claude-code-best 2.5.0 → 2.6.0

package/dist/chunks/esm-CsGLyWmS.js

@@ -0,0 +1,56 @@
+import{i as e,n as t,o as n,t as r}from"./chunk-DR8-3Aex.js";import{n as i,t as a}from"./defineProperty-80gRi2ZW.js";import{n as o,t as s}from"./src-BaB-bpCj.js";import{a as c,i as l,n as u,t as d}from"./dist-CanSxOZ1.js";import{t as f}from"./jws-2vqRyZtR.js";import{t as p}from"./semver-Cq33BYay.js";import m from"path";import h,{inspect as ee}from"node:util";import g from"node:process";import{Readable as te}from"stream";import{accessSync as ne,constants as re,readFileSync as ie,statSync as ae}from"fs";import oe from"node:child_process";import _,{EOL as se}from"node:os";import{createHash as ce,createPrivateKey as le}from"node:crypto";import ue from"crypto";import de from"child_process";import fe from"http";import{Transform as pe}from"node:stream";import me from"node:https";import{readFile as he}from"node:fs/promises";import ge from"node:http";import _e from"node:zlib";var ve,ye,be,xe,Se,Ce,we=t((()=>{ve=`4.13.1`,ye=`04b07795-8ddb-461a-bbee-02f9e1bf7b46`,(function(e){e.AzureChina=`https://login.chinacloudapi.cn`,e.AzureGermany=`https://login.microsoftonline.de`,e.AzureGovernment=`https://login.microsoftonline.us`,e.AzurePublicCloud=`https://login.microsoftonline.com`})(be||(be={})),xe=be.AzurePublicCloud,Se=[`*`],Ce=`nocae`}));function Te(){return Ae!==void 0&&je!==void 0}function Ee(e){let t={cache:{},broker:{...e.brokerOptions,isEnabled:e.brokerOptions?.enabled??!1,enableMsaPassthrough:e.brokerOptions?.legacyEnableMsaPassthrough??!1}};if(e.tokenCachePersistenceOptions?.enabled){if(Oe===void 0)throw Error([`Persistent token caching was requested, but no persistence provider was configured.`,"You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)","and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling","`useIdentityPlugin(cachePersistencePlugin)` before using `tokenCachePersistenceOptions`."].join(` `));let n=e.tokenCachePersistenceOptions.name||`msal.cache`;t.cache.cachePlugin=Oe({name:`${n}.${Ce}`,...e.tokenCachePersistenceOptions}),t.cache.cachePluginCae=Oe({name:`${n}.cae`,...e.tokenCachePersistenceOptions})}return e.brokerOptions?.enabled&&(t.broker.nativeBrokerPlugin=De(e.isVSCodeCredential||!1)),t}function De(e){let{credentialName:t,packageName:n,pluginVar:r,brokerInfo:i}=Ne[e?`vsCode`:`native`];if(i===void 0)throw Error(Me.missing(t,n,r));if(i.broker.isBrokerAvailable===!1)throw Error(Me.unavailable(t,n));return i.broker}var Oe,ke,Ae,je,Me,Ne,Pe,Fe=t((()=>{we(),Oe=void 0,ke=void 0,Ae=void 0,je=void 0,Me={missing:(e,t,n)=>[`${e} was requested, but no plugin was configured or no authentication record was found.`,`You must install the ${t} plugin package (npm install --save ${t})`,"and enable it by importing `useIdentityPlugin` from `@azure/identity` and calling",`useIdentityPlugin(${n}) before using enableBroker.`].join(` `),unavailable:(e,t)=>[`${e} was requested, and the plugin is configured, but the broker is unavailable.`,`Ensure the ${e} plugin is properly installed and configured.`,`Check for missing native dependencies and ensure the package is properly installed.`,`See the README for prerequisites on installing and using ${t}.`].join(` `)},Ne={vsCode:{credentialName:`Visual Studio Code Credential`,packageName:`@azure/identity-vscode`,pluginVar:`vsCodePlugin`,get brokerInfo(){return je}},native:{credentialName:`Broker for WAM`,packageName:`@azure/identity-broker`,pluginVar:`nativeBrokerPlugin`,get brokerInfo(){return ke}}},Pe={generatePluginConfiguration:Ee}})),Ie=t((()=>{}));function Le(e){return e&&typeof e.error==`string`&&typeof e.error_description==`string`}function Re(e){return{error:e.error,errorDescription:e.error_description,correlationId:e.correlation_id,errorCodes:e.error_codes,timestamp:e.timestamp,traceId:e.trace_id}}var ze,v,Be,Ve,He,Ue,We,y=t((()=>{i(),ze=`CredentialUnavailableError`,v=class extends Error{constructor(e,t){super(e,t),this.name=ze}},Be=`AuthenticationError`,Ve=class extends Error{constructor(e,t,n){let r={error:`unknown`,errorDescription:`An unknown error occurred and no additional details are available.`};if(Le(t))r=Re(t);else if(typeof t==`string`)try{r=Re(JSON.parse(t))}catch{r=e===400?{error:`invalid_request`,errorDescription:`The service indicated that the request was invalid.\n\n${t}`}:{error:`unknown_error`,errorDescription:`An unknown error has occurred. Response body:\n\n${t}`}}else r={error:`unknown_error`,errorDescription:`An unknown error occurred and no additional details are available.`};super(`${r.error} Status code: ${e}\nMore details:\n${r.errorDescription},`,n),a(this,`statusCode`,void 0),a(this,`errorResponse`,void 0),this.statusCode=e,this.errorResponse=r,this.name=Be}},He=`AggregateAuthenticationError`,Ue=class extends Error{constructor(e,t){let n=e.join(`
+`);super(`${t}\n${n}`),a(this,`errors`,void 0),this.errors=e,this.name=He}},We=class extends Error{constructor(e){super(e.message,e.cause?{cause:e.cause}:void 0),a(this,`scopes`,void 0),a(this,`getTokenOptions`,void 0),this.scopes=e.scopes,this.getTokenOptions=e.getTokenOptions,this.name=`AuthenticationRequiredError`}}}));function Ge(e,...t){g.stderr.write(`${h.format(e,...t)}${se}`)}var Ke=t((()=>{}));function qe(e){tt=e,nt=[],rt=[];let t=e.split(`,`).map(e=>e.trim());for(let e of t)e.startsWith(`-`)?rt.push(e.substring(1)):nt.push(e);for(let e of it)e.enabled=Je(e.namespace)}function Je(e){if(e.endsWith(`*`))return!0;for(let t of rt)if(Ye(e,t))return!1;for(let t of nt)if(Ye(e,t))return!0;return!1}function Ye(e,t){if(t.indexOf(`*`)===-1)return e===t;let n=t;if(t.indexOf(`**`)!==-1){let e=[],r=``;for(let n of t)if(n===`*`&&r===`*`)continue;else r=n,e.push(n);n=e.join(``)}let r=0,i=0,a=n.length,o=e.length,s=-1,c=-1;for(;r<o&&i<a;)if(n[i]===`*`){if(s=i,i++,i===a)return!0;for(;e[r]!==n[i];)if(r++,r===o)return!1;c=r,r++,i++;continue}else if(n[i]===e[r])i++,r++;else if(s>=0){if(i=s+1,r=c+1,r===o)return!1;for(;e[r]!==n[i];)if(r++,r===o)return!1;c=r,r++,i++;continue}else return!1;let l=r===e.length,u=i===n.length,d=i===n.length-1&&n[i]===`*`;return l&&(u||d)}function Xe(){let e=tt||``;return qe(``),e}function Ze(e){let t=Object.assign(n,{enabled:Je(e),destroy:Qe,log:at.log,namespace:e,extend:$e});function n(...n){t.enabled&&(n.length>0&&(n[0]=`${e} ${n[0]}`),t.log(...n))}return it.push(t),t}function Qe(){let e=it.indexOf(this);return e>=0?(it.splice(e,1),!0):!1}function $e(e){let t=Ze(`${this.namespace}:${e}`);return t.log=this.log,t}var et,tt,nt,rt,it,at,ot=t((()=>{Ke(),et=typeof process<`u`&&process.env&&process.env.DEBUG||void 0,nt=[],rt=[],it=[],et&&qe(et),at=Object.assign(e=>Ze(e),{enable:qe,enabled:Je,disable:Xe,log:Ge})}));function st(e,t){t.log=(...t)=>{e.log(...t)}}function ct(e){return dt.includes(e)}function lt(e){let t=new Set,n=typeof process<`u`&&process.env&&process.env[e.logLevelEnvVarName]||void 0,r,i=at(e.namespace);i.log=(...e)=>{at.log(...e)};function a(e){if(e&&!ct(e))throw Error(`Unknown log level '${e}'. Acceptable values: ${dt.join(`,`)}`);r=e;let n=[];for(let e of t)o(e)&&n.push(e.namespace);at.enable(n.join(`,`))}n&&(ct(n)?a(n):console.error(`${e.logLevelEnvVarName} set to unknown log level '${n}'; logging is not enabled. Acceptable values: ${dt.join(`, `)}.`));function o(e){return!!(r&&ft[e.level]<=ft[r])}function s(e,n){let r=Object.assign(e.extend(n),{level:n});if(st(e,r),o(r)){let e=at.disable();at.enable(e+`,`+r.namespace)}return t.add(r),r}function c(){return r}function l(e){let t=i.extend(e);return st(i,t),{error:s(t,`error`),warning:s(t,`warning`),info:s(t,`info`),verbose:s(t,`verbose`)}}return{setLogLevel:a,getLogLevel:c,createClientLogger:l,logger:i}}function ut(e){return pt.createClientLogger(e)}var dt,ft,pt,mt=t((()=>{ot(),dt=[`verbose`,`info`,`warning`,`error`],ft={verbose:400,info:300,warning:200,error:100},pt=lt({logLevelEnvVarName:`TYPESPEC_RUNTIME_LOG_LEVEL`,namespace:`typeSpecRuntime`}),pt.logger})),ht=t((()=>{mt()}));function gt(){return vt.getLogLevel()}function _t(e){return vt.createClientLogger(e)}var vt,yt=t((()=>{ht(),vt=lt({logLevelEnvVarName:`AZURE_LOG_LEVEL`,namespace:`azure`}),vt.logger}));function bt(e){return e.reduce((e,t)=>(process.env[t]?e.assigned.push(t):e.missing.push(t),e),{missing:[],assigned:[]})}function xt(e){return`SUCCESS. Scopes: ${Array.isArray(e)?e.join(`, `):e}.`}function b(e,t){let n=`ERROR.`;return e?.length&&(n+=` Scopes: ${Array.isArray(e)?e.join(`, `):e}.`),`${n} Error message: ${typeof t==`string`?t:t.message}.`}function St(e,t,n=Ct){let r=t?`${t.fullTitle} ${e}`:e;function i(e){n.info(`${r} =>`,e)}function a(e){n.warning(`${r} =>`,e)}function o(e){n.verbose(`${r} =>`,e)}function s(e){n.error(`${r} =>`,e)}return{title:e,fullTitle:r,info:i,warning:a,verbose:o,error:s}}function x(e,t=Ct){let n=St(e,void 0,t);return{...n,parent:t,getToken:St(`=> getToken()`,n,t)}}var Ct,S=t((()=>{yt(),Ct=_t(`identity`)}));function wt(e={}){let t=new Et(e.parentContext);return e.span&&(t=t.setValue(Tt.span,e.span)),e.namespace&&(t=t.setValue(Tt.namespace,e.namespace)),t}var Tt,Et,Dt=t((()=>{i(),Tt={span:Symbol.for(`@azure/core-tracing span`),namespace:Symbol.for(`@azure/core-tracing namespace`)},Et=class e{constructor(t){a(this,`_contextMap`,void 0),this._contextMap=t instanceof e?new Map(t._contextMap):new Map}setValue(t,n){let r=new e(this);return r._contextMap.set(t,n),r}getValue(e){return this._contextMap.get(e)}deleteValue(t){let n=new e(this);return n._contextMap.delete(t),n}}})),Ot=r((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.state=void 0,e.state={instrumenterImplementation:void 0}})),kt,At,jt=t((()=>{kt=Ot(),At=kt.state}));function Mt(){return{end:()=>{},isRecording:()=>!1,recordException:()=>{},setAttribute:()=>{},setStatus:()=>{},addEvent:()=>{}}}function Nt(){return{createRequestHeaders:()=>({}),parseTraceparentHeader:()=>{},startSpan:(e,t)=>({span:Mt(),tracingContext:wt({parentContext:t.tracingContext})}),withContext(e,t,...n){return t(...n)}}}function Pt(){return At.instrumenterImplementation||(At.instrumenterImplementation=Nt()),At.instrumenterImplementation}var Ft=t((()=>{Dt(),jt()}));function It(e){let{namespace:t,packageName:n,packageVersion:r}=e;function i(e,i,a){let o=Pt().startSpan(e,{...a,packageName:n,packageVersion:r,tracingContext:i?.tracingOptions?.tracingContext}),s=o.tracingContext,c=o.span;return s.getValue(Tt.namespace)||(s=s.setValue(Tt.namespace,t)),c.setAttribute(`az.namespace`,s.getValue(Tt.namespace)),{span:c,updatedOptions:Object.assign({},i,{tracingOptions:{...i?.tracingOptions,tracingContext:s}})}}async function a(e,t,n,r){let{span:a,updatedOptions:s}=i(e,t,r);try{let e=await o(s.tracingOptions.tracingContext,()=>Promise.resolve(n(s,a)));return a.setStatus({status:`success`}),e}catch(e){throw a.setStatus({status:`error`,error:e}),e}finally{a.end()}}function o(e,t,...n){return Pt().withContext(e,t,...n)}function s(e){return Pt().parseTraceparentHeader(e)}function c(e){return Pt().createRequestHeaders(e)}return{startSpan:i,withSpan:a,withContext:o,parseTraceparentHeader:s,createRequestHeaders:c}}var Lt=t((()=>{Ft(),Dt()})),Rt=t((()=>{Ft(),Lt()})),C,w=t((()=>{we(),Rt(),C=It({namespace:`Microsoft.AAD`,packageName:`@azure/identity`,packageVersion:ve})})),zt,Bt,Vt=t((()=>{y(),S(),w(),i(),zt=x(`ChainedTokenCredential`),Bt=class{constructor(...e){a(this,`_sources`,[]),this._sources=e}async getToken(e,t={}){let{token:n}=await this.getTokenInternal(e,t);return n}async getTokenInternal(e,t={}){let n=null,r,i=[];return C.withSpan(`ChainedTokenCredential.getToken`,t,async t=>{for(let a=0;a<this._sources.length&&n===null;a++)try{n=await this._sources[a].getToken(e,t),r=this._sources[a]}catch(t){if(t.name===`CredentialUnavailableError`||t.name===`AuthenticationRequiredError`)i.push(t);else throw zt.getToken.info(b(e,t)),t}if(!n&&i.length>0){let t=new Ue(i,`ChainedTokenCredential authentication failed.`);throw zt.getToken.info(b(e,t)),t}if(zt.getToken.info(`Result for ${r.constructor.name}: ${xt(e)}`),n===null)throw new v(`Failed to retrieve a valid token`);return{token:n,successfulCredential:r}})}}})),Ht,Ut=t((()=>{Ht=class{static serializeJSONBlob(e){return JSON.stringify(e)}static serializeAccounts(e){let t={};return Object.keys(e).map(function(n){let r=e[n];t[n]={home_account_id:r.homeAccountId,environment:r.environment,realm:r.realm,local_account_id:r.localAccountId,username:r.username,authority_type:r.authorityType,name:r.name,client_info:r.clientInfo,last_modification_time:r.lastModificationTime,last_modification_app:r.lastModificationApp,tenantProfiles:r.tenantProfiles?.map(e=>JSON.stringify(e))}}),t}static serializeIdTokens(e){let t={};return Object.keys(e).map(function(n){let r=e[n];t[n]={home_account_id:r.homeAccountId,environment:r.environment,credential_type:r.credentialType,client_id:r.clientId,secret:r.secret,realm:r.realm}}),t}static serializeAccessTokens(e){let t={};return Object.keys(e).map(function(n){let r=e[n];t[n]={home_account_id:r.homeAccountId,environment:r.environment,credential_type:r.credentialType,client_id:r.clientId,secret:r.secret,realm:r.realm,target:r.target,cached_at:r.cachedAt,expires_on:r.expiresOn,extended_expires_on:r.extendedExpiresOn,refresh_on:r.refreshOn,key_id:r.keyId,token_type:r.tokenType,userAssertionHash:r.userAssertionHash,resource:r.resource}}),t}static serializeRefreshTokens(e){let t={};return Object.keys(e).map(function(n){let r=e[n];t[n]={home_account_id:r.homeAccountId,environment:r.environment,credential_type:r.credentialType,client_id:r.clientId,secret:r.secret,family_id:r.familyId,target:r.target,realm:r.realm}}),t}static serializeAppMetadata(e){let t={};return Object.keys(e).map(function(n){let r=e[n];t[n]={client_id:r.clientId,environment:r.environment,family_id:r.familyId}}),t}static serializeAllCache(e){return{Account:this.serializeAccounts(e.accounts),IdToken:this.serializeIdTokens(e.idTokens),AccessToken:this.serializeAccessTokens(e.accessTokens),RefreshToken:this.serializeRefreshTokens(e.refreshTokens),AppMetadata:this.serializeAppMetadata(e.appMetadata)}}}})),Wt,Gt,Kt,qt,Jt,Yt,Xt,Zt,Qt,$t,en,tn,nn,rn,an,on,sn,cn,ln,un,T,dn,fn,pn,mn,hn,gn,_n,vn,yn,bn,E,xn,Sn,Cn,wn,D,Tn,En,O,Dn,On,kn,An,jn,Mn,k,Nn,A=t((()=>{Wt=`msal.js.common`,Gt=`https://login.microsoftonline.com/common/`,Kt=`login.microsoftonline.com`,qt=`common`,Jt=`adfs`,Yt=`dstsv2`,Xt=`${Gt}discovery/instance?api-version=1.1&authorization_endpoint=`,Zt=`.onmicrosoft.com`,Qt=`openid`,$t=`profile`,en=`offline_access`,tn=`email`,nn=`application/x-www-form-urlencoded;charset=utf-8`,rn=`http://169.254.169.254/metadata/instance/compute/location`,an=`2020-06-01`,on=2e3,sn=`login.microsoft.com`,cn=[`login.microsoftonline.com`,`login.windows.net`,`login.microsoft.com`,`sts.windows.net`],ln=[Qt,$t,en],un=[...ln,tn],T={CONTENT_TYPE:`Content-Type`,CONTENT_LENGTH:`Content-Length`,RETRY_AFTER:`Retry-After`,CCS_HEADER:`X-AnchorMailbox`,WWWAuthenticate:`WWW-Authenticate`,AuthenticationInfo:`Authentication-Info`,X_MS_REQUEST_ID:`x-ms-request-id`,X_MS_HTTP_VERSION:`x-ms-httpver`},dn={COMMON:`common`,ORGANIZATIONS:`organizations`,CONSUMERS:`consumers`},fn={ACCESS_TOKEN:`access_token`,XMS_CC:`xms_cc`},pn={LOGIN:`login`,SELECT_ACCOUNT:`select_account`,CONSENT:`consent`,NONE:`none`,CREATE:`create`,NO_SESSION:`no_session`},mn={PLAIN:`plain`,S256:`S256`},hn={CODE:`code`,IDTOKEN_TOKEN:`id_token token`,IDTOKEN_TOKEN_REFRESHTOKEN:`id_token token refresh_token`},gn={QUERY:`query`,FRAGMENT:`fragment`,FORM_POST:`form_post`},_n={IMPLICIT_GRANT:`implicit`,AUTHORIZATION_CODE_GRANT:`authorization_code`,CLIENT_CREDENTIALS_GRANT:`client_credentials`,RESOURCE_OWNER_PASSWORD_GRANT:`password`,REFRESH_TOKEN_GRANT:`refresh_token`,DEVICE_CODE_GRANT:`device_code`,JWT_BEARER:`urn:ietf:params:oauth:grant-type:jwt-bearer`},vn=`MSSTS`,yn=`ADFS`,bn=`Generic`,E={ID_TOKEN:`IdToken`,ACCESS_TOKEN:`AccessToken`,ACCESS_TOKEN_WITH_AUTH_SCHEME:`AccessToken_With_AuthScheme`,REFRESH_TOKEN:`RefreshToken`},xn=`appmetadata`,Sn=`client_info`,Cn=`authority-metadata`,wn=3600*24,D={CONFIG:`config`,CACHE:`cache`,NETWORK:`network`,HARDCODED_VALUES:`hardcoded_values`},Tn=`server-telemetry`,En=`unknown_error`,O={BEARER:`Bearer`,POP:`pop`,SSH:`ssh-cert`},Dn=3600,On=`throttling`,kn=`retry-after, h429`,An={username:`username`,password:`password`},jn={FAILED_AUTO_DETECTION:`1`,INTERNAL_CACHE:`2`,ENVIRONMENT_VARIABLE:`3`,IMDS:`4`},Mn={CONFIGURED_MATCHES_DETECTED:`1`,CONFIGURED_NO_AUTO_DETECTION:`2`,CONFIGURED_NOT_DETECTED:`3`,AUTO_DETECTION_REQUESTED_SUCCESSFUL:`4`,AUTO_DETECTION_REQUESTED_FAILED:`5`},k={NOT_APPLICABLE:`0`,FORCE_REFRESH_OR_CLAIMS:`1`,NO_CACHED_ACCESS_TOKEN:`2`,CACHED_ACCESS_TOKEN_EXPIRED:`3`,PROACTIVELY_REFRESHED:`4`},Nn={BASE64:`base64`,HEX:`hex`,UTF8:`utf-8`}})),Pn,Fn,In,Ln,Rn,zn,Bn,Vn,Hn,Un,Wn,Gn,Kn,qn,Jn,Yn,Xn,Zn,Qn,$n,er,tr,nr,rr,ir,ar,or,sr,cr,lr,ur,dr,fr,pr,mr,hr,gr,_r,vr,yr,br,xr,Sr,Cr,wr,Tr,Er=t((()=>{Pn=`client_id`,Fn=`redirect_uri`,In=`response_type`,Ln=`response_mode`,Rn=`grant_type`,zn=`claims`,Bn=`scope`,Vn=`refresh_token`,Hn=`state`,Un=`nonce`,Wn=`prompt`,Gn=`code`,Kn=`code_challenge`,qn=`code_challenge_method`,Jn=`code_verifier`,Yn=`client-request-id`,Xn=`x-client-SKU`,Zn=`x-client-VER`,Qn=`x-client-OS`,$n=`x-client-CPU`,er=`x-client-current-telemetry`,tr=`x-client-last-telemetry`,nr=`x-ms-lib-capability`,rr=`x-app-name`,ir=`x-app-ver`,ar=`post_logout_redirect_uri`,or=`id_token_hint`,sr=`device_code`,cr=`client_secret`,lr=`client_assertion`,ur=`client_assertion_type`,dr=`token_type`,fr=`req_cnf`,pr=`assertion`,mr=`requested_token_use`,hr=`on_behalf_of`,gr=`return_spa_code`,_r=`logout_hint`,vr=`login_hint`,yr=`domain_hint`,br=`x-client-xtra-sku`,xr=`brk_client_id`,Sr=`brk_redirect_uri`,Cr=`instance_aware`,wr=`resource`,Tr=`clidata`}));function Dr(e){return`See https://aka.ms/msal.js.errors#${e} for details`}function Or(e,t){return new j(e,t||Dr(e))}var j,kr=t((()=>{j=class e extends Error{constructor(t,n,r){let i=n||(t?Dr(t):``),a=i?`${t}: ${i}`:t;super(a),Object.setPrototypeOf(this,e.prototype),this.errorCode=t||``,this.errorMessage=i||``,this.subError=r||``,this.name=`AuthError`}setCorrelationId(e){this.correlationId=e}}}));function M(e){return new Ar(e)}var Ar,jr=t((()=>{kr(),Ar=class e extends j{constructor(t){super(t),this.name=`ClientConfigurationError`,Object.setPrototypeOf(this,e.prototype)}}})),Mr,Nr=t((()=>{Mr=class{static isEmptyObj(e){if(e)try{let t=JSON.parse(e);return Object.keys(t).length===0}catch{}return!0}static startsWith(e,t){return e.indexOf(t)===0}static endsWith(e,t){return e.length>=t.length&&e.lastIndexOf(t)===e.length-t.length}static queryStringToObject(e){let t={},n=e.split(`&`),r=e=>decodeURIComponent(e.replace(/\+/g,` `));return n.forEach(e=>{if(e.trim()){let[n,i]=e.split(/=(.+)/g,2);n&&i&&(t[r(n)]=r(i))}}),t}static trimArrayEntries(e){return e.map(e=>e.trim())}static removeEmptyStringsFromArray(e){return e.filter(e=>!!e)}static jsonParseHelper(e){try{return JSON.parse(e)}catch{return null}}}}));function N(e,t){return new Pr(e,t)}var Pr,P=t((()=>{kr(),Pr=class e extends j{constructor(t,n){super(t,n),this.name=`ClientAuthError`,Object.setPrototypeOf(this,e.prototype)}}})),Fr,Ir,Lr,Rr,zr,Br,Vr,Hr,Ur,Wr,Gr,Kr,qr,Jr=t((()=>{Fr=`redirect_uri_empty`,Ir=`authority_uri_insecure`,Lr=`url_parse_error`,Rr=`empty_url_error`,zr=`empty_input_scopes_error`,Br=`invalid_claims`,Vr=`token_request_empty`,Hr=`logout_request_empty`,Ur=`pkce_params_missing`,Wr=`invalid_cloud_discovery_metadata`,Gr=`invalid_authority_metadata`,Kr=`untrusted_authority`,qr=`missing_ssh_jwk`})),Yr,Xr,Zr,Qr,$r,ei,ti,ni,ri,ii,ai,oi,si,ci,li,ui,di,fi,pi,mi,hi,gi,_i,vi,yi,bi,xi,F,Si,Ci,I=t((()=>{Yr=`client_info_decoding_error`,Xr=`client_info_empty_error`,Zr=`token_parsing_error`,Qr=`null_or_empty_token`,$r=`endpoints_resolution_error`,ei=`network_error`,ti=`openid_config_error`,ni=`hash_not_deserialized`,ri=`invalid_state`,ii=`state_mismatch`,ai=`nonce_mismatch`,oi=`auth_time_not_found`,si=`max_age_transpired`,ci=`multiple_matching_tokens`,li=`multiple_matching_appMetadata`,ui=`request_cannot_be_made`,di=`cannot_remove_empty_scope`,fi=`cannot_append_scopeset`,pi=`empty_input_scopeset`,mi=`no_account_in_silent_request`,hi=`invalid_cache_record`,gi=`invalid_cache_environment`,_i=`no_crypto_object`,vi=`token_refresh_required`,yi=`token_claims_cnf_required_for_signedjwt`,bi=`end_session_endpoint_not_supported`,xi=`key_id_missing`,F=`method_not_implemented`,Si=`resource_parameter_required`,Ci=`misplaced_resource_parameter`})),wi,Ti=t((()=>{jr(),Nr(),P(),A(),Jr(),I(),wi=class e{constructor(e){let t=e?Mr.trimArrayEntries([...e]):[],n=t?Mr.removeEmptyStringsFromArray(t):[];if(!n||!n.length)throw M(zr);this.scopes=new Set,n.forEach(e=>this.scopes.add(e))}static fromString(t){return new e((t||``).split(` `))}static createSearchScopes(t){let n=new e(t&&t.length>0?t:[...ln]);return n.containsOnlyOIDCScopes()?n.removeScope(en):n.removeOIDCScopes(),n}containsScope(t){let n=new e(this.printScopesLowerCase().split(` `));return t?n.scopes.has(t.toLowerCase()):!1}containsScopeSet(e){return!e||e.scopes.size<=0?!1:this.scopes.size>=e.scopes.size&&e.asArray().every(e=>this.containsScope(e))}containsOnlyOIDCScopes(){let e=0;return un.forEach(t=>{this.containsScope(t)&&(e+=1)}),this.scopes.size===e}appendScope(e){e&&this.scopes.add(e.trim())}appendScopes(e){try{e.forEach(e=>this.appendScope(e))}catch{throw N(fi)}}removeScope(e){if(!e)throw N(di);this.scopes.delete(e.trim())}removeOIDCScopes(){un.forEach(e=>{this.scopes.delete(e)})}unionScopeSets(e){if(!e)throw N(pi);let t=new Set;return e.scopes.forEach(e=>t.add(e.toLowerCase())),this.scopes.forEach(e=>t.add(e.toLowerCase())),t}intersectingScopeSets(e){if(!e)throw N(pi);e.containsOnlyOIDCScopes()||e.removeOIDCScopes();let t=this.unionScopeSets(e),n=e.getScopeCount(),r=this.getScopeCount();return t.size<r+n}getScopeCount(){return this.scopes.size}asArray(){let e=[];return this.scopes.forEach(t=>e.push(t)),e}printScopes(){return this.scopes?this.asArray().join(` `):``}printScopesLowerCase(){return this.printScopes().toLowerCase()}}}));function Ei(e,t,n){if(!t)return;let r=e.get(Pn);r&&e.has(`brk_client_id`)&&n?.addFields({embeddedClientId:r,embeddedRedirectUri:e.get(Fn)},t)}function Di(e,t){e.set(In,t)}function Oi(e,t){e.set(Ln,t||gn.QUERY)}function ki(e,t,n=!0,r=ln){n&&!r.includes(`openid`)&&!t.includes(`openid`)&&r.push(`openid`);let i=new wi(n?[...t||[],...r]:t||[]);e.set(Bn,i.printScopes())}function Ai(e,t){e.set(Pn,t)}function ji(e,t){e.set(Fn,t)}function Mi(e,t){e.set(ar,t)}function Ni(e,t){e.set(or,t)}function Pi(e,t){e.set(yr,t)}function Fi(e,t){e.set(vr,t)}function Ii(e,t){e.set(T.CCS_HEADER,`UPN:${t}`)}function Li(e,t){e.set(T.CCS_HEADER,`Oid:${t.uid}@${t.utid}`)}function Ri(e,t){e.set(`sid`,t)}function zi(e,t,n){let r=sa(t,n);try{JSON.parse(r)}catch{throw M(Br)}e.set(zn,r)}function Bi(e,t){e.set(Yn,t)}function Vi(e,t){e.set(Xn,t.sku),e.set(Zn,t.version),t.os&&e.set(Qn,t.os),t.cpu&&e.set($n,t.cpu)}function Hi(e,t){t?.appName&&e.set(rr,t.appName),t?.appVersion&&e.set(ir,t.appVersion)}function Ui(e,t){e.set(Wn,t)}function Wi(e,t){t&&e.set(Hn,t)}function Gi(e,t){e.set(Un,t)}function Ki(e,t,n){if(t&&n)e.set(Kn,t),e.set(qn,n);else throw M(Ur)}function qi(e,t){e.set(Gn,t)}function Ji(e,t){e.set(sr,t)}function Yi(e,t){e.set(Vn,t)}function Xi(e,t){e.set(Jn,t)}function Zi(e,t){e.set(cr,t)}function Qi(e,t){t&&e.set(lr,t)}function $i(e,t){t&&e.set(ur,t)}function ea(e,t){e.set(pr,t)}function ta(e,t){e.set(mr,t)}function na(e,t){e.set(Rn,t)}function ra(e){e.set(Sn,`1`)}function ia(e){e.set(Tr,`1`)}function aa(e){e.has(`instance_aware`)||e.set(Cr,`true`)}function oa(e,t){Object.entries(t).forEach(([t,n])=>{!e.has(t)&&n&&e.set(t,n)})}function sa(e,t){let n;if(!e)n={};else try{n=JSON.parse(e)}catch{throw M(Br)}return t&&t.length>0&&(n.hasOwnProperty(fn.ACCESS_TOKEN)||(n[fn.ACCESS_TOKEN]={}),n[fn.ACCESS_TOKEN][fn.XMS_CC]={values:t}),JSON.stringify(n)}function ca(e,t){e.set(An.username,t)}function la(e,t){e.set(An.password,t)}function ua(e,t){t&&(e.set(dr,O.POP),e.set(fr,t))}function da(e,t){t&&(e.set(dr,O.SSH),e.set(fr,t))}function fa(e,t){e.set(er,t.generateCurrentRequestHeaderValue()),e.set(tr,t.generateLastRequestHeaderValue())}function pa(e){e.set(nr,kn)}function ma(e,t){e.set(_r,t)}function ha(e,t,n){e.has(`brk_client_id`)||e.set(xr,t),e.has(`brk_redirect_uri`)||e.set(Sr,n)}function ga(e,t){t&&e.set(wr,t)}var _a=t((()=>{A(),Er(),Ti(),jr(),Jr()}));function va(e){return e.startsWith(`#/`)?e.substring(2):e.startsWith(`#`)||e.startsWith(`?`)?e.substring(1):e}function ya(e){if(!e||e.indexOf(`=`)<0)return null;try{let t=va(e),n=Object.fromEntries(new URLSearchParams(t));if(n.code||n.ear_jwe||n.error||n.error_description||n.state)return n}catch{throw N(ni)}return null}function ba(e){let t=[];return e.forEach((e,n)=>{t.push(`${n}=${encodeURIComponent(e)}`)}),t.join(`&`)}var xa=t((()=>{P(),I()})),Sa,Ca=t((()=>{P(),I(),Sa={createNewGuid:()=>{throw N(F)},base64Decode:()=>{throw N(F)},base64Encode:()=>{throw N(F)},base64UrlEncode:()=>{throw N(F)},encodeKid:()=>{throw N(F)},async getPublicKeyThumbprint(){throw N(F)},async removeTokenBindingKey(){throw N(F)},async clearKeystore(){throw N(F)},async signJwt(){throw N(F)},async hashString(){throw N(F)}}}));function wa(e,t){ka.delete(e),ka.set(e,t)}function Ta(e,t){let n=Date.now(),r=ka.get(e);if(r)wa(e,r);else if(r={logs:[],firstEventTime:n},ka.set(e,r),ka.size>Da){let e=ka.keys().next().value;e&&ka.delete(e)}r.logs.push({...t,milliseconds:n-r.firstEventTime}),r.logs.length>Oa&&r.logs.shift()}function Ea(e){if(e.length!==6)return!1;for(let t=0;t<e.length;t++){let n=e[t];if(!(n>=`a`&&n<=`z`||n>=`A`&&n<=`Z`||n>=`0`&&n<=`9`))return!1}return!0}var L,Da,Oa,ka,Aa,ja=t((()=>{(function(e){e[e.Error=0]=`Error`,e[e.Warning=1]=`Warning`,e[e.Info=2]=`Info`,e[e.Verbose=3]=`Verbose`,e[e.Trace=4]=`Trace`})(L||(L={})),Da=50,Oa=500,ka=new Map,Aa=class e{constructor(t,n,r){this.level=L.Info;let i=()=>{},a=t||e.createDefaultLoggerOptions();this.localCallback=a.loggerCallback||i,this.piiLoggingEnabled=a.piiLoggingEnabled||!1,this.level=typeof a.logLevel==`number`?a.logLevel:L.Info,this.packageName=n||``,this.packageVersion=r||``}static createDefaultLoggerOptions(){return{loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:L.Info}}clone(t,n){return new e({loggerCallback:this.localCallback,piiLoggingEnabled:this.piiLoggingEnabled,logLevel:this.level},t,n)}logMessage(e,t){let n=t.correlationId;if(Ea(e)&&Ta(n,{hash:e,level:t.logLevel,containsPii:t.containsPii||!1,milliseconds:0}),t.logLevel>this.level||!this.piiLoggingEnabled&&t.containsPii)return;let r=`${`[${new Date().toUTCString()}] : [${n}]`} : ${this.packageName}@${this.packageVersion} : ${L[t.logLevel]} - ${e}`;this.executeCallback(t.logLevel,r,t.containsPii||!1)}executeCallback(e,t,n){this.localCallback&&this.localCallback(e,t,n)}error(e,t){this.logMessage(e,{logLevel:L.Error,containsPii:!1,correlationId:t})}errorPii(e,t){this.logMessage(e,{logLevel:L.Error,containsPii:!0,correlationId:t})}warning(e,t){this.logMessage(e,{logLevel:L.Warning,containsPii:!1,correlationId:t})}warningPii(e,t){this.logMessage(e,{logLevel:L.Warning,containsPii:!0,correlationId:t})}info(e,t){this.logMessage(e,{logLevel:L.Info,containsPii:!1,correlationId:t})}infoPii(e,t){this.logMessage(e,{logLevel:L.Info,containsPii:!0,correlationId:t})}verbose(e,t){this.logMessage(e,{logLevel:L.Verbose,containsPii:!1,correlationId:t})}verbosePii(e,t){this.logMessage(e,{logLevel:L.Verbose,containsPii:!0,correlationId:t})}trace(e,t){this.logMessage(e,{logLevel:L.Trace,containsPii:!1,correlationId:t})}tracePii(e,t){this.logMessage(e,{logLevel:L.Trace,containsPii:!0,correlationId:t})}isPiiLoggingEnabled(){return this.piiLoggingEnabled||!1}}})),Ma,Na,Pa=t((()=>{Ma=`@azure/msal-common`,Na=`16.4.1`})),Fa,Ia=t((()=>{Fa={None:`none`,AzurePublic:`https://login.microsoftonline.com`,AzurePpe:`https://login.windows-ppe.net`,AzureChina:`https://login.chinacloudapi.cn`,AzureGermany:`https://login.microsoftonline.de`,AzureUsGovernment:`https://login.microsoftonline.us`}}));function La(e,t){return!!e&&!!t&&e===t.split(`.`)[1]}function Ra(e,t,n,r){if(r){let{oid:t,sub:n,tid:i,name:a,tfp:o,acr:s,preferred_username:c,upn:l,login_hint:u}=r,d=i||o||s||``;return{tenantId:d,localAccountId:t||n||``,name:a,username:c||l||``,loginHint:u,isHomeTenant:La(d,e)}}else return{tenantId:n,localAccountId:t,username:``,isHomeTenant:La(n,e)}}function za(e,t,n,r){let i=e;if(t){let{isHomeTenant:n,...r}=t;i={...e,...r}}if(n){let{isHomeTenant:t,...a}=Ra(e.homeAccountId,e.localAccountId,e.tenantId,n);return i={...i,...a,idTokenClaims:n,idToken:r},i}return i}var Ba=t((()=>{}));function Va(e,t){let n=Ua(e);try{let e=t(n);return JSON.parse(e)}catch{throw N(Zr)}}function Ha(e){if(!e.signin_state)return!1;let t=[`kmsi`,`dvc_dmjd`];return e.signin_state.some(e=>t.includes(e.trim().toLowerCase()))}function Ua(e){if(!e)throw N(Qr);let t=/^([^\.\s]*)\.([^\.\s]+)\.([^\.\s]*)$/.exec(e);if(!t||t.length<4)throw N(Zr);return t[2]}function Wa(e,t){if(t===0||Date.now()-3e5>e+t)throw N(si)}var Ga=t((()=>{P(),I()})),R,Ka=t((()=>{jr(),Nr(),A(),Jr(),R=class e{get urlString(){return this._urlString}constructor(t){if(this._urlString=t,!this._urlString)throw M(Rr);t.includes(`#`)||(this._urlString=e.canonicalizeUri(t))}static canonicalizeUri(e){if(e){let t=e.toLowerCase();return Mr.endsWith(t,`?`)?t=t.slice(0,-1):Mr.endsWith(t,`?/`)&&(t=t.slice(0,-2)),Mr.endsWith(t,`/`)||(t+=`/`),t}return e}validateAsUri(){let e;try{e=this.getUrlComponents()}catch{throw M(Lr)}if(!e.HostNameAndPort||!e.PathSegments)throw M(Lr);if(!e.Protocol||e.Protocol.toLowerCase()!==`https:`)throw M(Ir)}static appendQueryString(e,t){return t?e.indexOf(`?`)<0?`${e}?${t}`:`${e}&${t}`:e}static removeHashFromUrl(t){return e.canonicalizeUri(t.split(`#`)[0])}replaceTenantPath(t){let n=this.getUrlComponents(),r=n.PathSegments;return t&&r.length!==0&&(r[0]===dn.COMMON||r[0]===dn.ORGANIZATIONS)&&(r[0]=t),e.constructAuthorityUriFromObject(n)}getUrlComponents(){let e=RegExp(`^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?`),t=this.urlString.match(e);if(!t)throw M(Lr);let n={Protocol:t[1],HostNameAndPort:t[4],AbsolutePath:t[5],QueryString:t[7]},r=n.AbsolutePath.split(`/`);return r=r.filter(e=>e&&e.length>0),n.PathSegments=r,n.QueryString&&n.QueryString.endsWith(`/`)&&(n.QueryString=n.QueryString.substring(0,n.QueryString.length-1)),n}static getDomainFromUrl(e){let t=RegExp(`^([^:/?#]+://)?([^/?#]*)`),n=e.match(t);if(!n)throw M(Lr);return n[2]}static getAbsoluteUrl(t,n){if(t[0]===`/`){let r=new e(n).getUrlComponents();return r.Protocol+`//`+r.HostNameAndPort+t}return t}static constructAuthorityUriFromObject(t){return new e(t.Protocol+`//`+t.HostNameAndPort+`/`+t.PathSegments.join(`/`))}}}));function qa(e,t){return{token_endpoint:`https://${e}/{tenantid}/oauth2/v2.0/token`,jwks_uri:`https://${e}/{tenantid}/discovery/v2.0/keys`,issuer:`https://${t}/{tenantid}/v2.0`,authorization_endpoint:`https://${e}/{tenantid}/oauth2/v2.0/authorize`,end_session_endpoint:`https://${e}/{tenantid}/oauth2/v2.0/logout`}}function Ja(e,t,n){let r,i=e.canonicalAuthority;if(i){let a=new R(i).getUrlComponents().HostNameAndPort;r=Ya(t,n,a,e.cloudDiscoveryMetadata?.metadata,D.CONFIG)||Ya(t,n,a,to.metadata,D.HARDCODED_VALUES)||e.knownAuthorities}return r||[]}function Ya(e,t,n,r,i){if(e.trace(`getAliasesFromMetadata called with source: '${i}'`,t),n&&r){let a=Za(r,n);if(a)return e.trace(`getAliasesFromMetadata: found cloud discovery metadata in '${i}', returning aliases`,t),a.aliases;e.trace(`getAliasesFromMetadata: did not find cloud discovery metadata in '${i}'`,t)}return null}function Xa(e){return Za(to.metadata,e)}function Za(e,t){for(let n=0;n<e.length;n++){let r=e[n];if(r.aliases.includes(t))return r}return null}var Qa,$a,eo,to,no,ro=t((()=>{Ka(),A(),Qa=[{host:`login.microsoftonline.com`},{host:`login.chinacloudapi.cn`,issuerHost:`login.partner.microsoftonline.cn`},{host:`login.microsoftonline.us`},{host:`login.sovcloud-identity.fr`},{host:`login.sovcloud-identity.de`},{host:`login.sovcloud-identity.sg`}],$a={endpointMetadata:Qa.reduce((e,{host:t,issuerHost:n})=>(e[t]=qa(t,n||t),e),{}),instanceDiscoveryMetadata:{metadata:[{preferred_network:`login.microsoftonline.com`,preferred_cache:`login.windows.net`,aliases:[`login.microsoftonline.com`,`login.windows.net`,`login.microsoft.com`,`sts.windows.net`]},{preferred_network:`login.partner.microsoftonline.cn`,preferred_cache:`login.partner.microsoftonline.cn`,aliases:[`login.partner.microsoftonline.cn`,`login.chinacloudapi.cn`]},{preferred_network:`login.microsoftonline.de`,preferred_cache:`login.microsoftonline.de`,aliases:[`login.microsoftonline.de`]},{preferred_network:`login.microsoftonline.us`,preferred_cache:`login.microsoftonline.us`,aliases:[`login.microsoftonline.us`,`login.usgovcloudapi.net`]},{preferred_network:`login-us.microsoftonline.com`,preferred_cache:`login-us.microsoftonline.com`,aliases:[`login-us.microsoftonline.com`]},{preferred_network:`login.sovcloud-identity.fr`,preferred_cache:`login.sovcloud-identity.fr`,aliases:[`login.sovcloud-identity.fr`]},{preferred_network:`login.sovcloud-identity.de`,preferred_cache:`login.sovcloud-identity.de`,aliases:[`login.sovcloud-identity.de`]},{preferred_network:`login.sovcloud-identity.sg`,preferred_cache:`login.sovcloud-identity.sg`,aliases:[`login.sovcloud-identity.sg`]}]}},eo=$a.endpointMetadata,to=$a.instanceDiscoveryMetadata,no=new Set,to.metadata.forEach(e=>{e.aliases.forEach(e=>{no.add(e)})})})),io,ao,oo=t((()=>{io=`cache_quota_exceeded`,ao=`cache_error_unknown`}));function so(e){return e instanceof Error?e.name===`QuotaExceededError`||e.name===`NS_ERROR_DOM_QUOTA_REACHED`||e.message.includes(`exceeded the quota`)?new co(io):new co(e.name,e.message):new co(ao)}var co,lo=t((()=>{oo(),kr(),co=class e extends Error{constructor(t,n){let r=n||Dr(t);super(r),Object.setPrototypeOf(this,e.prototype),this.name=`CacheError`,this.errorCode=t,this.errorMessage=r}}}));function uo(e,t){if(!e)throw N(Xr);try{let n=t(e);return JSON.parse(n)}catch{throw N(Yr)}}function fo(e){if(!e)throw N(Yr);let t=e.split(`.`,2);return{uid:t[0],utid:t.length<2?``:t[1]}}var po=t((()=>{P(),A(),I()})),mo,ho=t((()=>{mo={Default:0,Adfs:1,Dsts:2,Ciam:3}}));function go(e){return e&&(e.tid||e.tfp||e.acr)||null}var _o=t((()=>{})),vo,yo=t((()=>{vo={AAD:`AAD`,OIDC:`OIDC`,EAR:`EAR`}}));function bo(e){let t=e.tenantProfiles||[];return t.length===0&&e.realm&&e.localAccountId&&t.push(Ra(e.homeAccountId,e.localAccountId,e.realm)),{homeAccountId:e.homeAccountId,environment:e.environment,tenantId:e.realm,username:e.username,localAccountId:e.localAccountId,loginHint:e.loginHint,name:e.name,nativeAccountId:e.nativeAccountId,authorityType:e.authorityType,tenantProfiles:new Map(t.map(e=>[e.tenantId,e])),dataBoundary:e.dataBoundary}}function xo(e,t,n){let r;r=t.authorityType===mo.Adfs?yn:t.protocolMode===vo.OIDC?bn:vn;let i,a;e.clientInfo&&n&&(i=uo(e.clientInfo,n),i.xms_tdbr&&(a=i.xms_tdbr===`EU`?`EU`:`None`));let o=e.environment||t&&t.getPreferredCache();if(!o)throw N(gi);let s=e.idTokenClaims?.preferred_username||e.idTokenClaims?.upn,c=e.idTokenClaims?.emails?e.idTokenClaims.emails[0]:null,l=s||c||``,u=e.idTokenClaims?.login_hint,d=i?.utid||go(e.idTokenClaims)||``,f=i?.uid||e.idTokenClaims?.oid||e.idTokenClaims?.sub||``,p;return p=e.tenantProfiles?e.tenantProfiles:[Ra(e.homeAccountId,f,d,e.idTokenClaims)],{homeAccountId:e.homeAccountId,environment:o,realm:d,localAccountId:f,username:l,authorityType:r,loginHint:u,clientInfo:e.clientInfo,name:e.idTokenClaims?.name||``,lastModificationTime:void 0,lastModificationApp:void 0,cloudGraphHostName:e.cloudGraphHostName,msGraphHost:e.msGraphHost,nativeAccountId:e.nativeAccountId,tenantProfiles:p,dataBoundary:a}}function So(e,t,n,r,i,a){if(!(t===mo.Adfs||t===mo.Dsts)){if(e)try{let t=uo(e,r.base64Decode);if(t.uid&&t.utid)return`${t.uid}.${t.utid}`}catch{}n.warning(`No client info in response`,i)}return a?.sub||``}function Co(e){return e?e.hasOwnProperty(`homeAccountId`)&&e.hasOwnProperty(`environment`)&&e.hasOwnProperty(`realm`)&&e.hasOwnProperty(`localAccountId`)&&e.hasOwnProperty(`username`)&&e.hasOwnProperty(`authorityType`):!1}var wo=t((()=>{A(),po(),Ba(),P(),ho(),_o(),yo(),I()})),To,Eo,Do=t((()=>{A(),Ti(),P(),Ba(),Ga(),Pa(),ro(),lo(),wo(),kr(),I(),To=class{constructor(e,t,n,r,i){this.clientId=e,this.cryptoImpl=t,this.commonLogger=n.clone(Ma,Na),this.staticAuthorityOptions=i,this.performanceClient=r}getAllAccounts(e={},t){return this.buildTenantProfiles(this.getAccountsFilteredBy(e,t),t,e)}getAccountInfoFilteredBy(e,t){if(Object.keys(e).length===0||Object.values(e).every(e=>e==null||e===``))return this.commonLogger.warning(`getAccountInfoFilteredBy: Account filter is empty or invalid, returning null`,t),null;let n=this.getAllAccounts(e,t);return n.length>1?n.sort(e=>e.idTokenClaims?-1:1)[0]:n.length===1?n[0]:null}getBaseAccountInfo(e,t){let n=this.getAccountsFilteredBy(e,t);return n.length>0?bo(n[0]):null}buildTenantProfiles(e,t,n){return e.flatMap(e=>this.getTenantProfilesFromAccountEntity(e,t,n?.tenantId,n))}getTenantedAccountInfoByFilter(e,t,n,r,i){let a=null,o;if(i&&!this.tenantProfileMatchesFilter(n,i))return null;let s=this.getIdToken(e,r,t,n.tenantId);return s&&(o=Va(s.secret,this.cryptoImpl.base64Decode),!this.idTokenClaimsMatchTenantProfileFilter(o,i))?null:(a=za(e,n,o,s?.secret),a)}getTenantProfilesFromAccountEntity(e,t,n,r){let i=bo(e),a=i.tenantProfiles||new Map,o=this.getTokenKeys();if(n){let e=a.get(n);if(e)a=new Map([[n,e]]);else return[]}let s=[];return a.forEach(e=>{let n=this.getTenantedAccountInfoByFilter(i,o,e,t,r);n&&s.push(n)}),s}tenantProfileMatchesFilter(e,t){return!(t.localAccountId&&!this.matchLocalAccountIdFromTenantProfile(e,t.localAccountId)||t.name&&e.name!==t.name||t.isHomeTenant!==void 0&&e.isHomeTenant!==t.isHomeTenant)}idTokenClaimsMatchTenantProfileFilter(e,t){return!(t&&(t.localAccountId&&!this.matchLocalAccountIdFromTokenClaims(e,t.localAccountId)||t.loginHint&&!this.matchLoginHintFromTokenClaims(e,t.loginHint)||t.username&&!this.matchUsername(e.preferred_username,t.username)||t.name&&!this.matchName(e,t.name)||t.sid&&!this.matchSid(e,t.sid)))}async saveCacheRecord(e,t,n,r,i){if(!e)throw N(hi);try{e.account&&await this.setAccount(e.account,t,n,r),e.idToken&&i?.idToken!==!1&&await this.setIdTokenCredential(e.idToken,t,n),e.accessToken&&i?.accessToken!==!1&&await this.saveAccessToken(e.accessToken,t,n),e.refreshToken&&i?.refreshToken!==!1&&await this.setRefreshTokenCredential(e.refreshToken,t,n),e.appMetadata&&this.setAppMetadata(e.appMetadata,t)}catch(e){throw this.commonLogger?.error(`CacheManager.saveCacheRecord: failed`,t),e instanceof j?e:so(e)}}async saveAccessToken(e,t,n){let r={clientId:e.clientId,credentialType:e.credentialType,environment:e.environment,homeAccountId:e.homeAccountId,realm:e.realm,tokenType:e.tokenType},i=this.getTokenKeys(),a=wi.fromString(e.target);i.accessToken.forEach(e=>{if(!this.accessTokenKeyMatchesFilter(e,r,!1))return;let n=this.getAccessTokenCredential(e,t);n&&this.credentialMatchesFilter(n,r,t)&&wi.fromString(n.target).intersectingScopeSets(a)&&this.removeAccessToken(e,t)}),await this.setAccessTokenCredential(e,t,n)}getAccountsFilteredBy(e,t){let n=this.getAccountKeys(),r=[];return n.forEach(n=>{let i=this.getAccount(n,t);if(!i||e.homeAccountId&&!this.matchHomeAccountId(i,e.homeAccountId)||e.username&&!this.matchUsername(i.username,e.username)||e.environment&&!this.matchEnvironment(i,e.environment,t)||e.realm&&!this.matchRealm(i,e.realm)||e.nativeAccountId&&!this.matchNativeAccountId(i,e.nativeAccountId)||e.authorityType&&!this.matchAuthorityType(i,e.authorityType))return;let a={localAccountId:e?.localAccountId,name:e?.name},o=i.tenantProfiles?.filter(e=>this.tenantProfileMatchesFilter(e,a));o&&o.length===0||r.push(i)}),r}credentialMatchesFilter(e,t,n){return!(t.clientId&&!this.matchClientId(e,t.clientId)||t.userAssertionHash&&!this.matchUserAssertionHash(e,t.userAssertionHash)||typeof t.homeAccountId==`string`&&!this.matchHomeAccountId(e,t.homeAccountId)||t.environment&&!this.matchEnvironment(e,t.environment,n)||t.realm&&!this.matchRealm(e,t.realm)||t.credentialType&&!this.matchCredentialType(e,t.credentialType)||t.familyId&&!this.matchFamilyId(e,t.familyId)||t.target&&!this.matchTarget(e,t.target)||e.credentialType===E.ACCESS_TOKEN_WITH_AUTH_SCHEME&&(t.tokenType&&!this.matchTokenType(e,t.tokenType)||t.tokenType===O.SSH&&t.keyId&&!this.matchKeyId(e,t.keyId)))}getAppMetadataFilteredBy(e,t){let n=this.getKeys(),r={};return n.forEach(n=>{if(!this.isAppMetadata(n))return;let i=this.getAppMetadata(n,t);i&&(e.environment&&!this.matchEnvironment(i,e.environment,t)||e.clientId&&!this.matchClientId(i,e.clientId)||(r[n]=i))}),r}getAuthorityMetadataByAlias(e,t){let n=this.getAuthorityMetadataKeys(),r=null;return n.forEach(n=>{if(!this.isAuthorityMetadata(n)||n.indexOf(this.clientId)===-1)return;let i=this.getAuthorityMetadata(n,t);i&&i.aliases.indexOf(e)!==-1&&(r=i)}),r}removeAllAccounts(e){this.getAllAccounts({},e).forEach(t=>{this.removeAccount(t,e)})}removeAccount(e,t){this.removeAccountContext(e,t),this.getAccountKeys().filter(t=>t.includes(e.homeAccountId)&&t.includes(e.environment)).forEach(e=>{this.removeItem(e,t),this.performanceClient.incrementFields({accountsRemoved:1},t)})}removeAccountContext(e,t){let n=this.getTokenKeys(),r=t=>t.includes(e.homeAccountId)&&t.includes(e.environment);n.idToken.filter(r).forEach(e=>{this.removeIdToken(e,t)}),n.accessToken.filter(r).forEach(e=>{this.removeAccessToken(e,t)}),n.refreshToken.filter(r).forEach(e=>{this.removeRefreshToken(e,t)})}removeAccessToken(e,t){let n=this.getAccessTokenCredential(e,t);if(n&&(this.removeItem(e,t),this.performanceClient.incrementFields({accessTokensRemoved:1},t),n.credentialType.toLowerCase()===E.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()&&n.tokenType===O.POP)){let e=n.keyId;e&&this.cryptoImpl.removeTokenBindingKey(e,t).catch(()=>{this.commonLogger.error(`Failed to remove token binding key '${e}'`,t),this.performanceClient?.incrementFields({removeTokenBindingKeyFailure:1},t)})}}removeAppMetadata(e){return this.getKeys().forEach(t=>{this.isAppMetadata(t)&&this.removeItem(t,e)}),!0}getIdToken(e,t,n,r){this.commonLogger.trace(`CacheManager - getIdToken called`,t);let i={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:E.ID_TOKEN,clientId:this.clientId,realm:r},a=this.getIdTokensByFilter(i,t,n),o=a.size;if(o<1)return this.commonLogger.info(`CacheManager:getIdToken - No token found`,t),null;if(o>1){let n=a;if(!r){let r=new Map;a.forEach((t,n)=>{t.realm===e.tenantId&&r.set(n,t)});let i=r.size;if(i<1)return this.commonLogger.info(`CacheManager:getIdToken - Multiple ID tokens found for account but none match account entity tenant id, returning first result`,t),a.values().next().value;if(i===1)return this.commonLogger.info(`CacheManager:getIdToken - Multiple ID tokens found for account, defaulting to home tenant profile`,t),r.values().next().value;n=r}return this.commonLogger.info(`CacheManager:getIdToken - Multiple matching ID tokens found, clearing them`,t),n.forEach((e,n)=>{this.removeIdToken(n,t)}),this.performanceClient.addFields({multiMatchedID:a.size},t),null}return this.commonLogger.info(`CacheManager:getIdToken - Returning ID token`,t),a.values().next().value}getIdTokensByFilter(e,t,n){let r=n&&n.idToken||this.getTokenKeys().idToken,i=new Map;return r.forEach(n=>{if(!this.idTokenKeyMatchesFilter(n,{clientId:this.clientId,...e}))return;let r=this.getIdTokenCredential(n,t);r&&this.credentialMatchesFilter(r,e,t)&&i.set(n,r)}),i}idTokenKeyMatchesFilter(e,t){let n=e.toLowerCase();return!(t.clientId&&n.indexOf(t.clientId.toLowerCase())===-1||t.homeAccountId&&n.indexOf(t.homeAccountId.toLowerCase())===-1)}removeIdToken(e,t){this.removeItem(e,t)}removeRefreshToken(e,t){this.removeItem(e,t)}getAccessToken(e,t,n,r){let i=t.correlationId;this.commonLogger.trace(`CacheManager - getAccessToken called`,i);let a=wi.createSearchScopes(t.scopes),o=t.authenticationScheme||O.BEARER,s=o&&o.toLowerCase()!==O.BEARER.toLowerCase()?E.ACCESS_TOKEN_WITH_AUTH_SCHEME:E.ACCESS_TOKEN,c={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:s,clientId:this.clientId,realm:r||e.tenantId,target:a,tokenType:o,keyId:t.sshKid},l=n&&n.accessToken||this.getTokenKeys().accessToken,u=[];l.forEach(e=>{if(this.accessTokenKeyMatchesFilter(e,c,!0)){let t=this.getAccessTokenCredential(e,i);t&&this.credentialMatchesFilter(t,c,i)&&u.push(t)}});let d=u.length;return d<1?(this.commonLogger.info(`CacheManager:getAccessToken - No token found`,i),null):d>1?(this.commonLogger.info(`CacheManager:getAccessToken - Multiple access tokens found, clearing them`,i),u.forEach(e=>{this.removeAccessToken(this.generateCredentialKey(e),i)}),this.performanceClient.addFields({multiMatchedAT:u.length},i),null):(this.commonLogger.info(`CacheManager:getAccessToken - Returning access token`,i),u[0])}accessTokenKeyMatchesFilter(e,t,n){let r=e.toLowerCase();if(t.clientId&&r.indexOf(t.clientId.toLowerCase())===-1||t.homeAccountId&&r.indexOf(t.homeAccountId.toLowerCase())===-1||t.realm&&r.indexOf(t.realm.toLowerCase())===-1)return!1;if(t.target){let e=t.target.asArray();for(let t=0;t<e.length;t++)if(n&&!r.includes(e[t].toLowerCase()))return!1;else if(!n&&r.includes(e[t].toLowerCase()))return!0}return!0}getAccessTokensByFilter(e,t){let n=this.getTokenKeys(),r=[];return n.accessToken.forEach(n=>{if(!this.accessTokenKeyMatchesFilter(n,e,!0))return;let i=this.getAccessTokenCredential(n,t);i&&this.credentialMatchesFilter(i,e,t)&&r.push(i)}),r}getRefreshToken(e,t,n,r){this.commonLogger.trace(`CacheManager - getRefreshToken called`,n);let i=t?`1`:void 0,a={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:E.REFRESH_TOKEN,clientId:this.clientId,familyId:i},o=r&&r.refreshToken||this.getTokenKeys().refreshToken,s=[];o.forEach(e=>{if(this.refreshTokenKeyMatchesFilter(e,a)){let t=this.getRefreshTokenCredential(e,n);t&&this.credentialMatchesFilter(t,a,n)&&s.push(t)}});let c=s.length;return c<1?(this.commonLogger.info(`CacheManager:getRefreshToken - No refresh token found.`,n),null):(c>1&&this.performanceClient.addFields({multiMatchedRT:c},n),this.commonLogger.info(`CacheManager:getRefreshToken - returning refresh token`,n),s[0])}refreshTokenKeyMatchesFilter(e,t){let n=e.toLowerCase();return!(t.familyId&&n.indexOf(t.familyId.toLowerCase())===-1||!t.familyId&&t.clientId&&n.indexOf(t.clientId.toLowerCase())===-1||t.homeAccountId&&n.indexOf(t.homeAccountId.toLowerCase())===-1)}readAppMetadataFromCache(e,t){let n={environment:e,clientId:this.clientId},r=this.getAppMetadataFilteredBy(n,t),i=Object.keys(r).map(e=>r[e]),a=i.length;if(a<1)return null;if(a>1)throw N(li);return i[0]}isAppMetadataFOCI(e,t){let n=this.readAppMetadataFromCache(e,t);return!!(n&&n.familyId===`1`)}matchHomeAccountId(e,t){return typeof e.homeAccountId==`string`&&t===e.homeAccountId}matchLocalAccountIdFromTokenClaims(e,t){return t===(e.oid||e.sub)}matchLocalAccountIdFromTenantProfile(e,t){return e.localAccountId===t}matchName(e,t){return t.toLowerCase()===e.name?.toLowerCase()}matchUsername(e,t){return!!(e&&typeof e==`string`&&t?.toLowerCase()===e.toLowerCase())}matchUserAssertionHash(e,t){return!!(e.userAssertionHash&&t===e.userAssertionHash)}matchEnvironment(e,t,n){if(this.staticAuthorityOptions){let r=Ja(this.staticAuthorityOptions,this.commonLogger,n);if(r.includes(t)&&r.includes(e.environment))return!0}let r=this.getAuthorityMetadataByAlias(t,n);return!!(r&&r.aliases.indexOf(e.environment)>-1)}matchCredentialType(e,t){return e.credentialType&&t.toLowerCase()===e.credentialType.toLowerCase()}matchClientId(e,t){return!!(e.clientId&&t===e.clientId)}matchFamilyId(e,t){return!!(e.familyId&&t===e.familyId)}matchRealm(e,t){return e.realm?.toLowerCase()===t.toLowerCase()}matchNativeAccountId(e,t){return!!(e.nativeAccountId&&t===e.nativeAccountId)}matchLoginHintFromTokenClaims(e,t){return e.login_hint===t||e.preferred_username===t||e.upn===t}matchSid(e,t){return e.sid===t}matchAuthorityType(e,t){return!!(e.authorityType&&t.toLowerCase()===e.authorityType.toLowerCase())}matchTarget(e,t){return e.credentialType!==E.ACCESS_TOKEN&&e.credentialType!==E.ACCESS_TOKEN_WITH_AUTH_SCHEME||!e.target?!1:wi.fromString(e.target).containsScopeSet(t)}matchTokenType(e,t){return!!(e.tokenType&&e.tokenType===t)}matchKeyId(e,t){return!!(e.keyId&&e.keyId===t)}isAppMetadata(e){return e.indexOf(xn)!==-1}isAuthorityMetadata(e){return e.indexOf(Cn)!==-1}generateAuthorityMetadataCacheKey(e){return`${Cn}-${this.clientId}-${e}`}static toObject(e,t){for(let n in t)e[n]=t[n];return e}},Eo=class extends To{async setAccount(){throw N(F)}getAccount(){throw N(F)}async setIdTokenCredential(){throw N(F)}getIdTokenCredential(){throw N(F)}async setAccessTokenCredential(){throw N(F)}getAccessTokenCredential(){throw N(F)}async setRefreshTokenCredential(){throw N(F)}getRefreshTokenCredential(){throw N(F)}setAppMetadata(){throw N(F)}getAppMetadata(){throw N(F)}setServerTelemetry(){throw N(F)}getServerTelemetry(){throw N(F)}setAuthorityMetadata(){throw N(F)}getAuthorityMetadata(){throw N(F)}getAuthorityMetadataKeys(){throw N(F)}setThrottlingCache(){throw N(F)}getThrottlingCache(){throw N(F)}removeItem(){throw N(F)}getKeys(){throw N(F)}getAccountKeys(){throw N(F)}getTokenKeys(){throw N(F)}generateCredentialKey(){throw N(F)}generateAccountKey(){throw N(F)}}})),Oo,ko=t((()=>{Oo={NotStarted:0,InProgress:1,Completed:2}})),Ao,jo=t((()=>{ko(),Ao=class{generateId(){return`callback-id`}startMeasurement(e,t){return{end:()=>null,discard:()=>{},add:()=>{},increment:()=>{},event:{eventId:this.generateId(),status:Oo.InProgress,authority:``,libraryName:``,libraryVersion:``,clientId:``,name:e,startTimeMs:Date.now(),correlationId:t||``}}}endMeasurement(){return null}discardMeasurements(){}removePerformanceCallback(){return!0}addPerformanceCallback(){return``}emitEvents(){}addFields(){}incrementFields(){}cacheEventByCorrelationId(){}}}));function Mo({authOptions:e,systemOptions:t,loggerOptions:n,storageInterface:r,networkInterface:i,cryptoInterface:a,clientCredentials:o,libraryInfo:s,telemetry:c,serverTelemetryManager:l,persistencePlugin:u,serializableCache:d}){let f={...Io,...n};return{authOptions:No(e),systemOptions:{...Fo,...t},loggerOptions:f,storageInterface:r||new Eo(e.clientId,Sa,new Aa(f),new Ao),networkInterface:i||Lo,cryptoInterface:a||Sa,clientCredentials:o||zo,libraryInfo:{...Ro,...s},telemetry:{...Vo,...c},serverTelemetryManager:l||null,persistencePlugin:u||null,serializableCache:d||null}}function No(e){return{clientCapabilities:[],azureCloudOptions:Bo,instanceAware:!1,isMcp:!1,...e}}function Po(e){return e.authOptions.authority.options.protocolMode===vo.OIDC}var Fo,Io,Lo,Ro,zo,Bo,Vo,Ho=t((()=>{Ca(),ja(),A(),Pa(),Ia(),Do(),yo(),P(),jo(),I(),Fo={tokenRenewalOffsetSeconds:300,preventCorsPreflight:!1},Io={loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:L.Info,correlationId:``},Lo={async sendGetRequestAsync(){throw N(F)},async sendPostRequestAsync(){throw N(F)}},Ro={sku:Wt,version:Na,cpu:``,os:``},zo={clientSecret:``,clientAssertion:void 0},Bo={azureCloudInstance:Fa.None,tenant:`${qt}`},Vo={application:{appName:``,appVersion:``}}})),Uo,Wo=t((()=>{Uo=class{constructor(e,t){this.cache=e,this.hasChanged=t}get cacheHasChanged(){return this.hasChanged}get tokenCache(){return this.cache}}}));function z(){return Math.round(new Date().getTime()/1e3)}function Go(e){return e?new Date(Number(e)*1e3):new Date}function Ko(e,t){let n=Number(e)||0;return z()+t>n}function qo(e){return Number(e)>z()}function Jo(e,t){return new Promise(n=>setTimeout(()=>n(t),e))}var Yo=t((()=>{}));function Xo(e,t,n,r,i){return{credentialType:E.ID_TOKEN,homeAccountId:e,environment:t,clientId:r,secret:n,realm:i,lastUpdatedAt:Date.now().toString()}}function Zo(e,t,n,r,i,a,o,s,c,l,u,d,f){let p={homeAccountId:e,credentialType:E.ACCESS_TOKEN,secret:n,cachedAt:z().toString(),expiresOn:o.toString(),extendedExpiresOn:s.toString(),environment:t,clientId:r,realm:i,target:a,tokenType:u||O.BEARER,lastUpdatedAt:Date.now().toString()};if(d&&(p.userAssertionHash=d),l&&(p.refreshOn=l.toString()),p.tokenType?.toLowerCase()!==O.BEARER.toLowerCase())switch(p.credentialType=E.ACCESS_TOKEN_WITH_AUTH_SCHEME,p.tokenType){case O.POP:let e=Va(n,c);if(!e?.cnf?.kid)throw N(yi);p.keyId=e.cnf.kid;break;case O.SSH:p.keyId=f}return p}function Qo(e,t,n,r,i,a,o){let s={credentialType:E.REFRESH_TOKEN,homeAccountId:e,environment:t,clientId:r,secret:n,lastUpdatedAt:Date.now().toString()};return a&&(s.userAssertionHash=a),i&&(s.familyId=i),o&&(s.expiresOn=o.toString()),s}function $o(e){return e.hasOwnProperty(`homeAccountId`)&&e.hasOwnProperty(`environment`)&&e.hasOwnProperty(`credentialType`)&&e.hasOwnProperty(`clientId`)&&e.hasOwnProperty(`secret`)}function es(e){return e?$o(e)&&e.hasOwnProperty(`realm`)&&e.hasOwnProperty(`target`)&&(e.credentialType===E.ACCESS_TOKEN||e.credentialType===E.ACCESS_TOKEN_WITH_AUTH_SCHEME):!1}function ts(e){return e?$o(e)&&e.hasOwnProperty(`realm`)&&e.credentialType===E.ID_TOKEN:!1}function ns(e){return e?$o(e)&&e.credentialType===E.REFRESH_TOKEN:!1}function rs(e,t){let n=e.indexOf(Tn)===0,r=!0;return t&&(r=t.hasOwnProperty(`failedRequests`)&&t.hasOwnProperty(`errors`)&&t.hasOwnProperty(`cacheHits`)),n&&r}function is(e,t){let n=!1;e&&(n=e.indexOf(On)===0);let r=!0;return t&&(r=t.hasOwnProperty(`throttleTime`)),n&&r}function as({environment:e,clientId:t}){return[xn,e,t].join(`-`).toLowerCase()}function os(e,t){return t?e.indexOf(`appmetadata`)===0&&t.hasOwnProperty(`clientId`)&&t.hasOwnProperty(`environment`):!1}function ss(e,t){return t?e.indexOf(`authority-metadata`)===0&&t.hasOwnProperty(`aliases`)&&t.hasOwnProperty(`preferred_cache`)&&t.hasOwnProperty(`preferred_network`)&&t.hasOwnProperty(`canonical_authority`)&&t.hasOwnProperty(`authorization_endpoint`)&&t.hasOwnProperty(`token_endpoint`)&&t.hasOwnProperty(`issuer`)&&t.hasOwnProperty(`aliasesFromNetwork`)&&t.hasOwnProperty(`endpointsFromNetwork`)&&t.hasOwnProperty(`expiresAt`)&&t.hasOwnProperty(`jwks_uri`):!1}function cs(){return z()+wn}function ls(e,t,n){e.authorization_endpoint=t.authorization_endpoint,e.token_endpoint=t.token_endpoint,e.end_session_endpoint=t.end_session_endpoint,e.issuer=t.issuer,e.endpointsFromNetwork=n,e.jwks_uri=t.jwks_uri}function us(e,t,n){e.aliases=t.aliases,e.preferred_cache=t.preferred_cache,e.preferred_network=t.preferred_network,e.aliasesFromNetwork=n}function ds(e){return e.expiresAt<=z()}var fs=t((()=>{Ga(),P(),A(),Yo(),I()})),ps,ms,hs,gs,_s,vs,ys,bs,xs,Ss,Cs,ws,Ts,Es,Ds,Os,ks,As,js,Ms,Ns,Ps,Fs,Is=t((()=>{ps=`networkClientSendPostRequestAsync`,ms=`refreshTokenClientExecutePostToTokenEndpoint`,hs=`authorizationCodeClientExecutePostToTokenEndpoint`,gs=`refreshTokenClientExecuteTokenRequest`,_s=`refreshTokenClientAcquireToken`,vs=`refreshTokenClientAcquireTokenWithCachedRefreshToken`,ys=`refreshTokenClientCreateTokenRequestBody`,bs=`silentFlowClientGenerateResultFromCacheRecord`,xs=`authClientExecuteTokenRequest`,Ss=`authClientCreateTokenRequestBody`,Cs=`updateTokenEndpointAuthority`,ws=`popTokenGenerateCnf`,Ts=`handleServerTokenResponse`,Es=`authorityResolveEndpointsAsync`,Ds=`authorityGetCloudDiscoveryMetadataFromNetwork`,Os=`authorityUpdateCloudDiscoveryMetadata`,ks=`authorityGetEndpointMetadataFromNetwork`,As=`authorityUpdateEndpointMetadata`,js=`authorityUpdateMetadataWithRegionalInformation`,Ms=`regionDiscoveryDetectRegion`,Ns=`regionDiscoveryGetRegionFromIMDS`,Ps=`regionDiscoveryGetCurrentVersion`,Fs=`cacheManagerGetRefreshToken`})),Ls,B,Rs=t((()=>{Ls=(e,t,n,r,i)=>(...a)=>{n.trace(`Executing function '${t}'`,i);let o=r.startMeasurement(t,i);i&&r.incrementFields({[`ext.${t}CallCount`]:1},i);try{let r=e(...a);return o.end({success:!0}),n.trace(`Returning result from '${t}'`,i),r}catch(e){n.trace(`Error occurred in '${t}'`,i);try{n.trace(JSON.stringify(e),i)}catch{n.trace(`Unable to print error message.`,i)}throw o.end({success:!1},e),e}},B=(e,t,n,r,i)=>(...a)=>{n.trace(`Executing function '${t}'`,i);let o=r.startMeasurement(t,i);return i&&r.incrementFields({[`ext.${t}CallCount`]:1},i),e(...a).then(e=>(n.trace(`Returning result from '${t}'`,i),o.end({success:!0}),e)).catch(e=>{n.trace(`Error occurred in '${t}'`,i);try{n.trace(JSON.stringify(e),i)}catch{n.trace(`Unable to print error message.`,i)}throw o.end({success:!1},e),e})}})),zs,Bs,Vs=t((()=>{Yo(),Ka(),Is(),Rs(),zs={SW:`sw`},Bs=class{constructor(e,t){this.cryptoUtils=e,this.performanceClient=t}async generateCnf(e,t){let n=await B(this.generateKid.bind(this),ws,t,this.performanceClient,e.correlationId)(e),r=this.cryptoUtils.base64UrlEncode(JSON.stringify(n));return{kid:n.kid,reqCnfString:r}}async generateKid(e){return{kid:await this.cryptoUtils.getPublicKeyThumbprint(e),xms_ksl:zs.SW}}async signPopToken(e,t,n){return this.signPayload(e,t,n)}async signPayload(e,t,n,r){let{resourceRequestMethod:i,resourceRequestUri:a,shrClaims:o,shrNonce:s,shrOptions:c}=n,l=(a?new R(a):void 0)?.getUrlComponents();return this.cryptoUtils.signJwt({at:e,ts:z(),m:i?.toUpperCase(),u:l?.HostNameAndPort,nonce:s||this.cryptoUtils.createNewGuid(),p:l?.AbsolutePath,q:l?.QueryString?[[],l.QueryString]:void 0,client_claims:o||void 0,...r},t,c,n.correlationId)}}})),Hs,Us,Ws,Gs,Ks,qs,Js,Ys,Xs=t((()=>{Hs=`no_tokens_found`,Us=`refresh_token_expired`,Ws=`ux_not_allowed`,Gs=`interaction_required`,Ks=`consent_required`,qs=`login_required`,Js=`bad_token`,Ys=`interrupted_user`}));function Zs(e,t,n){let r=!!e&&$s.indexOf(e)>-1,i=!!n&&ec.indexOf(n)>-1,a=!!t&&$s.some(e=>t.indexOf(e)>-1);return r||a||i}function Qs(e,t){return new tc(e,t)}var $s,ec,tc,nc=t((()=>{kr(),Xs(),$s=[Gs,Ks,qs,Js,Ws,Ys],ec=[`message_only`,`additional_action`,`basic_action`,`user_password_expired`,`consent_required`,`bad_token`,`ux_not_allowed`,`interrupted_user`],tc=class e extends j{constructor(t,n,r,i,a,o,s,c){super(t,n,r),Object.setPrototypeOf(this,e.prototype),this.timestamp=i||``,this.traceId=a||``,this.correlationId=o||``,this.claims=s||``,this.name=`InteractionRequiredAuthError`,this.errorNo=c}}})),rc,ic=t((()=>{kr(),rc=class e extends j{constructor(t,n,r,i,a){super(t,n,r),this.name=`ServerError`,this.errorNo=i,this.status=a,Object.setPrototypeOf(this,e.prototype)}}}));function ac(e,t){if(!e)throw N(_i);if(!t)throw N(ri);try{let n=t.split(`|`),r=n[0],i=n.length>1?n.slice(1).join(`|`):``,a=e(r),o=JSON.parse(a);return{userRequestState:i||``,libraryState:o}}catch{throw N(ri)}}var oc=t((()=>{A(),P(),I()}));function sc(e,t,n,r,i,a,o,s,c,l,u,d,f){d?.verbose(`setCachedAccount called`,i);let p=s||t.getPreferredCache(),m=e.getAccountsFilteredBy({homeAccountId:n,environment:p},i);f?.addFields({cacheMatchedAccounts:m.length},i),m.length>1&&d?.warning(`Multiple base accounts matched homeAccountId. Ignoring cached account and creating a new base account.`,i);let h=(m.length===1?m[0]:null)||xo({homeAccountId:n,idTokenClaims:a,clientInfo:o,environment:s,cloudGraphHostName:l?.cloud_graph_host_name,msGraphHost:l?.msgraph_host,nativeAccountId:u},t,r),ee=h.tenantProfiles||[],g=c||h.realm;if(g&&!ee.find(e=>e.tenantId===g)){let e=Ra(n,h.localAccountId,g,a);ee.push(e)}return h.tenantProfiles=ee,h}var cc,lc=t((()=>{Ba(),Ga(),_o(),Wo(),wo(),fs(),Vs(),P(),nc(),ic(),Ti(),A(),oc(),Yo(),I(),cc=class e{constructor(e,t,n,r,i,a,o){this.clientId=e,this.cacheStorage=t,this.cryptoObj=n,this.logger=r,this.performanceClient=i,this.serializableCache=a,this.persistencePlugin=o}validateTokenResponse(e,t,n){if(e.error||e.error_description||e.suberror){let r=`Error(s): ${e.error_codes||`Not Available`} - Timestamp: ${e.timestamp||`Not Available`} - Description: ${e.error_description||`Not Available`} - Correlation ID: ${e.correlation_id||`Not Available`} - Trace ID: ${e.trace_id||`Not Available`}`,i=e.error_codes?.length?e.error_codes[0]:void 0,a=new rc(e.error,r,e.suberror,i,e.status);if(n&&e.status&&e.status>=500&&e.status<=599){this.logger.warning(`executeTokenRequest:validateTokenResponse - AAD is currently unavailable and the access token is unable to be refreshed.\n${a}`,t);return}else if(n&&e.status&&e.status>=400&&e.status<=499){this.logger.warning(`executeTokenRequest:validateTokenResponse - AAD is currently available but is unable to refresh the access token.\n${a}`,t);return}throw Zs(e.error,e.error_description,e.suberror)?new tc(e.error,e.error_description,e.suberror,e.timestamp||``,e.trace_id||``,e.correlation_id||``,e.claims||``,i):a}}async handleServerTokenResponse(t,n,r,i,a,o,s,c,l,u){let d;if(t.id_token){if(d=Va(t.id_token||``,this.cryptoObj.base64Decode),o&&o.nonce&&d.nonce!==o.nonce)throw N(ai);if(i.maxAge||i.maxAge===0){let e=d.auth_time;if(!e)throw N(oi);Wa(e,i.maxAge)}}this.homeAccountIdentifier=So(t.client_info||``,n.authorityType,this.logger,this.cryptoObj,i.correlationId,d);let f;o&&o.state&&(f=ac(this.cryptoObj.base64Decode,o.state)),t.key_id=t.key_id||i.sshKid||void 0;let p=this.generateCacheRecord(t,n,r,i,d,s,o),m;try{if(this.persistencePlugin&&this.serializableCache&&(this.logger.verbose(`Persistence enabled, calling beforeCacheAccess`,i.correlationId),m=new Uo(this.serializableCache,!0),await this.persistencePlugin.beforeCacheAccess(m)),c&&!l&&p.account&&this.cacheStorage.getAllAccounts({homeAccountId:p.account.homeAccountId,environment:p.account.environment},i.correlationId).length<1)return this.logger.warning(`Account used to refresh tokens not in persistence, refreshed tokens will not be stored in the cache`,i.correlationId),this.performanceClient?.addFields({acntLoggedOut:!0},i.correlationId),await e.generateAuthenticationResult(this.cryptoObj,n,p,!1,i,this.performanceClient,d,f,void 0,u);await this.cacheStorage.saveCacheRecord(p,i.correlationId,Ha(d||{}),a,i.storeInCache)}finally{this.persistencePlugin&&this.serializableCache&&m&&(this.logger.verbose(`Persistence enabled, calling afterCacheAccess`,i.correlationId),await this.persistencePlugin.afterCacheAccess(m))}return e.generateAuthenticationResult(this.cryptoObj,n,p,!1,i,this.performanceClient,d,f,t,u)}generateCacheRecord(e,t,n,r,i,a,o){let s=t.getPreferredCache();if(!s)throw N(gi);let c=go(i),l,u;e.id_token&&i&&(l=Xo(this.homeAccountIdentifier,s,e.id_token,this.clientId,c||``),u=sc(this.cacheStorage,t,this.homeAccountIdentifier,this.cryptoObj.base64Decode,r.correlationId,i,e.client_info,s,c,o,void 0,this.logger,this.performanceClient));let d=null;if(e.access_token){let i=e.scope?wi.fromString(e.scope):new wi(r.scopes||[]),o=(typeof e.expires_in==`string`?parseInt(e.expires_in,10):e.expires_in)||0,l=(typeof e.ext_expires_in==`string`?parseInt(e.ext_expires_in,10):e.ext_expires_in)||0,u=(typeof e.refresh_in==`string`?parseInt(e.refresh_in,10):e.refresh_in)||void 0,f=n+o,p=f+l,m=u&&u>0?n+u:void 0;d=Zo(this.homeAccountIdentifier,s,e.access_token,this.clientId,c||t.tenant||``,i.printScopes(),f,p,this.cryptoObj.base64Decode,m,e.token_type,a,e.key_id);let h=r.resource||null;h&&(d.resource=h)}let f=null;if(e.refresh_token){let t;e.refresh_token_expires_in&&(t=n+(typeof e.refresh_token_expires_in==`string`?parseInt(e.refresh_token_expires_in,10):e.refresh_token_expires_in),this.performanceClient?.addFields({ntwkRtExpiresOnSeconds:t},r.correlationId)),f=Qo(this.homeAccountIdentifier,s,e.refresh_token,this.clientId,e.foci,a,t)}let p=null;return e.foci&&(p={clientId:this.clientId,environment:s,familyId:e.foci}),{account:u,idToken:l,accessToken:d,refreshToken:f,appMetadata:p}}static async generateAuthenticationResult(e,t,n,r,i,a,o,s,c,l){let u=``,d=[],f=null,p,m,h=``;if(n.accessToken){if(n.accessToken.tokenType===O.POP&&!i.popKid){let t=new Bs(e,a),{secret:r,keyId:o}=n.accessToken;if(!o)throw N(xi);u=await t.signPopToken(r,o,i)}else u=n.accessToken.secret;d=wi.fromString(n.accessToken.target).asArray(),f=Go(n.accessToken.expiresOn),p=Go(n.accessToken.extendedExpiresOn),n.accessToken.refreshOn&&(m=Go(n.accessToken.refreshOn))}n.appMetadata&&(h=n.appMetadata.familyId===`1`?`1`:``);let ee=o?.oid||o?.sub||``,g=o?.tid||``;c?.spa_accountid&&n.account&&(n.account.nativeAccountId=c?.spa_accountid);let te=n.account?za(bo(n.account),void 0,o,n.idToken?.secret):null;return{authority:t.canonicalAuthority,uniqueId:ee,tenantId:g,scopes:d,account:te,idToken:n?.idToken?.secret||``,idTokenClaims:o||{},accessToken:u,fromCache:r,expiresOn:f,extExpiresOn:p,refreshOn:m,correlationId:i.correlationId,requestId:l||``,familyId:h,tokenType:n.accessToken?.tokenType||``,state:s?s.userRequestState:``,cloudGraphHostName:n.account?.cloudGraphHostName||``,msGraphHost:n.account?.msGraphHost||``,code:c?.spa_code,fromPlatformBroker:!1}}}})),uc,dc=t((()=>{uc={HOME_ACCOUNT_ID:`home_account_id`,UPN:`UPN`}}));async function fc(e,t,n){return typeof e==`string`?e:e({clientId:t,tokenEndpoint:n})}var pc=t((()=>{}));function mc(e,t,n){return{clientId:e,authority:t.authority,scopes:t.scopes,homeAccountIdentifier:n,claims:t.claims,authenticationScheme:t.authenticationScheme,resourceRequestMethod:t.resourceRequestMethod,resourceRequestUri:t.resourceRequestUri,shrClaims:t.shrClaims,sshKid:t.sshKid,embeddedClientId:t.embeddedClientId||t.extraParameters?.clientId}}var hc=t((()=>{})),gc,_c=t((()=>{A(),ic(),hc(),gc=class e{static generateThrottlingStorageKey(e){return`${On}.${JSON.stringify(e)}`}static preProcess(t,n,r){let i=e.generateThrottlingStorageKey(n),a=t.getThrottlingCache(i,r);if(a){if(a.throttleTime<Date.now()){t.removeItem(i,r);return}throw new rc(a.errorCodes?.join(` `)||``,a.errorMessage,a.subError)}}static postProcess(t,n,r,i){if(e.checkResponseStatus(r)||e.checkResponseForRetryAfter(r)){let a={throttleTime:e.calculateThrottleTime(parseInt(r.headers[T.RETRY_AFTER])),error:r.body.error,errorCodes:r.body.error_codes,errorMessage:r.body.error_description,subError:r.body.suberror};t.setThrottlingCache(e.generateThrottlingStorageKey(n),a,i)}}static checkResponseStatus(e){return e.status===429||e.status>=500&&e.status<600}static checkResponseForRetryAfter(e){return e.headers?e.headers.hasOwnProperty(T.RETRY_AFTER)&&(e.status<200||e.status>=300):!1}static calculateThrottleTime(e){let t=e<=0?0:e,n=Date.now()/1e3;return Math.floor(Math.min(n+(t||60),n+Dn)*1e3)}static removeThrottle(e,t,n,r){let i=mc(t,n,r),a=this.generateThrottlingStorageKey(i);e.removeItem(a,n.correlationId)}}}));function vc(e,t,n,r){return e.errorMessage=`${e.errorMessage}, additionalErrorInfo: error.name:${r?.name}, error.message:${r?.message}`,new yc(e,t,n)}var yc,bc=t((()=>{kr(),yc=class e extends j{constructor(t,n,r){super(t.errorCode,t.errorMessage,t.subError),Object.setPrototypeOf(this,e.prototype),this.name=`NetworkError`,this.error=t,this.httpStatus=n,this.responseHeaders=r}}}));function xc(e,t,n){let r={};if(r[T.CONTENT_TYPE]=nn,!t&&n)switch(n.type){case uc.HOME_ACCOUNT_ID:try{let e=fo(n.credential);r[T.CCS_HEADER]=`Oid:${e.uid}@${e.utid}`}catch(t){e.verbose(`Could not parse home account ID for CCS Header: '${t}'`,``)}break;case uc.UPN:r[T.CCS_HEADER]=`UPN: ${n.credential}`;break}return r}function Sc(e,t,n,r){let i=new Map;return e.embeddedClientId&&ha(i,t,n),e.extraQueryParameters&&oa(i,e.extraQueryParameters),Bi(i,e.correlationId),Ei(i,e.correlationId,r),ba(i)}async function Cc(e,t,n,r,i,a,o,s,c,l){let u=await wc(r,e,{body:t,headers:n},i,a,o,s,c);return l&&u.status<500&&u.status!==429&&l.clearTelemetryCache(),u}async function wc(e,t,n,r,i,a,o,s){gc.preProcess(i,e,r);let c;try{c=await B(a.sendPostRequestAsync.bind(a),ps,o,s,r)(t,n);let e=c.headers||{};s?.addFields({refreshTokenSize:c.body.refresh_token?.length||0,httpVerToken:e[T.X_MS_HTTP_VERSION]||``,requestId:e[T.X_MS_REQUEST_ID]||``},r)}catch(e){if(e instanceof yc){let t=e.responseHeaders;throw t&&s?.addFields({httpVerToken:t[T.X_MS_HTTP_VERSION]||``,requestId:t[T.X_MS_REQUEST_ID]||``,contentTypeHeader:t[T.CONTENT_TYPE]||void 0,contentLengthHeader:t[T.CONTENT_LENGTH]||void 0,httpStatus:e.httpStatus},r),e.error}throw e instanceof j?e:N(ei)}return gc.postProcess(i,e,c,r),c}var Tc=t((()=>{dc(),po(),A(),_a(),xa(),_c(),bc(),kr(),P(),Rs(),Is(),I()}));function Ec(e){return e.hasOwnProperty(`authorization_endpoint`)&&e.hasOwnProperty(`token_endpoint`)&&e.hasOwnProperty(`issuer`)&&e.hasOwnProperty(`jwks_uri`)}var Dc=t((()=>{}));function Oc(e){return e.hasOwnProperty(`tenant_discovery_endpoint`)&&e.hasOwnProperty(`metadata`)}var kc=t((()=>{}));function Ac(e){return e.hasOwnProperty(`error`)&&e.hasOwnProperty(`error_description`)}var jc=t((()=>{})),Mc,Nc=t((()=>{A(),Is(),Rs(),Mc=class e{constructor(e,t,n,r){this.networkInterface=e,this.logger=t,this.performanceClient=n,this.correlationId=r}async detectRegion(t,n){let r=t;if(r)n.region_source=jn.ENVIRONMENT_VARIABLE;else{let t=e.IMDS_OPTIONS;try{let e=await B(this.getRegionFromIMDS.bind(this),Ns,this.logger,this.performanceClient,this.correlationId)(an,t);if(e.status===200&&(r=e.body,n.region_source=jn.IMDS),e.status===400){let e=await B(this.getCurrentVersion.bind(this),Ps,this.logger,this.performanceClient,this.correlationId)(t);if(!e)return n.region_source=jn.FAILED_AUTO_DETECTION,null;let i=await B(this.getRegionFromIMDS.bind(this),Ns,this.logger,this.performanceClient,this.correlationId)(e,t);i.status===200&&(r=i.body,n.region_source=jn.IMDS)}}catch{return n.region_source=jn.FAILED_AUTO_DETECTION,null}}return r||(n.region_source=jn.FAILED_AUTO_DETECTION),r||null}async getRegionFromIMDS(e,t){return this.networkInterface.sendGetRequestAsync(`${rn}?api-version=${e}&format=text`,t,on)}async getCurrentVersion(e){try{let t=await this.networkInterface.sendGetRequestAsync(`${rn}?format=json`,e);return t.status===400&&t.body&&t.body[`newest-versions`]&&t.body[`newest-versions`].length>0?t.body[`newest-versions`][0]:null}catch{return null}}},Mc.IMDS_OPTIONS={headers:{Metadata:`true`}}}));function Pc(e){let t=new R(e).getUrlComponents().PathSegments.slice(-1)[0]?.toLowerCase();switch(t){case dn.COMMON:case dn.ORGANIZATIONS:case dn.CONSUMERS:return;default:return t}}function Fc(e){return e.endsWith(`/`)?e:`${e}/`}function Ic(e){let t=e.cloudDiscoveryMetadata,n;if(t)try{n=JSON.parse(t)}catch{throw M(Wr)}return{canonicalAuthority:e.authority?Fc(e.authority):void 0,knownAuthorities:e.knownAuthorities,cloudDiscoveryMetadata:n}}var Lc,Rc=t((()=>{ho(),Dc(),Ka(),P(),A(),ro(),jr(),yo(),Ia(),kc(),jc(),Nc(),kr(),Is(),Rs(),fs(),I(),Jr(),Lc=class e{constructor(e,t,n,r,i,a,o,s){this.canonicalAuthority=e,this._canonicalAuthority.validateAsUri(),this.networkInterface=t,this.cacheManager=n,this.authorityOptions=r,this.regionDiscoveryMetadata={region_used:void 0,region_source:void 0,region_outcome:void 0},this.logger=i,this.performanceClient=o,this.correlationId=a,this.managedIdentity=s||!1,this.regionDiscovery=new Mc(t,this.logger,this.performanceClient,this.correlationId)}getAuthorityType(e){if(e.HostNameAndPort.endsWith(`.ciamlogin.com`))return mo.Ciam;let t=e.PathSegments;if(t.length)switch(t[0].toLowerCase()){case Jt:return mo.Adfs;case Yt:return mo.Dsts}return mo.Default}get authorityType(){return this.getAuthorityType(this.canonicalAuthorityUrlComponents)}get protocolMode(){return this.authorityOptions.protocolMode}get options(){return this.authorityOptions}get canonicalAuthority(){return this._canonicalAuthority.urlString}set canonicalAuthority(e){this._canonicalAuthority=new R(e),this._canonicalAuthority.validateAsUri(),this._canonicalAuthorityUrlComponents=null}get canonicalAuthorityUrlComponents(){return this._canonicalAuthorityUrlComponents||(this._canonicalAuthorityUrlComponents=this._canonicalAuthority.getUrlComponents()),this._canonicalAuthorityUrlComponents}get hostnameAndPort(){return this.canonicalAuthorityUrlComponents.HostNameAndPort.toLowerCase()}get tenant(){return this.canonicalAuthorityUrlComponents.PathSegments[0]}get authorizationEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.authorization_endpoint);throw N($r)}get tokenEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.token_endpoint);throw N($r)}get deviceCodeEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.token_endpoint.replace(`/token`,`/devicecode`));throw N($r)}get endSessionEndpoint(){if(this.discoveryComplete()){if(!this.metadata.end_session_endpoint)throw N(bi);return this.replacePath(this.metadata.end_session_endpoint)}else throw N($r)}get selfSignedJwtAudience(){if(this.discoveryComplete())return this.replacePath(this.metadata.issuer);throw N($r)}get jwksUri(){if(this.discoveryComplete())return this.replacePath(this.metadata.jwks_uri);throw N($r)}canReplaceTenant(t){return t.PathSegments.length===1&&!e.reservedTenantDomains.has(t.PathSegments[0])&&this.getAuthorityType(t)===mo.Default&&this.protocolMode!==vo.OIDC}replaceTenant(e){return e.replace(/{tenant}|{tenantid}/g,this.tenant)}replacePath(e){let t=e,n=new R(this.metadata.canonical_authority).getUrlComponents(),r=n.PathSegments;return this.canonicalAuthorityUrlComponents.PathSegments.forEach((e,i)=>{let a=r[i];if(i===0&&this.canReplaceTenant(n)){let e=new R(this.metadata.authorization_endpoint).getUrlComponents().PathSegments[0];a!==e&&(this.logger.verbose(`Replacing tenant domain name '${a}' with id '${e}'`,this.correlationId),a=e)}e!==a&&(t=t.replace(`/${a}/`,`/${e}/`))}),this.replaceTenant(t)}get defaultOpenIdConfigurationEndpoint(){let e=this.hostnameAndPort;return this.canonicalAuthority.endsWith(`v2.0/`)||this.authorityType===mo.Adfs||this.protocolMode===vo.OIDC&&!this.isAliasOfKnownMicrosoftAuthority(e)?`${this.canonicalAuthority}.well-known/openid-configuration`:`${this.canonicalAuthority}v2.0/.well-known/openid-configuration`}discoveryComplete(){return!!this.metadata}async resolveEndpointsAsync(){let e=this.getCurrentMetadataEntity(),t=await B(this.updateCloudDiscoveryMetadata.bind(this),Os,this.logger,this.performanceClient,this.correlationId)(e);this.canonicalAuthority=this.canonicalAuthority.replace(this.hostnameAndPort,e.preferred_network);let n=await B(this.updateEndpointMetadata.bind(this),As,this.logger,this.performanceClient,this.correlationId)(e);this.updateCachedMetadata(e,t,{source:n}),this.performanceClient?.addFields({cloudDiscoverySource:t,authorityEndpointSource:n},this.correlationId)}getCurrentMetadataEntity(){let e=this.cacheManager.getAuthorityMetadataByAlias(this.hostnameAndPort,this.correlationId);return e||(e={aliases:[],preferred_cache:this.hostnameAndPort,preferred_network:this.hostnameAndPort,canonical_authority:this.canonicalAuthority,authorization_endpoint:``,token_endpoint:``,end_session_endpoint:``,issuer:``,aliasesFromNetwork:!1,endpointsFromNetwork:!1,expiresAt:cs(),jwks_uri:``}),e}updateCachedMetadata(e,t,n){t!==D.CACHE&&n?.source!==D.CACHE&&(e.expiresAt=cs(),e.canonical_authority=this.canonicalAuthority);let r=this.cacheManager.generateAuthorityMetadataCacheKey(e.preferred_cache,this.correlationId);this.cacheManager.setAuthorityMetadata(r,e,this.correlationId),this.metadata=e}async updateEndpointMetadata(e){let t=this.updateEndpointMetadataFromLocalSources(e);if(t)return t.source===D.HARDCODED_VALUES&&this.authorityOptions.azureRegionConfiguration?.azureRegion&&t.metadata&&(ls(e,await B(this.updateMetadataWithRegionalInformation.bind(this),js,this.logger,this.performanceClient,this.correlationId)(t.metadata),!1),e.canonical_authority=this.canonicalAuthority),t.source;let n=await B(this.getEndpointMetadataFromNetwork.bind(this),ks,this.logger,this.performanceClient,this.correlationId)();if(n)return this.authorityOptions.azureRegionConfiguration?.azureRegion&&(n=await B(this.updateMetadataWithRegionalInformation.bind(this),js,this.logger,this.performanceClient,this.correlationId)(n)),ls(e,n,!0),D.NETWORK;throw N(ti,this.defaultOpenIdConfigurationEndpoint)}updateEndpointMetadataFromLocalSources(e){this.logger.verbose(`Attempting to get endpoint metadata from authority configuration`,this.correlationId);let t=this.getEndpointMetadataFromConfig();if(t)return this.logger.verbose(`Found endpoint metadata in authority configuration`,this.correlationId),ls(e,t,!1),{source:D.CONFIG};this.logger.verbose(`Did not find endpoint metadata in the config... Attempting to get endpoint metadata from the hardcoded values.`,this.correlationId);let n=this.getEndpointMetadataFromHardcodedValues();if(n)return ls(e,n,!1),{source:D.HARDCODED_VALUES,metadata:n};this.logger.verbose(`Did not find endpoint metadata in hardcoded values... Attempting to get endpoint metadata from the network metadata cache.`,this.correlationId);let r=ds(e);return this.isAuthoritySameType(e)&&e.endpointsFromNetwork&&!r?(this.logger.verbose(`Found endpoint metadata in the cache.`,``),{source:D.CACHE}):(r&&this.logger.verbose(`The metadata entity is expired.`,``),null)}isAuthoritySameType(e){return new R(e.canonical_authority).getUrlComponents().PathSegments.length===this.canonicalAuthorityUrlComponents.PathSegments.length}getEndpointMetadataFromConfig(){if(this.authorityOptions.authorityMetadata)try{return JSON.parse(this.authorityOptions.authorityMetadata)}catch{throw M(Gr)}return null}async getEndpointMetadataFromNetwork(){let e={},t=this.defaultOpenIdConfigurationEndpoint;this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: attempting to retrieve OAuth endpoints from '${t}'`,this.correlationId);try{let n=await this.networkInterface.sendGetRequestAsync(t,e);return Ec(n.body)?n.body:(this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: could not parse response as OpenID configuration`,this.correlationId),null)}catch(e){return this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: '${e}'`,this.correlationId),null}}getEndpointMetadataFromHardcodedValues(){return this.hostnameAndPort in eo?eo[this.hostnameAndPort]:null}async updateMetadataWithRegionalInformation(t){let n=this.authorityOptions.azureRegionConfiguration?.azureRegion;if(n){if(n!==`TryAutoDetect`)return this.regionDiscoveryMetadata.region_outcome=Mn.CONFIGURED_NO_AUTO_DETECTION,this.regionDiscoveryMetadata.region_used=n,e.replaceWithRegionalInformation(t,n);let r=await B(this.regionDiscovery.detectRegion.bind(this.regionDiscovery),Ms,this.logger,this.performanceClient,this.correlationId)(this.authorityOptions.azureRegionConfiguration?.environmentRegion,this.regionDiscoveryMetadata);if(r)return this.regionDiscoveryMetadata.region_outcome=Mn.AUTO_DETECTION_REQUESTED_SUCCESSFUL,this.regionDiscoveryMetadata.region_used=r,e.replaceWithRegionalInformation(t,r);this.regionDiscoveryMetadata.region_outcome=Mn.AUTO_DETECTION_REQUESTED_FAILED}return t}async updateCloudDiscoveryMetadata(e){let t=this.updateCloudDiscoveryMetadataFromLocalSources(e);if(t)return t;let n=await B(this.getCloudDiscoveryMetadataFromNetwork.bind(this),Ds,this.logger,this.performanceClient,this.correlationId)();if(n)return us(e,n,!0),D.NETWORK;throw M(Kr)}updateCloudDiscoveryMetadataFromLocalSources(e){this.logger.verbose(`Attempting to get cloud discovery metadata  from authority configuration`,this.correlationId),this.logger.verbosePii(`Known Authorities: '${this.authorityOptions.knownAuthorities||`N/A`}'`,this.correlationId),this.logger.verbosePii(`Authority Metadata: '${this.authorityOptions.authorityMetadata||`N/A`}'`,this.correlationId),this.logger.verbosePii(`Canonical Authority: '${e.canonical_authority||`N/A`}'`,this.correlationId);let t=this.getCloudDiscoveryMetadataFromConfig();if(t)return this.logger.verbose(`Found cloud discovery metadata in authority configuration`,this.correlationId),us(e,t,!1),D.CONFIG;this.logger.verbose(`Did not find cloud discovery metadata in the config... Attempting to get cloud discovery metadata from the hardcoded values.`,this.correlationId);let n=Xa(this.hostnameAndPort);if(n)return this.logger.verbose(`Found cloud discovery metadata from hardcoded values.`,this.correlationId),us(e,n,!1),D.HARDCODED_VALUES;this.logger.verbose(`Did not find cloud discovery metadata in hardcoded values... Attempting to get cloud discovery metadata from the network metadata cache.`,this.correlationId);let r=ds(e);return this.isAuthoritySameType(e)&&e.aliasesFromNetwork&&!r?(this.logger.verbose(`Found cloud discovery metadata in the cache.`,``),D.CACHE):(r&&this.logger.verbose(`The metadata entity is expired.`,``),null)}getCloudDiscoveryMetadataFromConfig(){if(this.authorityType===mo.Ciam)return this.logger.verbose(`CIAM authorities do not support cloud discovery metadata, generate the aliases from authority host.`,this.correlationId),e.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);if(this.authorityOptions.cloudDiscoveryMetadata){this.logger.verbose(`The cloud discovery metadata has been provided as a network response, in the config.`,this.correlationId);try{this.logger.verbose(`Attempting to parse the cloud discovery metadata.`,this.correlationId);let e=Za(JSON.parse(this.authorityOptions.cloudDiscoveryMetadata).metadata,this.hostnameAndPort);if(this.logger.verbose(`Parsed the cloud discovery metadata.`,``),e)return this.logger.verbose(`There is returnable metadata attached to the parsed cloud discovery metadata.`,this.correlationId),e;this.logger.verbose(`There is no metadata attached to the parsed cloud discovery metadata.`,this.correlationId)}catch{throw this.logger.verbose(`Unable to parse the cloud discovery metadata. Throwing Invalid Cloud Discovery Metadata Error.`,this.correlationId),M(Wr)}}return this.isInKnownAuthorities()?(this.logger.verbose(`The host is included in knownAuthorities. Creating new cloud discovery metadata from the host.`,this.correlationId),e.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort)):null}async getCloudDiscoveryMetadataFromNetwork(){let t=`${Xt}${this.canonicalAuthority}oauth2/v2.0/authorize`,n={},r=null;try{let e=await this.networkInterface.sendGetRequestAsync(t,n),i,a;if(Oc(e.body))i=e.body,a=i.metadata,this.logger.verbosePii(`tenant_discovery_endpoint is: '${i.tenant_discovery_endpoint}'`,this.correlationId);else if(Ac(e.body)){if(this.logger.warning(`A CloudInstanceDiscoveryErrorResponse was returned. The cloud instance discovery network request's status code is: '${e.status}'`,this.correlationId),i=e.body,i.error===`invalid_instance`)return this.logger.error(`The CloudInstanceDiscoveryErrorResponse error is invalid_instance.`,this.correlationId),null;this.logger.warning(`The CloudInstanceDiscoveryErrorResponse error is '${i.error}'`,this.correlationId),this.logger.warning(`The CloudInstanceDiscoveryErrorResponse error description is '${i.error_description}'`,this.correlationId),this.logger.warning(`Setting the value of the CloudInstanceDiscoveryMetadata (returned from the network, correlationId) to []`,this.correlationId),a=[]}else return this.logger.error(`AAD did not return a CloudInstanceDiscoveryResponse or CloudInstanceDiscoveryErrorResponse`,this.correlationId),null;this.logger.verbose(`Attempting to find a match between the developer's authority and the CloudInstanceDiscoveryMetadata returned from the network request.`,this.correlationId),r=Za(a,this.hostnameAndPort)}catch(e){if(e instanceof j)this.logger.error(`There was a network error while attempting to get the cloud discovery instance metadata.\nError: '${e.errorCode}'\nError Description: '${e.errorMessage}'`,this.correlationId);else{let t=e;this.logger.error(`A non-MSALJS error was thrown while attempting to get the cloud instance discovery metadata.\nError: '${t.name}'\nError Description: '${t.message}'`,this.correlationId)}return null}return r||(this.logger.warning(`The developer's authority was not found within the CloudInstanceDiscoveryMetadata returned from the network request.`,this.correlationId),this.logger.verbose(`Creating custom Authority for custom domain scenario.`,this.correlationId),r=e.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort)),r}isInKnownAuthorities(){return this.authorityOptions.knownAuthorities.filter(e=>e&&R.getDomainFromUrl(e).toLowerCase()===this.hostnameAndPort).length>0}static generateAuthority(e,t){let n;if(t&&t.azureCloudInstance!==Fa.None){let e=t.tenant?t.tenant:qt;n=`${t.azureCloudInstance}/${e}/`}return n||e}static createCloudDiscoveryMetadataFromHost(e){return{preferred_network:e,preferred_cache:e,aliases:[e]}}getPreferredCache(){if(this.managedIdentity)return Kt;if(this.discoveryComplete())return this.metadata.preferred_cache;throw N($r)}isAlias(e){return this.metadata.aliases.indexOf(e)>-1}isAliasOfKnownMicrosoftAuthority(e){return no.has(e)}static isPublicCloudAuthority(e){return cn.indexOf(e)>=0}static buildRegionalAuthorityString(e,t,n){let r=new R(e);r.validateAsUri();let i=r.getUrlComponents(),a=`${t}.${i.HostNameAndPort}`;this.isPublicCloudAuthority(i.HostNameAndPort)&&(a=`${t}.${sn}`);let o=R.constructAuthorityUriFromObject({...r.getUrlComponents(),HostNameAndPort:a}).urlString;return n?`${o}?${n}`:o}static replaceWithRegionalInformation(t,n){let r={...t};return r.authorization_endpoint=e.buildRegionalAuthorityString(r.authorization_endpoint,n),r.token_endpoint=e.buildRegionalAuthorityString(r.token_endpoint,n),r.end_session_endpoint&&(r.end_session_endpoint=e.buildRegionalAuthorityString(r.end_session_endpoint,n)),r}static transformCIAMAuthority(e){let t=e,n=new R(e).getUrlComponents();if(n.PathSegments.length===0&&n.HostNameAndPort.endsWith(`.ciamlogin.com`)){let e=n.HostNameAndPort.split(`.`)[0];t=`${t}${e}${Zt}`}return t}},Lc.reservedTenantDomains=new Set([`{tenant}`,`{tenantid}`,dn.COMMON,dn.CONSUMERS,dn.ORGANIZATIONS])}));async function zc(e,t,n,r,i,a,o){let s=new Lc(Lc.transformCIAMAuthority(Fc(e)),t,n,r,i,a,o);try{return await B(s.resolveEndpointsAsync.bind(s),Es,i,o,a)(),s}catch{throw N($r)}}var Bc=t((()=>{Rc(),P(),Is(),Rs(),I()})),Vc,Hc=t((()=>{_a(),xa(),A(),Er(),Ho(),lc(),Nr(),P(),Ka(),Vs(),Yo(),po(),dc(),jr(),Is(),Rs(),pc(),hc(),Tc(),Bc(),ja(),Pa(),I(),Jr(),Vc=class{constructor(e,t){this.includeRedirectUri=!0,this.config=Mo(e),this.logger=new Aa(this.config.loggerOptions,Ma,Na),this.cryptoUtils=this.config.cryptoInterface,this.cacheManager=this.config.storageInterface,this.networkClient=this.config.networkInterface,this.serverTelemetryManager=this.config.serverTelemetryManager,this.authority=this.config.authOptions.authority,this.performanceClient=t,this.oidcDefaultScopes=this.config.authOptions.authority.options.OIDCOptions?.defaultScopes}async acquireToken(e,t,n){if(!e.code)throw N(ui);n&&n.cloud_instance_host_name&&await B(this.updateTokenEndpointAuthority.bind(this),Cs,this.logger,this.performanceClient,e.correlationId)(n.cloud_instance_host_name,e.correlationId);let r=z(),i=await B(this.executeTokenRequest.bind(this),xs,this.logger,this.performanceClient,e.correlationId)(this.authority,e,this.serverTelemetryManager),a=i.headers?.[T.X_MS_REQUEST_ID],o=new cc(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.performanceClient,this.config.serializableCache,this.config.persistencePlugin);return o.validateTokenResponse(i.body,e.correlationId),B(o.handleServerTokenResponse.bind(o),Ts,this.logger,this.performanceClient,e.correlationId)(i.body,this.authority,r,e,t,n,void 0,void 0,void 0,a)}getLogoutUri(e){if(!e)throw M(Hr);let t=this.createLogoutUrlQueryString(e);return R.appendQueryString(this.authority.endSessionEndpoint,t)}async executeTokenRequest(e,t,n){let r=Sc(t,this.config.authOptions.clientId,this.config.authOptions.redirectUri,this.performanceClient),i=R.appendQueryString(e.tokenEndpoint,r),a=await B(this.createTokenRequestBody.bind(this),Ss,this.logger,this.performanceClient,t.correlationId)(t),o;if(t.clientInfo)try{let e=uo(t.clientInfo,this.cryptoUtils.base64Decode);o={credential:`${e.uid}.${e.utid}`,type:uc.HOME_ACCOUNT_ID}}catch(e){this.logger.verbose(`Could not parse client info for CCS Header: '${e}'`,t.correlationId)}let s=xc(this.logger,this.config.systemOptions.preventCorsPreflight,o||t.ccsCredential),c=mc(this.config.authOptions.clientId,t);return B(Cc,hs,this.logger,this.performanceClient,t.correlationId)(i,a,s,c,t.correlationId,this.cacheManager,this.networkClient,this.logger,this.performanceClient,n)}async createTokenRequestBody(e){let t=new Map;if(Ai(t,e.embeddedClientId||e.extraParameters?.client_id||this.config.authOptions.clientId),this.includeRedirectUri)ji(t,e.redirectUri);else if(!e.redirectUri)throw M(Fr);if(ki(t,e.scopes,!0,this.oidcDefaultScopes),ga(t,e.resource),qi(t,e.code),Vi(t,this.config.libraryInfo),Hi(t,this.config.telemetry.application),pa(t),this.serverTelemetryManager&&!Po(this.config)&&fa(t,this.serverTelemetryManager),e.codeVerifier&&Xi(t,e.codeVerifier),this.config.clientCredentials.clientSecret&&Zi(t,this.config.clientCredentials.clientSecret),this.config.clientCredentials.clientAssertion){let n=this.config.clientCredentials.clientAssertion;Qi(t,await fc(n.assertion,this.config.authOptions.clientId,e.resourceRequestUri)),$i(t,n.assertionType)}if(na(t,_n.AUTHORIZATION_CODE_GRANT),ra(t),e.authenticationScheme===O.POP){let n=new Bs(this.cryptoUtils,this.performanceClient),r;r=e.popKid?this.cryptoUtils.encodeKid(e.popKid):(await B(n.generateCnf.bind(n),ws,this.logger,this.performanceClient,e.correlationId)(e,this.logger)).reqCnfString,ua(t,r)}else if(e.authenticationScheme===O.SSH)if(e.sshJwk)da(t,e.sshJwk);else throw M(qr);(!Mr.isEmptyObj(e.claims)||this.config.authOptions.clientCapabilities&&this.config.authOptions.clientCapabilities.length>0)&&zi(t,e.claims,this.config.authOptions.clientCapabilities);let n;if(e.clientInfo)try{let t=uo(e.clientInfo,this.cryptoUtils.base64Decode);n={credential:`${t.uid}.${t.utid}`,type:uc.HOME_ACCOUNT_ID}}catch(t){this.logger.verbose(`Could not parse client info for CCS Header: '${t}'`,e.correlationId)}else n=e.ccsCredential;if(this.config.systemOptions.preventCorsPreflight&&n)switch(n.type){case uc.HOME_ACCOUNT_ID:try{Li(t,fo(n.credential))}catch(t){this.logger.verbose(`Could not parse home account ID for CCS Header: '${t}'`,e.correlationId)}break;case uc.UPN:Ii(t,n.credential);break}return e.embeddedClientId&&ha(t,this.config.authOptions.clientId,this.config.authOptions.redirectUri),e.extraParameters&&oa(t,e.extraParameters),e.enableSpaAuthorizationCode&&(!e.extraParameters||!e.extraParameters.return_spa_code)&&oa(t,{[gr]:`1`}),Ei(t,e.correlationId,this.performanceClient),ba(t)}createLogoutUrlQueryString(e){let t=new Map;return e.postLogoutRedirectUri&&Mi(t,e.postLogoutRedirectUri),e.correlationId&&Bi(t,e.correlationId),e.idTokenHint&&Ni(t,e.idTokenHint),e.state&&Wi(t,e.state),e.logoutHint&&ma(t,e.logoutHint),e.extraQueryParameters&&oa(t,e.extraQueryParameters),this.config.authOptions.instanceAware&&aa(t),ba(t)}async updateTokenEndpointAuthority(e,t){this.authority=await zc(`https://${e}/${this.authority.tenant}/`,this.networkClient,this.cacheManager,this.authority.options,this.logger,t,this.performanceClient)}}})),Uc,Wc,Gc=t((()=>{Ho(),_a(),xa(),A(),Er(),lc(),Vs(),Nr(),jr(),P(),ic(),Yo(),Ka(),dc(),po(),nc(),Is(),Rs(),pc(),hc(),Tc(),ja(),Pa(),Xs(),Jr(),I(),Uc=300,Wc=class{constructor(e,t){this.config=Mo(e),this.logger=new Aa(this.config.loggerOptions,Ma,Na),this.cryptoUtils=this.config.cryptoInterface,this.cacheManager=this.config.storageInterface,this.networkClient=this.config.networkInterface,this.serverTelemetryManager=this.config.serverTelemetryManager,this.authority=this.config.authOptions.authority,this.performanceClient=t}async acquireToken(e,t){let n=z(),r=await B(this.executeTokenRequest.bind(this),gs,this.logger,this.performanceClient,e.correlationId)(e,this.authority),i=r.headers?.[T.X_MS_REQUEST_ID],a=new cc(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.performanceClient,this.config.serializableCache,this.config.persistencePlugin);return a.validateTokenResponse(r.body,e.correlationId),B(a.handleServerTokenResponse.bind(a),Ts,this.logger,this.performanceClient,e.correlationId)(r.body,this.authority,n,e,t,void 0,void 0,!0,e.forceCache,i)}async acquireTokenByRefreshToken(e,t){if(!e)throw M(Vr);if(!e.account)throw N(mi);if(this.cacheManager.isAppMetadataFOCI(e.account.environment,e.correlationId))try{return await B(this.acquireTokenWithCachedRefreshToken.bind(this),vs,this.logger,this.performanceClient,e.correlationId)(e,!0,t)}catch(n){let r=n instanceof tc&&n.errorCode===`no_tokens_found`,i=n instanceof rc&&n.errorCode===`invalid_grant`&&n.subError===`client_mismatch`;if(r||i)return B(this.acquireTokenWithCachedRefreshToken.bind(this),vs,this.logger,this.performanceClient,e.correlationId)(e,!1,t);throw n}return B(this.acquireTokenWithCachedRefreshToken.bind(this),vs,this.logger,this.performanceClient,e.correlationId)(e,!1,t)}async acquireTokenWithCachedRefreshToken(e,t,n){let r=Ls(this.cacheManager.getRefreshToken.bind(this.cacheManager),Fs,this.logger,this.performanceClient,e.correlationId)(e.account,t,e.correlationId,void 0);if(!r)throw Qs(Hs);if(r.expiresOn){let t=e.refreshTokenExpirationOffsetSeconds||Uc;if(this.performanceClient?.addFields({cacheRtExpiresOnSeconds:Number(r.expiresOn),rtOffsetSeconds:t},e.correlationId),Ko(r.expiresOn,t))throw Qs(Us)}let i={...e,refreshToken:r.secret,authenticationScheme:e.authenticationScheme||O.BEARER,ccsCredential:{credential:e.account.homeAccountId,type:uc.HOME_ACCOUNT_ID}};try{return await B(this.acquireToken.bind(this),_s,this.logger,this.performanceClient,e.correlationId)(i,n)}catch(t){if(t instanceof tc&&t.subError===`bad_token`){this.logger.verbose(`acquireTokenWithRefreshToken: bad refresh token, removing from cache`,e.correlationId);let t=this.cacheManager.generateCredentialKey(r);this.cacheManager.removeRefreshToken(t,e.correlationId)}throw t}}async executeTokenRequest(e,t){let n=Sc(e,this.config.authOptions.clientId,this.config.authOptions.redirectUri,this.performanceClient),r=R.appendQueryString(t.tokenEndpoint,n),i=await B(this.createTokenRequestBody.bind(this),ys,this.logger,this.performanceClient,e.correlationId)(e),a=xc(this.logger,this.config.systemOptions.preventCorsPreflight,e.ccsCredential),o=mc(this.config.authOptions.clientId,e);return B(Cc,ms,this.logger,this.performanceClient,e.correlationId)(r,i,a,o,e.correlationId,this.cacheManager,this.networkClient,this.logger,this.performanceClient,this.serverTelemetryManager)}async createTokenRequestBody(e){let t=new Map;if(Ai(t,e.embeddedClientId||e.extraParameters?.client_id||this.config.authOptions.clientId),e.redirectUri&&ji(t,e.redirectUri),ki(t,e.scopes,!0,this.config.authOptions.authority.options.OIDCOptions?.defaultScopes),na(t,_n.REFRESH_TOKEN_GRANT),ra(t),Vi(t,this.config.libraryInfo),Hi(t,this.config.telemetry.application),pa(t),this.serverTelemetryManager&&!Po(this.config)&&fa(t,this.serverTelemetryManager),Yi(t,e.refreshToken),this.config.clientCredentials.clientSecret&&Zi(t,this.config.clientCredentials.clientSecret),this.config.clientCredentials.clientAssertion){let n=this.config.clientCredentials.clientAssertion;Qi(t,await fc(n.assertion,this.config.authOptions.clientId,e.resourceRequestUri)),$i(t,n.assertionType)}if(e.authenticationScheme===O.POP){let n=new Bs(this.cryptoUtils,this.performanceClient),r;r=e.popKid?this.cryptoUtils.encodeKid(e.popKid):(await B(n.generateCnf.bind(n),ws,this.logger,this.performanceClient,e.correlationId)(e,this.logger)).reqCnfString,ua(t,r)}else if(e.authenticationScheme===O.SSH)if(e.sshJwk)da(t,e.sshJwk);else throw M(qr);if((!Mr.isEmptyObj(e.claims)||this.config.authOptions.clientCapabilities&&this.config.authOptions.clientCapabilities.length>0)&&zi(t,e.claims,this.config.authOptions.clientCapabilities),this.config.systemOptions.preventCorsPreflight&&e.ccsCredential)switch(e.ccsCredential.type){case uc.HOME_ACCOUNT_ID:try{Li(t,fo(e.ccsCredential.credential))}catch(t){this.logger.verbose(`Could not parse home account ID for CCS Header: '${t}'`,e.correlationId)}break;case uc.UPN:Ii(t,e.ccsCredential.credential);break}return e.embeddedClientId&&ha(t,this.config.authOptions.clientId,this.config.authOptions.redirectUri),e.extraParameters&&oa(t,{...e.extraParameters}),Ei(t,e.correlationId,this.performanceClient),ba(t)}}})),Kc,qc=t((()=>{Ho(),Yo(),P(),lc(),A(),Nr(),Ga(),Is(),Rs(),Rc(),ja(),Pa(),I(),Kc=class{constructor(e,t){this.config=Mo(e),this.logger=new Aa(this.config.loggerOptions,Ma,Na),this.cryptoUtils=this.config.cryptoInterface,this.cacheManager=this.config.storageInterface,this.networkClient=this.config.networkInterface,this.serverTelemetryManager=this.config.serverTelemetryManager,this.authority=this.config.authOptions.authority,this.performanceClient=t}async acquireCachedToken(e){let t=k.NOT_APPLICABLE;if(e.forceRefresh||!Mr.isEmptyObj(e.claims))throw this.setCacheOutcome(k.FORCE_REFRESH_OR_CLAIMS,e.correlationId),N(vi);if(!e.account)throw N(mi);let n=e.account.tenantId||Pc(e.authority),r=this.cacheManager.getTokenKeys(),i=this.cacheManager.getAccessToken(e.account,e,r,n);if(!i)throw this.setCacheOutcome(k.NO_CACHED_ACCESS_TOKEN,e.correlationId),N(vi);if(qo(i.cachedAt)||Ko(i.expiresOn,this.config.systemOptions.tokenRenewalOffsetSeconds))throw this.setCacheOutcome(k.CACHED_ACCESS_TOKEN_EXPIRED,e.correlationId),N(vi);if(e.resource){if(i.resource!==e.resource)throw this.setCacheOutcome(k.NO_CACHED_ACCESS_TOKEN,e.correlationId),N(vi)}else i.refreshOn&&Ko(i.refreshOn,0)&&(t=k.PROACTIVELY_REFRESHED);let a=e.authority||this.authority.getPreferredCache(),o={account:this.cacheManager.getAccount(this.cacheManager.generateAccountKey(e.account),e.correlationId),accessToken:i,idToken:this.cacheManager.getIdToken(e.account,e.correlationId,r,n),refreshToken:null,appMetadata:this.cacheManager.readAppMetadataFromCache(a,e.correlationId)};return this.setCacheOutcome(t,e.correlationId),this.config.serverTelemetryManager&&this.config.serverTelemetryManager.incrementCacheHits(),[await B(this.generateResultFromCacheRecord.bind(this),bs,this.logger,this.performanceClient,e.correlationId)(o,e),t]}setCacheOutcome(e,t){this.serverTelemetryManager?.setCacheOutcome(e),this.performanceClient?.addFields({cacheOutcome:e},t),e!==k.NOT_APPLICABLE&&this.logger.info(`Token refresh is required due to cache outcome: '${e}'`,t)}async generateResultFromCacheRecord(e,t){let n;if(e.idToken&&(n=Va(e.idToken.secret,this.config.cryptoInterface.base64Decode)),t.maxAge||t.maxAge===0){let e=n?.auth_time;if(!e)throw N(oi);Wa(e,t.maxAge)}return cc.generateAuthenticationResult(this.cryptoUtils,this.authority,e,!0,t,this.performanceClient,n)}}}));function Jc(e,t,n,r){let i=t.correlationId,a=new Map;if(Ai(a,t.embeddedClientId||t.extraQueryParameters?.client_id||e.clientId),ki(a,[...t.scopes||[],...t.extraScopesToConsent||[]],!0,e.authority.options.OIDCOptions?.defaultScopes),ga(a,t.resource),ji(a,t.redirectUri),Bi(a,i),Oi(a,t.responseMode),ra(a),ia(a),t.prompt&&(Ui(a,t.prompt),r?.addFields({prompt:t.prompt},i)),t.domainHint&&(Pi(a,t.domainHint),r?.addFields({domainHintFromRequest:!0},i)),t.prompt!==pn.SELECT_ACCOUNT)if(t.sid&&t.prompt===pn.NONE)n.verbose(`createAuthCodeUrlQueryString: Prompt is none, adding sid from request`,t.correlationId),Ri(a,t.sid),r?.addFields({sidFromRequest:!0},i);else if(t.account){let e=Xc(t.account),o=Zc(t.account);if(o&&t.domainHint&&(n.warning(`AuthorizationCodeClient.createAuthCodeUrlQueryString: "domainHint" param is set, skipping opaque "login_hint" claim. Please consider not passing domainHint`,t.correlationId),o=null),o){n.verbose(`createAuthCodeUrlQueryString: login_hint claim present on account`,t.correlationId),Fi(a,o),r?.addFields({loginHintFromClaim:!0},i);try{Li(a,fo(t.account.homeAccountId))}catch{n.verbose(`createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header`,t.correlationId)}}else if(e&&t.prompt===pn.NONE){n.verbose(`createAuthCodeUrlQueryString: Prompt is none, adding sid from account`,t.correlationId),Ri(a,e),r?.addFields({sidFromClaim:!0},i);try{Li(a,fo(t.account.homeAccountId))}catch{n.verbose(`createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header`,t.correlationId)}}else if(t.loginHint)n.verbose(`createAuthCodeUrlQueryString: Adding login_hint from request`,t.correlationId),Fi(a,t.loginHint),Ii(a,t.loginHint),r?.addFields({loginHintFromRequest:!0},i);else if(t.account.username){n.verbose(`createAuthCodeUrlQueryString: Adding login_hint from account`,t.correlationId),Fi(a,t.account.username),r?.addFields({loginHintFromUpn:!0},i);try{Li(a,fo(t.account.homeAccountId))}catch{n.verbose(`createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header`,t.correlationId)}}}else t.loginHint&&(n.verbose(`createAuthCodeUrlQueryString: No account, adding login_hint from request`,t.correlationId),Fi(a,t.loginHint),Ii(a,t.loginHint),r?.addFields({loginHintFromRequest:!0},i));else n.verbose(`createAuthCodeUrlQueryString: Prompt is select_account, ignoring account hints`,t.correlationId);return t.nonce&&Gi(a,t.nonce),t.state&&Wi(a,t.state),(t.claims||e.clientCapabilities&&e.clientCapabilities.length>0)&&zi(a,t.claims,e.clientCapabilities),t.embeddedClientId&&ha(a,e.clientId,e.redirectUri),e.instanceAware&&(!t.extraQueryParameters||!Object.keys(t.extraQueryParameters).includes(`instance_aware`))&&aa(a),a}function Yc(e,t){let n=ba(t);return R.appendQueryString(e.authorizationEndpoint,n)}function Xc(e){return e.idTokenClaims?.sid||null}function Zc(e){return e.loginHint||e.idTokenClaims?.login_hint||null}var Qc=t((()=>{_a(),Er(),A(),po(),xa(),Ka()}));function $c(e,t){if(e){if(t.resource&&(el(t.extraParameters)||el(t.extraQueryParameters)))throw N(Ci);if(!t.resource)throw N(Si)}}function el(e){return e?Object.prototype.hasOwnProperty.call(e,`resource`):!1}var tl=t((()=>{P(),I()})),nl,rl=t((()=>{nl=`post_request_failed`}));function il(e){let{skus:t,libraryName:n,libraryVersion:r,extensionName:i,extensionVersion:a}=e,o=new Map([[0,[n,r]],[2,[i,a]]]),s=[];if(t?.length){if(s=t.split(ol),s.length<4)return t}else s=Array.from({length:4},()=>sl);return o.forEach((e,t)=>{e.length===2&&e[0]?.length&&e[1]?.length&&al({skuArr:s,index:t,skuName:e[0],skuVersion:e[1]})}),s.join(ol)}function al(e){let{skuArr:t,index:n,skuName:r,skuVersion:i}=e;n>=t.length||(t[n]=[r,i].join(sl))}var ol,sl,cl,ll=t((()=>{A(),kr(),ol=`,`,sl=`|`,cl=class e{constructor(e,t){this.cacheOutcome=k.NOT_APPLICABLE,this.cacheManager=t,this.apiId=e.apiId,this.correlationId=e.correlationId,this.wrapperSKU=e.wrapperSKU||``,this.wrapperVer=e.wrapperVer||``,this.telemetryCacheKey=Tn+`-`+e.clientId}generateCurrentRequestHeaderValue(){let e=`${this.apiId},${this.cacheOutcome}`,t=[this.wrapperSKU,this.wrapperVer],n=this.getNativeBrokerErrorCode();n?.length&&t.push(`broker_error=${n}`);let r=t.join(`,`);return[5,[e,this.getRegionDiscoveryFields()].join(`,`),r].join(`|`)}generateLastRequestHeaderValue(){let t=this.getLastRequests(),n=e.maxErrorsToSend(t),r=t.failedRequests.slice(0,2*n).join(`,`),i=t.errors.slice(0,n).join(`,`),a=t.errors.length,o=[a,n<a?`1`:`0`].join(`,`);return[5,t.cacheHits,r,i,o].join(`|`)}cacheFailedRequest(e){let t=this.getLastRequests();t.errors.length>=50&&(t.failedRequests.shift(),t.failedRequests.shift(),t.errors.shift()),t.failedRequests.push(this.apiId,this.correlationId),e instanceof Error&&e&&e.toString()?e instanceof j?e.subError?t.errors.push(e.subError):e.errorCode?t.errors.push(e.errorCode):t.errors.push(e.toString()):t.errors.push(e.toString()):t.errors.push(En),this.cacheManager.setServerTelemetry(this.telemetryCacheKey,t,this.correlationId)}incrementCacheHits(){let e=this.getLastRequests();return e.cacheHits+=1,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,e,this.correlationId),e.cacheHits}getLastRequests(){return this.cacheManager.getServerTelemetry(this.telemetryCacheKey,this.correlationId)||{failedRequests:[],errors:[],cacheHits:0}}clearTelemetryCache(){let t=this.getLastRequests(),n=e.maxErrorsToSend(t);if(n===t.errors.length)this.cacheManager.removeItem(this.telemetryCacheKey,this.correlationId);else{let e={failedRequests:t.failedRequests.slice(n*2),errors:t.errors.slice(n),cacheHits:0};this.cacheManager.setServerTelemetry(this.telemetryCacheKey,e,this.correlationId)}}static maxErrorsToSend(e){let t,n=0,r=0,i=e.errors.length;for(t=0;t<i;t++){let i=e.failedRequests[2*t]||``,a=e.failedRequests[2*t+1]||``,o=e.errors[t]||``;if(r+=i.toString().length+a.toString().length+o.length+3,r<330)n+=1;else break}return n}getRegionDiscoveryFields(){let e=[];return e.push(this.regionUsed||``),e.push(this.regionSource||``),e.push(this.regionOutcome||``),e.join(`,`)}updateRegionDiscoveryMetadata(e){this.regionUsed=e.region_used,this.regionSource=e.region_source,this.regionOutcome=e.region_outcome}setCacheOutcome(e){this.cacheOutcome=e}setNativeBrokerErrorCode(e){let t=this.getLastRequests();t.nativeBrokerErrorCode=e,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,t,this.correlationId)}getNativeBrokerErrorCode(){return this.getLastRequests().nativeBrokerErrorCode}clearNativeBrokerErrorCode(){let e=this.getLastRequests();delete e.nativeBrokerErrorCode,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,e,this.correlationId)}static makeExtraSkuString(e){return il(e)}}})),V=t((()=>{Hc(),Gc(),qc(),Ho(),Ba(),_o(),dc(),po(),Rc(),Ia(),ho(),yo(),Do(),P(),I(),_c(),hc(),Ka(),Ca(),Qc(),Tc(),tl(),_a(),lc(),Ti(),jr(),A(),Jr(),ja(),nc(),kr(),rl(),ic(),bc(),lo(),Nr(),ll(),Pa(),Rs(),Ga(),Bc(),fs(),Yo(),xa(),Er(),wo(),Wo(),pc(),jo()})),ul,dl=t((()=>{V(),ul=class{static deserializeJSONBlob(e){return e?JSON.parse(e):{}}static deserializeAccounts(e){let t={};return e&&Object.keys(e).map(function(n){let r=e[n],i={homeAccountId:r.home_account_id,environment:r.environment,realm:r.realm,localAccountId:r.local_account_id,username:r.username,authorityType:r.authority_type,name:r.name,clientInfo:r.client_info,lastModificationTime:r.last_modification_time,lastModificationApp:r.last_modification_app,tenantProfiles:r.tenantProfiles?.map(e=>JSON.parse(e)),lastUpdatedAt:Date.now().toString()},a={};To.toObject(a,i),t[n]=a}),t}static deserializeIdTokens(e){let t={};return e&&Object.keys(e).map(function(n){let r=e[n];t[n]={homeAccountId:r.home_account_id,environment:r.environment,credentialType:r.credential_type,clientId:r.client_id,secret:r.secret,realm:r.realm,lastUpdatedAt:Date.now().toString()}}),t}static deserializeAccessTokens(e){let t={};return e&&Object.keys(e).map(function(n){let r=e[n];t[n]={homeAccountId:r.home_account_id,environment:r.environment,credentialType:r.credential_type,clientId:r.client_id,secret:r.secret,realm:r.realm,target:r.target,cachedAt:r.cached_at,expiresOn:r.expires_on,extendedExpiresOn:r.extended_expires_on,refreshOn:r.refresh_on,keyId:r.key_id,tokenType:r.token_type,userAssertionHash:r.userAssertionHash,resource:r.resource,lastUpdatedAt:Date.now().toString()}}),t}static deserializeRefreshTokens(e){let t={};return e&&Object.keys(e).map(function(n){let r=e[n];t[n]={homeAccountId:r.home_account_id,environment:r.environment,credentialType:r.credential_type,clientId:r.client_id,secret:r.secret,familyId:r.family_id,target:r.target,realm:r.realm,lastUpdatedAt:Date.now().toString()}}),t}static deserializeAppMetadata(e){let t={};return e&&Object.keys(e).map(function(n){let r=e[n];t[n]={clientId:r.client_id,environment:r.environment,familyId:r.family_id}}),t}static deserializeAllCache(e){return{accounts:e.Account?this.deserializeAccounts(e.Account):{},idTokens:e.IdToken?this.deserializeIdTokens(e.IdToken):{},accessTokens:e.AccessToken?this.deserializeAccessTokens(e.AccessToken):{},refreshTokens:e.RefreshToken?this.deserializeRefreshTokens(e.RefreshToken):{},appMetadata:e.AppMetadata?this.deserializeAppMetadata(e.AppMetadata):{}}}}})),fl,pl,ml,hl,H,U,W,G,K,gl,_l,vl,yl,bl,xl,q,Sl,Cl,J=t((()=>{fl=`system_assigned_managed_identity`,pl=`managed_identity`,ml=`https://login.microsoftonline.com/${pl}/`,hl={AUTHORIZATION_HEADER_NAME:`Authorization`,METADATA_HEADER_NAME:`Metadata`,APP_SERVICE_SECRET_HEADER_NAME:`X-IDENTITY-HEADER`,ML_AND_SF_SECRET_HEADER_NAME:`secret`},H={API_VERSION:`api-version`,RESOURCE:`resource`,SHA256_TOKEN_TO_REFRESH:`token_sha256_to_refresh`,XMS_CC:`xms_cc`},U={AZURE_POD_IDENTITY_AUTHORITY_HOST:`AZURE_POD_IDENTITY_AUTHORITY_HOST`,DEFAULT_IDENTITY_CLIENT_ID:`DEFAULT_IDENTITY_CLIENT_ID`,IDENTITY_ENDPOINT:`IDENTITY_ENDPOINT`,IDENTITY_HEADER:`IDENTITY_HEADER`,IDENTITY_SERVER_THUMBPRINT:`IDENTITY_SERVER_THUMBPRINT`,IMDS_ENDPOINT:`IMDS_ENDPOINT`,MSI_ENDPOINT:`MSI_ENDPOINT`,MSI_SECRET:`MSI_SECRET`},W={APP_SERVICE:`AppService`,AZURE_ARC:`AzureArc`,CLOUD_SHELL:`CloudShell`,DEFAULT_TO_IMDS:`DefaultToImds`,IMDS:`Imds`,MACHINE_LEARNING:`MachineLearning`,SERVICE_FABRIC:`ServiceFabric`},G={SYSTEM_ASSIGNED:`system-assigned`,USER_ASSIGNED_CLIENT_ID:`user-assigned-client-id`,USER_ASSIGNED_RESOURCE_ID:`user-assigned-resource-id`,USER_ASSIGNED_OBJECT_ID:`user-assigned-object-id`},K={GET:`GET`,POST:`POST`},gl=`REGION_NAME`,_l=`MSAL_FORCE_REGION`,vl={SHA256:`sha256`},yl={CV_CHARSET:`ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~`},bl={KEY_SEPARATOR:`-`},xl={MSAL_SKU:`msal.js.node`,JWT_BEARER_ASSERTION_TYPE:`urn:ietf:params:oauth:client-assertion-type:jwt-bearer`,HTTP_PROTOCOL:`http://`,LOCALHOST:`localhost`},q={acquireTokenSilent:62,acquireTokenByUsernamePassword:371,acquireTokenByDeviceCode:671,acquireTokenByClientCredential:771,acquireTokenByOBO:772,acquireTokenWithManagedIdentity:773,acquireTokenByCode:871,acquireTokenByRefreshToken:872},Sl={RSA_256:`RS256`,PSS_256:`PS256`,X5T_256:`x5t#S256`,X5T:`x5t`,X5C:`x5c`,AUDIENCE:`aud`,EXPIRATION_TIME:`exp`,ISSUER:`iss`,SUBJECT:`sub`,NOT_BEFORE:`nbf`,JWT_ID:`jti`},Cl={INTERVAL_MS:100,TIMEOUT_MS:5e3}}));function wl(e){let t={};return e.forEach((e,n)=>{t[n]=e}),t}function Tl(e){let t=new Headers;return e&&e.headers&&Object.entries(e.headers).forEach(([e,n])=>{t.append(e,n)}),t}var El,Dl=t((()=>{V(),J(),El=class{async sendGetRequestAsync(e,t,n){return this.sendRequest(e,K.GET,t,n)}async sendPostRequestAsync(e,t){return this.sendRequest(e,K.POST,t)}async sendRequest(e,t,n,r){let i=new AbortController,a;r&&(a=setTimeout(()=>{i.abort()},r));let o={method:t,headers:Tl(n),signal:i.signal};t===K.POST&&(o.body=n?.body||``);let s;try{s=await fetch(e,o)}catch(e){throw a&&clearTimeout(a),e instanceof Error&&e.name===`AbortError`?Or(ei,`Request timeout`):vc(Or(ei,`Network request failed: ${e instanceof Error?e.message:`unknown`}`),void 0,void 0,e instanceof Error?e:void 0)}a&&clearTimeout(a);try{return{headers:wl(s.headers),body:await s.json(),status:s.status}}catch(e){throw Or(Zr,`Failed to parse response: ${e instanceof Error?e.message:`unknown`}`)}}}})),Ol,kl,Al,jl,Ml,Nl,Pl,Fl,Il,Ll,Rl,zl,Bl,Vl,Hl,Ul=t((()=>{J(),Ol=`invalid_file_extension`,kl=`invalid_file_path`,Al=`invalid_managed_identity_id_type`,jl=`invalid_secret`,Ml=`missing_client_id`,Nl=`network_unavailable`,Pl=`platform_not_supported`,Fl=`unable_to_create_azure_arc`,Il=`unable_to_create_cloud_shell`,Ll=`unable_to_create_source`,Rl=`unable_to_read_secret_file`,zl=`user_assigned_not_available_at_runtime`,Bl=`www_authenticate_header_missing`,Vl=`www_authenticate_header_unsupported_format`,Hl={[U.AZURE_POD_IDENTITY_AUTHORITY_HOST]:`azure_pod_identity_authority_host_url_malformed`,[U.IDENTITY_ENDPOINT]:`identity_endpoint_url_malformed`,[U.IMDS_ENDPOINT]:`imds_endpoint_url_malformed`,[U.MSI_ENDPOINT]:`msi_endpoint_url_malformed`}}));function Y(e){return new Gl(e)}var Wl,Gl,Kl=t((()=>{V(),Ul(),J(),Wl={[Ol]:`The file path in the WWW-Authenticate header does not contain a .key file.`,[kl]:`The file path in the WWW-Authenticate header is not in a valid Windows or Linux Format.`,[Al]:`More than one ManagedIdentityIdType was provided.`,[jl]:`The secret in the file on the file path in the WWW-Authenticate header is greater than 4096 bytes.`,[Pl]:`The platform is not supported by Azure Arc. Azure Arc only supports Windows and Linux.`,[Ml]:`A ManagedIdentityId id was not provided.`,[Hl.AZURE_POD_IDENTITY_AUTHORITY_HOST]:`The Managed Identity's '${U.AZURE_POD_IDENTITY_AUTHORITY_HOST}' environment variable is malformed.`,[Hl.IDENTITY_ENDPOINT]:`The Managed Identity's '${U.IDENTITY_ENDPOINT}' environment variable is malformed.`,[Hl.IMDS_ENDPOINT]:`The Managed Identity's '${U.IMDS_ENDPOINT}' environment variable is malformed.`,[Hl.MSI_ENDPOINT]:`The Managed Identity's '${U.MSI_ENDPOINT}' environment variable is malformed.`,[Nl]:`Authentication unavailable. The request to the managed identity endpoint timed out.`,[Fl]:`Azure Arc Managed Identities can only be system assigned.`,[Il]:`Cloud Shell Managed Identities can only be system assigned.`,[Ll]:`Unable to create a Managed Identity source based on environment variables.`,[Rl]:`Unable to read the secret file.`,[zl]:`Service Fabric user assigned managed identity ClientId or ResourceId is not configurable at runtime.`,[Bl]:`A 401 response was received form the Azure Arc Managed Identity, but the www-authenticate header is missing.`,[Vl]:`A 401 response was received form the Azure Arc Managed Identity, but the www-authenticate header is in an unsupported format.`},Gl=class e extends j{constructor(t){super(t,Wl[t]),this.name=`ManagedIdentityError`,Object.setPrototypeOf(this,e.prototype)}}})),ql,Jl=t((()=>{Kl(),J(),Ul(),ql=class{get id(){return this._id}set id(e){this._id=e}get idType(){return this._idType}set idType(e){this._idType=e}constructor(e){let t=e?.userAssignedClientId,n=e?.userAssignedResourceId,r=e?.userAssignedObjectId;if(t){if(n||r)throw Y(Al);this.id=t,this.idType=G.USER_ASSIGNED_CLIENT_ID}else if(n){if(t||r)throw Y(Al);this.id=n,this.idType=G.USER_ASSIGNED_RESOURCE_ID}else if(r){if(t||n)throw Y(Al);this.id=r,this.idType=G.USER_ASSIGNED_OBJECT_ID}else this.id=fl,this.idType=G.SYSTEM_ASSIGNED}}})),X,Yl,Xl=t((()=>{V(),X={invalidLoopbackAddressType:{code:`invalid_loopback_server_address_type`,desc:`Loopback server address is not type string. This is unexpected.`},unableToLoadRedirectUri:{code:`unable_to_load_redirectUrl`,desc:`Loopback server callback was invoked without a url. This is unexpected.`},noAuthCodeInResponse:{code:`no_auth_code_in_response`,desc:`No auth code found in the server response. Please check your network trace to determine what happened.`},noLoopbackServerExists:{code:`no_loopback_server_exists`,desc:`No loopback server exists yet.`},loopbackServerAlreadyExists:{code:`loopback_server_already_exists`,desc:`Loopback server already exists. Cannot create another.`},loopbackServerTimeout:{code:`loopback_server_timeout`,desc:`Timed out waiting for auth code listener to be registered.`},stateNotFoundError:{code:`state_not_found`,desc:`State not found. Please verify that the request originated from msal.`},thumbprintMissing:{code:`thumbprint_missing_from_client_certificate`,desc:`Client certificate does not contain a SHA-1 or SHA-256 thumbprint.`},redirectUriNotSupported:{code:`redirect_uri_not_supported`,desc:`RedirectUri is not supported in this scenario. Please remove redirectUri from the request.`}},Yl=class e extends j{constructor(e,t){super(e,t),this.name=`NodeAuthError`}static createInvalidLoopbackAddressTypeError(){return new e(X.invalidLoopbackAddressType.code,`${X.invalidLoopbackAddressType.desc}`)}static createUnableToLoadRedirectUrlError(){return new e(X.unableToLoadRedirectUri.code,`${X.unableToLoadRedirectUri.desc}`)}static createNoAuthCodeInResponseError(){return new e(X.noAuthCodeInResponse.code,`${X.noAuthCodeInResponse.desc}`)}static createNoLoopbackServerExistsError(){return new e(X.noLoopbackServerExists.code,`${X.noLoopbackServerExists.desc}`)}static createLoopbackServerAlreadyExistsError(){return new e(X.loopbackServerAlreadyExists.code,`${X.loopbackServerAlreadyExists.desc}`)}static createLoopbackServerTimeoutError(){return new e(X.loopbackServerTimeout.code,`${X.loopbackServerTimeout.desc}`)}static createStateNotFoundError(){return new e(X.stateNotFoundError.code,X.stateNotFoundError.desc)}static createThumbprintMissingError(){return new e(X.thumbprintMissing.code,X.thumbprintMissing.desc)}static createRedirectUriNotSupportedError(){return new e(X.redirectUriNotSupported.code,X.redirectUriNotSupported.desc)}}}));function Zl({auth:e,broker:t,cache:n,system:r,telemetry:i}){let a={...tu,networkClient:new El,loggerOptions:r?.loggerOptions||eu,disableInternalRetries:r?.disableInternalRetries||!1};if(e.clientCertificate&&!e.clientCertificate.thumbprint&&!e.clientCertificate.thumbprintSha256)throw Yl.createStateNotFoundError();return{auth:{...$l,...e},broker:{...t},cache:{...n},system:{...a,...r},telemetry:{...nu,...i}}}function Ql({clientCapabilities:e,managedIdentityIdParams:t,system:n}){let r=new ql(t),i=n?.loggerOptions||eu,a;return a=n?.networkClient?n.networkClient:new El,{clientCapabilities:e||[],managedIdentityId:r,system:{loggerOptions:i,networkClient:a},disableInternalRetries:n?.disableInternalRetries||!1}}var $l,eu,tu,nu,ru=t((()=>{V(),Dl(),Jl(),Xl(),$l={clientId:``,authority:Gt,clientSecret:``,clientAssertion:``,clientCertificate:{thumbprint:``,thumbprintSha256:``,privateKey:``,x5c:``},knownAuthorities:[],cloudDiscoveryMetadata:``,authorityMetadata:``,clientCapabilities:[],azureCloudOptions:{azureCloudInstance:Fa.None,tenant:``},isMcp:!1},eu={loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:L.Info},tu={loggerOptions:eu,networkClient:new El,disableInternalRetries:!1,protocolMode:vo.AAD},nu={application:{appName:``,appVersion:``}}})),iu,au=t((()=>{l(),iu=class{generateGuid(){return c()}isGuid(e){return/^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i.test(e)}}})),ou,su=t((()=>{V(),ou=class e{static base64Encode(e,t){return Buffer.from(e,t).toString(Nn.BASE64)}static base64EncodeUrl(t,n){return e.base64Encode(t,n).replace(/=/g,``).replace(/\+/g,`-`).replace(/\//g,`_`)}static base64Decode(e){return Buffer.from(e,Nn.BASE64).toString(`utf8`)}static base64DecodeUrl(t){let n=t.replace(/-/g,`+`).replace(/_/g,`/`);for(;n.length%4;)n+=`=`;return e.base64Decode(n)}}})),cu,lu=t((()=>{J(),cu=class{sha256(e){return ue.createHash(vl.SHA256).update(e).digest()}}})),uu,du=t((()=>{V(),J(),su(),lu(),uu=class{constructor(){this.hashUtils=new cu}async generatePkceCodes(){let e=this.generateCodeVerifier();return{verifier:e,challenge:this.generateCodeChallengeFromVerifier(e)}}generateCodeVerifier(){let e=[],t=256-256%yl.CV_CHARSET.length;for(;e.length<=32;){let n=ue.randomBytes(1)[0];if(n>=t)continue;let r=n%yl.CV_CHARSET.length;e.push(yl.CV_CHARSET[r])}let n=e.join(``);return ou.base64EncodeUrl(n)}generateCodeChallengeFromVerifier(e){return ou.base64EncodeUrl(this.hashUtils.sha256(e).toString(Nn.BASE64),Nn.BASE64)}}})),fu,pu=t((()=>{V(),au(),su(),du(),lu(),fu=class{constructor(){this.pkceGenerator=new uu,this.guidGenerator=new iu,this.hashUtils=new cu}base64UrlEncode(){throw Error(`Method not implemented.`)}encodeKid(){throw Error(`Method not implemented.`)}createNewGuid(){return this.guidGenerator.generateGuid()}base64Encode(e){return ou.base64Encode(e)}base64Decode(e){return ou.base64Decode(e)}generatePkceCodes(){return this.pkceGenerator.generatePkceCodes()}getPublicKeyThumbprint(){throw Error(`Method not implemented.`)}removeTokenBindingKey(){throw Error(`Method not implemented.`)}clearKeystore(){throw Error(`Method not implemented.`)}signJwt(){throw Error(`Method not implemented.`)}async hashString(e){return ou.base64EncodeUrl(this.hashUtils.sha256(e).toString(Nn.BASE64),Nn.BASE64)}}}));function mu(e){let t=e.credentialType===E.REFRESH_TOKEN&&e.familyId||e.clientId,n=e.tokenType&&e.tokenType.toLowerCase()!==O.BEARER.toLowerCase()?e.tokenType.toLowerCase():``;return[e.homeAccountId,e.environment,e.credentialType,t,e.realm||``,e.target||``,n].join(bl.KEY_SEPARATOR).toLowerCase()}function hu(e){let t=e.homeAccountId.split(`.`)[1];return[e.homeAccountId,e.environment,t||e.tenantId||``].join(bl.KEY_SEPARATOR).toLowerCase()}var gu=t((()=>{V(),J()})),_u,vu=t((()=>{V(),dl(),Ut(),gu(),_u=class extends To{constructor(e,t,n,r){super(t,n,e,new Ao,r),this.cache={},this.changeEmitters=[],this.logger=e}registerChangeEmitter(e){this.changeEmitters.push(e)}emitChange(){this.changeEmitters.forEach(e=>e.call(null))}cacheToInMemoryCache(e){let t={accounts:{},idTokens:{},accessTokens:{},refreshTokens:{},appMetadata:{}};for(let n in e){let r=e[n];if(typeof r==`object`)if(Co(r))t.accounts[n]=r;else if(ts(r))t.idTokens[n]=r;else if(es(r))t.accessTokens[n]=r;else if(ns(r))t.refreshTokens[n]=r;else if(os(n,r))t.appMetadata[n]=r;else continue}return t}inMemoryCacheToCache(e){let t=this.getCache();return t={...t,...e.accounts,...e.idTokens,...e.accessTokens,...e.refreshTokens,...e.appMetadata},t}getInMemoryCache(){return this.logger.trace(`Getting in-memory cache`,``),this.cacheToInMemoryCache(this.getCache())}setInMemoryCache(e){this.logger.trace(`Setting in-memory cache`,``);let t=this.inMemoryCacheToCache(e);this.setCache(t),this.emitChange()}getCache(){return this.logger.trace(`Getting cache key-value store`,``),this.cache}setCache(e){this.logger.trace(`Setting cache key value store`,``),this.cache=e,this.emitChange()}getItem(e){return this.logger.tracePii(`Item key: ${e}`,``),this.getCache()[e]}setItem(e,t){this.logger.tracePii(`Item key: ${e}`,``);let n=this.getCache();n[e]=t,this.setCache(n)}generateCredentialKey(e){return mu(e)}generateAccountKey(e){return hu(e)}getAccountKeys(){let e=this.getInMemoryCache();return Object.keys(e.accounts)}getTokenKeys(){let e=this.getInMemoryCache();return{idToken:Object.keys(e.idTokens),accessToken:Object.keys(e.accessTokens),refreshToken:Object.keys(e.refreshTokens)}}getAccount(e){let t=this.getItem(e);return t&&typeof t==`object`?{...t}:null}async setAccount(e){let t=this.generateAccountKey(bo(e));this.setItem(t,e)}getIdTokenCredential(e){let t=this.getItem(e);return ts(t)?t:null}async setIdTokenCredential(e){let t=this.generateCredentialKey(e);this.setItem(t,e)}getAccessTokenCredential(e){let t=this.getItem(e);return es(t)?t:null}async setAccessTokenCredential(e){let t=this.generateCredentialKey(e);this.setItem(t,e)}getRefreshTokenCredential(e){let t=this.getItem(e);return ns(t)?t:null}async setRefreshTokenCredential(e){let t=this.generateCredentialKey(e);this.setItem(t,e)}getAppMetadata(e){let t=this.getItem(e);return os(e,t)?t:null}setAppMetadata(e){let t=as(e);this.setItem(t,e)}getServerTelemetry(e){let t=this.getItem(e);return t&&rs(e,t)?t:null}setServerTelemetry(e,t){this.setItem(e,t)}getAuthorityMetadata(e){let t=this.getItem(e);return t&&ss(e,t)?t:null}getAuthorityMetadataKeys(){return this.getKeys().filter(e=>this.isAuthorityMetadata(e))}setAuthorityMetadata(e,t){this.setItem(e,t)}getThrottlingCache(e){let t=this.getItem(e);return t&&is(e,t)?t:null}setThrottlingCache(e,t){this.setItem(e,t)}removeItem(e){this.logger.tracePii(`Item key: ${e}`,``);let t=!1,n=this.getCache();return n[e]&&(delete n[e],t=!0),t&&(this.setCache(n),this.emitChange()),t}removeOutdatedAccount(e){this.removeItem(e)}containsKey(e){return this.getKeys().includes(e)}getKeys(){this.logger.trace(`Retrieving all cache keys`,``);let e=this.getCache();return[...Object.keys(e)]}clear(){this.logger.trace(`Clearing cache entries created by MSAL`,``),this.getKeys().forEach(e=>{this.removeItem(e)}),this.emitChange()}static generateInMemoryCache(e){return ul.deserializeAllCache(ul.deserializeJSONBlob(e))}static generateJsonCache(e){return Ht.serializeAllCache(e)}updateCredentialCacheKey(e,t){let n=this.generateCredentialKey(t);if(e!==n){let r=this.getItem(e);if(r)return this.removeItem(e),this.setItem(n,r),this.logger.verbose(`Updated an outdated ${t.credentialType} cache key`,``),n;this.logger.error(`Attempted to update an outdated ${t.credentialType} cache key but no item matching the outdated key was found in storage`,``)}return e}}})),yu,bu,xu=t((()=>{vu(),V(),dl(),Ut(),au(),pu(),yu={Account:{},IdToken:{},AccessToken:{},RefreshToken:{},AppMetadata:{}},bu=class{constructor(e,t,n){this.cacheHasChanged=!1,this.storage=e,this.storage.registerChangeEmitter(this.handleChangeEvent.bind(this)),n&&(this.persistence=n),this.logger=t}hasChanged(){return this.cacheHasChanged}serialize(){this.logger.trace(`Serializing in-memory cache`,``);let e=Ht.serializeAllCache(this.storage.getInMemoryCache());return this.cacheSnapshot?(this.logger.trace(`Reading cache snapshot from disk`,``),e=this.mergeState(JSON.parse(this.cacheSnapshot),e)):this.logger.trace(`No cache snapshot to merge`,``),this.cacheHasChanged=!1,JSON.stringify(e)}deserialize(e){if(this.logger.trace(`Deserializing JSON to in-memory cache`,``),this.cacheSnapshot=e,this.cacheSnapshot){this.logger.trace(`Reading cache snapshot from disk`,``);let e=ul.deserializeAllCache(this.overlayDefaults(JSON.parse(this.cacheSnapshot)));this.storage.setInMemoryCache(e)}else this.logger.trace(`No cache snapshot to deserialize`,``)}getKVStore(){return this.storage.getCache()}getCacheSnapshot(){let e=_u.generateInMemoryCache(this.cacheSnapshot);return this.storage.inMemoryCacheToCache(e)}async getAllAccounts(e=new fu().createNewGuid()){this.logger.trace(`getAllAccounts called`,e);let t;try{return this.persistence&&(t=new Uo(this,!1),await this.persistence.beforeCacheAccess(t)),this.storage.getAllAccounts({},e)}finally{this.persistence&&t&&await this.persistence.afterCacheAccess(t)}}async getAccountByHomeId(e){let t=await this.getAllAccounts();return e&&t&&t.length&&t.filter(t=>t.homeAccountId===e)[0]||null}async getAccountByLocalId(e){let t=await this.getAllAccounts();return e&&t&&t.length&&t.filter(t=>t.localAccountId===e)[0]||null}async removeAccount(e,t){this.logger.trace(`removeAccount called`,t||``);let n;try{this.persistence&&(n=new Uo(this,!0),await this.persistence.beforeCacheAccess(n)),this.storage.removeAccount(e,t||new iu().generateGuid())}finally{this.persistence&&n&&await this.persistence.afterCacheAccess(n)}}async overwriteCache(){if(!this.persistence){this.logger.info(`No persistence layer specified, cache cannot be overwritten`,``);return}this.logger.info(`Overwriting in-memory cache with persistent cache`,``),this.storage.clear();let e=new Uo(this,!1);await this.persistence.beforeCacheAccess(e);let t=this.getCacheSnapshot();this.storage.setCache(t),await this.persistence.afterCacheAccess(e)}handleChangeEvent(){this.cacheHasChanged=!0}mergeState(e,t){this.logger.trace(`Merging in-memory cache with cache snapshot`,``);let n=this.mergeRemovals(e,t);return this.mergeUpdates(n,t)}mergeUpdates(e,t){return Object.keys(t).forEach(n=>{let r=t[n];if(!e.hasOwnProperty(n))r!==null&&(e[n]=r);else{let t=r!==null,i=typeof r==`object`,a=!Array.isArray(r),o=e[n]!==void 0&&e[n]!==null;t&&i&&a&&o?this.mergeUpdates(e[n],r):e[n]=r}}),e}mergeRemovals(e,t){this.logger.trace(`Remove updated entries in cache`,``);let n=e.Account?this.mergeRemovalsDict(e.Account,t.Account):e.Account,r=e.AccessToken?this.mergeRemovalsDict(e.AccessToken,t.AccessToken):e.AccessToken,i=e.RefreshToken?this.mergeRemovalsDict(e.RefreshToken,t.RefreshToken):e.RefreshToken,a=e.IdToken?this.mergeRemovalsDict(e.IdToken,t.IdToken):e.IdToken,o=e.AppMetadata?this.mergeRemovalsDict(e.AppMetadata,t.AppMetadata):e.AppMetadata;return{...e,Account:n,AccessToken:r,RefreshToken:i,IdToken:a,AppMetadata:o}}mergeRemovalsDict(e,t){let n={...e};return Object.keys(e).forEach(e=>{(!t||!t.hasOwnProperty(e))&&delete n[e]}),n}overlayDefaults(e){return this.logger.trace(`Overlaying input cache with the default cache`,``),{Account:{...yu.Account,...e.Account},IdToken:{...yu.IdToken,...e.IdToken},AccessToken:{...yu.AccessToken,...e.AccessToken},RefreshToken:{...yu.RefreshToken,...e.RefreshToken},AppMetadata:{...yu.AppMetadata,...e.AppMetadata}}}}})),Su=r(((e,t)=>{var n=f();t.exports=function(e,t){t=t||{};var r=n.decode(e,t);if(!r)return null;var i=r.payload;if(typeof i==`string`)try{var a=JSON.parse(i);typeof a==`object`&&a&&(i=a)}catch{}return t.complete===!0?{header:r.header,payload:i,signature:r.signature}:i}})),Cu=r(((e,t)=>{var n=function(e,t){Error.call(this,e),Error.captureStackTrace&&Error.captureStackTrace(this,this.constructor),this.name=`JsonWebTokenError`,this.message=e,t&&(this.inner=t)};n.prototype=Object.create(Error.prototype),n.prototype.constructor=n,t.exports=n})),wu=r(((e,t)=>{var n=Cu(),r=function(e,t){n.call(this,e),this.name=`NotBeforeError`,this.date=t};r.prototype=Object.create(n.prototype),r.prototype.constructor=r,t.exports=r})),Tu=r(((e,t)=>{var n=Cu(),r=function(e,t){n.call(this,e),this.name=`TokenExpiredError`,this.expiredAt=t};r.prototype=Object.create(n.prototype),r.prototype.constructor=r,t.exports=r})),Eu=r(((e,t)=>{var n=o();t.exports=function(e,t){var r=t||Math.floor(Date.now()/1e3);if(typeof e==`string`){var i=n(e);return i===void 0?void 0:Math.floor(r+i/1e3)}else if(typeof e==`number`)return r+e;else return}})),Du=r(((e,t)=>{t.exports=p().satisfies(process.version,`>=15.7.0`)})),Ou=r(((e,t)=>{t.exports=p().satisfies(process.version,`>=16.9.0`)})),ku=r(((e,t)=>{var n=Du(),r=Ou(),i={ec:[`ES256`,`ES384`,`ES512`],rsa:[`RS256`,`PS256`,`RS384`,`PS384`,`RS512`,`PS512`],"rsa-pss":[`PS256`,`PS384`,`PS512`]},a={ES256:`prime256v1`,ES384:`secp384r1`,ES512:`secp521r1`};t.exports=function(e,t){if(!e||!t)return;let o=t.asymmetricKeyType;if(!o)return;let s=i[o];if(!s)throw Error(`Unknown key type "${o}".`);if(!s.includes(e))throw Error(`"alg" parameter for "${o}" key type must be one of: ${s.join(`, `)}.`);if(n)switch(o){case`ec`:let n=t.asymmetricKeyDetails.namedCurve,i=a[e];if(n!==i)throw Error(`"alg" parameter "${e}" requires curve "${i}".`);break;case`rsa-pss`:if(r){let n=parseInt(e.slice(-3),10),{hashAlgorithm:r,mgf1HashAlgorithm:i,saltLength:a}=t.asymmetricKeyDetails;if(r!==`sha${n}`||i!==r)throw Error(`Invalid key for this operation, its RSA-PSS parameters do not meet the requirements of "alg" ${e}.`);if(a!==void 0&&a>n>>3)throw Error(`Invalid key for this operation, its RSA-PSS parameter saltLength does not meet the requirements of "alg" ${e}.`)}break}}})),Au=r(((e,t)=>{t.exports=p().satisfies(process.version,`^6.12.0 || >=8.0.0`)})),ju=r(((t,n)=>{var r=Cu(),i=wu(),a=Tu(),o=Su(),s=Eu(),c=ku(),l=Au(),u=f(),{KeyObject:d,createSecretKey:p,createPublicKey:m}=e(`crypto`),h=[`RS256`,`RS384`,`RS512`],ee=[`ES256`,`ES384`,`ES512`],g=[`RS256`,`RS384`,`RS512`],te=[`HS256`,`HS384`,`HS512`];l&&(h.splice(h.length,0,`PS256`,`PS384`,`PS512`),g.splice(g.length,0,`PS256`,`PS384`,`PS512`)),n.exports=function(e,t,n,l){typeof n==`function`&&!l&&(l=n,n={}),n||(n={}),n=Object.assign({},n);let f;if(f=l||function(e,t){if(e)throw e;return t},n.clockTimestamp&&typeof n.clockTimestamp!=`number`)return f(new r(`clockTimestamp must be a number`));if(n.nonce!==void 0&&(typeof n.nonce!=`string`||n.nonce.trim()===``))return f(new r(`nonce must be a non-empty string`));if(n.allowInvalidAsymmetricKeyTypes!==void 0&&typeof n.allowInvalidAsymmetricKeyTypes!=`boolean`)return f(new r(`allowInvalidAsymmetricKeyTypes must be a boolean`));let ne=n.clockTimestamp||Math.floor(Date.now()/1e3);if(!e)return f(new r(`jwt must be provided`));if(typeof e!=`string`)return f(new r(`jwt must be a string`));let re=e.split(`.`);if(re.length!==3)return f(new r(`jwt malformed`));let ie;try{ie=o(e,{complete:!0})}catch(e){return f(e)}if(!ie)return f(new r(`invalid token`));let ae=ie.header,oe;if(typeof t==`function`){if(!l)return f(new r(`verify must be called asynchronous if secret or public key is provided as a callback`));oe=t}else oe=function(e,n){return n(null,t)};return oe(ae,function(t,o){if(t)return f(new r(`error in secret or public key callback: `+t.message));let l=re[2].trim()!==``;if(!l&&o)return f(new r(`jwt signature is required`));if(l&&!o)return f(new r(`secret or public key must be provided`));if(!l&&!n.algorithms)return f(new r(`please specify "none" in "algorithms" to verify unsigned tokens`));if(o!=null&&!(o instanceof d))try{o=m(o)}catch{try{o=p(typeof o==`string`?Buffer.from(o):o)}catch{return f(new r(`secretOrPublicKey is not valid key material`))}}if(n.algorithms||(o.type===`secret`?n.algorithms=te:[`rsa`,`rsa-pss`].includes(o.asymmetricKeyType)?n.algorithms=g:o.asymmetricKeyType===`ec`?n.algorithms=ee:n.algorithms=h),n.algorithms.indexOf(ie.header.alg)===-1)return f(new r(`invalid algorithm`));if(ae.alg.startsWith(`HS`)&&o.type!==`secret`)return f(new r(`secretOrPublicKey must be a symmetric key when using ${ae.alg}`));if(/^(?:RS|PS|ES)/.test(ae.alg)&&o.type!==`public`)return f(new r(`secretOrPublicKey must be an asymmetric key when using ${ae.alg}`));if(!n.allowInvalidAsymmetricKeyTypes)try{c(ae.alg,o)}catch(e){return f(e)}let oe;try{oe=u.verify(e,ie.header.alg,o)}catch(e){return f(e)}if(!oe)return f(new r(`invalid signature`));let _=ie.payload;if(_.nbf!==void 0&&!n.ignoreNotBefore){if(typeof _.nbf!=`number`)return f(new r(`invalid nbf value`));if(_.nbf>ne+(n.clockTolerance||0))return f(new i(`jwt not active`,new Date(_.nbf*1e3)))}if(_.exp!==void 0&&!n.ignoreExpiration){if(typeof _.exp!=`number`)return f(new r(`invalid exp value`));if(ne>=_.exp+(n.clockTolerance||0))return f(new a(`jwt expired`,new Date(_.exp*1e3)))}if(n.audience){let e=Array.isArray(n.audience)?n.audience:[n.audience];if(!(Array.isArray(_.aud)?_.aud:[_.aud]).some(function(t){return e.some(function(e){return e instanceof RegExp?e.test(t):e===t})}))return f(new r(`jwt audience invalid. expected: `+e.join(` or `)))}if(n.issuer&&(typeof n.issuer==`string`&&_.iss!==n.issuer||Array.isArray(n.issuer)&&n.issuer.indexOf(_.iss)===-1))return f(new r(`jwt issuer invalid. expected: `+n.issuer));if(n.subject&&_.sub!==n.subject)return f(new r(`jwt subject invalid. expected: `+n.subject));if(n.jwtid&&_.jti!==n.jwtid)return f(new r(`jwt jwtid invalid. expected: `+n.jwtid));if(n.nonce&&_.nonce!==n.nonce)return f(new r(`jwt nonce invalid. expected: `+n.nonce));if(n.maxAge){if(typeof _.iat!=`number`)return f(new r(`iat required when maxAge is specified`));let e=s(n.maxAge,_.iat);if(e===void 0)return f(new r(`"maxAge" should be a number of seconds or string representing a timespan eg: "1d", "20h", 60`));if(ne>=e+(n.clockTolerance||0))return f(new a(`maxAge exceeded`,new Date(e*1e3)))}if(n.complete===!0){let e=ie.signature;return f(null,{header:ae,payload:_,signature:e})}return f(null,_)})}})),Mu=r(((e,t)=>{var n=1/0,r=9007199254740991,i=17976931348623157e292,a=NaN,o=`[object Arguments]`,s=`[object Function]`,c=`[object GeneratorFunction]`,l=`[object String]`,u=`[object Symbol]`,d=/^\s+|\s+$/g,f=/^[-+]0x[0-9a-f]+$/i,p=/^0b[01]+$/i,m=/^0o[0-7]+$/i,h=/^(?:0|[1-9]\d*)$/,ee=parseInt;function g(e,t){for(var n=-1,r=e?e.length:0,i=Array(r);++n<r;)i[n]=t(e[n],n,e);return i}function te(e,t,n,r){for(var i=e.length,a=n+(r?1:-1);r?a--:++a<i;)if(t(e[a],a,e))return a;return-1}function ne(e,t,n){if(t!==t)return te(e,re,n);for(var r=n-1,i=e.length;++r<i;)if(e[r]===t)return r;return-1}function re(e){return e!==e}function ie(e,t){for(var n=-1,r=Array(e);++n<e;)r[n]=t(n);return r}function ae(e,t){return g(t,function(t){return e[t]})}function oe(e,t){return function(n){return e(t(n))}}var _=Object.prototype,se=_.hasOwnProperty,ce=_.toString,le=_.propertyIsEnumerable,ue=oe(Object.keys,Object),de=Math.max;function fe(e,t){var n=ve(e)||_e(e)?ie(e.length,String):[],r=n.length,i=!!r;for(var a in e)(t||se.call(e,a))&&!(i&&(a==`length`||me(a,r)))&&n.push(a);return n}function pe(e){if(!he(e))return ue(e);var t=[];for(var n in Object(e))se.call(e,n)&&n!=`constructor`&&t.push(n);return t}function me(e,t){return t=t??r,!!t&&(typeof e==`number`||h.test(e))&&e>-1&&e%1==0&&e<t}function he(e){var t=e&&e.constructor;return e===(typeof t==`function`&&t.prototype||_)}function ge(e,t,n,r){e=ye(e)?e:je(e),n=n&&!r?Oe(n):0;var i=e.length;return n<0&&(n=de(i+n,0)),Te(e)?n<=i&&e.indexOf(t,n)>-1:!!i&&ne(e,t,n)>-1}function _e(e){return be(e)&&se.call(e,`callee`)&&(!le.call(e,`callee`)||ce.call(e)==o)}var ve=Array.isArray;function ye(e){return e!=null&&Se(e.length)&&!xe(e)}function be(e){return we(e)&&ye(e)}function xe(e){var t=Ce(e)?ce.call(e):``;return t==s||t==c}function Se(e){return typeof e==`number`&&e>-1&&e%1==0&&e<=r}function Ce(e){var t=typeof e;return!!e&&(t==`object`||t==`function`)}function we(e){return!!e&&typeof e==`object`}function Te(e){return typeof e==`string`||!ve(e)&&we(e)&&ce.call(e)==l}function Ee(e){return typeof e==`symbol`||we(e)&&ce.call(e)==u}function De(e){return e?(e=ke(e),e===n||e===-n?(e<0?-1:1)*i:e===e?e:0):e===0?e:0}function Oe(e){var t=De(e),n=t%1;return t===t?n?t-n:t:0}function ke(e){if(typeof e==`number`)return e;if(Ee(e))return a;if(Ce(e)){var t=typeof e.valueOf==`function`?e.valueOf():e;e=Ce(t)?t+``:t}if(typeof e!=`string`)return e===0?e:+e;e=e.replace(d,``);var n=p.test(e);return n||m.test(e)?ee(e.slice(2),n?2:8):f.test(e)?a:+e}function Ae(e){return ye(e)?fe(e):pe(e)}function je(e){return e?ae(e,Ae(e)):[]}t.exports=ge})),Nu=r(((e,t)=>{var n=`[object Boolean]`,r=Object.prototype.toString;function i(e){return e===!0||e===!1||a(e)&&r.call(e)==n}function a(e){return!!e&&typeof e==`object`}t.exports=i})),Pu=r(((e,t)=>{var n=1/0,r=17976931348623157e292,i=NaN,a=`[object Symbol]`,o=/^\s+|\s+$/g,s=/^[-+]0x[0-9a-f]+$/i,c=/^0b[01]+$/i,l=/^0o[0-7]+$/i,u=parseInt,d=Object.prototype.toString;function f(e){return typeof e==`number`&&e==g(e)}function p(e){var t=typeof e;return!!e&&(t==`object`||t==`function`)}function m(e){return!!e&&typeof e==`object`}function h(e){return typeof e==`symbol`||m(e)&&d.call(e)==a}function ee(e){return e?(e=te(e),e===n||e===-n?(e<0?-1:1)*r:e===e?e:0):e===0?e:0}function g(e){var t=ee(e),n=t%1;return t===t?n?t-n:t:0}function te(e){if(typeof e==`number`)return e;if(h(e))return i;if(p(e)){var t=typeof e.valueOf==`function`?e.valueOf():e;e=p(t)?t+``:t}if(typeof e!=`string`)return e===0?e:+e;e=e.replace(o,``);var n=c.test(e);return n||l.test(e)?u(e.slice(2),n?2:8):s.test(e)?i:+e}t.exports=f})),Fu=r(((e,t)=>{var n=`[object Number]`,r=Object.prototype.toString;function i(e){return!!e&&typeof e==`object`}function a(e){return typeof e==`number`||i(e)&&r.call(e)==n}t.exports=a})),Iu=r(((e,t)=>{var n=`[object Object]`;function r(e){var t=!1;if(e!=null&&typeof e.toString!=`function`)try{t=!!(e+``)}catch{}return t}function i(e,t){return function(n){return e(t(n))}}var a=Function.prototype,o=Object.prototype,s=a.toString,c=o.hasOwnProperty,l=s.call(Object),u=o.toString,d=i(Object.getPrototypeOf,Object);function f(e){return!!e&&typeof e==`object`}function p(e){if(!f(e)||u.call(e)!=n||r(e))return!1;var t=d(e);if(t===null)return!0;var i=c.call(t,`constructor`)&&t.constructor;return typeof i==`function`&&i instanceof i&&s.call(i)==l}t.exports=p})),Lu=r(((e,t)=>{var n=`[object String]`,r=Object.prototype.toString,i=Array.isArray;function a(e){return!!e&&typeof e==`object`}function o(e){return typeof e==`string`||!i(e)&&a(e)&&r.call(e)==n}t.exports=o})),Ru=r(((e,t)=>{var n=`Expected a function`,r=1/0,i=17976931348623157e292,a=NaN,o=`[object Symbol]`,s=/^\s+|\s+$/g,c=/^[-+]0x[0-9a-f]+$/i,l=/^0b[01]+$/i,u=/^0o[0-7]+$/i,d=parseInt,f=Object.prototype.toString;function p(e,t){var r;if(typeof t!=`function`)throw TypeError(n);return e=ne(e),function(){return--e>0&&(r=t.apply(this,arguments)),e<=1&&(t=void 0),r}}function m(e){return p(2,e)}function h(e){var t=typeof e;return!!e&&(t==`object`||t==`function`)}function ee(e){return!!e&&typeof e==`object`}function g(e){return typeof e==`symbol`||ee(e)&&f.call(e)==o}function te(e){return e?(e=re(e),e===r||e===-r?(e<0?-1:1)*i:e===e?e:0):e===0?e:0}function ne(e){var t=te(e),n=t%1;return t===t?n?t-n:t:0}function re(e){if(typeof e==`number`)return e;if(g(e))return a;if(h(e)){var t=typeof e.valueOf==`function`?e.valueOf():e;e=h(t)?t+``:t}if(typeof e!=`string`)return e===0?e:+e;e=e.replace(s,``);var n=l.test(e);return n||u.test(e)?d(e.slice(2),n?2:8):c.test(e)?a:+e}t.exports=m})),zu=r(((t,n)=>{var r=Eu(),i=Au(),a=ku(),o=f(),s=Mu(),c=Nu(),l=Pu(),u=Fu(),d=Iu(),p=Lu(),m=Ru(),{KeyObject:h,createSecretKey:ee,createPrivateKey:g}=e(`crypto`),te=[`RS256`,`RS384`,`RS512`,`ES256`,`ES384`,`ES512`,`HS256`,`HS384`,`HS512`,`none`];i&&te.splice(3,0,`PS256`,`PS384`,`PS512`);var ne={expiresIn:{isValid:function(e){return l(e)||p(e)&&e},message:`"expiresIn" should be a number of seconds or string representing a timespan`},notBefore:{isValid:function(e){return l(e)||p(e)&&e},message:`"notBefore" should be a number of seconds or string representing a timespan`},audience:{isValid:function(e){return p(e)||Array.isArray(e)},message:`"audience" must be a string or array`},algorithm:{isValid:s.bind(null,te),message:`"algorithm" must be a valid string enum value`},header:{isValid:d,message:`"header" must be an object`},encoding:{isValid:p,message:`"encoding" must be a string`},issuer:{isValid:p,message:`"issuer" must be a string`},subject:{isValid:p,message:`"subject" must be a string`},jwtid:{isValid:p,message:`"jwtid" must be a string`},noTimestamp:{isValid:c,message:`"noTimestamp" must be a boolean`},keyid:{isValid:p,message:`"keyid" must be a string`},mutatePayload:{isValid:c,message:`"mutatePayload" must be a boolean`},allowInsecureKeySizes:{isValid:c,message:`"allowInsecureKeySizes" must be a boolean`},allowInvalidAsymmetricKeyTypes:{isValid:c,message:`"allowInvalidAsymmetricKeyTypes" must be a boolean`}},re={iat:{isValid:u,message:`"iat" should be a number of seconds`},exp:{isValid:u,message:`"exp" should be a number of seconds`},nbf:{isValid:u,message:`"nbf" should be a number of seconds`}};function ie(e,t,n,r){if(!d(n))throw Error(`Expected "`+r+`" to be a plain object.`);Object.keys(n).forEach(function(i){let a=e[i];if(!a){if(!t)throw Error(`"`+i+`" is not allowed in "`+r+`"`);return}if(!a.isValid(n[i]))throw Error(a.message)})}function ae(e){return ie(ne,!1,e,`options`)}function oe(e){return ie(re,!0,e,`payload`)}var _={audience:`aud`,issuer:`iss`,subject:`sub`,jwtid:`jti`},se=[`expiresIn`,`notBefore`,`noTimestamp`,`audience`,`issuer`,`subject`,`jwtid`];n.exports=function(e,t,n,i){typeof n==`function`?(i=n,n={}):n=n||{};let s=typeof e==`object`&&!Buffer.isBuffer(e),c=Object.assign({alg:n.algorithm||`HS256`,typ:s?`JWT`:void 0,kid:n.keyid},n.header);function l(e){if(i)return i(e);throw e}if(!t&&n.algorithm!==`none`)return l(Error(`secretOrPrivateKey must have a value`));if(t!=null&&!(t instanceof h))try{t=g(t)}catch{try{t=ee(typeof t==`string`?Buffer.from(t):t)}catch{return l(Error(`secretOrPrivateKey is not valid key material`))}}if(c.alg.startsWith(`HS`)&&t.type!==`secret`)return l(Error(`secretOrPrivateKey must be a symmetric key when using ${c.alg}`));if(/^(?:RS|PS|ES)/.test(c.alg)){if(t.type!==`private`)return l(Error(`secretOrPrivateKey must be an asymmetric key when using ${c.alg}`));if(!n.allowInsecureKeySizes&&!c.alg.startsWith(`ES`)&&t.asymmetricKeyDetails!==void 0&&t.asymmetricKeyDetails.modulusLength<2048)return l(Error(`secretOrPrivateKey has a minimum key size of 2048 bits for ${c.alg}`))}if(e===void 0)return l(Error(`payload is required`));if(s){try{oe(e)}catch(e){return l(e)}n.mutatePayload||(e=Object.assign({},e))}else{let t=se.filter(function(e){return n[e]!==void 0});if(t.length>0)return l(Error(`invalid `+t.join(`,`)+` option for `+typeof e+` payload`))}if(e.exp!==void 0&&n.expiresIn!==void 0)return l(Error(`Bad "options.expiresIn" option the payload already has an "exp" property.`));if(e.nbf!==void 0&&n.notBefore!==void 0)return l(Error(`Bad "options.notBefore" option the payload already has an "nbf" property.`));try{ae(n)}catch(e){return l(e)}if(!n.allowInvalidAsymmetricKeyTypes)try{a(c.alg,t)}catch(e){return l(e)}let u=e.iat||Math.floor(Date.now()/1e3);if(n.noTimestamp?delete e.iat:s&&(e.iat=u),n.notBefore!==void 0){try{e.nbf=r(n.notBefore,u)}catch(e){return l(e)}if(e.nbf===void 0)return l(Error(`"notBefore" should be a number of seconds or string representing a timespan eg: "1d", "20h", 60`))}if(n.expiresIn!==void 0&&typeof e==`object`){try{e.exp=r(n.expiresIn,u)}catch(e){return l(e)}if(e.exp===void 0)return l(Error(`"expiresIn" should be a number of seconds or string representing a timespan eg: "1d", "20h", 60`))}Object.keys(_).forEach(function(t){let r=_[t];if(n[t]!==void 0){if(e[r]!==void 0)return l(Error(`Bad "options.`+t+`" option. The payload already has an "`+r+`" property.`));e[r]=n[t]}});let d=n.encoding||`utf8`;if(typeof i==`function`)i=i&&m(i),o.createSign({header:c,privateKey:t,payload:e,encoding:d}).once(`error`,i).once(`done`,function(e){if(!n.allowInsecureKeySizes&&/^(?:RS|PS)/.test(c.alg)&&e.length<256)return i(Error(`secretOrPrivateKey has a minimum key size of 2048 bits for ${c.alg}`));i(null,e)});else{let r=o.sign({header:c,payload:e,secret:t,encoding:d});if(!n.allowInsecureKeySizes&&/^(?:RS|PS)/.test(c.alg)&&r.length<256)throw Error(`secretOrPrivateKey has a minimum key size of 2048 bits for ${c.alg}`);return r}}})),Bu=r(((e,t)=>{t.exports={decode:Su(),verify:ju(),sign:zu(),JsonWebTokenError:Cu(),NotBeforeError:wu(),TokenExpiredError:Tu()}})),Vu,Hu,Uu,Wu,Gu,Ku,qu,Ju=t((()=>{Vu=`missing_tenant_id_error`,Hu=`user_timeout_reached`,Uu=`invalid_assertion`,Wu=`invalid_client_credential`,Gu=`device_code_polling_cancelled`,Ku=`device_code_expired`,qu=`device_code_unknown_error`})),Yu,Xu,Zu=t((()=>{Yu=n(Bu(),1),V(),su(),J(),Ju(),Xu=class e{static fromAssertion(t){let n=new e;return n.jwt=t,n}static fromCertificate(t,n,r){let i=new e;return i.privateKey=n,i.thumbprint=t,i.useSha256=!1,r&&(i.publicCertificate=this.parseCertificate(r)),i}static fromCertificateWithSha256Thumbprint(t,n,r){let i=new e;return i.privateKey=n,i.thumbprint=t,i.useSha256=!0,r&&(i.publicCertificate=this.parseCertificate(r)),i}getJwt(e,t,n){if(this.privateKey&&this.thumbprint)return this.jwt&&!this.isExpired()&&t===this.issuer&&n===this.jwtAudience?this.jwt:this.createJwt(e,t,n);if(this.jwt)return this.jwt;throw N(Uu)}createJwt(e,t,n){this.issuer=t,this.jwtAudience=n;let r=z();this.expirationTime=r+600;let i={alg:this.useSha256?Sl.PSS_256:Sl.RSA_256},a=this.useSha256?Sl.X5T_256:Sl.X5T;Object.assign(i,{[a]:ou.base64EncodeUrl(this.thumbprint,Nn.HEX)}),this.publicCertificate&&Object.assign(i,{[Sl.X5C]:this.publicCertificate});let o={[Sl.AUDIENCE]:this.jwtAudience,[Sl.EXPIRATION_TIME]:this.expirationTime,[Sl.ISSUER]:this.issuer,[Sl.SUBJECT]:this.issuer,[Sl.NOT_BEFORE]:r,[Sl.JWT_ID]:e.createNewGuid()};return this.jwt=Yu.default.sign(o,this.privateKey,{header:i}),this.jwt}isExpired(){return this.expirationTime<z()}static parseCertificate(e){let t=/-----BEGIN CERTIFICATE-----\r*\n(.+?)\r*\n-----END CERTIFICATE-----/gs,n=[],r;for(;(r=t.exec(e))!==null;)n.push(r[1].replace(/\r*\n/g,``));return n}}})),Qu,$u,ed=t((()=>{Qu=`@azure/msal-node`,$u=`5.1.2`})),td,nd=t((()=>{V(),ed(),td=class{constructor(e){this.config=Mo(e),this.logger=new Aa(this.config.loggerOptions,Qu,$u),this.cryptoUtils=this.config.cryptoInterface,this.cacheManager=this.config.storageInterface,this.networkClient=this.config.networkInterface,this.serverTelemetryManager=this.config.serverTelemetryManager,this.authority=this.config.authOptions.authority,this.performanceClient=new Ao}createTokenRequestHeaders(e){return xc(this.logger,!1,e)}async executePostToTokenEndpoint(e,t,n,r,i){return Cc(e,t,n,r,i,this.cacheManager,this.networkClient,this.logger,this.performanceClient,this.serverTelemetryManager)}async sendPostRequest(e,t,n,r){return wc(e,t,n,r,this.cacheManager,this.networkClient,this.logger,this.performanceClient)}createTokenQueryParameters(e){return Sc(e,this.config.authOptions.clientId,this.config.authOptions.redirectUri,this.performanceClient)}}})),rd,id=t((()=>{V(),J(),nd(),rd=class extends td{constructor(e){super(e)}async acquireToken(e){this.logger.info(`in acquireToken call in username-password client`,e.correlationId);let t=z(),n=await this.executeTokenRequest(this.authority,e),r=new cc(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.performanceClient,this.config.serializableCache,this.config.persistencePlugin);return r.validateTokenResponse(n.body,e.correlationId),r.handleServerTokenResponse(n.body,this.authority,t,e,q.acquireTokenByUsernamePassword)}async executeTokenRequest(e,t){let n=this.createTokenQueryParameters(t),r=R.appendQueryString(e.tokenEndpoint,n),i=await this.createTokenRequestBody(t),a=this.createTokenRequestHeaders({credential:t.username,type:uc.UPN}),o={clientId:this.config.authOptions.clientId,authority:e.canonicalAuthority,scopes:t.scopes,claims:t.claims,authenticationScheme:t.authenticationScheme,resourceRequestMethod:t.resourceRequestMethod,resourceRequestUri:t.resourceRequestUri,shrClaims:t.shrClaims,sshKid:t.sshKid};return this.executePostToTokenEndpoint(r,i,a,o,t.correlationId)}async createTokenRequestBody(e){let t=new Map;Ai(t,this.config.authOptions.clientId),ca(t,e.username),la(t,e.password),ki(t,e.scopes),Di(t,hn.IDTOKEN_TOKEN),na(t,_n.RESOURCE_OWNER_PASSWORD_GRANT),ra(t),Vi(t,this.config.libraryInfo),Hi(t,this.config.telemetry.application),pa(t),this.serverTelemetryManager&&fa(t,this.serverTelemetryManager),Bi(t,e.correlationId||this.config.cryptoInterface.createNewGuid()),this.config.clientCredentials.clientSecret&&Zi(t,this.config.clientCredentials.clientSecret);let n=this.config.clientCredentials.clientAssertion;return n&&(Qi(t,await fc(n.assertion,this.config.authOptions.clientId,e.resourceRequestUri)),$i(t,n.assertionType)),(!Mr.isEmptyObj(e.claims)||this.config.authOptions.clientCapabilities&&this.config.authOptions.clientCapabilities.length>0)&&zi(t,e.claims,this.config.authOptions.clientCapabilities),this.config.systemOptions.preventCorsPreflight&&e.username&&Ii(t,e.username),ba(t)}}}));function ad(e,t,n,r){let i=Jc({...e.auth,authority:t,redirectUri:n.redirectUri||``},n,r);return Vi(i,{sku:xl.MSAL_SKU,version:$u,cpu:process.arch||``,os:process.platform||``}),e.system.protocolMode!==vo.OIDC&&Hi(i,e.telemetry.application),Di(i,hn.CODE),n.codeChallenge&&n.codeChallengeMethod&&Ki(i,n.codeChallenge,n.codeChallengeMethod),oa(i,n.extraQueryParameters||{}),Yc(t,i)}var od=t((()=>{V(),J(),ed()})),sd,cd=t((()=>{V(),ru(),pu(),vu(),J(),xu(),Zu(),ed(),Xl(),id(),od(),sd=class{constructor(e){this.config=Zl(e),this.cryptoProvider=new fu,this.logger=new Aa(this.config.system.loggerOptions,Qu,$u),this.storage=new _u(this.logger,this.config.auth.clientId,this.cryptoProvider,Ic(this.config.auth)),this.tokenCache=new bu(this.storage,this.logger,this.config.cache.cachePlugin)}async getAuthCodeUrl(e){this.logger.info(`getAuthCodeUrl called`,e.correlationId||``);let t={...e,...await this.initializeBaseRequest(e),responseMode:e.responseMode||gn.QUERY,authenticationScheme:O.BEARER,state:e.state||``,nonce:e.nonce||``},n=await this.createAuthority(t.authority,t.correlationId,void 0,e.azureCloudOptions);return ad(this.config,n,t,this.logger)}async acquireTokenByCode(e,t){this.logger.info(`acquireTokenByCode called`,e.correlationId||``),e.state&&t&&(this.logger.info(`acquireTokenByCode - validating state`,e.correlationId||``),this.validateState(e.state,t.state||``),t={...t,state:``});let n={...e,...await this.initializeBaseRequest(e),authenticationScheme:O.BEARER},r=this.initializeServerTelemetryManager(q.acquireTokenByCode,n.correlationId);try{let i=await this.createAuthority(n.authority,n.correlationId,void 0,e.azureCloudOptions),a=new Vc(await this.buildOauthClientConfiguration(i,n.correlationId,n.redirectUri,r),new Ao);return this.logger.verbose(`Auth code client created`,n.correlationId),await a.acquireToken(n,q.acquireTokenByCode,t)}catch(e){throw e instanceof j&&e.setCorrelationId(n.correlationId),r.cacheFailedRequest(e),e}}async acquireTokenByRefreshToken(e){this.logger.info(`acquireTokenByRefreshToken called`,e.correlationId||``);let t={...e,...await this.initializeBaseRequest(e),authenticationScheme:O.BEARER},n=this.initializeServerTelemetryManager(q.acquireTokenByRefreshToken,t.correlationId);try{let r=await this.createAuthority(t.authority,t.correlationId,void 0,e.azureCloudOptions),i=new Wc(await this.buildOauthClientConfiguration(r,t.correlationId,t.redirectUri||``,n),new Ao);return this.logger.verbose(`Refresh token client created`,t.correlationId),await i.acquireToken(t,q.acquireTokenByRefreshToken)}catch(e){throw e instanceof j&&e.setCorrelationId(t.correlationId),n.cacheFailedRequest(e),e}}async acquireTokenSilent(e){let t={...e,...await this.initializeBaseRequest(e),forceRefresh:e.forceRefresh||!1},n=this.initializeServerTelemetryManager(q.acquireTokenSilent,t.correlationId,t.forceRefresh);try{let r=await this.createAuthority(t.authority,t.correlationId,void 0,e.azureCloudOptions),i=await this.buildOauthClientConfiguration(r,t.correlationId,t.redirectUri||``,n),a=new Kc(i,new Ao);this.logger.verbose(`Silent flow client created`,t.correlationId);try{return await this.tokenCache.overwriteCache(),await this.acquireCachedTokenSilent(t,a,i)}catch(e){if(e instanceof Pr&&e.errorCode===`token_refresh_required`)return new Wc(i,new Ao).acquireTokenByRefreshToken(t,q.acquireTokenSilent);throw e}}catch(e){throw e instanceof j&&e.setCorrelationId(t.correlationId),n.cacheFailedRequest(e),e}}async acquireCachedTokenSilent(e,t,n){let[r,i]=await t.acquireCachedToken({...e,scopes:e.scopes?.length?e.scopes:[...ln]});if(i===k.PROACTIVELY_REFRESHED){this.logger.info(`ClientApplication:acquireCachedTokenSilent - Cached access token's refreshOn property has been exceeded'. It's not expired, but must be refreshed.`,e.correlationId);let t=new Wc(n,new Ao);try{await t.acquireTokenByRefreshToken(e,q.acquireTokenSilent)}catch{}}return r}async acquireTokenByUsernamePassword(e){this.logger.info(`acquireTokenByUsernamePassword called`,e.correlationId||``);let t={...e,...await this.initializeBaseRequest(e)},n=this.initializeServerTelemetryManager(q.acquireTokenByUsernamePassword,t.correlationId);try{let r=await this.createAuthority(t.authority,t.correlationId,void 0,e.azureCloudOptions),i=new rd(await this.buildOauthClientConfiguration(r,t.correlationId,``,n));return this.logger.verbose(`Username password client created`,t.correlationId),await i.acquireToken(t)}catch(e){throw e instanceof j&&e.setCorrelationId(t.correlationId),n.cacheFailedRequest(e),e}}getTokenCache(){return this.logger.info(`getTokenCache called`,``),this.tokenCache}validateState(e,t){if(!e)throw Yl.createStateNotFoundError();if(e!==t)throw N(ii)}getLogger(){return this.logger}setLogger(e){this.logger=e}async buildOauthClientConfiguration(e,t,n,r){return this.logger.verbose(`buildOauthClientConfiguration called`,t),this.logger.info(`Building oauth client configuration with the following authority: ${e.tokenEndpoint}.`,t),r?.updateRegionDiscoveryMetadata(e.regionDiscoveryMetadata),{authOptions:{clientId:this.config.auth.clientId,authority:e,clientCapabilities:this.config.auth.clientCapabilities,redirectUri:n,isMcp:this.config.auth.isMcp},loggerOptions:{logLevel:this.config.system.loggerOptions.logLevel,loggerCallback:this.config.system.loggerOptions.loggerCallback,piiLoggingEnabled:this.config.system.loggerOptions.piiLoggingEnabled,correlationId:t},cryptoInterface:this.cryptoProvider,networkInterface:this.config.system.networkClient,storageInterface:this.storage,serverTelemetryManager:r,clientCredentials:{clientSecret:this.clientSecret,clientAssertion:await this.getClientAssertion(e)},libraryInfo:{sku:xl.MSAL_SKU,version:$u,cpu:process.arch||``,os:process.platform||``},telemetry:this.config.telemetry,persistencePlugin:this.config.cache.cachePlugin,serializableCache:this.tokenCache}}async getClientAssertion(e){return this.developerProvidedClientAssertion&&(this.clientAssertion=Xu.fromAssertion(await fc(this.developerProvidedClientAssertion,this.config.auth.clientId,e.tokenEndpoint))),this.clientAssertion&&{assertion:this.clientAssertion.getJwt(this.cryptoProvider,this.config.auth.clientId,e.tokenEndpoint),assertionType:xl.JWT_BEARER_ASSERTION_TYPE}}async initializeBaseRequest(e){let t=e.correlationId||this.cryptoProvider.createNewGuid();return this.logger.verbose(`initializeRequestScopes called`,t),e.authenticationScheme&&e.authenticationScheme===O.POP&&this.logger.verbose(`Authentication Scheme 'pop' is not supported yet, setting Authentication Scheme to 'Bearer' for request`,t),e.authenticationScheme=O.BEARER,{...e,scopes:[...e&&e.scopes||[],...ln],correlationId:t,authority:e.authority||this.config.auth.authority}}initializeServerTelemetryManager(e,t,n){return new cl({clientId:this.config.auth.clientId,correlationId:t,apiId:e,forceRefresh:n||!1},this.storage)}async createAuthority(e,t,n,r){this.logger.verbose(`createAuthority called`,t);let i=Lc.generateAuthority(e,r||this.config.auth.azureCloudOptions),a={protocolMode:this.config.system.protocolMode,knownAuthorities:this.config.auth.knownAuthorities,cloudDiscoveryMetadata:this.config.auth.cloudDiscoveryMetadata,authorityMetadata:this.config.auth.authorityMetadata,azureRegionConfiguration:n};return zc(i,this.config.system.networkClient,this.storage,a,this.logger,t,new Ao)}clearCache(){this.storage.clear()}}})),ld,ud=t((()=>{V(),Xl(),J(),ld=class{async listenForAuthCode(e,t){if(this.server)throw Yl.createLoopbackServerAlreadyExistsError();return new Promise((n,r)=>{this.server=fe.createServer((i,a)=>{let o=i.url;if(!o){a.end(t||`Error occurred loading redirectUrl`),r(Yl.createUnableToLoadRedirectUrlError());return}else if(o===`/`){a.end(e||`Auth code was successfully acquired. You can close this window now.`);return}let s=this.getRedirectUri(),c=ya(new URL(o,s).search)||{};c.code&&(a.writeHead(302,{location:s}),a.end()),c.error&&a.end(t||`Error occurred: ${c.error}`),n(c)}),this.server.listen(0,`127.0.0.1`)})}getRedirectUri(){if(!this.server||!this.server.listening)throw Yl.createNoLoopbackServerExistsError();let e=this.server.address();if(!e||typeof e==`string`||!e.port)throw this.closeServer(),Yl.createInvalidLoopbackAddressTypeError();let t=e&&e.port;return`${xl.HTTP_PROTOCOL}${xl.LOCALHOST}:${t}`}closeServer(){this.server&&(this.server.close(),typeof this.server.closeAllConnections==`function`&&this.server.closeAllConnections(),this.server.unref(),this.server=void 0)}}})),dd,fd=t((()=>{V(),J(),Ju(),nd(),dd=class extends td{constructor(e){super(e)}async acquireToken(e){let t=await this.getDeviceCode(e);e.deviceCodeCallback(t);let n=z(),r=await this.acquireTokenWithDeviceCode(e,t),i=new cc(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.performanceClient,this.config.serializableCache,this.config.persistencePlugin);return i.validateTokenResponse(r,e.correlationId),i.handleServerTokenResponse(r,this.authority,n,e,q.acquireTokenByDeviceCode)}async getDeviceCode(e){let t=this.createExtraQueryParameters(e),n=R.appendQueryString(this.authority.deviceCodeEndpoint,t),r=this.createQueryString(e),i=this.createTokenRequestHeaders(),a={clientId:this.config.authOptions.clientId,authority:e.authority,scopes:e.scopes,claims:e.claims,authenticationScheme:e.authenticationScheme,resourceRequestMethod:e.resourceRequestMethod,resourceRequestUri:e.resourceRequestUri,shrClaims:e.shrClaims,sshKid:e.sshKid};return this.executePostRequestToDeviceCodeEndpoint(n,r,i,a,e.correlationId)}createExtraQueryParameters(e){let t=new Map;return e.extraQueryParameters&&oa(t,e.extraQueryParameters),ba(t)}async executePostRequestToDeviceCodeEndpoint(e,t,n,r,i){let{body:{user_code:a,device_code:o,verification_uri:s,expires_in:c,interval:l,message:u}}=await this.sendPostRequest(r,e,{body:t,headers:n},i);return{userCode:a,deviceCode:o,verificationUri:s,expiresIn:c,interval:l,message:u}}createQueryString(e){let t=new Map;return ki(t,e.scopes),Ai(t,this.config.authOptions.clientId),e.extraQueryParameters&&oa(t,e.extraQueryParameters),(e.claims||this.config.authOptions.clientCapabilities&&this.config.authOptions.clientCapabilities.length>0)&&zi(t,e.claims,this.config.authOptions.clientCapabilities),ba(t)}continuePolling(e,t,n){if(n)throw this.logger.error(`Token request cancelled by setting DeviceCodeRequest.cancel = true`,``),N(Gu);if(t&&t<e&&z()>t)throw this.logger.error(`User defined timeout for device code polling reached. The timeout was set for ${t}`,``),N(Hu);if(z()>e)throw t&&this.logger.verbose(`User specified timeout ignored as the device code has expired before the timeout elapsed. The user specified timeout was set for ${t}`,``),this.logger.error(`Device code expired. Expiration time of device code was ${e}`,``),N(Ku);return!0}async acquireTokenWithDeviceCode(e,t){let n=this.createTokenQueryParameters(e),r=R.appendQueryString(this.authority.tokenEndpoint,n),i=this.createTokenRequestBody(e,t),a=this.createTokenRequestHeaders(),o=e.timeout?z()+e.timeout:void 0,s=z()+t.expiresIn,c=t.interval*1e3;for(;this.continuePolling(s,o,e.cancel);){let t={clientId:this.config.authOptions.clientId,authority:e.authority,scopes:e.scopes,claims:e.claims,authenticationScheme:e.authenticationScheme,resourceRequestMethod:e.resourceRequestMethod,resourceRequestUri:e.resourceRequestUri,shrClaims:e.shrClaims,sshKid:e.sshKid},n=await this.executePostToTokenEndpoint(r,i,a,t,e.correlationId);if(n.body&&n.body.error)if(n.body.error===`authorization_pending`)this.logger.info(`Authorization pending. Continue polling.`,e.correlationId),await Jo(c);else throw this.logger.info(`Unexpected error in polling from the server`,e.correlationId),Or(nl,n.body.error);else return this.logger.verbose(`Authorization completed successfully. Polling stopped.`,e.correlationId),n.body}throw this.logger.error(`Polling stopped for unknown reasons.`,e.correlationId),N(qu)}createTokenRequestBody(e,t){let n=new Map;return ki(n,e.scopes),Ai(n,this.config.authOptions.clientId),na(n,_n.DEVICE_CODE_GRANT),Ji(n,t.deviceCode),Bi(n,e.correlationId||this.config.cryptoInterface.createNewGuid()),ra(n),Vi(n,this.config.libraryInfo),Hi(n,this.config.telemetry.application),pa(n),this.serverTelemetryManager&&fa(n,this.serverTelemetryManager),(!Mr.isEmptyObj(e.claims)||this.config.authOptions.clientCapabilities&&this.config.authOptions.clientCapabilities.length>0)&&zi(n,e.claims,this.config.authOptions.clientCapabilities),ba(n)}}})),pd,md=t((()=>{J(),V(),cd(),Xl(),ud(),fd(),ed(),pd=class extends sd{constructor(e){super(e),this.config.broker.nativeBrokerPlugin&&(this.config.broker.nativeBrokerPlugin.isBrokerAvailable?(this.nativeBrokerPlugin=this.config.broker.nativeBrokerPlugin,this.nativeBrokerPlugin.setLogger(this.config.system.loggerOptions)):this.logger.warning(`NativeBroker implementation was provided but the broker is unavailable.`,``)),this.skus=cl.makeExtraSkuString({libraryName:xl.MSAL_SKU,libraryVersion:$u})}async acquireTokenByDeviceCode(e){this.logger.info(`acquireTokenByDeviceCode called`,e.correlationId||``),$c(this.config.auth.isMcp,e);let t=Object.assign(e,await this.initializeBaseRequest(e)),n=this.initializeServerTelemetryManager(q.acquireTokenByDeviceCode,t.correlationId);try{let r=await this.createAuthority(t.authority,t.correlationId,void 0,e.azureCloudOptions),i=new dd(await this.buildOauthClientConfiguration(r,t.correlationId,``,n));return this.logger.verbose(`Device code client created`,t.correlationId),await i.acquireToken(t)}catch(e){throw e instanceof j&&e.setCorrelationId(t.correlationId),n.cacheFailedRequest(e),e}}async acquireTokenInteractive(e){let t=e.correlationId||this.cryptoProvider.createNewGuid();this.logger.trace(`acquireTokenInteractive called`,t),$c(this.config.auth.isMcp,e);let{openBrowser:n,successTemplate:r,errorTemplate:i,windowHandle:a,loopbackClient:o,...s}=e;if(this.nativeBrokerPlugin){let n={...s,clientId:this.config.auth.clientId,scopes:e.scopes||ln,redirectUri:e.redirectUri||``,authority:e.authority||this.config.auth.authority,correlationId:t,extraParameters:{...s.extraQueryParameters,...s.extraParameters,[br]:this.skus},accountId:s.account?.nativeAccountId};return this.nativeBrokerPlugin.acquireTokenInteractive(n,a)}if(e.redirectUri){if(!this.config.broker.nativeBrokerPlugin)throw Yl.createRedirectUriNotSupportedError();e.redirectUri=``}let{verifier:c,challenge:l}=await this.cryptoProvider.generatePkceCodes(),u=o||new ld,d={},f=null;try{let a=u.listenForAuthCode(r,i).then(e=>{d=e}).catch(e=>{f=e}),o=await this.waitForRedirectUri(u),p={...s,correlationId:t,scopes:e.scopes||ln,redirectUri:o,responseMode:gn.QUERY,codeChallenge:l,codeChallengeMethod:mn.S256};if(await n(await this.getAuthCodeUrl(p)),await a,f)throw f;if(d.error)throw new rc(d.error,d.error_description,d.suberror);if(!d.code)throw Yl.createNoAuthCodeInResponseError();let m=d.client_info,h={code:d.code,codeVerifier:c,clientInfo:m||``,...p};return await this.acquireTokenByCode(h)}finally{u.closeServer()}}async acquireTokenSilent(e){let t=e.correlationId||this.cryptoProvider.createNewGuid();if(this.logger.trace(`acquireTokenSilent called`,t),$c(this.config.auth.isMcp,e),this.nativeBrokerPlugin){let n={...e,clientId:this.config.auth.clientId,scopes:e.scopes||ln,redirectUri:e.redirectUri||``,authority:e.authority||this.config.auth.authority,correlationId:t,extraParameters:{...e.extraQueryParameters,...e.extraParameters,[br]:this.skus},accountId:e.account.nativeAccountId,forceRefresh:e.forceRefresh||!1};return this.nativeBrokerPlugin.acquireTokenSilent(n)}if(e.redirectUri){if(!this.config.broker.nativeBrokerPlugin)throw Yl.createRedirectUriNotSupportedError();e.redirectUri=``}return super.acquireTokenSilent(e)}async acquireTokenByCode(e,t){return $c(this.config.auth.isMcp,e),super.acquireTokenByCode(e,t)}async acquireTokenByRefreshToken(e){return $c(this.config.auth.isMcp,e),super.acquireTokenByRefreshToken(e)}async signOut(e){if(this.nativeBrokerPlugin&&e.account.nativeAccountId){let t={clientId:this.config.auth.clientId,accountId:e.account.nativeAccountId,correlationId:e.correlationId||this.cryptoProvider.createNewGuid()};await this.nativeBrokerPlugin.signOut(t)}await this.getTokenCache().removeAccount(e.account,e.correlationId)}async getAllAccounts(){if(this.nativeBrokerPlugin){let e=this.cryptoProvider.createNewGuid();return this.nativeBrokerPlugin.getAllAccounts(this.config.auth.clientId,e)}return this.getTokenCache().getAllAccounts()}async waitForRedirectUri(e){return new Promise((t,n)=>{let r=0,i=setInterval(()=>{if(Cl.TIMEOUT_MS/Cl.INTERVAL_MS<r){clearInterval(i),n(Yl.createLoopbackServerTimeoutError());return}try{let n=e.getRedirectUri();clearInterval(i),t(n);return}catch(e){if(e instanceof j&&e.errorCode===X.noLoopbackServerExists.code){r++;return}clearInterval(i),n(e);return}},Cl.INTERVAL_MS)})}}})),hd,gd=t((()=>{V(),J(),nd(),hd=class extends td{constructor(e,t){super(e),this.appTokenProvider=t}async acquireToken(e){if(e.skipCache||e.claims)return this.executeTokenRequest(e,this.authority);let[t,n]=await this.getCachedAuthenticationResult(e,this.config,this.cryptoUtils,this.authority,this.cacheManager,this.serverTelemetryManager);return t?(n===k.PROACTIVELY_REFRESHED&&(this.logger.info(`ClientCredentialClient:getCachedAuthenticationResult - Cached access token's refreshOn property has been exceeded'. It's not expired, but must be refreshed.`,e.correlationId),await this.executeTokenRequest(e,this.authority,!0)),t):this.executeTokenRequest(e,this.authority)}async getCachedAuthenticationResult(e,t,n,r,i,a){let o=t,s=t,c=k.NOT_APPLICABLE,l;o.serializableCache&&o.persistencePlugin&&(l=new Uo(o.serializableCache,!1),await o.persistencePlugin.beforeCacheAccess(l));let u=this.readAccessTokenFromCache(r,s.managedIdentityId?.id||o.authOptions.clientId,new wi(e.scopes||[]),i,e.correlationId);return o.serializableCache&&o.persistencePlugin&&l&&await o.persistencePlugin.afterCacheAccess(l),u?Ko(u.expiresOn,o.systemOptions?.tokenRenewalOffsetSeconds||300)?(a?.setCacheOutcome(k.CACHED_ACCESS_TOKEN_EXPIRED),[null,k.CACHED_ACCESS_TOKEN_EXPIRED]):(u.refreshOn&&Ko(u.refreshOn.toString(),0)&&(c=k.PROACTIVELY_REFRESHED,a?.setCacheOutcome(k.PROACTIVELY_REFRESHED)),[await cc.generateAuthenticationResult(n,r,{account:null,idToken:null,accessToken:u,refreshToken:null,appMetadata:null},!0,e,this.performanceClient),c]):(a?.setCacheOutcome(k.NO_CACHED_ACCESS_TOKEN),[null,k.NO_CACHED_ACCESS_TOKEN])}readAccessTokenFromCache(e,t,n,r,i){let a={homeAccountId:``,environment:e.canonicalAuthorityUrlComponents.HostNameAndPort,credentialType:E.ACCESS_TOKEN,clientId:t,realm:e.tenant,target:wi.createSearchScopes(n.asArray())},o=r.getAccessTokensByFilter(a,i);if(o.length<1)return null;if(o.length>1)throw N(ci);return o[0]}async executeTokenRequest(e,t,n){let r,i;if(this.appTokenProvider){this.logger.info(`Using appTokenProvider extensibility.`,e.correlationId);let t={correlationId:e.correlationId,tenantId:this.config.authOptions.authority.tenant,scopes:e.scopes,claims:e.claims};i=z();let n=await this.appTokenProvider(t);r={access_token:n.accessToken,expires_in:n.expiresInSeconds,refresh_in:n.refreshInSeconds,token_type:O.BEARER}}else{let n=this.createTokenQueryParameters(e),a=R.appendQueryString(t.tokenEndpoint,n),o=await this.createTokenRequestBody(e),s=this.createTokenRequestHeaders(),c={clientId:this.config.authOptions.clientId,authority:e.authority,scopes:e.scopes,claims:e.claims,authenticationScheme:e.authenticationScheme,resourceRequestMethod:e.resourceRequestMethod,resourceRequestUri:e.resourceRequestUri,shrClaims:e.shrClaims,sshKid:e.sshKid};this.logger.info(`Sending token request to endpoint: `+t.tokenEndpoint,e.correlationId),i=z();let l=await this.executePostToTokenEndpoint(a,o,s,c,e.correlationId);r=l.body,r.status=l.status}let a=new cc(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.performanceClient,this.config.serializableCache,this.config.persistencePlugin);return a.validateTokenResponse(r,e.correlationId,n),await a.handleServerTokenResponse(r,this.authority,i,e,q.acquireTokenByClientCredential)}async createTokenRequestBody(e){let t=new Map;Ai(t,this.config.authOptions.clientId),ki(t,e.scopes,!1),na(t,_n.CLIENT_CREDENTIALS_GRANT),Vi(t,this.config.libraryInfo),Hi(t,this.config.telemetry.application),pa(t),this.serverTelemetryManager&&fa(t,this.serverTelemetryManager),Bi(t,e.correlationId||this.config.cryptoInterface.createNewGuid()),this.config.clientCredentials.clientSecret&&Zi(t,this.config.clientCredentials.clientSecret);let n=e.clientAssertion||this.config.clientCredentials.clientAssertion;return n&&(Qi(t,await fc(n.assertion,this.config.authOptions.clientId,e.resourceRequestUri)),$i(t,n.assertionType)),(!Mr.isEmptyObj(e.claims)||this.config.authOptions.clientCapabilities&&this.config.authOptions.clientCapabilities.length>0)&&zi(t,e.claims,this.config.authOptions.clientCapabilities),ba(t)}}})),_d,vd=t((()=>{V(),J(),su(),nd(),_d=class extends td{constructor(e){super(e)}async acquireToken(e){if(this.scopeSet=new wi(e.scopes||[]),this.userAssertionHash=await this.cryptoUtils.hashString(e.oboAssertion),e.skipCache||e.claims)return this.executeTokenRequest(e,this.authority,this.userAssertionHash);try{return await this.getCachedAuthenticationResult(e)}catch{return await this.executeTokenRequest(e,this.authority,this.userAssertionHash)}}async getCachedAuthenticationResult(e){let t=this.readAccessTokenFromCacheForOBO(this.config.authOptions.clientId,e);if(!t)throw this.serverTelemetryManager?.setCacheOutcome(k.NO_CACHED_ACCESS_TOKEN),this.logger.info(`SilentFlowClient:acquireCachedToken - No access token found in cache for the given properties.`,e.correlationId),N(vi);if(Ko(t.expiresOn,this.config.systemOptions.tokenRenewalOffsetSeconds))throw this.serverTelemetryManager?.setCacheOutcome(k.CACHED_ACCESS_TOKEN_EXPIRED),this.logger.info(`OnbehalfofFlow:getCachedAuthenticationResult - Cached access token is expired or will expire within ${this.config.systemOptions.tokenRenewalOffsetSeconds} seconds.`,e.correlationId),N(vi);let n=this.readIdTokenFromCacheForOBO(t.homeAccountId,e.correlationId),r,i=null;if(n){r=Va(n.secret,ou.base64Decode);let t=r.oid||r.sub,a={homeAccountId:n.homeAccountId,environment:n.environment,tenantId:n.realm,username:``,localAccountId:t||``};i=this.cacheManager.getAccount(this.cacheManager.generateAccountKey(a),e.correlationId)}return this.config.serverTelemetryManager&&this.config.serverTelemetryManager.incrementCacheHits(),cc.generateAuthenticationResult(this.cryptoUtils,this.authority,{account:i,accessToken:t,idToken:n,refreshToken:null,appMetadata:null},!0,e,this.performanceClient,r)}readIdTokenFromCacheForOBO(e,t){let n={homeAccountId:e,environment:this.authority.canonicalAuthorityUrlComponents.HostNameAndPort,credentialType:E.ID_TOKEN,clientId:this.config.authOptions.clientId,realm:this.authority.tenant},r=this.cacheManager.getIdTokensByFilter(n,t);return Object.values(r).length<1?null:Object.values(r)[0]}readAccessTokenFromCacheForOBO(e,t){let n=t.authenticationScheme||O.BEARER,r={credentialType:n&&n.toLowerCase()!==O.BEARER.toLowerCase()?E.ACCESS_TOKEN_WITH_AUTH_SCHEME:E.ACCESS_TOKEN,clientId:e,target:wi.createSearchScopes(this.scopeSet.asArray()),tokenType:n,keyId:t.sshKid,userAssertionHash:this.userAssertionHash},i=this.cacheManager.getAccessTokensByFilter(r,t.correlationId),a=i.length;if(a<1)return null;if(a>1)throw N(ci);return i[0]}async executeTokenRequest(e,t,n){let r=this.createTokenQueryParameters(e),i=R.appendQueryString(t.tokenEndpoint,r),a=await this.createTokenRequestBody(e),o=this.createTokenRequestHeaders(),s={clientId:this.config.authOptions.clientId,authority:e.authority,scopes:e.scopes,claims:e.claims,authenticationScheme:e.authenticationScheme,resourceRequestMethod:e.resourceRequestMethod,resourceRequestUri:e.resourceRequestUri,shrClaims:e.shrClaims,sshKid:e.sshKid},c=z(),l=await this.executePostToTokenEndpoint(i,a,o,s,e.correlationId),u=new cc(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.performanceClient,this.config.serializableCache,this.config.persistencePlugin);return u.validateTokenResponse(l.body,e.correlationId),await u.handleServerTokenResponse(l.body,this.authority,c,e,q.acquireTokenByOBO,void 0,n)}async createTokenRequestBody(e){let t=new Map;Ai(t,this.config.authOptions.clientId),ki(t,e.scopes),na(t,_n.JWT_BEARER),ra(t),Vi(t,this.config.libraryInfo),Hi(t,this.config.telemetry.application),pa(t),this.serverTelemetryManager&&fa(t,this.serverTelemetryManager),Bi(t,e.correlationId||this.config.cryptoInterface.createNewGuid()),ta(t,hr),ea(t,e.oboAssertion),this.config.clientCredentials.clientSecret&&Zi(t,this.config.clientCredentials.clientSecret);let n=this.config.clientCredentials.clientAssertion;return n&&(Qi(t,await fc(n.assertion,this.config.authOptions.clientId,e.resourceRequestUri)),$i(t,n.assertionType)),(e.claims||this.config.authOptions.clientCapabilities&&this.config.authOptions.clientCapabilities.length>0)&&zi(t,e.claims,this.config.authOptions.clientCapabilities),ba(t)}}})),yd,bd=t((()=>{cd(),Zu(),J(),V(),gd(),vd(),Ju(),yd=class extends sd{constructor(e){super(e);let t=!!this.config.auth.clientSecret,n=!!this.config.auth.clientAssertion,r=(!!this.config.auth.clientCertificate?.thumbprint||!!this.config.auth.clientCertificate?.thumbprintSha256)&&!!this.config.auth.clientCertificate?.privateKey;if(!this.appTokenProvider){if(t&&n||n&&r||t&&r)throw N(Wu);if(this.config.auth.clientSecret){this.clientSecret=this.config.auth.clientSecret;return}if(this.config.auth.clientAssertion){this.developerProvidedClientAssertion=this.config.auth.clientAssertion;return}if(r)this.clientAssertion=this.config.auth.clientCertificate.thumbprintSha256?Xu.fromCertificateWithSha256Thumbprint(this.config.auth.clientCertificate.thumbprintSha256,this.config.auth.clientCertificate.privateKey,this.config.auth.clientCertificate.x5c):Xu.fromCertificate(this.config.auth.clientCertificate.thumbprint,this.config.auth.clientCertificate.privateKey,this.config.auth.clientCertificate.x5c);else throw N(Wu);this.appTokenProvider=void 0}}SetAppTokenProvider(e){this.appTokenProvider=e}async acquireTokenByClientCredential(e){this.logger.info(`acquireTokenByClientCredential called`,e.correlationId||``);let t;e.clientAssertion&&(t={assertion:await fc(e.clientAssertion,this.config.auth.clientId),assertionType:xl.JWT_BEARER_ASSERTION_TYPE});let n=await this.initializeBaseRequest(e),r={...n,scopes:n.scopes.filter(e=>!ln.includes(e))},i={...e,...r,clientAssertion:t},a=new R(i.authority).getUrlComponents().PathSegments[0];if(Object.values(dn).includes(a))throw N(Vu);let o=process.env[_l],s;i.azureRegion!==`DisableMsalForceRegion`&&(s=!i.azureRegion&&o?o:i.azureRegion);let c={azureRegion:s,environmentRegion:process.env[gl]},l=this.initializeServerTelemetryManager(q.acquireTokenByClientCredential,i.correlationId,i.skipCache);try{let t=await this.createAuthority(i.authority,i.correlationId,c,e.azureCloudOptions),n=new hd(await this.buildOauthClientConfiguration(t,i.correlationId,``,l),this.appTokenProvider);return this.logger.verbose(`Client credential client created`,i.correlationId),await n.acquireToken(i)}catch(e){throw e instanceof j&&e.setCorrelationId(i.correlationId),l.cacheFailedRequest(e),e}}async acquireTokenOnBehalfOf(e){this.logger.info(`acquireTokenOnBehalfOf called`,e.correlationId||``);let t={...e,...await this.initializeBaseRequest(e)};try{let n=await this.createAuthority(t.authority,t.correlationId,void 0,e.azureCloudOptions),r=new _d(await this.buildOauthClientConfiguration(n,t.correlationId,``,void 0));return this.logger.verbose(`On behalf of client created`,t.correlationId),await r.acquireToken(t)}catch(e){throw e instanceof j&&e.setCorrelationId(t.correlationId),e}}}}));function xd(e){if(typeof e!=`string`)return!1;let t=new Date(e);return!isNaN(t.getTime())&&t.toISOString()===e}var Sd=t((()=>{})),Cd,wd=t((()=>{V(),J(),Cd=class{constructor(e,t,n){this.httpClientNoRetries=e,this.retryPolicy=t,this.logger=n}async sendNetworkRequestAsyncHelper(e,t,n){return e===K.GET?this.httpClientNoRetries.sendGetRequestAsync(t,n):this.httpClientNoRetries.sendPostRequestAsync(t,n)}async sendNetworkRequestAsync(e,t,n){let r=await this.sendNetworkRequestAsyncHelper(e,t,n);`isNewRequest`in this.retryPolicy&&(this.retryPolicy.isNewRequest=!0);let i=0;for(;await this.retryPolicy.pauseForRetry(r.status,i,this.logger,r.headers[T.RETRY_AFTER]);)r=await this.sendNetworkRequestAsyncHelper(e,t,n),i++;return r}async sendGetRequestAsync(e,t){return this.sendNetworkRequestAsync(K.GET,e,t)}async sendPostRequestAsync(e,t){return this.sendNetworkRequestAsync(K.POST,e,t)}}})),Td,Ed,Dd=t((()=>{V(),J(),Kl(),Sd(),wd(),Ul(),Td={MANAGED_IDENTITY_CLIENT_ID_2017:`clientid`,MANAGED_IDENTITY_CLIENT_ID:`client_id`,MANAGED_IDENTITY_OBJECT_ID:`object_id`,MANAGED_IDENTITY_RESOURCE_ID_IMDS:`msi_res_id`,MANAGED_IDENTITY_RESOURCE_ID_NON_IMDS:`mi_res_id`},Ed=class{constructor(e,t,n,r,i){this.logger=e,this.nodeStorage=t,this.networkClient=n,this.cryptoProvider=r,this.disableInternalRetries=i}async getServerTokenResponseAsync(e,t,n,r){return this.getServerTokenResponse(e)}getServerTokenResponse(e){let t,n;return e.body.expires_on&&(xd(e.body.expires_on)&&(e.body.expires_on=new Date(e.body.expires_on).getTime()/1e3),n=e.body.expires_on-z(),n>2*3600&&(t=n/2)),{status:e.status,access_token:e.body.access_token,expires_in:n,scope:e.body.resource,token_type:e.body.token_type,refresh_in:t,correlation_id:e.body.correlation_id||e.body.correlationId,error:typeof e.body.error==`string`?e.body.error:e.body.error?.code,error_description:e.body.message||(typeof e.body.error==`string`?e.body.error_description:e.body.error?.message),error_codes:e.body.error_codes,timestamp:e.body.timestamp,trace_id:e.body.trace_id}}async acquireTokenWithManagedIdentity(e,t,n,r){let i=this.createRequest(e.resource,t);if(e.revokedTokenSha256Hash&&(this.logger.info(`[Managed Identity] The following claims are present in the request: ${e.claims}`,``),i.queryParameters[H.SHA256_TOKEN_TO_REFRESH]=e.revokedTokenSha256Hash),e.clientCapabilities?.length){let t=e.clientCapabilities.toString();this.logger.info(`[Managed Identity] The following client capabilities are present in the request: ${t}`,``),i.queryParameters[H.XMS_CC]=t}let a=i.headers;a[T.CONTENT_TYPE]=nn;let o={headers:a};Object.keys(i.bodyParameters).length&&(o.body=i.computeParametersBodyString());let s=this.disableInternalRetries?this.networkClient:new Cd(this.networkClient,i.retryPolicy,this.logger),c=z(),l;try{l=i.httpMethod===K.POST?await s.sendPostRequestAsync(i.computeUri(),o):await s.sendGetRequestAsync(i.computeUri(),o)}catch(e){throw e instanceof j?e:N(ei)}let u=new cc(t.id,this.nodeStorage,this.cryptoProvider,this.logger,new Ao,null,null),d=await this.getServerTokenResponseAsync(l,s,i,o);return u.validateTokenResponse(d,d.correlation_id||``,r),u.handleServerTokenResponse(d,n,c,e,q.acquireTokenWithManagedIdentity)}getManagedIdentityUserAssignedIdQueryParameterKey(e,t,n){switch(e){case G.USER_ASSIGNED_CLIENT_ID:return this.logger.info(`[Managed Identity] [API version ${n?`2017+`:`2019+`}] Adding user assigned client id to the request.`,``),n?Td.MANAGED_IDENTITY_CLIENT_ID_2017:Td.MANAGED_IDENTITY_CLIENT_ID;case G.USER_ASSIGNED_RESOURCE_ID:return this.logger.info(`[Managed Identity] Adding user assigned resource id to the request.`,``),t?Td.MANAGED_IDENTITY_RESOURCE_ID_IMDS:Td.MANAGED_IDENTITY_RESOURCE_ID_NON_IMDS;case G.USER_ASSIGNED_OBJECT_ID:return this.logger.info(`[Managed Identity] Adding user assigned object id to the request.`,``),Td.MANAGED_IDENTITY_OBJECT_ID;default:throw Y(Al)}}},Ed.getValidatedEnvVariableUrlString=(e,t,n,r)=>{try{return new R(t).urlString}catch{throw r.info(`[Managed Identity] ${n} managed identity is unavailable because the '${e}' environment variable is malformed.`,``),Y(Hl[e])}}})),Od,kd=t((()=>{Od=class{calculateDelay(e,t){if(!e)return t;let n=Math.round(parseFloat(e)*1e3);return isNaN(n)&&(n=new Date(e).valueOf()-new Date().valueOf()),Math.max(t,n)}}})),Ad,jd,Md,Nd=t((()=>{V(),kd(),Ad=1e3,jd=[404,408,429,500,503,504],Md=class e{constructor(){this.linearRetryStrategy=new Od}static get DEFAULT_MANAGED_IDENTITY_RETRY_DELAY_MS(){return Ad}async pauseForRetry(t,n,r,i){if(jd.includes(t)&&n<3){let t=this.linearRetryStrategy.calculateDelay(i,e.DEFAULT_MANAGED_IDENTITY_RETRY_DELAY_MS);return r.verbose(`Retrying request in ${t}ms (retry attempt: ${n+1})`,``),await new Promise(e=>setTimeout(e,t)),!0}return!1}}})),Pd,Fd=t((()=>{V(),Nd(),Pd=class{constructor(e,t,n){this.httpMethod=e,this._baseEndpoint=t,this.headers={},this.bodyParameters={},this.queryParameters={},this.retryPolicy=n||new Md}computeUri(){let e=new Map;this.queryParameters&&oa(e,this.queryParameters);let t=ba(e);return R.appendQueryString(this._baseEndpoint,t)}computeParametersBodyString(){let e=new Map;return this.bodyParameters&&oa(e,this.bodyParameters),ba(e)}}})),Id,Ld,Rd=t((()=>{Dd(),J(),Fd(),Id=`2019-08-01`,Ld=class e extends Ed{constructor(e,t,n,r,i,a,o){super(e,t,n,r,i),this.identityEndpoint=a,this.identityHeader=o}static getEnvironmentVariables(){return[process.env[U.IDENTITY_ENDPOINT],process.env[U.IDENTITY_HEADER]]}static tryCreate(t,n,r,i,a){let[o,s]=e.getEnvironmentVariables();if(!o||!s)return t.info(`[Managed Identity] ${W.APP_SERVICE} managed identity is unavailable because one or both of the '${U.IDENTITY_HEADER}' and '${U.IDENTITY_ENDPOINT}' environment variables are not defined.`,``),null;let c=e.getValidatedEnvVariableUrlString(U.IDENTITY_ENDPOINT,o,W.APP_SERVICE,t);return t.info(`[Managed Identity] Environment variables validation passed for ${W.APP_SERVICE} managed identity. Endpoint URI: ${c}. Creating ${W.APP_SERVICE} managed identity.`,``),new e(t,n,r,i,a,o,s)}createRequest(e,t){let n=new Pd(K.GET,this.identityEndpoint);return n.headers[hl.APP_SERVICE_SECRET_HEADER_NAME]=this.identityHeader,n.queryParameters[H.API_VERSION]=Id,n.queryParameters[H.RESOURCE]=e,t.idType!==G.SYSTEM_ASSIGNED&&(n.queryParameters[this.getManagedIdentityUserAssignedIdQueryParameterKey(t.idType)]=t.id),n}}})),zd,Bd,Vd,Hd,Ud,Wd,Gd=t((()=>{V(),Fd(),Dd(),Kl(),J(),Ul(),zd=`2019-11-01`,Bd=`http://127.0.0.1:40342/metadata/identity/oauth2/token`,Vd=`N/A: himds executable exists`,Hd={win32:`${process.env.ProgramData}\\AzureConnectedMachineAgent\\Tokens\\`,linux:`/var/opt/azcmagent/tokens/`},Ud={win32:`${process.env.ProgramFiles}\\AzureConnectedMachineAgent\\himds.exe`,linux:`/opt/azcmagent/bin/himds`},Wd=class e extends Ed{constructor(e,t,n,r,i,a){super(e,t,n,r,i),this.identityEndpoint=a}static getEnvironmentVariables(){let e=process.env[U.IDENTITY_ENDPOINT],t=process.env[U.IMDS_ENDPOINT];if(!e||!t){let n=Ud[process.platform];try{ne(n,re.F_OK|re.R_OK),e=Bd,t=Vd}catch{}}return[e,t]}static tryCreate(t,n,r,i,a,o){let[s,c]=e.getEnvironmentVariables();if(!s||!c)return t.info(`[Managed Identity] ${W.AZURE_ARC} managed identity is unavailable through environment variables because one or both of '${U.IDENTITY_ENDPOINT}' and '${U.IMDS_ENDPOINT}' are not defined. ${W.AZURE_ARC} managed identity is also unavailable through file detection.`,``),null;if(c===Vd)t.info(`[Managed Identity] ${W.AZURE_ARC} managed identity is available through file detection. Defaulting to known ${W.AZURE_ARC} endpoint: ${Bd}. Creating ${W.AZURE_ARC} managed identity.`,``);else{let n=e.getValidatedEnvVariableUrlString(U.IDENTITY_ENDPOINT,s,W.AZURE_ARC,t);n.endsWith(`/`)&&n.slice(0,-1),e.getValidatedEnvVariableUrlString(U.IMDS_ENDPOINT,c,W.AZURE_ARC,t),t.info(`[Managed Identity] Environment variables validation passed for ${W.AZURE_ARC} managed identity. Endpoint URI: ${n}. Creating ${W.AZURE_ARC} managed identity.`,``)}if(o.idType!==G.SYSTEM_ASSIGNED)throw Y(Fl);return new e(t,n,r,i,a,s)}createRequest(e){let t=new Pd(K.GET,this.identityEndpoint.replace(`localhost`,`127.0.0.1`));return t.headers[hl.METADATA_HEADER_NAME]=`true`,t.queryParameters[H.API_VERSION]=zd,t.queryParameters[H.RESOURCE]=e,t}async getServerTokenResponseAsync(e,t,n,r){let i;if(e.status===401){let a=e.headers[`www-authenticate`];if(!a)throw Y(Bl);if(!a.includes(`Basic realm=`))throw Y(Vl);let o=a.split(`Basic realm=`)[1];if(!Hd.hasOwnProperty(process.platform))throw Y(Pl);let s=Hd[process.platform],c=m.basename(o);if(!c.endsWith(`.key`))throw Y(Ol);if(s+c!==o)throw Y(kl);let l;try{l=await ae(o).size}catch{throw Y(Rl)}if(l>4096)throw Y(jl);let u;try{u=ie(o,Nn.UTF8)}catch{throw Y(Rl)}let d=`Basic ${u}`;this.logger.info(`[Managed Identity] Adding authorization header to the request.`,``),n.headers[hl.AUTHORIZATION_HEADER_NAME]=d;try{i=await t.sendGetRequestAsync(n.computeUri(),r)}catch(e){throw e instanceof j?e:N(ei)}}return this.getServerTokenResponse(i||e)}}})),Kd,qd=t((()=>{Fd(),Dd(),J(),Kl(),Ul(),Kd=class e extends Ed{constructor(e,t,n,r,i,a){super(e,t,n,r,i),this.msiEndpoint=a}static getEnvironmentVariables(){return[process.env[U.MSI_ENDPOINT]]}static tryCreate(t,n,r,i,a,o){let[s]=e.getEnvironmentVariables();if(!s)return t.info(`[Managed Identity] ${W.CLOUD_SHELL} managed identity is unavailable because the '${U.MSI_ENDPOINT} environment variable is not defined.`,``),null;let c=e.getValidatedEnvVariableUrlString(U.MSI_ENDPOINT,s,W.CLOUD_SHELL,t);if(t.info(`[Managed Identity] Environment variable validation passed for ${W.CLOUD_SHELL} managed identity. Endpoint URI: ${c}. Creating ${W.CLOUD_SHELL} managed identity.`,``),o.idType!==G.SYSTEM_ASSIGNED)throw Y(Il);return new e(t,n,r,i,a,s)}createRequest(e){let t=new Pd(K.POST,this.msiEndpoint);return t.headers[hl.METADATA_HEADER_NAME]=`true`,t.bodyParameters[H.RESOURCE]=e,t}}})),Jd,Yd=t((()=>{Jd=class{constructor(e,t,n){this.minExponentialBackoff=e,this.maxExponentialBackoff=t,this.exponentialDeltaBackoff=n}calculateDelay(e){return e===0?this.minExponentialBackoff:Math.min(2**(e-1)*this.exponentialDeltaBackoff,this.maxExponentialBackoff)}}})),Xd,Zd,Qd,$d,ef,tf,nf,rf,af=t((()=>{V(),Yd(),Xd=[404,408,410,429],Zd=3,Qd=7,$d=1e3,ef=4e3,tf=2e3,nf=10*1e3,rf=class e{constructor(){this.exponentialRetryStrategy=new Jd(e.MIN_EXPONENTIAL_BACKOFF_MS,e.MAX_EXPONENTIAL_BACKOFF_MS,e.EXPONENTIAL_DELTA_BACKOFF_MS)}static get MIN_EXPONENTIAL_BACKOFF_MS(){return $d}static get MAX_EXPONENTIAL_BACKOFF_MS(){return ef}static get EXPONENTIAL_DELTA_BACKOFF_MS(){return tf}static get HTTP_STATUS_GONE_RETRY_AFTER_MS(){return nf}set isNewRequest(e){this._isNewRequest=e}async pauseForRetry(t,n,r){if(this._isNewRequest&&(this._isNewRequest=!1,this.maxRetries=t===410?Qd:Zd),(Xd.includes(t)||t>=500&&t<=599&&n<this.maxRetries)&&n<this.maxRetries){let i=t===410?e.HTTP_STATUS_GONE_RETRY_AFTER_MS:this.exponentialRetryStrategy.calculateDelay(n);return r.verbose(`Retrying request in ${i}ms (retry attempt: ${n+1})`,``),await new Promise(e=>setTimeout(e,i)),!0}return!1}}})),of,sf,cf,lf,uf=t((()=>{Fd(),Dd(),J(),af(),of=`/metadata/identity/oauth2/token`,sf=`http://169.254.169.254${of}`,cf=`2018-02-01`,lf=class e extends Ed{constructor(e,t,n,r,i,a){super(e,t,n,r,i),this.identityEndpoint=a}static tryCreate(t,n,r,i,a){let o;return process.env[U.AZURE_POD_IDENTITY_AUTHORITY_HOST]?(t.info(`[Managed Identity] Environment variable ${U.AZURE_POD_IDENTITY_AUTHORITY_HOST} for ${W.IMDS} returned endpoint: ${process.env[U.AZURE_POD_IDENTITY_AUTHORITY_HOST]}`,``),o=e.getValidatedEnvVariableUrlString(U.AZURE_POD_IDENTITY_AUTHORITY_HOST,`${process.env[U.AZURE_POD_IDENTITY_AUTHORITY_HOST]}${of}`,W.IMDS,t)):(t.info(`[Managed Identity] Unable to find ${U.AZURE_POD_IDENTITY_AUTHORITY_HOST} environment variable for ${W.IMDS}, using the default endpoint.`,``),o=sf),new e(t,n,r,i,a,o)}createRequest(e,t){let n=new Pd(K.GET,this.identityEndpoint);return n.headers[hl.METADATA_HEADER_NAME]=`true`,n.queryParameters[H.API_VERSION]=cf,n.queryParameters[H.RESOURCE]=e,t.idType!==G.SYSTEM_ASSIGNED&&(n.queryParameters[this.getManagedIdentityUserAssignedIdQueryParameterKey(t.idType,!0)]=t.id),n.retryPolicy=new rf,n}}})),df,ff,pf=t((()=>{Fd(),Dd(),J(),df=`2019-07-01-preview`,ff=class e extends Ed{constructor(e,t,n,r,i,a,o){super(e,t,n,r,i),this.identityEndpoint=a,this.identityHeader=o}static getEnvironmentVariables(){return[process.env[U.IDENTITY_ENDPOINT],process.env[U.IDENTITY_HEADER],process.env[U.IDENTITY_SERVER_THUMBPRINT]]}static tryCreate(t,n,r,i,a,o){let[s,c,l]=e.getEnvironmentVariables();if(!s||!c||!l)return t.info(`[Managed Identity] ${W.SERVICE_FABRIC} managed identity is unavailable because one or all of the '${U.IDENTITY_HEADER}', '${U.IDENTITY_ENDPOINT}' or '${U.IDENTITY_SERVER_THUMBPRINT}' environment variables are not defined.`,``),null;let u=e.getValidatedEnvVariableUrlString(U.IDENTITY_ENDPOINT,s,W.SERVICE_FABRIC,t);return t.info(`[Managed Identity] Environment variables validation passed for ${W.SERVICE_FABRIC} managed identity. Endpoint URI: ${u}. Creating ${W.SERVICE_FABRIC} managed identity.`,``),o.idType!==G.SYSTEM_ASSIGNED&&t.warning(`[Managed Identity] ${W.SERVICE_FABRIC} user assigned managed identity is configured in the cluster, not during runtime. See also: https://learn.microsoft.com/en-us/azure/service-fabric/configure-existing-cluster-enable-managed-identity-token-service.`,``),new e(t,n,r,i,a,s,c)}createRequest(e,t){let n=new Pd(K.GET,this.identityEndpoint);return n.headers[hl.ML_AND_SF_SECRET_HEADER_NAME]=this.identityHeader,n.queryParameters[H.API_VERSION]=df,n.queryParameters[H.RESOURCE]=e,t.idType!==G.SYSTEM_ASSIGNED&&(n.queryParameters[this.getManagedIdentityUserAssignedIdQueryParameterKey(t.idType)]=t.id),n}}})),mf,hf,gf,_f=t((()=>{Dd(),J(),Fd(),mf=`2017-09-01`,hf=`Only client id is supported for user-assigned managed identity in ${W.MACHINE_LEARNING}.`,gf=class e extends Ed{constructor(e,t,n,r,i,a,o){super(e,t,n,r,i),this.msiEndpoint=a,this.secret=o}static getEnvironmentVariables(){return[process.env[U.MSI_ENDPOINT],process.env[U.MSI_SECRET]]}static tryCreate(t,n,r,i,a){let[o,s]=e.getEnvironmentVariables();if(!o||!s)return t.info(`[Managed Identity] ${W.MACHINE_LEARNING} managed identity is unavailable because one or both of the '${U.MSI_ENDPOINT}' and '${U.MSI_SECRET}' environment variables are not defined.`,``),null;let c=e.getValidatedEnvVariableUrlString(U.MSI_ENDPOINT,o,W.MACHINE_LEARNING,t);return t.info(`[Managed Identity] Environment variables validation passed for ${W.MACHINE_LEARNING} managed identity. Endpoint URI: ${c}. Creating ${W.MACHINE_LEARNING} managed identity.`,``),new e(t,n,r,i,a,o,s)}createRequest(e,t){let n=new Pd(K.GET,this.msiEndpoint);if(n.headers[hl.METADATA_HEADER_NAME]=`true`,n.headers[hl.ML_AND_SF_SECRET_HEADER_NAME]=this.secret,n.queryParameters[H.API_VERSION]=mf,n.queryParameters[H.RESOURCE]=e,t.idType===G.SYSTEM_ASSIGNED)n.queryParameters[Td.MANAGED_IDENTITY_CLIENT_ID_2017]=process.env[U.DEFAULT_IDENTITY_CLIENT_ID];else if(t.idType===G.USER_ASSIGNED_CLIENT_ID)n.queryParameters[this.getManagedIdentityUserAssignedIdQueryParameterKey(t.idType,!1,!0)]=t.id;else throw Error(hf);return n}}})),vf,yf=t((()=>{Rd(),Gd(),qd(),uf(),pf(),Kl(),J(),_f(),Ul(),vf=class e{constructor(e,t,n,r,i){this.logger=e,this.nodeStorage=t,this.networkClient=n,this.cryptoProvider=r,this.disableInternalRetries=i}async sendManagedIdentityTokenRequest(t,n,r,i){return e.identitySource||(e.identitySource=this.selectManagedIdentitySource(this.logger,this.nodeStorage,this.networkClient,this.cryptoProvider,this.disableInternalRetries,n)),e.identitySource.acquireTokenWithManagedIdentity(t,n,r,i)}allEnvironmentVariablesAreDefined(e){return Object.values(e).every(e=>e!==void 0)}getManagedIdentitySource(){return e.sourceName=this.allEnvironmentVariablesAreDefined(ff.getEnvironmentVariables())?W.SERVICE_FABRIC:this.allEnvironmentVariablesAreDefined(Ld.getEnvironmentVariables())?W.APP_SERVICE:this.allEnvironmentVariablesAreDefined(gf.getEnvironmentVariables())?W.MACHINE_LEARNING:this.allEnvironmentVariablesAreDefined(Kd.getEnvironmentVariables())?W.CLOUD_SHELL:this.allEnvironmentVariablesAreDefined(Wd.getEnvironmentVariables())?W.AZURE_ARC:W.DEFAULT_TO_IMDS,e.sourceName}selectManagedIdentitySource(e,t,n,r,i,a){let o=ff.tryCreate(e,t,n,r,i,a)||Ld.tryCreate(e,t,n,r,i)||gf.tryCreate(e,t,n,r,i)||Kd.tryCreate(e,t,n,r,i,a)||Wd.tryCreate(e,t,n,r,i,a)||lf.tryCreate(e,t,n,r,i);if(!o)throw Y(Ll);return o}}})),bf,xf,Sf=t((()=>{V(),ru(),ed(),pu(),gd(),yf(),vu(),J(),lu(),bf=[W.SERVICE_FABRIC],xf=class e{constructor(t){this.config=Ql(t||{}),this.logger=new Aa(this.config.system.loggerOptions,Qu,$u);let n={canonicalAuthority:Gt};e.nodeStorage||(e.nodeStorage=new _u(this.logger,this.config.managedIdentityId.id,Sa,n)),this.networkClient=this.config.system.networkClient,this.cryptoProvider=new fu;let r={protocolMode:vo.AAD,knownAuthorities:[ml],cloudDiscoveryMetadata:``,authorityMetadata:``};this.fakeAuthority=new Lc(ml,this.networkClient,e.nodeStorage,r,this.logger,this.cryptoProvider.createNewGuid(),new Ao,!0),this.fakeClientCredentialClient=new hd({authOptions:{clientId:this.config.managedIdentityId.id,authority:this.fakeAuthority}}),this.managedIdentityClient=new vf(this.logger,e.nodeStorage,this.networkClient,this.cryptoProvider,this.config.disableInternalRetries),this.hashUtils=new cu}async acquireToken(t){if(!t.resource)throw M(Rr);let n={forceRefresh:t.forceRefresh,resource:t.resource.replace(`/.default`,``),scopes:[t.resource.replace(`/.default`,``)],authority:this.fakeAuthority.canonicalAuthority,correlationId:this.cryptoProvider.createNewGuid(),claims:t.claims,clientCapabilities:this.config.clientCapabilities};if(n.forceRefresh)return this.acquireTokenFromManagedIdentity(n,this.config.managedIdentityId,this.fakeAuthority);let[r,i]=await this.fakeClientCredentialClient.getCachedAuthenticationResult(n,this.config,this.cryptoProvider,this.fakeAuthority,e.nodeStorage);if(n.claims){let e=this.managedIdentityClient.getManagedIdentitySource();return r&&bf.includes(e)&&(n.revokedTokenSha256Hash=this.hashUtils.sha256(r.accessToken).toString(Nn.HEX)),this.acquireTokenFromManagedIdentity(n,this.config.managedIdentityId,this.fakeAuthority)}return r?(i===k.PROACTIVELY_REFRESHED&&(this.logger.info(`ClientCredentialClient:getCachedAuthenticationResult - Cached access token's refreshOn property has been exceeded'. It's not expired, but must be refreshed.`,n.correlationId),await this.acquireTokenFromManagedIdentity(n,this.config.managedIdentityId,this.fakeAuthority,!0)),r):this.acquireTokenFromManagedIdentity(n,this.config.managedIdentityId,this.fakeAuthority)}async acquireTokenFromManagedIdentity(e,t,n,r){return this.managedIdentityClient.sendManagedIdentityTokenRequest(e,t,n,r)}getManagedIdentitySource(){return vf.sourceName||this.managedIdentityClient.getManagedIdentitySource()}}})),Cf=t((()=>{V(),md(),bd(),Sf(),Zu(),xu(),J(),pu(),ed()}));function wf(e,t){return e=Math.ceil(e),t=Math.floor(t),Math.floor(Math.random()*(t-e+1))+e}var Tf=t((()=>{}));function Ef(e,t){let n=t.retryDelayInMs*2**e,r=Math.min(t.maxRetryDelayInMs,n);return{retryAfterInMs:r/2+wf(0,r/2)}}var Df=t((()=>{Tf()}));function Of(e){return typeof e==`object`&&!!e&&!Array.isArray(e)&&!(e instanceof RegExp)&&!(e instanceof Date)}var kf=t((()=>{}));function Af(e){if(Of(e)){let t=typeof e.name==`string`,n=typeof e.message==`string`;return t&&n}return!1}var jf=t((()=>{kf()}));function Mf(){return crypto.randomUUID()}var Nf=t((()=>{})),Pf,Ff=t((()=>{typeof window<`u`&&window.document,typeof self==`object`&&typeof self?.importScripts==`function`&&(self.constructor?.name===`DedicatedWorkerGlobalScope`||self.constructor?.name===`ServiceWorkerGlobalScope`||self.constructor?.name),typeof Deno<`u`&&Deno.version!==void 0&&Deno.version.deno,typeof Bun<`u`&&Bun.version,Pf=globalThis.process!==void 0&&!!globalThis.process.version&&!!globalThis.process.versions?.node,typeof navigator<`u`&&navigator?.product}));function If(e,t){return Buffer.from(e,t)}var Lf=t((()=>{})),Rf,zf,Bf,Vf,Hf=t((()=>{kf(),i(),Rf=`REDACTED`,zf=`x-ms-client-request-id.x-ms-return-client-request-id.x-ms-useragent.x-ms-correlation-request-id.x-ms-request-id.client-request-id.ms-cv.return-client-request-id.traceparent.Access-Control-Allow-Credentials.Access-Control-Allow-Headers.Access-Control-Allow-Methods.Access-Control-Allow-Origin.Access-Control-Expose-Headers.Access-Control-Max-Age.Access-Control-Request-Headers.Access-Control-Request-Method.Origin.Accept.Accept-Encoding.Cache-Control.Connection.Content-Length.Content-Type.Date.ETag.Expires.If-Match.If-Modified-Since.If-None-Match.If-Unmodified-Since.Last-Modified.Pragma.Request-Id.Retry-After.Server.Transfer-Encoding.User-Agent.WWW-Authenticate`.split(`.`),Bf=[`api-version`],Vf=class{constructor({additionalAllowedHeaderNames:e=[],additionalAllowedQueryParameters:t=[]}={}){a(this,`allowedHeaderNames`,void 0),a(this,`allowedQueryParameters`,void 0),e=zf.concat(e),t=Bf.concat(t),this.allowedHeaderNames=new Set(e.map(e=>e.toLowerCase())),this.allowedQueryParameters=new Set(t.map(e=>e.toLowerCase()))}sanitize(e){let t=new Set;return JSON.stringify(e,(e,n)=>{if(n instanceof Error)return{...n,name:n.name,message:n.message};if(e===`headers`&&Of(n))return this.sanitizeHeaders(n);if(e===`url`&&typeof n==`string`)return this.sanitizeUrl(n);if(e===`query`&&Of(n))return this.sanitizeQuery(n);if(e!==`body`&&e!==`response`&&e!==`operationSpec`){if(Array.isArray(n)||Of(n)){if(t.has(n))return`[Circular]`;t.add(n)}return n}},2)}sanitizeUrl(e){if(typeof e!=`string`||e===null||e===``)return e;let t=new URL(e);if(!t.search)return e;for(let[e]of t.searchParams)this.allowedQueryParameters.has(e.toLowerCase())||t.searchParams.set(e,Rf);return t.toString()}sanitizeHeaders(e){let t={};for(let n of Object.keys(e))this.allowedHeaderNames.has(n.toLowerCase())?t[n]=e[n]:t[n]=Rf;return t}sanitizeQuery(e){if(typeof e!=`object`||!e)return e;let t={};for(let n of Object.keys(e))this.allowedQueryParameters.has(n.toLowerCase())?t[n]=e[n]:t[n]=Rf;return t}}})),Uf=t((()=>{Df(),Tf(),kf(),jf(),Nf(),Ff(),Lf(),Hf()})),Wf,Gf=t((()=>{Wf=class extends Error{constructor(e){super(e),this.name=`AbortError`}}})),Kf=t((()=>{Gf()}));function qf(e,t){let{cleanupBeforeAbort:n,abortSignal:r,abortErrorMsg:i}=t??{};return new Promise((t,a)=>{function o(){a(new Wf(i??`The operation was aborted.`))}function s(){r?.removeEventListener(`abort`,c)}function c(){n?.(),s(),o()}if(r?.aborted)return o();try{e(e=>{s(),t(e)},e=>{s(),a(e)})}catch(e){a(e)}r?.addEventListener(`abort`,c)})}var Jf=t((()=>{Kf()}));function Yf(e,t){let n,{abortSignal:r,abortErrorMsg:i}=t??{};return qf(t=>{n=setTimeout(t,e)},{cleanupBeforeAbort:()=>clearTimeout(n),abortSignal:r,abortErrorMsg:i??Xf})}var Xf,Zf=t((()=>{Jf(),Xf=`The delay was aborted.`}));function Qf(e){if(Af(e))return e.message;{let t;try{t=typeof e==`object`&&e?JSON.stringify(e):String(e)}catch{t=`[unable to stringify input]`}return`Unknown error ${t}`}}var $f=t((()=>{Uf()}));function ep(e,t){return Ef(e,t)}function tp(e){return Af(e)}var np,rp,ip=t((()=>{Uf(),Jf(),Zf(),$f(),np=Pf,rp=Pf})),ap=t((()=>{Cf()}));function op(e,t,n){let r=t=>(hp.getToken.info(t),new We({scopes:Array.isArray(e)?e:[e],getTokenOptions:n,message:t}));if(!t)throw r(`No response`);if(!t.expiresOn)throw r(`Response had no "expiresOn" property.`);if(!t.accessToken)throw r(`Response had no "accessToken" property.`)}function sp(e){let t=e?.authorityHost;return!t&&rp&&(t=process.env.AZURE_AUTHORITY_HOST),t??xe}function cp(e,t){return t||(t=xe),RegExp(`${e}/?$`).test(t)?t:t.endsWith(`/`)?t+e:`${t}/${e}`}function lp(e,t,n){return e===`adfs`&&t||n?[t]:[]}function up(e){switch(e){case`error`:return L.Error;case`info`:return L.Info;case`verbose`:return L.Verbose;case`warning`:return L.Warning;default:return L.Info}}function dp(e,t,n){if(t.name===`AuthError`||t.name===`ClientAuthError`||t.name===`BrowserAuthError`){let n=t;switch(n.errorCode){case`endpoints_resolution_error`:return hp.info(b(e,t.message)),new v(t.message);case`device_code_polling_cancelled`:return new Wf(`The authentication has been aborted by the caller.`);case`consent_required`:case`interaction_required`:case`login_required`:hp.info(b(e,`Authentication returned errorCode ${n.errorCode}`));break;default:hp.info(b(e,`Failed to acquire token: ${t.message}`));break}}return t.name===`ClientConfigurationError`||t.name===`BrowserConfigurationAuthError`||t.name===`AbortError`||t.name===`AuthenticationError`?t:t.name===`NativeAuthError`?(hp.info(b(e,`Error from the native broker: ${t.message} with status code: ${t.statusCode}`)),t):new We({scopes:e,getTokenOptions:n,message:t.message})}function fp(e){return{localAccountId:e.homeAccountId,environment:e.authority,username:e.username,homeAccountId:e.homeAccountId,tenantId:e.tenantId}}function pp(e,t){return{authority:t.environment??`login.microsoftonline.com`,homeAccountId:t.homeAccountId,tenantId:t.tenantId||`common`,username:t.username,clientId:e,version:gp}}function mp(e){let t=JSON.parse(e);if(t.version&&t.version!==gp)throw Error(`Unsupported AuthenticationRecord version`);return t}var hp,gp,_p,vp=t((()=>{y(),S(),we(),ip(),Kf(),ap(),hp=x(`IdentityUtils`),gp=`1.0`,_p=(e,t=np?`Node`:`Browser`)=>(n,r,i)=>{if(!i)switch(n){case L.Error:e.info(`MSAL ${t} V2 error: ${r}`);return;case L.Info:e.info(`MSAL ${t} V2 info message: ${r}`);return;case L.Verbose:e.info(`MSAL ${t} V2 verbose message: ${r}`);return;case L.Warning:e.info(`MSAL ${t} V2 warning: ${r}`);return}}})),yp=t((()=>{}));function bp(e,t){return t!==`Composite`&&t!==`Dictionary`&&(typeof e==`string`||typeof e==`number`||typeof e==`boolean`||t?.match(/^(Date|DateTime|DateTimeRfc1123|UnixTime|ByteArray|Base64Url)$/i)!==null||e==null)}function xp(e){let t={...e.headers,...e.body};return e.hasNullableType&&Object.getOwnPropertyNames(t).length===0?e.shouldWrapBody?{body:null}:null:e.shouldWrapBody?{...e.headers,body:e.body}:t}function Sp(e,t){let n=e.parsedHeaders;if(e.request.method===`HEAD`)return{...n,body:e.parsedBody};let r=t&&t.bodyMapper,i=!!r?.nullable,a=r?.type.name;if(a===`Stream`)return{...n,blobBody:e.blobBody,readableStreamBody:e.readableStreamBody};let o=a===`Composite`&&r.type.modelProperties||{},s=Object.keys(o).some(e=>o[e].serializedName===``);if(a===`Sequence`||s){let t=e.parsedBody??[];for(let n of Object.keys(o))o[n].serializedName&&(t[n]=e.parsedBody?.[n]);if(n)for(let e of Object.keys(n))t[e]=n[e];return i&&!e.parsedBody&&!n&&Object.getOwnPropertyNames(o).length===0?null:t}return xp({body:e.parsedBody,headers:n,hasNullableType:i,shouldWrapBody:bp(e.parsedBody,a)})}var Cp=t((()=>{})),wp,Tp=t((()=>{wp={Base64Url:`Base64Url`,Boolean:`Boolean`,ByteArray:`ByteArray`,Composite:`Composite`,Date:`Date`,DateTime:`DateTime`,DateTimeRfc1123:`DateTimeRfc1123`,Dictionary:`Dictionary`,Enum:`Enum`,Number:`Number`,Object:`Object`,Sequence:`Sequence`,String:`String`,Stream:`Stream`,TimeSpan:`TimeSpan`,UnixTime:`UnixTime`}})),Ep,Dp=t((()=>{Ep=class extends Error{constructor(e){super(e),this.name=`AbortError`}}}));function Op(e){return e.toLowerCase()}function*kp(e){for(let t of e.values())yield[t.name,t.value]}function Ap(e){return new Mp(e)}var jp,Mp,Np=t((()=>{i(),jp=Symbol.iterator,Mp=class{constructor(e){if(a(this,`_headersMap`,void 0),this._headersMap=new Map,e)for(let t of Object.keys(e))this.set(t,e[t])}set(e,t){this._headersMap.set(Op(e),{name:e,value:String(t).trim()})}get(e){return this._headersMap.get(Op(e))?.value}has(e){return this._headersMap.has(Op(e))}delete(e){this._headersMap.delete(Op(e))}toJSON(e={}){let t={};if(e.preserveCase)for(let e of this._headersMap.values())t[e.name]=e.value;else for(let[e,n]of this._headersMap)t[e]=n.value;return t}toString(){return JSON.stringify(this.toJSON({preserveCase:!0}))}[jp](){return kp(this._headersMap)}}}));function Pp(e){return new Fp(e)}var Fp,Ip=t((()=>{Np(),Nf(),i(),Fp=class{constructor(e){a(this,`url`,void 0),a(this,`method`,void 0),a(this,`headers`,void 0),a(this,`timeout`,void 0),a(this,`withCredentials`,void 0),a(this,`body`,void 0),a(this,`multipartBody`,void 0),a(this,`formData`,void 0),a(this,`streamResponseStatusCodes`,void 0),a(this,`enableBrowserStreams`,void 0),a(this,`proxySettings`,void 0),a(this,`disableKeepAlive`,void 0),a(this,`abortSignal`,void 0),a(this,`requestId`,void 0),a(this,`allowInsecureConnection`,void 0),a(this,`onUploadProgress`,void 0),a(this,`onDownloadProgress`,void 0),a(this,`requestOverrides`,void 0),a(this,`authSchemes`,void 0),this.url=e.url,this.body=e.body,this.headers=e.headers??Ap(),this.method=e.method??`GET`,this.timeout=e.timeout??0,this.multipartBody=e.multipartBody,this.formData=e.formData,this.disableKeepAlive=e.disableKeepAlive??!1,this.proxySettings=e.proxySettings,this.streamResponseStatusCodes=e.streamResponseStatusCodes,this.withCredentials=e.withCredentials??!1,this.abortSignal=e.abortSignal,this.onUploadProgress=e.onUploadProgress,this.onDownloadProgress=e.onDownloadProgress,this.requestId=e.requestId||Mf(),this.allowInsecureConnection=e.allowInsecureConnection??!1,this.enableBrowserStreams=e.enableBrowserStreams??!1,this.requestOverrides=e.requestOverrides,this.authSchemes=e.authSchemes}}}));function Lp(){return zp.create()}var Rp,zp,Bp=t((()=>{i(),Rp=new Set([`Deserialize`,`Serialize`,`Retry`,`Sign`]),zp=class e{constructor(e){a(this,`_policies`,[]),a(this,`_orderedPolicies`,void 0),this._policies=e?.slice(0)??[],this._orderedPolicies=void 0}addPolicy(e,t={}){if(t.phase&&t.afterPhase)throw Error(`Policies inside a phase cannot specify afterPhase.`);if(t.phase&&!Rp.has(t.phase))throw Error(`Invalid phase name: ${t.phase}`);if(t.afterPhase&&!Rp.has(t.afterPhase))throw Error(`Invalid afterPhase name: ${t.afterPhase}`);this._policies.push({policy:e,options:t}),this._orderedPolicies=void 0}removePolicy(e){let t=[];return this._policies=this._policies.filter(n=>e.name&&n.policy.name===e.name||e.phase&&n.options.phase===e.phase?(t.push(n.policy),!1):!0),this._orderedPolicies=void 0,t}sendRequest(e,t){return this.getOrderedPolicies().reduceRight((e,t)=>n=>t.sendRequest(n,e),t=>e.sendRequest(t))(t)}getOrderedPolicies(){return this._orderedPolicies||(this._orderedPolicies=this.orderPolicies()),this._orderedPolicies}clone(){return new e(this._policies)}static create(){return new e}orderPolicies(){let e=[],t=new Map;function n(e){return{name:e,policies:new Set,hasRun:!1,hasAfterPolicies:!1}}let r=n(`Serialize`),i=n(`None`),a=n(`Deserialize`),o=n(`Retry`),s=n(`Sign`),c=[r,i,a,o,s];function l(e){return e===`Retry`?o:e===`Serialize`?r:e===`Deserialize`?a:e===`Sign`?s:i}for(let e of this._policies){let n=e.policy,r=e.options,i=n.name;if(t.has(i))throw Error(`Duplicate policy names not allowed in pipeline`);let a={policy:n,dependsOn:new Set,dependants:new Set};r.afterPhase&&(a.afterPhase=l(r.afterPhase),a.afterPhase.hasAfterPolicies=!0),t.set(i,a),l(r.phase).policies.add(a)}for(let e of this._policies){let{policy:n,options:r}=e,i=n.name,a=t.get(i);if(!a)throw Error(`Missing node for policy ${i}`);if(r.afterPolicies)for(let e of r.afterPolicies){let n=t.get(e);n&&(a.dependsOn.add(n),n.dependants.add(a))}if(r.beforePolicies)for(let e of r.beforePolicies){let n=t.get(e);n&&(n.dependsOn.add(a),a.dependants.add(n))}}function u(n){n.hasRun=!0;for(let r of n.policies)if(!(r.afterPhase&&(!r.afterPhase.hasRun||r.afterPhase.policies.size))&&r.dependsOn.size===0){e.push(r.policy);for(let e of r.dependants)e.dependsOn.delete(r);t.delete(r.policy.name),n.policies.delete(r)}}function d(){for(let e of c){if(u(e),e.policies.size>0&&e!==i){i.hasRun||u(i);return}e.hasAfterPolicies&&u(i)}}let f=0;for(;t.size>0;){f++;let t=e.length;if(d(),e.length<=t&&f>1)throw Error(`Cannot satisfy policy dependencies due to requirements cycle.`)}return e}}})),Vp,Hp=t((()=>{Vp=ee.custom}));function Up(e){return e instanceof Gp?!0:Af(e)&&e.name===`RestError`}var Wp,Gp,Kp=t((()=>{jf(),Hp(),Hf(),i(),Wp=new Vf,Gp=class e extends Error{constructor(t,n={}){super(t),a(this,`code`,void 0),a(this,`statusCode`,void 0),a(this,`request`,void 0),a(this,`response`,void 0),a(this,`details`,void 0),this.name=`RestError`,this.code=n.code,this.statusCode=n.statusCode,Object.defineProperty(this,`request`,{value:n.request,enumerable:!1}),Object.defineProperty(this,`response`,{value:n.response,enumerable:!1});let r=this.request?.agent?{maxFreeSockets:this.request.agent.maxFreeSockets,maxSockets:this.request.agent.maxSockets}:void 0;Object.defineProperty(this,Vp,{value:()=>`RestError: ${this.message} \n ${Wp.sanitize({...this,request:{...this.request,agent:r},response:this.response})}`,enumerable:!1}),Object.setPrototypeOf(this,e.prototype)}},a(Gp,`REQUEST_SEND_ERROR`,`REQUEST_SEND_ERROR`),a(Gp,`PARSE_ERROR`,`PARSE_ERROR`)})),qp,Jp=t((()=>{mt(),qp=ut(`ts-http-runtime`)}));function Yp(e){return e&&typeof e.pipe==`function`}function Xp(e){return e.readable===!1?Promise.resolve():new Promise(t=>{let n=()=>{t(),e.removeListener(`close`,n),e.removeListener(`end`,n),e.removeListener(`error`,n)};e.on(`close`,n),e.on(`end`,n),e.on(`error`,n)})}function Zp(e){return e&&typeof e.byteLength==`number`}function Qp(e){let t=Ap();for(let n of Object.keys(e.headers)){let r=e.headers[n];Array.isArray(r)?r.length>0&&t.set(n,r[0]):r&&t.set(n,r)}return t}function $p(e,t){let n=t.get(`Content-Encoding`);if(n===`gzip`){let t=_e.createGunzip();return e.pipe(t),t}else if(n===`deflate`){let t=_e.createInflate();return e.pipe(t),t}return e}function em(e){return new Promise((t,n)=>{let r=[];e.on(`data`,e=>{Buffer.isBuffer(e)?r.push(e):r.push(Buffer.from(e))}),e.on(`end`,()=>{t(Buffer.concat(r).toString(`utf8`))}),e.on(`error`,e=>{e&&e?.name===`AbortError`?n(e):n(new Gp(`Error reading response as text: ${e.message}`,{code:Gp.PARSE_ERROR}))})})}function tm(e){return e?Buffer.isBuffer(e)?e.length:Yp(e)?null:Zp(e)?e.byteLength:typeof e==`string`?Buffer.from(e).length:null:0}function nm(){return new am}var rm,im,am,om=t((()=>{Dp(),Np(),Kp(),Jp(),Hf(),i(),rm={},im=class extends pe{_transform(e,t,n){this.push(e),this.loadedBytes+=e.length;try{this.progressCallback({loadedBytes:this.loadedBytes}),n()}catch(e){n(e)}}constructor(e){super(),a(this,`loadedBytes`,0),a(this,`progressCallback`,void 0),this.progressCallback=e}},am=class{constructor(){a(this,`cachedHttpAgent`,void 0),a(this,`cachedHttpsAgents`,new WeakMap)}async sendRequest(e){let t=new AbortController,n;if(e.abortSignal){if(e.abortSignal.aborted)throw new Ep(`The operation was aborted. Request has already been canceled.`);n=e=>{e.type===`abort`&&t.abort()},e.abortSignal.addEventListener(`abort`,n)}let r;e.timeout>0&&(r=setTimeout(()=>{let n=new Vf;qp.info(`request to '${n.sanitizeUrl(e.url)}' timed out. canceling...`),t.abort()},e.timeout));let i=e.headers.get(`Accept-Encoding`),a=i?.includes(`gzip`)||i?.includes(`deflate`),o=typeof e.body==`function`?e.body():e.body;if(o&&!e.headers.has(`Content-Length`)){let t=tm(o);t!==null&&e.headers.set(`Content-Length`,t)}let s;try{if(o&&e.onUploadProgress){let t=e.onUploadProgress,n=new im(t);n.on(`error`,e=>{qp.error(`Error in upload progress`,e)}),Yp(o)?o.pipe(n):n.end(o),o=n}let n=await this.makeRequest(e,t,o);r!==void 0&&clearTimeout(r);let i=Qp(n),c={status:n.statusCode??0,headers:i,request:e};if(e.method===`HEAD`)return n.resume(),c;s=a?$p(n,i):n;let l=e.onDownloadProgress;if(l){let e=new im(l);e.on(`error`,e=>{qp.error(`Error in download progress`,e)}),s.pipe(e),s=e}return e.streamResponseStatusCodes?.has(1/0)||e.streamResponseStatusCodes?.has(c.status)?c.readableStreamBody=s:c.bodyAsText=await em(s),c}finally{if(e.abortSignal&&n){let t=Promise.resolve();Yp(o)&&(t=Xp(o));let r=Promise.resolve();Yp(s)&&(r=Xp(s)),Promise.all([t,r]).then(()=>{n&&e.abortSignal?.removeEventListener(`abort`,n)}).catch(e=>{qp.warning(`Error when cleaning up abortListener on httpRequest`,e)})}}}makeRequest(e,t,n){let r=new URL(e.url),i=r.protocol!==`https:`;if(i&&!e.allowInsecureConnection)throw Error(`Cannot connect to ${e.url} while allowInsecureConnection is false.`);let a={agent:e.agent??this.getOrCreateAgent(e,i),hostname:r.hostname,path:`${r.pathname}${r.search}`,port:r.port,method:e.method,headers:e.headers.toJSON({preserveCase:!0}),...e.requestOverrides};return new Promise((r,o)=>{let s=i?ge.request(a,r):me.request(a,r);s.once(`error`,t=>{o(new Gp(t.message,{code:t.code??Gp.REQUEST_SEND_ERROR,request:e}))}),t.signal.addEventListener(`abort`,()=>{let e=new Ep(`The operation was aborted. Rejecting from abort signal callback while making request.`);s.destroy(e),o(e)}),n&&Yp(n)?n.pipe(s):n?typeof n==`string`||Buffer.isBuffer(n)?s.end(n):Zp(n)?s.end(ArrayBuffer.isView(n)?Buffer.from(n.buffer):Buffer.from(n)):(qp.error(`Unrecognized body type`,n),o(new Gp(`Unrecognized body type`))):s.end()})}getOrCreateAgent(e,t){let n=e.disableKeepAlive;if(t)return n?ge.globalAgent:(this.cachedHttpAgent||(this.cachedHttpAgent=new ge.Agent({keepAlive:!0})),this.cachedHttpAgent);{if(n&&!e.tlsSettings)return me.globalAgent;let t=e.tlsSettings??rm,r=this.cachedHttpsAgents.get(t);return r&&r.options.keepAlive===!n?r:(qp.info(`No cached TLS Agent exist, creating a new Agent`),r=new me.Agent({keepAlive:!n,...t}),this.cachedHttpsAgents.set(t,r),r)}}}}));function sm(){return nm()}var cm=t((()=>{om()}));function lm(e={}){let t=e.logger??qp.info,n=new Vf({additionalAllowedHeaderNames:e.additionalAllowedHeaderNames,additionalAllowedQueryParameters:e.additionalAllowedQueryParameters});return{name:um,async sendRequest(e,r){if(!t.enabled)return r(e);t(`Request: ${n.sanitize(e)}`);let i=await r(e);return t(`Response status code: ${i.status}`),t(`Headers: ${n.sanitize(i.headers)}`),i}}}var um,dm=t((()=>{Jp(),Hf(),um=`logPolicy`}));function fm(e={}){let{maxRetries:t=20,allowCrossOriginRedirects:n=!1}=e;return{name:mm,async sendRequest(e,r){return pm(r,await r(e),t,n)}}}async function pm(e,t,n,r,i=0){let{request:a,status:o,headers:s}=t,c=s.get(`location`);if(c&&(o===300||o===301&&hm.includes(a.method)||o===302&&hm.includes(a.method)||o===303&&a.method===`POST`||o===307)&&i<n){let s=new URL(c,a.url);if(!r){let e=new URL(a.url);if(s.origin!==e.origin)return qp.verbose(`Skipping cross-origin redirect from ${e.origin} to ${s.origin}.`),t}return a.url=s.toString(),o===303&&(a.method=`GET`,a.headers.delete(`Content-Length`),delete a.body),a.headers.delete(`Authorization`),pm(e,await e(a),n,r,i+1)}return t}var mm,hm,gm=t((()=>{Jp(),mm=`redirectPolicy`,hm=[`GET`,`HEAD`]})),_m=t((()=>{}));function vm(){return{name:ym,async sendRequest(e,t){return e.method!==`HEAD`&&e.headers.set(`Accept-Encoding`,`gzip,deflate`),t(e)}}}var ym,bm=t((()=>{ym=`decompressResponsePolicy`}));function xm(e,t,n){return new Promise((r,i)=>{let a,o,s=()=>i(new Ep(n?.abortErrorMsg?n?.abortErrorMsg:Cm)),c=()=>{n?.abortSignal&&o&&n.abortSignal.removeEventListener(`abort`,o)};if(o=()=>(a&&clearTimeout(a),c(),s()),n?.abortSignal&&n.abortSignal.aborted)return s();a=setTimeout(()=>{c(),r(t)},e),n?.abortSignal&&n.abortSignal.addEventListener(`abort`,o)})}function Sm(e,t){let n=e.headers.get(t);if(!n)return;let r=Number(n);if(!Number.isNaN(r))return r}var Cm,wm=t((()=>{Dp(),Cm=`The operation was aborted.`}));function Tm(e){if(e&&[429,503].includes(e.status))try{for(let t of km){let n=Sm(e,t);if(n===0||n)return n*(t===Om?1e3:1)}let t=e.headers.get(Om);if(!t)return;let n=Date.parse(t)-Date.now();return Number.isFinite(n)?Math.max(0,n):void 0}catch{return}}function Em(e){return Number.isFinite(Tm(e))}function Dm(){return{name:`throttlingRetryStrategy`,retry({response:e}){let t=Tm(e);return Number.isFinite(t)?{retryAfterInMs:t}:{skipStrategy:!0}}}}var Om,km,Am=t((()=>{wm(),Om=`Retry-After`,km=[`retry-after-ms`,`x-ms-retry-after-ms`,Om]}));function jm(e={}){let t=e.retryDelayInMs??Pm,n=e.maxRetryDelayInMs??Fm;return{name:`exponentialRetryStrategy`,retry({retryCount:r,response:i,responseError:a}){let o=Nm(a),s=o&&e.ignoreSystemErrors,c=Mm(i),l=c&&e.ignoreHttpStatusCodes;return i&&(Em(i)||!c)||l||s?{skipStrategy:!0}:a&&!o&&!c?{errorToThrow:a}:Ef(r,{retryDelayInMs:t,maxRetryDelayInMs:n})}}}function Mm(e){return!!(e&&e.status!==void 0&&(e.status>=500||e.status===408)&&e.status!==501&&e.status!==505)}function Nm(e){return e?e.code===`ETIMEDOUT`||e.code===`ESOCKETTIMEDOUT`||e.code===`ECONNREFUSED`||e.code===`ECONNRESET`||e.code===`ENOENT`||e.code===`ENOTFOUND`:!1}var Pm,Fm,Im=t((()=>{Df(),Am(),Pm=1e3,Fm=1e3*64}));function Lm(e,t={maxRetries:3}){let n=t.logger||Rm;return{name:zm,async sendRequest(r,i){let a,o,s=-1;retryRequest:for(;;){s+=1,a=void 0,o=void 0;try{n.info(`Retry ${s}: Attempting to send request`,r.requestId),a=await i(r),n.info(`Retry ${s}: Received a response from request`,r.requestId)}catch(e){if(n.error(`Retry ${s}: Received an error from request`,r.requestId),!Up(e))throw e;o=e,a=e.response}if(r.abortSignal?.aborted)throw n.error(`Retry ${s}: Request aborted.`),new Ep;if(s>=(t.maxRetries??3)){if(n.info(`Retry ${s}: Maximum retries reached. Returning the last received response, or throwing the last received error.`),o)throw o;if(a)return a;throw Error(`Maximum retries reached with no response or error to throw`)}n.info(`Retry ${s}: Processing ${e.length} retry strategies.`);strategiesLoop:for(let t of e){let e=t.logger||n;e.info(`Retry ${s}: Processing retry strategy ${t.name}.`);let i=t.retry({retryCount:s,response:a,responseError:o});if(i.skipStrategy){e.info(`Retry ${s}: Skipped.`);continue strategiesLoop}let{errorToThrow:c,retryAfterInMs:l,redirectTo:u}=i;if(c)throw e.error(`Retry ${s}: Retry strategy ${t.name} throws error:`,c),c;if(l||l===0){e.info(`Retry ${s}: Retry strategy ${t.name} retries after ${l}`),await xm(l,void 0,{abortSignal:r.abortSignal});continue retryRequest}if(u){e.info(`Retry ${s}: Retry strategy ${t.name} redirects to ${u}`),r.url=u;continue retryRequest}}if(o)throw n.info(`None of the retry strategies could work with the received error. Throwing it.`),o;if(a)return n.info(`None of the retry strategies could work with the received response. Returning it.`),a}}}}var Rm,zm,Bm=t((()=>{wm(),Kp(),Dp(),mt(),_m(),Rm=ut(`ts-http-runtime retryPolicy`),zm=`retryPolicy`}));function Vm(e={}){return{name:Hm,sendRequest:Lm([Dm(),jm(e)],{maxRetries:e.maxRetries??3}).sendRequest}}var Hm,Um=t((()=>{Im(),Am(),Bm(),_m(),Hm=`defaultRetryPolicy`}));function Wm(e){let t={};for(let[n,r]of e.entries())t[n]??(t[n]=[]),t[n].push(r);return t}function Gm(){return{name:Jm,async sendRequest(e,t){if(Pf&&typeof FormData<`u`&&e.body instanceof FormData&&(e.formData=Wm(e.body),e.body=void 0),e.formData){let t=e.headers.get(`Content-Type`);t&&t.indexOf(`application/x-www-form-urlencoded`)!==-1?e.body=Km(e.formData):await qm(e.formData,e),e.formData=void 0}return t(e)}}}function Km(e){let t=new URLSearchParams;for(let[n,r]of Object.entries(e))if(Array.isArray(r))for(let e of r)t.append(n,e.toString());else t.append(n,r.toString());return t.toString()}async function qm(e,t){let n=t.headers.get(`Content-Type`);if(n&&!n.startsWith(`multipart/form-data`))return;t.headers.set(`Content-Type`,n??`multipart/form-data`);let r=[];for(let[t,n]of Object.entries(e))for(let e of Array.isArray(n)?n:[n])if(typeof e==`string`)r.push({headers:Ap({"Content-Disposition":`form-data; name="${t}"`}),body:If(e,`utf-8`)});else if(typeof e!=`object`||!e)throw Error(`Unexpected value for key ${t}: ${e}. Value should be serialized to string first.`);else{let n=e.name||`blob`,i=Ap();i.set(`Content-Disposition`,`form-data; name="${t}"; filename="${n}"`),i.set(`Content-Type`,e.type||`application/octet-stream`),r.push({headers:i,body:e})}t.multipartBody={parts:r}}var Jm,Ym=t((()=>{Lf(),Ff(),Np(),Jm=`formDataPolicy`})),Xm=r((t=>{var n=t&&t.__createBinding||(Object.create?(function(e,t,n,r){r===void 0&&(r=n);var i=Object.getOwnPropertyDescriptor(t,n);(!i||(`get`in i?!t.__esModule:i.writable||i.configurable))&&(i={enumerable:!0,get:function(){return t[n]}}),Object.defineProperty(e,r,i)}):(function(e,t,n,r){r===void 0&&(r=n),e[r]=t[n]})),r=t&&t.__setModuleDefault||(Object.create?(function(e,t){Object.defineProperty(e,`default`,{enumerable:!0,value:t})}):function(e,t){e.default=t}),i=t&&t.__importStar||function(e){if(e&&e.__esModule)return e;var t={};if(e!=null)for(var i in e)i!==`default`&&Object.prototype.hasOwnProperty.call(e,i)&&n(t,e,i);return r(t,e),t},a=t&&t.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,`__esModule`,{value:!0}),t.HttpProxyAgent=void 0;var o=i(e(`net`)),c=i(e(`tls`)),l=a(s()),d=e(`events`),f=u(),p=e(`url`),m=(0,l.default)(`http-proxy-agent`),h=class extends f.Agent{constructor(e,t){super(t),this.proxy=typeof e==`string`?new p.URL(e):e,this.proxyHeaders=t?.headers??{},m(`Creating new HttpProxyAgent instance: %o`,this.proxy.href);let n=(this.proxy.hostname||this.proxy.host).replace(/^\[|\]$/g,``),r=this.proxy.port?parseInt(this.proxy.port,10):this.proxy.protocol===`https:`?443:80;this.connectOpts={...t?ee(t,`headers`):null,host:n,port:r}}addRequest(e,t){e._header=null,this.setRequestProps(e,t),super.addRequest(e,t)}setRequestProps(e,t){let{proxy:n}=this,r=`${t.secureEndpoint?`https:`:`http:`}//${e.getHeader(`host`)||`localhost`}`,i=new p.URL(e.path,r);t.port!==80&&(i.port=String(t.port)),e.path=String(i);let a=typeof this.proxyHeaders==`function`?this.proxyHeaders():{...this.proxyHeaders};if(n.username||n.password){let e=`${decodeURIComponent(n.username)}:${decodeURIComponent(n.password)}`;a[`Proxy-Authorization`]=`Basic ${Buffer.from(e).toString(`base64`)}`}a[`Proxy-Connection`]||(a[`Proxy-Connection`]=this.keepAlive?`Keep-Alive`:`close`);for(let t of Object.keys(a)){let n=a[t];n&&e.setHeader(t,n)}}async connect(e,t){e._header=null,e.path.includes(`://`)||this.setRequestProps(e,t);let n,r;m(`Regenerating stored HTTP header string for request`),e._implicitHeader(),e.outputData&&e.outputData.length>0&&(m(`Patching connection write() output buffer with updated header`),n=e.outputData[0].data,r=n.indexOf(`\r
+\r
+`)+4,e.outputData[0].data=e._header+n.substring(r),m(`Output buffer: %o`,e.outputData[0].data));let i;return this.proxy.protocol===`https:`?(m("Creating `tls.Socket`: %o",this.connectOpts),i=c.connect(this.connectOpts)):(m("Creating `net.Socket`: %o",this.connectOpts),i=o.connect(this.connectOpts)),await(0,d.once)(i,`connect`),i}};h.protocols=[`http`,`https`],t.HttpProxyAgent=h;function ee(e,...t){let n={},r;for(r in e)t.includes(r)||(n[r]=e[r]);return n}}));function Zm(e){if(process.env[e])return process.env[e];if(process.env[e.toLowerCase()])return process.env[e.toLowerCase()]}function Qm(){if(!process)return;let e=Zm(sh),t=Zm(lh),n=Zm(ch);return e||t||n}function $m(e,t,n){if(t.length===0)return!1;let r=new URL(e).hostname;if(n?.has(r))return n.get(r);let i=!1;for(let e of t)e[0]===`.`?(r.endsWith(e)||r.length===e.length-1&&r===e.slice(1))&&(i=!0):r===e&&(i=!0);return n?.set(r,i),i}function eh(){let e=Zm(uh);return ph=!0,e?e.split(`,`).map(e=>e.trim()).filter(e=>e.length):[]}function th(){let e=Qm();return e?new URL(e):void 0}function nh(e){let t;try{t=new URL(e.host)}catch{throw Error(`Expecting a valid host string in proxy settings, but found "${e.host}".`)}return t.port=String(e.port),e.username&&(t.username=e.username),e.password&&(t.password=e.password),t}function rh(e,t,n){if(e.agent)return;let r=new URL(e.url).protocol!==`https:`;e.tlsSettings&&qp.warning(`TLS settings are not supported in combination with custom Proxy, certificates provided to the client will be ignored.`),r?(t.httpProxyAgent||(t.httpProxyAgent=new oh.HttpProxyAgent(n)),e.agent=t.httpProxyAgent):(t.httpsProxyAgent||(t.httpsProxyAgent=new ah.HttpsProxyAgent(n)),e.agent=t.httpsProxyAgent)}function ih(e,t){ph||fh.push(...eh());let n=e?nh(e):th(),r={};return{name:dh,async sendRequest(e,i){return!e.proxySettings&&n&&!$m(e.url,t?.customNoProxyList??fh,t?.customNoProxyList?void 0:mh)?rh(e,r,n):e.proxySettings&&rh(e,r,nh(e.proxySettings)),i(e)}}}var ah,oh,sh,ch,lh,uh,dh,fh,ph,mh,hh=t((()=>{ah=d(),oh=Xm(),Jp(),sh=`HTTPS_PROXY`,ch=`HTTP_PROXY`,lh=`ALL_PROXY`,uh=`NO_PROXY`,dh=`proxyPolicy`,fh=[],ph=!1,mh=new Map}));function gh(e){return{name:_h,sendRequest:async(t,n)=>(t.agent||(t.agent=e),n(t))}}var _h,vh=t((()=>{_h=`agentPolicy`}));function yh(e){return{name:bh,sendRequest:async(t,n)=>(t.tlsSettings||(t.tlsSettings=e),n(t))}}var bh,xh=t((()=>{bh=`tlsPolicy`}));function Sh(e){return typeof Blob<`u`&&e instanceof Blob}var Ch=t((()=>{}));async function*wh(){let e=this.getReader();try{for(;;){let{done:t,value:n}=await e.read();if(t)return;yield n}}finally{e.releaseLock()}}function Th(e){e[Symbol.asyncIterator]||(e[Symbol.asyncIterator]=wh.bind(e)),e.values||(e.values=wh.bind(e))}function Eh(e){return e instanceof ReadableStream?(Th(e),te.fromWeb(e)):e}function Dh(e){return e instanceof Uint8Array?te.from(Buffer.from(e)):Sh(e)?Eh(e.stream()):Eh(e)}async function Oh(e){return function(){let t=e.map(e=>typeof e==`function`?e():e).map(Dh);return te.from((async function*(){for(let e of t)for await(let t of e)yield t})())}}var kh=t((()=>{Ch()}));function Ah(){return`----AzSDKFormBoundary${Mf()}`}function jh(e){let t=``;for(let[n,r]of e)t+=`${n}: ${r}\r\n`;return t}function Mh(e){if(e instanceof Uint8Array)return e.byteLength;if(Sh(e))return e.size===-1?void 0:e.size}function Nh(e){let t=0;for(let n of e){let e=Mh(n);if(e===void 0)return;t+=e}return t}async function Ph(e,t,n){let r=[If(`--${n}`,`utf-8`),...t.flatMap(e=>[If(`\r
+`,`utf-8`),If(jh(e.headers),`utf-8`),If(`\r
+`,`utf-8`),e.body,If(`\r\n--${n}`,`utf-8`)]),If(`--\r
+\r
+`,`utf-8`)],i=Nh(r);i&&e.headers.set(`Content-Length`,i),e.body=await Oh(r)}function Fh(e){if(e.length>Rh)throw Error(`Multipart boundary "${e}" exceeds maximum length of 70 characters`);if(Array.from(e).some(e=>!zh.has(e)))throw Error(`Multipart boundary "${e}" contains invalid characters`)}function Ih(){return{name:Lh,async sendRequest(e,t){if(!e.multipartBody)return t(e);if(e.body)throw Error(`multipartBody and regular body cannot be set at the same time`);let n=e.multipartBody.boundary,r=e.headers.get(`Content-Type`)??`multipart/mixed`,i=r.match(/^(multipart\/[^ ;]+)(?:; *boundary=(.+))?$/);if(!i)throw Error(`Got multipart request body, but content-type header was not multipart: ${r}`);let[,a,o]=i;if(o&&n&&o!==n)throw Error(`Multipart boundary was specified as ${o} in the header, but got ${n} in the request body`);return n??(n=o),n?Fh(n):n=Ah(),e.headers.set(`Content-Type`,`${a}; boundary=${n}`),await Ph(e,e.multipartBody.parts,n),e.multipartBody=void 0,t(e)}}}var Lh,Rh,zh,Bh=t((()=>{Lf(),Ch(),Nf(),kh(),Lh=`multipartPolicy`,Rh=70,zh=new Set(`abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'()+,-./:=?`)})),Vh=t((()=>{Dp(),mt(),Np(),Ip(),Bp(),Kp(),Lf(),cm(),dm(),gm(),_m(),bm(),Um(),Ym(),Ff(),hh(),vh(),xh(),Bh(),Jp(),Ch()}));function Hh(){return Lp()}var Uh=t((()=>{Vh()})),Wh,Gh=t((()=>{yt(),Wh=_t(`core-rest-pipeline`)})),Kh=t((()=>{vh(),bm(),Um(),Im(),Bm(),_m(),Am(),Ym(),dm(),Bh(),hh(),gm(),xh()}));function qh(e={}){return lm({logger:Wh.info,...e})}var Jh=t((()=>{Gh(),Kh()}));function Yh(e={}){return fm(e)}var Xh=t((()=>{Kh()}));function Zh(){return`User-Agent`}async function Qh(e){if(g&&g.versions){let t=`${_.type()} ${_.release()}; ${_.arch()}`,n=g.versions;n.bun?e.set(`Bun`,`${n.bun} (${t})`):n.deno?e.set(`Deno`,`${n.deno} (${t})`):n.node&&e.set(`Node`,`${n.node} (${t})`)}}var $h=t((()=>{})),eg,tg=t((()=>{eg=`1.22.3`}));function ng(e){let t=[];for(let[n,r]of e){let e=r?`${n}/${r}`:n;t.push(e)}return t.join(` `)}function rg(){return Zh()}async function ig(e){let t=new Map;t.set(`core-rest-pipeline`,eg),await Qh(t);let n=ng(t);return e?`${e} ${n}`:n}var ag=t((()=>{$h(),tg()}));function og(e={}){let t=ig(e.userAgentPrefix);return{name:cg,async sendRequest(e,n){return e.headers.has(sg)||e.headers.set(sg,await t),n(e)}}}var sg,cg,lg=t((()=>{ag(),sg=rg(),cg=`userAgentPolicy`}));function ug(e){return typeof e[fg]==`function`}function dg(e){return ug(e)?e[fg]():e}var fg,pg=t((()=>{fg=Symbol(`rawContent`)}));function mg(){let e=Ih();return{name:hg,sendRequest:async(t,n)=>{if(t.multipartBody)for(let e of t.multipartBody.parts)ug(e.body)&&(e.body=dg(e.body));return e.sendRequest(t,n)}}}var hg,gg=t((()=>{Kh(),pg(),hg=Lh}));function _g(){return vm()}var vg=t((()=>{Kh()}));function yg(e={}){return Vm(e)}var bg=t((()=>{Kh()}));function xg(){return Gm()}var Sg=t((()=>{Kh()}));function Cg(e,t){return ih(e,t)}var wg=t((()=>{Kh()}));function Tg(e=`x-ms-client-request-id`){return{name:Eg,async sendRequest(t,n){return t.headers.has(e)||t.headers.set(e,t.requestId),n(t)}}}var Eg,Dg=t((()=>{Eg=`setClientRequestIdPolicy`}));function Og(e){return gh(e)}var kg=t((()=>{Kh()}));function Ag(e){return yh(e)}var jg=t((()=>{Kh()}));function Mg(e){return Up(e)}var Ng,Pg=t((()=>{Vh(),Ng=Gp}));function Fg(e={}){let t=ig(e.userAgentPrefix),n=new Vf({additionalAllowedQueryParameters:e.additionalAllowedQueryParameters}),r=Ig();return{name:Bg,async sendRequest(e,i){if(!r)return i(e);let a=await t,o={"http.url":n.sanitizeUrl(e.url),"http.method":e.method,"http.user_agent":a,requestId:e.requestId};a&&(o[`http.user_agent`]=a);let{span:s,tracingContext:c}=Lg(r,e,o)??{};if(!s||!c)return i(e);try{let t=await r.withContext(c,i,e);return zg(s,t),t}catch(e){throw Rg(s,e),e}}}}function Ig(){try{return It({namespace:``,packageName:`@azure/core-rest-pipeline`,packageVersion:eg})}catch(e){Wh.warning(`Error when creating the TracingClient: ${Qf(e)}`);return}}function Lg(e,t,n){try{let{span:r,updatedOptions:i}=e.startSpan(`HTTP ${t.method}`,{tracingOptions:t.tracingOptions},{spanKind:`client`,spanAttributes:n});if(!r.isRecording()){r.end();return}let a=e.createRequestHeaders(i.tracingOptions.tracingContext);for(let[e,n]of Object.entries(a))t.headers.set(e,n);return{span:r,tracingContext:i.tracingOptions.tracingContext}}catch(e){Wh.warning(`Skipping creating a tracing span due to an error: ${Qf(e)}`);return}}function Rg(e,t){try{e.setStatus({status:`error`,error:tp(t)?t:void 0}),Mg(t)&&t.statusCode&&e.setAttribute(`http.status_code`,t.statusCode),e.end()}catch(e){Wh.warning(`Skipping tracing span processing due to an error: ${Qf(e)}`)}}function zg(e,t){try{e.setAttribute(`http.status_code`,t.status);let n=t.headers.get(`x-ms-request-id`);n&&e.setAttribute(`serviceRequestId`,n),t.status>=400&&e.setStatus({status:`error`}),e.end()}catch(e){Wh.warning(`Skipping tracing span processing due to an error: ${Qf(e)}`)}}var Bg,Vg=t((()=>{Rt(),tg(),ag(),Gh(),ip(),Pg(),Uf(),Bg=`tracingPolicy`}));function Hg(e){if(e instanceof AbortSignal)return{abortSignal:e};if(e.aborted)return{abortSignal:AbortSignal.abort(e.reason)};let t=new AbortController,n=!0;function r(){n&&(e.removeEventListener(`abort`,i),n=!1)}function i(){t.abort(e.reason),r()}return e.addEventListener(`abort`,i),{abortSignal:t.signal,cleanup:r}}var Ug=t((()=>{}));function Wg(){return{name:Gg,sendRequest:async(e,t)=>{if(!e.abortSignal)return t(e);let{abortSignal:n,cleanup:r}=Hg(e.abortSignal);e.abortSignal=n;try{return await t(e)}finally{r?.()}}}}var Gg,Kg=t((()=>{Ug(),Gg=`wrapAbortSignalLikePolicy`}));function qg(e){let t=Hh();return rp&&(e.agent&&t.addPolicy(Og(e.agent)),e.tlsOptions&&t.addPolicy(Ag(e.tlsOptions)),t.addPolicy(Cg(e.proxyOptions)),t.addPolicy(_g())),t.addPolicy(Wg()),t.addPolicy(xg(),{beforePolicies:[hg]}),t.addPolicy(og(e.userAgentOptions)),t.addPolicy(Tg(e.telemetryOptions?.clientRequestIdHeaderName)),t.addPolicy(mg(),{afterPhase:`Deserialize`}),t.addPolicy(yg(e.retryOptions),{phase:`Retry`}),t.addPolicy(Fg({...e.userAgentOptions,...e.loggingOptions}),{afterPhase:`Retry`}),rp&&t.addPolicy(Yh(e.redirectOptions),{afterPhase:`Retry`}),t.addPolicy(qh(e.loggingOptions),{afterPhase:`Sign`}),t}var Jg=t((()=>{Jh(),Uh(),Xh(),lg(),gg(),vg(),bg(),Sg(),ip(),wg(),Dg(),kg(),jg(),Vg(),Kg()}));function Yg(){let e=sm();return{async sendRequest(t){let{abortSignal:n,cleanup:r}=t.abortSignal?Hg(t.abortSignal):{};try{return t.abortSignal=n,await e.sendRequest(t)}finally{r?.()}}}}var Xg=t((()=>{Vh(),Ug()}));function Zg(e){return Ap(e)}var Qg=t((()=>{Vh()}));function $g(e){return Pp(e)}var e_=t((()=>{Vh()}));function t_(e,t={maxRetries:3}){return Lm(e,{logger:n_,...t})}var n_,r_=t((()=>{yt(),tg(),Kh(),n_=_t(`core-rest-pipeline retryPolicy`)}));async function i_(e,t,n){async function r(){if(Date.now()<n)try{return await e()}catch{return null}else{let t=await e();if(t===null)throw Error(`Failed to refresh access token.`);return t}}let i=await r();for(;i===null;)await Yf(t),i=await r();return i}function a_(e,t){let n=null,r=null,i,a={...o_,...t},o={get isRefreshing(){return n!==null},get shouldRefresh(){return o.isRefreshing?!1:r?.refreshAfterTimestamp&&r.refreshAfterTimestamp<Date.now()?!0:(r?.expiresOnTimestamp??0)-a.refreshWindowInMs<Date.now()},get mustRefresh(){return r===null||r.expiresOnTimestamp-a.forcedRefreshWindowInMs<Date.now()}};function s(t,s){return o.isRefreshing||(n=i_(()=>e.getToken(t,s),a.retryIntervalInMs,r?.expiresOnTimestamp??Date.now()).then(e=>(n=null,r=e,i=s.tenantId,r)).catch(e=>{throw n=null,r=null,i=void 0,e})),n}return async(e,t)=>{let n=!!t.claims,a=i!==t.tenantId;return n&&(r=null),a||n||o.mustRefresh?s(e,t):(o.shouldRefresh&&s(e,t),r)}}var o_,s_=t((()=>{ip(),o_={forcedRefreshWindowInMs:1e3,retryIntervalInMs:3e3,refreshWindowInMs:1e3*60*2}}));async function c_(e,t){try{return[await t(e),void 0]}catch(e){if(Mg(e)&&e.response)return[e.response,e];throw e}}async function l_(e){let{scopes:t,getAccessToken:n,request:r}=e,i=await n(t,{abortSignal:r.abortSignal,tracingOptions:r.tracingOptions,enableCae:!0});i&&e.request.headers.set(`Authorization`,`Bearer ${i.token}`)}function u_(e){return e.status===401&&e.headers.has(`WWW-Authenticate`)}async function d_(e,t){let{scopes:n}=e,r=await e.getAccessToken(n,{enableCae:!0,claims:t});return r?(e.request.headers.set(`Authorization`,`${r.tokenType??`Bearer`} ${r.token}`),!0):!1}function f_(e){let{credential:t,scopes:n,challengeCallbacks:r}=e,i=e.logger||Wh,a={authorizeRequest:r?.authorizeRequest?.bind(r)??l_,authorizeRequestOnChallenge:r?.authorizeRequestOnChallenge?.bind(r)},o=t?a_(t):()=>Promise.resolve(null);return{name:h_,async sendRequest(e,t){if(!e.url.toLowerCase().startsWith(`https://`))throw Error(`Bearer token authentication is not permitted for non-TLS protected (non-https) URLs.`);await a.authorizeRequest({scopes:Array.isArray(n)?n:[n],request:e,getAccessToken:o,logger:i});let r,s,c;if([r,s]=await c_(e,t),u_(r)){let l=m_(r.headers.get(`WWW-Authenticate`));if(l){let a;try{a=atob(l)}catch{return i.warning(`The WWW-Authenticate header contains "claims" that cannot be parsed. Unable to perform the Continuous Access Evaluation authentication flow. Unparsable claims: ${l}`),r}c=await d_({scopes:Array.isArray(n)?n:[n],response:r,request:e,getAccessToken:o,logger:i},a),c&&([r,s]=await c_(e,t))}else if(a.authorizeRequestOnChallenge&&(c=await a.authorizeRequestOnChallenge({scopes:Array.isArray(n)?n:[n],request:e,response:r,getAccessToken:o,logger:i}),c&&([r,s]=await c_(e,t)),u_(r)&&(l=m_(r.headers.get(`WWW-Authenticate`)),l))){let a;try{a=atob(l)}catch{return i.warning(`The WWW-Authenticate header contains "claims" that cannot be parsed. Unable to perform the Continuous Access Evaluation authentication flow. Unparsable claims: ${l}`),r}c=await d_({scopes:Array.isArray(n)?n:[n],response:r,request:e,getAccessToken:o,logger:i},a),c&&([r,s]=await c_(e,t))}}if(s)throw s;return r}}}function p_(e){let t=/(\w+)\s+((?:\w+=(?:"[^"]*"|[^,]*),?\s*)+)/g,n=/(\w+)="([^"]*)"/g,r=[],i;for(;(i=t.exec(e))!==null;){let e=i[1],t=i[2],a={},o;for(;(o=n.exec(t))!==null;)a[o[1]]=o[2];r.push({scheme:e,params:a})}return r}function m_(e){if(e)return p_(e).find(e=>e.scheme===`Bearer`&&e.params.claims&&e.params.error===`insufficient_claims`)?.params.claims}var h_,g_=t((()=>{s_(),Gh(),Pg(),h_=`bearerTokenAuthenticationPolicy`})),__=t((()=>{Uh(),Jg(),Xg(),Qg(),e_(),Pg(),vg(),Kh(),Dg(),Jh(),gg(),wg(),Xh(),r_(),Vg(),bg(),lg(),jg(),Sg(),g_(),s_(),Gh(),kg(),pg()})),v_=r((e=>{Object.defineProperty(e,`__esModule`,{value:!0}),e.state=void 0,e.state={operationRequestMap:new WeakMap}})),y_,b_,x_=t((()=>{y_=v_(),b_=y_.state}));function S_(e,t,n){let r=t.parameterPath,i=t.mapper,a;if(typeof r==`string`&&(r=[r]),Array.isArray(r)){if(r.length>0)if(i.isConstant)a=i.defaultValue;else{let t=C_(e,r);!t.propertyFound&&n&&(t=C_(n,r));let o=!1;t.propertyFound||(o=i.required||r[0]===`options`&&r.length===2),a=o?i.defaultValue:t.propertyValue}}else{i.required&&(a={});for(let t in r){let o=i.type.modelProperties[t],s=r[t],c=S_(e,{parameterPath:s,mapper:o},n);c!==void 0&&(a||(a={}),a[t]=c)}}return a}function C_(e,t){let n={propertyFound:!1},r=0;for(;r<t.length;++r){let n=t[r];if(e&&n in e)e=e[n];else break}return r===t.length&&(n.propertyValue=e,n.propertyFound=!0),n}function w_(e){return E_ in e}function T_(e){if(w_(e))return T_(e[E_]);let t=b_.operationRequestMap.get(e);return t||(t={},b_.operationRequestMap.set(e,t)),t}var E_,D_=t((()=>{x_(),E_=Symbol.for(`@azure/core-client original request`)}));function O_(e={}){let t=e.expectedContentTypes?.json??F_,n=e.expectedContentTypes?.xml??I_,r=e.parseXML,i=e.serializerOptions,a={xml:{rootName:i?.xml.rootName??``,includeRoot:i?.xml.includeRoot??!1,xmlCharKey:i?.xml.xmlCharKey??`_`}};return{name:L_,async sendRequest(e,i){return j_(t,n,await i(e),a,r)}}}function k_(e){let t,n=e.request,r=T_(n),i=r?.operationSpec;return i&&(t=r?.operationResponseGetter?r?.operationResponseGetter(i,e):i.responses[e.status]),t}function A_(e){let t=e.request,n=T_(t)?.shouldDeserialize,r;return r=n===void 0?!0:typeof n==`boolean`?n:n(e),r}async function j_(e,t,n,r,i){let a=await P_(e,t,n,r,i);if(!A_(a))return a;let o=T_(a.request)?.operationSpec;if(!o||!o.responses)return a;let s=k_(a),{error:c,shouldReturnResponse:l}=N_(a,o,s,r);if(c)throw c;if(l)return a;if(s){if(s.bodyMapper){let e=a.parsedBody;o.isXML&&s.bodyMapper.type.name===wp.Sequence&&(e=typeof e==`object`?e[s.bodyMapper.xmlElementName]:[]);try{a.parsedBody=o.serializer.deserialize(s.bodyMapper,e,`operationRes.parsedBody`,r)}catch(e){throw new Ng(`Error ${e} occurred in deserializing the responseBody - ${a.bodyAsText}`,{statusCode:a.status,request:a.request,response:a})}}else o.httpMethod===`HEAD`&&(a.parsedBody=n.status>=200&&n.status<300);s.headersMapper&&(a.parsedHeaders=o.serializer.deserialize(s.headersMapper,a.headers.toJSON(),`operationRes.parsedHeaders`,{xml:{},ignoreUnknownProperties:!0}))}return a}function M_(e){let t=Object.keys(e.responses);return t.length===0||t.length===1&&t[0]===`default`}function N_(e,t,n,r){let i=200<=e.status&&e.status<300;if(M_(t)?i:n)if(n){if(!n.isError)return{error:null,shouldReturnResponse:!1}}else return{error:null,shouldReturnResponse:!1};let a=n??t.responses.default,o=new Ng(e.request.streamResponseStatusCodes?.has(e.status)?`Unexpected status code: ${e.status}`:e.bodyAsText,{statusCode:e.status,request:e.request,response:e});if(!a&&!(e.parsedBody?.error?.code&&e.parsedBody?.error?.message))throw o;let s=a?.bodyMapper,c=a?.headersMapper;try{if(e.parsedBody){let n=e.parsedBody,i;if(s){let e=n;if(t.isXML&&s.type.name===wp.Sequence){e=[];let t=s.xmlElementName;typeof n==`object`&&t&&(e=n[t])}i=t.serializer.deserialize(s,e,`error.response.parsedBody`,r)}let a=n.error||i||n;o.code=a.code,a.message&&(o.message=a.message),s&&(o.response.parsedBody=i)}e.headers&&c&&(o.response.parsedHeaders=t.serializer.deserialize(c,e.headers.toJSON(),`operationRes.parsedHeaders`))}catch(t){o.message=`Error "${t.message}" occurred in deserializing the responseBody - "${e.bodyAsText}" for the default response.`}return{error:o,shouldReturnResponse:!1}}async function P_(e,t,n,r,i){if(!n.request.streamResponseStatusCodes?.has(n.status)&&n.bodyAsText){let a=n.bodyAsText,o=n.headers.get(`Content-Type`)||``,s=o?o.split(`;`).map(e=>e.toLowerCase()):[];try{if(s.length===0||s.some(t=>e.indexOf(t)!==-1))return n.parsedBody=JSON.parse(a),n;if(s.some(e=>t.indexOf(e)!==-1)){if(!i)throw Error(`Parsing XML not supported.`);return n.parsedBody=await i(a,r.xml),n}}catch(e){throw new Ng(`Error "${e}" occurred while parsing the response body - ${n.bodyAsText}.`,{code:e.code||Ng.PARSE_ERROR,statusCode:n.status,request:n.request,response:n})}}return n}var F_,I_,L_,R_=t((()=>{yp(),__(),Tp(),D_(),F_=[`application/json`,`text/json`],I_=[`application/xml`,`application/atom+xml`],L_=`deserializationPolicy`}));function z_(e){let t=new Set;for(let n in e.responses){let r=e.responses[n];r.bodyMapper&&r.bodyMapper.type.name===wp.Stream&&t.add(Number(n))}return t}function B_(e){let{parameterPath:t,mapper:n}=e,r;return r=typeof t==`string`?t:Array.isArray(t)?t.join(`.`):n.serializedName,r}var V_=t((()=>{Tp()}));function H_(e={}){let t=e.stringifyXML;return{name:q_,async sendRequest(e,n){let r=T_(e),i=r?.operationSpec,a=r?.operationArguments;return i&&a&&(U_(e,a,i),W_(e,a,i,t)),n(e)}}}function U_(e,t,n){if(n.headerParameters)for(let r of n.headerParameters){let i=S_(t,r);if(i!=null||r.mapper.required){i=n.serializer.serialize(r.mapper,i,B_(r));let t=r.mapper.headerCollectionPrefix;if(t)for(let n of Object.keys(i))e.headers.set(t+n,i[n]);else e.headers.set(r.mapper.serializedName||B_(r),i)}}let r=t.options?.requestOptions?.customHeaders;if(r)for(let t of Object.keys(r))e.headers.set(t,r[t])}function W_(e,t,n,r=function(){throw Error(`XML serialization unsupported!`)}){let i=t.options?.serializerOptions,a={xml:{rootName:i?.xml.rootName??``,includeRoot:i?.xml.includeRoot??!1,xmlCharKey:i?.xml.xmlCharKey??`_`}},o=a.xml.xmlCharKey;if(n.requestBody&&n.requestBody.mapper){e.body=S_(t,n.requestBody);let i=n.requestBody.mapper,{required:s,serializedName:c,xmlName:l,xmlElementName:u,xmlNamespace:d,xmlNamespacePrefix:f,nullable:p}=i,m=i.type.name;try{if(e.body!==void 0&&e.body!==null||p&&e.body===null||s){let t=B_(n.requestBody);e.body=n.serializer.serialize(i,e.body,t,a);let s=m===wp.Stream;if(n.isXML){let t=f?`xmlns:${f}`:`xmlns`,n=G_(d,t,m,e.body,a);m===wp.Sequence?e.body=r(K_(n,u||l||c,t,d),{rootName:l||c,xmlCharKey:o}):s||(e.body=r(n,{rootName:l||c,xmlCharKey:o}))}else if(m===wp.String&&(n.contentType?.match(`text/plain`)||n.mediaType===`text`))return;else s||(e.body=JSON.stringify(e.body))}}catch(e){throw Error(`Error "${e.message}" occurred in serializing the payload - ${JSON.stringify(c,void 0,`  `)}.`)}}else if(n.formDataParameters&&n.formDataParameters.length>0){e.formData={};for(let r of n.formDataParameters){let i=S_(t,r);if(i!=null){let t=r.mapper.serializedName||B_(r);e.formData[t]=n.serializer.serialize(r.mapper,i,B_(r),a)}}}}function G_(e,t,n,r,i){if(e&&![`Composite`,`Sequence`,`Dictionary`].includes(n)){let n={};return n[i.xml.xmlCharKey]=r,n.$={[t]:e},n}return r}function K_(e,t,n,r){if(Array.isArray(e)||(e=[e]),!n||!r)return{[t]:e};let i={[t]:e};return i.$={[n]:r},i}var q_,J_=t((()=>{yp(),D_(),Tp(),V_(),q_=`serializationPolicy`}));function Y_(e={}){let t=qg(e??{});return e.credentialOptions&&t.addPolicy(f_({credential:e.credentialOptions.credential,scopes:e.credentialOptions.credentialScopes})),t.addPolicy(H_(e.serializationOptions),{phase:`Serialize`}),t.addPolicy(O_(e.deserializationOptions),{phase:`Deserialize`}),t}var X_=t((()=>{R_(),__(),J_()}));function Z_(){return Q_||(Q_=Yg()),Q_}var Q_,$_=t((()=>{__()}));function ev(e,t,n,r){let i=nv(t,n,r),a=!1,o=tv(e,i);if(t.path){let e=tv(t.path,i);t.path===`/{nextLink}`&&e.startsWith(`/`)&&(e=e.substring(1)),rv(e)?(o=e,a=!0):o=iv(o,e)}let{queryParams:s,sequenceParams:c}=av(t,n,r);return o=sv(o,s,c,a),o}function tv(e,t){let n=e;for(let[e,r]of t)n=n.split(e).join(r);return n}function nv(e,t,n){let r=new Map;if(e.urlParameters?.length)for(let i of e.urlParameters){let a=S_(t,i,n),o=B_(i);a=e.serializer.serialize(i.mapper,a,o),i.skipEncoding||(a=encodeURIComponent(a)),r.set(`{${i.mapper.serializedName||o}}`,a)}return r}function rv(e){return e.includes(`://`)}function iv(e,t){if(!t)return e;let n=new URL(e),r=n.pathname;r.endsWith(`/`)||(r=`${r}/`),t.startsWith(`/`)&&(t=t.substring(1));let i=t.indexOf(`?`);if(i!==-1){let e=t.substring(0,i),a=t.substring(i+1);r+=e,a&&(n.search=n.search?`${n.search}&${a}`:a)}else r+=t;return n.pathname=r,n.toString()}function av(e,t,n){let r=new Map,i=new Set;if(e.queryParameters?.length)for(let a of e.queryParameters){a.mapper.type.name===`Sequence`&&a.mapper.serializedName&&i.add(a.mapper.serializedName);let o=S_(t,a,n);if(o!=null||a.mapper.required){o=e.serializer.serialize(a.mapper,o,B_(a));let t=a.collectionFormat?cv[a.collectionFormat]:``;if(Array.isArray(o)&&(o=o.map(e=>e??``)),a.collectionFormat===`Multi`&&o.length===0)continue;Array.isArray(o)&&(a.collectionFormat===`SSV`||a.collectionFormat===`TSV`)&&(o=o.join(t)),a.skipEncoding||(o=Array.isArray(o)?o.map(e=>encodeURIComponent(e)):encodeURIComponent(o)),Array.isArray(o)&&(a.collectionFormat===`CSV`||a.collectionFormat===`Pipes`)&&(o=o.join(t)),r.set(a.mapper.serializedName||B_(a),o)}}return{queryParams:r,sequenceParams:i}}function ov(e){let t=new Map;if(!e||e[0]!==`?`)return t;e=e.slice(1);let n=e.split(`&`);for(let e of n){let[n,r]=e.split(`=`,2),i=t.get(n);i?Array.isArray(i)?i.push(r):t.set(n,[i,r]):t.set(n,r)}return t}function sv(e,t,n,r=!1){if(t.size===0)return e;let i=new URL(e),a=ov(i.search);for(let[e,i]of t){let t=a.get(e);if(Array.isArray(t))if(Array.isArray(i)){t.push(...i);let n=new Set(t);a.set(e,Array.from(n))}else t.push(i);else t?(Array.isArray(i)?i.unshift(t):n.has(e)&&a.set(e,[t,i]),r||a.set(e,i)):a.set(e,i)}let o=[];for(let[e,t]of a)if(typeof t==`string`)o.push(`${e}=${t}`);else if(Array.isArray(t))for(let n of t)o.push(`${e}=${n}`);else o.push(`${e}=${t}`);return i.search=o.length?`?${o.join(`&`)}`:``,i.toString()}var cv,lv=t((()=>{D_(),V_(),cv={CSV:`,`,SSV:` `,Multi:`Multi`,TSV:`	`,Pipes:`|`}})),uv,dv=t((()=>{yt(),uv=_t(`core-client`)}));function fv(e){let t=pv(e),n=e.credential&&t?{credentialScopes:t,credential:e.credential}:void 0;return Y_({...e,credentialOptions:n})}function pv(e){if(e.credentialScopes)return e.credentialScopes;if(e.endpoint)return`${e.endpoint}/.default`;if(e.baseUri)return`${e.baseUri}/.default`;if(e.credential&&!e.credentialScopes)throw Error(`When using credentials, the ServiceClientOptions must contain either a endpoint or a credentialScopes. Unable to create a bearerTokenAuthenticationPolicy`)}var mv,hv=t((()=>{__(),X_(),Cp(),$_(),D_(),lv(),V_(),dv(),i(),mv=class{constructor(e={}){if(a(this,`_endpoint`,void 0),a(this,`_requestContentType`,void 0),a(this,`_allowInsecureConnection`,void 0),a(this,`_httpClient`,void 0),a(this,`pipeline`,void 0),this._requestContentType=e.requestContentType,this._endpoint=e.endpoint??e.baseUri,e.baseUri&&uv.warning(`The baseUri option for SDK Clients has been deprecated, please use endpoint instead.`),this._allowInsecureConnection=e.allowInsecureConnection,this._httpClient=e.httpClient||Z_(),this.pipeline=e.pipeline||fv(e),e.additionalPolicies?.length)for(let{policy:t,position:n}of e.additionalPolicies){let e=n===`perRetry`?`Sign`:void 0;this.pipeline.addPolicy(t,{afterPhase:e})}}async sendRequest(e){return this.pipeline.sendRequest(this._httpClient,e)}async sendOperationRequest(e,t){let n=t.baseUrl||this._endpoint;if(!n)throw Error(`If operationSpec.baseUrl is not specified, then the ServiceClient must have a endpoint string property that contains the base URL to use.`);let r=$g({url:ev(n,t,e,this)});r.method=t.httpMethod;let i=T_(r);i.operationSpec=t,i.operationArguments=e;let a=t.contentType||this._requestContentType;a&&t.requestBody&&r.headers.set(`Content-Type`,a);let o=e.options;if(o){let e=o.requestOptions;e&&(e.timeout&&(r.timeout=e.timeout),e.onUploadProgress&&(r.onUploadProgress=e.onUploadProgress),e.onDownloadProgress&&(r.onDownloadProgress=e.onDownloadProgress),e.shouldDeserialize!==void 0&&(i.shouldDeserialize=e.shouldDeserialize),e.allowInsecureConnection&&(r.allowInsecureConnection=!0)),o.abortSignal&&(r.abortSignal=o.abortSignal),o.tracingOptions&&(r.tracingOptions=o.tracingOptions)}this._allowInsecureConnection&&(r.allowInsecureConnection=!0),r.streamResponseStatusCodes===void 0&&(r.streamResponseStatusCodes=z_(t));try{let e=await this.sendRequest(r),n=Sp(e,t.responses[e.status]);return o?.onResponse&&o.onResponse(e,n),n}catch(e){if(typeof e==`object`&&e?.response){let n=e.response,r=Sp(n,t.responses[e.statusCode]||t.responses.default);e.details=r,o?.onResponse&&o.onResponse(n,r,e)}throw e}}}})),gv=t((()=>{Tp(),hv(),X_(),yp(),R_(),J_(),dv()}));function _v(e){return e===`adfs`?`oauth2/token`:`oauth2/v2.0/token`}var vv=t((()=>{}));function yv(e){let t=``;if(Array.isArray(e)){if(e.length!==1)return;t=e[0]}else typeof e==`string`&&(t=e);return t.endsWith(Sv)?t.substr(0,t.lastIndexOf(Sv)):t}function bv(e){if(typeof e.expires_on==`number`)return e.expires_on*1e3;if(typeof e.expires_on==`string`){let t=+e.expires_on;if(!isNaN(t))return t*1e3;let n=Date.parse(e.expires_on);if(!isNaN(n))return n}if(typeof e.expires_in==`number`)return Date.now()+e.expires_in*1e3;throw Error(`Failed to parse token expiration from body. expires_in="${e.expires_in}", expires_on="${e.expires_on}"`)}function xv(e){if(e.refresh_on){if(typeof e.refresh_on==`number`)return e.refresh_on*1e3;if(typeof e.refresh_on==`string`){let t=+e.refresh_on;if(!isNaN(t))return t*1e3;let n=Date.parse(e.refresh_on);if(!isNaN(n))return n}throw Error(`Failed to parse refresh_on from body. refresh_on="${e.refresh_on}"`)}else return}var Sv,Cv,wv=t((()=>{Sv=`/.default`,Cv="Specifying a `clientId` or `resourceId` is not supported by the Service Fabric managed identity environment. The managed identity configuration is determined by the Service Fabric cluster resource configuration. See https://aka.ms/servicefabricmi for more information"}));function Tv(e){let t=e?.authorityHost;return np&&(t=t??process.env.AZURE_AUTHORITY_HOST),t??xe}var Ev,Dv,Ov=t((()=>{gv(),ip(),__(),y(),vv(),we(),w(),S(),wv(),i(),Ev=`noCorrelationId`,Dv=class extends mv{constructor(e){let t=`azsdk-js-identity/${ve}`,n=e?.userAgentOptions?.userAgentPrefix?`${e.userAgentOptions.userAgentPrefix} ${t}`:`${t}`,r=Tv(e);if(!r.startsWith(`https:`))throw Error(`The authorityHost address must use the 'https' protocol.`);super({requestContentType:`application/json; charset=utf-8`,retryOptions:{maxRetries:3},...e,userAgentOptions:{userAgentPrefix:n},baseUri:r}),a(this,`authorityHost`,void 0),a(this,`allowLoggingAccountIdentifiers`,void 0),a(this,`abortControllers`,void 0),a(this,`allowInsecureConnection`,!1),a(this,`tokenCredentialOptions`,void 0),this.authorityHost=r,this.abortControllers=new Map,this.allowLoggingAccountIdentifiers=e?.loggingOptions?.allowLoggingAccountIdentifiers,this.tokenCredentialOptions={...e},e?.allowInsecureConnection&&(this.allowInsecureConnection=e.allowInsecureConnection)}async sendTokenRequest(e){Ct.info(`IdentityClient: sending token request to [${e.url}]`);let t=await this.sendRequest(e);if(t.bodyAsText&&(t.status===200||t.status===201)){let n=JSON.parse(t.bodyAsText);if(!n.access_token)return null;this.logIdentifiers(t);let r={accessToken:{token:n.access_token,expiresOnTimestamp:bv(n),refreshAfterTimestamp:xv(n),tokenType:`Bearer`},refreshToken:n.refresh_token};return Ct.info(`IdentityClient: [${e.url}] token acquired, expires on ${r.accessToken.expiresOnTimestamp}`),r}else{let e=new Ve(t.status,t.bodyAsText);throw Ct.warning(`IdentityClient: authentication error. HTTP status: ${t.status}, ${e.errorResponse.errorDescription}`),e}}async refreshAccessToken(e,t,n,r,i,a={}){if(r===void 0)return null;Ct.info(`IdentityClient: refreshing access token with client ID: ${t}, scopes: ${n} started`);let o={grant_type:`refresh_token`,client_id:t,refresh_token:r,scope:n};i!==void 0&&(o.client_secret=i);let s=new URLSearchParams(o);return C.withSpan(`IdentityClient.refreshAccessToken`,a,async n=>{try{let r=_v(e),i=$g({url:`${this.authorityHost}/${e}/${r}`,method:`POST`,body:s.toString(),abortSignal:a.abortSignal,headers:Zg({Accept:`application/json`,"Content-Type":`application/x-www-form-urlencoded`}),tracingOptions:n.tracingOptions}),o=await this.sendTokenRequest(i);return Ct.info(`IdentityClient: refreshed token for client ID: ${t}`),o}catch(e){if(e.name===`AuthenticationError`&&e.errorResponse.error===`interaction_required`)return Ct.info(`IdentityClient: interaction required for client ID: ${t}`),null;throw Ct.warning(`IdentityClient: failed refreshing token for client ID: ${t}: ${e}`),e}})}generateAbortSignal(e){let t=new AbortController,n=this.abortControllers.get(e)||[];n.push(t),this.abortControllers.set(e,n);let r=t.signal.onabort;return t.signal.onabort=(...n)=>{this.abortControllers.set(e,void 0),r&&r.apply(t.signal,n)},t.signal}abortRequests(e){let t=e||Ev,n=[...this.abortControllers.get(t)||[],...this.abortControllers.get(Ev)||[]];if(n.length){for(let e of n)e.abort();this.abortControllers.set(t,void 0)}}getCorrelationId(e){let t=e?.body?.split(`&`).map(e=>e.split(`=`)).find(([e])=>e===`client-request-id`);return t&&t.length&&t[1]||Ev}async sendGetRequestAsync(e,t){let n=$g({url:e,method:`GET`,body:t?.body,allowInsecureConnection:this.allowInsecureConnection,headers:Zg(t?.headers),abortSignal:this.generateAbortSignal(Ev)}),r=await this.sendRequest(n);return this.logIdentifiers(r),{body:r.bodyAsText?JSON.parse(r.bodyAsText):void 0,headers:r.headers.toJSON(),status:r.status}}async sendPostRequestAsync(e,t){let n=$g({url:e,method:`POST`,body:t?.body,headers:Zg(t?.headers),allowInsecureConnection:this.allowInsecureConnection,abortSignal:this.generateAbortSignal(this.getCorrelationId(t))}),r=await this.sendRequest(n);return this.logIdentifiers(r),{body:r.bodyAsText?JSON.parse(r.bodyAsText):void 0,headers:r.headers.toJSON(),status:r.status}}getTokenCredentialOptions(){return this.tokenCredentialOptions}logIdentifiers(e){if(!(!this.allowLoggingAccountIdentifiers||!e.bodyAsText))try{let t=(e.parsedBody||JSON.parse(e.bodyAsText)).access_token;if(!t)return;let n=t.split(`.`)[1],{appid:r,upn:i,tid:a,oid:o}=JSON.parse(Buffer.from(n,`base64`).toString(`utf8`));Ct.info(`[Authenticated account] Client ID: ${r}. Tenant ID: ${a}. User Principal Name: ${i||`No User Principal Name available`}. Object ID (user): ${o}`)}catch(e){Ct.warning(`allowLoggingAccountIdentifiers was set, but we couldn't log the account information. Error:`,e.message)}}}}));function kv(e){let t=e;return t===void 0&&globalThis.process?.env?.AZURE_REGIONAL_AUTHORITY_NAME!==void 0&&(t=process.env.AZURE_REGIONAL_AUTHORITY_NAME),t===Av.AutoDiscoverRegion?`AUTO_DISCOVER`:t}var Av,jv=t((()=>{(function(e){e.AutoDiscoverRegion=`AutoDiscoverRegion`,e.USWest=`westus`,e.USWest2=`westus2`,e.USCentral=`centralus`,e.USEast=`eastus`,e.USEast2=`eastus2`,e.USNorthCentral=`northcentralus`,e.USSouthCentral=`southcentralus`,e.USWestCentral=`westcentralus`,e.CanadaCentral=`canadacentral`,e.CanadaEast=`canadaeast`,e.BrazilSouth=`brazilsouth`,e.EuropeNorth=`northeurope`,e.EuropeWest=`westeurope`,e.UKSouth=`uksouth`,e.UKWest=`ukwest`,e.FranceCentral=`francecentral`,e.FranceSouth=`francesouth`,e.SwitzerlandNorth=`switzerlandnorth`,e.SwitzerlandWest=`switzerlandwest`,e.GermanyNorth=`germanynorth`,e.GermanyWestCentral=`germanywestcentral`,e.NorwayWest=`norwaywest`,e.NorwayEast=`norwayeast`,e.AsiaEast=`eastasia`,e.AsiaSouthEast=`southeastasia`,e.JapanEast=`japaneast`,e.JapanWest=`japanwest`,e.AustraliaEast=`australiaeast`,e.AustraliaSouthEast=`australiasoutheast`,e.AustraliaCentral=`australiacentral`,e.AustraliaCentral2=`australiacentral2`,e.IndiaCentral=`centralindia`,e.IndiaSouth=`southindia`,e.IndiaWest=`westindia`,e.KoreaSouth=`koreasouth`,e.KoreaCentral=`koreacentral`,e.UAECentral=`uaecentral`,e.UAENorth=`uaenorth`,e.SouthAfricaNorth=`southafricanorth`,e.SouthAfricaWest=`southafricawest`,e.ChinaNorth=`chinanorth`,e.ChinaEast=`chinaeast`,e.ChinaNorth2=`chinanorth2`,e.ChinaEast2=`chinaeast2`,e.GermanyCentral=`germanycentral`,e.GermanyNorthEast=`germanynortheast`,e.GovernmentUSVirginia=`usgovvirginia`,e.GovernmentUSIowa=`usgoviowa`,e.GovernmentUSArizona=`usgovarizona`,e.GovernmentUSTexas=`usgovtexas`,e.GovernmentUSDodEast=`usdodeast`,e.GovernmentUSDodCentral=`usdodcentral`})(Av||(Av={}))}));function Mv(e){return`The current credential is not configured to acquire tokens for tenant ${e}. To enable acquiring tokens for this tenant add it to the AdditionallyAllowedTenants on the credential options, or add "*" to AdditionallyAllowedTenants to allow acquiring tokens for any tenant.`}function Nv(e,t,n=[],r){let i;if(i=process.env.AZURE_IDENTITY_DISABLE_MULTITENANTAUTH||e===`adfs`?e:t?.tenantId??e,e&&i!==e&&!n.includes(`*`)&&!n.some(e=>e.localeCompare(i)===0)){let e=Mv(i);throw r?.info(e),new v(e)}return i}var Pv=t((()=>{y()}));function Fv(e,t){if(!t.match(/^[0-9a-zA-Z-.]+$/)){let t=Error(`Invalid tenant id provided. You can locate your tenant id by following the instructions listed here: https://learn.microsoft.com/partner-center/find-ids-and-domain-names.`);throw e.info(b(``,t)),t}}function Iv(e,t,n){return t?(Fv(e,t),t):(n||(n=ye),n===`04b07795-8ddb-461a-bbee-02f9e1bf7b46`?`organizations`:`common`)}function Lv(e){return!e||e.length===0?[]:e.includes(`*`)?Se:e}var Rv=t((()=>{we(),S(),Pv()}));function zv(e,t,n={}){let r=Iv(n.logger??Z,t,e),i=cp(r,sp(n)),a=new Dv({...n.tokenCredentialOptions,authorityHost:i,loggingOptions:n.loggingOptions});return{auth:{clientId:e,authority:i,knownAuthorities:lp(r,i,n.disableInstanceDiscovery)},system:{networkClient:a,loggerOptions:{loggerCallback:_p(n.logger??Z),logLevel:up(gt()),piiLoggingEnabled:n.loggingOptions?.enableUnsafeSupportLogging}}}}function Bv(e,t,n={}){let r={msalConfig:zv(e,t,n),cachedAccount:n.authenticationRecord?fp(n.authenticationRecord):null,pluginConfiguration:Pe.generatePluginConfiguration(n),logger:n.logger??Z},i=new Map;async function a(e={}){let t=e.enableCae?`CAE`:`default`,n=i.get(t);if(n)return r.logger.getToken.info(`Existing PublicClientApplication found in cache, returning it.`),n;r.logger.getToken.info(`Creating new PublicClientApplication with CAE ${e.enableCae?`enabled`:`disabled`}.`);let a=e.enableCae?r.pluginConfiguration.cache.cachePluginCae:r.pluginConfiguration.cache.cachePlugin;return r.msalConfig.auth.clientCapabilities=e.enableCae?[`cp1`]:void 0,n=new pd({...r.msalConfig,broker:{nativeBrokerPlugin:r.pluginConfiguration.broker.nativeBrokerPlugin},cache:{cachePlugin:await a}}),i.set(t,n),n}let o=new Map;async function s(e={}){let t=e.enableCae?`CAE`:`default`,n=o.get(t);if(n)return r.logger.getToken.info(`Existing ConfidentialClientApplication found in cache, returning it.`),n;r.logger.getToken.info(`Creating new ConfidentialClientApplication with CAE ${e.enableCae?`enabled`:`disabled`}.`);let i=e.enableCae?r.pluginConfiguration.cache.cachePluginCae:r.pluginConfiguration.cache.cachePlugin;return r.msalConfig.auth.clientCapabilities=e.enableCae?[`cp1`]:void 0,n=new yd({...r.msalConfig,broker:{nativeBrokerPlugin:r.pluginConfiguration.broker.nativeBrokerPlugin},cache:{cachePlugin:await i}}),o.set(t,n),n}async function c(e,t,n={}){if(r.cachedAccount===null)throw r.logger.getToken.info(`No cached account found in local state.`),new We({scopes:t});n.claims&&(r.cachedClaims=n.claims);let i={account:r.cachedAccount,scopes:t,claims:r.cachedClaims};r.pluginConfiguration.broker.isEnabled&&(i.extraQueryParameters||(i.extraQueryParameters={}),r.pluginConfiguration.broker.enableMsaPassthrough&&(i.extraQueryParameters.msal_request_type=`consumer_passthrough`)),n.proofOfPossessionOptions&&(i.shrNonce=n.proofOfPossessionOptions.nonce,i.authenticationScheme=`pop`,i.resourceRequestMethod=n.proofOfPossessionOptions.resourceRequestMethod,i.resourceRequestUri=n.proofOfPossessionOptions.resourceRequestUrl),r.logger.getToken.info(`Attempting to acquire token silently`);try{return await e.acquireTokenSilent(i)}catch(e){throw dp(t,e,n)}}function l(e){return e?.tenantId?cp(e.tenantId,sp(n)):r.msalConfig.auth.authority}async function u(e,t,n,i){let a=null;try{a=await c(e,t,n)}catch(e){if(e.name!==`AuthenticationRequiredError`)throw e;if(n.disableAutomaticAuthentication)throw new We({scopes:t,getTokenOptions:n,message:`Automatic authentication has been disabled. You may call the authentication() method.`})}if(a===null)try{a=await i()}catch(e){throw dp(t,e,n)}return op(t,a,n),r.cachedAccount=a?.account??null,r.logger.getToken.info(xt(t)),{token:a.accessToken,expiresOnTimestamp:a.expiresOn.getTime(),refreshAfterTimestamp:a.refreshOn?.getTime(),tokenType:a.tokenType}}async function d(e,t,n={}){r.logger.getToken.info(`Attempting to acquire token using client secret`),r.msalConfig.auth.clientSecret=t;let i=await s(n);try{let t=await i.acquireTokenByClientCredential({scopes:e,authority:l(n),azureRegion:kv(),claims:n?.claims});return op(e,t,n),r.logger.getToken.info(xt(e)),{token:t.accessToken,expiresOnTimestamp:t.expiresOn.getTime(),refreshAfterTimestamp:t.refreshOn?.getTime(),tokenType:t.tokenType}}catch(t){throw dp(e,t,n)}}async function f(e,t,n={}){r.logger.getToken.info(`Attempting to acquire token using client assertion`),r.msalConfig.auth.clientAssertion=t;let i=await s(n);try{let a=await i.acquireTokenByClientCredential({scopes:e,authority:l(n),azureRegion:kv(),claims:n?.claims,clientAssertion:t});return op(e,a,n),r.logger.getToken.info(xt(e)),{token:a.accessToken,expiresOnTimestamp:a.expiresOn.getTime(),refreshAfterTimestamp:a.refreshOn?.getTime(),tokenType:a.tokenType}}catch(t){throw dp(e,t,n)}}async function p(e,t,n={}){r.logger.getToken.info(`Attempting to acquire token using client certificate`),r.msalConfig.auth.clientCertificate=t;let i=await s(n);try{let t=await i.acquireTokenByClientCredential({scopes:e,authority:l(n),azureRegion:kv(),claims:n?.claims});return op(e,t,n),r.logger.getToken.info(xt(e)),{token:t.accessToken,expiresOnTimestamp:t.expiresOn.getTime(),refreshAfterTimestamp:t.refreshOn?.getTime(),tokenType:t.tokenType}}catch(t){throw dp(e,t,n)}}async function m(e,t,n={}){r.logger.getToken.info(`Attempting to acquire token using device code`);let i=await a(n);return u(i,e,n,()=>{let r={scopes:e,cancel:n?.abortSignal?.aborted??!1,deviceCodeCallback:t,authority:l(n),claims:n?.claims},a=i.acquireTokenByDeviceCode(r);return n.abortSignal&&n.abortSignal.addEventListener(`abort`,()=>{r.cancel=!0}),a})}async function h(e,t,n,i={}){r.logger.getToken.info(`Attempting to acquire token using username and password`);let o=await a(i);return u(o,e,i,()=>{let r={scopes:e,username:t,password:n,authority:l(i),claims:i?.claims};return o.acquireTokenByUsernamePassword(r)})}function ee(){if(r.cachedAccount)return pp(e,r.cachedAccount)}async function g(e,t,n,i,o={}){r.logger.getToken.info(`Attempting to acquire token using authorization code`);let c;return i?(r.msalConfig.auth.clientSecret=i,c=await s(o)):c=await a(o),u(c,e,o,()=>c.acquireTokenByCode({scopes:e,redirectUri:t,code:n,authority:l(o),claims:o?.claims}))}async function te(e,t,n,i={}){Z.getToken.info(`Attempting to acquire token on behalf of another user`),typeof n==`string`?(Z.getToken.info(`Using client secret for on behalf of flow`),r.msalConfig.auth.clientSecret=n):typeof n==`function`?(Z.getToken.info(`Using client assertion callback for on behalf of flow`),r.msalConfig.auth.clientAssertion=n):(Z.getToken.info(`Using client certificate for on behalf of flow`),r.msalConfig.auth.clientCertificate=n);let a=await s(i);try{let n=await a.acquireTokenOnBehalfOf({scopes:e,authority:l(i),claims:i.claims,oboAssertion:t});return op(e,n,i),Z.getToken.info(xt(e)),{token:n.accessToken,expiresOnTimestamp:n.expiresOn.getTime(),refreshAfterTimestamp:n.refreshOn?.getTime(),tokenType:n.tokenType}}catch(t){throw dp(e,t,i)}}function ne(e,t){return{openBrowser:async e=>{await(await import(`./open-CDditBQ-.js`)).default(e,{newInstance:!0})},scopes:e,authority:l(t),claims:t?.claims,loginHint:t?.loginHint,errorTemplate:t?.browserCustomizationOptions?.errorMessage,successTemplate:t?.browserCustomizationOptions?.successMessage,prompt:t?.loginHint?`login`:`select_account`}}async function re(e,t,n={}){Z.verbose(`Authentication will resume through the broker`);let i=await a(n),o=ne(e,n);r.pluginConfiguration.broker.parentWindowHandle?o.windowHandle=Buffer.from(r.pluginConfiguration.broker.parentWindowHandle):Z.warning(`Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.`),r.pluginConfiguration.broker.enableMsaPassthrough&&((o.extraQueryParameters??(o.extraQueryParameters={})).msal_request_type=`consumer_passthrough`),t?(o.prompt=`none`,Z.verbose(`Attempting broker authentication using the default broker account`)):Z.verbose(`Attempting broker authentication without the default broker account`),n.proofOfPossessionOptions&&(o.shrNonce=n.proofOfPossessionOptions.nonce,o.authenticationScheme=`pop`,o.resourceRequestMethod=n.proofOfPossessionOptions.resourceRequestMethod,o.resourceRequestUri=n.proofOfPossessionOptions.resourceRequestUrl);try{return await i.acquireTokenInteractive(o)}catch(r){if(Z.verbose(`Failed to authenticate through the broker: ${r.message}`),n.disableAutomaticAuthentication)throw new We({scopes:e,getTokenOptions:n,message:`Cannot silently authenticate with default broker account.`});if(t)return re(e,!1,n);throw r}}async function ie(e,t,n={}){Z.getToken.info(`Attempting to acquire token using brokered authentication with useDefaultBrokerAccount: ${t}`);let i=await re(e,t,n);return op(e,i,n),r.cachedAccount=i?.account??null,r.logger.getToken.info(xt(e)),{token:i.accessToken,expiresOnTimestamp:i.expiresOn.getTime(),refreshAfterTimestamp:i.refreshOn?.getTime(),tokenType:i.tokenType}}async function ae(e,t={}){Z.getToken.info(`Attempting to acquire token interactively`);let n=await a(t);return u(n,e,t,async()=>{let i=ne(e,t);return r.pluginConfiguration.broker.isEnabled?re(e,r.pluginConfiguration.broker.useDefaultBrokerAccount??!1,t):(t.proofOfPossessionOptions&&(i.shrNonce=t.proofOfPossessionOptions.nonce,i.authenticationScheme=`pop`,i.resourceRequestMethod=t.proofOfPossessionOptions.resourceRequestMethod,i.resourceRequestUri=t.proofOfPossessionOptions.resourceRequestUrl),n.acquireTokenInteractive(i))})}return{getActiveAccount:ee,getBrokeredToken:ie,getTokenByClientSecret:d,getTokenByClientAssertion:f,getTokenByClientCertificate:p,getTokenByDeviceCode:m,getTokenByUsernamePassword:h,getTokenByAuthorizationCode:g,getTokenOnBehalfOf:te,getTokenByInteractiveRequest:ae}}var Z,Vv=t((()=>{Cf(),S(),Fe(),vp(),y(),Ov(),jv(),yt(),Rv(),Z=x(`MsalClient`)}));async function Hv(e,t){let n=e.certificate,r=e.certificatePath,i=n||await he(r,`utf8`),a=t?i:void 0,o=/(-+BEGIN CERTIFICATE-+)(\n\r?|\r\n?)([A-Za-z0-9+/\n\r]+=*)(\n\r?|\r\n?)(-+END CERTIFICATE-+)/g,s=[],c;do c=o.exec(i),c&&s.push(c[3]);while(c);if(s.length===0)throw Error(`The file at the specified path does not contain a PEM-encoded certificate.`);let l=ce(`sha1`).update(Buffer.from(s[0],`base64`)).digest(`hex`).toUpperCase();return{certificateContents:i,thumbprintSha256:ce(`sha256`).update(Buffer.from(s[0],`base64`)).digest(`hex`).toUpperCase(),thumbprint:l,x5c:a}}var Uv,Wv,Gv,Kv=t((()=>{Vv(),Rv(),S(),w(),i(),Uv=`ClientCertificateCredential`,Wv=x(Uv),Gv=class{constructor(e,t,n,r={}){if(a(this,`tenantId`,void 0),a(this,`additionallyAllowedTenantIds`,void 0),a(this,`certificateConfiguration`,void 0),a(this,`sendCertificateChain`,void 0),a(this,`msalClient`,void 0),!e||!t)throw Error(`${Uv}: tenantId and clientId are required parameters.`);this.tenantId=e,this.additionallyAllowedTenantIds=Lv(r?.additionallyAllowedTenants),this.sendCertificateChain=r.sendCertificateChain,this.certificateConfiguration={...typeof n==`string`?{certificatePath:n}:n};let i=this.certificateConfiguration.certificate,o=this.certificateConfiguration.certificatePath;if(!this.certificateConfiguration||!(i||o))throw Error(`${Uv}: Provide either a PEM certificate in string form, or the path to that certificate in the filesystem. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);if(i&&o)throw Error(`${Uv}: To avoid unexpected behaviors, providing both the contents of a PEM certificate and the path to a PEM certificate is forbidden. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);this.msalClient=Bv(t,e,{...r,logger:Wv,tokenCredentialOptions:r})}async getToken(e,t={}){return C.withSpan(`${Uv}.getToken`,t,async t=>{t.tenantId=Nv(this.tenantId,t,this.additionallyAllowedTenantIds,Wv);let n=Array.isArray(e)?e:[e],r=await this.buildClientCertificate();return this.msalClient.getTokenByClientCertificate(n,r,t)})}async buildClientCertificate(){let e=await Hv(this.certificateConfiguration,this.sendCertificateChain??!1),t;return t=this.certificateConfiguration.certificatePassword===void 0?e.certificateContents:le({key:e.certificateContents,passphrase:this.certificateConfiguration.certificatePassword,format:`pem`}).export({format:`pem`,type:`pkcs8`}).toString(),{thumbprint:e.thumbprint,thumbprintSha256:e.thumbprintSha256,privateKey:t,x5c:e.x5c}}}}));function qv(e){return Array.isArray(e)?e:[e]}function Jv(e,t){if(!e.match(/^[0-9a-zA-Z-_.:/]+$/)){let n=Error(`Invalid scope was specified by the user or calling client`);throw t.getToken.info(b(e,n)),n}}function Yv(e){return e.replace(/\/.default$/,``)}var Xv=t((()=>{S()})),Zv,Qv,$v=t((()=>{Vv(),Rv(),y(),S(),Xv(),w(),i(),Zv=x(`ClientSecretCredential`),Qv=class{constructor(e,t,n,r={}){if(a(this,`tenantId`,void 0),a(this,`additionallyAllowedTenantIds`,void 0),a(this,`msalClient`,void 0),a(this,`clientSecret`,void 0),!e)throw new v(`ClientSecretCredential: tenantId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);if(!t)throw new v(`ClientSecretCredential: clientId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);if(!n)throw new v(`ClientSecretCredential: clientSecret is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/serviceprincipalauthentication/troubleshoot.`);this.clientSecret=n,this.tenantId=e,this.additionallyAllowedTenantIds=Lv(r?.additionallyAllowedTenants),this.msalClient=Bv(t,e,{...r,logger:Zv,tokenCredentialOptions:r})}async getToken(e,t={}){return C.withSpan(`${this.constructor.name}.getToken`,t,async t=>{t.tenantId=Nv(this.tenantId,t,this.additionallyAllowedTenantIds,Zv);let n=qv(e);return this.msalClient.getTokenByClientSecret(n,this.clientSecret,t)})}}})),ey,ty,ny=t((()=>{Vv(),Rv(),y(),S(),Xv(),w(),i(),ey=x(`UsernamePasswordCredential`),ty=class{constructor(e,t,n,r,i={}){if(a(this,`tenantId`,void 0),a(this,`additionallyAllowedTenantIds`,void 0),a(this,`msalClient`,void 0),a(this,`username`,void 0),a(this,`password`,void 0),!e)throw new v(`UsernamePasswordCredential: tenantId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.`);if(!t)throw new v(`UsernamePasswordCredential: clientId is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.`);if(!n)throw new v(`UsernamePasswordCredential: username is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.`);if(!r)throw new v(`UsernamePasswordCredential: password is a required parameter. To troubleshoot, visit https://aka.ms/azsdk/js/identity/usernamepasswordcredential/troubleshoot.`);this.tenantId=e,this.additionallyAllowedTenantIds=Lv(i?.additionallyAllowedTenants),this.username=n,this.password=r,this.msalClient=Bv(t,this.tenantId,{...i,tokenCredentialOptions:i??{}})}async getToken(e,t={}){return C.withSpan(`${this.constructor.name}.getToken`,t,async t=>{t.tenantId=Nv(this.tenantId,t,this.additionallyAllowedTenantIds,ey);let n=qv(e);return this.msalClient.getTokenByUsernamePassword(n,this.username,this.password,t)})}}}));function ry(){return(process.env.AZURE_ADDITIONALLY_ALLOWED_TENANTS??``).split(`;`)}function iy(){let e=(process.env.AZURE_CLIENT_SEND_CERTIFICATE_CHAIN??``).toLowerCase(),t=e===`true`||e===`1`;return sy.verbose(`AZURE_CLIENT_SEND_CERTIFICATE_CHAIN: ${process.env.AZURE_CLIENT_SEND_CERTIFICATE_CHAIN}; sendCertificateChain: ${t}`),t}var ay,oy,sy,cy,ly=t((()=>{y(),S(),Kv(),$v(),ny(),Rv(),w(),i(),ay=[`AZURE_TENANT_ID`,`AZURE_CLIENT_ID`,`AZURE_CLIENT_SECRET`,`AZURE_CLIENT_CERTIFICATE_PATH`,`AZURE_CLIENT_CERTIFICATE_PASSWORD`,`AZURE_USERNAME`,`AZURE_PASSWORD`,`AZURE_ADDITIONALLY_ALLOWED_TENANTS`,`AZURE_CLIENT_SEND_CERTIFICATE_CHAIN`],oy=`EnvironmentCredential`,sy=x(oy),cy=class{constructor(e){a(this,`_credential`,void 0);let t=bt(ay).assigned.join(`, `);sy.info(`Found the following environment variables: ${t}`);let n=process.env.AZURE_TENANT_ID,r=process.env.AZURE_CLIENT_ID,i=process.env.AZURE_CLIENT_SECRET,o=ry(),s=iy(),c={...e,additionallyAllowedTenantIds:o,sendCertificateChain:s};if(n&&Fv(sy,n),n&&r&&i){sy.info(`Invoking ClientSecretCredential with tenant ID: ${n}, clientId: ${r} and clientSecret: [REDACTED]`),this._credential=new Qv(n,r,i,c);return}let l=process.env.AZURE_CLIENT_CERTIFICATE_PATH,u=process.env.AZURE_CLIENT_CERTIFICATE_PASSWORD;if(n&&r&&l){sy.info(`Invoking ClientCertificateCredential with tenant ID: ${n}, clientId: ${r} and certificatePath: ${l}`),this._credential=new Gv(n,r,{certificatePath:l,certificatePassword:u},c);return}let d=process.env.AZURE_USERNAME,f=process.env.AZURE_PASSWORD;n&&r&&d&&f&&(sy.info(`Invoking UsernamePasswordCredential with tenant ID: ${n}, clientId: ${r} and username: ${d}`),sy.warning(`Environment is configured to use username and password authentication. This authentication method is deprecated, as it doesn't support multifactor authentication (MFA). Use a more secure credential. For more details, see https://aka.ms/azsdk/identity/mfa.`),this._credential=new ty(n,r,d,f,c))}async getToken(e,t={}){return C.withSpan(`${oy}.getToken`,t,async t=>{if(this._credential)try{let n=await this._credential.getToken(e,t);return sy.getToken.info(xt(e)),n}catch(t){let n=new Ve(400,{error:`${oy} authentication failed. To troubleshoot, visit https://aka.ms/azsdk/js/identity/environmentcredential/troubleshoot.`,error_description:t.message.toString().split(`More details:`).join(``)});throw sy.getToken.info(b(e,n)),n}throw new v(`${oy} is unavailable. No underlying credential could be used. To troubleshoot, visit https://aka.ms/azsdk/js/identity/environmentcredential/troubleshoot.`)})}}}));function uy(e){return t_([{name:`imdsRetryPolicy`,retry:({retryCount:t,response:n})=>n?.status!==404&&n?.status!==410?{skipStrategy:!0}:ep(t,{retryDelayInMs:n?.status===410?Math.max(fy,e.startDelayInMs):e.startDelayInMs,maxRetryDelayInMs:dy})}],{maxRetries:e.maxRetries})}var dy,fy,py=t((()=>{__(),ip(),dy=1e3*64,fy=3e3}));function my(e){if(!yv(e))throw Error(`${hy}: Multiple scopes are not supported.`);return{url:`${new URL(vy,process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST??_y)}`,method:`GET`,headers:Zg({Accept:`application/json`})}}var hy,gy,_y,vy,yy,by=t((()=>{__(),ip(),S(),wv(),w(),hy=`ManagedIdentityCredential - IMDS`,gy=x(hy),_y=`http://169.254.169.254`,vy=`/metadata/identity/oauth2/token`,yy={name:`imdsMsi`,async isAvailable(e){let{scopes:t,identityClient:n,getTokenOptions:r}=e,i=yv(t);if(!i)return gy.info(`${hy}: Unavailable. Multiple scopes are not supported.`),!1;if(process.env.AZURE_POD_IDENTITY_AUTHORITY_HOST)return!0;if(!n)throw Error(`Missing IdentityClient`);let a=my(i);return C.withSpan(`ManagedIdentityCredential-pingImdsEndpoint`,r??{},async e=>{a.tracingOptions=e.tracingOptions;let t=$g(a);t.timeout=e.requestOptions?.timeout||1e3,t.allowInsecureConnection=!0;let r;try{gy.info(`${hy}: Pinging the Azure IMDS endpoint`),r=await n.sendRequest(t)}catch(e){return tp(e)&&gy.verbose(`${hy}: Caught error ${e.name}: ${e.message}`),gy.info(`${hy}: The Azure IMDS endpoint is unavailable`),!1}return r.status===403&&r.bodyAsText?.includes(`unreachable`)?(gy.info(`${hy}: The Azure IMDS endpoint is unavailable`),gy.info(`${hy}: ${r.bodyAsText}`),!1):(gy.info(`${hy}: The Azure IMDS endpoint is available`),!0)})}}})),xy,Sy,Cy=t((()=>{Vv(),Rv(),y(),S(),w(),i(),xy=x(`ClientAssertionCredential`),Sy=class{constructor(e,t,n,r={}){if(a(this,`msalClient`,void 0),a(this,`tenantId`,void 0),a(this,`additionallyAllowedTenantIds`,void 0),a(this,`getAssertion`,void 0),a(this,`options`,void 0),!e)throw new v(`ClientAssertionCredential: tenantId is a required parameter.`);if(!t)throw new v(`ClientAssertionCredential: clientId is a required parameter.`);if(!n)throw new v(`ClientAssertionCredential: clientAssertion is a required parameter.`);this.tenantId=e,this.additionallyAllowedTenantIds=Lv(r?.additionallyAllowedTenants),this.options=r,this.getAssertion=n,this.msalClient=Bv(t,e,{...r,logger:xy,tokenCredentialOptions:this.options})}async getToken(e,t={}){return C.withSpan(`${this.constructor.name}.getToken`,t,async t=>{t.tenantId=Nv(this.tenantId,t,this.additionallyAllowedTenantIds,xy);let n=Array.isArray(e)?e:[e];return this.msalClient.getTokenByClientAssertion(n,this.getAssertion,t)})}}})),wy,Ty,Ey,Dy,Oy=t((()=>{S(),Cy(),y(),Rv(),i(),wy=`WorkloadIdentityCredential`,Ty=[`AZURE_TENANT_ID`,`AZURE_CLIENT_ID`,`AZURE_FEDERATED_TOKEN_FILE`],Ey=x(wy),Dy=class{constructor(e){a(this,`client`,void 0),a(this,`azureFederatedTokenFileContent`,void 0),a(this,`cacheDate`,void 0),a(this,`federatedTokenFilePath`,void 0);let t=bt(Ty).assigned.join(`, `);Ey.info(`Found the following environment variables: ${t}`);let n=e??{},r=n.tenantId||process.env.AZURE_TENANT_ID,i=n.clientId||process.env.AZURE_CLIENT_ID;if(this.federatedTokenFilePath=n.tokenFilePath||process.env.AZURE_FEDERATED_TOKEN_FILE,r&&Fv(Ey,r),!i)throw new v(`${wy}: is unavailable. clientId is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - "AZURE_CLIENT_ID".
+        See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`);if(!r)throw new v(`${wy}: is unavailable. tenantId is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - "AZURE_TENANT_ID".
+        See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`);if(!this.federatedTokenFilePath)throw new v(`${wy}: is unavailable. federatedTokenFilePath is a required parameter. In DefaultAzureCredential and ManagedIdentityCredential, this can be provided as an environment variable - "AZURE_FEDERATED_TOKEN_FILE".
+        See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`);Ey.info(`Invoking ClientAssertionCredential with tenant ID: ${r}, clientId: ${n.clientId} and federated token path: [REDACTED]`),this.client=new Sy(r,i,this.readFileContents.bind(this),e)}async getToken(e,t){if(!this.client){let e=`${wy}: is unavailable. tenantId, clientId, and federatedTokenFilePath are required parameters. 
+      In DefaultAzureCredential and ManagedIdentityCredential, these can be provided as environment variables - 
+      "AZURE_TENANT_ID",
+      "AZURE_CLIENT_ID",
+      "AZURE_FEDERATED_TOKEN_FILE". See the troubleshooting guide for more information: https://aka.ms/azsdk/js/identity/workloadidentitycredential/troubleshoot`;throw Ey.info(e),new v(e)}return Ey.info(`Invoking getToken() of Client Assertion Credential`),this.client.getToken(e,t)}async readFileContents(){if(this.cacheDate!==void 0&&Date.now()-this.cacheDate>=1e3*60*5&&(this.azureFederatedTokenFileContent=void 0),!this.federatedTokenFilePath)throw new v(`${wy}: is unavailable. Invalid file path provided ${this.federatedTokenFilePath}.`);if(!this.azureFederatedTokenFileContent){let e=(await he(this.federatedTokenFilePath,`utf8`)).trim();if(e)this.azureFederatedTokenFileContent=e,this.cacheDate=Date.now();else throw new v(`${wy}: is unavailable. No content on the file ${this.federatedTokenFilePath}.`)}return this.azureFederatedTokenFileContent}}})),ky,Ay,jy,My=t((()=>{Oy(),S(),ky=`ManagedIdentityCredential - Token Exchange`,Ay=x(ky),jy={name:`tokenExchangeMsi`,async isAvailable(e){let t=process.env,n=!!((e||t.AZURE_CLIENT_ID)&&t.AZURE_TENANT_ID&&process.env.AZURE_FEDERATED_TOKEN_FILE);return n||Ay.info(`${ky}: Unavailable. The environment variables needed are: AZURE_CLIENT_ID (or the client ID sent through the parameters), AZURE_TENANT_ID and AZURE_FEDERATED_TOKEN_FILE`),n},async getToken(e,t={}){let{scopes:n,clientId:r}=e;return new Dy({clientId:r,tenantId:process.env.AZURE_TENANT_ID,tokenFilePath:process.env.AZURE_FEDERATED_TOKEN_FILE,disableInstanceDiscovery:!0}).getToken(n,t)}}}));function Ny(e){return!!(e.errorCode===`network_error`||e.code===`ENETUNREACH`||e.code===`EHOSTUNREACH`||(e.statusCode===403||e.code===403)&&e.message.includes(`unreachable`))}var Q,Py,Fy=t((()=>{yt(),Cf(),Ov(),y(),vp(),py(),S(),w(),by(),My(),wv(),i(),Q=x(`ManagedIdentityCredential`),Py=class{constructor(e,t){a(this,`managedIdentityApp`,void 0),a(this,`identityClient`,void 0),a(this,`clientId`,void 0),a(this,`resourceId`,void 0),a(this,`objectId`,void 0),a(this,`msiRetryConfig`,{maxRetries:5,startDelayInMs:800,intervalIncrement:2}),a(this,`isAvailableIdentityClient`,void 0),a(this,`sendProbeRequest`,void 0);let n;typeof e==`string`?(this.clientId=e,n=t??{}):(this.clientId=e?.clientId,n=e??{}),this.resourceId=n?.resourceId,this.objectId=n?.objectId,this.sendProbeRequest=n?.sendProbeRequest??!1;let r=[{key:`clientId`,value:this.clientId},{key:`resourceId`,value:this.resourceId},{key:`objectId`,value:this.objectId}].filter(e=>e.value);if(r.length>1)throw Error(`ManagedIdentityCredential: only one of 'clientId', 'resourceId', or 'objectId' can be provided. Received values: ${JSON.stringify({clientId:this.clientId,resourceId:this.resourceId,objectId:this.objectId})}`);n.allowInsecureConnection=!0,n.retryOptions?.maxRetries!==void 0&&(this.msiRetryConfig.maxRetries=n.retryOptions.maxRetries),this.identityClient=new Dv({...n,additionalPolicies:[{policy:uy(this.msiRetryConfig),position:`perCall`}]}),this.managedIdentityApp=new xf({managedIdentityIdParams:{userAssignedClientId:this.clientId,userAssignedResourceId:this.resourceId,userAssignedObjectId:this.objectId},system:{disableInternalRetries:!0,networkClient:this.identityClient,loggerOptions:{logLevel:up(gt()),piiLoggingEnabled:n.loggingOptions?.enableUnsafeSupportLogging,loggerCallback:_p(Q)}}}),this.isAvailableIdentityClient=new Dv({...n,retryOptions:{maxRetries:0}});let i=this.managedIdentityApp.getManagedIdentitySource();if(i===`CloudShell`&&(this.clientId||this.resourceId||this.objectId))throw Q.warning(`CloudShell MSI detected with user-provided IDs - throwing. Received values: ${JSON.stringify({clientId:this.clientId,resourceId:this.resourceId,objectId:this.objectId})}.`),new v(`ManagedIdentityCredential: Specifying a user-assigned managed identity is not supported for CloudShell at runtime. When using Managed Identity in CloudShell, omit the clientId, resourceId, and objectId parameters.`);if(i===`ServiceFabric`&&(this.clientId||this.resourceId||this.objectId))throw Q.warning(`Service Fabric detected with user-provided IDs - throwing. Received values: ${JSON.stringify({clientId:this.clientId,resourceId:this.resourceId,objectId:this.objectId})}.`),new v(`ManagedIdentityCredential: ${Cv}`);if(Q.info(`Using ${i} managed identity.`),r.length===1){let{key:e,value:t}=r[0];Q.info(`${i} with ${e}: ${t}`)}}async getToken(e,t={}){Q.getToken.info(`Using the MSAL provider for Managed Identity.`);let n=yv(e);if(!n)throw new v(`ManagedIdentityCredential: Multiple scopes are not supported. Scopes: ${JSON.stringify(e)}`);return C.withSpan(`ManagedIdentityCredential.getToken`,t,async()=>{try{let r=await jy.isAvailable(this.clientId),i=this.managedIdentityApp.getManagedIdentitySource(),a=i===`DefaultToImds`||i===`Imds`;if(Q.getToken.info(`MSAL Identity source: ${i}`),r){Q.getToken.info(`Using the token exchange managed identity.`);let t=await jy.getToken({scopes:e,clientId:this.clientId,identityClient:this.identityClient,retryConfig:this.msiRetryConfig,resourceId:this.resourceId});if(t===null)throw new v(`Attempted to use the token exchange managed identity, but received a null response.`);return t}else if(a&&this.sendProbeRequest&&(Q.getToken.info(`Using the IMDS endpoint to probe for availability.`),!await yy.isAvailable({scopes:e,clientId:this.clientId,getTokenOptions:t,identityClient:this.isAvailableIdentityClient,resourceId:this.resourceId})))throw new v(`Attempted to use the IMDS endpoint, but it is not available.`);Q.getToken.info(`Calling into MSAL for managed identity token.`);let o=await this.managedIdentityApp.acquireToken({resource:n});return this.ensureValidMsalToken(e,o,t),Q.getToken.info(xt(e)),{expiresOnTimestamp:o.expiresOn.getTime(),token:o.accessToken,refreshAfterTimestamp:o.refreshOn?.getTime(),tokenType:`Bearer`}}catch(t){throw Q.getToken.error(b(e,t)),t.name===`AuthenticationRequiredError`?t:Ny(t)?new v(`ManagedIdentityCredential: Network unreachable. Message: ${t.message}`,{cause:t}):new v(`ManagedIdentityCredential: Authentication failed. Message ${t.message}`,{cause:t})}})}ensureValidMsalToken(e,t,n){let r=t=>(Q.getToken.info(t),new We({scopes:Array.isArray(e)?e:[e],getTokenOptions:n,message:t}));if(!t)throw r(`No response.`);if(!t.expiresOn)throw r(`Response had no "expiresOn" property.`);if(!t.accessToken)throw r(`Response had no "accessToken" property.`)}}})),Iy,Ly,Ry,zy,By=t((()=>{S(),y(),Rv(),w(),Xv(),i(),Iy=x(`AzureDeveloperCliCredential`),Ly={notInstalled:`Azure Developer CLI couldn't be found. To mitigate this issue, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.`,login:`Please run 'azd auth login' from a command prompt to authenticate before using this credential. For more information, see the troubleshooting guidelines at https://aka.ms/azsdk/js/identity/azdevclicredential/troubleshoot.`,unknown:`Unknown error while trying to retrieve the access token`,claim:`This credential doesn't support claims challenges. To authenticate with the required claims, please run the following command:`},Ry={getSafeWorkingDir(){if(process.platform===`win32`){let e=process.env.SystemRoot||process.env.SYSTEMROOT;return e||(Iy.getToken.warning(`The SystemRoot environment variable is not set. This may cause issues when using the Azure Developer CLI credential.`),e=`C:\\Windows`),e}else return`/bin`},async getAzdAccessToken(e,t,n,r){let i=[];t&&(i=[`--tenant-id`,t]);let a=[];return r&&(a=[`--claims`,btoa(r)]),new Promise((t,r)=>{try{let r=[`azd`,...[`auth`,`token`,`--output`,`json`,`--no-prompt`,...e.reduce((e,t)=>e.concat(`--scope`,t),[]),...i,...a]].join(` `);de.exec(r,{cwd:Ry.getSafeWorkingDir(),timeout:n},(e,n,r)=>{t({stdout:n,stderr:r,error:e})})}catch(e){r(e)}})}},zy=class{constructor(e){a(this,`tenantId`,void 0),a(this,`additionallyAllowedTenantIds`,void 0),a(this,`timeout`,void 0),e?.tenantId&&(Fv(Iy,e?.tenantId),this.tenantId=e?.tenantId),this.additionallyAllowedTenantIds=Lv(e?.additionallyAllowedTenants),this.timeout=e?.processTimeoutInMs}async getToken(e,t={}){let n=Nv(this.tenantId,t,this.additionallyAllowedTenantIds);n&&Fv(Iy,n);let r;return r=typeof e==`string`?[e]:e,Iy.getToken.info(`Using the scopes ${e}`),C.withSpan(`${this.constructor.name}.getToken`,t,async()=>{try{r.forEach(e=>{Jv(e,Iy)});let i=await Ry.getAzdAccessToken(r,n,this.timeout,t.claims),a=i.stderr?.match(`must use multi-factor authentication`)||i.stderr?.match(`reauthentication required`),o=i.stderr?.match("not logged in, run `azd login` to login")||i.stderr?.match("not logged in, run `azd auth login` to login");if(i.stderr?.match(`azd:(.*)not found`)||i.stderr?.startsWith(`'azd' is not recognized`)||i.error&&i.error.code===`ENOENT`){let t=new v(Ly.notInstalled);throw Iy.getToken.info(b(e,t)),t}if(o){let t=new v(Ly.login);throw Iy.getToken.info(b(e,t)),t}if(a){let t=`azd auth login ${r.reduce((e,t)=>e.concat(`--scope`,t),[]).join(` `)}`,n=new v(`${Ly.claim} ${t}`);throw Iy.getToken.info(b(e,n)),n}try{let t=JSON.parse(i.stdout);return Iy.getToken.info(xt(e)),{token:t.token,expiresOnTimestamp:new Date(t.expiresOn).getTime(),tokenType:`Bearer`}}catch(e){throw i.stderr?new v(i.stderr):e}}catch(t){let n=t.name===`CredentialUnavailableError`?t:new v(t.message||Ly.unknown);throw Iy.getToken.info(b(e,n)),n}})}}}));function Vy(e,t){if(!t.match(/^[0-9a-zA-Z-._ ]+$/)){let n=Error(`Subscription '${t}' contains invalid characters. If this is the name of a subscription, use its ID instead. You can locate your subscription by following the instructions listed here: https://learn.microsoft.com/azure/azure-portal/get-subscription-tenant-id`);throw e.info(b(``,n)),n}}var Hy=t((()=>{S()})),$,Uy,Wy,Gy,Ky=t((()=>{Rv(),S(),Xv(),y(),w(),Hy(),i(),$=x(`AzureCliCredential`),Uy={claim:`This credential doesn't support claims challenges. To authenticate with the required claims, please run the following command:`,notInstalled:`Azure CLI could not be found. Please visit https://aka.ms/azure-cli for installation instructions and then, once installed, authenticate to your Azure account using 'az login'.`,login:`Please run 'az login' from a command prompt to authenticate before using this credential.`,unknown:`Unknown error while trying to retrieve the access token`,unexpectedResponse:`Unexpected response from Azure CLI when getting token. Expected "expiresOn" to be a RFC3339 date string. Got:`},Wy={getSafeWorkingDir(){if(process.platform===`win32`){let e=process.env.SystemRoot||process.env.SYSTEMROOT;return e||($.getToken.warning(`The SystemRoot environment variable is not set. This may cause issues when using the Azure CLI credential.`),e=`C:\\Windows`),e}else return`/bin`},async getAzureCliAccessToken(e,t,n,r){let i=[],a=[];return t&&(i=[`--tenant`,t]),n&&(a=[`--subscription`,`"${n}"`]),new Promise((t,n)=>{try{let n=[`az`,...[`account`,`get-access-token`,`--output`,`json`,`--resource`,e,...i,...a]].join(` `);de.exec(n,{cwd:Wy.getSafeWorkingDir(),timeout:r},(e,n,r)=>{t({stdout:n,stderr:r,error:e})})}catch(e){n(e)}})}},Gy=class{constructor(e){a(this,`tenantId`,void 0),a(this,`additionallyAllowedTenantIds`,void 0),a(this,`timeout`,void 0),a(this,`subscription`,void 0),e?.tenantId&&(Fv($,e?.tenantId),this.tenantId=e?.tenantId),e?.subscription&&(Vy($,e?.subscription),this.subscription=e?.subscription),this.additionallyAllowedTenantIds=Lv(e?.additionallyAllowedTenants),this.timeout=e?.processTimeoutInMs}async getToken(e,t={}){let n=typeof e==`string`?e:e[0],r=t.claims;if(r&&r.trim()){let e=`az login --claims-challenge ${btoa(r)} --scope ${n}`,i=t.tenantId;i&&(e+=` --tenant ${i}`);let a=new v(`${Uy.claim} ${e}`);throw $.getToken.info(b(n,a)),a}let i=Nv(this.tenantId,t,this.additionallyAllowedTenantIds);return i&&Fv($,i),this.subscription&&Vy($,this.subscription),$.getToken.info(`Using the scope ${n}`),C.withSpan(`${this.constructor.name}.getToken`,t,async()=>{try{Jv(n,$);let t=Yv(n),r=await Wy.getAzureCliAccessToken(t,i,this.subscription,this.timeout),a=r.stderr?.match(`(.*)az login --scope(.*)`),o=r.stderr?.match(`(.*)az login(.*)`)&&!a;if(r.stderr?.match(`az:(.*)not found`)||r.stderr?.startsWith(`'az' is not recognized`)){let t=new v(Uy.notInstalled);throw $.getToken.info(b(e,t)),t}if(o){let t=new v(Uy.login);throw $.getToken.info(b(e,t)),t}try{let t=r.stdout,n=this.parseRawResponse(t);return $.getToken.info(xt(e)),n}catch(e){throw r.stderr?new v(r.stderr):e}}catch(t){let n=t.name===`CredentialUnavailableError`?t:new v(t.message||Uy.unknown);throw $.getToken.info(b(e,n)),n}})}parseRawResponse(e){let t=JSON.parse(e),n=t.accessToken,r=Number.parseInt(t.expires_on,10)*1e3;if(!isNaN(r))return $.getToken.info(`expires_on is available and is valid, using it`),{token:n,expiresOnTimestamp:r,tokenType:`Bearer`};if(r=new Date(t.expiresOn).getTime(),isNaN(r))throw new v(`${Uy.unexpectedResponse} "${t.expiresOn}"`);return{token:n,expiresOnTimestamp:r,tokenType:`Bearer`}}}})),qy,Jy=t((()=>{qy={execFile(e,t,n){return new Promise((r,i)=>{oe.execFile(e,t,n,(e,t,n)=>{Buffer.isBuffer(t)&&(t=t.toString(`utf8`)),Buffer.isBuffer(n)&&(n=n.toString(`utf8`)),n||e?i(n?Error(n):e):r(t)})})}}}));function Yy(e){return $y?`${e}.exe`:e}async function Xy(e,t){let n=[];for(let r of e){let[e,...i]=r,a=await qy.execFile(e,i,{encoding:`utf8`,timeout:t});n.push(a)}return n}async function Zy(e){let t=e.match(/{[^{}]*}/g),n=e;if(t)try{for(let e of t)try{let t=JSON.parse(e);if(t?.Token)return n=n.replace(e,``),n&&Qy.getToken.warning(n),t}catch{continue}}catch{throw Error(`Unable to parse the output of PowerShell. Received output: ${e}`)}throw Error(`No access token found in the output. Received output: ${e}`)}var Qy,$y,eb,tb,nb,rb,ib,ab,ob=t((()=>{Rv(),S(),Xv(),y(),Jy(),w(),i(),Qy=x(`AzurePowerShellCredential`),$y=process.platform===`win32`,eb={login:`Run Connect-AzAccount to login`,installed:`The specified module 'Az.Accounts' with version '2.2.0' was not loaded because no valid module file was found in any module directory`},tb={login:`Please run 'Connect-AzAccount' from PowerShell to authenticate before using this credential.`,installed:`The 'Az.Account' module >= 2.2.0 is not installed. Install the Azure Az PowerShell module with: "Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force".`,claim:`This credential doesn't support claims challenges. To authenticate with the required claims, please run the following command:`,troubleshoot:`To troubleshoot, visit https://aka.ms/azsdk/js/identity/powershellcredential/troubleshoot.`},nb=e=>e.message.match(`(.*)${eb.login}(.*)`),rb=e=>e.message.match(eb.installed),ib=[Yy(`pwsh`)],$y&&ib.push(Yy(`powershell`)),ab=class{constructor(e){a(this,`tenantId`,void 0),a(this,`additionallyAllowedTenantIds`,void 0),a(this,`timeout`,void 0),e?.tenantId&&(Fv(Qy,e?.tenantId),this.tenantId=e?.tenantId),this.additionallyAllowedTenantIds=Lv(e?.additionallyAllowedTenants),this.timeout=e?.processTimeoutInMs}async getAzurePowerShellAccessToken(e,t,n){for(let r of[...ib]){try{await Xy([[r,`/?`]],n)}catch{ib.shift();continue}let i=(await Xy([[r,`-NoProfile`,`-NonInteractive`,`-Command`,`
+          $tenantId = "${t??``}"
+          $m = Import-Module Az.Accounts -MinimumVersion 2.2.0 -PassThru
+          $useSecureString = $m.Version -ge [version]'2.17.0' -and $m.Version -lt [version]'5.0.0'
+
+          $params = @{
+            ResourceUrl = "${e}"
+          }
+
+          if ($tenantId.Length -gt 0) {
+            $params["TenantId"] = $tenantId
+          }
+
+          if ($useSecureString) {
+            $params["AsSecureString"] = $true
+          }
+
+          $token = Get-AzAccessToken @params
+
+          $result = New-Object -TypeName PSObject
+          $result | Add-Member -MemberType NoteProperty -Name ExpiresOn -Value $token.ExpiresOn
+
+          if ($token.Token -is [System.Security.SecureString]) {
+            if ($PSVersionTable.PSVersion.Major -lt 7) {
+              $ssPtr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($token.Token)
+              try {
+                $result | Add-Member -MemberType NoteProperty -Name Token -Value ([System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($ssPtr))
+              }
+              finally {
+                [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($ssPtr)
+              }
+            }
+            else {
+              $result | Add-Member -MemberType NoteProperty -Name Token -Value ($token.Token | ConvertFrom-SecureString -AsPlainText)
+            }
+          }
+          else {
+            $result | Add-Member -MemberType NoteProperty -Name Token -Value $token.Token
+          }
+
+          Write-Output (ConvertTo-Json $result)
+          `]]))[0];return Zy(i)}throw Error(`Unable to execute PowerShell. Ensure that it is installed in your system`)}async getToken(e,t={}){return C.withSpan(`${this.constructor.name}.getToken`,t,async()=>{let n=typeof e==`string`?e:e[0],r=t.claims;if(r&&r.trim()){let e=`Connect-AzAccount -ClaimsChallenge ${btoa(r)}`,i=t.tenantId;i&&(e+=` -Tenant ${i}`);let a=new v(`${tb.claim} ${e}`);throw Qy.getToken.info(b(n,a)),a}let i=Nv(this.tenantId,t,this.additionallyAllowedTenantIds);i&&Fv(Qy,i);try{Jv(n,Qy),Qy.getToken.info(`Using the scope ${n}`);let t=Yv(n),r=await this.getAzurePowerShellAccessToken(t,i,this.timeout);return Qy.getToken.info(xt(e)),{token:r.Token,expiresOnTimestamp:new Date(r.ExpiresOn).getTime(),tokenType:`Bearer`}}catch(e){if(rb(e)){let e=new v(tb.installed);throw Qy.getToken.info(b(n,e)),e}else if(nb(e)){let e=new v(tb.login);throw Qy.getToken.info(b(n,e)),e}let t=new v(`${e}. ${tb.troubleshoot}`);throw Qy.getToken.info(b(n,t)),t}})}}}));function sb(e){let t=db[e];if(t)throw new v(t)}var cb,lb,ub,db,fb,pb=t((()=>{S(),Rv(),y(),Vv(),Xv(),Fe(),vp(),i(),cb=`common`,lb=`aebc6443-996d-45c2-90f0-388ff96faa56`,ub=x(`VisualStudioCodeCredential`),db={adfs:`The VisualStudioCodeCredential does not support authentication with ADFS tenants.`},fb=class{constructor(e){a(this,`tenantId`,void 0),a(this,`additionallyAllowedTenantIds`,void 0),a(this,`msalClient`,void 0),a(this,`options`,void 0),a(this,`preparePromise`,void 0),this.options=e||{},e&&e.tenantId?(Fv(ub,e.tenantId),this.tenantId=e.tenantId):this.tenantId=cb,this.additionallyAllowedTenantIds=Lv(e?.additionallyAllowedTenants),sb(this.tenantId)}async prepare(e){let t=Nv(this.tenantId,this.options,this.additionallyAllowedTenantIds,ub)||this.tenantId;if(!Te()||!Ae)throw new v(`Visual Studio Code Authentication is not available. Ensure you have have Azure Resources Extension installed in VS Code, signed into Azure via VS Code, installed the @azure/identity-vscode package, and properly configured the extension.`);let n=await this.loadAuthRecord(Ae,e);this.msalClient=Bv(lb,t,{...this.options,isVSCodeCredential:!0,brokerOptions:{enabled:!0,parentWindowHandle:new Uint8Array,useDefaultBrokerAccount:!0},authenticationRecord:n})}prepareOnce(e){return this.preparePromise||(this.preparePromise=this.prepare(e)),this.preparePromise}async getToken(e,t){let n=qv(e);if(await this.prepareOnce(n),!this.msalClient)throw new v(`Visual Studio Code Authentication failed to initialize. Ensure you have have Azure Resources Extension installed in VS Code, signed into Azure via VS Code, installed the @azure/identity-vscode package, and properly configured the extension.`);return this.msalClient.getTokenByInteractiveRequest(n,{...t,disableAutomaticAuthentication:!0})}async loadAuthRecord(e,t){try{return mp(await he(e,{encoding:`utf8`}))}catch(e){throw ub.getToken.info(b(t,e)),new v(`Cannot load authentication record in Visual Studio Code. Ensure you have have Azure Resources Extension installed in VS Code, signed into Azure via VS Code, installed the @azure/identity-vscode package, and properly configured the extension.`)}}}})),mb,hb,gb=t((()=>{Rv(),S(),Xv(),w(),Vv(),we(),y(),i(),mb=x(`BrokerCredential`),hb=class{constructor(e){a(this,`brokerMsalClient`,void 0),a(this,`brokerTenantId`,void 0),a(this,`brokerAdditionallyAllowedTenantIds`,void 0),this.brokerTenantId=Iv(mb,e.tenantId),this.brokerAdditionallyAllowedTenantIds=Lv(e?.additionallyAllowedTenants);let t={...e,tokenCredentialOptions:e,logger:mb,brokerOptions:{enabled:!0,parentWindowHandle:new Uint8Array,useDefaultBrokerAccount:!0}};this.brokerMsalClient=Bv(ye,this.brokerTenantId,t)}async getToken(e,t={}){return C.withSpan(`${this.constructor.name}.getToken`,t,async t=>{t.tenantId=Nv(this.brokerTenantId,t,this.brokerAdditionallyAllowedTenantIds,mb);let n=qv(e);try{return this.brokerMsalClient.getBrokeredToken(n,!0,{...t,disableAutomaticAuthentication:!0})}catch(e){throw mb.getToken.info(b(n,e)),new v(`Failed to acquire token using broker authentication`,{cause:e})}})}}}));function _b(e={}){return new hb(e)}function vb(e={}){return new fb(e)}function yb(e={}){e.retryOptions??(e.retryOptions={maxRetries:5,retryDelayInMs:800}),e.sendProbeRequest??(e.sendProbeRequest=!0);let t=e?.managedIdentityClientId??process.env.AZURE_CLIENT_ID,n=e?.workloadIdentityClientId??t,r=e?.managedIdentityResourceId,i=process.env.AZURE_FEDERATED_TOKEN_FILE,a=e?.tenantId??process.env.AZURE_TENANT_ID;return r?new Py({...e,resourceId:r}):i&&n?new Py(n,{...e,tenantId:a}):t?new Py({...e,clientId:t}):new Py(e)}function bb(e){let t=e?.managedIdentityClientId??process.env.AZURE_CLIENT_ID,n=e?.workloadIdentityClientId??t,r=process.env.AZURE_FEDERATED_TOKEN_FILE,i=e?.tenantId??process.env.AZURE_TENANT_ID;return r&&n?new Dy({...e,tenantId:i,clientId:n,tokenFilePath:r}):i?new Dy({...e,tenantId:i}):new Dy(e)}function xb(e={}){return new zy(e)}function Sb(e={}){return new Gy(e)}function Cb(e={}){return new ab(e)}function wb(e={}){return new cy(e)}var Tb=t((()=>{ly(),Fy(),Oy(),By(),Ky(),ob(),pb(),gb()}));function Eb(e){if(e?.requiredEnvVars){let t=(Array.isArray(e.requiredEnvVars)?e.requiredEnvVars:[e.requiredEnvVars]).filter(e=>!process.env[e]);if(t.length>0){let e=`Required environment ${t.length===1?`variable`:`variables`} '${t.join(`, `)}' for DefaultAzureCredential ${t.length===1?`is`:`are`} not set or empty.`;throw Db.warning(e),Error(e)}}}var Db,Ob,kb,Ab=t((()=>{Vt(),S(),Tb(),i(),Db=x(`DefaultAzureCredential`),Ob=class{constructor(e,t){a(this,`credentialUnavailableErrorMessage`,void 0),a(this,`credentialName`,void 0),this.credentialName=e,this.credentialUnavailableErrorMessage=t}getToken(){return Db.getToken.info(`Skipping ${this.credentialName}, reason: ${this.credentialUnavailableErrorMessage}`),Promise.resolve(null)}},kb=class extends Bt{constructor(e){Eb(e);let t=process.env.AZURE_TOKEN_CREDENTIALS?process.env.AZURE_TOKEN_CREDENTIALS.trim().toLowerCase():void 0,n=[vb,Sb,Cb,xb,_b],r=[wb,bb,yb],i=[];if(t)switch(t){case`dev`:i=n;break;case`prod`:i=r;break;case`environmentcredential`:i=[wb];break;case`workloadidentitycredential`:i=[bb];break;case`managedidentitycredential`:i=[()=>yb({sendProbeRequest:!1})];break;case`visualstudiocodecredential`:i=[vb];break;case`azureclicredential`:i=[Sb];break;case`azurepowershellcredential`:i=[Cb];break;case`azuredeveloperclicredential`:i=[xb];break;default:{let e=`Invalid value for AZURE_TOKEN_CREDENTIALS = ${process.env.AZURE_TOKEN_CREDENTIALS}. Valid values are 'prod' or 'dev' or any of these credentials - EnvironmentCredential, WorkloadIdentityCredential, ManagedIdentityCredential, VisualStudioCodeCredential, AzureCliCredential, AzurePowerShellCredential, AzureDeveloperCliCredential.`;throw Db.warning(e),Error(e)}}else i=[...r,...n];let a=i.map(t=>{try{return t(e??{})}catch(e){return Db.warning(`Skipped ${t.name} because of an error creating the credential: ${e}`),new Ob(t.name,e.message)}});super(...a)}}}));function jb(e,t,n){let{abortSignal:r,tracingOptions:i}=n||{},a=Hh();a.addPolicy(f_({credential:e,scopes:t}));async function o(){let e=(await a.sendRequest({sendRequest:e=>Promise.resolve({request:e,status:200,headers:e.headers})},$g({url:`https://example.com`,abortSignal:r,tracingOptions:i}))).headers.get(`authorization`)?.split(` `)[1];if(!e)throw Error(`Failed to get access token`);return e}return o}var Mb=t((()=>{__()}));t((()=>{Ie(),y(),vp(),Vt(),$v(),Ab(),ly(),Kv(),Cy(),Ky(),By(),Rv(),S(),Xv(),w(),Vv(),we(),Fy(),__(),Ov(),ob(),ny(),pb(),Oy(),Mb()}))();export{kb as DefaultAzureCredential,jb as getBearerTokenProvider};