAAK;gBAC9C,kBAAkB;gBAClB,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,MAAM,EAAE,OAAO,EAAE,MAAM;aACxB,CAAC;YACF,MAAM,iBAAiB,GAAG,OAAO,CAAC,wBAAwB,CAAC,cAAc,CAAC,CAAC;YAC3E,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBACxB,OAAO,CAAC,WAAW,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;oBACjD,cAAc,CAAC,MAAM,GAAG,IAAI,CAAC;gBAC/B,CAAC,CAAC,CAAC;YACL,CAAC;YAED,OAAO,iBAAiB,CAAC;QAC3B,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,UAAU,0BAA0B,CACvC,MAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,UAA2B,EAAE;QAE7B,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC;QAEtF,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAE5C,OAAO,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE;YAC7D,MAAM,cAAc,GAAiC;gBACnD,MAAM;gBACN,QAAQ;gBACR,QAAQ;gBACR,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,MAAM,EAAE,OAAO,EAAE,MAAM;aACxB,CAAC;YAEF,OAAO,OAAO,CAAC,8BAA8B,CAAC,cAAc,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;IACL,CAAC;IAED,SAAS,gBAAgB;QACvB,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;YACzB,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO,IAAA,uBAAY,EAAC,QAAQ,EAAE,KAAK,CAAC,aAAa,CAAC,CAAC;IACrD,CAAC;IAED,KAAK,UAAU,2BAA2B,CACxC,MAAgB,EAChB,WAAmB,EACnB,iBAAyB,EACzB,YAAqB,EACrB,UAAyC,EAAE;QAE3C,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;QAEnF,IAAI,OAA0E,CAAC;QAC/E,IAAI,YAAY,EAAE,CAAC;YACjB,mFAAmF;YACnF,gIAAgI;YAChI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;YAClD,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC;QAED,OAAO,wBAAwB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE;YAC7D,OAAO,OAAO,CAAC,kBAAkB,CAAC;gBAChC,MAAM;gBACN,WAAW;gBACX,IAAI,EAAE,iBAAiB;gBACvB,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,MAAM,EAAE,OAAO,EAAE,MAAM;aACxB,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,UAAU,kBAAkB,CAC/B,MAAgB,EAChB,kBAA0B,EAC1B,iBAAsE,EACtE,UAA2B,EAAE;QAE7B,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QAElF,IAAI,OAAO,iBAAiB,KAAK,QAAQ,EAAE,CAAC;YAC1C,gBAAgB;YAChB,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;YACtE,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,iBAAiB,CAAC;QACzD,CAAC;aAAM,IAAI,OAAO,iBAAiB,KAAK,UAAU,EAAE,CAAC;YACnD,mBAAmB;YACnB,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;YAClF,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,GAAG,iBAAiB,CAAC;QAC5D,CAAC;aAAM,CAAC;YACN,qBAAqB;YACrB,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;YAC3E,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;QAC9D,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,sBAAsB,CAAC;gBACpD,MAAM;gBACN,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;gBAC7C,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,YAAY,EAAE,kBAAkB;aACjC,CAAC,CAAC;YACH,IAAA,+BAAoB,EAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAEhD,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,0BAAa,EAAC,MAAM,CAAC,CAAC,CAAC;YAChD,OAAO;gBACL,KAAK,EAAE,QAAQ,CAAC,WAAW;gBAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;gBAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;gBACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;aACf,CAAC;QACnB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,IAAA,0BAAe,EAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,SAAS,4BAA4B,CACnC,MAAgB,EAChB,OAAmC;QAEnC,OAAO;YACL,WAAW,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;gBACzB,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;gBAClC,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;YACjD,CAAC;YACD,MAAM;YACN,SAAS,EAAE,yBAAyB,CAAC,OAAO,CAAC;YAC7C,MAAM,EAAE,OAAO,EAAE,MAAM;YACvB,SAAS,EAAE,OAAO,EAAE,SAAS;YAC7B,aAAa,EAAE,OAAO,EAAE,2BAA2B,EAAE,YAAY;YACjE,eAAe,EAAE,OAAO,EAAE,2BAA2B,EAAE,cAAc;YACrE,MAAM,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,gBAAgB;SACxD,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,UAAU,wBAAwB,CACrC,MAAgB,EAChB,uBAAgC,EAChC,UAAsC,EAAE;QAExC,UAAU,CAAC,OAAO,CAAC,+CAA+C,CAAC,CAAC;QAEpE,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAExC,MAAM,kBAAkB,GAAG,4BAA4B,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACzE,IAAI,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;YACxD,kBAAkB,CAAC,YAAY,GAAG,MAAM,CAAC,IAAI,CAC3C,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,kBAAkB,CACpD,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,+EAA+E;YAC/E,UAAU,CAAC,OAAO,CAChB,kIAAkI,CACnI,CAAC;QACJ,CAAC;QAED,IAAI,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC;YAC1D,CAAC,kBAAkB,CAAC,oBAAoB,KAAK,EAAE,CAAC,CAAC,mBAAmB,CAAC;gBACnE,sBAAsB,CAAC;QAC3B,CAAC;QACD,IAAI,uBAAuB,EAAE,CAAC;YAC5B,kBAAkB,CAAC,MAAM,GAAG,MAAM,CAAC;YACnC,UAAU,CAAC,OAAO,CAAC,mEAAmE,CAAC,CAAC;QAC1F,CAAC;aAAM,CAAC;YACN,UAAU,CAAC,OAAO,CAAC,qEAAqE,CAAC,CAAC;QAC5F,CAAC;QAED,IAAI,OAAO,CAAC,wBAAwB,EAAE,CAAC;YACrC,kBAAkB,CAAC,QAAQ,GAAG,OAAO,CAAC,wBAAwB,CAAC,KAAK,CAAC;YACrE,kBAAkB,CAAC,oBAAoB,GAAG,KAAK,CAAC;YAChD,kBAAkB,CAAC,qBAAqB;gBACtC,OAAO,CAAC,wBAAwB,CAAC,qBAAqB,CAAC;YACzD,kBAAkB,CAAC,kBAAkB,GAAG,OAAO,CAAC,wBAAwB,CAAC,kBAAkB,CAAC;QAC9F,CAAC;QACD,IAAI,CAAC;YACH,OAAO,MAAM,GAAG,CAAC,uBAAuB,CAAC,kBAAkB,CAAC,CAAC;QAC/D,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,UAAU,CAAC,OAAO,CAAC,8CAA8C,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YAC9E,IAAI,OAAO,CAAC,8BAA8B,EAAE,CAAC;gBAC3C,MAAM,IAAI,uCAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EAAE,2DAA2D;iBACrE,CAAC,CAAC;YACL,CAAC;YACD,oGAAoG;YACpG,IAAI,uBAAuB,EAAE,CAAC;gBAC5B,OAAO,wBAAwB,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;YAC1D,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,CAAC;YACV,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,KAAK,UAAU,gBAAgB,CAC7B,MAAgB,EAChB,uBAAgC,EAChC,UAAsC,EAAE;QAExC,UAAU,CAAC,QAAQ,CAAC,IAAI,CACtB,2FAA2F,uBAAuB,EAAE,CACrH,CAAC;QACF,MAAM,QAAQ,GAAG,MAAM,wBAAwB,CAAC,MAAM,EAAE,uBAAuB,EAAE,OAAO,CAAC,CAAC;QAC1F,IAAA,+BAAoB,EAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QAChD,KAAK,CAAC,aAAa,GAAG,QAAQ,EAAE,OAAO,IAAI,IAAI,CAAC;QAEhD,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAA,0BAAa,EAAC,MAAM,CAAC,CAAC,CAAC;QAClD,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,WAAW;YAC3B,kBAAkB,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE;YAChD,qBAAqB,EAAE,QAAQ,CAAC,SAAS,EAAE,OAAO,EAAE;YACpD,SAAS,EAAE,QAAQ,CAAC,SAAS;SACf,CAAC;IACnB,CAAC;IAED,KAAK,UAAU,4BAA4B,CACzC,MAAgB,EAChB,UAAsC,EAAE;QAExC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;QAEtE,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;QAExC,OAAO,wBAAwB,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,IAAI,EAAE;YAC/D,MAAM,kBAAkB,GAAG,4BAA4B,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAEzE,IAAI,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC/C,OAAO,wBAAwB,CAC7B,MAAM,EACN,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,uBAAuB,IAAI,KAAK,EACjE,OAAO,CACR,CAAC;YACJ,CAAC;YACD,IAAI,OAAO,CAAC,wBAAwB,EAAE,CAAC;gBACrC,kBAAkB,CAAC,QAAQ,GAAG,OAAO,CAAC,wBAAwB,CAAC,KAAK,CAAC;gBACrE,kBAAkB,CAAC,oBAAoB,GAAG,KAAK,CAAC;gBAChD,kBAAkB,CAAC,qBAAqB;oBACtC,OAAO,CAAC,wBAAwB,CAAC,qBAAqB,CAAC;gBACzD,kBAAkB,CAAC,kBAAkB,GAAG,OAAO,CAAC,wBAAwB,CAAC,kBAAkB,CAAC;YAC9F,CAAC;YACD,OAAO,GAAG,CAAC,uBAAuB,CAAC,kBAAkB,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,gBAAgB;QAChB,gBAAgB;QAChB,sBAAsB;QACtB,yBAAyB;QACzB,2BAA2B;QAC3B,oBAAoB;QACpB,0BAA0B;QAC1B,2BAA2B;QAC3B,kBAAkB;QAClB,4BAA4B;KAC7B,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport * as msal from \"@azure/msal-node\";\n\nimport type { AccessToken, GetTokenOptions } from \"@azure/core-auth\";\nimport type { AuthenticationRecord, CertificateParts } from \"../types.js\";\nimport type { CredentialLogger } from \"../../util/logging.js\";\nimport { credentialLogger, formatSuccess } from \"../../util/logging.js\";\nimport type { PluginConfiguration } from \"./msalPlugins.js\";\nimport { msalPlugins } from \"./msalPlugins.js\";\nimport {\n  defaultLoggerCallback,\n  ensureValidMsalToken,\n  getAuthority,\n  getAuthorityHost,\n  getKnownAuthorities,\n  getMSALLogLevel,\n  handleMsalError,\n  msalToPublic,\n  publicToMsal,\n} from \"../utils.js\";\n\nimport { AuthenticationRequiredError } from \"../../errors.js\";\nimport type { BrokerOptions } from \"./brokerOptions.js\";\nimport type { DeviceCodePromptCallback } from \"../../credentials/deviceCodeCredentialOptions.js\";\nimport { IdentityClient } from \"../../client/identityClient.js\";\nimport type { InteractiveBrowserCredentialNodeOptions } from \"../../credentials/interactiveBrowserCredentialOptions.js\";\nimport type { TokenCachePersistenceOptions } from \"./tokenCachePersistenceOptions.js\";\nimport { calculateRegionalAuthority } from \"../../regionalAuthority.js\";\nimport { getLogLevel } from \"@azure/logger\";\nimport { resolveTenantId } from \"../../util/tenantIdUtils.js\";\n\n/**\n * The default logger used if no logger was passed in by the credential.\n */\nconst msalLogger = credentialLogger(\"MsalClient\");\n\n/**\n * Represents the options for acquiring a token using flows that support silent authentication.\n */\nexport interface GetTokenWithSilentAuthOptions extends GetTokenOptions {\n  /**\n   * Disables automatic authentication. If set to true, the method will throw an error if the user needs to authenticate.\n   *\n   * @remarks\n   *\n   * This option will be set to `false` when the user calls `authenticate` directly on a credential that supports it.\n   */\n  disableAutomaticAuthentication?: boolean;\n}\n\n/**\n * Represents the options for acquiring a token interactively.\n */\nexport interface GetTokenInteractiveOptions extends GetTokenWithSilentAuthOptions {\n  /**\n   * Window handle for parent window, required for WAM authentication.\n   */\n  parentWindowHandle?: Buffer;\n  /**\n   * Shared configuration options for browser customization\n   */\n  browserCustomizationOptions?: InteractiveBrowserCredentialNodeOptions[\"browserCustomizationOptions\"];\n  /**\n   * loginHint allows a user name to be pre-selected for interactive logins.\n   * Setting this option skips the account selection prompt and immediately attempts to login with the specified account.\n   */\n  loginHint?: string;\n}\n\n/**\n * Represents a client for interacting with the Microsoft Authentication Library (MSAL).\n */\nexport interface MsalClient {\n  /**\n   *\n   * Retrieves an access token by using the on-behalf-of flow and a client assertion callback of the calling service.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param userAssertionToken - The access token that was sent to the middle-tier API. This token must have an audience of the app making this OBO request.\n   * @param clientCredentials - The client secret OR client certificate OR client `getAssertion` callback.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenOnBehalfOf(\n    scopes: string[],\n    userAssertionToken: string,\n    clientCredentials: string | CertificateParts | (() => Promise<string>),\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves an access token by using an interactive prompt (InteractiveBrowserCredential).\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByInteractiveRequest(\n    scopes: string[],\n    options: GetTokenInteractiveOptions,\n  ): Promise<AccessToken>;\n  /**\n   * Retrieves an access token by using a user's username and password.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param username - The username provided by the developer.\n   * @param password - The user's password provided by the developer.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByUsernamePassword(\n    scopes: string[],\n    username: string,\n    password: string,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n  /**\n   * Retrieves an access token by prompting the user to authenticate using a device code.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param userPromptCallback - The callback function that allows developers to customize the prompt message.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByDeviceCode(\n    scopes: string[],\n    userPromptCallback: DeviceCodePromptCallback,\n    options?: GetTokenWithSilentAuthOptions,\n  ): Promise<AccessToken>;\n  /**\n   * Retrieves an access token by using a client certificate.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param certificate - The client certificate used for authentication.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByClientCertificate(\n    scopes: string[],\n    certificate: CertificateParts,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves an access token by using a client assertion.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param clientAssertion - The client `getAssertion` callback used for authentication.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByClientAssertion(\n    scopes: string[],\n    clientAssertion: () => Promise<string>,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves an access token by using a client secret.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param clientSecret - The client secret of the application. This is a credential that the application can use to authenticate itself.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getTokenByClientSecret(\n    scopes: string[],\n    clientSecret: string,\n    options?: GetTokenOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves an access token by using an authorization code flow.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param authorizationCode - An authorization code that was received from following the\n                              authorization code flow.  This authorization code must not\n                              have already been used to obtain an access token.\n   * @param redirectUri - The redirect URI that was used to request the authorization code.\n                        Must be the same URI that is configured for the App Registration.\n   * @param clientSecret - An optional client secret that was generated for the App Registration.\n   * @param options - Additional options that may be provided to the method.\n   */\n  getTokenByAuthorizationCode(\n    scopes: string[],\n    redirectUri: string,\n    authorizationCode: string,\n    clientSecret?: string,\n    options?: GetTokenWithSilentAuthOptions,\n  ): Promise<AccessToken>;\n\n  /**\n   * Retrieves the last authenticated account. This method expects an authentication record to have been previously loaded.\n   *\n   * An authentication record could be loaded by calling the `getToken` method, or by providing an `authenticationRecord` when creating a credential.\n   */\n  getActiveAccount(): AuthenticationRecord | undefined;\n\n  /**\n   * Retrieves an access token using brokered authentication.\n   *\n   * @param scopes - The scopes for which the access token is requested. These represent the resources that the application wants to access.\n   * @param useDefaultBrokerAccount - Whether to use the default broker account for authentication.\n   * @param options - Additional options that may be provided to the method.\n   * @returns An access token.\n   */\n  getBrokeredToken(\n    scopes: string[],\n    useDefaultBrokerAccount: boolean,\n    options?: GetTokenInteractiveOptions,\n  ): Promise<AccessToken>;\n}\n\n/**\n * Represents the options for configuring the MsalClient.\n */\nexport interface MsalClientOptions {\n  /**\n   * Parameters that enable WAM broker authentication in the InteractiveBrowserCredential.\n   */\n  brokerOptions?: BrokerOptions;\n\n  /**\n   * Parameters that enable token cache persistence in the Identity credentials.\n   */\n  tokenCachePersistenceOptions?: TokenCachePersistenceOptions;\n\n  /**\n   * Indicates if this is being used by VSCode credential.\n   */\n  isVSCodeCredential?: boolean;\n\n  /**\n   * A custom authority host.\n   */\n  authorityHost?: IdentityClient[\"tokenCredentialOptions\"][\"authorityHost\"];\n\n  /**\n   * Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.\n   */\n  loggingOptions?: IdentityClient[\"tokenCredentialOptions\"][\"loggingOptions\"];\n\n  /**\n   * The token credential options for the MsalClient.\n   */\n  tokenCredentialOptions?: IdentityClient[\"tokenCredentialOptions\"];\n\n  /**\n   * Determines whether instance discovery is disabled.\n   */\n  disableInstanceDiscovery?: boolean;\n\n  /**\n   * The logger for the MsalClient.\n   */\n  logger?: CredentialLogger;\n\n  /**\n   * The authentication record for the MsalClient.\n   */\n  authenticationRecord?: AuthenticationRecord;\n}\n\n/**\n * Generates the configuration for MSAL (Microsoft Authentication Library).\n *\n * @param clientId - The client ID of the application.\n * @param  tenantId - The tenant ID of the Azure Active Directory.\n * @param  msalClientOptions - Optional. Additional options for creating the MSAL client.\n * @returns  The MSAL configuration object.\n */\nexport function generateMsalConfiguration(\n  clientId: string,\n  tenantId: string,\n  msalClientOptions: MsalClientOptions = {},\n): msal.Configuration {\n  const resolvedTenant = resolveTenantId(\n    msalClientOptions.logger ?? msalLogger,\n    tenantId,\n    clientId,\n  );\n\n  // TODO: move and reuse getIdentityClientAuthorityHost\n  const authority = getAuthority(resolvedTenant, getAuthorityHost(msalClientOptions));\n\n  const httpClient = new IdentityClient({\n    ...msalClientOptions.tokenCredentialOptions,\n    authorityHost: authority,\n    loggingOptions: msalClientOptions.loggingOptions,\n  });\n\n  const msalConfig: msal.Configuration = {\n    auth: {\n      clientId,\n      authority,\n      knownAuthorities: getKnownAuthorities(\n        resolvedTenant,\n        authority,\n        msalClientOptions.disableInstanceDiscovery,\n      ),\n    },\n    system: {\n      networkClient: httpClient,\n      loggerOptions: {\n        loggerCallback: defaultLoggerCallback(msalClientOptions.logger ?? msalLogger),\n        logLevel: getMSALLogLevel(getLogLevel()),\n        piiLoggingEnabled: msalClientOptions.loggingOptions?.enableUnsafeSupportLogging,\n      },\n    },\n  };\n  return msalConfig;\n}\n\n/**\n * Represents the state necessary for the MSAL (Microsoft Authentication Library) client to operate.\n * This includes the MSAL configuration, cached account information, Azure region, and a flag to disable automatic authentication.\n */\ninterface MsalClientState {\n  /** The configuration for the MSAL client. */\n  msalConfig: msal.Configuration;\n\n  /** The cached account information, or null if no account information is cached. */\n  cachedAccount: msal.AccountInfo | null;\n\n  /** Configured plugins */\n  pluginConfiguration: PluginConfiguration;\n\n  /** Claims received from challenges, cached for the next request */\n  cachedClaims?: string;\n\n  /** The logger instance */\n  logger: CredentialLogger;\n}\n\n/**\n * Creates an instance of the MSAL (Microsoft Authentication Library) client.\n *\n * @param clientId - The client ID of the application.\n * @param tenantId - The tenant ID of the Azure Active Directory.\n * @param createMsalClientOptions - Optional. Additional options for creating the MSAL client.\n * @returns An instance of the MSAL client.\n *\n * @public\n */\nexport function createMsalClient(\n  clientId: string,\n  tenantId: string,\n  createMsalClientOptions: MsalClientOptions = {},\n): MsalClient {\n  const state: MsalClientState = {\n    msalConfig: generateMsalConfiguration(clientId, tenantId, createMsalClientOptions),\n    cachedAccount: createMsalClientOptions.authenticationRecord\n      ? publicToMsal(createMsalClientOptions.authenticationRecord)\n      : null,\n    pluginConfiguration: msalPlugins.generatePluginConfiguration(createMsalClientOptions),\n    logger: createMsalClientOptions.logger ?? msalLogger,\n  };\n\n  const publicApps: Map<string, msal.PublicClientApplication> = new Map();\n  async function getPublicApp(\n    options: GetTokenOptions = {},\n  ): Promise<msal.PublicClientApplication> {\n    const appKey = options.enableCae ? \"CAE\" : \"default\";\n\n    let publicClientApp = publicApps.get(appKey);\n    if (publicClientApp) {\n      state.logger.getToken.info(\"Existing PublicClientApplication found in cache, returning it.\");\n      return publicClientApp;\n    }\n\n    // Initialize a new app and cache it\n    state.logger.getToken.info(\n      `Creating new PublicClientApplication with CAE ${options.enableCae ? \"enabled\" : \"disabled\"}.`,\n    );\n\n    const cachePlugin = options.enableCae\n      ? state.pluginConfiguration.cache.cachePluginCae\n      : state.pluginConfiguration.cache.cachePlugin;\n\n    state.msalConfig.auth.clientCapabilities = options.enableCae ? [\"cp1\"] : undefined;\n\n    publicClientApp = new msal.PublicClientApplication({\n      ...state.msalConfig,\n      broker: { nativeBrokerPlugin: state.pluginConfiguration.broker.nativeBrokerPlugin },\n      cache: { cachePlugin: await cachePlugin },\n    });\n\n    publicApps.set(appKey, publicClientApp);\n\n    return publicClientApp;\n  }\n\n  const confidentialApps: Map<string, msal.ConfidentialClientApplication> = new Map();\n  async function getConfidentialApp(\n    options: GetTokenOptions = {},\n  ): Promise<msal.ConfidentialClientApplication> {\n    const appKey = options.enableCae ? \"CAE\" : \"default\";\n\n    let confidentialClientApp = confidentialApps.get(appKey);\n    if (confidentialClientApp) {\n      state.logger.getToken.info(\n        \"Existing ConfidentialClientApplication found in cache, returning it.\",\n      );\n      return confidentialClientApp;\n    }\n\n    // Initialize a new app and cache it\n    state.logger.getToken.info(\n      `Creating new ConfidentialClientApplication with CAE ${\n        options.enableCae ? \"enabled\" : \"disabled\"\n      }.`,\n    );\n\n    const cachePlugin = options.enableCae\n      ? state.pluginConfiguration.cache.cachePluginCae\n      : state.pluginConfiguration.cache.cachePlugin;\n\n    state.msalConfig.auth.clientCapabilities = options.enableCae ? [\"cp1\"] : undefined;\n\n    confidentialClientApp = new msal.ConfidentialClientApplication({\n      ...state.msalConfig,\n      broker: { nativeBrokerPlugin: state.pluginConfiguration.broker.nativeBrokerPlugin },\n      cache: { cachePlugin: await cachePlugin },\n    });\n\n    confidentialApps.set(appKey, confidentialClientApp);\n\n    return confidentialClientApp;\n  }\n\n  async function getTokenSilent(\n    app: msal.ConfidentialClientApplication | msal.PublicClientApplication,\n    scopes: string[],\n    options: GetTokenOptions = {},\n  ): Promise<msal.AuthenticationResult> {\n    if (state.cachedAccount === null) {\n      state.logger.getToken.info(\"No cached account found in local state.\");\n      throw new AuthenticationRequiredError({ scopes });\n    }\n\n    // Keep track and reuse the claims we received across challenges\n    if (options.claims) {\n      state.cachedClaims = options.claims;\n    }\n\n    const silentRequest: msal.SilentFlowRequest = {\n      account: state.cachedAccount,\n      scopes,\n      claims: state.cachedClaims,\n    };\n\n    if (state.pluginConfiguration.broker.isEnabled) {\n      silentRequest.tokenQueryParameters ||= {};\n      if (state.pluginConfiguration.broker.enableMsaPassthrough) {\n        silentRequest.tokenQueryParameters[\"msal_request_type\"] = \"consumer_passthrough\";\n      }\n    }\n\n    if (options.proofOfPossessionOptions) {\n      silentRequest.shrNonce = options.proofOfPossessionOptions.nonce;\n      silentRequest.authenticationScheme = \"pop\";\n      silentRequest.resourceRequestMethod = options.proofOfPossessionOptions.resourceRequestMethod;\n      silentRequest.resourceRequestUri = options.proofOfPossessionOptions.resourceRequestUrl;\n    }\n    state.logger.getToken.info(\"Attempting to acquire token silently\");\n    try {\n      return await app.acquireTokenSilent(silentRequest);\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  /**\n   * Builds an authority URL for the given request. The authority may be different than the one used when creating the MSAL client\n   * if the user is creating cross-tenant requests\n   */\n  function calculateRequestAuthority(options?: GetTokenOptions): string | undefined {\n    if (options?.tenantId) {\n      return getAuthority(options.tenantId, getAuthorityHost(createMsalClientOptions));\n    }\n    return state.msalConfig.auth.authority;\n  }\n\n  /**\n   * Performs silent authentication using MSAL to acquire an access token.\n   * If silent authentication fails, falls back to interactive authentication.\n   *\n   * @param msalApp - The MSAL application instance.\n   * @param scopes - The scopes for which to acquire the access token.\n   * @param options - The options for acquiring the access token.\n   * @param onAuthenticationRequired - A callback function to handle interactive authentication when silent authentication fails.\n   * @returns A promise that resolves to an AccessToken object containing the access token and its expiration timestamp.\n   */\n  async function withSilentAuthentication(\n    msalApp: msal.ConfidentialClientApplication | msal.PublicClientApplication,\n    scopes: Array<string>,\n    options: GetTokenWithSilentAuthOptions,\n    onAuthenticationRequired: () => Promise<msal.AuthenticationResult | null>,\n  ): Promise<AccessToken> {\n    let response: msal.AuthenticationResult | null = null;\n    try {\n      response = await getTokenSilent(msalApp, scopes, options);\n    } catch (e: any) {\n      if (e.name !== \"AuthenticationRequiredError\") {\n        throw e;\n      }\n      if (options.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions: options,\n          message:\n            \"Automatic authentication has been disabled. You may call the authentication() method.\",\n        });\n      }\n    }\n\n    // Silent authentication failed\n    if (response === null) {\n      try {\n        response = await onAuthenticationRequired();\n      } catch (err: any) {\n        throw handleMsalError(scopes, err, options);\n      }\n    }\n\n    // At this point we should have a token, process it\n    ensureValidMsalToken(scopes, response, options);\n    state.cachedAccount = response?.account ?? null;\n\n    state.logger.getToken.info(formatSuccess(scopes));\n    return {\n      token: response.accessToken,\n      expiresOnTimestamp: response.expiresOn.getTime(),\n      refreshAfterTimestamp: response.refreshOn?.getTime(),\n      tokenType: response.tokenType,\n    } as AccessToken;\n  }\n\n  async function getTokenByClientSecret(\n    scopes: string[],\n    clientSecret: string,\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using client secret`);\n\n    state.msalConfig.auth.clientSecret = clientSecret;\n\n    const msalApp = await getConfidentialApp(options);\n\n    try {\n      const response = await msalApp.acquireTokenByClientCredential({\n        scopes,\n        authority: calculateRequestAuthority(options),\n        azureRegion: calculateRegionalAuthority(),\n        claims: options?.claims,\n      });\n      ensureValidMsalToken(scopes, response, options);\n      state.logger.getToken.info(formatSuccess(scopes));\n      return {\n        token: response.accessToken,\n        expiresOnTimestamp: response.expiresOn.getTime(),\n        refreshAfterTimestamp: response.refreshOn?.getTime(),\n        tokenType: response.tokenType,\n      } as AccessToken;\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  async function getTokenByClientAssertion(\n    scopes: string[],\n    clientAssertion: () => Promise<string>,\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using client assertion`);\n\n    state.msalConfig.auth.clientAssertion = clientAssertion;\n\n    const msalApp = await getConfidentialApp(options);\n\n    try {\n      const response = await msalApp.acquireTokenByClientCredential({\n        scopes,\n        authority: calculateRequestAuthority(options),\n        azureRegion: calculateRegionalAuthority(),\n        claims: options?.claims,\n        clientAssertion,\n      });\n      ensureValidMsalToken(scopes, response, options);\n\n      state.logger.getToken.info(formatSuccess(scopes));\n      return {\n        token: response.accessToken,\n        expiresOnTimestamp: response.expiresOn.getTime(),\n        refreshAfterTimestamp: response.refreshOn?.getTime(),\n        tokenType: response.tokenType,\n      } as AccessToken;\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  async function getTokenByClientCertificate(\n    scopes: string[],\n    certificate: CertificateParts,\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using client certificate`);\n\n    state.msalConfig.auth.clientCertificate = certificate;\n\n    const msalApp = await getConfidentialApp(options);\n    try {\n      const response = await msalApp.acquireTokenByClientCredential({\n        scopes,\n        authority: calculateRequestAuthority(options),\n        azureRegion: calculateRegionalAuthority(),\n        claims: options?.claims,\n      });\n      ensureValidMsalToken(scopes, response, options);\n\n      state.logger.getToken.info(formatSuccess(scopes));\n      return {\n        token: response.accessToken,\n        expiresOnTimestamp: response.expiresOn.getTime(),\n        refreshAfterTimestamp: response.refreshOn?.getTime(),\n        tokenType: response.tokenType,\n      } as AccessToken;\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  async function getTokenByDeviceCode(\n    scopes: string[],\n    deviceCodeCallback: DeviceCodePromptCallback,\n    options: GetTokenWithSilentAuthOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using device code`);\n\n    const msalApp = await getPublicApp(options);\n\n    return withSilentAuthentication(msalApp, scopes, options, () => {\n      const requestOptions: msal.DeviceCodeRequest = {\n        scopes,\n        cancel: options?.abortSignal?.aborted ?? false,\n        deviceCodeCallback,\n        authority: calculateRequestAuthority(options),\n        claims: options?.claims,\n      };\n      const deviceCodeRequest = msalApp.acquireTokenByDeviceCode(requestOptions);\n      if (options.abortSignal) {\n        options.abortSignal.addEventListener(\"abort\", () => {\n          requestOptions.cancel = true;\n        });\n      }\n\n      return deviceCodeRequest;\n    });\n  }\n\n  async function getTokenByUsernamePassword(\n    scopes: string[],\n    username: string,\n    password: string,\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using username and password`);\n\n    const msalApp = await getPublicApp(options);\n\n    return withSilentAuthentication(msalApp, scopes, options, () => {\n      const requestOptions: msal.UsernamePasswordRequest = {\n        scopes,\n        username,\n        password,\n        authority: calculateRequestAuthority(options),\n        claims: options?.claims,\n      };\n\n      return msalApp.acquireTokenByUsernamePassword(requestOptions);\n    });\n  }\n\n  function getActiveAccount(): AuthenticationRecord | undefined {\n    if (!state.cachedAccount) {\n      return undefined;\n    }\n    return msalToPublic(clientId, state.cachedAccount);\n  }\n\n  async function getTokenByAuthorizationCode(\n    scopes: string[],\n    redirectUri: string,\n    authorizationCode: string,\n    clientSecret?: string,\n    options: GetTokenWithSilentAuthOptions = {},\n  ): Promise<AccessToken> {\n    state.logger.getToken.info(`Attempting to acquire token using authorization code`);\n\n    let msalApp: msal.ConfidentialClientApplication | msal.PublicClientApplication;\n    if (clientSecret) {\n      // If a client secret is provided, we need to use a confidential client application\n      // See https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow#request-an-access-token-with-a-client_secret\n      state.msalConfig.auth.clientSecret = clientSecret;\n      msalApp = await getConfidentialApp(options);\n    } else {\n      msalApp = await getPublicApp(options);\n    }\n\n    return withSilentAuthentication(msalApp, scopes, options, () => {\n      return msalApp.acquireTokenByCode({\n        scopes,\n        redirectUri,\n        code: authorizationCode,\n        authority: calculateRequestAuthority(options),\n        claims: options?.claims,\n      });\n    });\n  }\n\n  async function getTokenOnBehalfOf(\n    scopes: string[],\n    userAssertionToken: string,\n    clientCredentials: string | CertificateParts | (() => Promise<string>),\n    options: GetTokenOptions = {},\n  ): Promise<AccessToken> {\n    msalLogger.getToken.info(`Attempting to acquire token on behalf of another user`);\n\n    if (typeof clientCredentials === \"string\") {\n      // Client secret\n      msalLogger.getToken.info(`Using client secret for on behalf of flow`);\n      state.msalConfig.auth.clientSecret = clientCredentials;\n    } else if (typeof clientCredentials === \"function\") {\n      // Client Assertion\n      msalLogger.getToken.info(`Using client assertion callback for on behalf of flow`);\n      state.msalConfig.auth.clientAssertion = clientCredentials;\n    } else {\n      // Client certificate\n      msalLogger.getToken.info(`Using client certificate for on behalf of flow`);\n      state.msalConfig.auth.clientCertificate = clientCredentials;\n    }\n\n    const msalApp = await getConfidentialApp(options);\n    try {\n      const response = await msalApp.acquireTokenOnBehalfOf({\n        scopes,\n        authority: calculateRequestAuthority(options),\n        claims: options.claims,\n        oboAssertion: userAssertionToken,\n      });\n      ensureValidMsalToken(scopes, response, options);\n\n      msalLogger.getToken.info(formatSuccess(scopes));\n      return {\n        token: response.accessToken,\n        expiresOnTimestamp: response.expiresOn.getTime(),\n        refreshAfterTimestamp: response.refreshOn?.getTime(),\n        tokenType: response.tokenType,\n      } as AccessToken;\n    } catch (err: any) {\n      throw handleMsalError(scopes, err, options);\n    }\n  }\n\n  /**\n   * Creates a base interactive request configuration for MSAL interactive authentication.\n   * This is shared between interactive and brokered authentication flows.\n   */\n  function createBaseInteractiveRequest(\n    scopes: string[],\n    options: GetTokenInteractiveOptions,\n  ): msal.InteractiveRequest {\n    return {\n      openBrowser: async (url) => {\n        const open = await import(\"open\");\n        await open.default(url, { newInstance: true });\n      },\n      scopes,\n      authority: calculateRequestAuthority(options),\n      claims: options?.claims,\n      loginHint: options?.loginHint,\n      errorTemplate: options?.browserCustomizationOptions?.errorMessage,\n      successTemplate: options?.browserCustomizationOptions?.successMessage,\n      prompt: options?.loginHint ? \"login\" : \"select_account\",\n    };\n  }\n\n  /**\n   * @internal\n   */\n  async function getBrokeredTokenInternal(\n    scopes: string[],\n    useDefaultBrokerAccount: boolean,\n    options: GetTokenInteractiveOptions = {},\n  ): Promise<msal.AuthenticationResult> {\n    msalLogger.verbose(\"Authentication will resume through the broker\");\n\n    const app = await getPublicApp(options);\n\n    const interactiveRequest = createBaseInteractiveRequest(scopes, options);\n    if (state.pluginConfiguration.broker.parentWindowHandle) {\n      interactiveRequest.windowHandle = Buffer.from(\n        state.pluginConfiguration.broker.parentWindowHandle,\n      );\n    } else {\n      // this is a bug, as the pluginConfiguration handler should validate this case.\n      msalLogger.warning(\n        \"Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.\",\n      );\n    }\n\n    if (state.pluginConfiguration.broker.enableMsaPassthrough) {\n      (interactiveRequest.tokenQueryParameters ??= {})[\"msal_request_type\"] =\n        \"consumer_passthrough\";\n    }\n    if (useDefaultBrokerAccount) {\n      interactiveRequest.prompt = \"none\";\n      msalLogger.verbose(\"Attempting broker authentication using the default broker account\");\n    } else {\n      msalLogger.verbose(\"Attempting broker authentication without the default broker account\");\n    }\n\n    if (options.proofOfPossessionOptions) {\n      interactiveRequest.shrNonce = options.proofOfPossessionOptions.nonce;\n      interactiveRequest.authenticationScheme = \"pop\";\n      interactiveRequest.resourceRequestMethod =\n        options.proofOfPossessionOptions.resourceRequestMethod;\n      interactiveRequest.resourceRequestUri = options.proofOfPossessionOptions.resourceRequestUrl;\n    }\n    try {\n      return await app.acquireTokenInteractive(interactiveRequest);\n    } catch (e: any) {\n      msalLogger.verbose(`Failed to authenticate through the broker: ${e.message}`);\n      if (options.disableAutomaticAuthentication) {\n        throw new AuthenticationRequiredError({\n          scopes,\n          getTokenOptions: options,\n          message: \"Cannot silently authenticate with default broker account.\",\n        });\n      }\n      // If we tried to use the default broker account and failed, fall back to interactive authentication\n      if (useDefaultBrokerAccount) {\n        return getBrokeredTokenInternal(scopes, false, options);\n      } else {\n        throw e;\n      }\n    }\n  }\n\n  /**\n   * A helper function that supports brokered authentication through the MSAL's public application.\n   *\n   * When useDefaultBrokerAccount is true, the method will attempt to authenticate using the default broker account.\n   * If the default broker account is not available, the method will fall back to interactive authentication.\n   */\n  async function getBrokeredToken(\n    scopes: string[],\n    useDefaultBrokerAccount: boolean,\n    options: GetTokenInteractiveOptions = {},\n  ): Promise<AccessToken> {\n    msalLogger.getToken.info(\n      `Attempting to acquire token using brokered authentication with useDefaultBrokerAccount: ${useDefaultBrokerAccount}`,\n    );\n    const response = await getBrokeredTokenInternal(scopes, useDefaultBrokerAccount, options);\n    ensureValidMsalToken(scopes, response, options);\n    state.cachedAccount = response?.account ?? null;\n\n    state.logger.getToken.info(formatSuccess(scopes));\n    return {\n      token: response.accessToken,\n      expiresOnTimestamp: response.expiresOn.getTime(),\n      refreshAfterTimestamp: response.refreshOn?.getTime(),\n      tokenType: response.tokenType,\n    } as AccessToken;\n  }\n\n  async function getTokenByInteractiveRequest(\n    scopes: string[],\n    options: GetTokenInteractiveOptions = {},\n  ): Promise<AccessToken> {\n    msalLogger.getToken.info(`Attempting to acquire token interactively`);\n\n    const app = await getPublicApp(options);\n\n    return withSilentAuthentication(app, scopes, options, async () => {\n      const interactiveRequest = createBaseInteractiveRequest(scopes, options);\n\n      if (state.pluginConfiguration.broker.isEnabled) {\n        return getBrokeredTokenInternal(\n          scopes,\n          state.pluginConfiguration.broker.useDefaultBrokerAccount ?? false,\n          options,\n        );\n      }\n      if (options.proofOfPossessionOptions) {\n        interactiveRequest.shrNonce = options.proofOfPossessionOptions.nonce;\n        interactiveRequest.authenticationScheme = \"pop\";\n        interactiveRequest.resourceRequestMethod =\n          options.proofOfPossessionOptions.resourceRequestMethod;\n        interactiveRequest.resourceRequestUri = options.proofOfPossessionOptions.resourceRequestUrl;\n      }\n      return app.acquireTokenInteractive(interactiveRequest);\n    });\n  }\n\n  return {\n    getActiveAccount,\n    getBrokeredToken,\n    getTokenByClientSecret,\n    getTokenByClientAssertion,\n    getTokenByClientCertificate,\n    getTokenByDeviceCode,\n    getTokenByUsernamePassword,\n    getTokenByAuthorizationCode,\n    getTokenOnBehalfOf,\n    getTokenByInteractiveRequest,\n  };\n}\n"]}

package/dist/commonjs/msal/nodeFlows/msalPlugins.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"msalPlugins.d.ts","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalPlugins.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAQlD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,KAAK,EACV,yBAAyB,EACzB,iCAAiC,EAClC,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AAEtF;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,KAAK,EAAE;QACL;;WAEG;QACH,WAAW,CAAC,EAAE,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QAC7C;;WAEG;QACH,cAAc,CAAC,EAAE,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;KACjD,CAAC;IACF;;OAEG;IACH,MAAM,EAAE;QACN;;;;WAIG;QACH,SAAS,EAAE,OAAO,CAAC;QACnB;;WAEG;QACH,oBAAoB,EAAE,OAAO,CAAC;QAC9B;;WAEG;QACH,kBAAkB,CAAC,EAAE,UAAU,CAAC;QAChC;;WAEG;QACH,kBAAkB,CAAC,EAAE,QAAQ,CAAC,mBAAmB,CAAC;QAClD;;WAEG;QACH,uBAAuB,CAAC,EAAE,OAAO,CAAC;KACnC,CAAC;CACH;AAED;;;GAGG;AACH,eAAO,IAAI,mBAAmB,EAC1B,CAAC,CAAC,OAAO,CAAC,EAAE,4BAA4B,KAAK,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,GAC5E,SAAqB,CAAC;AAE1B;;;GAGG;AACH,eAAO,MAAM,wBAAwB;mCACJ,OAAO,CAAC,OAAO,mBAAmB,EAAE,SAAS,CAAC,GAAG,IAAI;CAGrF,CAAC;AAEF;;;GAGG;AACH,eAAO,IAAI,gBAAgB,EACvB;IACE,MAAM,EAAE,QAAQ,CAAC,mBAAmB,CAAC;CACtC,GACD,SAAqB,CAAC;AAE1B;;;GAGG;AACH,eAAO,IAAI,oBAAoB,EAAE,MAAM,GAAG,SAAqB,CAAC;AAEhE;;;GAGG;AACH,eAAO,IAAI,gBAAgB,EACvB;IACE,MAAM,EAAE,QAAQ,CAAC,mBAAmB,CAAC;CACtC,GACD,SAAqB,CAAC;AAE1B,wBAAgB,eAAe,IAAI,OAAO,CAEzC;AAED,wBAAgB,eAAe,IAAI,OAAO,CAEzC;AAED;;;GAGG;AACH,eAAO,MAAM,+BAA+B,EAAE,yBAM7C,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,mCAAmC,EAAE,iCASjD,CAAC;AAEF;;;;;;;GAOG;AACH,iBAAS,2BAA2B,CAAC,OAAO,EAAE,iBAAiB,GAAG,mBAAmB,CA8DpF;AAED;;GAEG;AACH,eAAO,MAAM,WAAW;;CAEvB,CAAC"}
+{"version":3,"file":"msalPlugins.d.ts","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalPlugins.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAQlD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,KAAK,EACV,yBAAyB,EACzB,iCAAiC,EAClC,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AAEtF;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,KAAK,EAAE;QACL;;WAEG;QACH,WAAW,CAAC,EAAE,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QAC7C;;WAEG;QACH,cAAc,CAAC,EAAE,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;KACjD,CAAC;IACF;;OAEG;IACH,MAAM,EAAE;QACN;;;;WAIG;QACH,SAAS,EAAE,OAAO,CAAC;QACnB;;WAEG;QACH,oBAAoB,EAAE,OAAO,CAAC;QAC9B;;WAEG;QACH,kBAAkB,CAAC,EAAE,UAAU,CAAC;QAChC;;WAEG;QACH,kBAAkB,CAAC,EAAE,QAAQ,CAAC,mBAAmB,CAAC;QAClD;;WAEG;QACH,uBAAuB,CAAC,EAAE,OAAO,CAAC;KACnC,CAAC;CACH;AAED;;;GAGG;AACH,eAAO,IAAI,mBAAmB,EAC1B,CAAC,CAAC,OAAO,CAAC,EAAE,4BAA4B,KAAK,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,GAC5E,SAAqB,CAAC;AAE1B;;;GAGG;AACH,eAAO,MAAM,wBAAwB;mCACJ,OAAO,CAAC,OAAO,mBAAmB,EAAE,SAAS,CAAC,GAAG,IAAI;CAGrF,CAAC;AAEF;;;GAGG;AACH,eAAO,IAAI,gBAAgB,EACvB;IACE,MAAM,EAAE,QAAQ,CAAC,mBAAmB,CAAC;CACtC,GACD,SAAqB,CAAC;AAE1B;;;GAGG;AACH,eAAO,IAAI,oBAAoB,EAAE,MAAM,GAAG,SAAqB,CAAC;AAEhE;;;GAGG;AACH,eAAO,IAAI,gBAAgB,EACvB;IACE,MAAM,EAAE,QAAQ,CAAC,mBAAmB,CAAC;CACtC,GACD,SAAqB,CAAC;AAE1B,wBAAgB,eAAe,IAAI,OAAO,CAEzC;AAED,wBAAgB,eAAe,IAAI,OAAO,CAEzC;AAED;;;GAGG;AACH,eAAO,MAAM,+BAA+B,EAAE,yBAM7C,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,mCAAmC,EAAE,iCASjD,CAAC;AAEF;;;;;;;GAOG;AACH,iBAAS,2BAA2B,CAAC,OAAO,EAAE,iBAAiB,GAAG,mBAAmB,CAqCpF;AAyDD;;GAEG;AACH,eAAO,MAAM,WAAW;;CAEvB,CAAC"}

package/dist/commonjs/msal/nodeFlows/msalPlugins.js

@@ -103,31 +103,59 @@ function generatePluginConfiguration(options) {
         });
     }
     if (options.brokerOptions?.enabled) {
-        if (options.isVSCodeCredential) {
-            if (exports.vsCodeBrokerInfo === undefined) {
-                throw new Error([
-                    "Visual Studio Code Credential was requested, but no plugin was configured or no authentication record was found.",
-                    "You must install the identity-vscode plugin package (`npm install --save @azure/identity-vscode`)",
-                    "and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling",
-                    "`useIdentityPlugin(vsCodePlugin)` before using `enableBroker`.",
-                ].join(" "));
-            }
-            config.broker.nativeBrokerPlugin = exports.vsCodeBrokerInfo.broker;
-        }
-        else {
-            if (exports.nativeBrokerInfo === undefined) {
-                throw new Error([
-                    "Broker for WAM was requested to be enabled, but no native broker was configured.",
-                    "You must install the identity-broker plugin package (`npm install --save @azure/identity-broker`)",
-                    "and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling",
-                    "`useIdentityPlugin(brokerPlugin)` before using `enableBroker`.",
-                ].join(" "));
-            }
-            config.broker.nativeBrokerPlugin = exports.nativeBrokerInfo.broker;
-        }
+        config.broker.nativeBrokerPlugin = getBrokerPlugin(options.isVSCodeCredential || false);
     }
     return config;
 }
+// Broker error message templates with variables for credential and package names
+const brokerErrorTemplates = {
+    missing: (credentialName, packageName, pluginVar) => [
+        `${credentialName} was requested, but no plugin was configured or no authentication record was found.`,
+        `You must install the ${packageName} plugin package (npm install --save ${packageName})`,
+        "and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling",
+        `useIdentityPlugin(${pluginVar}) before using enableBroker.`,
+    ].join(" "),
+    unavailable: (credentialName, packageName) => [
+        `${credentialName} was requested, and the plugin is configured, but the broker is unavailable.`,
+        `Ensure the ${credentialName} plugin is properly installed and configured.`,
+        "Check for missing native dependencies and ensure the package is properly installed.",
+        `See the README for prerequisites on installing and using ${packageName}.`,
+    ].join(" "),
+};
+// Values for VSCode and native broker configurations for error message
+const brokerConfig = {
+    vsCode: {
+        credentialName: "Visual Studio Code Credential",
+        packageName: "@azure/identity-vscode",
+        pluginVar: "vsCodePlugin",
+        get brokerInfo() {
+            return exports.vsCodeBrokerInfo;
+        },
+    },
+    native: {
+        credentialName: "Broker for WAM",
+        packageName: "@azure/identity-broker",
+        pluginVar: "nativeBrokerPlugin",
+        get brokerInfo() {
+            return exports.nativeBrokerInfo;
+        },
+    },
+};
+/**
+ * Set appropriate broker plugin based on whether VSCode or native broker is requested.
+ * @param isVSCodePlugin - true for VSCode broker, false for native broker
+ * @returns the broker plugin if available
+ */
+function getBrokerPlugin(isVSCodePlugin) {
+    const { credentialName, packageName, pluginVar, brokerInfo } = brokerConfig[isVSCodePlugin ? "vsCode" : "native"];
+    if (brokerInfo === undefined) {
+        throw new Error(brokerErrorTemplates.missing(credentialName, packageName, pluginVar));
+    }
+    if (brokerInfo.broker.isBrokerAvailable === false) {
+        throw new Error(brokerErrorTemplates.unavailable(credentialName, packageName));
+    }
+    return brokerInfo.broker;
+}
 /**
  * Wraps generatePluginConfiguration as a writeable property for test stubbing purposes.
  */

package/dist/commonjs/msal/nodeFlows/msalPlugins.js.map

@@ -1 +1 @@
-{"version":3,"file":"msalPlugins.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalPlugins.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AA2GlC,0CAEC;AAED,0CAEC;AA7GD,qDAI4B;AAuD5B;;;GAGG;AACQ,QAAA,mBAAmB,GAEd,SAAS,CAAC;AAE1B;;;GAGG;AACU,QAAA,wBAAwB,GAAG;IACtC,cAAc,CAAC,cAA8D;QAC3E,2BAAmB,GAAG,cAAc,CAAC;IACvC,CAAC;CACF,CAAC;AAEF;;;GAGG;AACQ,QAAA,gBAAgB,GAIX,SAAS,CAAC;AAE1B;;;GAGG;AACQ,QAAA,oBAAoB,GAAuB,SAAS,CAAC;AAEhE;;;GAGG;AACQ,QAAA,gBAAgB,GAIX,SAAS,CAAC;AAE1B,SAAgB,eAAe;IAC7B,OAAO,wBAAgB,KAAK,SAAS,CAAC;AACxC,CAAC;AAED,SAAgB,eAAe;IAC7B,OAAO,4BAAoB,KAAK,SAAS,IAAI,wBAAgB,KAAK,SAAS,CAAC;AAC9E,CAAC;AAED;;;GAGG;AACU,QAAA,+BAA+B,GAA8B;IACxE,eAAe,CAAC,MAAM;QACpB,wBAAgB,GAAG;YACjB,MAAM;SACP,CAAC;IACJ,CAAC;CACF,CAAC;AAEF;;;GAGG;AACU,QAAA,mCAAmC,GAAsC;IACpF,uBAAuB,CAAC,IAAY;QAClC,4BAAoB,GAAG,IAAI,CAAC;IAC9B,CAAC;IACD,eAAe,CAAC,MAAoC;QAClD,wBAAgB,GAAG;YACjB,MAAM;SACP,CAAC;IACJ,CAAC;CACF,CAAC;AAEF;;;;;;;GAOG;AACH,SAAS,2BAA2B,CAAC,OAA0B;IAC7D,MAAM,MAAM,GAAwB;QAClC,KAAK,EAAE,EAAE;QACT,MAAM,EAAE;YACN,GAAG,OAAO,CAAC,aAAa;YACxB,SAAS,EAAE,OAAO,CAAC,aAAa,EAAE,OAAO,IAAI,KAAK;YAClD,oBAAoB,EAAE,OAAO,CAAC,aAAa,EAAE,0BAA0B,IAAI,KAAK;SACjF;KACF,CAAC;IAEF,IAAI,OAAO,CAAC,4BAA4B,EAAE,OAAO,EAAE,CAAC;QAClD,IAAI,2BAAmB,KAAK,SAAS,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CACb;gBACE,qFAAqF;gBACrF,yHAAyH;gBACzH,mFAAmF;gBACnF,0FAA0F;aAC3F,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GAAG,OAAO,CAAC,4BAA4B,CAAC,IAAI,IAAI,uCAAwB,CAAC;QAC5F,MAAM,CAAC,KAAK,CAAC,WAAW,GAAG,IAAA,2BAAmB,EAAC;YAC7C,IAAI,EAAE,GAAG,aAAa,IAAI,mCAAoB,EAAE;YAChD,GAAG,OAAO,CAAC,4BAA4B;SACxC,CAAC,CAAC;QACH,MAAM,CAAC,KAAK,CAAC,cAAc,GAAG,IAAA,2BAAmB,EAAC;YAChD,IAAI,EAAE,GAAG,aAAa,IAAI,+BAAgB,EAAE;YAC5C,GAAG,OAAO,CAAC,4BAA4B;SACxC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,OAAO,CAAC,aAAa,EAAE,OAAO,EAAE,CAAC;QACnC,IAAI,OAAO,CAAC,kBAAkB,EAAE,CAAC;YAC/B,IAAI,wBAAgB,KAAK,SAAS,EAAE,CAAC;gBACnC,MAAM,IAAI,KAAK,CACb;oBACE,kHAAkH;oBAClH,mGAAmG;oBACnG,mFAAmF;oBACnF,gEAAgE;iBACjE,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;YACJ,CAAC;YACD,MAAM,CAAC,MAAM,CAAC,kBAAkB,GAAG,wBAAiB,CAAC,MAAM,CAAC;QAC9D,CAAC;aAAM,CAAC;YACN,IAAI,wBAAgB,KAAK,SAAS,EAAE,CAAC;gBACnC,MAAM,IAAI,KAAK,CACb;oBACE,kFAAkF;oBAClF,mGAAmG;oBACnG,mFAAmF;oBACnF,gEAAgE;iBACjE,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;YACJ,CAAC;YACD,MAAM,CAAC,MAAM,CAAC,kBAAkB,GAAG,wBAAiB,CAAC,MAAM,CAAC;QAC9D,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACU,QAAA,WAAW,GAAG;IACzB,2BAA2B;CAC5B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type * as msalNode from \"@azure/msal-node\";\n\nimport {\n  CACHE_CAE_SUFFIX,\n  CACHE_NON_CAE_SUFFIX,\n  DEFAULT_TOKEN_CACHE_NAME,\n} from \"../../constants.js\";\n\nimport type { MsalClientOptions } from \"./msalClient.js\";\nimport type {\n  NativeBrokerPluginControl,\n  VisualStudioCodeCredentialControl,\n} from \"../../plugins/provider.js\";\nimport type { TokenCachePersistenceOptions } from \"./tokenCachePersistenceOptions.js\";\n\n/**\n * Configuration for the plugins used by the MSAL node client.\n */\nexport interface PluginConfiguration {\n  /**\n   * Configuration for the cache plugin.\n   */\n  cache: {\n    /**\n     * The non-CAE cache plugin handler.\n     */\n    cachePlugin?: Promise<msalNode.ICachePlugin>;\n    /**\n     * The CAE cache plugin handler - persisted to a different file.\n     */\n    cachePluginCae?: Promise<msalNode.ICachePlugin>;\n  };\n  /**\n   * Configuration for the broker plugin.\n   */\n  broker: {\n    /**\n     * True if the broker plugin is enabled and available. False otherwise.\n     *\n     * It is a bug if this is true and the broker plugin is not available.\n     */\n    isEnabled: boolean;\n    /**\n     * If true, MSA account will be passed through, required for WAM authentication.\n     */\n    enableMsaPassthrough: boolean;\n    /**\n     * The parent window handle for the broker.\n     */\n    parentWindowHandle?: Uint8Array;\n    /**\n     * The native broker plugin handler.\n     */\n    nativeBrokerPlugin?: msalNode.INativeBrokerPlugin;\n    /**\n     * If set to true, the credential will attempt to use the default broker account for authentication before falling back to interactive authentication. Default is set to false.\n     */\n    useDefaultBrokerAccount?: boolean;\n  };\n}\n\n/**\n * The current persistence provider, undefined by default.\n * @internal\n */\nexport let persistenceProvider:\n  | ((options?: TokenCachePersistenceOptions) => Promise<msalNode.ICachePlugin>)\n  | undefined = undefined;\n\n/**\n * An object that allows setting the persistence provider.\n * @internal\n */\nexport const msalNodeFlowCacheControl = {\n  setPersistence(pluginProvider: Exclude<typeof persistenceProvider, undefined>): void {\n    persistenceProvider = pluginProvider;\n  },\n};\n\n/**\n * The current native broker provider, undefined by default.\n * @internal\n */\nexport let nativeBrokerInfo:\n  | {\n      broker: msalNode.INativeBrokerPlugin;\n    }\n  | undefined = undefined;\n\n/**\n * The current VSCode auth record path, undefined by default.\n * @internal\n */\nexport let vsCodeAuthRecordPath: string | undefined = undefined;\n\n/**\n * The current VSCode broker, undefined by default.\n * @internal\n */\nexport let vsCodeBrokerInfo:\n  | {\n      broker: msalNode.INativeBrokerPlugin;\n    }\n  | undefined = undefined;\n\nexport function hasNativeBroker(): boolean {\n  return nativeBrokerInfo !== undefined;\n}\n\nexport function hasVSCodePlugin(): boolean {\n  return vsCodeAuthRecordPath !== undefined && vsCodeBrokerInfo !== undefined;\n}\n\n/**\n * An object that allows setting the native broker provider.\n * @internal\n */\nexport const msalNodeFlowNativeBrokerControl: NativeBrokerPluginControl = {\n  setNativeBroker(broker): void {\n    nativeBrokerInfo = {\n      broker,\n    };\n  },\n};\n\n/**\n * An object that allows setting the VSCode credential auth record path and broker.\n * @internal\n */\nexport const msalNodeFlowVSCodeCredentialControl: VisualStudioCodeCredentialControl = {\n  setVSCodeAuthRecordPath(path: string): void {\n    vsCodeAuthRecordPath = path;\n  },\n  setVSCodeBroker(broker: msalNode.INativeBrokerPlugin): void {\n    vsCodeBrokerInfo = {\n      broker,\n    };\n  },\n};\n\n/**\n * Configures plugins, validating that required plugins are available and enabled.\n *\n * Does not create the plugins themselves, but rather returns the configuration that will be used to create them.\n *\n * @param options - options for creating the MSAL client\n * @returns plugin configuration\n */\nfunction generatePluginConfiguration(options: MsalClientOptions): PluginConfiguration {\n  const config: PluginConfiguration = {\n    cache: {},\n    broker: {\n      ...options.brokerOptions,\n      isEnabled: options.brokerOptions?.enabled ?? false,\n      enableMsaPassthrough: options.brokerOptions?.legacyEnableMsaPassthrough ?? false,\n    },\n  };\n\n  if (options.tokenCachePersistenceOptions?.enabled) {\n    if (persistenceProvider === undefined) {\n      throw new Error(\n        [\n          \"Persistent token caching was requested, but no persistence provider was configured.\",\n          \"You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)\",\n          \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n          \"`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`.\",\n        ].join(\" \"),\n      );\n    }\n\n    const cacheBaseName = options.tokenCachePersistenceOptions.name || DEFAULT_TOKEN_CACHE_NAME;\n    config.cache.cachePlugin = persistenceProvider({\n      name: `${cacheBaseName}.${CACHE_NON_CAE_SUFFIX}`,\n      ...options.tokenCachePersistenceOptions,\n    });\n    config.cache.cachePluginCae = persistenceProvider({\n      name: `${cacheBaseName}.${CACHE_CAE_SUFFIX}`,\n      ...options.tokenCachePersistenceOptions,\n    });\n  }\n\n  if (options.brokerOptions?.enabled) {\n    if (options.isVSCodeCredential) {\n      if (vsCodeBrokerInfo === undefined) {\n        throw new Error(\n          [\n            \"Visual Studio Code Credential was requested, but no plugin was configured or no authentication record was found.\",\n            \"You must install the identity-vscode plugin package (`npm install --save @azure/identity-vscode`)\",\n            \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n            \"`useIdentityPlugin(vsCodePlugin)` before using `enableBroker`.\",\n          ].join(\" \"),\n        );\n      }\n      config.broker.nativeBrokerPlugin = vsCodeBrokerInfo!.broker;\n    } else {\n      if (nativeBrokerInfo === undefined) {\n        throw new Error(\n          [\n            \"Broker for WAM was requested to be enabled, but no native broker was configured.\",\n            \"You must install the identity-broker plugin package (`npm install --save @azure/identity-broker`)\",\n            \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n            \"`useIdentityPlugin(brokerPlugin)` before using `enableBroker`.\",\n          ].join(\" \"),\n        );\n      }\n      config.broker.nativeBrokerPlugin = nativeBrokerInfo!.broker;\n    }\n  }\n\n  return config;\n}\n\n/**\n * Wraps generatePluginConfiguration as a writeable property for test stubbing purposes.\n */\nexport const msalPlugins = {\n  generatePluginConfiguration,\n};\n"]}
+{"version":3,"file":"msalPlugins.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalPlugins.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;AA2GlC,0CAEC;AAED,0CAEC;AA7GD,qDAI4B;AAuD5B;;;GAGG;AACQ,QAAA,mBAAmB,GAEd,SAAS,CAAC;AAE1B;;;GAGG;AACU,QAAA,wBAAwB,GAAG;IACtC,cAAc,CAAC,cAA8D;QAC3E,2BAAmB,GAAG,cAAc,CAAC;IACvC,CAAC;CACF,CAAC;AAEF;;;GAGG;AACQ,QAAA,gBAAgB,GAIX,SAAS,CAAC;AAE1B;;;GAGG;AACQ,QAAA,oBAAoB,GAAuB,SAAS,CAAC;AAEhE;;;GAGG;AACQ,QAAA,gBAAgB,GAIX,SAAS,CAAC;AAE1B,SAAgB,eAAe;IAC7B,OAAO,wBAAgB,KAAK,SAAS,CAAC;AACxC,CAAC;AAED,SAAgB,eAAe;IAC7B,OAAO,4BAAoB,KAAK,SAAS,IAAI,wBAAgB,KAAK,SAAS,CAAC;AAC9E,CAAC;AAED;;;GAGG;AACU,QAAA,+BAA+B,GAA8B;IACxE,eAAe,CAAC,MAAM;QACpB,wBAAgB,GAAG;YACjB,MAAM;SACP,CAAC;IACJ,CAAC;CACF,CAAC;AAEF;;;GAGG;AACU,QAAA,mCAAmC,GAAsC;IACpF,uBAAuB,CAAC,IAAY;QAClC,4BAAoB,GAAG,IAAI,CAAC;IAC9B,CAAC;IACD,eAAe,CAAC,MAAoC;QAClD,wBAAgB,GAAG;YACjB,MAAM;SACP,CAAC;IACJ,CAAC;CACF,CAAC;AAEF;;;;;;;GAOG;AACH,SAAS,2BAA2B,CAAC,OAA0B;IAC7D,MAAM,MAAM,GAAwB;QAClC,KAAK,EAAE,EAAE;QACT,MAAM,EAAE;YACN,GAAG,OAAO,CAAC,aAAa;YACxB,SAAS,EAAE,OAAO,CAAC,aAAa,EAAE,OAAO,IAAI,KAAK;YAClD,oBAAoB,EAAE,OAAO,CAAC,aAAa,EAAE,0BAA0B,IAAI,KAAK;SACjF;KACF,CAAC;IAEF,IAAI,OAAO,CAAC,4BAA4B,EAAE,OAAO,EAAE,CAAC;QAClD,IAAI,2BAAmB,KAAK,SAAS,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CACb;gBACE,qFAAqF;gBACrF,yHAAyH;gBACzH,mFAAmF;gBACnF,0FAA0F;aAC3F,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GAAG,OAAO,CAAC,4BAA4B,CAAC,IAAI,IAAI,uCAAwB,CAAC;QAC5F,MAAM,CAAC,KAAK,CAAC,WAAW,GAAG,IAAA,2BAAmB,EAAC;YAC7C,IAAI,EAAE,GAAG,aAAa,IAAI,mCAAoB,EAAE;YAChD,GAAG,OAAO,CAAC,4BAA4B;SACxC,CAAC,CAAC;QACH,MAAM,CAAC,KAAK,CAAC,cAAc,GAAG,IAAA,2BAAmB,EAAC;YAChD,IAAI,EAAE,GAAG,aAAa,IAAI,+BAAgB,EAAE;YAC5C,GAAG,OAAO,CAAC,4BAA4B;SACxC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,OAAO,CAAC,aAAa,EAAE,OAAO,EAAE,CAAC;QACnC,MAAM,CAAC,MAAM,CAAC,kBAAkB,GAAG,eAAe,CAAC,OAAO,CAAC,kBAAkB,IAAI,KAAK,CAAC,CAAC;IAC1F,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,iFAAiF;AACjF,MAAM,oBAAoB,GAAG;IAC3B,OAAO,EAAE,CAAC,cAAsB,EAAE,WAAmB,EAAE,SAAiB,EAAE,EAAE,CAC1E;QACE,GAAG,cAAc,qFAAqF;QACtG,wBAAwB,WAAW,uCAAuC,WAAW,GAAG;QACxF,mFAAmF;QACnF,qBAAqB,SAAS,8BAA8B;KAC7D,CAAC,IAAI,CAAC,GAAG,CAAC;IACb,WAAW,EAAE,CAAC,cAAsB,EAAE,WAAmB,EAAE,EAAE,CAC3D;QACE,GAAG,cAAc,8EAA8E;QAC/F,cAAc,cAAc,+CAA+C;QAC3E,qFAAqF;QACrF,4DAA4D,WAAW,GAAG;KAC3E,CAAC,IAAI,CAAC,GAAG,CAAC;CACd,CAAC;AAEF,uEAAuE;AACvE,MAAM,YAAY,GAAG;IACnB,MAAM,EAAE;QACN,cAAc,EAAE,+BAA+B;QAC/C,WAAW,EAAE,wBAAwB;QACrC,SAAS,EAAE,cAAc;QACzB,IAAI,UAAU;YACZ,OAAO,wBAAgB,CAAC;QAC1B,CAAC;KACF;IACD,MAAM,EAAE;QACN,cAAc,EAAE,gBAAgB;QAChC,WAAW,EAAE,wBAAwB;QACrC,SAAS,EAAE,oBAAoB;QAC/B,IAAI,UAAU;YACZ,OAAO,wBAAgB,CAAC;QAC1B,CAAC;KACF;CACO,CAAC;AAEX;;;;GAIG;AACH,SAAS,eAAe,CAAC,cAAuB;IAC9C,MAAM,EAAE,cAAc,EAAE,WAAW,EAAE,SAAS,EAAE,UAAU,EAAE,GAC1D,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IACrD,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,OAAO,CAAC,cAAc,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC;IACxF,CAAC;IACD,IAAI,UAAU,CAAC,MAAM,CAAC,iBAAiB,KAAK,KAAK,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,WAAW,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC,CAAC;IACjF,CAAC;IACD,OAAO,UAAU,CAAC,MAAM,CAAC;AAC3B,CAAC;AAED;;GAEG;AACU,QAAA,WAAW,GAAG;IACzB,2BAA2B;CAC5B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\nimport type * as msalNode from \"@azure/msal-node\";\n\nimport {\n  CACHE_CAE_SUFFIX,\n  CACHE_NON_CAE_SUFFIX,\n  DEFAULT_TOKEN_CACHE_NAME,\n} from \"../../constants.js\";\n\nimport type { MsalClientOptions } from \"./msalClient.js\";\nimport type {\n  NativeBrokerPluginControl,\n  VisualStudioCodeCredentialControl,\n} from \"../../plugins/provider.js\";\nimport type { TokenCachePersistenceOptions } from \"./tokenCachePersistenceOptions.js\";\n\n/**\n * Configuration for the plugins used by the MSAL node client.\n */\nexport interface PluginConfiguration {\n  /**\n   * Configuration for the cache plugin.\n   */\n  cache: {\n    /**\n     * The non-CAE cache plugin handler.\n     */\n    cachePlugin?: Promise<msalNode.ICachePlugin>;\n    /**\n     * The CAE cache plugin handler - persisted to a different file.\n     */\n    cachePluginCae?: Promise<msalNode.ICachePlugin>;\n  };\n  /**\n   * Configuration for the broker plugin.\n   */\n  broker: {\n    /**\n     * True if the broker plugin is enabled and available. False otherwise.\n     *\n     * It is a bug if this is true and the broker plugin is not available.\n     */\n    isEnabled: boolean;\n    /**\n     * If true, MSA account will be passed through, required for WAM authentication.\n     */\n    enableMsaPassthrough: boolean;\n    /**\n     * The parent window handle for the broker.\n     */\n    parentWindowHandle?: Uint8Array;\n    /**\n     * The native broker plugin handler.\n     */\n    nativeBrokerPlugin?: msalNode.INativeBrokerPlugin;\n    /**\n     * If set to true, the credential will attempt to use the default broker account for authentication before falling back to interactive authentication. Default is set to false.\n     */\n    useDefaultBrokerAccount?: boolean;\n  };\n}\n\n/**\n * The current persistence provider, undefined by default.\n * @internal\n */\nexport let persistenceProvider:\n  | ((options?: TokenCachePersistenceOptions) => Promise<msalNode.ICachePlugin>)\n  | undefined = undefined;\n\n/**\n * An object that allows setting the persistence provider.\n * @internal\n */\nexport const msalNodeFlowCacheControl = {\n  setPersistence(pluginProvider: Exclude<typeof persistenceProvider, undefined>): void {\n    persistenceProvider = pluginProvider;\n  },\n};\n\n/**\n * The current native broker provider, undefined by default.\n * @internal\n */\nexport let nativeBrokerInfo:\n  | {\n      broker: msalNode.INativeBrokerPlugin;\n    }\n  | undefined = undefined;\n\n/**\n * The current VSCode auth record path, undefined by default.\n * @internal\n */\nexport let vsCodeAuthRecordPath: string | undefined = undefined;\n\n/**\n * The current VSCode broker, undefined by default.\n * @internal\n */\nexport let vsCodeBrokerInfo:\n  | {\n      broker: msalNode.INativeBrokerPlugin;\n    }\n  | undefined = undefined;\n\nexport function hasNativeBroker(): boolean {\n  return nativeBrokerInfo !== undefined;\n}\n\nexport function hasVSCodePlugin(): boolean {\n  return vsCodeAuthRecordPath !== undefined && vsCodeBrokerInfo !== undefined;\n}\n\n/**\n * An object that allows setting the native broker provider.\n * @internal\n */\nexport const msalNodeFlowNativeBrokerControl: NativeBrokerPluginControl = {\n  setNativeBroker(broker): void {\n    nativeBrokerInfo = {\n      broker,\n    };\n  },\n};\n\n/**\n * An object that allows setting the VSCode credential auth record path and broker.\n * @internal\n */\nexport const msalNodeFlowVSCodeCredentialControl: VisualStudioCodeCredentialControl = {\n  setVSCodeAuthRecordPath(path: string): void {\n    vsCodeAuthRecordPath = path;\n  },\n  setVSCodeBroker(broker: msalNode.INativeBrokerPlugin): void {\n    vsCodeBrokerInfo = {\n      broker,\n    };\n  },\n};\n\n/**\n * Configures plugins, validating that required plugins are available and enabled.\n *\n * Does not create the plugins themselves, but rather returns the configuration that will be used to create them.\n *\n * @param options - options for creating the MSAL client\n * @returns plugin configuration\n */\nfunction generatePluginConfiguration(options: MsalClientOptions): PluginConfiguration {\n  const config: PluginConfiguration = {\n    cache: {},\n    broker: {\n      ...options.brokerOptions,\n      isEnabled: options.brokerOptions?.enabled ?? false,\n      enableMsaPassthrough: options.brokerOptions?.legacyEnableMsaPassthrough ?? false,\n    },\n  };\n\n  if (options.tokenCachePersistenceOptions?.enabled) {\n    if (persistenceProvider === undefined) {\n      throw new Error(\n        [\n          \"Persistent token caching was requested, but no persistence provider was configured.\",\n          \"You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)\",\n          \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n          \"`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`.\",\n        ].join(\" \"),\n      );\n    }\n\n    const cacheBaseName = options.tokenCachePersistenceOptions.name || DEFAULT_TOKEN_CACHE_NAME;\n    config.cache.cachePlugin = persistenceProvider({\n      name: `${cacheBaseName}.${CACHE_NON_CAE_SUFFIX}`,\n      ...options.tokenCachePersistenceOptions,\n    });\n    config.cache.cachePluginCae = persistenceProvider({\n      name: `${cacheBaseName}.${CACHE_CAE_SUFFIX}`,\n      ...options.tokenCachePersistenceOptions,\n    });\n  }\n\n  if (options.brokerOptions?.enabled) {\n    config.broker.nativeBrokerPlugin = getBrokerPlugin(options.isVSCodeCredential || false);\n  }\n  return config;\n}\n\n// Broker error message templates with variables for credential and package names\nconst brokerErrorTemplates = {\n  missing: (credentialName: string, packageName: string, pluginVar: string) =>\n    [\n      `${credentialName} was requested, but no plugin was configured or no authentication record was found.`,\n      `You must install the ${packageName} plugin package (npm install --save ${packageName})`,\n      \"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling\",\n      `useIdentityPlugin(${pluginVar}) before using enableBroker.`,\n    ].join(\" \"),\n  unavailable: (credentialName: string, packageName: string) =>\n    [\n      `${credentialName} was requested, and the plugin is configured, but the broker is unavailable.`,\n      `Ensure the ${credentialName} plugin is properly installed and configured.`,\n      \"Check for missing native dependencies and ensure the package is properly installed.\",\n      `See the README for prerequisites on installing and using ${packageName}.`,\n    ].join(\" \"),\n};\n\n// Values for VSCode and native broker configurations for error message\nconst brokerConfig = {\n  vsCode: {\n    credentialName: \"Visual Studio Code Credential\",\n    packageName: \"@azure/identity-vscode\",\n    pluginVar: \"vsCodePlugin\",\n    get brokerInfo() {\n      return vsCodeBrokerInfo;\n    },\n  },\n  native: {\n    credentialName: \"Broker for WAM\",\n    packageName: \"@azure/identity-broker\",\n    pluginVar: \"nativeBrokerPlugin\",\n    get brokerInfo() {\n      return nativeBrokerInfo;\n    },\n  },\n} as const;\n\n/**\n * Set appropriate broker plugin based on whether VSCode or native broker is requested.\n * @param isVSCodePlugin - true for VSCode broker, false for native broker\n * @returns the broker plugin if available\n */\nfunction getBrokerPlugin(isVSCodePlugin: boolean): msalNode.INativeBrokerPlugin {\n  const { credentialName, packageName, pluginVar, brokerInfo } =\n    brokerConfig[isVSCodePlugin ? \"vsCode\" : \"native\"];\n  if (brokerInfo === undefined) {\n    throw new Error(brokerErrorTemplates.missing(credentialName, packageName, pluginVar));\n  }\n  if (brokerInfo.broker.isBrokerAvailable === false) {\n    throw new Error(brokerErrorTemplates.unavailable(credentialName, packageName));\n  }\n  return brokerInfo.broker;\n}\n\n/**\n * Wraps generatePluginConfiguration as a writeable property for test stubbing purposes.\n */\nexport const msalPlugins = {\n  generatePluginConfiguration,\n};\n"]}

package/dist/commonjs/msal/utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/msal/utils.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,oBAAoB,EAAE,eAAe,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAEnG,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAM3D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEvC,MAAM,WAAW,eAAe;IAC9B,CAAC,KAAK,EAAE,UAAU,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,GAAG,IAAI,CAAC;CAC3E;AAaD;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,SAAS,CAAC,EAAE,SAAS,GAAG,IAAI,EAC5B,eAAe,CAAC,EAAE,eAAe,GAChC,OAAO,CAAC,SAAS,IAAI,cAAc,CAkBrC;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,CAAC,EAAE;IAAE,aAAa,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,MAAM,CAQ7E;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAYpE;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,MAAM,EACrB,wBAAwB,CAAC,EAAE,OAAO,GACjC,MAAM,EAAE,CAKV;AAED;;;;GAIG;AACH,eAAO,MAAM,qBAAqB,EAAE,CAClC,MAAM,EAAE,gBAAgB,EACxB,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,KAC1B,eAoBF,CAAC;AAEJ;;GAEG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,aAAa,GAAG,SAAS,GAAG,UAAU,CAAC,QAAQ,CAcxF;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,IAAI,MAAM,CAEnC;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,MAAM,EAAE,EAChB,KAAK,EAAE,KAAK,EACZ,eAAe,CAAC,EAAE,eAAe,GAChC,KAAK,CA6CP;AAGD,wBAAgB,YAAY,CAAC,OAAO,EAAE,oBAAoB,GAAG,UAAU,CAAC,WAAW,CAQlF;AAED,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,eAAe,GAAG,oBAAoB,CAU7F;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,6BAA6B,CAAC,MAAM,EAAE,oBAAoB,GAAG,MAAM,CAElF;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,+BAA+B,CAAC,gBAAgB,EAAE,MAAM,GAAG,oBAAoB,CAQ9F"}
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/msal/utils.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,oBAAoB,EAAE,eAAe,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAEnG,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAM3D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEvC,MAAM,WAAW,eAAe;IAC9B,CAAC,KAAK,EAAE,UAAU,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,GAAG,IAAI,CAAC;CAC3E;AASD;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,EACzB,SAAS,CAAC,EAAE,SAAS,GAAG,IAAI,EAC5B,eAAe,CAAC,EAAE,eAAe,GAChC,OAAO,CAAC,SAAS,IAAI,cAAc,CAkBrC;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,CAAC,EAAE;IAAE,aAAa,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,MAAM,CAQ7E;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAYpE;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,MAAM,EACrB,wBAAwB,CAAC,EAAE,OAAO,GACjC,MAAM,EAAE,CAKV;AAED;;;;GAIG;AACH,eAAO,MAAM,qBAAqB,EAAE,CAClC,MAAM,EAAE,gBAAgB,EACxB,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,KAC1B,eAoBF,CAAC;AAEJ;;GAEG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,aAAa,GAAG,SAAS,GAAG,UAAU,CAAC,QAAQ,CAcxF;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,IAAI,MAAM,CAEnC;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,MAAM,EAAE,MAAM,EAAE,EAChB,KAAK,EAAE,KAAK,EACZ,eAAe,CAAC,EAAE,eAAe,GAChC,KAAK,CA6CP;AAGD,wBAAgB,YAAY,CAAC,OAAO,EAAE,oBAAoB,GAAG,UAAU,CAAC,WAAW,CAQlF;AAED,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,eAAe,GAAG,oBAAoB,CAU7F;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,6BAA6B,CAAC,MAAM,EAAE,oBAAoB,GAAG,MAAM,CAElF;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,+BAA+B,CAAC,gBAAgB,EAAE,MAAM,GAAG,oBAAoB,CAQ9F"}

package/dist/commonjs/msal/utils.js

@@ -20,13 +20,9 @@ const constants_js_1 = require("../constants.js");
 const core_util_1 = require("@azure/core-util");
 const abort_controller_1 = require("@azure/abort-controller");
 const msal_js_1 = require("./msal.js");
-/**
- * @internal
- */
 const logger = (0, logging_js_1.credentialLogger)("IdentityUtils");
 /**
  * Latest AuthenticationRecord version
- * @internal
  */
 const LatestAuthenticationRecordVersion = "1.0";
 /**