@azure/msal-browser 5.10.1 → 5.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (255) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  4. package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
  5. package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
  6. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +18 -32
  7. package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
  8. package/dist/cache/AccountManager.mjs +1 -1
  9. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  10. package/dist/cache/BrowserCacheManager.mjs +1 -1
  11. package/dist/cache/CacheHelpers.mjs +1 -1
  12. package/dist/cache/CacheKeys.mjs +2 -3
  13. package/dist/cache/CacheKeys.mjs.map +1 -1
  14. package/dist/cache/CookieStorage.mjs +1 -1
  15. package/dist/cache/DatabaseStorage.mjs +1 -1
  16. package/dist/cache/EncryptedData.mjs +1 -1
  17. package/dist/cache/LocalStorage.mjs +1 -1
  18. package/dist/cache/MemoryStorage.mjs +1 -1
  19. package/dist/cache/SessionStorage.mjs +1 -1
  20. package/dist/cache/TokenCache.mjs +1 -1
  21. package/dist/config/Configuration.mjs +2 -1
  22. package/dist/config/Configuration.mjs.map +1 -1
  23. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  24. package/dist/controllers/StandardController.mjs +2 -2
  25. package/dist/controllers/StandardController.mjs.map +1 -1
  26. package/dist/crypto/BrowserCrypto.mjs +1 -1
  27. package/dist/crypto/CryptoOps.mjs +1 -1
  28. package/dist/crypto/PkceGenerator.mjs +1 -1
  29. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  30. package/dist/custom_auth/CustomAuthConstants.mjs +11 -2
  31. package/dist/custom_auth/CustomAuthConstants.mjs.map +1 -1
  32. package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
  33. package/dist/custom_auth/controller/CustomAuthStandardController.mjs +2 -2
  34. package/dist/custom_auth/controller/CustomAuthStandardController.mjs.map +1 -1
  35. package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
  36. package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
  37. package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
  38. package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
  39. package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
  40. package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
  41. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
  42. package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
  43. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
  44. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
  45. package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
  46. package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
  47. package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
  48. package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
  49. package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
  50. package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
  51. package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
  52. package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
  53. package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
  54. package/dist/custom_auth/core/error/HttpError.mjs +1 -1
  55. package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
  56. package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
  57. package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
  58. package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
  59. package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
  60. package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
  61. package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
  62. package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
  63. package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
  64. package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
  65. package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
  66. package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
  67. package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
  68. package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
  69. package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
  70. package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
  71. package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
  72. package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
  73. package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
  74. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +21 -3
  75. package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs.map +1 -1
  76. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +6 -6
  77. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs.map +1 -1
  78. package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
  79. package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
  80. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +3 -3
  81. package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs.map +1 -1
  82. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +3 -3
  83. package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs.map +1 -1
  84. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +3 -3
  85. package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs.map +1 -1
  86. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
  87. package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
  88. package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
  89. package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
  90. package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
  91. package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
  92. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +56 -0
  93. package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs.map +1 -0
  94. package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
  95. package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
  96. package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
  97. package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
  98. package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
  99. package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
  100. package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
  101. package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
  102. package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
  103. package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
  104. package/dist/custom_auth/index.mjs +1 -1
  105. package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
  106. package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
  107. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
  108. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
  109. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
  110. package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
  111. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
  112. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
  113. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
  114. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
  115. package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
  116. package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
  117. package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
  118. package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
  119. package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
  120. package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
  121. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
  122. package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
  123. package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
  124. package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
  125. package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
  126. package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
  127. package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
  128. package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
  129. package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
  130. package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
  131. package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
  132. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
  133. package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
  134. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
  135. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
  136. package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
  137. package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
  138. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
  139. package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
  140. package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
  141. package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
  142. package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
  143. package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
  144. package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
  145. package/dist/encode/Base64Decode.mjs +1 -1
  146. package/dist/encode/Base64Encode.mjs +1 -1
  147. package/dist/error/BrowserAuthError.mjs +1 -1
  148. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  149. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  150. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  151. package/dist/error/NativeAuthError.mjs +1 -1
  152. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  153. package/dist/error/NestedAppAuthError.mjs +1 -1
  154. package/dist/event/EventHandler.mjs +1 -1
  155. package/dist/event/EventMessage.mjs +1 -1
  156. package/dist/event/EventType.mjs +1 -1
  157. package/dist/index.mjs +1 -1
  158. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  159. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  160. package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
  161. package/dist/interaction_client/PopupClient.mjs +1 -1
  162. package/dist/interaction_client/RedirectClient.mjs +1 -1
  163. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  164. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  165. package/dist/interaction_client/SilentIframeClient.mjs +1 -1
  166. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  167. package/dist/interaction_client/StandardInteractionClient.mjs +6 -4
  168. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  169. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  170. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  171. package/dist/log-strings-mapping.json +1200 -1188
  172. package/dist/naa/BridgeError.mjs +1 -1
  173. package/dist/naa/BridgeProxy.mjs +1 -1
  174. package/dist/naa/BridgeStatusCode.mjs +1 -1
  175. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
  176. package/dist/navigation/NavigationClient.mjs +1 -1
  177. package/dist/network/FetchClient.mjs +1 -1
  178. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  179. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  180. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  181. package/dist/packageMetadata.mjs +2 -2
  182. package/dist/protocol/Authorize.mjs +1 -1
  183. package/dist/redirect_bridge/index.mjs +1 -1
  184. package/dist/request/RequestHelpers.mjs +1 -1
  185. package/dist/response/ResponseHandler.mjs +1 -1
  186. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  187. package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
  188. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  189. package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
  190. package/dist/utils/BrowserConstants.mjs +1 -1
  191. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  192. package/dist/utils/BrowserUtils.mjs +1 -1
  193. package/dist/utils/Helpers.mjs +1 -1
  194. package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
  195. package/lib/custom-auth-path/log-strings-mapping.json +21 -9
  196. package/lib/custom-auth-path/msal-custom-auth.cjs +171 -104
  197. package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
  198. package/lib/custom-auth-path/msal-custom-auth.js +171 -104
  199. package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
  200. package/lib/log-strings-mapping.json +8 -8
  201. package/lib/msal-browser.cjs +92 -101
  202. package/lib/msal-browser.cjs.map +1 -1
  203. package/lib/msal-browser.js +92 -101
  204. package/lib/msal-browser.js.map +1 -1
  205. package/lib/msal-browser.min.js +2 -2
  206. package/lib/redirect-bridge/msal-redirect-bridge.cjs +10 -10
  207. package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
  208. package/lib/redirect-bridge/msal-redirect-bridge.js +10 -10
  209. package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
  210. package/lib/redirect-bridge/msal-redirect-bridge.min.js +1 -1
  211. package/package.json +2 -2
  212. package/src/broker/nativeBroker/PlatformAuthProvider.ts +34 -30
  213. package/src/config/Configuration.ts +5 -0
  214. package/src/controllers/StandardController.ts +2 -1
  215. package/src/custom_auth/CustomAuthConstants.ts +10 -0
  216. package/src/custom_auth/configuration/CustomAuthConfiguration.ts +2 -0
  217. package/src/custom_auth/configuration/CustomAuthRequestInterceptor.ts +54 -0
  218. package/src/custom_auth/controller/CustomAuthStandardController.ts +3 -1
  219. package/src/custom_auth/core/network_client/custom_auth_api/BaseApiClient.ts +41 -2
  220. package/src/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.ts +17 -5
  221. package/src/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.ts +8 -2
  222. package/src/custom_auth/core/network_client/custom_auth_api/SignInApiClient.ts +8 -3
  223. package/src/custom_auth/core/network_client/custom_auth_api/SignupApiClient.ts +8 -2
  224. package/src/custom_auth/core/utils/CustomHeaderUtils.ts +75 -0
  225. package/src/custom_auth/index.ts +4 -0
  226. package/src/interaction_client/StandardInteractionClient.ts +11 -5
  227. package/src/packageMetadata.ts +1 -1
  228. package/types/broker/nativeBroker/PlatformAuthProvider.d.ts +7 -12
  229. package/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
  230. package/types/config/Configuration.d.ts +4 -0
  231. package/types/config/Configuration.d.ts.map +1 -1
  232. package/types/controllers/StandardController.d.ts.map +1 -1
  233. package/types/custom_auth/CustomAuthConstants.d.ts +5 -1
  234. package/types/custom_auth/CustomAuthConstants.d.ts.map +1 -1
  235. package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts +2 -0
  236. package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts.map +1 -1
  237. package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts +42 -0
  238. package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts.map +1 -0
  239. package/types/custom_auth/controller/CustomAuthStandardController.d.ts.map +1 -1
  240. package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts +6 -2
  241. package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts.map +1 -1
  242. package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts +3 -1
  243. package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts.map +1 -1
  244. package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts +3 -1
  245. package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts.map +1 -1
  246. package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts +3 -1
  247. package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts.map +1 -1
  248. package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts +3 -1
  249. package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts.map +1 -1
  250. package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts +21 -0
  251. package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts.map +1 -0
  252. package/types/custom_auth/index.d.ts +1 -0
  253. package/types/custom_auth/index.d.ts.map +1 -1
  254. package/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  255. package/types/packageMetadata.d.ts +1 -1
@@ -1 +1 @@
1
- {"version":3,"file":"msal-redirect-bridge.js","sources":["../../../msal-common/dist-browser/utils/Constants.mjs","../../../msal-common/dist-browser/error/AuthError.mjs","../../../msal-common/dist-browser/error/ClientConfigurationError.mjs","../../../msal-common/dist-browser/utils/StringUtils.mjs","../../../msal-common/dist-browser/error/ClientAuthError.mjs","../../../msal-common/dist-browser/error/ClientConfigurationErrorCodes.mjs","../../../msal-common/dist-browser/error/ClientAuthErrorCodes.mjs","../../../msal-common/dist-browser/url/UrlString.mjs","../../../msal-common/dist-browser/utils/ProtocolUtils.mjs","../../../../src/error/BrowserAuthErrorCodes.ts","../../../../src/error/BrowserAuthError.ts","../../../../src/utils/BrowserConstants.ts","../../../../src/encode/Base64Decode.ts","../../../../src/utils/BrowserUtils.ts","../../../../src/navigation/NavigationClient.ts","../../../../src/config/Configuration.ts","../../../../src/cache/CacheKeys.ts","../../../../src/redirect_bridge/index.ts"],"sourcesContent":["/*! @azure/msal-common v16.6.1 2026-05-11 */\n'use strict';\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\nconst SKU = \"msal.js.common\";\r\n// default authority\r\nconst DEFAULT_AUTHORITY = \"https://login.microsoftonline.com/common/\";\r\nconst DEFAULT_AUTHORITY_HOST = \"login.microsoftonline.com\";\r\nconst DEFAULT_COMMON_TENANT = \"common\";\r\n// ADFS String\r\nconst ADFS = \"adfs\";\r\nconst DSTS = \"dstsv2\";\r\n// Default AAD Instance Discovery Endpoint\r\nconst AAD_INSTANCE_DISCOVERY_ENDPT = `${DEFAULT_AUTHORITY}discovery/instance?api-version=1.1&authorization_endpoint=`;\r\n// CIAM URL\r\nconst CIAM_AUTH_URL = \".ciamlogin.com\";\r\nconst AAD_TENANT_DOMAIN_SUFFIX = \".onmicrosoft.com\";\r\n// Resource delimiter - used for certain cache entries\r\nconst RESOURCE_DELIM = \"|\";\r\n// Consumer UTID\r\nconst CONSUMER_UTID = \"9188040d-6c67-4c5b-b112-36a304b66dad\";\r\n// Default scopes\r\nconst OPENID_SCOPE = \"openid\";\r\nconst PROFILE_SCOPE = \"profile\";\r\nconst OFFLINE_ACCESS_SCOPE = \"offline_access\";\r\nconst EMAIL_SCOPE = \"email\";\r\nconst CODE_GRANT_TYPE = \"authorization_code\";\r\nconst S256_CODE_CHALLENGE_METHOD = \"S256\";\r\nconst URL_FORM_CONTENT_TYPE = \"application/x-www-form-urlencoded;charset=utf-8\";\r\nconst AUTHORIZATION_PENDING = \"authorization_pending\";\r\nconst NOT_APPLICABLE = \"N/A\";\r\nconst NOT_AVAILABLE = \"Not Available\";\r\nconst FORWARD_SLASH = \"/\";\r\nconst IMDS_ENDPOINT = \"http://169.254.169.254/metadata/instance/compute/location\";\r\nconst IMDS_VERSION = \"2020-06-01\";\r\nconst IMDS_TIMEOUT = 2000;\r\nconst AZURE_REGION_AUTO_DISCOVER_FLAG = \"TryAutoDetect\";\r\nconst REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX = \"login.microsoft.com\";\r\nconst KNOWN_PUBLIC_CLOUDS = [\r\n \"login.microsoftonline.com\",\r\n \"login.windows.net\",\r\n \"login.microsoft.com\",\r\n \"sts.windows.net\",\r\n];\r\nconst SHR_NONCE_VALIDITY = 240;\r\nconst INVALID_INSTANCE = \"invalid_instance\";\r\nconst HTTP_SUCCESS = 200;\r\nconst HTTP_SUCCESS_RANGE_START = 200;\r\nconst HTTP_SUCCESS_RANGE_END = 299;\r\nconst HTTP_REDIRECT = 302;\r\nconst HTTP_CLIENT_ERROR = 400;\r\nconst HTTP_CLIENT_ERROR_RANGE_START = 400;\r\nconst HTTP_BAD_REQUEST = 400;\r\nconst HTTP_UNAUTHORIZED = 401;\r\nconst HTTP_NOT_FOUND = 404;\r\nconst HTTP_REQUEST_TIMEOUT = 408;\r\nconst HTTP_GONE = 410;\r\nconst HTTP_TOO_MANY_REQUESTS = 429;\r\nconst HTTP_CLIENT_ERROR_RANGE_END = 499;\r\nconst HTTP_SERVER_ERROR = 500;\r\nconst HTTP_SERVER_ERROR_RANGE_START = 500;\r\nconst HTTP_SERVICE_UNAVAILABLE = 503;\r\nconst HTTP_GATEWAY_TIMEOUT = 504;\r\nconst HTTP_SERVER_ERROR_RANGE_END = 599;\r\nconst HTTP_MULTI_SIDED_ERROR = 600;\r\nconst HttpMethod = {\r\n GET: \"GET\",\r\n POST: \"POST\",\r\n};\r\nconst OIDC_DEFAULT_SCOPES = [\r\n OPENID_SCOPE,\r\n PROFILE_SCOPE,\r\n OFFLINE_ACCESS_SCOPE,\r\n];\r\nconst OIDC_SCOPES = [...OIDC_DEFAULT_SCOPES, EMAIL_SCOPE];\r\n/**\r\n * Request header names\r\n */\r\nconst HeaderNames = {\r\n CONTENT_TYPE: \"Content-Type\",\r\n CONTENT_LENGTH: \"Content-Length\",\r\n RETRY_AFTER: \"Retry-After\",\r\n CCS_HEADER: \"X-AnchorMailbox\",\r\n WWWAuthenticate: \"WWW-Authenticate\",\r\n AuthenticationInfo: \"Authentication-Info\",\r\n X_MS_REQUEST_ID: \"x-ms-request-id\",\r\n X_MS_HTTP_VERSION: \"x-ms-httpver\",\r\n};\r\n/**\r\n * Persistent cache keys MSAL which stay while user is logged in.\r\n */\r\nconst PersistentCacheKeys = {\r\n ACTIVE_ACCOUNT_FILTERS: \"active-account-filters\", // new cache entry for active_account for a more robust version for browser\r\n};\r\n/**\r\n * String constants related to AAD Authority\r\n */\r\nconst AADAuthority = {\r\n COMMON: \"common\",\r\n ORGANIZATIONS: \"organizations\",\r\n CONSUMERS: \"consumers\",\r\n};\r\n/**\r\n * Claims request keys\r\n */\r\nconst ClaimsRequestKeys = {\r\n ACCESS_TOKEN: \"access_token\",\r\n XMS_CC: \"xms_cc\",\r\n};\r\n/**\r\n * we considered making this \"enum\" in the request instead of string, however it looks like the allowed list of\r\n * prompt values kept changing over past couple of years. There are some undocumented prompt values for some\r\n * internal partners too, hence the choice of generic \"string\" type instead of the \"enum\"\r\n */\r\nconst PromptValue = {\r\n LOGIN: \"login\",\r\n SELECT_ACCOUNT: \"select_account\",\r\n CONSENT: \"consent\",\r\n NONE: \"none\",\r\n CREATE: \"create\",\r\n NO_SESSION: \"no_session\",\r\n};\r\n/**\r\n * allowed values for codeVerifier\r\n */\r\nconst CodeChallengeMethodValues = {\r\n PLAIN: \"plain\",\r\n S256: \"S256\",\r\n};\r\n/**\r\n * Allowed values for response_type\r\n */\r\nconst OAuthResponseType = {\r\n CODE: \"code\",\r\n IDTOKEN_TOKEN: \"id_token token\",\r\n IDTOKEN_TOKEN_REFRESHTOKEN: \"id_token token refresh_token\",\r\n};\r\n/**\r\n * allowed values for response_mode\r\n */\r\nconst ResponseMode = {\r\n QUERY: \"query\",\r\n FRAGMENT: \"fragment\",\r\n FORM_POST: \"form_post\",\r\n};\r\n/**\r\n * allowed grant_type\r\n */\r\nconst GrantType = {\r\n IMPLICIT_GRANT: \"implicit\",\r\n AUTHORIZATION_CODE_GRANT: \"authorization_code\",\r\n CLIENT_CREDENTIALS_GRANT: \"client_credentials\",\r\n RESOURCE_OWNER_PASSWORD_GRANT: \"password\",\r\n REFRESH_TOKEN_GRANT: \"refresh_token\",\r\n DEVICE_CODE_GRANT: \"device_code\",\r\n JWT_BEARER: \"urn:ietf:params:oauth:grant-type:jwt-bearer\",\r\n};\r\n/**\r\n * Account types in Cache\r\n */\r\nconst CACHE_ACCOUNT_TYPE_MSSTS = \"MSSTS\";\r\nconst CACHE_ACCOUNT_TYPE_ADFS = \"ADFS\";\r\nconst CACHE_ACCOUNT_TYPE_MSAV1 = \"MSA\";\r\nconst CACHE_ACCOUNT_TYPE_GENERIC = \"Generic\";\r\n/**\r\n * Separators used in cache\r\n */\r\nconst CACHE_KEY_SEPARATOR = \"-\";\r\nconst CLIENT_INFO_SEPARATOR = \".\";\r\n/**\r\n * Credential Type stored in the cache\r\n */\r\nconst CredentialType = {\r\n ID_TOKEN: \"IdToken\",\r\n ACCESS_TOKEN: \"AccessToken\",\r\n ACCESS_TOKEN_WITH_AUTH_SCHEME: \"AccessToken_With_AuthScheme\",\r\n REFRESH_TOKEN: \"RefreshToken\",\r\n};\r\n/**\r\n * Combine all cache types\r\n */\r\nconst CacheType = {\r\n ADFS: 1001,\r\n MSA: 1002,\r\n MSSTS: 1003,\r\n GENERIC: 1004,\r\n ACCESS_TOKEN: 2001,\r\n REFRESH_TOKEN: 2002,\r\n ID_TOKEN: 2003,\r\n APP_METADATA: 3001,\r\n UNDEFINED: 9999,\r\n};\r\n/**\r\n * More Cache related constants\r\n */\r\nconst APP_METADATA = \"appmetadata\";\r\nconst CLIENT_INFO = \"client_info\";\r\nconst THE_FAMILY_ID = \"1\";\r\nconst AUTHORITY_METADATA_CACHE_KEY = \"authority-metadata\";\r\nconst AUTHORITY_METADATA_REFRESH_TIME_SECONDS = 3600 * 24; // 24 Hours\r\nconst AuthorityMetadataSource = {\r\n CONFIG: \"config\",\r\n CACHE: \"cache\",\r\n NETWORK: \"network\",\r\n HARDCODED_VALUES: \"hardcoded_values\",\r\n};\r\nconst SERVER_TELEM_SCHEMA_VERSION = 5;\r\nconst SERVER_TELEM_MAX_CUR_HEADER_BYTES = 80; // ESTS limit is 100B, set to 80 to provide a 20B buffer\r\nconst SERVER_TELEM_MAX_LAST_HEADER_BYTES = 330; // ESTS limit is 350B, set to 330 to provide a 20B buffer,\r\nconst SERVER_TELEM_MAX_CACHED_ERRORS = 50; // Limit the number of errors that can be stored to prevent uncontrolled size gains\r\nconst SERVER_TELEM_CACHE_KEY = \"server-telemetry\";\r\nconst SERVER_TELEM_CATEGORY_SEPARATOR = \"|\";\r\nconst SERVER_TELEM_VALUE_SEPARATOR = \",\";\r\nconst SERVER_TELEM_OVERFLOW_TRUE = \"1\";\r\nconst SERVER_TELEM_OVERFLOW_FALSE = \"0\";\r\nconst SERVER_TELEM_UNKNOWN_ERROR = \"unknown_error\";\r\n/**\r\n * Type of the authentication request\r\n */\r\nconst AuthenticationScheme = {\r\n BEARER: \"Bearer\",\r\n POP: \"pop\",\r\n SSH: \"ssh-cert\",\r\n};\r\n/**\r\n * Constants related to throttling\r\n */\r\nconst DEFAULT_THROTTLE_TIME_SECONDS = 60;\r\n// Default maximum time to throttle in seconds, overrides what the server sends back\r\nconst DEFAULT_MAX_THROTTLE_TIME_SECONDS = 3600;\r\n// Prefix for storing throttling entries\r\nconst THROTTLING_PREFIX = \"throttling\";\r\n// Value assigned to the x-ms-lib-capability header to indicate to the server the library supports throttling\r\nconst X_MS_LIB_CAPABILITY_VALUE = \"retry-after, h429\";\r\n/**\r\n * Errors\r\n */\r\nconst INVALID_GRANT_ERROR = \"invalid_grant\";\r\nconst CLIENT_MISMATCH_ERROR = \"client_mismatch\";\r\n/**\r\n * Password grant parameters\r\n */\r\nconst PasswordGrantConstants = {\r\n username: \"username\",\r\n password: \"password\",\r\n};\r\n/**\r\n * Region Discovery Sources\r\n */\r\nconst RegionDiscoverySources = {\r\n FAILED_AUTO_DETECTION: \"1\",\r\n INTERNAL_CACHE: \"2\",\r\n ENVIRONMENT_VARIABLE: \"3\",\r\n IMDS: \"4\",\r\n};\r\n/**\r\n * Region Discovery Outcomes\r\n */\r\nconst RegionDiscoveryOutcomes = {\r\n CONFIGURED_MATCHES_DETECTED: \"1\",\r\n CONFIGURED_NO_AUTO_DETECTION: \"2\",\r\n CONFIGURED_NOT_DETECTED: \"3\",\r\n AUTO_DETECTION_REQUESTED_SUCCESSFUL: \"4\",\r\n AUTO_DETECTION_REQUESTED_FAILED: \"5\",\r\n};\r\n/**\r\n * Specifies the reason for fetching the access token from the identity provider\r\n */\r\nconst CacheOutcome = {\r\n // When a token is found in the cache or the cache is not supposed to be hit when making the request\r\n NOT_APPLICABLE: \"0\",\r\n // When the token request goes to the identity provider because force_refresh was set to true. Also occurs if claims were requested\r\n FORCE_REFRESH_OR_CLAIMS: \"1\",\r\n // When the token request goes to the identity provider because no cached access token exists\r\n NO_CACHED_ACCESS_TOKEN: \"2\",\r\n // When the token request goes to the identity provider because cached access token expired\r\n CACHED_ACCESS_TOKEN_EXPIRED: \"3\",\r\n // When the token request goes to the identity provider because refresh_in was used and the existing token needs to be refreshed\r\n PROACTIVELY_REFRESHED: \"4\",\r\n};\r\nconst JsonWebTokenTypes = {\r\n Jwt: \"JWT\",\r\n Jwk: \"JWK\",\r\n Pop: \"pop\",\r\n};\r\nconst ONE_DAY_IN_MS = 86400000;\r\n// Token renewal offset default in seconds\r\nconst DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;\r\nconst EncodingTypes = {\r\n BASE64: \"base64\",\r\n HEX: \"hex\",\r\n UTF8: \"utf-8\",\r\n};\n\nexport { AADAuthority, AAD_INSTANCE_DISCOVERY_ENDPT, AAD_TENANT_DOMAIN_SUFFIX, ADFS, APP_METADATA, AUTHORITY_METADATA_CACHE_KEY, AUTHORITY_METADATA_REFRESH_TIME_SECONDS, AUTHORIZATION_PENDING, AZURE_REGION_AUTO_DISCOVER_FLAG, AuthenticationScheme, AuthorityMetadataSource, CACHE_ACCOUNT_TYPE_ADFS, CACHE_ACCOUNT_TYPE_GENERIC, CACHE_ACCOUNT_TYPE_MSAV1, CACHE_ACCOUNT_TYPE_MSSTS, CACHE_KEY_SEPARATOR, CIAM_AUTH_URL, CLIENT_INFO, CLIENT_INFO_SEPARATOR, CLIENT_MISMATCH_ERROR, CODE_GRANT_TYPE, CONSUMER_UTID, CacheOutcome, CacheType, ClaimsRequestKeys, CodeChallengeMethodValues, CredentialType, DEFAULT_AUTHORITY, DEFAULT_AUTHORITY_HOST, DEFAULT_COMMON_TENANT, DEFAULT_MAX_THROTTLE_TIME_SECONDS, DEFAULT_THROTTLE_TIME_SECONDS, DEFAULT_TOKEN_RENEWAL_OFFSET_SEC, DSTS, EMAIL_SCOPE, EncodingTypes, FORWARD_SLASH, GrantType, HTTP_BAD_REQUEST, HTTP_CLIENT_ERROR, HTTP_CLIENT_ERROR_RANGE_END, HTTP_CLIENT_ERROR_RANGE_START, HTTP_GATEWAY_TIMEOUT, HTTP_GONE, HTTP_MULTI_SIDED_ERROR, HTTP_NOT_FOUND, HTTP_REDIRECT, HTTP_REQUEST_TIMEOUT, HTTP_SERVER_ERROR, HTTP_SERVER_ERROR_RANGE_END, HTTP_SERVER_ERROR_RANGE_START, HTTP_SERVICE_UNAVAILABLE, HTTP_SUCCESS, HTTP_SUCCESS_RANGE_END, HTTP_SUCCESS_RANGE_START, HTTP_TOO_MANY_REQUESTS, HTTP_UNAUTHORIZED, HeaderNames, HttpMethod, IMDS_ENDPOINT, IMDS_TIMEOUT, IMDS_VERSION, INVALID_GRANT_ERROR, INVALID_INSTANCE, JsonWebTokenTypes, KNOWN_PUBLIC_CLOUDS, NOT_APPLICABLE, NOT_AVAILABLE, OAuthResponseType, OFFLINE_ACCESS_SCOPE, OIDC_DEFAULT_SCOPES, OIDC_SCOPES, ONE_DAY_IN_MS, OPENID_SCOPE, PROFILE_SCOPE, PasswordGrantConstants, PersistentCacheKeys, PromptValue, REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX, RESOURCE_DELIM, RegionDiscoveryOutcomes, RegionDiscoverySources, ResponseMode, S256_CODE_CHALLENGE_METHOD, SERVER_TELEM_CACHE_KEY, SERVER_TELEM_CATEGORY_SEPARATOR, SERVER_TELEM_MAX_CACHED_ERRORS, SERVER_TELEM_MAX_CUR_HEADER_BYTES, SERVER_TELEM_MAX_LAST_HEADER_BYTES, SERVER_TELEM_OVERFLOW_FALSE, SERVER_TELEM_OVERFLOW_TRUE, SERVER_TELEM_SCHEMA_VERSION, SERVER_TELEM_UNKNOWN_ERROR, SERVER_TELEM_VALUE_SEPARATOR, SHR_NONCE_VALIDITY, SKU, THE_FAMILY_ID, THROTTLING_PREFIX, URL_FORM_CONTENT_TYPE, X_MS_LIB_CAPABILITY_VALUE };\n//# sourceMappingURL=Constants.mjs.map\n","/*! @azure/msal-common v16.6.1 2026-05-11 */\n'use strict';\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\nfunction getDefaultErrorMessage(code) {\r\n return `See https://aka.ms/msal.js.errors#${code} for details`;\r\n}\r\n/**\r\n * General error class thrown by the MSAL.js library.\r\n */\r\nclass AuthError extends Error {\r\n constructor(errorCode, errorMessage, suberror) {\r\n const message = errorMessage ||\r\n (errorCode ? getDefaultErrorMessage(errorCode) : \"\");\r\n const errorString = message ? `${errorCode}: ${message}` : errorCode;\r\n super(errorString);\r\n Object.setPrototypeOf(this, AuthError.prototype);\r\n this.errorCode = errorCode || \"\";\r\n this.errorMessage = message || \"\";\r\n this.subError = suberror || \"\";\r\n this.name = \"AuthError\";\r\n }\r\n setCorrelationId(correlationId) {\r\n this.correlationId = correlationId;\r\n }\r\n}\r\nfunction createAuthError(code, additionalMessage) {\r\n return new AuthError(code, additionalMessage || getDefaultErrorMessage(code));\r\n}\n\nexport { AuthError, createAuthError, getDefaultErrorMessage };\n//# sourceMappingURL=AuthError.mjs.map\n","/*! @azure/msal-common v16.6.1 2026-05-11 */\n'use strict';\nimport { AuthError } from './AuthError.mjs';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * Error thrown when there is an error in configuration of the MSAL.js library.\r\n */\r\nclass ClientConfigurationError extends AuthError {\r\n constructor(errorCode) {\r\n super(errorCode);\r\n this.name = \"ClientConfigurationError\";\r\n Object.setPrototypeOf(this, ClientConfigurationError.prototype);\r\n }\r\n}\r\nfunction createClientConfigurationError(errorCode) {\r\n return new ClientConfigurationError(errorCode);\r\n}\n\nexport { ClientConfigurationError, createClientConfigurationError };\n//# sourceMappingURL=ClientConfigurationError.mjs.map\n","/*! @azure/msal-common v16.6.1 2026-05-11 */\n'use strict';\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * @hidden\r\n */\r\nclass StringUtils {\r\n /**\r\n * Check if stringified object is empty\r\n * @param strObj\r\n */\r\n static isEmptyObj(strObj) {\r\n if (strObj) {\r\n try {\r\n const obj = JSON.parse(strObj);\r\n return Object.keys(obj).length === 0;\r\n }\r\n catch (e) { }\r\n }\r\n return true;\r\n }\r\n static startsWith(str, search) {\r\n return str.indexOf(search) === 0;\r\n }\r\n static endsWith(str, search) {\r\n return (str.length >= search.length &&\r\n str.lastIndexOf(search) === str.length - search.length);\r\n }\r\n /**\r\n * Parses string into an object.\r\n *\r\n * @param query\r\n */\r\n static queryStringToObject(query) {\r\n const obj = {};\r\n const params = query.split(\"&\");\r\n const decode = (s) => decodeURIComponent(s.replace(/\\+/g, \" \"));\r\n params.forEach((pair) => {\r\n if (pair.trim()) {\r\n const [key, value] = pair.split(/=(.+)/g, 2); // Split on the first occurence of the '=' character\r\n if (key && value) {\r\n obj[decode(key)] = decode(value);\r\n }\r\n }\r\n });\r\n return obj;\r\n }\r\n /**\r\n * Trims entries in an array.\r\n *\r\n * @param arr\r\n */\r\n static trimArrayEntries(arr) {\r\n return arr.map((entry) => entry.trim());\r\n }\r\n /**\r\n * Removes empty strings from array\r\n * @param arr\r\n */\r\n static removeEmptyStringsFromArray(arr) {\r\n return arr.filter((entry) => {\r\n return !!entry;\r\n });\r\n }\r\n /**\r\n * Attempts to parse a string into JSON\r\n * @param str\r\n */\r\n static jsonParseHelper(str) {\r\n try {\r\n return JSON.parse(str);\r\n }\r\n catch (e) {\r\n return null;\r\n }\r\n }\r\n}\n\nexport { StringUtils };\n//# sourceMappingURL=StringUtils.mjs.map\n","/*! @azure/msal-common v16.6.1 2026-05-11 */\n'use strict';\nimport { AuthError } from './AuthError.mjs';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * ClientAuthErrorMessage class containing string constants used by error codes and messages.\r\n */\r\n/**\r\n * Error thrown when there is an error in the client code running on the browser.\r\n */\r\nclass ClientAuthError extends AuthError {\r\n constructor(errorCode, additionalMessage) {\r\n super(errorCode, additionalMessage);\r\n this.name = \"ClientAuthError\";\r\n Object.setPrototypeOf(this, ClientAuthError.prototype);\r\n }\r\n}\r\nfunction createClientAuthError(errorCode, additionalMessage) {\r\n return new ClientAuthError(errorCode, additionalMessage);\r\n}\n\nexport { ClientAuthError, createClientAuthError };\n//# sourceMappingURL=ClientAuthError.mjs.map\n","/*! @azure/msal-common v16.6.1 2026-05-11 */\n'use strict';\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\nconst redirectUriEmpty = \"redirect_uri_empty\";\r\nconst claimsRequestParsingError = \"claims_request_parsing_error\";\r\nconst authorityUriInsecure = \"authority_uri_insecure\";\r\nconst urlParseError = \"url_parse_error\";\r\nconst urlEmptyError = \"empty_url_error\";\r\nconst emptyInputScopesError = \"empty_input_scopes_error\";\r\nconst invalidClaims = \"invalid_claims\";\r\nconst tokenRequestEmpty = \"token_request_empty\";\r\nconst logoutRequestEmpty = \"logout_request_empty\";\r\nconst invalidCodeChallengeMethod = \"invalid_code_challenge_method\";\r\nconst pkceParamsMissing = \"pkce_params_missing\";\r\nconst invalidCloudDiscoveryMetadata = \"invalid_cloud_discovery_metadata\";\r\nconst invalidAuthorityMetadata = \"invalid_authority_metadata\";\r\nconst untrustedAuthority = \"untrusted_authority\";\r\nconst missingSshJwk = \"missing_ssh_jwk\";\r\nconst missingSshKid = \"missing_ssh_kid\";\r\nconst missingNonceAuthenticationHeader = \"missing_nonce_authentication_header\";\r\nconst invalidAuthenticationHeader = \"invalid_authentication_header\";\r\nconst cannotSetOIDCOptions = \"cannot_set_OIDCOptions\";\r\nconst cannotAllowPlatformBroker = \"cannot_allow_platform_broker\";\r\nconst authorityMismatch = \"authority_mismatch\";\r\nconst invalidRequestMethodForEAR = \"invalid_request_method_for_EAR\";\r\nconst issuerValidationFailed = \"issuer_validation_failed\";\n\nexport { authorityMismatch, authorityUriInsecure, cannotAllowPlatformBroker, cannotSetOIDCOptions, claimsRequestParsingError, emptyInputScopesError, invalidAuthenticationHeader, invalidAuthorityMetadata, invalidClaims, invalidCloudDiscoveryMetadata, invalidCodeChallengeMethod, invalidRequestMethodForEAR, issuerValidationFailed, logoutRequestEmpty, missingNonceAuthenticationHeader, missingSshJwk, missingSshKid, pkceParamsMissing, redirectUriEmpty, tokenRequestEmpty, untrustedAuthority, urlEmptyError, urlParseError };\n//# sourceMappingURL=ClientConfigurationErrorCodes.mjs.map\n","/*! @azure/msal-common v16.6.1 2026-05-11 */\n'use strict';\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\nconst clientInfoDecodingError = \"client_info_decoding_error\";\r\nconst clientInfoEmptyError = \"client_info_empty_error\";\r\nconst tokenParsingError = \"token_parsing_error\";\r\nconst nullOrEmptyToken = \"null_or_empty_token\";\r\nconst endpointResolutionError = \"endpoints_resolution_error\";\r\nconst networkError = \"network_error\";\r\nconst openIdConfigError = \"openid_config_error\";\r\nconst hashNotDeserialized = \"hash_not_deserialized\";\r\nconst invalidState = \"invalid_state\";\r\nconst stateMismatch = \"state_mismatch\";\r\nconst stateNotFound = \"state_not_found\";\r\nconst nonceMismatch = \"nonce_mismatch\";\r\nconst authTimeNotFound = \"auth_time_not_found\";\r\nconst maxAgeTranspired = \"max_age_transpired\";\r\nconst multipleMatchingTokens = \"multiple_matching_tokens\";\r\nconst multipleMatchingAppMetadata = \"multiple_matching_appMetadata\";\r\nconst requestCannotBeMade = \"request_cannot_be_made\";\r\nconst cannotRemoveEmptyScope = \"cannot_remove_empty_scope\";\r\nconst cannotAppendScopeSet = \"cannot_append_scopeset\";\r\nconst emptyInputScopeSet = \"empty_input_scopeset\";\r\nconst noAccountInSilentRequest = \"no_account_in_silent_request\";\r\nconst invalidCacheRecord = \"invalid_cache_record\";\r\nconst invalidCacheEnvironment = \"invalid_cache_environment\";\r\nconst noAccountFound = \"no_account_found\";\r\nconst noCryptoObject = \"no_crypto_object\";\r\nconst unexpectedCredentialType = \"unexpected_credential_type\";\r\nconst tokenRefreshRequired = \"token_refresh_required\";\r\nconst tokenClaimsCnfRequiredForSignedJwt = \"token_claims_cnf_required_for_signedjwt\";\r\nconst authorizationCodeMissingFromServerResponse = \"authorization_code_missing_from_server_response\";\r\nconst bindingKeyNotRemoved = \"binding_key_not_removed\";\r\nconst endSessionEndpointNotSupported = \"end_session_endpoint_not_supported\";\r\nconst keyIdMissing = \"key_id_missing\";\r\nconst noNetworkConnectivity = \"no_network_connectivity\";\r\nconst userCanceled = \"user_canceled\";\r\nconst methodNotImplemented = \"method_not_implemented\";\r\nconst nestedAppAuthBridgeDisabled = \"nested_app_auth_bridge_disabled\";\r\nconst platformBrokerError = \"platform_broker_error\";\r\nconst resourceParameterRequired = \"resource_parameter_required\";\r\nconst misplacedResourceParam = \"misplaced_resource_parameter\";\n\nexport { authTimeNotFound, authorizationCodeMissingFromServerResponse, bindingKeyNotRemoved, cannotAppendScopeSet, cannotRemoveEmptyScope, clientInfoDecodingError, clientInfoEmptyError, emptyInputScopeSet, endSessionEndpointNotSupported, endpointResolutionError, hashNotDeserialized, invalidCacheEnvironment, invalidCacheRecord, invalidState, keyIdMissing, maxAgeTranspired, methodNotImplemented, misplacedResourceParam, multipleMatchingAppMetadata, multipleMatchingTokens, nestedAppAuthBridgeDisabled, networkError, noAccountFound, noAccountInSilentRequest, noCryptoObject, noNetworkConnectivity, nonceMismatch, nullOrEmptyToken, openIdConfigError, platformBrokerError, requestCannotBeMade, resourceParameterRequired, stateMismatch, stateNotFound, tokenClaimsCnfRequiredForSignedJwt, tokenParsingError, tokenRefreshRequired, unexpectedCredentialType, userCanceled };\n//# sourceMappingURL=ClientAuthErrorCodes.mjs.map\n","/*! @azure/msal-common v16.6.1 2026-05-11 */\n'use strict';\nimport { createClientConfigurationError } from '../error/ClientConfigurationError.mjs';\nimport { StringUtils } from '../utils/StringUtils.mjs';\nimport { AADAuthority, FORWARD_SLASH } from '../utils/Constants.mjs';\nimport { urlEmptyError, urlParseError, authorityUriInsecure } from '../error/ClientConfigurationErrorCodes.mjs';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * Url object class which can perform various transformations on url strings.\r\n */\r\nclass UrlString {\r\n get urlString() {\r\n return this._urlString;\r\n }\r\n constructor(url) {\r\n this._urlString = url;\r\n if (!this._urlString) {\r\n // Throws error if url is empty\r\n throw createClientConfigurationError(urlEmptyError);\r\n }\r\n if (!url.includes(\"#\")) {\r\n this._urlString = UrlString.canonicalizeUri(url);\r\n }\r\n }\r\n /**\r\n * Ensure urls are lower case and end with a / character.\r\n * @param url\r\n */\r\n static canonicalizeUri(url) {\r\n if (url) {\r\n let lowerCaseUrl = url.toLowerCase();\r\n if (StringUtils.endsWith(lowerCaseUrl, \"?\")) {\r\n lowerCaseUrl = lowerCaseUrl.slice(0, -1);\r\n }\r\n else if (StringUtils.endsWith(lowerCaseUrl, \"?/\")) {\r\n lowerCaseUrl = lowerCaseUrl.slice(0, -2);\r\n }\r\n if (!StringUtils.endsWith(lowerCaseUrl, \"/\")) {\r\n lowerCaseUrl += \"/\";\r\n }\r\n return lowerCaseUrl;\r\n }\r\n return url;\r\n }\r\n /**\r\n * Throws if urlString passed is not a valid authority URI string.\r\n */\r\n validateAsUri() {\r\n // Attempts to parse url for uri components\r\n let components;\r\n try {\r\n components = this.getUrlComponents();\r\n }\r\n catch (e) {\r\n throw createClientConfigurationError(urlParseError);\r\n }\r\n // Throw error if URI or path segments are not parseable.\r\n if (!components.HostNameAndPort || !components.PathSegments) {\r\n throw createClientConfigurationError(urlParseError);\r\n }\r\n // Throw error if uri is insecure.\r\n if (!components.Protocol ||\r\n components.Protocol.toLowerCase() !== \"https:\") {\r\n throw createClientConfigurationError(authorityUriInsecure);\r\n }\r\n }\r\n /**\r\n * Given a url and a query string return the url with provided query string appended\r\n * @param url\r\n * @param queryString\r\n */\r\n static appendQueryString(url, queryString) {\r\n if (!queryString) {\r\n return url;\r\n }\r\n return url.indexOf(\"?\") < 0\r\n ? `${url}?${queryString}`\r\n : `${url}&${queryString}`;\r\n }\r\n /**\r\n * Returns a url with the hash removed\r\n * @param url\r\n */\r\n static removeHashFromUrl(url) {\r\n return UrlString.canonicalizeUri(url.split(\"#\")[0]);\r\n }\r\n /**\r\n * Given a url like https://a:b/common/d?e=f#g, and a tenantId, returns https://a:b/tenantId/d\r\n * @param href The url\r\n * @param tenantId The tenant id to replace\r\n */\r\n replaceTenantPath(tenantId) {\r\n const urlObject = this.getUrlComponents();\r\n const pathArray = urlObject.PathSegments;\r\n if (tenantId &&\r\n pathArray.length !== 0 &&\r\n (pathArray[0] === AADAuthority.COMMON ||\r\n pathArray[0] === AADAuthority.ORGANIZATIONS)) {\r\n pathArray[0] = tenantId;\r\n }\r\n return UrlString.constructAuthorityUriFromObject(urlObject);\r\n }\r\n /**\r\n * Parses out the components from a url string.\r\n * @returns An object with the various components. Please cache this value insted of calling this multiple times on the same url.\r\n */\r\n getUrlComponents() {\r\n // https://gist.github.com/curtisz/11139b2cfcaef4a261e0\r\n const regEx = RegExp(\"^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\\\?([^#]*))?(#(.*))?\");\r\n // If url string does not match regEx, we throw an error\r\n const match = this.urlString.match(regEx);\r\n if (!match) {\r\n throw createClientConfigurationError(urlParseError);\r\n }\r\n // Url component object\r\n const urlComponents = {\r\n Protocol: match[1],\r\n HostNameAndPort: match[4],\r\n AbsolutePath: match[5],\r\n QueryString: match[7],\r\n };\r\n let pathSegments = urlComponents.AbsolutePath.split(\"/\");\r\n pathSegments = pathSegments.filter((val) => val && val.length > 0); // remove empty elements\r\n urlComponents.PathSegments = pathSegments;\r\n if (urlComponents.QueryString &&\r\n urlComponents.QueryString.endsWith(\"/\")) {\r\n urlComponents.QueryString = urlComponents.QueryString.substring(0, urlComponents.QueryString.length - 1);\r\n }\r\n return urlComponents;\r\n }\r\n static getDomainFromUrl(url) {\r\n const regEx = RegExp(\"^([^:/?#]+://)?([^/?#]*)\");\r\n const match = url.match(regEx);\r\n if (!match) {\r\n throw createClientConfigurationError(urlParseError);\r\n }\r\n return match[2];\r\n }\r\n static getAbsoluteUrl(relativeUrl, baseUrl) {\r\n if (relativeUrl[0] === FORWARD_SLASH) {\r\n const url = new UrlString(baseUrl);\r\n const baseComponents = url.getUrlComponents();\r\n return (baseComponents.Protocol +\r\n \"//\" +\r\n baseComponents.HostNameAndPort +\r\n relativeUrl);\r\n }\r\n return relativeUrl;\r\n }\r\n static constructAuthorityUriFromObject(urlObject) {\r\n return new UrlString(urlObject.Protocol +\r\n \"//\" +\r\n urlObject.HostNameAndPort +\r\n \"/\" +\r\n urlObject.PathSegments.join(\"/\"));\r\n }\r\n}\n\nexport { UrlString };\n//# sourceMappingURL=UrlString.mjs.map\n","/*! @azure/msal-common v16.6.1 2026-05-11 */\n'use strict';\nimport { RESOURCE_DELIM } from './Constants.mjs';\nimport { createClientAuthError } from '../error/ClientAuthError.mjs';\nimport { noCryptoObject, invalidState } from '../error/ClientAuthErrorCodes.mjs';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * Appends user state with random guid, or returns random guid.\r\n * @param cryptoObj\r\n * @param userState\r\n * @param meta\r\n */\r\nfunction setRequestState(cryptoObj, userState, meta) {\r\n const libraryState = generateLibraryState(cryptoObj, meta);\r\n return userState\r\n ? `${libraryState}${RESOURCE_DELIM}${userState}`\r\n : libraryState;\r\n}\r\n/**\r\n * Generates the state value used by the common library.\r\n * @param cryptoObj\r\n * @param meta\r\n */\r\nfunction generateLibraryState(cryptoObj, meta) {\r\n if (!cryptoObj) {\r\n throw createClientAuthError(noCryptoObject);\r\n }\r\n // Create a state object containing a unique id and the timestamp of the request creation\r\n const stateObj = {\r\n id: cryptoObj.createNewGuid(),\r\n };\r\n if (meta) {\r\n stateObj.meta = meta;\r\n }\r\n const stateString = JSON.stringify(stateObj);\r\n return cryptoObj.base64Encode(stateString);\r\n}\r\n/**\r\n * Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.\r\n * @param base64Decode\r\n * @param state\r\n */\r\nfunction parseRequestState(base64Decode, state) {\r\n if (!base64Decode) {\r\n throw createClientAuthError(noCryptoObject);\r\n }\r\n if (!state) {\r\n throw createClientAuthError(invalidState);\r\n }\r\n try {\r\n // Split the state between library state and user passed state and decode them separately\r\n const splitState = state.split(RESOURCE_DELIM);\r\n const libraryState = splitState[0];\r\n const userState = splitState.length > 1\r\n ? splitState.slice(1).join(RESOURCE_DELIM)\r\n : \"\";\r\n const libraryStateString = base64Decode(libraryState);\r\n const libraryStateObj = JSON.parse(libraryStateString);\r\n return {\r\n userRequestState: userState || \"\",\r\n libraryState: libraryStateObj,\r\n };\r\n }\r\n catch (e) {\r\n throw createClientAuthError(invalidState);\r\n }\r\n}\n\nexport { generateLibraryState, parseRequestState, setRequestState };\n//# sourceMappingURL=ProtocolUtils.mjs.map\n",null,null,null,null,null,null,null,null,null],"names":["getDefaultErrorMessage","BrowserAuthErrorCodes.invalidBase64String","BrowserAuthErrorCodes.emptyResponse","BrowserAuthErrorCodes.noStateInHash","ProtocolUtils.parseRequestState","BrowserAuthErrorCodes.unableToParseState","BrowserAuthErrorCodes.timedOut","BrowserUtils.getHomepage"],"mappings":";;;;;;;;IAAA;IAmBA;IACA,MAAM,cAAc,GAAG,GAAG,CAAC;IAc3B,MAAM,aAAa,GAAG,GAAG,CAAC;IA8D1B;IACA;IACA;IACA,MAAM,YAAY,GAAG;IACrB,IAAI,MAAM,EAAE,QAAQ;IACpB,IAAI,aAAa,EAAE,eAEnB,CAAC;;ICvGD;IAEA;IACA;IACA;IACA;IACA,SAASA,wBAAsB,CAAC,IAAI,EAAE;IACtC,IAAI,OAAO,CAAC,kCAAkC,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;IACnE,CAAC;IACD;IACA;IACA;IACA,MAAM,SAAS,SAAS,KAAK,CAAC;IAC9B,IAAI,WAAW,CAAC,SAAS,EAAE,YAAY,EAAE,QAAQ,EAAE;IACnD,QAAQ,MAAM,OAAO,GAAG,YAAY;IACpC,aAAa,SAAS,GAAGA,wBAAsB,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,CAAC;IACjE,QAAQ,MAAM,WAAW,GAAG,OAAO,GAAG,CAAC,EAAE,SAAS,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC;IAC7E,QAAQ,KAAK,CAAC,WAAW,CAAC,CAAC;IAC3B,QAAQ,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;IACzD,QAAQ,IAAI,CAAC,SAAS,GAAG,SAAS,IAAI,EAAE,CAAC;IACzC,QAAQ,IAAI,CAAC,YAAY,GAAG,OAAO,IAAI,EAAE,CAAC;IAC1C,QAAQ,IAAI,CAAC,QAAQ,GAAG,QAAQ,IAAI,EAAE,CAAC;IACvC,QAAQ,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;IAChC,KAAK;IACL,IAAI,gBAAgB,CAAC,aAAa,EAAE;IACpC,QAAQ,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;IAC3C,KAAK;IACL;;IC3BA;;IAIA;IACA;IACA;IACA;IACA;IACA;IACA;IACA,MAAM,wBAAwB,SAAS,SAAS,CAAC;IACjD,IAAI,WAAW,CAAC,SAAS,EAAE;IAC3B,QAAQ,KAAK,CAAC,SAAS,CAAC,CAAC;IACzB,QAAQ,IAAI,CAAC,IAAI,GAAG,0BAA0B,CAAC;IAC/C,QAAQ,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,wBAAwB,CAAC,SAAS,CAAC,CAAC;IACxE,KAAK;IACL,CAAC;IACD,SAAS,8BAA8B,CAAC,SAAS,EAAE;IACnD,IAAI,OAAO,IAAI,wBAAwB,CAAC,SAAS,CAAC,CAAC;IACnD;;ICpBA;IAEA;IACA;IACA;IACA;IACA;IACA;IACA;IACA,MAAM,WAAW,CAAC;IAClB;IACA;IACA;IACA;IACA,IAAI,OAAO,UAAU,CAAC,MAAM,EAAE;IAC9B,QAAQ,IAAI,MAAM,EAAE;IACpB,YAAY,IAAI;IAChB,gBAAgB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC/C,gBAAgB,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;IACrD,aAAa;IACb,YAAY,OAAO,CAAC,EAAE,GAAG;IACzB,SAAS;IACT,QAAQ,OAAO,IAAI,CAAC;IACpB,KAAK;IACL,IAAI,OAAO,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE;IACnC,QAAQ,OAAO,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACzC,KAAK;IACL,IAAI,OAAO,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE;IACjC,QAAQ,QAAQ,GAAG,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM;IAC3C,YAAY,GAAG,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE;IACpE,KAAK;IACL;IACA;IACA;IACA;IACA;IACA,IAAI,OAAO,mBAAmB,CAAC,KAAK,EAAE;IACtC,QAAQ,MAAM,GAAG,GAAG,EAAE,CAAC;IACvB,QAAQ,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACxC,QAAQ,MAAM,MAAM,GAAG,CAAC,CAAC,KAAK,kBAAkB,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;IACxE,QAAQ,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,KAAK;IACjC,YAAY,IAAI,IAAI,CAAC,IAAI,EAAE,EAAE;IAC7B,gBAAgB,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC7D,gBAAgB,IAAI,GAAG,IAAI,KAAK,EAAE;IAClC,oBAAoB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IACrD,iBAAiB;IACjB,aAAa;IACb,SAAS,CAAC,CAAC;IACX,QAAQ,OAAO,GAAG,CAAC;IACnB,KAAK;IACL;IACA;IACA;IACA;IACA;IACA,IAAI,OAAO,gBAAgB,CAAC,GAAG,EAAE;IACjC,QAAQ,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAChD,KAAK;IACL;IACA;IACA;IACA;IACA,IAAI,OAAO,2BAA2B,CAAC,GAAG,EAAE;IAC5C,QAAQ,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,KAAK,KAAK;IACrC,YAAY,OAAO,CAAC,CAAC,KAAK,CAAC;IAC3B,SAAS,CAAC,CAAC;IACX,KAAK;IACL;IACA;IACA;IACA;IACA,IAAI,OAAO,eAAe,CAAC,GAAG,EAAE;IAChC,QAAQ,IAAI;IACZ,YAAY,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACnC,SAAS;IACT,QAAQ,OAAO,CAAC,EAAE;IAClB,YAAY,OAAO,IAAI,CAAC;IACxB,SAAS;IACT,KAAK;IACL;;IC/EA;;IAIA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA,MAAM,eAAe,SAAS,SAAS,CAAC;IACxC,IAAI,WAAW,CAAC,SAAS,EAAE,iBAAiB,EAAE;IAC9C,QAAQ,KAAK,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;IAC5C,QAAQ,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IACtC,QAAQ,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,eAAe,CAAC,SAAS,CAAC,CAAC;IAC/D,KAAK;IACL,CAAC;IACD,SAAS,qBAAqB,CAAC,SAAS,EAAE,iBAAiB,EAAE;IAC7D,IAAI,OAAO,IAAI,eAAe,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;IAC7D;;ICvBA;IAQA,MAAM,oBAAoB,GAAG,wBAAwB,CAAC;IACtD,MAAM,aAAa,GAAG,iBAAiB,CAAC;IACxC,MAAM,aAAa,GAAG,iBAAiB;;ICVvC;IAcA,MAAM,YAAY,GAAG,eAAe,CAAC;IAgBrC,MAAM,cAAc,GAAG,kBAAkB;;IC9BzC;;IAOA;IACA;IACA;IACA;IACA;IACA;IACA;IACA,MAAM,SAAS,CAAC;IAChB,IAAI,IAAI,SAAS,GAAG;IACpB,QAAQ,OAAO,IAAI,CAAC,UAAU,CAAC;IAC/B,KAAK;IACL,IAAI,WAAW,CAAC,GAAG,EAAE;IACrB,QAAQ,IAAI,CAAC,UAAU,GAAG,GAAG,CAAC;IAC9B,QAAQ,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE;IAC9B;IACA,YAAY,MAAM,8BAA8B,CAAC,aAAa,CAAC,CAAC;IAChE,SAAS;IACT,QAAQ,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;IAChC,YAAY,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IAC7D,SAAS;IACT,KAAK;IACL;IACA;IACA;IACA;IACA,IAAI,OAAO,eAAe,CAAC,GAAG,EAAE;IAChC,QAAQ,IAAI,GAAG,EAAE;IACjB,YAAY,IAAI,YAAY,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IACjD,YAAY,IAAI,WAAW,CAAC,QAAQ,CAAC,YAAY,EAAE,GAAG,CAAC,EAAE;IACzD,gBAAgB,YAAY,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACzD,aAAa;IACb,iBAAiB,IAAI,WAAW,CAAC,QAAQ,CAAC,YAAY,EAAE,IAAI,CAAC,EAAE;IAC/D,gBAAgB,YAAY,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACzD,aAAa;IACb,YAAY,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,YAAY,EAAE,GAAG,CAAC,EAAE;IAC1D,gBAAgB,YAAY,IAAI,GAAG,CAAC;IACpC,aAAa;IACb,YAAY,OAAO,YAAY,CAAC;IAChC,SAAS;IACT,QAAQ,OAAO,GAAG,CAAC;IACnB,KAAK;IACL;IACA;IACA;IACA,IAAI,aAAa,GAAG;IACpB;IACA,QAAQ,IAAI,UAAU,CAAC;IACvB,QAAQ,IAAI;IACZ,YAAY,UAAU,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;IACjD,SAAS;IACT,QAAQ,OAAO,CAAC,EAAE;IAClB,YAAY,MAAM,8BAA8B,CAAC,aAAa,CAAC,CAAC;IAChE,SAAS;IACT;IACA,QAAQ,IAAI,CAAC,UAAU,CAAC,eAAe,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE;IACrE,YAAY,MAAM,8BAA8B,CAAC,aAAa,CAAC,CAAC;IAChE,SAAS;IACT;IACA,QAAQ,IAAI,CAAC,UAAU,CAAC,QAAQ;IAChC,YAAY,UAAU,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,QAAQ,EAAE;IAC5D,YAAY,MAAM,8BAA8B,CAAC,oBAAoB,CAAC,CAAC;IACvE,SAAS;IACT,KAAK;IACL;IACA;IACA;IACA;IACA;IACA,IAAI,OAAO,iBAAiB,CAAC,GAAG,EAAE,WAAW,EAAE;IAC/C,QAAQ,IAAI,CAAC,WAAW,EAAE;IAC1B,YAAY,OAAO,GAAG,CAAC;IACvB,SAAS;IACT,QAAQ,OAAO,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;IACnC,cAAc,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;IACrC,cAAc,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,CAAC;IACtC,KAAK;IACL;IACA;IACA;IACA;IACA,IAAI,OAAO,iBAAiB,CAAC,GAAG,EAAE;IAClC,QAAQ,OAAO,SAAS,CAAC,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5D,KAAK;IACL;IACA;IACA;IACA;IACA;IACA,IAAI,iBAAiB,CAAC,QAAQ,EAAE;IAChC,QAAQ,MAAM,SAAS,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;IAClD,QAAQ,MAAM,SAAS,GAAG,SAAS,CAAC,YAAY,CAAC;IACjD,QAAQ,IAAI,QAAQ;IACpB,YAAY,SAAS,CAAC,MAAM,KAAK,CAAC;IAClC,aAAa,SAAS,CAAC,CAAC,CAAC,KAAK,YAAY,CAAC,MAAM;IACjD,gBAAgB,SAAS,CAAC,CAAC,CAAC,KAAK,YAAY,CAAC,aAAa,CAAC,EAAE;IAC9D,YAAY,SAAS,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC;IACpC,SAAS;IACT,QAAQ,OAAO,SAAS,CAAC,+BAA+B,CAAC,SAAS,CAAC,CAAC;IACpE,KAAK;IACL;IACA;IACA;IACA;IACA,IAAI,gBAAgB,GAAG;IACvB;IACA,QAAQ,MAAM,KAAK,GAAG,MAAM,CAAC,4DAA4D,CAAC,CAAC;IAC3F;IACA,QAAQ,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAClD,QAAQ,IAAI,CAAC,KAAK,EAAE;IACpB,YAAY,MAAM,8BAA8B,CAAC,aAAa,CAAC,CAAC;IAChE,SAAS;IACT;IACA,QAAQ,MAAM,aAAa,GAAG;IAC9B,YAAY,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;IAC9B,YAAY,eAAe,EAAE,KAAK,CAAC,CAAC,CAAC;IACrC,YAAY,YAAY,EAAE,KAAK,CAAC,CAAC,CAAC;IAClC,YAAY,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;IACjC,SAAS,CAAC;IACV,QAAQ,IAAI,YAAY,GAAG,aAAa,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACjE,QAAQ,YAAY,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,GAAG,KAAK,GAAG,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC3E,QAAQ,aAAa,CAAC,YAAY,GAAG,YAAY,CAAC;IAClD,QAAQ,IAAI,aAAa,CAAC,WAAW;IACrC,YAAY,aAAa,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;IACrD,YAAY,aAAa,CAAC,WAAW,GAAG,aAAa,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,aAAa,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACrH,SAAS;IACT,QAAQ,OAAO,aAAa,CAAC;IAC7B,KAAK;IACL,IAAI,OAAO,gBAAgB,CAAC,GAAG,EAAE;IACjC,QAAQ,MAAM,KAAK,GAAG,MAAM,CAAC,0BAA0B,CAAC,CAAC;IACzD,QAAQ,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACvC,QAAQ,IAAI,CAAC,KAAK,EAAE;IACpB,YAAY,MAAM,8BAA8B,CAAC,aAAa,CAAC,CAAC;IAChE,SAAS;IACT,QAAQ,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;IACxB,KAAK;IACL,IAAI,OAAO,cAAc,CAAC,WAAW,EAAE,OAAO,EAAE;IAChD,QAAQ,IAAI,WAAW,CAAC,CAAC,CAAC,KAAK,aAAa,EAAE;IAC9C,YAAY,MAAM,GAAG,GAAG,IAAI,SAAS,CAAC,OAAO,CAAC,CAAC;IAC/C,YAAY,MAAM,cAAc,GAAG,GAAG,CAAC,gBAAgB,EAAE,CAAC;IAC1D,YAAY,QAAQ,cAAc,CAAC,QAAQ;IAC3C,gBAAgB,IAAI;IACpB,gBAAgB,cAAc,CAAC,eAAe;IAC9C,gBAAgB,WAAW,EAAE;IAC7B,SAAS;IACT,QAAQ,OAAO,WAAW,CAAC;IAC3B,KAAK;IACL,IAAI,OAAO,+BAA+B,CAAC,SAAS,EAAE;IACtD,QAAQ,OAAO,IAAI,SAAS,CAAC,SAAS,CAAC,QAAQ;IAC/C,YAAY,IAAI;IAChB,YAAY,SAAS,CAAC,eAAe;IACrC,YAAY,GAAG;IACf,YAAY,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9C,KAAK;IACL;;IChKA;IAyCA;IACA;IACA;IACA;IACA;IACA,SAAS,iBAAiB,CAAC,YAAY,EAAE,KAAK,EAAE;IAChD,IAAI,IAAI,CAAC,YAAY,EAAE;IACvB,QAAQ,MAAM,qBAAqB,CAAC,cAAc,CAAC,CAAC;IACpD,KAAK;IACL,IAAI,IAAI,CAAC,KAAK,EAAE;IAChB,QAAQ,MAAM,qBAAqB,CAAC,YAAY,CAAC,CAAC;IAClD,KAAK;IACL,IAAI,IAAI;IACR;IACA,QAAQ,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IACvD,QAAQ,MAAM,YAAY,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;IAC3C,QAAQ,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC;IAC/C,cAAc,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC;IACtD,cAAc,EAAE,CAAC;IACjB,QAAQ,MAAM,kBAAkB,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;IAC9D,QAAQ,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAC/D,QAAQ,OAAO;IACf,YAAY,gBAAgB,EAAE,SAAS,IAAI,EAAE;IAC7C,YAAY,YAAY,EAAE,eAAe;IACzC,SAAS,CAAC;IACV,KAAK;IACL,IAAI,OAAO,CAAC,EAAE;IACd,QAAQ,MAAM,qBAAqB,CAAC,YAAY,CAAC,CAAC;IAClD,KAAK;IACL;;ICtEA;;;IAGG;IAQI,MAAM,aAAa,GAAG,kBAAkB,CAAC;IAGzC,MAAM,kBAAkB,GAAG,uBAAuB,CAAC;IA4CnD,MAAM,mBAAmB,GAAG,uBAAuB,CAAC;IAKpD,MAAM,QAAQ,GAAG,WAAW,CAAC;IAC7B,MAAM,aAAa,GAAG,gBAAgB;;IChE7C;;;IAGG;IAMG,SAAU,sBAAsB,CAAC,IAAY,EAAA;QAC/C,OAAO,CAAA,kCAAA,EAAqC,IAAI,CAAA,YAAA,CAAc,CAAC;IACnE,CAAC;IAED;;IAEG;IACG,MAAO,gBAAiB,SAAQ,SAAS,CAAA;QAC3C,WAAY,CAAA,SAAiB,EAAE,QAAiB,EAAA;YAC5C,KAAK,CAAC,SAAS,EAAE,sBAAsB,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC,CAAC;YAE9D,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,gBAAgB,CAAC,SAAS,CAAC,CAAC;IACxD,QAAA,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;SAClC;IACJ,CAAA;IAEe,SAAA,sBAAsB,CAClC,SAAiB,EACjB,QAAiB,EAAA;IAEjB,IAAA,OAAO,IAAI,gBAAgB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IACrD;;IC9BA;;;IAGG;IA0EI,MAAM,gBAAgB,GAAG;IAC5B,IACA,OAAO,EAAE,SAAS;KACZ,CAAC;IAIX;;IAEG;IACI,MAAM,kBAAkB,GAAG;IAC9B,IAAA,UAAU,EAAE,gBAAgB;IAC5B,IAAA,QAAQ,EAAE,SAAS;IACnB,IAAA,cAAc,EAAE,gBAAgB;IAChC,IAAA,QAAQ,EAAE,eAAe;IACzB,IAAA,sBAAsB,EAAE,oBAAoB;IAC5C,IAAA,cAAc,EAAE,gBAAgB;KAC1B,CAAC;IAcX;;;;;;IAMG;IACI,MAAM,KAAK,GAAG;IACjB,IAIA,qBAAqB,EAAE,GAAG;IAC1B,IAEA,MAAM,EAAE,IAIF,CAAC;IA2BX;;IAEG;IACH,IAAY,eAKX,CAAA;IALD,CAAA,UAAY,eAAe,EAAA;IACvB,IAAA,eAAA,CAAA,UAAA,CAAA,GAAA,UAAqB,CAAA;IACrB,IAAA,eAAA,CAAA,OAAA,CAAA,GAAA,OAAe,CAAA;IACf,IAAA,eAAA,CAAA,QAAA,CAAA,GAAA,QAAiB,CAAA;IACjB,IAAA,eAAA,CAAA,MAAA,CAAA,GAAA,MAAa,CAAA;IACjB,CAAC,EALW,eAAe,KAAf,eAAe,GAK1B,EAAA,CAAA,CAAA;;IClKD;;;IAGG;IAOH;;;IAGG;IAEH;;;IAGG;IACG,SAAU,YAAY,CAAC,KAAa,EAAA;QACtC,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED;;;IAGG;IACG,SAAU,cAAc,CAAC,YAAoB,EAAA;IAC/C,IAAA,IAAI,aAAa,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACvE,IAAA,QAAQ,aAAa,CAAC,MAAM,GAAG,CAAC;IAC5B,QAAA,KAAK,CAAC;gBACF,MAAM;IACV,QAAA,KAAK,CAAC;gBACF,aAAa,IAAI,IAAI,CAAC;gBACtB,MAAM;IACV,QAAA,KAAK,CAAC;gBACF,aAAa,IAAI,GAAG,CAAC;gBACrB,MAAM;IACV,QAAA;IACI,YAAA,MAAM,sBAAsB,CACxBC,mBAAyC,CAC5C,CAAC;IACT,KAAA;IACD,IAAA,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC;QACtC,OAAO,UAAU,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACpE;;IC7CA;;;IAGG;IAkCH;;;;;;;;;;;;;;IAcG;aACa,wBAAwB,GAAA;;IAapC,IAAA,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;IACrC,IAAA,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;;QAGxC,IAAI,iBAAiB,GAAG,KAAK,CAAC;QAC9B,IAAI,kBAAkB,GAAG,KAAK,CAAC;QAC/B,IAAI,OAAO,GAAG,EAAE,CAAC;QACjB,IAAI,MAAM,GAAgC,SAAS,CAAC;IAEpD,IAAA,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE;YAC/B,MAAM,WAAW,GACb,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC;IAC/D,QAAA,MAAM,UAAU,GAAG,IAAI,eAAe,CAAC,WAAW,CAAC,CAAC;IACpD,QAAA,IAAI,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE;gBACzB,iBAAiB,GAAG,IAAI,CAAC;gBACzB,OAAO,GAAG,WAAW,CAAC;gBACtB,MAAM,GAAG,UAAU,CAAC;IACvB,SAAA;IACJ,KAAA;IAED,IAAA,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;YACjC,MAAM,YAAY,GACd,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC;IAClE,QAAA,MAAM,WAAW,GAAG,IAAI,eAAe,CAAC,YAAY,CAAC,CAAC;IACtD,QAAA,IAAI,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE;gBAC1B,kBAAkB,GAAG,IAAI,CAAC;gBAC1B,OAAO,GAAG,YAAY,CAAC;gBACvB,MAAM,GAAG,WAAW,CAAC;IACxB,SAAA;IACJ,KAAA;;QAGD,IAAI,iBAAiB,IAAI,kBAAkB,EAAE;YACzC,MAAM,YAAY,GACd,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC;YAClE,MAAM,WAAW,GACb,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC;IAC/D,QAAA,OAAO,GAAG,CAAG,EAAA,YAAY,CAAG,EAAA,WAAW,EAAE,CAAC;IAC1C,QAAA,MAAM,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,CAAC;IACzC,KAAA;IAED,IAAA,IAAI,CAAC,OAAO,IAAI,CAAC,MAAM,EAAE;IACrB,QAAA,MAAM,sBAAsB,CAACC,aAAmC,CAAC,CAAC;IACrE,KAAA;QAED,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAClC,IAAI,CAAC,KAAK,EAAE;IACR,QAAA,MAAM,sBAAsB,CAACC,aAAmC,CAAC,CAAC;IACrE,KAAA;IAED,IAAA,MAAM,EAAE,YAAY,EAAE,GAAGC,iBAA+B,CACpD,YAAY,EACZ,KAAK,CACR,CAAC;IAEF,IAAA,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,YAAY,CAAC;IAClC,IAAA,IAAI,CAAC,EAAE,IAAI,CAAC,IAAI,EAAE;YACd,MAAM,sBAAsB,CACxBC,kBAAwC,EACxC,uBAAuB,CAC1B,CAAC;IACL,KAAA;QAED,OAAO;YACH,MAAM;YACN,OAAO;YACP,OAAO;YACP,QAAQ;YACR,iBAAiB;YACjB,kBAAkB;IAClB,QAAA,YAAY,EAAE;gBACV,EAAE;gBACF,IAAI;IACP,SAAA;SACJ,CAAC;IACN,CAAC;IAsND;;IAEG;aACa,WAAW,GAAA;QACvB,MAAM,UAAU,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACvD,IAAA,MAAM,aAAa,GAAG,UAAU,CAAC,gBAAgB,EAAE,CAAC;QACpD,OAAO,CAAA,EAAG,aAAa,CAAC,QAAQ,KAAK,aAAa,CAAC,eAAe,CAAA,CAAA,CAAG,CAAC;IAC1E;;ICzWA;;;IAGG;UASU,gBAAgB,CAAA;IACzB;;;;IAIG;QACH,gBAAgB,CACZ,GAAW,EACX,OAA0B,EAAA;YAE1B,OAAO,gBAAgB,CAAC,qBAAqB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;SAC/D;IAED;;;;IAIG;QACH,gBAAgB,CACZ,GAAW,EACX,OAA0B,EAAA;YAE1B,OAAO,gBAAgB,CAAC,qBAAqB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;SAC/D;IAED;;;;IAIG;IACK,IAAA,OAAO,qBAAqB,CAChC,GAAW,EACX,OAA0B,EAAA;YAE1B,IAAI,OAAO,CAAC,SAAS,EAAE;gBACnB,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAChC,SAAA;IAAM,aAAA;gBACH,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC/B,SAAA;YAED,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,KAAI;gBACnC,UAAU,CAAC,MAAK;oBACZ,MAAM,CACF,sBAAsB,CAClBC,QAA8B,EAC9B,oBAAoB,CACvB,CACJ,CAAC;IACN,aAAC,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IACxB,SAAC,CAAC,CAAC;SACN;IACJ;;IC/DD;;;IAGG;IA6BI,MAAM,2BAA2B,GAAG,KAAK;;IChChD;;;IAGG;IAEI,MAAM,MAAM,GAAG,MAAM;;ICL5B;;;IAGG;IAeH;;;;;;;;;;;;IAYG;IACI,eAAe,4BAA4B,CAC9C,gBAAmC,EAAA;IAEnC,IAAA,IAAI,cAAc,CAAC;QACnB,IAAI;YACA,cAAc,GAAG,wBAAwB,EAAE,CAAC;IAC/C,KAAA;IAAC,IAAA,OAAO,KAAK,EAAE;;YAEZ,IAAI,OAAO,MAAM,CAAC,OAAO,CAAC,YAAY,KAAK,UAAU,EAAE;gBACnD,MAAM,CAAC,OAAO,CAAC,YAAY,CACvB,IAAI,EACJ,EAAE,EACF,CAAG,EAAA,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAA,EAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAE,CAAA,CACzD,CAAC;IACL,SAAA;IACD,QAAA,MAAM,KAAK,CAAC;IACf,KAAA;IAED,IAAA,MAAM,EACF,OAAO,EACP,OAAO,EACP,QAAQ,EACR,iBAAiB,EACjB,kBAAkB,EAClB,YAAY,GACf,GAAG,cAAc,CAAC;IAEnB,IAAA,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,YAAY,CAAC;QAElC,IAAI,IAAI,CAAC,iBAAiB,CAAC,KAAK,eAAe,CAAC,QAAQ,EAAE;IACtD,QAAA,MAAM,SAAS,GAAG,gBAAgB,IAAI,IAAI,gBAAgB,EAAE,CAAC;YAE7D,IAAI,aAAa,GAAG,EAAE,CAAC;YACvB,IAAI,QAAQ,GAAG,EAAE,CAAC;YAClB,IAAI,eAAe,GAAG,EAAE,CAAC;YACzB,MAAM,cAAc,GAAG,CAAG,EAAA,MAAM,IAAI,kBAAkB,CAAC,sBAAsB,CAAA,CAAE,CAAC;IAChF;;;;IAIG;YACH,IAAI;gBACA,MAAM,oBAAoB,GACtB,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;gBAClD,MAAM,iBAAiB,GAAG,IAAI,CAAC,KAAK,CAAC,oBAAoB,IAAI,EAAE,CAAC,CAAC;IACjE,YAAA,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,IAAI,EAAE,CAAC;IAC5C,YAAA,eAAe,GAAG,iBAAiB,CAAC,IAAI,CAAC;IAEzC,YAAA,IAAI,QAAQ,EAAE;oBACV,MAAM,SAAS,GAAG,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAA,EAAI,kBAAkB,CAAC,UAAU,CAAA,CAAE,CAAC;oBAC3E,aAAa,GAAG,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;IAClE,aAAA;IACJ,SAAA;YAAC,MAAM;;IAEP,SAAA;IAED,QAAA,MAAM,iBAAiB,GAAsB;IACzC,YAAA,KAAK,EACD,eAAe,KAAK,gBAAgB,CAAC,OAAO;sBACtC,KAAK,CAAC,MAAM;sBACZ,KAAK,CAAC,qBAAqB;IACrC,YAAA,SAAS,EAAE,IAAI;IACf,YAAA,OAAO,EAAE,2BAA2B;aACvC,CAAC;IAEF;;;;;;;;;;;;;;;;;IAiBG;IACH,QAAA,IAAI,QAAQ,EAAE;gBACV,IAAI;IACA,gBAAA,MAAM,CAAC,cAAc,CAAC,OAAO,CACzB,GAAG,MAAM,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAA,EAAI,kBAAkB,CAAC,QAAQ,EAAE,EACtD,OAAO,CACV,CAAC;IACL,aAAA;gBAAC,MAAM;;IAEP,aAAA;IACJ,SAAA;YAED,MAAM,GAAG,GAAG,aAAa,IAAIC,WAAwB,EAAE,CAAC;;YAExD,MAAM,aAAa,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC;YAEjE,MAAM,SAAS,CAAC,gBAAgB,CAAC,aAAa,EAAE,iBAAiB,CAAC,CAAC;;YAGnE,OAAO;IACV,KAAA;;QAGD,IAAI,OAAO,MAAM,CAAC,OAAO,CAAC,YAAY,KAAK,UAAU,EAAE;IACnD,QAAA,IAAI,MAAM,GAAG,CAAG,EAAA,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAA,EAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;;IAEpE,QAAA,IAAI,CAAC,iBAAiB,IAAI,OAAO,EAAE;gBAC/B,MAAM,IAAI,OAAO,CAAC;IACrB,SAAA;;IAED,QAAA,IAAI,CAAC,kBAAkB,IAAI,QAAQ,EAAE;gBACjC,MAAM,IAAI,QAAQ,CAAC;IACtB,SAAA;YACD,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;IACjD,KAAA;;IAGD,IAAA,MAAM,OAAO,GAAG,IAAI,gBAAgB,CAAC,EAAE,CAAC,CAAC;QACzC,OAAO,CAAC,WAAW,CAAC;IAChB,QAAA,CAAC,EAAE,CAAC;YACJ,OAAO;IACV,KAAA,CAAC,CAAC;QACH,OAAO,CAAC,KAAK,EAAE,CAAC;QAChB,IAAI;YACA,MAAM,CAAC,KAAK,EAAE,CAAC;IAClB,KAAA;IAAC,IAAA,MAAM,GAAE;IACd;;;;;;;;"}
1
+ {"version":3,"file":"msal-redirect-bridge.js","sources":["../../../msal-common/dist-browser/utils/Constants.mjs","../../../msal-common/dist-browser/error/AuthError.mjs","../../../msal-common/dist-browser/error/ClientConfigurationError.mjs","../../../msal-common/dist-browser/utils/StringUtils.mjs","../../../msal-common/dist-browser/error/ClientAuthError.mjs","../../../msal-common/dist-browser/error/ClientConfigurationErrorCodes.mjs","../../../msal-common/dist-browser/error/ClientAuthErrorCodes.mjs","../../../msal-common/dist-browser/url/UrlString.mjs","../../../msal-common/dist-browser/utils/ProtocolUtils.mjs","../../../../src/error/BrowserAuthErrorCodes.ts","../../../../src/error/BrowserAuthError.ts","../../../../src/utils/BrowserConstants.ts","../../../../src/encode/Base64Decode.ts","../../../../src/utils/BrowserUtils.ts","../../../../src/navigation/NavigationClient.ts","../../../../src/config/Configuration.ts","../../../../src/cache/CacheKeys.ts","../../../../src/redirect_bridge/index.ts"],"sourcesContent":["/*! @azure/msal-common v16.6.2 2026-05-19 */\n'use strict';\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\nconst SKU = \"msal.js.common\";\r\n// default authority\r\nconst DEFAULT_AUTHORITY = \"https://login.microsoftonline.com/common/\";\r\nconst DEFAULT_AUTHORITY_HOST = \"login.microsoftonline.com\";\r\nconst DEFAULT_COMMON_TENANT = \"common\";\r\n// ADFS String\r\nconst ADFS = \"adfs\";\r\nconst DSTS = \"dstsv2\";\r\n// Default AAD Instance Discovery Endpoint\r\nconst AAD_INSTANCE_DISCOVERY_ENDPT = `${DEFAULT_AUTHORITY}discovery/instance?api-version=1.1&authorization_endpoint=`;\r\n// CIAM URL\r\nconst CIAM_AUTH_URL = \".ciamlogin.com\";\r\nconst AAD_TENANT_DOMAIN_SUFFIX = \".onmicrosoft.com\";\r\n// Resource delimiter - used for certain cache entries\r\nconst RESOURCE_DELIM = \"|\";\r\n// Consumer UTID\r\nconst CONSUMER_UTID = \"9188040d-6c67-4c5b-b112-36a304b66dad\";\r\n// Default scopes\r\nconst OPENID_SCOPE = \"openid\";\r\nconst PROFILE_SCOPE = \"profile\";\r\nconst OFFLINE_ACCESS_SCOPE = \"offline_access\";\r\nconst EMAIL_SCOPE = \"email\";\r\nconst CODE_GRANT_TYPE = \"authorization_code\";\r\nconst S256_CODE_CHALLENGE_METHOD = \"S256\";\r\nconst URL_FORM_CONTENT_TYPE = \"application/x-www-form-urlencoded;charset=utf-8\";\r\nconst AUTHORIZATION_PENDING = \"authorization_pending\";\r\nconst NOT_APPLICABLE = \"N/A\";\r\nconst NOT_AVAILABLE = \"Not Available\";\r\nconst FORWARD_SLASH = \"/\";\r\nconst IMDS_ENDPOINT = \"http://169.254.169.254/metadata/instance/compute/location\";\r\nconst IMDS_VERSION = \"2020-06-01\";\r\nconst IMDS_TIMEOUT = 2000;\r\nconst AZURE_REGION_AUTO_DISCOVER_FLAG = \"TryAutoDetect\";\r\nconst REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX = \"login.microsoft.com\";\r\nconst KNOWN_PUBLIC_CLOUDS = [\r\n \"login.microsoftonline.com\",\r\n \"login.windows.net\",\r\n \"login.microsoft.com\",\r\n \"sts.windows.net\",\r\n];\r\nconst SHR_NONCE_VALIDITY = 240;\r\nconst INVALID_INSTANCE = \"invalid_instance\";\r\nconst HTTP_SUCCESS = 200;\r\nconst HTTP_SUCCESS_RANGE_START = 200;\r\nconst HTTP_SUCCESS_RANGE_END = 299;\r\nconst HTTP_REDIRECT = 302;\r\nconst HTTP_CLIENT_ERROR = 400;\r\nconst HTTP_CLIENT_ERROR_RANGE_START = 400;\r\nconst HTTP_BAD_REQUEST = 400;\r\nconst HTTP_UNAUTHORIZED = 401;\r\nconst HTTP_NOT_FOUND = 404;\r\nconst HTTP_REQUEST_TIMEOUT = 408;\r\nconst HTTP_GONE = 410;\r\nconst HTTP_TOO_MANY_REQUESTS = 429;\r\nconst HTTP_CLIENT_ERROR_RANGE_END = 499;\r\nconst HTTP_SERVER_ERROR = 500;\r\nconst HTTP_SERVER_ERROR_RANGE_START = 500;\r\nconst HTTP_SERVICE_UNAVAILABLE = 503;\r\nconst HTTP_GATEWAY_TIMEOUT = 504;\r\nconst HTTP_SERVER_ERROR_RANGE_END = 599;\r\nconst HTTP_MULTI_SIDED_ERROR = 600;\r\nconst HttpMethod = {\r\n GET: \"GET\",\r\n POST: \"POST\",\r\n};\r\nconst OIDC_DEFAULT_SCOPES = [\r\n OPENID_SCOPE,\r\n PROFILE_SCOPE,\r\n OFFLINE_ACCESS_SCOPE,\r\n];\r\nconst OIDC_SCOPES = [...OIDC_DEFAULT_SCOPES, EMAIL_SCOPE];\r\n/**\r\n * Request header names\r\n */\r\nconst HeaderNames = {\r\n CONTENT_TYPE: \"Content-Type\",\r\n CONTENT_LENGTH: \"Content-Length\",\r\n RETRY_AFTER: \"Retry-After\",\r\n CCS_HEADER: \"X-AnchorMailbox\",\r\n WWWAuthenticate: \"WWW-Authenticate\",\r\n AuthenticationInfo: \"Authentication-Info\",\r\n X_MS_REQUEST_ID: \"x-ms-request-id\",\r\n X_MS_HTTP_VERSION: \"x-ms-httpver\",\r\n};\r\n/**\r\n * Persistent cache keys MSAL which stay while user is logged in.\r\n */\r\nconst PersistentCacheKeys = {\r\n ACTIVE_ACCOUNT_FILTERS: \"active-account-filters\", // new cache entry for active_account for a more robust version for browser\r\n};\r\n/**\r\n * String constants related to AAD Authority\r\n */\r\nconst AADAuthority = {\r\n COMMON: \"common\",\r\n ORGANIZATIONS: \"organizations\",\r\n CONSUMERS: \"consumers\",\r\n};\r\n/**\r\n * Claims request keys\r\n */\r\nconst ClaimsRequestKeys = {\r\n ACCESS_TOKEN: \"access_token\",\r\n XMS_CC: \"xms_cc\",\r\n};\r\n/**\r\n * we considered making this \"enum\" in the request instead of string, however it looks like the allowed list of\r\n * prompt values kept changing over past couple of years. There are some undocumented prompt values for some\r\n * internal partners too, hence the choice of generic \"string\" type instead of the \"enum\"\r\n */\r\nconst PromptValue = {\r\n LOGIN: \"login\",\r\n SELECT_ACCOUNT: \"select_account\",\r\n CONSENT: \"consent\",\r\n NONE: \"none\",\r\n CREATE: \"create\",\r\n NO_SESSION: \"no_session\",\r\n};\r\n/**\r\n * allowed values for codeVerifier\r\n */\r\nconst CodeChallengeMethodValues = {\r\n PLAIN: \"plain\",\r\n S256: \"S256\",\r\n};\r\n/**\r\n * Allowed values for response_type\r\n */\r\nconst OAuthResponseType = {\r\n CODE: \"code\",\r\n IDTOKEN_TOKEN: \"id_token token\",\r\n IDTOKEN_TOKEN_REFRESHTOKEN: \"id_token token refresh_token\",\r\n};\r\n/**\r\n * allowed values for response_mode\r\n */\r\nconst ResponseMode = {\r\n QUERY: \"query\",\r\n FRAGMENT: \"fragment\",\r\n FORM_POST: \"form_post\",\r\n};\r\n/**\r\n * allowed grant_type\r\n */\r\nconst GrantType = {\r\n IMPLICIT_GRANT: \"implicit\",\r\n AUTHORIZATION_CODE_GRANT: \"authorization_code\",\r\n CLIENT_CREDENTIALS_GRANT: \"client_credentials\",\r\n RESOURCE_OWNER_PASSWORD_GRANT: \"password\",\r\n REFRESH_TOKEN_GRANT: \"refresh_token\",\r\n DEVICE_CODE_GRANT: \"device_code\",\r\n JWT_BEARER: \"urn:ietf:params:oauth:grant-type:jwt-bearer\",\r\n};\r\n/**\r\n * Account types in Cache\r\n */\r\nconst CACHE_ACCOUNT_TYPE_MSSTS = \"MSSTS\";\r\nconst CACHE_ACCOUNT_TYPE_ADFS = \"ADFS\";\r\nconst CACHE_ACCOUNT_TYPE_MSAV1 = \"MSA\";\r\nconst CACHE_ACCOUNT_TYPE_GENERIC = \"Generic\";\r\n/**\r\n * Separators used in cache\r\n */\r\nconst CACHE_KEY_SEPARATOR = \"-\";\r\nconst CLIENT_INFO_SEPARATOR = \".\";\r\n/**\r\n * Credential Type stored in the cache\r\n */\r\nconst CredentialType = {\r\n ID_TOKEN: \"IdToken\",\r\n ACCESS_TOKEN: \"AccessToken\",\r\n ACCESS_TOKEN_WITH_AUTH_SCHEME: \"AccessToken_With_AuthScheme\",\r\n REFRESH_TOKEN: \"RefreshToken\",\r\n};\r\n/**\r\n * Combine all cache types\r\n */\r\nconst CacheType = {\r\n ADFS: 1001,\r\n MSA: 1002,\r\n MSSTS: 1003,\r\n GENERIC: 1004,\r\n ACCESS_TOKEN: 2001,\r\n REFRESH_TOKEN: 2002,\r\n ID_TOKEN: 2003,\r\n APP_METADATA: 3001,\r\n UNDEFINED: 9999,\r\n};\r\n/**\r\n * More Cache related constants\r\n */\r\nconst APP_METADATA = \"appmetadata\";\r\nconst CLIENT_INFO = \"client_info\";\r\nconst THE_FAMILY_ID = \"1\";\r\nconst AUTHORITY_METADATA_CACHE_KEY = \"authority-metadata\";\r\nconst AUTHORITY_METADATA_REFRESH_TIME_SECONDS = 3600 * 24; // 24 Hours\r\nconst AuthorityMetadataSource = {\r\n CONFIG: \"config\",\r\n CACHE: \"cache\",\r\n NETWORK: \"network\",\r\n HARDCODED_VALUES: \"hardcoded_values\",\r\n};\r\nconst SERVER_TELEM_SCHEMA_VERSION = 5;\r\nconst SERVER_TELEM_MAX_CUR_HEADER_BYTES = 80; // ESTS limit is 100B, set to 80 to provide a 20B buffer\r\nconst SERVER_TELEM_MAX_LAST_HEADER_BYTES = 330; // ESTS limit is 350B, set to 330 to provide a 20B buffer,\r\nconst SERVER_TELEM_MAX_CACHED_ERRORS = 50; // Limit the number of errors that can be stored to prevent uncontrolled size gains\r\nconst SERVER_TELEM_CACHE_KEY = \"server-telemetry\";\r\nconst SERVER_TELEM_CATEGORY_SEPARATOR = \"|\";\r\nconst SERVER_TELEM_VALUE_SEPARATOR = \",\";\r\nconst SERVER_TELEM_OVERFLOW_TRUE = \"1\";\r\nconst SERVER_TELEM_OVERFLOW_FALSE = \"0\";\r\nconst SERVER_TELEM_UNKNOWN_ERROR = \"unknown_error\";\r\n/**\r\n * Type of the authentication request\r\n */\r\nconst AuthenticationScheme = {\r\n BEARER: \"Bearer\",\r\n POP: \"pop\",\r\n SSH: \"ssh-cert\",\r\n};\r\n/**\r\n * Constants related to throttling\r\n */\r\nconst DEFAULT_THROTTLE_TIME_SECONDS = 60;\r\n// Default maximum time to throttle in seconds, overrides what the server sends back\r\nconst DEFAULT_MAX_THROTTLE_TIME_SECONDS = 3600;\r\n// Prefix for storing throttling entries\r\nconst THROTTLING_PREFIX = \"throttling\";\r\n// Value assigned to the x-ms-lib-capability header to indicate to the server the library supports throttling\r\nconst X_MS_LIB_CAPABILITY_VALUE = \"retry-after, h429\";\r\n/**\r\n * Errors\r\n */\r\nconst INVALID_GRANT_ERROR = \"invalid_grant\";\r\nconst CLIENT_MISMATCH_ERROR = \"client_mismatch\";\r\n/**\r\n * Password grant parameters\r\n */\r\nconst PasswordGrantConstants = {\r\n username: \"username\",\r\n password: \"password\",\r\n};\r\n/**\r\n * Region Discovery Sources\r\n */\r\nconst RegionDiscoverySources = {\r\n FAILED_AUTO_DETECTION: \"1\",\r\n INTERNAL_CACHE: \"2\",\r\n ENVIRONMENT_VARIABLE: \"3\",\r\n IMDS: \"4\",\r\n};\r\n/**\r\n * Region Discovery Outcomes\r\n */\r\nconst RegionDiscoveryOutcomes = {\r\n CONFIGURED_MATCHES_DETECTED: \"1\",\r\n CONFIGURED_NO_AUTO_DETECTION: \"2\",\r\n CONFIGURED_NOT_DETECTED: \"3\",\r\n AUTO_DETECTION_REQUESTED_SUCCESSFUL: \"4\",\r\n AUTO_DETECTION_REQUESTED_FAILED: \"5\",\r\n};\r\n/**\r\n * Specifies the reason for fetching the access token from the identity provider\r\n */\r\nconst CacheOutcome = {\r\n // When a token is found in the cache or the cache is not supposed to be hit when making the request\r\n NOT_APPLICABLE: \"0\",\r\n // When the token request goes to the identity provider because force_refresh was set to true. Also occurs if claims were requested\r\n FORCE_REFRESH_OR_CLAIMS: \"1\",\r\n // When the token request goes to the identity provider because no cached access token exists\r\n NO_CACHED_ACCESS_TOKEN: \"2\",\r\n // When the token request goes to the identity provider because cached access token expired\r\n CACHED_ACCESS_TOKEN_EXPIRED: \"3\",\r\n // When the token request goes to the identity provider because refresh_in was used and the existing token needs to be refreshed\r\n PROACTIVELY_REFRESHED: \"4\",\r\n};\r\nconst JsonWebTokenTypes = {\r\n Jwt: \"JWT\",\r\n Jwk: \"JWK\",\r\n Pop: \"pop\",\r\n};\r\nconst ONE_DAY_IN_MS = 86400000;\r\n// Token renewal offset default in seconds\r\nconst DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;\r\nconst EncodingTypes = {\r\n BASE64: \"base64\",\r\n HEX: \"hex\",\r\n UTF8: \"utf-8\",\r\n};\n\nexport { AADAuthority, AAD_INSTANCE_DISCOVERY_ENDPT, AAD_TENANT_DOMAIN_SUFFIX, ADFS, APP_METADATA, AUTHORITY_METADATA_CACHE_KEY, AUTHORITY_METADATA_REFRESH_TIME_SECONDS, AUTHORIZATION_PENDING, AZURE_REGION_AUTO_DISCOVER_FLAG, AuthenticationScheme, AuthorityMetadataSource, CACHE_ACCOUNT_TYPE_ADFS, CACHE_ACCOUNT_TYPE_GENERIC, CACHE_ACCOUNT_TYPE_MSAV1, CACHE_ACCOUNT_TYPE_MSSTS, CACHE_KEY_SEPARATOR, CIAM_AUTH_URL, CLIENT_INFO, CLIENT_INFO_SEPARATOR, CLIENT_MISMATCH_ERROR, CODE_GRANT_TYPE, CONSUMER_UTID, CacheOutcome, CacheType, ClaimsRequestKeys, CodeChallengeMethodValues, CredentialType, DEFAULT_AUTHORITY, DEFAULT_AUTHORITY_HOST, DEFAULT_COMMON_TENANT, DEFAULT_MAX_THROTTLE_TIME_SECONDS, DEFAULT_THROTTLE_TIME_SECONDS, DEFAULT_TOKEN_RENEWAL_OFFSET_SEC, DSTS, EMAIL_SCOPE, EncodingTypes, FORWARD_SLASH, GrantType, HTTP_BAD_REQUEST, HTTP_CLIENT_ERROR, HTTP_CLIENT_ERROR_RANGE_END, HTTP_CLIENT_ERROR_RANGE_START, HTTP_GATEWAY_TIMEOUT, HTTP_GONE, HTTP_MULTI_SIDED_ERROR, HTTP_NOT_FOUND, HTTP_REDIRECT, HTTP_REQUEST_TIMEOUT, HTTP_SERVER_ERROR, HTTP_SERVER_ERROR_RANGE_END, HTTP_SERVER_ERROR_RANGE_START, HTTP_SERVICE_UNAVAILABLE, HTTP_SUCCESS, HTTP_SUCCESS_RANGE_END, HTTP_SUCCESS_RANGE_START, HTTP_TOO_MANY_REQUESTS, HTTP_UNAUTHORIZED, HeaderNames, HttpMethod, IMDS_ENDPOINT, IMDS_TIMEOUT, IMDS_VERSION, INVALID_GRANT_ERROR, INVALID_INSTANCE, JsonWebTokenTypes, KNOWN_PUBLIC_CLOUDS, NOT_APPLICABLE, NOT_AVAILABLE, OAuthResponseType, OFFLINE_ACCESS_SCOPE, OIDC_DEFAULT_SCOPES, OIDC_SCOPES, ONE_DAY_IN_MS, OPENID_SCOPE, PROFILE_SCOPE, PasswordGrantConstants, PersistentCacheKeys, PromptValue, REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX, RESOURCE_DELIM, RegionDiscoveryOutcomes, RegionDiscoverySources, ResponseMode, S256_CODE_CHALLENGE_METHOD, SERVER_TELEM_CACHE_KEY, SERVER_TELEM_CATEGORY_SEPARATOR, SERVER_TELEM_MAX_CACHED_ERRORS, SERVER_TELEM_MAX_CUR_HEADER_BYTES, SERVER_TELEM_MAX_LAST_HEADER_BYTES, SERVER_TELEM_OVERFLOW_FALSE, SERVER_TELEM_OVERFLOW_TRUE, SERVER_TELEM_SCHEMA_VERSION, SERVER_TELEM_UNKNOWN_ERROR, SERVER_TELEM_VALUE_SEPARATOR, SHR_NONCE_VALIDITY, SKU, THE_FAMILY_ID, THROTTLING_PREFIX, URL_FORM_CONTENT_TYPE, X_MS_LIB_CAPABILITY_VALUE };\n//# sourceMappingURL=Constants.mjs.map\n","/*! @azure/msal-common v16.6.2 2026-05-19 */\n'use strict';\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\nfunction getDefaultErrorMessage(code) {\r\n return `See https://aka.ms/msal.js.errors#${code} for details`;\r\n}\r\n/**\r\n * General error class thrown by the MSAL.js library.\r\n */\r\nclass AuthError extends Error {\r\n constructor(errorCode, errorMessage, suberror) {\r\n const message = errorMessage ||\r\n (errorCode ? getDefaultErrorMessage(errorCode) : \"\");\r\n const errorString = message ? `${errorCode}: ${message}` : errorCode;\r\n super(errorString);\r\n Object.setPrototypeOf(this, AuthError.prototype);\r\n this.errorCode = errorCode || \"\";\r\n this.errorMessage = message || \"\";\r\n this.subError = suberror || \"\";\r\n this.name = \"AuthError\";\r\n }\r\n setCorrelationId(correlationId) {\r\n this.correlationId = correlationId;\r\n }\r\n}\r\nfunction createAuthError(code, additionalMessage) {\r\n return new AuthError(code, additionalMessage || getDefaultErrorMessage(code));\r\n}\n\nexport { AuthError, createAuthError, getDefaultErrorMessage };\n//# sourceMappingURL=AuthError.mjs.map\n","/*! @azure/msal-common v16.6.2 2026-05-19 */\n'use strict';\nimport { AuthError } from './AuthError.mjs';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * Error thrown when there is an error in configuration of the MSAL.js library.\r\n */\r\nclass ClientConfigurationError extends AuthError {\r\n constructor(errorCode) {\r\n super(errorCode);\r\n this.name = \"ClientConfigurationError\";\r\n Object.setPrototypeOf(this, ClientConfigurationError.prototype);\r\n }\r\n}\r\nfunction createClientConfigurationError(errorCode) {\r\n return new ClientConfigurationError(errorCode);\r\n}\n\nexport { ClientConfigurationError, createClientConfigurationError };\n//# sourceMappingURL=ClientConfigurationError.mjs.map\n","/*! @azure/msal-common v16.6.2 2026-05-19 */\n'use strict';\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * @hidden\r\n */\r\nclass StringUtils {\r\n /**\r\n * Check if stringified object is empty\r\n * @param strObj\r\n */\r\n static isEmptyObj(strObj) {\r\n if (strObj) {\r\n try {\r\n const obj = JSON.parse(strObj);\r\n return Object.keys(obj).length === 0;\r\n }\r\n catch (e) { }\r\n }\r\n return true;\r\n }\r\n static startsWith(str, search) {\r\n return str.indexOf(search) === 0;\r\n }\r\n static endsWith(str, search) {\r\n return (str.length >= search.length &&\r\n str.lastIndexOf(search) === str.length - search.length);\r\n }\r\n /**\r\n * Parses string into an object.\r\n *\r\n * @param query\r\n */\r\n static queryStringToObject(query) {\r\n const obj = {};\r\n const params = query.split(\"&\");\r\n const decode = (s) => decodeURIComponent(s.replace(/\\+/g, \" \"));\r\n params.forEach((pair) => {\r\n if (pair.trim()) {\r\n const [key, value] = pair.split(/=(.+)/g, 2); // Split on the first occurence of the '=' character\r\n if (key && value) {\r\n obj[decode(key)] = decode(value);\r\n }\r\n }\r\n });\r\n return obj;\r\n }\r\n /**\r\n * Trims entries in an array.\r\n *\r\n * @param arr\r\n */\r\n static trimArrayEntries(arr) {\r\n return arr.map((entry) => entry.trim());\r\n }\r\n /**\r\n * Removes empty strings from array\r\n * @param arr\r\n */\r\n static removeEmptyStringsFromArray(arr) {\r\n return arr.filter((entry) => {\r\n return !!entry;\r\n });\r\n }\r\n /**\r\n * Attempts to parse a string into JSON\r\n * @param str\r\n */\r\n static jsonParseHelper(str) {\r\n try {\r\n return JSON.parse(str);\r\n }\r\n catch (e) {\r\n return null;\r\n }\r\n }\r\n}\n\nexport { StringUtils };\n//# sourceMappingURL=StringUtils.mjs.map\n","/*! @azure/msal-common v16.6.2 2026-05-19 */\n'use strict';\nimport { AuthError } from './AuthError.mjs';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * ClientAuthErrorMessage class containing string constants used by error codes and messages.\r\n */\r\n/**\r\n * Error thrown when there is an error in the client code running on the browser.\r\n */\r\nclass ClientAuthError extends AuthError {\r\n constructor(errorCode, additionalMessage) {\r\n super(errorCode, additionalMessage);\r\n this.name = \"ClientAuthError\";\r\n Object.setPrototypeOf(this, ClientAuthError.prototype);\r\n }\r\n}\r\nfunction createClientAuthError(errorCode, additionalMessage) {\r\n return new ClientAuthError(errorCode, additionalMessage);\r\n}\n\nexport { ClientAuthError, createClientAuthError };\n//# sourceMappingURL=ClientAuthError.mjs.map\n","/*! @azure/msal-common v16.6.2 2026-05-19 */\n'use strict';\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\nconst redirectUriEmpty = \"redirect_uri_empty\";\r\nconst claimsRequestParsingError = \"claims_request_parsing_error\";\r\nconst authorityUriInsecure = \"authority_uri_insecure\";\r\nconst urlParseError = \"url_parse_error\";\r\nconst urlEmptyError = \"empty_url_error\";\r\nconst emptyInputScopesError = \"empty_input_scopes_error\";\r\nconst invalidClaims = \"invalid_claims\";\r\nconst tokenRequestEmpty = \"token_request_empty\";\r\nconst logoutRequestEmpty = \"logout_request_empty\";\r\nconst invalidCodeChallengeMethod = \"invalid_code_challenge_method\";\r\nconst pkceParamsMissing = \"pkce_params_missing\";\r\nconst invalidCloudDiscoveryMetadata = \"invalid_cloud_discovery_metadata\";\r\nconst invalidAuthorityMetadata = \"invalid_authority_metadata\";\r\nconst untrustedAuthority = \"untrusted_authority\";\r\nconst missingSshJwk = \"missing_ssh_jwk\";\r\nconst missingSshKid = \"missing_ssh_kid\";\r\nconst missingNonceAuthenticationHeader = \"missing_nonce_authentication_header\";\r\nconst invalidAuthenticationHeader = \"invalid_authentication_header\";\r\nconst cannotSetOIDCOptions = \"cannot_set_OIDCOptions\";\r\nconst cannotAllowPlatformBroker = \"cannot_allow_platform_broker\";\r\nconst authorityMismatch = \"authority_mismatch\";\r\nconst invalidRequestMethodForEAR = \"invalid_request_method_for_EAR\";\r\nconst invalidPlatformBrokerConfiguration = \"invalid_platform_broker_configuration\";\r\nconst issuerValidationFailed = \"issuer_validation_failed\";\n\nexport { authorityMismatch, authorityUriInsecure, cannotAllowPlatformBroker, cannotSetOIDCOptions, claimsRequestParsingError, emptyInputScopesError, invalidAuthenticationHeader, invalidAuthorityMetadata, invalidClaims, invalidCloudDiscoveryMetadata, invalidCodeChallengeMethod, invalidPlatformBrokerConfiguration, invalidRequestMethodForEAR, issuerValidationFailed, logoutRequestEmpty, missingNonceAuthenticationHeader, missingSshJwk, missingSshKid, pkceParamsMissing, redirectUriEmpty, tokenRequestEmpty, untrustedAuthority, urlEmptyError, urlParseError };\n//# sourceMappingURL=ClientConfigurationErrorCodes.mjs.map\n","/*! @azure/msal-common v16.6.2 2026-05-19 */\n'use strict';\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\nconst clientInfoDecodingError = \"client_info_decoding_error\";\r\nconst clientInfoEmptyError = \"client_info_empty_error\";\r\nconst tokenParsingError = \"token_parsing_error\";\r\nconst nullOrEmptyToken = \"null_or_empty_token\";\r\nconst endpointResolutionError = \"endpoints_resolution_error\";\r\nconst networkError = \"network_error\";\r\nconst openIdConfigError = \"openid_config_error\";\r\nconst hashNotDeserialized = \"hash_not_deserialized\";\r\nconst invalidState = \"invalid_state\";\r\nconst stateMismatch = \"state_mismatch\";\r\nconst stateNotFound = \"state_not_found\";\r\nconst nonceMismatch = \"nonce_mismatch\";\r\nconst authTimeNotFound = \"auth_time_not_found\";\r\nconst maxAgeTranspired = \"max_age_transpired\";\r\nconst multipleMatchingTokens = \"multiple_matching_tokens\";\r\nconst multipleMatchingAppMetadata = \"multiple_matching_appMetadata\";\r\nconst requestCannotBeMade = \"request_cannot_be_made\";\r\nconst cannotRemoveEmptyScope = \"cannot_remove_empty_scope\";\r\nconst cannotAppendScopeSet = \"cannot_append_scopeset\";\r\nconst emptyInputScopeSet = \"empty_input_scopeset\";\r\nconst noAccountInSilentRequest = \"no_account_in_silent_request\";\r\nconst invalidCacheRecord = \"invalid_cache_record\";\r\nconst invalidCacheEnvironment = \"invalid_cache_environment\";\r\nconst noAccountFound = \"no_account_found\";\r\nconst noCryptoObject = \"no_crypto_object\";\r\nconst unexpectedCredentialType = \"unexpected_credential_type\";\r\nconst tokenRefreshRequired = \"token_refresh_required\";\r\nconst tokenClaimsCnfRequiredForSignedJwt = \"token_claims_cnf_required_for_signedjwt\";\r\nconst authorizationCodeMissingFromServerResponse = \"authorization_code_missing_from_server_response\";\r\nconst bindingKeyNotRemoved = \"binding_key_not_removed\";\r\nconst endSessionEndpointNotSupported = \"end_session_endpoint_not_supported\";\r\nconst keyIdMissing = \"key_id_missing\";\r\nconst noNetworkConnectivity = \"no_network_connectivity\";\r\nconst userCanceled = \"user_canceled\";\r\nconst methodNotImplemented = \"method_not_implemented\";\r\nconst nestedAppAuthBridgeDisabled = \"nested_app_auth_bridge_disabled\";\r\nconst platformBrokerError = \"platform_broker_error\";\r\nconst resourceParameterRequired = \"resource_parameter_required\";\r\nconst misplacedResourceParam = \"misplaced_resource_parameter\";\n\nexport { authTimeNotFound, authorizationCodeMissingFromServerResponse, bindingKeyNotRemoved, cannotAppendScopeSet, cannotRemoveEmptyScope, clientInfoDecodingError, clientInfoEmptyError, emptyInputScopeSet, endSessionEndpointNotSupported, endpointResolutionError, hashNotDeserialized, invalidCacheEnvironment, invalidCacheRecord, invalidState, keyIdMissing, maxAgeTranspired, methodNotImplemented, misplacedResourceParam, multipleMatchingAppMetadata, multipleMatchingTokens, nestedAppAuthBridgeDisabled, networkError, noAccountFound, noAccountInSilentRequest, noCryptoObject, noNetworkConnectivity, nonceMismatch, nullOrEmptyToken, openIdConfigError, platformBrokerError, requestCannotBeMade, resourceParameterRequired, stateMismatch, stateNotFound, tokenClaimsCnfRequiredForSignedJwt, tokenParsingError, tokenRefreshRequired, unexpectedCredentialType, userCanceled };\n//# sourceMappingURL=ClientAuthErrorCodes.mjs.map\n","/*! @azure/msal-common v16.6.2 2026-05-19 */\n'use strict';\nimport { createClientConfigurationError } from '../error/ClientConfigurationError.mjs';\nimport { StringUtils } from '../utils/StringUtils.mjs';\nimport { AADAuthority, FORWARD_SLASH } from '../utils/Constants.mjs';\nimport { urlEmptyError, urlParseError, authorityUriInsecure } from '../error/ClientConfigurationErrorCodes.mjs';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * Url object class which can perform various transformations on url strings.\r\n */\r\nclass UrlString {\r\n get urlString() {\r\n return this._urlString;\r\n }\r\n constructor(url) {\r\n this._urlString = url;\r\n if (!this._urlString) {\r\n // Throws error if url is empty\r\n throw createClientConfigurationError(urlEmptyError);\r\n }\r\n if (!url.includes(\"#\")) {\r\n this._urlString = UrlString.canonicalizeUri(url);\r\n }\r\n }\r\n /**\r\n * Ensure urls are lower case and end with a / character.\r\n * @param url\r\n */\r\n static canonicalizeUri(url) {\r\n if (url) {\r\n let lowerCaseUrl = url.toLowerCase();\r\n if (StringUtils.endsWith(lowerCaseUrl, \"?\")) {\r\n lowerCaseUrl = lowerCaseUrl.slice(0, -1);\r\n }\r\n else if (StringUtils.endsWith(lowerCaseUrl, \"?/\")) {\r\n lowerCaseUrl = lowerCaseUrl.slice(0, -2);\r\n }\r\n if (!StringUtils.endsWith(lowerCaseUrl, \"/\")) {\r\n lowerCaseUrl += \"/\";\r\n }\r\n return lowerCaseUrl;\r\n }\r\n return url;\r\n }\r\n /**\r\n * Throws if urlString passed is not a valid authority URI string.\r\n */\r\n validateAsUri() {\r\n // Attempts to parse url for uri components\r\n let components;\r\n try {\r\n components = this.getUrlComponents();\r\n }\r\n catch (e) {\r\n throw createClientConfigurationError(urlParseError);\r\n }\r\n // Throw error if URI or path segments are not parseable.\r\n if (!components.HostNameAndPort || !components.PathSegments) {\r\n throw createClientConfigurationError(urlParseError);\r\n }\r\n // Throw error if uri is insecure.\r\n if (!components.Protocol ||\r\n components.Protocol.toLowerCase() !== \"https:\") {\r\n throw createClientConfigurationError(authorityUriInsecure);\r\n }\r\n }\r\n /**\r\n * Given a url and a query string return the url with provided query string appended\r\n * @param url\r\n * @param queryString\r\n */\r\n static appendQueryString(url, queryString) {\r\n if (!queryString) {\r\n return url;\r\n }\r\n return url.indexOf(\"?\") < 0\r\n ? `${url}?${queryString}`\r\n : `${url}&${queryString}`;\r\n }\r\n /**\r\n * Returns a url with the hash removed\r\n * @param url\r\n */\r\n static removeHashFromUrl(url) {\r\n return UrlString.canonicalizeUri(url.split(\"#\")[0]);\r\n }\r\n /**\r\n * Given a url like https://a:b/common/d?e=f#g, and a tenantId, returns https://a:b/tenantId/d\r\n * @param href The url\r\n * @param tenantId The tenant id to replace\r\n */\r\n replaceTenantPath(tenantId) {\r\n const urlObject = this.getUrlComponents();\r\n const pathArray = urlObject.PathSegments;\r\n if (tenantId &&\r\n pathArray.length !== 0 &&\r\n (pathArray[0] === AADAuthority.COMMON ||\r\n pathArray[0] === AADAuthority.ORGANIZATIONS)) {\r\n pathArray[0] = tenantId;\r\n }\r\n return UrlString.constructAuthorityUriFromObject(urlObject);\r\n }\r\n /**\r\n * Parses out the components from a url string.\r\n * @returns An object with the various components. Please cache this value insted of calling this multiple times on the same url.\r\n */\r\n getUrlComponents() {\r\n // https://gist.github.com/curtisz/11139b2cfcaef4a261e0\r\n const regEx = RegExp(\"^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\\\?([^#]*))?(#(.*))?\");\r\n // If url string does not match regEx, we throw an error\r\n const match = this.urlString.match(regEx);\r\n if (!match) {\r\n throw createClientConfigurationError(urlParseError);\r\n }\r\n // Url component object\r\n const urlComponents = {\r\n Protocol: match[1],\r\n HostNameAndPort: match[4],\r\n AbsolutePath: match[5],\r\n QueryString: match[7],\r\n };\r\n let pathSegments = urlComponents.AbsolutePath.split(\"/\");\r\n pathSegments = pathSegments.filter((val) => val && val.length > 0); // remove empty elements\r\n urlComponents.PathSegments = pathSegments;\r\n if (urlComponents.QueryString &&\r\n urlComponents.QueryString.endsWith(\"/\")) {\r\n urlComponents.QueryString = urlComponents.QueryString.substring(0, urlComponents.QueryString.length - 1);\r\n }\r\n return urlComponents;\r\n }\r\n static getDomainFromUrl(url) {\r\n const regEx = RegExp(\"^([^:/?#]+://)?([^/?#]*)\");\r\n const match = url.match(regEx);\r\n if (!match) {\r\n throw createClientConfigurationError(urlParseError);\r\n }\r\n return match[2];\r\n }\r\n static getAbsoluteUrl(relativeUrl, baseUrl) {\r\n if (relativeUrl[0] === FORWARD_SLASH) {\r\n const url = new UrlString(baseUrl);\r\n const baseComponents = url.getUrlComponents();\r\n return (baseComponents.Protocol +\r\n \"//\" +\r\n baseComponents.HostNameAndPort +\r\n relativeUrl);\r\n }\r\n return relativeUrl;\r\n }\r\n static constructAuthorityUriFromObject(urlObject) {\r\n return new UrlString(urlObject.Protocol +\r\n \"//\" +\r\n urlObject.HostNameAndPort +\r\n \"/\" +\r\n urlObject.PathSegments.join(\"/\"));\r\n }\r\n}\n\nexport { UrlString };\n//# sourceMappingURL=UrlString.mjs.map\n","/*! @azure/msal-common v16.6.2 2026-05-19 */\n'use strict';\nimport { RESOURCE_DELIM } from './Constants.mjs';\nimport { createClientAuthError } from '../error/ClientAuthError.mjs';\nimport { noCryptoObject, invalidState } from '../error/ClientAuthErrorCodes.mjs';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * Appends user state with random guid, or returns random guid.\r\n * @param cryptoObj\r\n * @param userState\r\n * @param meta\r\n */\r\nfunction setRequestState(cryptoObj, userState, meta) {\r\n const libraryState = generateLibraryState(cryptoObj, meta);\r\n return userState\r\n ? `${libraryState}${RESOURCE_DELIM}${userState}`\r\n : libraryState;\r\n}\r\n/**\r\n * Generates the state value used by the common library.\r\n * @param cryptoObj\r\n * @param meta\r\n */\r\nfunction generateLibraryState(cryptoObj, meta) {\r\n if (!cryptoObj) {\r\n throw createClientAuthError(noCryptoObject);\r\n }\r\n // Create a state object containing a unique id and the timestamp of the request creation\r\n const stateObj = {\r\n id: cryptoObj.createNewGuid(),\r\n };\r\n if (meta) {\r\n stateObj.meta = meta;\r\n }\r\n const stateString = JSON.stringify(stateObj);\r\n return cryptoObj.base64Encode(stateString);\r\n}\r\n/**\r\n * Parses the state into the RequestStateObject, which contains the LibraryState info and the state passed by the user.\r\n * @param base64Decode\r\n * @param state\r\n */\r\nfunction parseRequestState(base64Decode, state) {\r\n if (!base64Decode) {\r\n throw createClientAuthError(noCryptoObject);\r\n }\r\n if (!state) {\r\n throw createClientAuthError(invalidState);\r\n }\r\n try {\r\n // Split the state between library state and user passed state and decode them separately\r\n const splitState = state.split(RESOURCE_DELIM);\r\n const libraryState = splitState[0];\r\n const userState = splitState.length > 1\r\n ? splitState.slice(1).join(RESOURCE_DELIM)\r\n : \"\";\r\n const libraryStateString = base64Decode(libraryState);\r\n const libraryStateObj = JSON.parse(libraryStateString);\r\n return {\r\n userRequestState: userState || \"\",\r\n libraryState: libraryStateObj,\r\n };\r\n }\r\n catch (e) {\r\n throw createClientAuthError(invalidState);\r\n }\r\n}\n\nexport { generateLibraryState, parseRequestState, setRequestState };\n//# sourceMappingURL=ProtocolUtils.mjs.map\n",null,null,null,null,null,null,null,null,null],"names":["getDefaultErrorMessage","BrowserAuthErrorCodes.invalidBase64String","BrowserAuthErrorCodes.emptyResponse","BrowserAuthErrorCodes.noStateInHash","ProtocolUtils.parseRequestState","BrowserAuthErrorCodes.unableToParseState","BrowserAuthErrorCodes.timedOut","BrowserUtils.getHomepage"],"mappings":";;;;;;;;IAAA;IAmBA;IACA,MAAM,cAAc,GAAG,GAAG,CAAC;IAc3B,MAAM,aAAa,GAAG,GAAG,CAAC;IA8D1B;IACA;IACA;IACA,MAAM,YAAY,GAAG;IACrB,IAAI,MAAM,EAAE,QAAQ;IACpB,IAAI,aAAa,EAAE,eAEnB,CAAC;;ICvGD;IAEA;IACA;IACA;IACA;IACA,SAASA,wBAAsB,CAAC,IAAI,EAAE;IACtC,IAAI,OAAO,CAAC,kCAAkC,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;IACnE,CAAC;IACD;IACA;IACA;IACA,MAAM,SAAS,SAAS,KAAK,CAAC;IAC9B,IAAI,WAAW,CAAC,SAAS,EAAE,YAAY,EAAE,QAAQ,EAAE;IACnD,QAAQ,MAAM,OAAO,GAAG,YAAY;IACpC,aAAa,SAAS,GAAGA,wBAAsB,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,CAAC;IACjE,QAAQ,MAAM,WAAW,GAAG,OAAO,GAAG,CAAC,EAAE,SAAS,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC;IAC7E,QAAQ,KAAK,CAAC,WAAW,CAAC,CAAC;IAC3B,QAAQ,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;IACzD,QAAQ,IAAI,CAAC,SAAS,GAAG,SAAS,IAAI,EAAE,CAAC;IACzC,QAAQ,IAAI,CAAC,YAAY,GAAG,OAAO,IAAI,EAAE,CAAC;IAC1C,QAAQ,IAAI,CAAC,QAAQ,GAAG,QAAQ,IAAI,EAAE,CAAC;IACvC,QAAQ,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;IAChC,KAAK;IACL,IAAI,gBAAgB,CAAC,aAAa,EAAE;IACpC,QAAQ,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;IAC3C,KAAK;IACL;;IC3BA;;IAIA;IACA;IACA;IACA;IACA;IACA;IACA;IACA,MAAM,wBAAwB,SAAS,SAAS,CAAC;IACjD,IAAI,WAAW,CAAC,SAAS,EAAE;IAC3B,QAAQ,KAAK,CAAC,SAAS,CAAC,CAAC;IACzB,QAAQ,IAAI,CAAC,IAAI,GAAG,0BAA0B,CAAC;IAC/C,QAAQ,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,wBAAwB,CAAC,SAAS,CAAC,CAAC;IACxE,KAAK;IACL,CAAC;IACD,SAAS,8BAA8B,CAAC,SAAS,EAAE;IACnD,IAAI,OAAO,IAAI,wBAAwB,CAAC,SAAS,CAAC,CAAC;IACnD;;ICpBA;IAEA;IACA;IACA;IACA;IACA;IACA;IACA;IACA,MAAM,WAAW,CAAC;IAClB;IACA;IACA;IACA;IACA,IAAI,OAAO,UAAU,CAAC,MAAM,EAAE;IAC9B,QAAQ,IAAI,MAAM,EAAE;IACpB,YAAY,IAAI;IAChB,gBAAgB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC/C,gBAAgB,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;IACrD,aAAa;IACb,YAAY,OAAO,CAAC,EAAE,GAAG;IACzB,SAAS;IACT,QAAQ,OAAO,IAAI,CAAC;IACpB,KAAK;IACL,IAAI,OAAO,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE;IACnC,QAAQ,OAAO,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACzC,KAAK;IACL,IAAI,OAAO,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE;IACjC,QAAQ,QAAQ,GAAG,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM;IAC3C,YAAY,GAAG,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE;IACpE,KAAK;IACL;IACA;IACA;IACA;IACA;IACA,IAAI,OAAO,mBAAmB,CAAC,KAAK,EAAE;IACtC,QAAQ,MAAM,GAAG,GAAG,EAAE,CAAC;IACvB,QAAQ,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACxC,QAAQ,MAAM,MAAM,GAAG,CAAC,CAAC,KAAK,kBAAkB,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;IACxE,QAAQ,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,KAAK;IACjC,YAAY,IAAI,IAAI,CAAC,IAAI,EAAE,EAAE;IAC7B,gBAAgB,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC7D,gBAAgB,IAAI,GAAG,IAAI,KAAK,EAAE;IAClC,oBAAoB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IACrD,iBAAiB;IACjB,aAAa;IACb,SAAS,CAAC,CAAC;IACX,QAAQ,OAAO,GAAG,CAAC;IACnB,KAAK;IACL;IACA;IACA;IACA;IACA;IACA,IAAI,OAAO,gBAAgB,CAAC,GAAG,EAAE;IACjC,QAAQ,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IAChD,KAAK;IACL;IACA;IACA;IACA;IACA,IAAI,OAAO,2BAA2B,CAAC,GAAG,EAAE;IAC5C,QAAQ,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,KAAK,KAAK;IACrC,YAAY,OAAO,CAAC,CAAC,KAAK,CAAC;IAC3B,SAAS,CAAC,CAAC;IACX,KAAK;IACL;IACA;IACA;IACA;IACA,IAAI,OAAO,eAAe,CAAC,GAAG,EAAE;IAChC,QAAQ,IAAI;IACZ,YAAY,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACnC,SAAS;IACT,QAAQ,OAAO,CAAC,EAAE;IAClB,YAAY,OAAO,IAAI,CAAC;IACxB,SAAS;IACT,KAAK;IACL;;IC/EA;;IAIA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA,MAAM,eAAe,SAAS,SAAS,CAAC;IACxC,IAAI,WAAW,CAAC,SAAS,EAAE,iBAAiB,EAAE;IAC9C,QAAQ,KAAK,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;IAC5C,QAAQ,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IACtC,QAAQ,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,eAAe,CAAC,SAAS,CAAC,CAAC;IAC/D,KAAK;IACL,CAAC;IACD,SAAS,qBAAqB,CAAC,SAAS,EAAE,iBAAiB,EAAE;IAC7D,IAAI,OAAO,IAAI,eAAe,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;IAC7D;;ICvBA;IAQA,MAAM,oBAAoB,GAAG,wBAAwB,CAAC;IACtD,MAAM,aAAa,GAAG,iBAAiB,CAAC;IACxC,MAAM,aAAa,GAAG,iBAAiB;;ICVvC;IAcA,MAAM,YAAY,GAAG,eAAe,CAAC;IAgBrC,MAAM,cAAc,GAAG,kBAAkB;;IC9BzC;;IAOA;IACA;IACA;IACA;IACA;IACA;IACA;IACA,MAAM,SAAS,CAAC;IAChB,IAAI,IAAI,SAAS,GAAG;IACpB,QAAQ,OAAO,IAAI,CAAC,UAAU,CAAC;IAC/B,KAAK;IACL,IAAI,WAAW,CAAC,GAAG,EAAE;IACrB,QAAQ,IAAI,CAAC,UAAU,GAAG,GAAG,CAAC;IAC9B,QAAQ,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE;IAC9B;IACA,YAAY,MAAM,8BAA8B,CAAC,aAAa,CAAC,CAAC;IAChE,SAAS;IACT,QAAQ,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;IAChC,YAAY,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IAC7D,SAAS;IACT,KAAK;IACL;IACA;IACA;IACA;IACA,IAAI,OAAO,eAAe,CAAC,GAAG,EAAE;IAChC,QAAQ,IAAI,GAAG,EAAE;IACjB,YAAY,IAAI,YAAY,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IACjD,YAAY,IAAI,WAAW,CAAC,QAAQ,CAAC,YAAY,EAAE,GAAG,CAAC,EAAE;IACzD,gBAAgB,YAAY,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACzD,aAAa;IACb,iBAAiB,IAAI,WAAW,CAAC,QAAQ,CAAC,YAAY,EAAE,IAAI,CAAC,EAAE;IAC/D,gBAAgB,YAAY,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACzD,aAAa;IACb,YAAY,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,YAAY,EAAE,GAAG,CAAC,EAAE;IAC1D,gBAAgB,YAAY,IAAI,GAAG,CAAC;IACpC,aAAa;IACb,YAAY,OAAO,YAAY,CAAC;IAChC,SAAS;IACT,QAAQ,OAAO,GAAG,CAAC;IACnB,KAAK;IACL;IACA;IACA;IACA,IAAI,aAAa,GAAG;IACpB;IACA,QAAQ,IAAI,UAAU,CAAC;IACvB,QAAQ,IAAI;IACZ,YAAY,UAAU,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;IACjD,SAAS;IACT,QAAQ,OAAO,CAAC,EAAE;IAClB,YAAY,MAAM,8BAA8B,CAAC,aAAa,CAAC,CAAC;IAChE,SAAS;IACT;IACA,QAAQ,IAAI,CAAC,UAAU,CAAC,eAAe,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE;IACrE,YAAY,MAAM,8BAA8B,CAAC,aAAa,CAAC,CAAC;IAChE,SAAS;IACT;IACA,QAAQ,IAAI,CAAC,UAAU,CAAC,QAAQ;IAChC,YAAY,UAAU,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,QAAQ,EAAE;IAC5D,YAAY,MAAM,8BAA8B,CAAC,oBAAoB,CAAC,CAAC;IACvE,SAAS;IACT,KAAK;IACL;IACA;IACA;IACA;IACA;IACA,IAAI,OAAO,iBAAiB,CAAC,GAAG,EAAE,WAAW,EAAE;IAC/C,QAAQ,IAAI,CAAC,WAAW,EAAE;IAC1B,YAAY,OAAO,GAAG,CAAC;IACvB,SAAS;IACT,QAAQ,OAAO,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;IACnC,cAAc,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;IACrC,cAAc,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,CAAC;IACtC,KAAK;IACL;IACA;IACA;IACA;IACA,IAAI,OAAO,iBAAiB,CAAC,GAAG,EAAE;IAClC,QAAQ,OAAO,SAAS,CAAC,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5D,KAAK;IACL;IACA;IACA;IACA;IACA;IACA,IAAI,iBAAiB,CAAC,QAAQ,EAAE;IAChC,QAAQ,MAAM,SAAS,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;IAClD,QAAQ,MAAM,SAAS,GAAG,SAAS,CAAC,YAAY,CAAC;IACjD,QAAQ,IAAI,QAAQ;IACpB,YAAY,SAAS,CAAC,MAAM,KAAK,CAAC;IAClC,aAAa,SAAS,CAAC,CAAC,CAAC,KAAK,YAAY,CAAC,MAAM;IACjD,gBAAgB,SAAS,CAAC,CAAC,CAAC,KAAK,YAAY,CAAC,aAAa,CAAC,EAAE;IAC9D,YAAY,SAAS,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC;IACpC,SAAS;IACT,QAAQ,OAAO,SAAS,CAAC,+BAA+B,CAAC,SAAS,CAAC,CAAC;IACpE,KAAK;IACL;IACA;IACA;IACA;IACA,IAAI,gBAAgB,GAAG;IACvB;IACA,QAAQ,MAAM,KAAK,GAAG,MAAM,CAAC,4DAA4D,CAAC,CAAC;IAC3F;IACA,QAAQ,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAClD,QAAQ,IAAI,CAAC,KAAK,EAAE;IACpB,YAAY,MAAM,8BAA8B,CAAC,aAAa,CAAC,CAAC;IAChE,SAAS;IACT;IACA,QAAQ,MAAM,aAAa,GAAG;IAC9B,YAAY,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;IAC9B,YAAY,eAAe,EAAE,KAAK,CAAC,CAAC,CAAC;IACrC,YAAY,YAAY,EAAE,KAAK,CAAC,CAAC,CAAC;IAClC,YAAY,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC;IACjC,SAAS,CAAC;IACV,QAAQ,IAAI,YAAY,GAAG,aAAa,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACjE,QAAQ,YAAY,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,GAAG,KAAK,GAAG,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC3E,QAAQ,aAAa,CAAC,YAAY,GAAG,YAAY,CAAC;IAClD,QAAQ,IAAI,aAAa,CAAC,WAAW;IACrC,YAAY,aAAa,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;IACrD,YAAY,aAAa,CAAC,WAAW,GAAG,aAAa,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,aAAa,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACrH,SAAS;IACT,QAAQ,OAAO,aAAa,CAAC;IAC7B,KAAK;IACL,IAAI,OAAO,gBAAgB,CAAC,GAAG,EAAE;IACjC,QAAQ,MAAM,KAAK,GAAG,MAAM,CAAC,0BAA0B,CAAC,CAAC;IACzD,QAAQ,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACvC,QAAQ,IAAI,CAAC,KAAK,EAAE;IACpB,YAAY,MAAM,8BAA8B,CAAC,aAAa,CAAC,CAAC;IAChE,SAAS;IACT,QAAQ,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;IACxB,KAAK;IACL,IAAI,OAAO,cAAc,CAAC,WAAW,EAAE,OAAO,EAAE;IAChD,QAAQ,IAAI,WAAW,CAAC,CAAC,CAAC,KAAK,aAAa,EAAE;IAC9C,YAAY,MAAM,GAAG,GAAG,IAAI,SAAS,CAAC,OAAO,CAAC,CAAC;IAC/C,YAAY,MAAM,cAAc,GAAG,GAAG,CAAC,gBAAgB,EAAE,CAAC;IAC1D,YAAY,QAAQ,cAAc,CAAC,QAAQ;IAC3C,gBAAgB,IAAI;IACpB,gBAAgB,cAAc,CAAC,eAAe;IAC9C,gBAAgB,WAAW,EAAE;IAC7B,SAAS;IACT,QAAQ,OAAO,WAAW,CAAC;IAC3B,KAAK;IACL,IAAI,OAAO,+BAA+B,CAAC,SAAS,EAAE;IACtD,QAAQ,OAAO,IAAI,SAAS,CAAC,SAAS,CAAC,QAAQ;IAC/C,YAAY,IAAI;IAChB,YAAY,SAAS,CAAC,eAAe;IACrC,YAAY,GAAG;IACf,YAAY,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9C,KAAK;IACL;;IChKA;IAyCA;IACA;IACA;IACA;IACA;IACA,SAAS,iBAAiB,CAAC,YAAY,EAAE,KAAK,EAAE;IAChD,IAAI,IAAI,CAAC,YAAY,EAAE;IACvB,QAAQ,MAAM,qBAAqB,CAAC,cAAc,CAAC,CAAC;IACpD,KAAK;IACL,IAAI,IAAI,CAAC,KAAK,EAAE;IAChB,QAAQ,MAAM,qBAAqB,CAAC,YAAY,CAAC,CAAC;IAClD,KAAK;IACL,IAAI,IAAI;IACR;IACA,QAAQ,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IACvD,QAAQ,MAAM,YAAY,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;IAC3C,QAAQ,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC;IAC/C,cAAc,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC;IACtD,cAAc,EAAE,CAAC;IACjB,QAAQ,MAAM,kBAAkB,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;IAC9D,QAAQ,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAC/D,QAAQ,OAAO;IACf,YAAY,gBAAgB,EAAE,SAAS,IAAI,EAAE;IAC7C,YAAY,YAAY,EAAE,eAAe;IACzC,SAAS,CAAC;IACV,KAAK;IACL,IAAI,OAAO,CAAC,EAAE;IACd,QAAQ,MAAM,qBAAqB,CAAC,YAAY,CAAC,CAAC;IAClD,KAAK;IACL;;ICtEA;;;IAGG;IAQI,MAAM,aAAa,GAAG,kBAAkB,CAAC;IAGzC,MAAM,kBAAkB,GAAG,uBAAuB,CAAC;IA4CnD,MAAM,mBAAmB,GAAG,uBAAuB,CAAC;IAKpD,MAAM,QAAQ,GAAG,WAAW,CAAC;IAC7B,MAAM,aAAa,GAAG,gBAAgB;;IChE7C;;;IAGG;IAMG,SAAU,sBAAsB,CAAC,IAAY,EAAA;QAC/C,OAAO,CAAA,kCAAA,EAAqC,IAAI,CAAA,YAAA,CAAc,CAAC;IACnE,CAAC;IAED;;IAEG;IACG,MAAO,gBAAiB,SAAQ,SAAS,CAAA;QAC3C,WAAY,CAAA,SAAiB,EAAE,QAAiB,EAAA;YAC5C,KAAK,CAAC,SAAS,EAAE,sBAAsB,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC,CAAC;YAE9D,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,gBAAgB,CAAC,SAAS,CAAC,CAAC;IACxD,QAAA,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;SAClC;IACJ,CAAA;IAEe,SAAA,sBAAsB,CAClC,SAAiB,EACjB,QAAiB,EAAA;IAEjB,IAAA,OAAO,IAAI,gBAAgB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IACrD;;IC9BA;;;IAGG;IA0EI,MAAM,gBAAgB,GAAG;IAC5B,IACA,OAAO,EAAE,SAAS;KACZ,CAAC;IAIX;;IAEG;IACI,MAAM,kBAAkB,GAAG;IAC9B,IAAA,UAAU,EAAE,gBAAgB;IAC5B,IAAA,QAAQ,EAAE,SAAS;IACnB,IAAA,cAAc,EAAE,gBAAgB;IAChC,IAAA,QAAQ,EAAE,eAAe;IACzB,IAAA,sBAAsB,EAAE,oBAAoB;IAC5C,IAAA,cAAc,EAAE,gBAAgB;KAC1B,CAAC;IAcX;;;;;;IAMG;IACI,MAAM,KAAK,GAAG;IACjB,IAIA,qBAAqB,EAAE,GAAG;IAC1B,IAEA,MAAM,EAAE,IAIF,CAAC;IA2BX;;IAEG;IACH,IAAY,eAKX,CAAA;IALD,CAAA,UAAY,eAAe,EAAA;IACvB,IAAA,eAAA,CAAA,UAAA,CAAA,GAAA,UAAqB,CAAA;IACrB,IAAA,eAAA,CAAA,OAAA,CAAA,GAAA,OAAe,CAAA;IACf,IAAA,eAAA,CAAA,QAAA,CAAA,GAAA,QAAiB,CAAA;IACjB,IAAA,eAAA,CAAA,MAAA,CAAA,GAAA,MAAa,CAAA;IACjB,CAAC,EALW,eAAe,KAAf,eAAe,GAK1B,EAAA,CAAA,CAAA;;IClKD;;;IAGG;IAOH;;;IAGG;IAEH;;;IAGG;IACG,SAAU,YAAY,CAAC,KAAa,EAAA;QACtC,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED;;;IAGG;IACG,SAAU,cAAc,CAAC,YAAoB,EAAA;IAC/C,IAAA,IAAI,aAAa,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACvE,IAAA,QAAQ,aAAa,CAAC,MAAM,GAAG,CAAC;IAC5B,QAAA,KAAK,CAAC;gBACF,MAAM;IACV,QAAA,KAAK,CAAC;gBACF,aAAa,IAAI,IAAI,CAAC;gBACtB,MAAM;IACV,QAAA,KAAK,CAAC;gBACF,aAAa,IAAI,GAAG,CAAC;gBACrB,MAAM;IACV,QAAA;IACI,YAAA,MAAM,sBAAsB,CACxBC,mBAAyC,CAC5C,CAAC;IACT,KAAA;IACD,IAAA,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC;QACtC,OAAO,UAAU,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACpE;;IC7CA;;;IAGG;IAkCH;;;;;;;;;;;;;;IAcG;aACa,wBAAwB,GAAA;;IAapC,IAAA,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;IACrC,IAAA,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;;QAGxC,IAAI,iBAAiB,GAAG,KAAK,CAAC;QAC9B,IAAI,kBAAkB,GAAG,KAAK,CAAC;QAC/B,IAAI,OAAO,GAAG,EAAE,CAAC;QACjB,IAAI,MAAM,GAAgC,SAAS,CAAC;IAEpD,IAAA,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE;YAC/B,MAAM,WAAW,GACb,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC;IAC/D,QAAA,MAAM,UAAU,GAAG,IAAI,eAAe,CAAC,WAAW,CAAC,CAAC;IACpD,QAAA,IAAI,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE;gBACzB,iBAAiB,GAAG,IAAI,CAAC;gBACzB,OAAO,GAAG,WAAW,CAAC;gBACtB,MAAM,GAAG,UAAU,CAAC;IACvB,SAAA;IACJ,KAAA;IAED,IAAA,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;YACjC,MAAM,YAAY,GACd,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC;IAClE,QAAA,MAAM,WAAW,GAAG,IAAI,eAAe,CAAC,YAAY,CAAC,CAAC;IACtD,QAAA,IAAI,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE;gBAC1B,kBAAkB,GAAG,IAAI,CAAC;gBAC1B,OAAO,GAAG,YAAY,CAAC;gBACvB,MAAM,GAAG,WAAW,CAAC;IACxB,SAAA;IACJ,KAAA;;QAGD,IAAI,iBAAiB,IAAI,kBAAkB,EAAE;YACzC,MAAM,YAAY,GACd,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC;YAClE,MAAM,WAAW,GACb,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC;IAC/D,QAAA,OAAO,GAAG,CAAG,EAAA,YAAY,CAAG,EAAA,WAAW,EAAE,CAAC;IAC1C,QAAA,MAAM,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,CAAC;IACzC,KAAA;IAED,IAAA,IAAI,CAAC,OAAO,IAAI,CAAC,MAAM,EAAE;IACrB,QAAA,MAAM,sBAAsB,CAACC,aAAmC,CAAC,CAAC;IACrE,KAAA;QAED,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAClC,IAAI,CAAC,KAAK,EAAE;IACR,QAAA,MAAM,sBAAsB,CAACC,aAAmC,CAAC,CAAC;IACrE,KAAA;IAED,IAAA,MAAM,EAAE,YAAY,EAAE,GAAGC,iBAA+B,CACpD,YAAY,EACZ,KAAK,CACR,CAAC;IAEF,IAAA,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,YAAY,CAAC;IAClC,IAAA,IAAI,CAAC,EAAE,IAAI,CAAC,IAAI,EAAE;YACd,MAAM,sBAAsB,CACxBC,kBAAwC,EACxC,uBAAuB,CAC1B,CAAC;IACL,KAAA;QAED,OAAO;YACH,MAAM;YACN,OAAO;YACP,OAAO;YACP,QAAQ;YACR,iBAAiB;YACjB,kBAAkB;IAClB,QAAA,YAAY,EAAE;gBACV,EAAE;gBACF,IAAI;IACP,SAAA;SACJ,CAAC;IACN,CAAC;IAsND;;IAEG;aACa,WAAW,GAAA;QACvB,MAAM,UAAU,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACvD,IAAA,MAAM,aAAa,GAAG,UAAU,CAAC,gBAAgB,EAAE,CAAC;QACpD,OAAO,CAAA,EAAG,aAAa,CAAC,QAAQ,KAAK,aAAa,CAAC,eAAe,CAAA,CAAA,CAAG,CAAC;IAC1E;;ICzWA;;;IAGG;UASU,gBAAgB,CAAA;IACzB;;;;IAIG;QACH,gBAAgB,CACZ,GAAW,EACX,OAA0B,EAAA;YAE1B,OAAO,gBAAgB,CAAC,qBAAqB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;SAC/D;IAED;;;;IAIG;QACH,gBAAgB,CACZ,GAAW,EACX,OAA0B,EAAA;YAE1B,OAAO,gBAAgB,CAAC,qBAAqB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;SAC/D;IAED;;;;IAIG;IACK,IAAA,OAAO,qBAAqB,CAChC,GAAW,EACX,OAA0B,EAAA;YAE1B,IAAI,OAAO,CAAC,SAAS,EAAE;gBACnB,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAChC,SAAA;IAAM,aAAA;gBACH,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC/B,SAAA;YAED,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,KAAI;gBACnC,UAAU,CAAC,MAAK;oBACZ,MAAM,CACF,sBAAsB,CAClBC,QAA8B,EAC9B,oBAAoB,CACvB,CACJ,CAAC;IACN,aAAC,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IACxB,SAAC,CAAC,CAAC;SACN;IACJ;;IC/DD;;;IAGG;IA6BI,MAAM,2BAA2B,GAAG,KAAK;;IChChD;;;IAGG;IAEI,MAAM,MAAM,GAAG,MAAM;;ICL5B;;;IAGG;IAeH;;;;;;;;;;;;IAYG;IACI,eAAe,4BAA4B,CAC9C,gBAAmC,EAAA;IAEnC,IAAA,IAAI,cAAc,CAAC;QACnB,IAAI;YACA,cAAc,GAAG,wBAAwB,EAAE,CAAC;IAC/C,KAAA;IAAC,IAAA,OAAO,KAAK,EAAE;;YAEZ,IAAI,OAAO,MAAM,CAAC,OAAO,CAAC,YAAY,KAAK,UAAU,EAAE;gBACnD,MAAM,CAAC,OAAO,CAAC,YAAY,CACvB,IAAI,EACJ,EAAE,EACF,CAAG,EAAA,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAA,EAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAE,CAAA,CACzD,CAAC;IACL,SAAA;IACD,QAAA,MAAM,KAAK,CAAC;IACf,KAAA;IAED,IAAA,MAAM,EACF,OAAO,EACP,OAAO,EACP,QAAQ,EACR,iBAAiB,EACjB,kBAAkB,EAClB,YAAY,GACf,GAAG,cAAc,CAAC;IAEnB,IAAA,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,YAAY,CAAC;QAElC,IAAI,IAAI,CAAC,iBAAiB,CAAC,KAAK,eAAe,CAAC,QAAQ,EAAE;IACtD,QAAA,MAAM,SAAS,GAAG,gBAAgB,IAAI,IAAI,gBAAgB,EAAE,CAAC;YAE7D,IAAI,aAAa,GAAG,EAAE,CAAC;YACvB,IAAI,QAAQ,GAAG,EAAE,CAAC;YAClB,IAAI,eAAe,GAAG,EAAE,CAAC;YACzB,MAAM,cAAc,GAAG,CAAG,EAAA,MAAM,IAAI,kBAAkB,CAAC,sBAAsB,CAAA,CAAE,CAAC;IAChF;;;;IAIG;YACH,IAAI;gBACA,MAAM,oBAAoB,GACtB,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;gBAClD,MAAM,iBAAiB,GAAG,IAAI,CAAC,KAAK,CAAC,oBAAoB,IAAI,EAAE,CAAC,CAAC;IACjE,YAAA,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,IAAI,EAAE,CAAC;IAC5C,YAAA,eAAe,GAAG,iBAAiB,CAAC,IAAI,CAAC;IAEzC,YAAA,IAAI,QAAQ,EAAE;oBACV,MAAM,SAAS,GAAG,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAA,EAAI,kBAAkB,CAAC,UAAU,CAAA,CAAE,CAAC;oBAC3E,aAAa,GAAG,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;IAClE,aAAA;IACJ,SAAA;YAAC,MAAM;;IAEP,SAAA;IAED,QAAA,MAAM,iBAAiB,GAAsB;IACzC,YAAA,KAAK,EACD,eAAe,KAAK,gBAAgB,CAAC,OAAO;sBACtC,KAAK,CAAC,MAAM;sBACZ,KAAK,CAAC,qBAAqB;IACrC,YAAA,SAAS,EAAE,IAAI;IACf,YAAA,OAAO,EAAE,2BAA2B;aACvC,CAAC;IAEF;;;;;;;;;;;;;;;;;IAiBG;IACH,QAAA,IAAI,QAAQ,EAAE;gBACV,IAAI;IACA,gBAAA,MAAM,CAAC,cAAc,CAAC,OAAO,CACzB,GAAG,MAAM,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAA,EAAI,kBAAkB,CAAC,QAAQ,EAAE,EACtD,OAAO,CACV,CAAC;IACL,aAAA;gBAAC,MAAM;;IAEP,aAAA;IACJ,SAAA;YAED,MAAM,GAAG,GAAG,aAAa,IAAIC,WAAwB,EAAE,CAAC;;YAExD,MAAM,aAAa,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC;YAEjE,MAAM,SAAS,CAAC,gBAAgB,CAAC,aAAa,EAAE,iBAAiB,CAAC,CAAC;;YAGnE,OAAO;IACV,KAAA;;QAGD,IAAI,OAAO,MAAM,CAAC,OAAO,CAAC,YAAY,KAAK,UAAU,EAAE;IACnD,QAAA,IAAI,MAAM,GAAG,CAAG,EAAA,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAA,EAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;;IAEpE,QAAA,IAAI,CAAC,iBAAiB,IAAI,OAAO,EAAE;gBAC/B,MAAM,IAAI,OAAO,CAAC;IACrB,SAAA;;IAED,QAAA,IAAI,CAAC,kBAAkB,IAAI,QAAQ,EAAE;gBACjC,MAAM,IAAI,QAAQ,CAAC;IACtB,SAAA;YACD,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,CAAC,CAAC;IACjD,KAAA;;IAGD,IAAA,MAAM,OAAO,GAAG,IAAI,gBAAgB,CAAC,EAAE,CAAC,CAAC;QACzC,OAAO,CAAC,WAAW,CAAC;IAChB,QAAA,CAAC,EAAE,CAAC;YACJ,OAAO;IACV,KAAA,CAAC,CAAC;QACH,OAAO,CAAC,KAAK,EAAE,CAAC;QAChB,IAAI;YACA,MAAM,CAAC,KAAK,EAAE,CAAC;IAClB,KAAA;IAAC,IAAA,MAAM,GAAE;IACd;;;;;;;;"}
@@ -1,2 +1,2 @@
1
- /*! @azure/msal-browser v5.10.1 2026-05-11 */
1
+ /*! @azure/msal-browser v5.11.0 2026-05-19 */
2
2
  "use strict";!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports):"function"==typeof define&&define.amd?define(["exports"],e):e((t="undefined"!=typeof globalThis?globalThis:t||self).msalRedirectBridge={})}(this,(function(t){const e="common",r="organizations";class n extends Error{constructor(t,e,r){const o=e||(t?`See https://aka.ms/msal.js.errors#${t} for details`:"");super(o?`${t}: ${o}`:t),Object.setPrototypeOf(this,n.prototype),this.errorCode=t||"",this.errorMessage=o||"",this.subError=r||"",this.name="AuthError"}setCorrelationId(t){this.correlationId=t}}class o extends n{constructor(t){super(t),this.name="ClientConfigurationError",Object.setPrototypeOf(this,o.prototype)}}function s(t){return new o(t)}class i{static isEmptyObj(t){if(t)try{const e=JSON.parse(t);return 0===Object.keys(e).length}catch(t){}return!0}static startsWith(t,e){return 0===t.indexOf(e)}static endsWith(t,e){return t.length>=e.length&&t.lastIndexOf(e)===t.length-e.length}static queryStringToObject(t){const e={},r=t.split("&"),n=t=>decodeURIComponent(t.replace(/\+/g," "));return r.forEach((t=>{if(t.trim()){const[r,o]=t.split(/=(.+)/g,2);r&&o&&(e[n(r)]=n(o))}})),e}static trimArrayEntries(t){return t.map((t=>t.trim()))}static removeEmptyStringsFromArray(t){return t.filter((t=>!!t))}static jsonParseHelper(t){try{return JSON.parse(t)}catch(t){return null}}}class a extends n{constructor(t,e){super(t,e),this.name="ClientAuthError",Object.setPrototypeOf(this,a.prototype)}}function c(t,e){return new a(t,e)}const l="url_parse_error",u="invalid_state";class h{get urlString(){return this._urlString}constructor(t){if(this._urlString=t,!this._urlString)throw s("empty_url_error");t.includes("#")||(this._urlString=h.canonicalizeUri(t))}static canonicalizeUri(t){if(t){let e=t.toLowerCase();return i.endsWith(e,"?")?e=e.slice(0,-1):i.endsWith(e,"?/")&&(e=e.slice(0,-2)),i.endsWith(e,"/")||(e+="/"),e}return t}validateAsUri(){let t;try{t=this.getUrlComponents()}catch(t){throw s(l)}if(!t.HostNameAndPort||!t.PathSegments)throw s(l);if(!t.Protocol||"https:"!==t.Protocol.toLowerCase())throw s("authority_uri_insecure")}static appendQueryString(t,e){return e?t.indexOf("?")<0?`${t}?${e}`:`${t}&${e}`:t}static removeHashFromUrl(t){return h.canonicalizeUri(t.split("#")[0])}replaceTenantPath(t){const n=this.getUrlComponents(),o=n.PathSegments;return!t||0===o.length||o[0]!==e&&o[0]!==r||(o[0]=t),h.constructAuthorityUriFromObject(n)}getUrlComponents(){const t=RegExp("^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?"),e=this.urlString.match(t);if(!e)throw s(l);const r={Protocol:e[1],HostNameAndPort:e[4],AbsolutePath:e[5],QueryString:e[7]};let n=r.AbsolutePath.split("/");return n=n.filter((t=>t&&t.length>0)),r.PathSegments=n,r.QueryString&&r.QueryString.endsWith("/")&&(r.QueryString=r.QueryString.substring(0,r.QueryString.length-1)),r}static getDomainFromUrl(t){const e=RegExp("^([^:/?#]+://)?([^/?#]*)"),r=t.match(e);if(!r)throw s(l);return r[2]}static getAbsoluteUrl(t,e){if("/"===t[0]){const r=new h(e).getUrlComponents();return r.Protocol+"//"+r.HostNameAndPort+t}return t}static constructAuthorityUriFromObject(t){return new h(t.Protocol+"//"+t.HostNameAndPort+"/"+t.PathSegments.join("/"))}}const d="invalid_base64_string";class p extends n{constructor(t,e){super(t,`See https://aka.ms/msal.js.errors#${t} for details`,e),Object.setPrototypeOf(this,p.prototype),this.name="BrowserAuthError"}}function g(t,e){return new p(t,e)}const w="signout",f="request.origin",m="urlHash",y="interaction.status",S=865,b=961;var P;function _(t){return(new TextDecoder).decode(function(t){let e=t.replace(/-/g,"+").replace(/_/g,"/");switch(e.length%4){case 0:break;case 2:e+="==";break;case 3:e+="=";break;default:throw g(d)}const r=atob(e);return Uint8Array.from(r,(t=>t.codePointAt(0)||0))}(t))}function $(){const t=window.location.hash,e=window.location.search;let r,n=!1,o=!1,s="";if(t&&t.length>1){const e="#"===t.charAt(0)?t.substring(1):t,o=new URLSearchParams(e);o.has("state")&&(n=!0,s=e,r=o)}if(e&&e.length>1){const t="?"===e.charAt(0)?e.substring(1):e,n=new URLSearchParams(t);n.has("state")&&(o=!0,s=t,r=n)}if(n&&o){s=`${"?"===e.charAt(0)?e.substring(1):e}${"#"===t.charAt(0)?t.substring(1):t}`,r=new URLSearchParams(s)}if(!s||!r)throw g("empty_response");const i=r.get("state");if(!i)throw g("no_state_in_hash");const{libraryState:a}=function(t,e){if(!t)throw c("no_crypto_object");if(!e)throw c(u);try{const r=e.split("|"),n=r[0],o=r.length>1?r.slice(1).join("|"):"",s=t(n);return{userRequestState:o||"",libraryState:JSON.parse(s)}}catch(t){throw c(u)}}(_,i),{id:l,meta:h}=a;if(!l||!h)throw g("unable_to_parse_state","missing_library_state");return{params:r,payload:s,urlHash:t,urlQuery:e,hasResponseInHash:n,hasResponseInQuery:o,libraryState:{id:l,meta:h}}}!function(t){t.Redirect="redirect",t.Popup="popup",t.Silent="silent",t.None="none"}(P||(P={}));class A{navigateInternal(t,e){return A.defaultNavigateWindow(t,e)}navigateExternal(t,e){return A.defaultNavigateWindow(t,e)}static defaultNavigateWindow(t,e){return e.noHistory?window.location.replace(t):window.location.assign(t),new Promise(((t,r)=>{setTimeout((()=>{r(g("timed_out","failed_to_redirect"))}),e.timeout)}))}}const O="msal";t.broadcastResponseToMainFrame=async function(t){let e;try{e=$()}catch(t){throw"function"==typeof window.history.replaceState&&window.history.replaceState(null,"",`${window.location.origin}${window.location.pathname}`),t}const{payload:r,urlHash:n,urlQuery:o,hasResponseInHash:s,hasResponseInQuery:i,libraryState:a}=e,{id:c,meta:l}=a;if(l.interactionType===P.Redirect){const e=t||new A;let n="",o="",s="";const i=`${O}.${y}`;try{const t=window.sessionStorage.getItem(i),e=JSON.parse(t||"");if(o=e.clientId||"",s=e.type,o){const t=`${O}.${o}.${f}`;n=window.sessionStorage.getItem(t)||""}}catch{}const a={apiId:s===w?b:S,noHistory:!0,timeout:3e4};if(o)try{window.sessionStorage.setItem(`${O}.${o}.${m}`,r)}catch{}const c=n||function(){const t=new h(window.location.href).getUrlComponents();return`${t.Protocol}//${t.HostNameAndPort}/`}(),l=c.endsWith("?")?c.slice(0,-1):c;return void await e.navigateInternal(l,a)}if("function"==typeof window.history.replaceState){let t=`${window.location.origin}${window.location.pathname}`;!s&&n&&(t+=n),!i&&o&&(t+=o),window.history.replaceState(null,"",t)}const u=new BroadcastChannel(c);u.postMessage({v:1,payload:r}),u.close();try{window.close()}catch{}}}));
package/package.json CHANGED
@@ -10,7 +10,7 @@
10
10
  "type": "git",
11
11
  "url": "https://github.com/AzureAD/microsoft-authentication-library-for-js.git"
12
12
  },
13
- "version": "5.10.1",
13
+ "version": "5.11.0",
14
14
  "description": "Microsoft Authentication Library for js",
15
15
  "keywords": [
16
16
  "implicit",
@@ -130,6 +130,6 @@
130
130
  "typescript": "^4.9.5"
131
131
  },
132
132
  "dependencies": {
133
- "@azure/msal-common": "16.6.1"
133
+ "@azure/msal-common": "16.6.2"
134
134
  }
135
135
  }
@@ -9,6 +9,8 @@ import {
9
9
  Logger,
10
10
  Constants,
11
11
  StubPerformanceClient,
12
+ createClientConfigurationError,
13
+ ClientConfigurationErrorCodes,
12
14
  } from "@azure/msal-common/browser";
13
15
  import { name, version } from "../../packageMetadata.js";
14
16
  import {
@@ -18,50 +20,57 @@ import {
18
20
  import { PlatformAuthExtensionHandler } from "./PlatformAuthExtensionHandler.js";
19
21
  import { IPlatformAuthHandler } from "./IPlatformAuthHandler.js";
20
22
  import { PlatformAuthDOMHandler } from "./PlatformAuthDOMHandler.js";
21
- import { BrowserCacheLocation } from "../../utils/BrowserConstants.js";
22
- import { PLATFORM_AUTH_DOM_SUPPORT } from "../../cache/CacheKeys.js";
23
+ import { createNewGuid } from "../../crypto/BrowserCrypto.js";
23
24
 
24
25
  /**
25
26
  * Checks if the platform broker is available in the current environment.
26
- * @param loggerOptions
27
- * @param perfClient
28
- * @param correlationId
29
- * @returns
27
+ * @param domConfig - Whether to enable platform broker DOM API support (required)
28
+ * @param loggerOptions - Optional logger options
29
+ * @param perfClient - Optional performance client
30
+ * @param correlationId - Optional correlation ID
31
+ * @returns Promise<boolean> indicating if platform broker is available
30
32
  */
31
33
  export async function isPlatformBrokerAvailable(
34
+ domConfig: boolean,
32
35
  loggerOptions?: LoggerOptions,
33
36
  perfClient?: IPerformanceClient,
34
37
  correlationId?: string
35
38
  ): Promise<boolean> {
36
39
  const logger = new Logger(loggerOptions || {}, name, version);
37
- const cid = correlationId || "";
38
-
39
- logger.trace("isPlatformBrokerAvailable called", cid);
40
40
 
41
41
  const performanceClient = perfClient || new StubPerformanceClient();
42
42
 
43
43
  if (typeof window === "undefined") {
44
- logger.trace("Non-browser environment detected, returning false", cid);
44
+ logger.trace(
45
+ "Non-browser environment detected, returning false",
46
+ correlationId || createNewGuid()
47
+ );
45
48
  return false;
46
49
  }
47
50
 
48
- return !!(await getPlatformAuthProvider(logger, performanceClient, cid));
51
+ return !!(await getPlatformAuthProvider(
52
+ logger,
53
+ performanceClient,
54
+ correlationId || createNewGuid(),
55
+ undefined,
56
+ domConfig
57
+ ));
49
58
  }
50
59
 
51
60
  export async function getPlatformAuthProvider(
52
61
  logger: Logger,
53
62
  performanceClient: IPerformanceClient,
54
63
  correlationId: string,
55
- nativeBrokerHandshakeTimeout?: number
64
+ nativeBrokerHandshakeTimeout?: number,
65
+ enablePlatformBrokerDOMSupport?: boolean
56
66
  ): Promise<IPlatformAuthHandler | undefined> {
57
67
  logger.trace("getPlatformAuthProvider called", correlationId);
58
68
 
59
- const enablePlatformBrokerDOMSupport = isDomEnabledForPlatformAuth();
60
-
61
69
  logger.trace(
62
70
  `Has client allowed platform auth via DOM API: '${enablePlatformBrokerDOMSupport}'`,
63
71
  correlationId
64
72
  );
73
+
65
74
  let platformAuthProvider: IPlatformAuthHandler | undefined;
66
75
  try {
67
76
  if (enablePlatformBrokerDOMSupport) {
@@ -96,22 +105,6 @@ export async function getPlatformAuthProvider(
96
105
  return platformAuthProvider;
97
106
  }
98
107
 
99
- /**
100
- * Returns true if the DOM API support for platform auth is enabled in session storage
101
- * @returns boolean
102
- * @deprecated
103
- */
104
- export function isDomEnabledForPlatformAuth(): boolean {
105
- let sessionStorage: Storage | undefined;
106
- try {
107
- sessionStorage = window[BrowserCacheLocation.SessionStorage];
108
- // Mute errors if it's a non-browser environment or cookies are blocked.
109
- return sessionStorage?.getItem(PLATFORM_AUTH_DOM_SUPPORT) === "true";
110
- } catch (e) {
111
- return false;
112
- }
113
- }
114
-
115
108
  /**
116
109
  * Returns boolean indicating whether or not the request should attempt to use platform broker
117
110
  * @param logger
@@ -128,6 +121,17 @@ export function isPlatformAuthAllowed(
128
121
  authenticationScheme?: Constants.AuthenticationScheme
129
122
  ): boolean {
130
123
  logger.trace("isPlatformAuthAllowed called", correlationId);
124
+
125
+ // throw an error if allowPlatformBroker is not enabled and allowPlatformBrokerWithDOM is enabled
126
+ if (
127
+ !config.system.allowPlatformBroker &&
128
+ config.experimental.allowPlatformBrokerWithDOM
129
+ ) {
130
+ throw createClientConfigurationError(
131
+ ClientConfigurationErrorCodes.invalidPlatformBrokerConfiguration
132
+ );
133
+ }
134
+
131
135
  if (!config.system.allowPlatformBroker) {
132
136
  logger.trace(
133
137
  "isPlatformAuthAllowed: allowPlatformBroker is not enabled, returning false",
@@ -175,6 +175,10 @@ export type BrowserExperimentalOptions = {
175
175
  * Enables iframe timeout telemetry experiment for silent iframe bridge monitoring.
176
176
  */
177
177
  iframeTimeoutTelemetry?: boolean;
178
+ /**
179
+ * Flag to enable native broker support through DOM APIs in Edge
180
+ */
181
+ allowPlatformBrokerWithDOM?: boolean;
178
182
  };
179
183
 
180
184
  /**
@@ -329,6 +333,7 @@ export function buildConfiguration(
329
333
 
330
334
  const DEFAULT_EXPERIMENTAL_OPTIONS: Required<BrowserExperimentalOptions> = {
331
335
  iframeTimeoutTelemetry: false,
336
+ allowPlatformBrokerWithDOM: false,
332
337
  };
333
338
 
334
339
  // Throw an error if user has set OIDCOptions without being in OIDC protocol mode
@@ -369,7 +369,8 @@ export class StandardController implements IController {
369
369
  this.logger,
370
370
  this.performanceClient,
371
371
  correlationId,
372
- this.config.system.nativeBrokerHandshakeTimeout
372
+ this.config.system.nativeBrokerHandshakeTimeout,
373
+ this.config.experimental.allowPlatformBrokerWithDOM
373
374
  );
374
375
  } catch (e) {
375
376
  this.logger.verbose(e as string, correlationId);
@@ -33,6 +33,16 @@ export const HttpHeaderKeys = {
33
33
  X_MS_REQUEST_ID: "x-ms-request-id",
34
34
  } as const;
35
35
 
36
+ export const CustomHeaderConstants = {
37
+ REQUIRED_PREFIX: "x-",
38
+ RESERVED_PREFIXES: [
39
+ "x-client-",
40
+ "x-ms-",
41
+ "x-broker-",
42
+ "x-app-",
43
+ ] as ReadonlyArray<string>,
44
+ } as const;
45
+
36
46
  export const DefaultPackageInfo = {
37
47
  SKU: "msal.browser",
38
48
  VERSION: version,
@@ -7,12 +7,14 @@ import {
7
7
  BrowserConfiguration,
8
8
  Configuration,
9
9
  } from "../../config/Configuration.js";
10
+ import { CustomAuthRequestInterceptor } from "./CustomAuthRequestInterceptor.js";
10
11
 
11
12
  export type CustomAuthOptions = {
12
13
  challengeTypes?: Array<string>;
13
14
  authApiProxyUrl: string;
14
15
  customAuthApiQueryParams?: Record<string, string>;
15
16
  capabilities?: Array<string>;
17
+ requestInterceptor?: CustomAuthRequestInterceptor;
16
18
  };
17
19
 
18
20
  export type CustomAuthConfiguration = Configuration & {
@@ -0,0 +1,54 @@
1
+ /*
2
+ * Copyright (c) Microsoft Corporation. All rights reserved.
3
+ * Licensed under the MIT License.
4
+ */
5
+
6
+ /**
7
+ * Result type returned by {@link CustomAuthRequestInterceptor.addAdditionalHeaderFields}.
8
+ *
9
+ * Implementations may return either a synchronous value or a `Promise` resolving to one of
10
+ * the following:
11
+ * - A `Record<string, string>` of additional headers to add to the outgoing request.
12
+ * - `null` (or `undefined`) when no additional headers should be added for the request.
13
+ */
14
+ export type CustomAuthAdditionalHeaderFieldsResult =
15
+ | Record<string, string>
16
+ | null
17
+ | undefined;
18
+
19
+ /**
20
+ * Interface for intercepting custom auth network requests in order to attach additional
21
+ * headers to outgoing requests.
22
+ *
23
+ * Implementations are invoked by MSAL before each backend request used by custom auth
24
+ * (sign-in, sign-up, reset-password, and register endpoints). Use this hook to integrate
25
+ * with third-party fraud and bot-detection SDKs that require custom `x-*` headers.
26
+ *
27
+ * MSAL applies the following rules when evaluating the headers you provide:
28
+ * - Headers must start with `x-` (case-insensitive). Headers that don't start with `x-`
29
+ * are ignored.
30
+ * - Headers that start with any of the following reserved prefixes are ignored:
31
+ * `x-client-`, `x-ms-`, `x-broker-`, `x-app-`.
32
+ * - Headers that pass both rules are added to the network request. If a header you
33
+ * provide has the same name as one of MSAL's own internal headers, your value takes
34
+ * precedence.
35
+ */
36
+ export interface CustomAuthRequestInterceptor {
37
+ /**
38
+ * Returns additional headers to add to a custom-auth network request.
39
+ *
40
+ * Scope your headers to specific endpoints by inspecting `requestUrl`. Sending
41
+ * headers to unrelated endpoints can degrade signal quality and increase false
42
+ * positives for fraud/bot-detection vendors.
43
+ *
44
+ * @param requestUrl - The full URL of the outgoing custom-auth request.
45
+ * @returns A record of headers to add (or `null`/`undefined` if no extra headers
46
+ * are needed for the request). May be returned synchronously or as a
47
+ * `Promise`.
48
+ */
49
+ addAdditionalHeaderFields(
50
+ requestUrl: URL
51
+ ):
52
+ | CustomAuthAdditionalHeaderFieldsResult
53
+ | Promise<CustomAuthAdditionalHeaderFieldsResult>;
54
+ }
@@ -125,7 +125,9 @@ export class CustomAuthStandardController
125
125
  this.customAuthConfig.auth.clientId,
126
126
  new FetchHttpClient(this.logger),
127
127
  this.customAuthConfig.customAuth?.capabilities?.join(" "),
128
- this.customAuthConfig.customAuth?.customAuthApiQueryParams
128
+ this.customAuthConfig.customAuth?.customAuthApiQueryParams,
129
+ this.customAuthConfig.customAuth?.requestInterceptor,
130
+ this.logger
129
131
  ),
130
132
  this.authority
131
133
  );
@@ -17,9 +17,12 @@ import {
17
17
  } from "../../error/CustomAuthApiError.js";
18
18
  import {
19
19
  AADServerParamKeys,
20
+ Logger,
20
21
  ServerTelemetryManager,
21
22
  } from "@azure/msal-common/browser";
22
23
  import { ApiErrorResponse } from "./types/ApiErrorResponseTypes.js";
24
+ import { CustomAuthRequestInterceptor } from "../../../configuration/CustomAuthRequestInterceptor.js";
25
+ import { filterCustomHeaders } from "../../utils/CustomHeaderUtils.js";
23
26
 
24
27
  export abstract class BaseApiClient {
25
28
  private readonly baseRequestUrl: URL;
@@ -28,7 +31,9 @@ export abstract class BaseApiClient {
28
31
  baseUrl: string,
29
32
  private readonly clientId: string,
30
33
  private httpClient: IHttpClient,
31
- private customAuthApiQueryParams?: Record<string, string>
34
+ private customAuthApiQueryParams?: Record<string, string>,
35
+ private requestInterceptor?: CustomAuthRequestInterceptor,
36
+ private logger?: Logger
32
37
  ) {
33
38
  this.baseRequestUrl = parseUrl(
34
39
  !baseUrl.endsWith("/") ? `${baseUrl}/` : baseUrl
@@ -45,13 +50,23 @@ export abstract class BaseApiClient {
45
50
  client_id: this.clientId,
46
51
  ...data,
47
52
  });
48
- const headers = this.getCommonHeaders(correlationId, telemetryManager);
53
+ const commonHeaders = this.getCommonHeaders(
54
+ correlationId,
55
+ telemetryManager
56
+ );
49
57
  const url = buildUrl(
50
58
  this.baseRequestUrl.href,
51
59
  endpoint,
52
60
  this.customAuthApiQueryParams
53
61
  );
54
62
 
63
+ const additionalHeaders = await this.getAdditionalHeaders(
64
+ url,
65
+ correlationId
66
+ );
67
+
68
+ const headers = { ...commonHeaders, ...additionalHeaders };
69
+
55
70
  let response: Response;
56
71
 
57
72
  try {
@@ -173,4 +188,28 @@ export abstract class BaseApiClient {
173
188
  responseError.timestamp
174
189
  );
175
190
  }
191
+
192
+ private async getAdditionalHeaders(
193
+ url: URL,
194
+ correlationId: string
195
+ ): Promise<Record<string, string>> {
196
+ if (!this.requestInterceptor) {
197
+ return {};
198
+ }
199
+
200
+ try {
201
+ const result = await Promise.resolve(
202
+ this.requestInterceptor.addAdditionalHeaderFields(url)
203
+ );
204
+
205
+ return filterCustomHeaders(result, this.logger, correlationId);
206
+ } catch (e) {
207
+ this.logger?.warningPii(
208
+ `CustomAuthRequestInterceptor.addAdditionalHeaderFields threw an error; continuing without additional headers: ${e}`,
209
+ correlationId
210
+ );
211
+
212
+ return {};
213
+ }
214
+ }
176
215
  }